ZXR10 5900E Series Easy-Maintenance MPLS PDF

h a n g e Vi h a n g e Vi
XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k c u -tr a c k
ZXR10 5900E Series

Easy-Maintenance MPLS Routing Switch
Configuration Guide (Basic Configuration)
Version: 3.00.11
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: [email protected]
XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LEGAL INFORMATION
Copyright © 2017 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit the ZTE technical support website http://support.zte.com.cn to inquire for related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
Revision No. Revision Date Revision Reason
R1.0 2015–01–15 First edition
Serial Number: SJ-20150114102049-002
Publishing Date: 2015-01-15 (R1.0)
SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Contents
About This Manual ......................................................................................... I
Chapter 1 Usage and Operation................................................................ 1-1
1.1 Connection Modes ............................................................................................. 1-1
1.1.1 FTP Connection Configurations................................................................. 1-1
1.1.2 TFTP Connection Configuration ................................................................ 1-8
1.1.3 Serial Port Connection............................................................................ 1-10
1.1.4 Telnet Connection Configuration.............................................................. 1-13
1.1.5 SSH Connection Configuration................................................................ 1-21
1.2 Command Modes............................................................................................. 1-25
1.3 Online Help...................................................................................................... 1-27
1.4 Command History ............................................................................................ 1-28
Chapter 2 System Management ................................................................ 2-1

2.1 File System Management ................................................................................... 2-1
2.1.1 File System Management Overview........................................................... 2-1
2.1.2 Managing Files......................................................................................... 2-1
2.2 System Information State.................................................................................... 2-3
2.2.1 System Information State Overview ........................................................... 2-3
2.2.2 System Parameter Configuration............................................................... 2-3
2.2.3 System Information Viewing ...................................................................... 2-6
2.2.4 System Information State Configuration Examples ....................................2-11
2.3 Device Maintenance ......................................................................................... 2-14
2.3.1 Device Maintenance Overview ................................................................ 2-14
2.3.2 Device Maintenance Configuration .......................................................... 2-14
2.4 Version Upgrade .............................................................................................. 2-18
2.4.1 Version Upgrading Overview ................................................................... 2-18
2.4.2 Version Upgrading.................................................................................. 2-19
2.5 VSC Configuration............................................................................................ 2-23
2.5.1 VSC Overview ....................................................................................... 2-23
2.5.2 Configuring the VSC System................................................................... 2-24
2.5.3 Maintaining VSC .................................................................................... 2-26
2.5.4 VSC Configuration Example.................................................................... 2-28
Chapter 3 Network Management............................................................... 3-1

3.1 SNMP Configuration........................................................................................... 3-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.1.1 SNMP Overview....................................................................................... 3-1

3.1.2 Configuring SNMP.................................................................................... 3-2
3.1.3 Maintaining SNMP.................................................................................... 3-8
3.1.4 SNMP Configuration Example ................................................................. 3-12
3.2 NetFlow Configuration ...................................................................................... 3-13
3.2.1 NetFlow Overview .................................................................................. 3-13
3.2.2 Configuring NetFlow ............................................................................... 3-15
3.2.3 Maintaining NetFlow ............................................................................... 3-20
3.2.4 NetFlow Configuration Examples............................................................. 3-24
3.3 SFlow Configuration ......................................................................................... 3-28
3.3.1 SFlow Overview ..................................................................................... 3-28
3.3.2 Configuring SFlow .................................................................................. 3-29
3.3.3 Maintaining SFlow .................................................................................. 3-31
3.3.4 SFlow Configuration Examples................................................................ 3-31
3.4 SysLog Configuration ....................................................................................... 3-33
3.4.1 SYSLOG Overview................................................................................. 3-33
3.4.2 Configuring SYSLOG ............................................................................. 3-33
3.4.3 Maintaining Syslog ................................................................................. 3-34
3.4.4 SYSLOG Configuration Example............................................................. 3-34
3.5 Port Mirroring Configuration .............................................................................. 3-35
3.5.1 Port Mirroring Overview .......................................................................... 3-35
3.5.2 Configuring Port Mirroring ....................................................................... 3-37
3.5.3 Maintaining Port Mirroring ....................................................................... 3-38
3.5.4 Port Mirroring Configuration Example ...................................................... 3-39
3.6 Alarm Module................................................................................................... 3-40
3.6.1 Alarm Module Overview.......................................................................... 3-40
3.6.2 Configuring Alarm Module....................................................................... 3-41
3.6.3 Maintaining Alarm Module....................................................................... 3-44
3.7 Performance Management Module.................................................................... 3-46
3.7.1 Performance Management Module Overview ........................................... 3-46
3.7.2 Configuring the Performance Management Module .................................. 3-46
3.7.3 Maintaining the Performance Management Module .................................. 3-48
3.7.4 Performance Management Module Configuration Example ....................... 3-49
3.8 Time Range Module Configuration .................................................................... 3-49
3.8.1 Time Range Module Overview ................................................................ 3-49
3.8.2 Configuring the Time Range Module........................................................ 3-50
3.8.3 Maintaining the Time Range Module........................................................ 3-52
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.8.4 Time Range Configuration Example ........................................................ 3-53
Chapter 4 CHM System Configuration ..................................................... 4-1

4.1 CHM Overview................................................................................................... 4-1
4.2 Configuring CHM................................................................................................ 4-2
4.3 Maintaining CHM................................................................................................ 4-3
4.4 CHM Configuration Examples ............................................................................. 4-5
Chapter 5 MAC Configuration ................................................................... 5-1

5.1 MAC Overview ................................................................................................... 5-1
5.2 Configuring a MAC Address ............................................................................... 5-1
5.3 Maintaining MAC Addresses ............................................................................... 5-6
5.4 MAC Configuration Example ............................................................................... 5-8
Chapter 6 MAC Address Table Configuration.......................................... 6-1

6.1 MAC Address Table Overview ............................................................................. 6-1
6.2 Configuring a MAC Address Table ....................................................................... 6-4
6.3 Maintaining and Diagnosing an MAC Address Table ............................................. 6-5
Chapter 7 RMON Configuration ................................................................ 7-1

7.1 RMON Overview ................................................................................................ 7-1
7.2 Configuring RMON ............................................................................................. 7-2
7.3 Maintaining RMON ............................................................................................. 7-4
Chapter 8 PoE Configuration .................................................................... 8-1

8.1 PoE Overview .................................................................................................... 8-1
8.2 Configuring PoE ................................................................................................ 8-2
8.3 Maintaining PoE ................................................................................................. 8-6
8.4 PoE Configuration Example ................................................................................ 8-7
Figures............................................................................................................. I
Glossary ........................................................................................................ III
III

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
This page intentionally left blank.
IV

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
About This Manual

Purpose
This manual is the ZXR10 5900E Series (V3.00.11) Easy-Maintenance MPLS Routing
Switch Configuration Guide (Basic Configuration), which is applicable to the ZXR10 5900E
(V3.00.11) series switches.
Intended Audience
This manual is intended for:
l Network planning engineer
l Debugging engineer
l Attendant
What Is in This Manual

This manual contains the following chapters:
Chapter 1, Usage and Describes the interface type and interface naming rule. In addition,
Operation this chapter describes how to view interface information, interface
description information, and interface state.
Chapter 2, System Provides the commands of the ZXR10 5900E for managing and
Management manipulating the file system, and describes the methods for equipment
maintenance and version upgrade.
Chapter 3, Network Provides the common functions and configuration methods of network
Management management, including SNMP, NetFlow, sFlow, Syslog, alarm module,
performance management module, and Time Range module.
Chapter 4, CHM System Provides the overview and principles of CHM configuration, related
Configuration configuration and maintenance commands, and configuration examples.
Chapter 5, MAC Provides the overview and principles of MAC configuration, related
Configuration configuration and maintenance commands, configuration examples.
Chapter 6, MAC Address Provides the overview, composition, and classification of an MAC
Table Configuration address table, as well as the related configuration and maintenance
commands.
Chapter 7, RMON Provides the overview and principles of RMON configuration, related
Configuration configuration and maintenance commands.
Chapter 8, PoE Provides the overview and principles of PoE configuration, related
Configuration configuration and maintenance commands.
Conventions
This manual uses the following typographical conventions:

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Italics Variables in commands. It may also refer to other related manuals and documents.
Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters, and commands.
Constant Text that you type, program codes, filenames, directory names, and function names.
width
[] Optional parameters.
{} Mandatory parameters.
| Separates individual parameter in series of parameters.
Note: provides additional information about a topic.
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 1
Usage and Operation
Table of Contents
Connection Modes .....................................................................................................1-1
Command Modes .....................................................................................................1-25
Online Help ..............................................................................................................1-27
Command History ....................................................................................................1-28
1.1 Connection Modes

The ZXR10 5900E supports several connection modes, see Figure 1-1.
Figure 1-1 ZXR10 5900E's Configuration Methods
Users can use different connection modes based on the network type. The connection
modes are as follows:
l Console port: the primary mode for users to configure the ZXR10 5900E.
l Telnet/SSH mode: allows users to configure the ZXR10 5900E at any reachable place
in the network.
l NM workstation mode: If this mode is used, the corresponding NM software supporting
SNMP is required
l TFTP/FTP mode: allows users to download or upload the configuration file to update
the ZXR10 5900E's configuration.
1.1.1 FTP Connection Configurations

The use of FTP is to improve the degree of sharing files by using a remote PC, which makes
the storage medium transparent for users and transports data reliably and efficiently.
Figure 1-2 shows the network scenario for an FTP server. The IP address of switch A is
192.168.65.2/24, and the IP address of switch B is 192.168.65.5/24.
1-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k ZXR10 5900E Series Configuration Guide (Basic Configuration) c u -tr a c k
Figure 1-2 Network Scenario for the FTP Server
Figure 1-3 shows the network scenario for an FTP client. The IP address of the switch is
192.168.65.2/24, and the IP address of the PC is 192.168.65.1/24.
Figure 1-3 Network Scenario for the FTP Client
FTP Server Configuration

l Configuring the FTP Server
à Enable the FTP server.
To enable the FTP server on the ZXR10 5900E, run the following command:
Command Function
ZXR10(config)#ftp-server enable [listen {<default-port-nu Enables the FTP server

mber>|<port-number>}] function, and listens to the
specified port (range: 2401 to
2420)
Note:
To disable the FTP server, use the no form of this command.
Only the local and remote ports that are not used can be listened. By default,
port 21 is listened.
The following example shows how to enable the FTP server on port 2405:.
ZXR10(config)#ftp-server enable listen 2405
à Disconnect an FTP user.

To disconnect a user from the FTP server, run the following command:
Command Function
ZXR10(config)#ftp-server kick-user <user-id> Disconnects the user from the

FTP user, range: 1to 80.
1-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 1 Usage and Operation c u -tr a c k
The following example shows how to disconnect user 1 from the FTP server:
ZXR10(config)#ftp-server kick-user 1
à Configure the top directory.

To configure the top directory that can be accessed by FTP users, run the
following command:
Command Function
ZXR10(config)#ftp-server top-directory <word>[{read- Configures the top directory

only|{[read-write],[copy]}}] that can be accessed by FTP
users and the corresponding
permissions.
If no permission is specified,
all permissions are granted to
the top directory by default.
The /flash/ or /sd/ directory should be configured as the top directory and
granted with all permissions (some switches have no SD devices).
The following example shows how to configure the /flash/LOG/ as the top
directory and grant all permissions to it:
ZXR10(config)#ftp-server top-directory /flash/LOG/ read-write copy
à Configure the FTP username and password.

For the FTP username and password configuration, refer to the “ADM_MGR
Configuration” chapter in the "ZXR10 5900E(V3.00.01) Series Switch
Configuration Guide (Security Volume)". At present, the ZXR10 5900E supports
a maximum of 40 online FTP users.
l Maintaining the FTP Server
To maintain the FTP server on the ZXR10 5900E, run the following command:
Command Function
ZXR10#show ftp-server Displays the configuration of the

FTP server.
The following is sample output from the show ftp-server command:

ZXR10(config)##show ftp-server
--------------------------------------------------------------------------------
FTP server run state: disable
FTP server listen port:
FTP server user top directory : /flash/LOG/
FTP server user top directory access permissions: read-write copy
FTP server IPv4 ACL name:
FTP server IPv6 ACL name:
FTP server max online user number: 40
1-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
FTP secure server run state:

FTP secure server mode:
FTP secure server explicit port: 21
FTP secure server implicit port: 990
User-ID Username Status IP-Address Port SSL-Context PKI-Profile
--------------------------------------------------------------------------------
For a description of the parameters in the execution result, refer to the following table:
Command Output Description
ftp_server run state Operational status of the FTP server.
ftp_server listen port Port number listened to by the FTP server.
ftp_server user top directory Top directory that can be accessed by FTP users.
ftp_server user top directory ac- Permissions assigned to the top directory.
cess permissions
ftp_server max online user number Maximum number of online FTP users.
user id/username ID or name of the online FTP user.
status Online status of the FTP user.
ip address IP address of the FTP user.
port Port number of the FTP user.
l FTP Server Configuration Example

à Scenario Description
Figure 1-4 shows a network scenario where a PC is connected to the ZXR10
5900E. It is required to configure the ZXR10 5900E as the FTP server and
configure the PC as the FTP client.
Figure 1-4 FTP Server Configuration Example
à Configuration Flow
1. Enable the FTP server function and listening port 21 on the ZXR10 5900E.
2. Configure the “/flash/LOG/” directory as the top directory of the FTP server.
3. Set the FTP username and password to zte/zte.
4. Test the FTP server function by uploading and downloading files through the
FTP server.
à Configuration Commands
Run the following commands on the ZXR10 5900E:
ZXR10#configure terminal
1-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#ftp-server enable
ZXR10(config)#ftp-server top-directory /flash/LOG/
FTP Client Configuration

l Configuring the FTP Server
In general, the ZXR10 5900E functions as an FTP client.
The following procedure describes the FTP server configuration by using the FileZilla
server software as an example:
1. Double-click the FileZilla Server Interface.exe program. The
Connect to Server dialog box is displayed, see Figure 1-5.
Figure 1-5 Connect to Server Dialog Box
2. Click the OK button. The FileZilla server dialog box is displayed, see Figure 1-6.
1-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 1-6 Filezilla Server Dialog Box
3. Select Edit > Users from the menu. The Users dialog box is displayed, see
Figure 1-7.
Note:
By default, the General node is selected in the Page area.
Figure 1-7 Users Dialog Box
1-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4. Perform the following operations:

a. Click the Add button to create a user (for example, target), and specify a
password for the user.
b. In the Page area, select the Shared folders node. In the Users area, select
target. In the Directories area, click the Add button to specify the directory,
see Figure 1-8.
Figure 1-8 Target User Settings
c. Set the permissions for the target user to access folders.

5. Click the OK button. The basic settings of the FTP server are completed.
l Uploading and Downloading Files Through an FTP Client
To upload or download files when the ZXR10 5900E acts as an FTP client, run the
following commands.
Command Function
ZXR10#copy ftp [vrf <vrfname>] //HOST/filename Downloads files from the FTP
@username:password root: localfile [<listen_port server to a local directory.
>][{<ipv4-address>|<ipv6-address>}][interface This command supports IPv6
<interface-name>] addresses.
ZXR10#copy ftp [vrf <vrfname>] root: localfile Uploads local files to the FTP
//HOST/filename@username:passowrd [<listen_port server. This command supports
>][{<ipv4-address>|<ipv6-address>}][interface IPv6 addresses.
<interface-name>]
Log in to the file system of the ZXR10 5900E as the username/password of who/who,
and upload the startrun.dat file under the flash/DATA0 directory through the
service port to the FTP server with the IP address 192.168.109.6.
ZXR10#copy ftp root: /flash/DATA0/startrun.dat //
192.168.109.6/startrun.dat@who:who
1-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Start copying file

.
Put file successfully!Sent 7197 bytes!
The following example shows how to download the startrun.dat file from the FTP
server (192.168.109.6) by a user (who/who) and rename the file to startrun.bak.
ZXR10#copy ftp //192.168.109.6/startrun.dat@who:who root: /
flash/DATA0/startrun.bak
Start copying file
.
Got file successfully!Received 7197 bytes!
Configuring IPv6 FTP

To configure IPv6 FTP on the ZXR10 5900E, perform the following steps:
Step Command Function
ZXR10(config)#ftp-server enable listen 21 Configures port 21 as the

1
listening port on the FTP server.
2 ZXR10(config)#ftp-server kick-user <ID> Disconnects an online user

from the FTP server.
ZXR10#copy ftp [vrf <vrfname>] //<ipv6-add Copies the file from or to the
ress>/dir@username:password root: localfile FTP server. This command
3
[<listen_port>][{<ipv4-address>|<ipv6-address>}][interface supports IPv6 addresses.
<interface-name>]
1.1.2 TFTP Connection Configuration

By means of TFTP, router version file and configuration file can be backed up and
recovered. For an IPv6 environment, ZXR10 5900E also supports to upload or download
file by using TFTP.
Configuring TFTP Server

Enable TFTP server software on back-end host and use a routing switch as an FTP client
for communicating with the back-end server. The following uses the TFTP server software
tftpd as an example to describe how to configure a back-end TFTP server.
1. Run tftpd software on back-end host, the following interface is displayed, see Figure
1-9.
1-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 1-9 TFTP Server
2. Click Tftpd > Configure, and then click Browse on the displayed dialog box, select
a catalog to save version file or configuration file, such as IMG catalog on D disk, see
Figure 1-10.
Figure 1-10 Configure Dialogue Box
3. Click OK to finish.
File Uploading or Downloading by TFTP Client

To upload or download files when ZXR10 5900E acts as TFTP client, use the following
commands.
Command Function
ZXR10#copy tftp [ipv6][vrf This downloads files from TFTP server to the local device through
<vrfname>] //HOST/filename TFTP client.
root: localfile
1-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#copy tftp [ipv6][vrf This uploads files from the local device to the TFTP server through
<vrfname>] root: localfile TFTP client.
//HOST/filename
This example describes how to upload the file startrun.dat from device file system /flash
catalog to the TFTP server which IP address is 192.168.2.244.
ZXR10#copy tftp root: /flash/startrun.dat //192.168.4.244/startrun.dat
Starting copying file
.
File copying successful.
This example describes how to download the file startrun.dat from the TFTP server which
IP address is 192.168.4.244 and rename the file as startrun.bak.
ZXR10#copy tftp //192.168.4.244/startrun.dat root: /flash/startrun.bak
Starting copying file
.
File copying successful.
Configuring IPv6 TFTP

To configure IPv6 TFTP, use the following commands.
Command Function
ZXR10#copy tftp ipv6 [vrf <vrfname>] //<dst-ipv6-address>/file This downloads file from the
name root: <file-path> server which destination address
is <dst-ipv6-address> by TFTP.
ZXR10#copy tftp ipv6 [vrf <vrfname>] root: <file-path> This uploads local file to TFTP
//<dst-ipv6-address>/filename server.
Descriptions of the parameters used by commands are shown below.
Parameter Description
[vrf <vrfname>] Configures a VRF route to upload/download files from vrf
<dst-ipv6-address> TFTP Server IPv6 address
<file-path> The full path of file or file name only
1.1.3 Serial Port Connection

Configuring HyperTerminal
Serial configuration cable is delivered with ZXR10 5900E. Both of ends are DB9 serial
interfaces, one end connects to computer serial interface, and another end connects to
1-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
router COM interface. Serial connection configuration uses VT100 terminal mode, using
the HyperTerminal tool provided by Windows OS.
1. After connecting PC to M6000 correctly, click Start > Programs > Accessories >
Communications > HyperTerminal, see Figure 1-11.
Figure 1-11 Hyper Terminal Connection 1
2. Open the HyperTerminal, see Figure 1-12. Type the connection name and select the
desired icon.
Figure 1-12 Connection Description
3. Select the serial port (COM1 or COM2) that connects the configuration line, see Figure
1-13.
1-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 1-13 Selecting a Serial Port
4. Set the port properties of the selected serial port. The properties are set as follows:
"Bits per second" is "9600", "Data bits" is "8", "Parity" is "None", "Stop bits" is "1", and
"Flow control" is "None", see Figure 1-14.
Figure 1-14 COM Properties
5. Click OK to accept the configuration and connect device by the selected COM
interface.
After configuring user name/password for serial port authentication, ZXR10 5900E requires
entering user name and password for login. In this way, the security is enhanced.
1-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuring Serial Port Authentication

To enable serial port authentication on ZXR10 5900E, perform the following step.
Command Function
ZXR10(config)#login_authentication {enable|disable} This enables or disables serial port

authentication.
Configuration Example
Enabling or disables serial port authentication,
ZXR10(config)#login_authentication enable
Disabling or disables serial port authentication,

ZXR10(config)#login_authentication disable
1.1.4 Telnet Connection Configuration

Telnet is generally used for configuring a switch in a remote manner. To enable telnet
access, the operator should set the corresponding username and password on the remote
switch. Moreover, the local host should ping the remote switch successfully.
After Telnet username and password are set, only authorized users can access the switch
through Telnet.
For the telnet username and password configuration, refer to the “ADM_MGR
Configuration” section in the ZXR10 5900E Security Volume.
Command Function
ZXR10(config-system-user)#user-name <username> Specifies the telnet username and

password.
ZXR10(config-system-user-username)#password<password>
To bind an authentication template for logging in to the corresponding switch through a

username and password, use the following commands:
ZXR10(config)#radius authentication-group 1
ZXR10(config-authgrp-1)#algorithm round-robin
ZXR10(config-authgrp-1)#ip vrf mng
ZXR10(config-authgrp-1)#deadtime 1
ZXR10(config-authgrp-1)#nas-ip-address 192.168.1.10
ZXR10(config-authgrp-1)#server 1 192.168.0.200 key 123456
ZXR10(config-authgrp-1)#exit
ZXR10(config)#aaa-authentication-template 2002
ZXR10(config-aaa-authen-template)#aaa-authentication-type radius-local
ZXR10(config-aaa-authen-template)#authentication-radius-group 1
ZXR10(config-aaa-authen-template)#exit
1-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#aaa-authorization-template 2002
ZXR10(config-aaa-authen-template)#aaa-authorization-type radius-local
ZXR10(config-aaa-authen-template)#authorization-radius-group 1
ZXR10(config-aaa-authen-template)#exit
ZXR10(config)#system-user
ZXR10(config-system-user)#authorization-template 2
ZXR10(config-system-user-author-temp)#access-only lct qx dcn
ZXR10(config-system-user-author-temp)#bind aaa-authorization-template 2002
ZXR10(config-system-user-author-temp)#exit
ZXR10(config-system-user)#authentication-template 2
ZXR10(config-system-user-authen-temp)#bind aaa-authentication-template 2002
ZXR10(config-system-user-authen-temp)#bind access-list ipv4 acl
ZXR10(config-system-user-authen-temp)#exit
ZXR10(config-system-user)#user-default
ZXR10(config-system-user-default)# bind authentication-template 2
ZXR10(config-system-user-default)# bind authorization-template 2
ZXR10(config-system-user-default)#exit
ZXR10(config-system-user)#user-name zte
ZXR10(config-system-user-username)# bind authentication-template 2
ZXR10(config-system-user-username)# bind authorization-template 2
ZXR10(config-system-user-username)# password zte
ZXR10(config-system-user-username)# exit
ZXR10(config-system-user)# exit
In the following example, the IP address of the remote switch is 192.168.3.1 and the local
host can ping the remote switch successfully.
1. Run the telnet command on the local host, see Figure 1-15.
Figure 1-15 Running Telnet
2. Click OK. The telnet.exe window is displayed, see Figure 1-16.
1-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 1-16 Telnet.Exe Window
3. Enter the username and password for accessing the remote switch.
Configuring Telnet
To configure Telnet on the ZXR10 5900E, perform the following steps:
ZXR10(config)#multi-user configure Sets to allow multiple users to enter

global configuration mode.
After the device is restarted, this
1 configuration is invalid. To enable
multiple users to log in to the device
through the telnet command, you need
to run this command again.
ZXR10(config)#line console idle-timeout Specifies the maximum idletime (in

<idle-time> minutes) of the serial port.
2
To restore the default setting, use the
ZXR10(config)#no line console idle-timeout
no form of this command.
ZXR10(config)#line console absolute-timeout Specifies the maximum online timeout

<absolute-time> (in minutes) of the serial port.
3
To restore the default setting (1440),
ZXR10(config)#no line console absolute-timeout
use the no form of this command.
ZXR10(config)#line telnet idle-timeout Specifies the maximum idle time (in

<idle-time> minutes) of a telnet connection.
4
To restore the default setting (120), use
ZXR10(config)#no line telnet idle-timeout
the no form of this command.
1-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#line telnet absolute-timeout Specifies the maximum online timeout

<absolute-time> (in minutes) of the serial port.
5
To restore the default setting (1440),
ZXR10(config)#no line telnet absolute-timeout
use the no form of this command.
ZXR10(config)#line telnet access-class [ipv4 | Specifies the name of the ACL bound to
ipv6]<acl-name> telnet connections.
6
To cancel the configuration, use the no
ZXR10(config)#no line telnet access-class [ipv4 |
form of this command.
ipv6]
ZXR10(config)#line telnet max-link Configures the maximum telnet

<max-number> connections.
7
ZXR10(config)#no line telnet max-link
ZXR10(config)#line telnet server disable Enables or disables the telnet server

service.
ZXR10(config)#line telnet server enable listen
This service is enabled by default.
8 [23 | 49152-65535]
The listening port number of the telnet
server can be set to 23 (default) or
49152 to 65535.
ZXR10#terminal length <length> Specifies the length of the terminal

window. This setting takes effect for the
ZXR10#no terminal length
9 current terminal only.
ZXR10#telnet {<dest-address>[{[<source-address Establishes a telnet connection to the

>],[<port-number>],[{vrf <vrf-name>|dcn}],[dscp remote device.
10
<dscp-value>]}]|<domain-name>[{[<port-number
>],[vrf <vrf-name>],[dscp <dscp-value>]}]}
ZXR10#telnet6 {<dest-address>[{[interface Establishes a telnet connection to the

<interface-name>],[vrf <vrf-name>],[<port-numbe remote device.
11 r>],[dscp <dscp-value>]}]|<domain-name>[{[vrf
<vrf-name>],[<port-number>],[dscp
<dscp-value>]}]}
ZXR10#ssh <dest-address> encrypt Establishes an SSH connection to the

{none|aes128|blowfish|3des} compress {none|zlib} remote device.
12
mac {none|sha1|md5}[{[<source-address>],[<port-n
umber>],[vrf <vrf-name>],[dscp <dscp-value>]}]
1-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10#ssh6 <dest-address> encrypt Logs in to the specified server (using

{none|aes128|blowfish|3des} compress {none|zlib} the IPv6 address) through ssh mode.
13 mac {none|sha1|md5}[{[<port-number>],[vrf
<vrf-name>],[interface <interface-name>],[dscp
<dscp-value>]}]
ZXR10#line telnet dscp <dscp-value> Specifies the DSCP value for IPv4 or
14 IPv6 packets. The default DSCP value
is 0xc0.
ZXR10#clear line vty <vty-number> Takes offline one or more VTY users
15
forcedly.
For a description of the parameters in Steps 2 and 4, refer to the following table:
<idle-time> Maximum idle online time (in minutes) of the serial port and
telnet connection, range: 1-1000.
<absolute-time> Maximum online time (in minutes) of the serial port and telnet
connection, range: 1-10000.
For a description of the parameters in Step 7, refer to the following table:
<max-number> Maximum number of telnet connections, range: 1-15.
<length> Window length (in lines), range: 0-512.
<dest-address> Destination IP address, in colon-separated hex format.
<vrf-name> VRF name, range: 1-32 characters.
<source-ipaddr> Source IP address, in dotted decimal notation.
<port-number> Port number, range: 0-65535.
<domain-name> Domain name, range: 1-128 characters.
1-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
dcn DCN VRF.
<dscp-value> DSCP value, range: 0-63.
<dest-address> Destination IPv6 address, in dotted decimal notation .
<interface-name> Interface name.
<port-number> Port number, range: 0-65535.
<domain-name> Domain name, range: 1-128 characters.
<dest-address> Destination IP address, in dotted decimal notation
encrypt Encryption algorithm, options:

l 3des
l aes128
l blowfish
l none
compress Compress algorithm, options:

l zlib
l none
mac MAC verification algorithm, options:

l md5
l sha1
l none
<source-ipaddr> Source IP address, in dotted decimal notation.
<port-number> Destination port number, range: 0-65535.
<dest-address> IPv6 address, in colon hexadecimal notation.
1-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
encrypt Encryption algorithm, options:

l 3des
l aes128
l blowfish
l none
compress Compression algorithm, options:

l zlib
l none
mac MAC check algorithm, options:

l md5
l sha1
l none
<port-number> Destination port number, range: 0-65535.
<vty-number> Terminal number, range: 0-14.
Maintaining Telnet
To maintain Telnet on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show terminal Displays current terminal information.
ZXR10#show history Displays previous ten history commands.
ZXR10#who Displays login user information.
The following is sample output from the show terminal command:

ZXR10#show terminal
Line: 0, Location: , Type: ""
Length: 24 lines, Width: 80 columns
Console idle-timeout: 02:00:00
Console absolute-timeout: 1d00h00m
1-19

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Baud rate (TX/RX): 9600/9600

Capabilities: none
Time since activation: 00:11:12
Editing: enabled
History: enabled, History size: 10
Telnet ipv4 acl name:
Telnet ipv6 acl name:
Telnet server: enable(ssh server disable), Listen port: 23
Telnet DSCP value: 48
Telnet max-link: 15
For a description of the output information, refer to the following table:
Line: 0, Location: , Type: "" Line: terminal number, Location: client end address, Type:
client end terminal type
Length: 24 lines, Width: 80 columns The length of the serial port terminal is 24 lines, and the width
is 80 columns.
Console idle-timeout: 02:00:00 The maximum idle online time of the serial port is two hours.
Console absolute-timeout: 1d00h00m The maximum online time of the serial port is 24 hours.
Baud rate (TX/RX): 9600/9600 Baud rate.
Capabilities: none Capability.
Time since activation: 00:11:12 Time period from the login time.
Editing: enabled Editable.
History: enabled, history size: 10 The history record is valid. The size is 10.
Telnet ipv4 acl name: The IPv4 ACL is not bound.
Telnet ipv6 acl name: The IPv6 ACL is not bound.
Telnet server: enable, Listen port: 23 Enables the telnet function, and the listening port number is
23.
Telnet DSCP value: 48 DSCP value of the Telnet server.
Telnet max-link: 15 Maximum number of online Telnet users is 15.
The following is sample output from the show history command:

ZXR10#show history
en
configure terminal
write
show version
show processor
show ver
show history
1-20

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The following is sample output from the who command:

ZXR10#who
Line User Host(s) Idle Login Location
* 0 con 0 idle 00:00:00 2015-11-11
17:23:11
66 vty 0 who idle 00:00:03 2015-11-11 168.11.0.10
17:20:12
Line ID of the virtual terminal that the user logs in to. "*" indicates
that the terminal is a local terminal.
User Name of the login user.
Host(s) When the switch logs in to the Telnet server, the IP address of
the Telnet server is displayed in the column. In other cases,
"idle" is displayed in this column.
Idle Idle time.
Login Login time.
Location Telnet client address.
1.1.5 SSH Connection Configuration

All transmitted data can be encrypted by using SSH. SSH can replace Telnet.
SSH is a key-based security authentication. A pair of keys should be created and the
public key is stored on the server to be accessed. Before an SSH client connects to the
SSH server, it requests the server to perform security authentication by using keys. Upon
receipt of the request, the SSH server searches for the public key in the directory, and
compares the public key with the received key. If the two keys are the same, the server
uses the public key to encrypt the challenge message and then sends the message to the
client. The client then decrypts the challenge messages and returns it to the server.
Configuring SSH
To configure SSH on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#ssh server enable [listen Enables the SSH server function. This
{<22>|<49152-65535>}] function is disabled by default.
ZXR10(config)#ssh server disable Disables the SSH server function.
1-21

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config)#ssh server access-class Creates a binding between the IPv4

ipv4<acl-name> ACL and the SSH server.
ZXR10(config)#no ssh server access-class ipv4 Removes the binding between the IPv4
ACL and the SSH server.
3 ZXR10(config)#ssh server access-class ipv6 Creates a binding between the IPv6

<acl-name> ACL and the SSH server.
ZXR10(config)#no ssh server access-class ipv6 Removes the binding between the IPv6
ACL and the SSH server.
4 ZXR10(config)#ssh server dscp <dscp-value> Specifies the DSCP value for IPv4 or
IPv6 packets. The default DSCP value
is 0xc0.
<acl-name> ACL name, range: 1–31 characters.
<dscp-value> DSCP value, range: 0–63.
Configuring an SSH Client

The following procedure uses Putt as an example to describe how to configure an SSH
client.
1. Enable Putty.exe on the SSH client. The PuTTY Configuration dialog box is
displayed.
2. Enter 192.168.0.202 (IP address of the remote switch) in the Host Name field, see
Figure 1-17.
1-22

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 1-17 SSH Client Login Configuration
3. Select 2 from the Preferred SSH protocol version field, see Figure 1-18.
Figure 1-18 SSH Client Select Version Configuration
4. Click the Open button. The PuTTY window for login is displayed, see Figure 1-19.
1-23

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 1-19 Successful Login Interface
5. Enter the username and password.
Maintaining SSH
To maintain SSH on the ZXR10 5900E, run the following command:
Command Description
ZXR10#show ssh Displays the configuration status

of SSH.
ZXR10#show ssh
=================================================================
SSH configuration
=================================================================
SSH enable-flag configuration : disable
SSH version : 2
SSH listen port :
SSH DSCP value :
SSH IPv4 ACL name :
SSH IPv6 ACL name :
SSH rekey interval : 1(hours)
enable-flag configuration Whether the SSH function is enabled or not. "enable" means
that SSH function is enabled.
listen port Listening port number of the SSH server.
DSCP value DSCP value for the SSH server.
1-24

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
SSH acl name ACL bound to the SSH server.
1.2 Command Modes

For users to configure and manage routers conveniently, ZXR10 5900E assigns
commands to different modes according to different functions and rights. A command can
only be carried out in a special mode.
In any command mode, just enter a question mark "?", and the commands that can be
used in the mode can be viewed.
Command modes of ZXR10 5900E are as follows.
User Mode
When logging in to the system in HyperTerminal mode, the user enters the user mode
automatically. If using Telnet mode for login, a user enters into user mode after entering
the user name and password.
DOS prompt of user mode is host name of router followed by a ">", as follows (the default
host name is ZXR10):
ZXR10>
In user mode, a user can run commands, such as ping and telnet.
After logging in to the system through the telnet command, the user enters special mode,
and then returns to user mode. In this case, the user can query some system information.
The user can execute the following commands:
ZXR10>?
Exec commands:
disable Turn off privileged commands
enable Turn on privileged commands
exit Exit from current mode
login Login as a particular user
logout Exit from the EXEC
ping Send echo messages
ping6 Send IPv6 echo messages
query List all commands with the keywords in the current command mode
quit Quit from the EXEC
show Show running system information
ssh Open a ssh connection
ssh6 Open a ssh6 connection
telnet Open a telnet connection
telnet6 Open a telnet6 connection
trace Trace route to destination
1-25

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
trace6 Trace route to destination using IPv6

who List users who are logining on
Privileged Mode
In user mode, enter enable command and corresponding password to enter privileged
mode.
ZXR10>enable 15
Password: (The input password will not be displayed on the screen)
ZXR10#
By default, system password is zxr10.

In privileged mode, a user can view more detailed configuration information and also can
enter configuration mode to configure entire switch. Therefore, a password must be used
to prevent illegal use of unauthorized users.
To return from privileged mode to user mode, use disable command.
Global Configuration Mode

In privileged mode, enter the config terminal command to enter into global configuration
mode, as follows:
Enter configuration commands, one per line. End with CTRL/Z.
ZXR10(config)#
ZXR10(config)#multi-user configure
/*This permits multiperson to operate.*/
%Info 140359:
Commands in global configuration mode act on entire system, not merely on a protocol or
interface.
To return from global configuration mode to privileged mode, enter the exit or end command
or press <CTRL+Z>.
Interface Configuration Mode

In global configuration mode, use interface command to enter interface configuration mode
as shown in following example:
ZXR10(config)#interface gei-0/1/1/1
/*This enters the interface configuration mode of gei-0/1/1/1.*/
ZXR10(config-if-gei-0/1/1/1k)#
In interface configuration mode, the parameters of interface can be modified. To return

from interface configuration mode to global configuration mode, enter the exit command
and to return from interface configuration mode to privileged mode directly enter the end
command or press <CTRL+Z> or <CTRL+C>.
1-26

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Route Configuration Mode

In global configuration mode, use router command to enter route configuration mode.
ZXR10(config)#router ospf 1
ZXR10(config-ospf-1)#
Routing protocols used are Routing Information Protocol (RIP), Open Shortest Path
First (OSPF), Intermediate System-to- Intermediate System (IS-IS) and Border Gateway
Protocol (BGP). In above example, OSPF is used.
To return from route configuration mode to global configuration mode enter the exit
command and to return from route configuration mode to privileged mode directly enter
the end command or press <CTRL+Z>.
1.3 Online Help

In any command mode, enter a question mark (?) after DOS prompt of system, a list of
available commands in command mode is displayed. With context-sensitive help function,
keywords and parameter lists of any commands can be obtained.
l In any command mode, enter a question mark "?" after DOS prompt of system and
a list of all commands in mode and brief description of commands is displayed. For
example:
ZXR10>?
Exec commands:
disable Turn off privileged commands
enable Turn on privileged commands
exit Exit from current mode
license License install
login Login as a particular user
logout Exit from the EXEC
ping Send echo messages
ping6 Send IPv6 echo messages
quit Quit from the EXEC
show Show running system information
ssh Open a ssh connection
ssh6 Open a ssh6 connection
telnet Open a telnet connection
telnet6 Open a telnet6 connection
trace Trace route to destination
trace6 Trace route to destination using IPv6
who List users who are logining on
l Enter a question mark after a character or string, commands or a list of keywords
starting with character or string can be displayed. Note that there is no space between
character (string) and question mark. For example:
ZXR10#co?
commit configure copy
1-27

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10#co
l Press Tab after character string, if command or keyword starting with this string is a
unique one, command or keyword is complemented and a space is added after it. For
example:
ZXR10#con<Tab>
ZXR10#configure (There is a space between "configure" and
the cursor)
l Enter a question mark (?) after a command, a keyword or a parameter, next keyword
or parameter to be entered is listed and also a brief explanation is given. For example:
ZXR10##configure ?
exclusive Configured exclusively, the terminal will lock system
configuration
terminal Enter configuration mode
l If a wrong command, keyword or parameter is entered, after pressing <ENTER>, user
interface will use a "^" symbol to isolate error. The "^" is displayed under first character
of incorrect command, keyword or parameter, see following example:
ZXR10#von ter
von ter
^
%Error 140303: Invalid input detected at '^' marker.
In the following example, assume that a clock is to be set and context-sensitive help is
used to check syntax for setting clock.
ZXR10#cl?
clear clock
ZXR10#clock ?
set Set current time (Local time)
ZXR10#clock set ?
hh:mm:ss Current time
ZXR10#clock set 13:32:00
%Error 140305: Incomplete command.
ZXR10#
In the end of above example, system prompts "Incomplete command", indicating that other
keywords or parameters must be entered.
ZXR10 5900E also allows abbreviation of a command or keyword into characters or a
string that uniquely identifies command or keyword. For example, show command can be
abbreviated sh or sho.
1.4 Command History

User interface supports function of recording the entered commands. A maximum of ten
history commands can be recorded. The function is very useful in re-invocation of a long
or complicated command or ingress.
1-28

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
To re-invoke a command from record buffer, conduct one of following operations as shown
below.
Command Function
Press <Ctrl+P> or the up arrow key This re-invokes the latest

command in the record buffer.
Repeat these keys to invoke old
commands forwards
Press <Ctrl+N> or the down arrow key This rolls the commands
downward. When the last
command line is reached, one
more operation will roll the
commands from the beginning of
the buffer cyclically.
Use the show history command in privileged configuration mode and latest several
commands in that mode will be listed.
ZXR10#show history
who
show processor
show ver
show history
1-29

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1-30

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 2
System Management
Table of Contents
File System Management...........................................................................................2-1
System Information State ...........................................................................................2-3
Device Maintenance.................................................................................................2-14
Version Upgrade ......................................................................................................2-18
VSC Configuration....................................................................................................2-23
2.1 File System Management

2.1.1 File System Management Overview
On ZXR10 5900E, the main control board has a flash card. The file directory is /flash.
Partition usage introduction is shown below:
l In the /flash directory, users can manage files, such as rename, delete, dir and copy.
They can create and delete directories.
l Version file, configuration file, system halted file and abnormal log are restored in
/flash.
The file operations, such as copy, delete, are low speed device operations. Therefore,
when multiple terminals are used, to decrease the influence of one terminal operation to
another terminal operation, all operation of file system will be achieved by an independent
process. This process includes two working modules, one working module is responsible
for process all file operation commands and the returning and showing of corresponding
data, another working module with lower priority is responsible for perform several
persistent operations, copy, delete, format, mount and umount.
In addition, the function that show the content of file operation can be achieved by using
more command, and it also can be achieved by Telnet process. The advantage of Telnet
process is that it can reduce the communication processing in the system. However,
considering that file storage devices are used by other service boards and the file system
operation are possible to be required, therefore, all of the file operation commands is used
in file operation process.
2.1.2 Managing Files

To manage files on the ZXR10 5900E, run the following commands:
2-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#dir [<word>] Displays the file information.

<word>: supporting a character string, optional.
If this parameter is not specified, the information about the files
under the current directory is displayed. If this parameter is
specified, the information about the files under the specified
directory or the specified file is displayed (if the entered directory
begins with the root directory, the absolute directory is displayed.
Otherwise, the information about the files in the relative directory is
displayed). This parameter can contain the "*" wildcard.
ZXR10#pwd Displays the current file path.
ZXR10#cd <word> Switches to the specified file path.

<word>: directory name, required, supporting a character string.
ZXR10#mkdir <word> Creates a directory. If the directory already exists, a prompt is

displayed. <word>: directory name, required.
ZXR10#rmdir <word> Deletes the directory.

ZXR10#delete <word> Deletes the file.

<word>: file name, required, supporting a character string..
ZXR10#cp <word1<word2> Copies the file.

<word1>: source file name (a path name can be contained).
<word2>: destination file name (if the path is not specified, the
current directory is used. If the path is contained and the directory
does not exist, a message is returned, indicating that the directory
does not exist.)
ZXR10#format {/flash | /sd| /usb} Formats the /flash or /sd partition.

Before this command is executed, a message is displayed,
indicating that all files on the partition will be lost.
The /flash,/sd or /usb parameter is required, and you should select
one of them as needed.
ZXR10#more <word>|[begin|excl Displays the contents of specified file.

ude|include] <word>: file name, required, supporting a character string.
"|" is an output flag.
ZXR10#mount{sd | flash | usb1 Mounts the storage device (sd/flash/usb1/usb2).

| usb2} The sd/flash/usb1/usb2 parameter is required.
ZXR10#umount{sd | flash | usb1 Unmounts the storage device (usb1/usb2).

| usb2}
2-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 2 System Management c u -tr a c k
Command Function
ZXR10#show filesystem [all ] Displays the information about the partitions that can be operated
in the file system.
If the all parameter is specified, the information about the partitions
that can be operated on all boards is displayed.
Example
The following example shows how to operate a file:
ZXR10#rename startrun1.dat startrun.dat
Rename success.
2.2 System Information State

2.2.1 System Information State Overview
Currently, ZXR10 5900E supports to view the following system informations,
l System configuration information: Host name, welcome information, serial port
information, contact address and tel-number, Console port IP address and FTP user
name, password and saving mode.
l System State: Version, Central Processing Unit (CPU) information
System configuration information is saved in database. System module informations, such
as about power supply, fans, are collected by IPMC board, and then displayed to user by
using interacted command system.
2.2.2 System Parameter Configuration

The system parameter configuration of ZXR10 5900E, includes host name, welcome
information and serial port information configuration.
Setting System Host Name

By default, the host name of the system is ZXR10. To set system host name on ZXR10
5900E, perform the following steps.
1 ZXR10(config)#hostname <hostname> This configures system host

name.
<hostname> is the designated
system host name, the length
is 1-32 characters.
2 ZXR10(config)#no hostname This restores the default

system host name ZXR10.
2-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
This example describes how to set system host name as 5900e.
ZXR10(config)#hostname 5900e
5900e(config)#
This example restores the default system host name.

5900e(config)#no hostname
ZXR10(config)#
The modification of host name takes effect immediately.
Configuring the Welcome Information

To configure the welcome information of the system on ZXR10 5900E, use the following
command:
Command Function
ZXR10(config)#banner incomingstart indicator<new This configures the welcome

banner>end indicator information of the system. "new
banner" specifies the welcome
information, which is a string of 1
to 253 characters.
ZXR10(config)#no banner incoming This restores the default welcome

information of the system.
The default welcome information of the system is as follows:

*****************************************************************************
Welcome to ZXR10 Carrier-Class High-end Routing Switch of ZTE Corporation
*****************************************************************************
The following is an example of how to configure the welcome information:

Set the welcome information to "123456":
ZXR10(config)#banner incoming #
Enter TEXT message. End with the character '#'.
123456#
ZXR10(config)#
Restore the default welcome information:
ZXR10(config)#no banner incoming

ZXR10(config)#
The modification takes effect immediately.
2-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Setting System Support Serial Port Authentication

To set system support serial port authentication on ZXR10 5900E, use the following
commands.
Command Function
ZXR10(config)#login_authentication enable This sets system support serial

port authentication.
ZXR10(config)#login_authentication disable This disables system support

serial port authentication.
This example describes how to set ZXR10 5900E to support serial port authentication.
ZXR10(config)#login_authentication enable
ZXR10(config)#
This example describes how to set ZXR10 5900E to disable serial port authentication.
ZXR10(config)#login_authentication disable
ZXR10(config)#
Setting the Configuration Message Saved in EEPROM

To set the configuration message saved in Erasable Programmable Read Only Memory
EEPROM on ZXR10 5900E, perform the following steps.
ZXR10(config)#nvram boot-password <password> This sets FTP Server password

for FTP starting.
1
The password length ranges
from 3 to 16 characters.
2 ZXR10(config)#nvram boot-server <ip-address> This sets IP address of FTP

server.
ZXR10(config)#nvram boot-username <boot-username> This sets FTP user name.

3 The password length ranges
4 ZXR10(config)#nvram default-gateway <default-gateway> This sets the default gateway

IP address.
5 ZXR10(config)#nvram en-password <word> This sets the password for

privileged mode.
The password length ranges
6 ZXR10(config)#nvram imgfile-location {local | network This sets the starting file name.
<file-name>}
2-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Descriptions of the parameters in Step 5:
local Local starting
network Network starting
<file-name> Starting path, the length ranges from 1 to 79 characters.
This example shows how to set the configuration message saved in EEPROM.
ZXR10(config)#nvram boot-password ?
WORD FTP password (3-16 characters)
ZXR10(config)#nvram boot-password ******
ZXR10(config)#nvram boot-server 168.0.0.178
ZXR10(config)#nvram boot-username 5950
ZXR10(config)#nvram default-gateway 168.0.0.1
ZXR10(config)#nvram en-password ******
ZXR10(config)#nvram imgfile-location network HMPU.set
2.2.3 System Information Viewing

On ZXR10 5900E, use a set of show commands to view system information. The
common-used commands are described in the following topics.
Viewing System Location, Contact, and Other Information

To view the system location, contact, and other information on ZXR10 5900E, use the
following commands:
Command Function
ZXR10#show system-info This shows the system description,

version information, compilation
time, system object ID, system
operation time, contact telephone
number, address, and other
information.
ZXR10(config)#show system-info
System Description: ZXR10 ROSNG Version V2.00.31(4.2.24)
ZTE ZXR10 5928E-FI Software, 5900 Version: V3.00.11.B11, RELEASE SOFTWARE
Copyright (c) 2010-2020 by ZTE Corporation
Compiled 2015-01-09, 08:11:02
System ObjectId: iso.org.dod.internet.private.enterprises.zte.zxr10.zxr10SwitchM
2-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ib.zxr10systemconfig.zxr10SystemID.zxr10Switch-5928E-FI
Started before: 227 Seconds
Contact with: +86-010-82960000

System name: 206
Location: No.19, Huayuan East Road, Haidian District, Beijing, China
This system primarily offers a set of 79 services
Viewing the System Host Name, Welcome Information, and Serial Port Authentication
Information
To view the system host name, welcome information, and serial port authentication
information on ZXR10 5900E, use the following command:
Command Function
ZXR10#show running-config pm-sys This shows the system host name,

welcome information, and serial
port authentication information.
ZXR10#show running-config pm-sys
!<pm-sys-config>
banner incoming #
123456#
!</pm-sys-config>
Viewing Version Information

To view the version information on ZXR10 5900E, use the following command.
Command Function
ZXR10#show version This views the version information

of all cards in all the shelves. It
can shows the version and system
hardware summary information.
1. View the software version (version set) information.
Version set information includes the version number, supported products, compilation
date and time (format: day-month-year; in 24–hour notation), version path, and version
running time.
2. View the hardware information of the system.
a. Message header format, board type, physical location (rack/shelf), displayed

active/standby status (not displayed if the backup mode is not active/standby)
2-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
b. Basic information: For a main control board, the basic information includes the
main processor type, Bootrom version, memory and Flash size, baud rate of
a serial port, microcontroller version number of the clock subcard, Erasable
Programmable Logic Device version number of the clock subcard, Nvram, CPU
version number, FPGA version number, SD size, CPLD version number, board
type, and board name. For a line card, the basic information includes the main
processor type, Bootrom version, memory size, CPLD version number, port
quantity, board type, board type, status of the network processor, and availability
of the network processor.
This example describes how to view device version information.
ZXR10(config)#show version
5928E-FI Software, 5900 Version: V3.00.11.B11, RELEASE SOFTWARE
Copyright (c) 2010-2020 by ZTE Corporation.
Compiled 2015-01-09, 08:11:02
System image files are:<ftp://168.0.0.178/HMPU.set>
System uptime is 0 days, 0 hours, 3 minutes
[MP(M) , shelf 0 ,panel 1]

cpu 0
Main processor : ARM MV78230 Processor
Bootrom Version : V2.01
Memory : 2042 Mbytes
System Flash : 512 Mbytes
System baud : 9600 baud
System nvram : 8 kbytes
CPUcard CPLD : V1.00
CPLD1 Version : V1.20
Board Name : 5928E-FI
Product Version : V1.40
Board PCB : V1.00
Viewing the Rack Diagram

To view the rack diagram, run the following command on the ZXR10 5900E:
Command Function
ZXR10#show shelf-info This displays information of all

online cards.
This example shows how to display information of the rack diagram.
ZXR10#show shelf-info
2-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
shelf-id panel role status
-------------------------------------------
0 T1 MP MASTER
Viewing CPU Peak Time

To view CPU peak time on ZXR10 5900E, use the following command.
Command Function
ZXR10#show processor This shows the memory and CPU

running state.
This shows the memory and CPU running state, including the CPU shelf, slot, CPU ID,
temperature, CPU occupancy rate during the latest 5 seconds, 1 minute and 5 minutes,
CPU occupancy peak rate in 1 minute (absolute granularity), physical content size, free
memory size and memory usage rate.
This example describes how to view memory and CPU running state.
ZXR10#show processor
============================================================================
============================================================================
M : Master CPU
S : Slave CPU
Power : Power dissipation (Watt)
CPU(5s): CPU utility measured in the last 5 seconds
CPU(1m): CPU utility measured in 1 minute
CPU(5m): CPU utility measured in 5 minutes
Peak : CPU peak utility measured in 1 minute
PhyMem : Physical memory (Megabyte)
FreeMem: Free memory (Megabyte)
Mem : Memory usage ratio
=============================================================================
=============================================================================
Shelf Panel CPUID Power CPU(5s) CPU(1m) CPU(5m) Peak PhyMem FreeMem Mem
=============================================================================
MP(M) 0 1 0 N/A 15% 16% 15% 20% 2048 710 65.308%
----------------------------------------------------------------------------
Viewing the Configuration Message Saved in EEPROM

To view the configuration message saved in EEPROM on ZXR10 5900E, use the following
command.
2-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#show nvram-info This views the configuration

message saved in EEPROM.
This example describes how to view the configuration message saved in EEPROM.
ZXR10#show nvram-info
nvram boot-username 3900
nvram boot-password ******
nvram boot-server 168.10.0.133
nvram default-gateway 168.10.0.1
nvram mng-ip-address 168.10.0.71 255.255.255.0
nvram imgfile-location local flash HMPU.set
nvram backup-imgfile
nvram update-back-flag 0xbf
Showing the bootrom Version Information of Boards

To show the bootrom version information of the boards on ZXR10 5900E, use the following
command:
Command Function
ZXR10#show bootrom This shows the bootrom version

number of all the working boards
on the rack.
The following is an example of showing the bootrom version information:
ZXR10#show bootrom
[MP(M) , shelf 0 ,physlot 4]
cpu 0
Creation Date : 2011/3/15
Showing the Loading Information of the Flash File System

To show the loading and checking information of the flash file system on ZXR10 5900E,
use the following command:
Command Function
ZXR10#show flash-check This shows the loading and

checking information of the flash
file system.
2-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The following is an example of showing the loading and checking information of the flash
file system:
ZXR10#show flash-check
Master MP flash is loaded.
Master MP flash checked OK.
Slave MP has not started up
2.2.4 System Information State Configuration Examples

These are some examples of system information state configuration.
l This example shows the system software and hardware versions.
Compiled 2015-01-09, 08:11:02

cpu 0
Board PCB : V1.00
l This shows system card information, such as CPU usage rate, peak value,
temperature, and memory usage rate.
ZXR10#show processor
============================================================================
============================================================================
M : Master CPU
S : Slave CPU
2-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

=============================================================================
=============================================================================
=============================================================================
MP(M) 0 1 0 N/A 15% 16% 15% 20% 2048 710 65.308%
----------------------------------------------------------------------------
l This shows the interface information.
Interface information:
ZXR10#show interface brief
Interface Portattribute Mode BW(Mbits) Admin Phy Prot Description
gei-0/1/1/1 electric Duplex/full 100 down up down none
Descriptions of the command output:
Interface Interface name
Portattribute Optical and electrical attribute of the interface
Mode Full duplex or half duplex mode
BW(Mbits) Interface bandwidth
Admin Administrative status of the interface, options:
à up
à down
Phy Physical status of the interface, options:
à up
à down
Prot Whether the L2 protocol function of the interface is

available, options:
à up
à down
Description Description for the interface
l This example describes how to show the brief information of all L3 interfaces.
ZXR10#show ip interface brief
interface IP-Address Mask AdminStatus PhyStatus Protocol
2-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
vlan1 4.4.4.1 255.255.255.0 up up up

vlan2 10.4.5.6 255.255.255.0 up up up
vlan3 10.3.1.1 255.255.255.0 up up up
vlan4 24.1.1.11 255.255.255.0 up up up
vlan5 unassigned unassigned up up up
vlan7 10.7.1.1 255.255.255.0 up up up
vlan8 10.8.1.1 255.255.255.0 up up up
vlan9 10.9.1.1 255.255.255.0 up up up
vlan12 10.12.1.1 255.255.255.0 up up up
l This example describes how to show the brief information of the L3 interface matched
regular expression (the interface ending by 3)
ZXR10#show ip interface brief include 3$
interface IP-Address Mask AdminStatus PhyStatus Protocol
vlan3 unassigned unassigned up up down
The characters and their meanings of regular expression are shown below.
Character Description
^ It is the starting of character string. ^a only matches a character in the

starting of character string.
^ The ^ following with [ has different meaning. It is used to exclude the

characters in the bracket from the destination string processing. For
example, [^0-9] means that the destination character cannot be a number.
$ It is the ending of character string. For example, abc$ only matches the abc
substring at the ending of character string.
| It permits any regular expressions at its both sides to match the destination
string. For example, a|b matches a or b.
. Match any character.
* In the expression, the left character (or element) matches one or many times.
+ Similar to *, the left character matches one or many times.
? Match the right character one or many times.
() As a complete unit, it influences on the model calculation sequence. As a

label expression, use another expression to replace the matched substring.
[] Character set, any character can match the destination string.
l This example describes how to show the description information of all ports.
ZXR10#show interface description
Interface AdminStatus PhyStatus Protocol Description
gei-0/1/1/1 up up up none
2-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
gei-0/1/1/3 up down down none

gei-0/1/1/5 up down down none
gei-0/1/1/6 down down down none
Interface The current existing interface name
AdminStatus It indicates the interface management state is available or

not. Up means available, and down means unavailable.
PhyStatus It indicates the interface physical state is available or not.

Up means available, and down means unavailable.
Protocol It indicates the link layer protocol is available or not. Up

means available, and down means unavailable.
Description Port description information
2.3 Device Maintenance

2.3.1 Device Maintenance Overview
Device maintenance means device power-on, reset and power-off.
2.3.2 Device Maintenance Configuration

Device Power Up
l Device Manual Power Up
Device manual power up means that enter boot menu to configure and start system
after powering up the device.
1. After the system powering up, enter Boot menu. In the first use, configure Boot
as follows: press any key to enter boot menu after the message "Hit any key to
stop autoboot" is displayed. Configure boot according to the following example.
Load the version after finishing the configuration.
2. Start the system manually after finishing the configuration.
2-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3. System displays the prompt "ZXR10>" to indicate the starting is successful. Enter
enable command, and enter the enable password according to the prompt. Enter
privileged mode if passing the authentication.
This example describes how to power on the system manually.
BootROM 1.20
Booting from NAND flash
High speed PHY - Version: 2.1.2 (COM-PHY-V20)
Update PEX Device ID 0x78260
High speed PHY - Ended Successfully
DDR3 Training Sequence - Ver 5.3.0
DDR3 Training Sequence - Run with PBS.
DDR3 Training Sequence - Ended Successfully
Status = MV_OK
BootROM: Image checksum verification PASSED
KUBoot 2.0.10.P9-svn47 (Jan 6 2014 - 16:42:05)
Marvell version: 2012_Q4.0
RAM Configuration:
Bank #0: 00000000 Bank #1: 00000000 Bank #2: 00000000 Bank
#3: 00000000 relocation Offset is: 6ff15000
Now running in RAM - U-Boot at: 7ff15000
NAND: <<>>flashIdx=12,---fo1:1144, fo2:88--
512 MiB
FPU not initialized
Modules Detected:
Not Marvell PHY id1 ffff id2 ffff
egiga0, egiga1, egiga2, egiga3
yaffs: Mounting /flash/
Bad block table found at page 262080, version 0x01
yaffs: restored from checkpoint
Hit any key to stop auto-boot: 0
[boot]: c
'.' = clear field; '-' = go to previous field; '^' = quit
Boot Location [0:Net,1:Flash,2:USB]: 0
Client IP : 168.0.0.59 168.0.0.59
Netmask : 255.255.255.0 255.255.255.0
Server IP : 168.0.0.178 168.0.0.178
Gateway IP : 168.0.0.1 168.0.0.1
FTP User : 59 59
FTP Password : ***
FTP Password Confirm : ***
Bootfile : HMPU.set
Enable Password :
2-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Save parameter to nvram success.

[boot]: b
l Device Auto Power Up
Device auto power up means system starts according to the configuration saved in
EEPROM after the device powers up.
1. After the system powering up, enter Boot menu. In the first use, configure boot
as follows: press any key to enter boot menu after the message "Hit any key to
stop autoboot" is displayed. Configure Boot according to the following example.
Load the version after finishing the configuration.
2. Start the system automatically after finishing the configuration.
3. System displays the prompt "ZXR10>" to indicate the starting is successful. Enter
enable command, and enter the enable password according to the prompt. Enter
privileged mode if passing the authentication.
This example describes how to power up device automatically.
BootROM 1.20
Status = MV_OK
KUBoot 2.0.10.P9-svn47 (Jan 6 2014 - 16:42:05)
RAM Configuration:
512 MiB
FPU not initialized
Modules Detected:
2-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Client IP : 168.0.0.51
Netmask : 255.255.255.0
Server IP : 168.0.0.178
Gateway IP : 168.0.0.1
FTP User : 59
FTP Password :
Bootfile : HMPU.set
Enable Password :
MAC Address : 00.d0.d0.51.10.00
Loading....................
Reloading Device
To reload cards in the designated slot on ZXR10 5900E, use the following command.
Command Function
ZXR10#reload [ mpc {t1}][ force ] This reloads the cards in the

designated slot.
Parameter descriptions:
mpc The reloaded object is a main control board.
{t1} The main control slot.
force The value "force" indicates that the reload operation is

performed by force.
This example describes how to reload the system.
ZXR10#reload
Are you sure to reset the board?[yes/no]:y
BootROM 1.20
Status = MV_OK
KUBoot 2.0.10.P9-svn47 (Jan 6 2014 - 16:42:05) Marvell version: 2012_Q4.0
RAM Configuration:
Bank #0: 00000000 Bank #1: 00000000 Bank #2: 00000000 Bank #3: 00000000
2-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
relocation Offset is: 6ff15000

512 MiB
FPU not initialized
Modules Detected:
Client IP : 168.0.0.51
Netmask : 255.255.255.0
Server IP : 168.0.0.178
FTP User : 59
FTP Password :
Bootfile : HMPU.set
Enable Password :
MAC Address : 00.d0.d0.51.10.00
Loading.............................
2.4 Version Upgrade

2.4.1 Version Upgrading Overview
Terms referred to version upgrading are described below.
l Version: It is a general designation of the files required by system running.
l Distribution set: It is a file that all versions are packed together according to some
rules.
Version upgrading means that in the current device, the runnings of all versions in each
card are stopped, and each card uses the version coming from the new distribution set.
Generally, version upgrading is performed for the following two conditions,

l The old version does not support some functions.
l The device fails to run because some special reasons.
If the version upgrading is not operated well, the upgrading will be failed, and the system
will be halted in severe case. Therefore, the maintenance staffs have to read this document
and learn the steps for version upgrading before performing version upgrading.
On ZXR10 5900E, there are two version upgrading modes,
2-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
l Upgrade the software system by network mode

l Upgrade the software system by FLASH mode
By powering off and restarting ZXR10 5900E, the runnings of all versions of each card
will be stopped. After MPU system restarts, system downloads and analyzes the new
distribution set, meanwhile, it updates system version descriptions.
2.4.2 Version Upgrading

Upgrading Version in Network Mode
l Version Upgrading Perquisites
1. Prepare a PC that FTP sever software is installed. The PC acts as FTP server.
Configure its IP address and ensure that PC and ZXR10 5900E management
interface IP addresses are in the same network segment.
2. Create a user in FTP server. Configure password and file downloading directory.
Save the new distribution set in the file downloading directory in FTP server. Start
FTP server.
3. Connect serial port of ZXR10 5900E (CONSOLE port on MPU) to serial port of
FTP server with the console cable. Connect management interface of ZXR10
5900E (10/100/1000M interface on MPU) to network port of FTP server with
Ethernet cable. Ensure that the connections are correct.
4. Affirm the version number of the new distribution set file. In the last stage of
version upgrading, confirm whether the upgrading is successful according to the
version number.
l Version Upgrading Steps
Perform the following steps to upgrade version.
1. In privilege mode, run reload, and then press Enter.
2. Check whether the BOOT parameters are correct. If not, modify the BOOT
parameters as follows:
In the BOOT stage of the main control board MPU, do as follows:
a. When the following information is displayed, press any key to enter the BOOT
setting mode:
Press any key toautoboot:3
b. When the following information is displayed, type y to start modifying the

BOOT parameters:
Boot Location [0:Net,1:Flash,2:SD]: 0
Client IP : 128.7.8.222
Netmask : 255.255.0.0
Server IP : 128.7.8.159
Gateway IP : 128.7.8.159
FTP User : zxr10_hsmp
2-19

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
FTP Password :
Bootfile : bjmp.set
Enable Password :
Loading...
Descriptions of BOOT parameters:
BOOT Description
Boot Location Starting mode
Client IP IP address of network management

interface
NetMask Subnetwork mask
Server IP IP address of version file server
Gateway IP IP address of FTP gateway
FTP User FTP user name
FTP Password FTP password
Bootfile Version file name
Enable Password Enable password (required when the user

needs to enter the privilege mode from
the user mode).
c. After modifying the parameters, type b to start the system:

[Zxr10 Boot]: b
3. After the system is started, enter the OAM man-machine interaction interface and
run show version to see whether the displayed version number is consistent with
the version number of the newly released version set file. If yes, it indicates that
the upgrade succeeded; otherwise, it indicates that the upgrade failed.
Run show version. The version number is "V3.00.11.B11" printed below:
Compiled 2015-01-09, 08:11:02

cpu 0
2-20

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

Board PCB : V1.00
Upgrading the Complete Set Software System Through the Flash

l Version Upgrading Perquisites
1. Prepare a PC that FTP sever software is installed. Set the IP address of the PC
and ensure that the PC and ZXR10 5900E management interface IP addresses
are in the same network segment.
2. Create a user on the FTP server. Set the password and a file download folder.
Place the newly released version set file in this folder, and then start the FTP
server.
3. Connect the serial port of ZXR10 5900E (CONSOLE port on the MPU) to the serial
port of PC with a serial port cable. Connect the management interface of ZXR10
5900E (10/100/1000M interface on MPU) to the network port of the PC with an
Ethernet cable.
4. Affirm the version number of the newly released version set file. In the last stage
of version upgrading, check whether the upgrading is successful according to the
version number.
l Version Upgrading Steps
1. Copy the version set file (for example, bjmp.set) to the Flash of the switch through
FTP:
copy ftp vrf mng //128.7.8.159/bjmp.set@zxr10:zxr10 root: /flash/img/bjmp.set
Now, the bjmp.set file can be seen in the img directory of the Flash. Run reload
to reload the system.
2. Modify the value of Boot Location among BOOT parameters to 1, so that the
version can be loaded from the Flash. In addition, set Bootfile to the img directory
of the Flash. After that, run b to load the system. Then the system can start the
new version in the img directory as follows:
ZXR10#reload
Are you sure to reset the board?[yes/no]:y
BootROM 1.20
Status = MV_OK
2-21

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

KUBoot 2.0.10.P9-svn47 (Jan 6 2014 - 16:42:05)
RAM Configuration:
512 MiB
FPU not initialized
Modules Detected:
[boot]: c
'.' = clear field; '-' = go to previous field; '^' = quit
Boot Location [0:Net,1:Flash,2:USB]: 0 1
Client IP : 168.0.0.51
Netmask : 255.255.255.0
Server IP : 168.0.0.178
FTP User : 59
FTP Password :
Bootfile : bjmp.set
Enable Password :
Save parameter to nvram success.
[boot]:
[boot]: b
Client IP : 168.0.0.51
Netmask : 255.255.255.0
Server IP : 168.0.0.178
FTP User : 59
FTP Password :
Bootfile : bjmp.set
Enable Password
3. After the system is started, enter the OAM man-machine interaction interface and
run show version to see whether the displayed version number is consistent with
the version number of the newly released version set file. If yes, it indicates
that the upgrade succeeded; otherwise, it indicates that the upgrade failed. The
2-22

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
command and method are the same as those in "Upgrading Version in Network
Mode".
2.5 VSC Configuration

2.5.1 VSC Overview
As a network virtualization technology, the Virtual Switch Cluster (VSC) is used to combine
multiple single devices into a virtual one. These combined devices are interconnected
through VSC boards, and discover each other through the Link Layer Discovery Protocol
(LLDP). Through a specific mechanism, one of these devices is elected as the primary
node, and the rest of devices are forced to assume the role of forwarding messages.
In general cases, the device role election mechanism elects the device with the smallest
number as the primary device. If the primary device or the link between the devices in the
VSC system is down, the secondary device immediately takes over the VSC system. This
mechanism ensures normal system operation and traffic forwarding.
The ZXR10 5900E supports creating the VSC system through the configuration. The VSC
configuration items include the operation mode, member number, VSC domain, VSC port
and conflict detection. The ZXR10 5900E also supports the display of the configuration
and operation information of the VSC system.
VSC-related terms are as follows:
1. Running mode: independent or VSC.
l Independent mode: In this mode, the device can only operate as a single PC,
meaning that it cannot form a VSC with other devices.
l VSC mode: In this mode, the device can form a VSC with other devices through
interconnection.
2. Role: If the device operates in VSC mode, it can have the Master, Slave or Standby
role based on the function.
l Master: manages the VSC system.
l Slave: operates as the standby device of the master device.
If the master device is faulty, the system elects a new master device from slave
devices to take over the services of the original master device. A VSC has only
one master device.
l Standby: operates as a working device, and is not available for management.

3. VSC domain: Domain is a logical concept. A VSC is formed after devices are
interconnected through VSC links. A set of these member devices is a VSC domain.
One device can belong to only a VSC domain.
4. Member ID: uniquely identifies member devices in the VSC.
5. Stack port: port for communication between devices when two or more devices are
used to form the VSC system. Aggregated by 10 GE or 40 GE ports, these ports are
logical ports similar to smartgroup ports.
2-23

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
6. VSC aggregation: After two independent VSC systems (typically two single VSC
systems) operating stably discover each other through a physical connection and the
necessary configuration, they are aggregated into a VCS system. This process is
known as VSC aggregation.
7. VSC splitting: After a VSC system is formed, if a link between the stack ports of two
devices is faulty, the physical connection between the two devices is broken. In this
case, the VSC system is split into two independent VSC systems. This process is
known as VSC splitting.
8. MAD detection: After the VSC is split, two VSC systems have the same layer-3
configuration (such as the IP address), causing address confliction and fault
escalation.
In VSC splitting, a mechanism is therefore required to enhance system availability, so

that multiple VSCs in the network can be detected and the corresponding operations
can be performed to reduce the impact on services.
MAD detection is a mechanism meeting the above requirements. It can detect address
confliction, resolves faults, and restores the network. However, it does not detect link
faults.
2.5.2 Configuring the VSC System

The basic VSC configurations (including the operation modes and the member numbers)
are stored on the Non-Volatile Random Access Memory (NVRAM), and can be accessed
after the system is powered on. Other VSC configurations are stored under the /flash/
vscm/vscmCfg.dat directory on the flash device.
To configure the VSC system, run the following commands on the ZXR10 5900E:
Command Function
ZXR10(config-vsc)#vsc mode {cluster| This sets the operation mode of the device,
alone}[shelfid] required.
alone: the single-server mode, which means
that the device operating in this mode cannot
co-operate with other devices.
cluster: the cluster mode, which means that the
device operating in this mode can co-operate with
other devices (cluster members).
shelfid: the rack number of the VSC member,
optional. If this parameter is not set, the current
rack is configured by default.
2-24

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10(config-vsc)#vsc memberid This sets the ID of the VSC member.

<memberid>[shelfid] memberid: ID of the VSC member, range: 0 to
15, required.
shelfid: rack number of the VSC member,
ZXR10(config-vsc)#vsc domain <domainid>[sh This sets the ID of the VSC domain.

elfid] domainid: ID of the VSC domain, range: 1 to
255, required.
ZXR10(config-vsc)#vsc mad_port <port This sets a mad port.

id><interface> <port id>: MAD port ID, range: 1–2.
<interface>: Gigabit ethernet interface, required.
ZXR10(config-vsc)#vsc priority <priority>[shelf Sets the VSC election priority.

id] <priority>: election priority, range: 1–255,
required.
shelfid: shelf ID of the VSC memberm optional
on which this configuration is applied. If this
parameter is not set, the default value is the
current shelf.
ZXR10(config-vsc)#vsc port_group <group id Sets link binding in the port group of the VSC.
>[add | remove]<interface> <group id >: required, range: 1–2.
add: indicates to add an interface to the specified
port group.
remove: indicates to delete an interface from the
specified port group.
ZXR10(config-vsc)#vsc write [shelfid] This saves the VSC configuration.

ZXR10(config-vsc)#vsc clear [shelfid] Clears VSC configuration. This command is

applied immediately.
shelfid: shelf ID of the VSC memberm optional
on which this configuration is applied. If this
parameter is not set, the default value is the
current shelf.
Example
1. Run the following commands to set the operation mode of the device to VSC:
2-25

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#vsc
ZXR10(config-vsc)#vsc mode ?
alone alone mode
vsc Cluster mode
ZXR10(config-vsc)#vsc mode vsc
ZXR10(config-vsc)#vsc write
ZXR10(config-vsc)#
2. Run the following commands to set the ID of the VSC member:
ZXR10(config)#vsc
ZXR10(config-vsc)#vsc memberid ?
<0-15> Vsc member id
ZXR10(config-vsc)#vsc memberid 0
ZXR10(config-vsc)#
3. Run the following commands to set the ID of the VSC domain:
ZXR10(config)#vsc
ZXR10(config-vsc)#vsc domain ?
<1-255> Vsc domain
ZXR10(config-vsc)#vsc domain 20
ZXR10(config-vsc)#
4. Run the following commands to set a VSC link port:
ZXR10(config-vsc)#vsc port_group ?
<1-2> Vsc port group number
ZXR10(config-vsc)#vsc port_group 1 ?
add Add port to vsc port group
remove Remove port from vsc port group
ZXR10(config-vsc)#vsc port_group 1 add ?
xlgeis- XLGigabit ethernet interface
ZXR10(config-vsc)#vsc port_group 1 add xlgeis-0/1/1/3/1
ZXR10(config-vsc)#
5. Run the following commands to add a mad port:
ZXR10(config)#vsc
ZXR10(config-vsc)#vsc mad_port ?
<1-2> Vsc mad port number
ZXR10(config-vsc)#vsc mad_port 1 gei-0/1/1/1
2.5.3 Maintaining VSC

To view information of the VSC system, run the following commands on the ZXR10 5900E:
Command Function
ZXR10#show vsc config [shelfid] Displays the current VSC configuration.
2-26

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#show vsc next [shelfid] Displays the VSC configuration that will be in
effect after the system reboots.
ZXR10#show vsc information Displays the current operation information of the

VSC system, such as the active and standby
statuses, link statuses and the connection period.
ZXR10#show vsc link Displays the current statuses of the VSC links.
A description of the parameter is as follows:
shelfid Rack number of the VSC member, optional.

If this parameter is not set, the information of the
current rack is displayed by default.
Example
1. Run the following command to display the current VSC configuration:
ZXR10(config-vsc)#show vsc config
Mode: cluster
Memberid: 4
Domain: 100
Priority: 16
Mad port1: gei-4/1/1/27
Mad port2: gei-4/1/1/28
Vsc group number: 2
Groupid: 1
Group name: vsc group 1
Port number: 1
Port list:
Shelf Slot Subslot Port
---------------------------------
4 1 3 1
Groupid: 2
Port number: 1
Port list:
---------------------------------
4 1 3 2
2. Run the following command to display the current operation information of the VSC
system:
ZXR10(config-vsc)#show vsc information
Vsc domain : 100
2-27

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Master MP : 4
Slave MP : 2
Vsc setup time : 2010/01/01-0:40:6
Vsc running time : 0d/5h/35m/18s
3. Run the following command to display the VSC configuration that will be in effect when
the system reboots:
ZXR10(config-vsc)#show vsc next
Mode: cluster
Memberid: 2
Domain: 0
Priority: 0
Mad port1: none
Mad port2: none
Vsc group number: 2
Groupid: 1
Port number: 1
Port list:
---------------------------------
2 1 3 1
Groupid: 2
Port number: 1
Port list:
---------------------------------
2 1 3 2
4. Run the following command to display current information of the VSC links:
ZXR10(config-vsc)#show vsc link
device 8 port 1 <---> device 2 port 1
2.5.4 VSC Configuration Example

Configuration Description
Stack ports of the ZXR10 5900E are located on stack sub-cards. Physical stack interfaces
must support higig operating mode. Figure 2-1 shows the VSC network topology.
2-28

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 2-1 VSC Configuration Example
Note:
After the VSC function is configured, the vsc write command must be executed to save the
configuration, so that the configuration is valid if the device is restarted.
The show vsc config command isused to display the current valid VSC configuration.
The show vsc next command is used to display the saved VSC configuration that is applied
after the device is restarted.
Configuration Flow
Start the three devices. Ensure that the stack interfaces are up. Configure the VSC
function on S1, S2, and S3.
1. Set the three devices to operate in VSC mode.
2. Set the three devices to be in the same VSC domain.
3. Set different member IDs for the three devices.
4. Set different priorities for the devices. The device with the highest priority operates as
the master device, the device with the second highest priority operates as the slave
device, and the left device operates as the standby device.
5. Configure stack ports. A maximum of two port groups are supported. Each port group
contains only one port.
6. Save the VSC configuration.
7. Restart the devices. After the devices are restarted, the VSC system is created.
Configuration Commands
The configuration on S1 is as follows:
S1(config)#vsc
2-29

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1(config-vsc)#vsc mode vsc

S1(config-vsc)#vsc domain 10
S1(config-vsc)#vsc memberid 1
S1(config-vsc)#vsc priorty 255
S1(config-vsc)#vsc port_group 1 add xgeis-0/1/2/1

S2(config)#vsc
S2(config-vsc)#vsc write

S3(config)#vsc
S3(config-vsc)#vsc write
Note:
For the initial configuration, the shelf ID of each device is 0. After the devices are restarted,
the configured shelf IDs (namely, member IDs) of the devices are valid.
Configuration Verification
After the three devices are restarted, only one of the devices (in general, S1) enters
command line mode. If all the devices enter command line mode or no device enters
command line mode, the VSC system is not created successfully. Run the show processor
or show interface brief command on S1. Information about S2 and S3 is displayed.
S1#show processor
================================================================================
================================================================================
M : Master CPU
S : Slave CPU
2-30

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

================================================================================
================================================================================
================================================================================
MP(M) 1 1 0 N/A 26% 29% 25% 37% 2048 704 65.584%
--------------------------------------------------------------------------------
MP(S) 2 1 0 N/A 12% 12% 12% 17% 2048 918 55.171%
--------------------------------------------------------------------------------
MP(W) 3 1 0 N/A 15% 15% 15% 17% 2048 918 60.251%
--------------------------------------------------------------------------------
---------------------------------------------------------------------------
S1#show interface brief

Interface Portattribute Mode BW(Mbps) Admin Phy Prot Description
gei-1/1/1/1 electric Duplex/full 1000 down down down
2-31

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

xlgeis-1/1/3/1 electric Duplex/full 40000 up up up
xlgeis-1/1/3/2 electric Duplex/full 40000 up down down
2-32

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

View the basic VSC information.
S1#show vsc information

Vsc domain : 10
Master MP : 1
Slave MP : 2
Vsc setup time : 2010/01/01-0:41:3
Vsc running time : 0d/0h/35m/5
View the status of VSC links.

S1#show vsc link
2-33

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2-34

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 3
Network Management
Table of Contents
SNMP Configuration...................................................................................................3-1
NetFlow Configuration ..............................................................................................3-13
SFlow Configuration .................................................................................................3-28
SysLog Configuration ...............................................................................................3-33
Port Mirroring Configuration......................................................................................3-35
Alarm Module ...........................................................................................................3-40
Performance Management Module...........................................................................3-46
Time Range Module Configuration ...........................................................................3-49
3.1 SNMP Configuration

3.1.1 SNMP Overview
Simple Network Management Protocol (SNMP) is the most popular Network Management
System (NMS) protocol. SNMP module locates at the highest layer in the router system,
which belongs to the Transfer Control Protocol/Internet Protocol (TCP/IP) stack application
layer. Administrators use SNMP to as a main way to operate, control and maintain devices.
To manage the network, users use NMS software to send and receive SNMP packets in
the SNMP modules (agent) between the managed network elements and the management
station.
The basic principle of SNMP network management is: allocate a unique ID (that is, the OID)
to the objects to be managed in switch respectively. The allocation of OID is determined in
a unified way by Request For Comments (RFC). When users need to read or modify the
value of an object, it sends the object OID and operation type (read or write) as a SNMP
request packet to switch. SNMP agent locating at switch finds the detailed object data
according to the OID, performs the corresponding operation and then sends the result as
SNMP response packet to users.
Network management station realizes the communication by exchanging SNMP packets.

To ensure the simplicity of SNMP protocol, User Datagram Protocol (UDP) is used to
be the transmission protocol. Considering the extensibility of SNMP protocol, other
transmission protocols also can be used. However, UDP is still the recommended
protocol. Transmission protocol should use UDP as much as possible, if possible. Each
SNMP packet must be able to be transmitted in every UDP packet.
3-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.1.2 Configuring SNMP

To configure SNMP on the ZXR10 5900E, perform the following steps.
1 ZXR10(config)#snmp-server access-list Uses the configured ACL to control hosts

{ipv4|ipv6}<acl-name > to access the SNMP system.
ZXR10(config)#no snmp-server access-list Cancels ACL control.

{ipv4|ipv6}
2 ZXR10(config)#snmp-server community Configures an SNMP packet community.

<community-name>[view <view-name>][ro | rw][{[i
pv4-access-list<acl-name>][ipv6-access-list
<acl-name>]}]
ZXR10(config)#no snmp-sever community Deletes an SNMP packet community.

<community-name>
3 ZXR10(config)#snmp-server context <context> Defines an SNMP context name.

<context>: 1-30 characters.
ZXR10(config)#no snmp-server context Deletes the SNMP context.

<context>
4 ZXR10(config)#snmp-server enable inform Enables the agent to send notifications

[<inform-type>] and specifies the type of notifications.
The notification type can be one of the
following:
l BGP
l OSPF
l RMON
l SNMP
l stalarm
l VPN
l FTP-TFTP
l CONFIG
ZXR10(config)#no snmp-server enable inform Disables the agent to send notifications.

[<inform-type>]
5 ZXR10(config)#snmp-server enable trap Enables the agent to send traps and sets
[<trap-type>] the type of traps.
The trap type can be one of the following:
l BGP
l OSPF
l RMON
l SNMP
l stalarm
l VPN
l FTP-TFTP
3-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 3 Network Management c u -tr a c k
l CONFIG
ZXR10(config)#no snmp-server enable trap Disables the agent to send traps.

[<trap-type>]
6 ZXR10(config)#snmp-server input-limit Sets the frequency (packet per second)

<limit-para> at which the SNMP server processes
packets, range: 100 to 1000, default:
200.
ZXR10(config)#no snmp-server input-limit Recover the default frequency (packet

per second) at which the SNMP server
processes packets.
7 ZXR10(config)#snmp-server engine-id Specifies the SNMP local engine ID.

<engineid> The SNMP engine, which is the core part
of an SNMP entity, sends, receives and
validates SNMP messages, extracts PDU
assembly message, and communicates
SNMP application programs.
The local engine ID is 1 to 24
characters long. The default setting is
830900020300010289d64401, which
must be written in hex format.
ZXR10(config)#no snmp-server engine-id Deletes the local engine ID of the SNMP

server.
8 ZXR10(config)#snmp-server group Configures a new SNMP group (that is,

<groupname> v3 {auth | noauth|priv}[context mapping SNMP users to an SNMP view).
<context-name>|{ match-prefix | match-exact
}][read <readview>][write <writeview>][notify
<notifyview>]
ZXR10(config)#no snmp-server group Deletes the SNMP group.

<groupname> v3 {auth | noauth | priv}[context<c
ontext-name>]
9 ZXR10(config)#snmp-server host Configures the destination for receiving

[ vrf <vpnname>]{<ipv6addr>|<ipv SNMP notifications. The snmp-server
4addr>}{{trap|inform}} version {1|2c|3 host command should be used along with
{noauth|auth|priv}}<communitystring>[udp-port the snmp-server enable command.
<udpport>][{[snmp],[bgp],[mac],[ospf],[stp],[pp
p],[arp],[rmon],[udld],[cfm],[efm],[lacp],[mc-ela
m],[tcp],[sctp],[stalarm],[cps],[interface],[acl],[fi
b],[pim],[isis],[rip],[msdp],[aps],[config],[am],[u
m],[system],[ldp],[pwe3],[vpn],[mpls-oam],[ptp],[t
unnel-te],[radius],[dhcp],[bfd],[ippool],[ntp],[ss
3-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
m],[sqa],[ipsec],[cgn],[vrrp],[ftp_tftp],[ping-trac
e],[gm]}]
ZXR10(config)#no snmp-server host [ vrf Disables the host to receive SNMP

<vpnname>]{<ipv6addr>|<ipv4addr>}{{[trap | notifications.
inform]}<communitystring>
10 ZXR10(config)#snmp-server packetsize Sets the maximum length (in bytes) of

<pkt-size> SNMP packets, range: 484 to 8192.
ZXR10(config)#no snmp-server packetsize Cancels the maximum length of SNMP

packets.
11 ZXR10(config)#snmp-server trap-source Configures the source IP address of all

<trapsrc-ipadr> traps.
ZXR10(config)#no snmp-server trap-source Cancels the source IP address of traps.
12 ZXR10(config)#snmp-server user Configures an SNMPv3 user.

<username><groupname> v3 {encrypted
auth {md5 | sha}<auth-key>[priv des56 <priva
cy-key>]|[auth{md5|sha}|<auth-password>|[priv
des56|<privacy-password>]]]
ZXR10(config)#no snmp-server user Cancels the configured SNMPv3 user.

<username>
13 ZXR10(config)#snmp-server view Defines an SNMP view.

<view-name><subtree-id>{included | excluded}
ZXR10(config)#no snmp-server view Cancels the configured SNMP view.

<view-name>[<subtree-id>]
14 ZXR10(config)#snmp-server security block <B Enables the security function. The SNMP
lock-Second><Detect-Try><Detect-Second>[when security function is disabled by default.
<Startup-Try>|< Startup-Second>]
ZXR10(config)#no snmp-server security block Disables the configured security function.
15 ZXR10(config)#snmp-server security Sets the aging time (in seconds) of a

dynamic-trust-user idle-timeout <Idle-Timeout> dynamic trust user, range: 1-65535,
default: 1800.
ZXR10(config)#no snmp-server security Restores the default aging time of the

dynamic-trust-user idle-timeout dynamic trust user.
16 ZXR10(config)#snmp-server security dynamic-t Deletes a dynamic trust user manually.

rust-user clear {<ipv4-addr>|<ipv6-addr>}
3-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
17 ZXR10(config)#snmp-server security on-failure Generates a log and sends a trap when

log [and <trap>] a failure occurs in the community string
attempting to communicate with the
ZXR10(config)#no snmp-server security
server.
on-failure
To disable the function, use the no form
of this command.
18 ZXR10(config)#snmp-server security Configures a static trust user manually.

static-trust-user {<ipv4-addr>|<ipv6-addr>}
ZXR10(config)#no snmp-server security Deletes the configured static trust user.

static-trust-user {{<ipv4-addr>|<ipv6-addr>}|all}
19 ZXR10(config)#snmp-server version {v1 | v2c | Enables SNMP v1, v2c or v3.

v3} enable By default, SNMP v1, v2c and v3 are
disabled.
ZXR10(config)#no snmp version {v1 | v2c | v3} Disables SNMP v1, v2c or v3.
<community-name> Name of the community string, range: 1-32 characters.
view <view-name> View name of the community string, range: 1-32 characters.
ro | rw If ro is specified, the MIB object can be read only. If rw is

specified, the MIB object can be read and written.
acl-name Name of the IPv4/IPv6 ACL.
<groupname> Group name, range: 1-32 characters.
v3 Specifies that the group is used for v3.
auth Packets are authenticated only.
noauth Packets are not authenticated and encrypted.
priv Packets are authenticated and encrypted.
context Specifies a context for the group.
match-prefix The context matching mode is prefix mode.
match-exact The context matching mode is exact mode.
read <readview> Defines a read view. The length is 1 to 32 characters.
write <writeview> Defines a write view. The length is 1 to 32 characters.
notify <notifyview> Defines a notify view. The length is 1 to 32 characters.
3-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
vrf <vpnname> VRF name, range: 1-32 characters.
<ipv4addr>|<ipv6addr> IPv4/IPv6 address of the host.
trap Sends traps to the host.
inform Sends notifications to the host.
version SNMP version.
1 SNMP version number.
2c SNMP version number.
3 SNMP version number.
auth Enables authentication on the packets to be sent.
noauth Disables authentication on the packets to be sent.
priv Encrypts the packets to be sent
<communitystring> Community string name or SNMPv3 user name, range: 1

to 32 characters.
udp-port <udpport> UDP port number for sending traps, range: 1-65535.
BGP, OSPF, RMON, SNMP, Trap or notification type.

STALARM, VPN, and so on
<username> SNMP user name, range: 1-32 characters.
<groupname> Name of the group associated with the user, range: 1-32
characters.
v3 The user is for SNMPv3.
encrypted The password to be entered is encrypted. This parameter,

however, is not recommended unless necessary.
auth The user has the authentication permission.
md5 Uses HMAC-MD5-96 as the authentication mode.
sha Uses HMAC-SHA-96 as the authentication mode.
<auth-password> Authentication password (or authentication key), range: 1-32

characters.
priv The user has the encryption permission.
des56 Uses CBC-DES as the encryption mode.
<priv-password> Encrypted password, range: 1-32 characters.
3-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<view-name> View name, range: 1-32 characters.
<view-subid> Specifies the MIB subtree ID or MIB subtree node name as

the view name, range: 1-79 characters.
included | excluded Includes or excludes the subtree.
<Block-Second> Block time (the length of the idle period, in seconds), range:
1-65535.
<Detect-try> Maximum number of times that the network management

system fails to connect to the peer device in monitoring
mode, range: 1-65535.
<Detect-Second> Maximum detection time (in seconds) of the network

management system in monitoring mode, range: 1-65535.
<Startup-Try> Maximum number of times that the network management

system fails to connect to the peer device in normal mode,
range: 1-65535, default: 50.
<Startup-Second> Maximum detection time (in seconds) of the network

management system in normal mode, range: 1-65535,
default: 60.
<Idle-Timeout> Aging time (in seconds) of the dynamic trust user, range:
1-65535, default: 1800.
<ipv4addr>|<ipv6addr> IPv4/IPv6 address of the dynamic trust user.
<log> Enables the generation of logs. By default, the function is

disabled.
3-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<trap> Enables the sending of traps. By default, the function is

disabled.
<ipv4addr>|<ipv6addr> IPv4/IPv6 address of the static trust user.
all IP addresses of all static trust users.
3.1.3 Maintaining SNMP

To maintain SNMP on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show snmp Displays SNMP state attributes.
ZXR10#show snmp config Displays configurable SNMP state attributes.
ZXR10#show snmp engine-id Displays local SNMP engine IDs.
ZXR10#show snmp group Displays the information of SNMP groups.
ZXR10#show snmp security Displays the configuration related to SNMP

security.
ZXR10#show snmp security failures Displays the IP addresses that errored

communities attempt to log in to and number of
attempts in SNMP detection mode.
ZXR10#show snmp security trust-users Displays the dynamic trust users learnt by SNMP
and configured static trust users.
ZXR10#show snmp user Displays the information of SNMP users.
The following is sample output from the show snmp command:
ZXR10#show snmp
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
3-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
0 Too big errors (Maximum packet size 8192)

0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs SNMP
SNMP packets input SNMP input packet.
Bad SNMP version errors SNMP version error.
Unknown community name Unknown community name.
Illegal operation for community name Illegal community name.

supplied
Number of requested variables Number of requested variables returned.
Number of altered variables Number of alarm variables.
Get-request PDUs Number of times that get packets are sent.
Get-next PDUs Number of times that get-next packets are sent.
Set-request PDUs Number of times that set packets are sent.
SNMP packets output Number of bytes in SNMP packets.
Too big errors An error is reported when the number of bytes in the packet
to be sent exceeds the packetsize value.
Maximum packet size 8192 The maximum size of a packet is 8192.
No such name errors Number of errors due to the user having no permissions to
access the system.
Bad values errors Invalid operation, and wrong parameters are set.
General errors General errors.
Response PDUs Number of times that response packets are sent.
Trap PDUs SNMP Number of times that traps packets are sent.
The following is sample output from the show snmp config command:
ZXR10#show snmp config

snmp-server community encrypted d6ddeaa4dab74523b246fe346c94c31ae58b79ad47763964
38ea1e9bb01a9ef3 view AllView ro
snmp-server community encrypted 18dc5c0ac9ddc78ad8466907ed57a25f2b968fadbcbebe9b
024814893ae08adc view DefaultView ro
snmp-server engine-id is 830900020300010289d64401
snmp-server packetsize is 8192
snmp-server view AllView internet included
3-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
snmp-server view DefaultView system included

snmp-server security dynamic-trust-user idle-timeout 1800
snmp-server listen-port is 161
snmp-server input-limit 200
ZXR10(config)#
community encrypted Community encrypted.
engine-id Engine ID.
packetsize The size of SNMP packer.
AllView View name, range: 1–32 characters.
dynamic-trust-user Dynamic trust-user.
idle-timeout 1800 Sets the idle timeout (in seconds) to 1800.
listen-port Listen port.
input-limit 200 Sets the frequency (packet per second) at which the SNMP
server processes packets, range: 100 to 1000, default: 200.
The following is sample output from the show snmp engine-id command:
ZXR10#show snmp engine-id
the engine-id:830900020300010289d64401
engine-id Engine ID.
The following is sample output from the show snmp group command:
ZXR10#show snmp group
groupName :a
sec_Model :v3
sec_Level :AUTH
readView :DefaultView
writeView :<no writeView specified>
notifyView:AllView
rowStatus :ACTIVE
contextName :a
contextMatch :match-exact
groupname Group name
3-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
sec_Level Security level
readView Read-view level
writeView Write-view level
notifyView Notify-view level
rowStatus Status of the current row
contextName Context name
contextMatch Context matching mode
The following is sample output from the show snmp security command:
ZXR10#show snmp security
Access list about ipv4 has been configured.
No access list about ipv6 has been configured.
No static trust-user has been configured.
No dynamic trust-user has been learned.
The max idle timeout of dynamic trust-user is 65535.
All failed requests are logged.
Router is enable to watch for Attacks.
If more than 1 request failures occur in 65535 seconds or less,requests will be
disabled for 65535 seconds.
Router presently in Quiet-Mode, will remain in Quiet-Mode for 65530 seconds.
Denying requests from all sources, except from trust-user
The following is sample output from the show snmp security failures command:
ZXR10#show snmp security failures
Information about failures with the device
Source IPAddr Count Last TimeStamp
192.168.110.11 1 14:28:49 UTC Wed Sep 8 2010
The following is sample output from the show snmp security trust-users command:
ZXR10#show snmp security trust-users
Information about trust-users's with the device
Source IPAddr Last TimeStamp max-inac tive(seconds) dynamic/static
169.1.110.11 - - static
The following is sample output from the show snmp user command:
ZXR10#show snmp user
username :zte
engine-id :830900020300010289d64401
auth_type :NONE
group_name :nanjing(v3)
encryptType:NONE
storageType:NONVOLATILE
3-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
row_status :ACTIVE
3.1.4 SNMP Configuration Example

SNMP is the most popular NM protocol. By using SNMP, people can use a NM server to
manage all network devices, see Figure 3-1.
Figure 3-1 SNMP Configuration Example Topology
Configuration Thought
1. Configure SNMP packet community. SNMPv1/v2c uses community authentication
mode. SNMP community is named by character string. Community has access
privileges, read-only or read-write.
2. Designate view name to the configured community string. Specify the default view
to the community if the view keyword uses the default setting. Specify ro privilege to
community if uses default setting in ro | rw keyword. It is only permitted that users
perform operation in the permitted view range no matter that ro or rw is specified. The
operation range is determined by view. Use DefaultView if view parameter is omitted.
Use ro privilege if ro/rw parameter is omitted.
3. Configure trap. Configure the type of trap to be sent and the sending destination host.
Trap is a kind of message without request sent by the managed device to NMS. It is
used to report some emergent and important events. By default, all kinds of trap are
permitted to send.
4. Configure SNMP v3 group and user if SNMP v3 is used.
The configuration of router is shown below,
ZXR10(config)#snmp-server packetSize 1400
ZXR10(config)#snmp-server engine-id 830900020300010289d64401
ZXR10(config)#snmp-server community public view AllView ro
ZXR10(config)#snmp-server host 61.139.48.18 inform version 2c public
udp-port 162 snmp
ZXR10(config)#snmp-server enable trap SNMP
ZXR10(config)#snmp-server enable trap VPN
ZXR10(config)#snmp-server enable trap BGP
ZXR10(config)#snmp-server enable trap OSPF
3-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#snmp-server enable trap RMON

ZXR10(config)#snmp-server enable trap STALARM
ZXR10(config)#snmp-server enable inform SNMP
ZXR10(config)#snmp-server enable inform VPN
ZXR10(config)#snmp-server enable inform BGP
ZXR10(config)#snmp-server enable inform OSPF
ZXR10(config)#snmp-server enable inform RMON
ZXR10(config)#snmp-server enable inform STALARM
ZXR10(config)#snmp-server version v2c enable
Use the show command to check up the configuration.
ZXR10(config)#show snmp config
snmp-server packetsize 1400
snmp-server engine-id 830900020300010289d64401
snmp-server community public view AllView ro
snmp-server view AllView 1.3.6.1 included
snmp-server view DefaultView 1.3.6.1.2.1.1 included
snmp-server host 61.139.48.18 trap version 2c public udp-port 162
snmp-server host 61.139.48.18 inform version 2c public udp-port 162 snmp
snmp-server enable inform SNMP
snmp-server enable inform VPN
snmp-server enable inform BGP
snmp-server enable inform OSPF
snmp-server enable inform RMON
snmp-server enable inform STALARM
snmp-server enable trap SNMP
snmp-server enable trap VPN
snmp-server enable trap BGP
snmp-server enable trap OSPF
snmp-server enable trap RMON
snmp-server enable trap STALARM
3.2 NetFlow Configuration

3.2.1 NetFlow Overview
Introduction to NetFlow
NetFlow is a protocol used to monitor network traffic launched by Cisco. Netflow can trace
and measure each flow accurately. It brings the following applications,
l Network layout
3-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Netflow can count the information of network flow for a long time. Therefore, it can
trace and estimate the trend of network flow increasing or decreasing. Thus, add
or remove route devices or upgrade or degrade the bandwidth of route devices if
required. In this way, the network operation is more proper.
l Analyze new application
Netflow collects the network usage information of a new application protocol. By
means of information analyzing, network resource can be allocated to the new
application reasonably.
l Network monitor
Netflow has real time network monitor ability. It can locate fault by providing
information when network has fault, or it can find potential network problem.
NetFlow Principle
To provide network data collection, NetFlow performs the following task,
1. Configure NetFlow service on many interfaces on a switch to collect packets which
pass through these interfaces. To reduce system load, set a sample rate on both of
ingress and egress on the interfaces. For example, if the sample rate is 2000:1, then
sample one packet from every 2000 packets. NetFlow can sample unicast, multicast,
and MPLS packets respectively or hybridly.
2. NetFlow analyzes the sampled packet to obtain the following information,
l Packet information: For example, source / destination IP address, TOS field, and
source/ destination TCP/UDP port number.
l Route information: For example, next hop IP address.
l Other information: Packet ingress / egress interface index, and sample direction.
NetFlow takes flow as statistic object. The packets which belong to the same flow
are summarized and stored. NetFlow v5 uses octet to define the unique flow, and
NetFlow v9 permits that user defines flow by itself. For example, user can use source
and destination IP addresses to define a flow, then all the packets which have the
source and destination addresses are defined as a flow. People call the octet (source
and destination IP addresses) as key field. User also can configure non-key field to
obtain other information of the flow, such as packet number, bytes and next hop IP
address.
3. Netflow has buffer. The sampled packets are stored at buffer at first. The size of
every flow is the sum of all key fields and non-key fields. After a packet is analyzed,
find whether the flow already exists according to its key filed. If it already exists, then
update the flow's non-key field. If it does not exist, add the new flow into buffer. When
the flow stored at buffer satisfies the following conditions, it will be sent to remote
server.
l Send all flow to server when buffer is full.
l A flow is inactive if there is no packet belongs to the flow in a given time. Send
the flow to server. The given time is called active aging time. It can be configured
by user.
3-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
l For a long term active flow, the statistic information is sent to server once in a
while. The interval is called inactive aging time. It can be configured by user.
4. At present, ZXR10 5900E supports to send NetFlow v5, NetFlow v8 and NetFlow v9
packets to server. Since the format of NetFlow v5 is fixed, Netflow v5 only output the
fixed field flow information. NetFlow v9 supports user to customize key field or non-key
field. The NetFlow v9 packet is based on module. The module includes user-defined
key field and non-key field, and every module has a unique module ID. NetFlow sends
module to server circularly. When a server receives the NetFlow v9 packet including
flow information, it will find the corresponding module according to the contained mod-
ule ID.
5. On NetFlow server, the received flow information is usually stored at database, and
NetFlow analysis software can analyze the entity data.
3.2.2 Configuring NetFlow

Configuring NetFlow Output
To configure NetFlow output, perform the following steps.
1 ZXR10(config)#flow exporter <name> This creates a flow exporter

policy called name. There are
a maximum of 200 different
flow exporter policies.
2 ZXR10(config-flow-exporter)#destination [vrf This configures IP address of

<name>]<ip-address> NetFlow server.
3 ZXR10(config-flow-exporter)#export-protocol This sets the format of NetFlow

{netflow-v5 | netflow-v8|netflow-v9} output packets.
The format can be NetFlow v5,
v8 or v9. The default format is
v9.
When the format is set to
v5, the template must be
netflow-original.
When the format is v8, the
template must be netflow ipv4
protocol-port.
4 ZXR10(config-flow-exporter)#template data {refresh This resends module according

<packets>| timeout <seconds>} to packet number or time.
5 ZXR10(config-flow-exporter)#transport udp <port> This sets NetFlow output

protocol as UDP and the used
port number, the default value
is 2055
3-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
refresh <packets> Resend the module according to the number of output netflow
packets. The default value is 20, and the range is 1 to 600.
timeout <seconds> Resend the module according to time. Unit: second. The
default value is 600, and the range is 1 to 86400.
Configuring NetFlow Template

To configure NetFlow template, perform the following steps.
1 ZXR10(config)#flow record<name> This creates a flow record

policy called name. There are
a maximum of 100 different
flow record policies.
2 ZXR10(config-flow-record)#match flow {direction | This sets flow direction or

sample-rate} sample rate as key field.
3 ZXR10(config-flow-record)#match interface {input | This sets ingress or egress

output} index as key field.
4 ZXR10(config-flow-record)#match ipv4 {destination This sets IPv4-related

address [mask | prefix minimum-mask <len>]| protocol | information as key field.
source address [mask | prefix [minimum-mask <len>]]|
tos | version}
5 ZXR10(config-flow-record)#match routing This sets the related route

{vrfid{input|output}} information as key field.
6 ZXR10(config-flow-record)#match transport This sets information related

{destination-port | source-port | tcp flags} to the transport layer as key
fields.
7 ZXR10(config-flow-record)#collect counter {bytes This sets flow packets number

[long]| packets [long]} and bytes as non-key field.
8 ZXR10(config-flow-record)#collect flow {direction | This sets flow direction or

sample-rate} sample rate as non-key field.
9 ZXR10(config-flow-record)#collect interface {input | This sets ingress index or

output} egress index as non-key field.
10 ZXR10(config-flow-record)#collect ipv4 {destination This sets IPv4-related

address [mask | prefix [minimum-mask <len>]]| protocol information as non-key field.
| source address [mask | prefix [minimum-mask <len>]]|
tos | version}
11 ZXR10(config-flow-record)#collect routing This sets route-related

{vrfid{input|output}} information as non-key field.
3-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
12 ZXR10(config-flow-record)#collect timestamp This sets the first or the last

sys-uptime {first | last} switching time of flow as
non-key field.
13 ZXR10(config-flow-record)#collect transport This sets information related

{destination-port | source-port | tcp flags} to the transport layer to be
non-key fields.
destination address Set destination IP address as collective field
destination address mask Set subnetwork mask of destination IP address as collective

field
destination address prefix Specify destination IP address with a length as collective

minimum-mask <len> field, the len ranges 1 from 32
protocol Set protocol field of IPv4 packet header as collective field
source address Set source IP address as collective field
source address mask Set subnetwork mask of destination IP address as collective

field
source address prefix minimum-mask Specify destination IP address with a length as collective
<len> field, the len ranges 1 from 32
tos Set the tos field as the one to be collected.
version Set the version field of the IP packet header as the one to
be collected.
vrfid Set the VRF ID as the field to be collected.
destination-port Set TCP/UDP destination port number as collective field
source-port Set TCP/UDP source port number as collective field
tcp flags Set TCP flags as collective field (This field is not supported
at present)
3-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
bytes Set flow bytes as collective field. 4 bytes
bytes long Set flow bytes as collective field. 8 bytes
packets Set flow packet number as collective field. 4 bytes
packets long Set flow packet number as collective field. 8 bytes.
first Set the system power up time when flow arrives at cache at
the first time as the collective field. The unit is ms.
last Set the system power up time when flow arrives at cache at
the last time as the collective field. The unit is ms.
The descriptions of the parameters used by step 10, 12, and 14 are the same as that of
the parameters used by step 4, 5, and 6.
Configuring NetFlow Sampling

To configure NetFlow sampling, perform the following steps.
1 ZXR10(config)#sampler <name> This creates a sampler policy

called name. There are 200
different sampler policies.
2 ZXR10(config-sampler)#mode {deterministic } 1-out-of This sets sampling mode and

<rate> sampling rate.
deterministic Use deterministic sampling. That is, if the sampling rate is N,

then sample one packet from every N packets.
<rate> Sampling rate, in the range of 1000 to 8191.
Configuring NetFlow Monitor Policy

To configure NetFlow monitor policy, perform the following steps.
1 ZXR10(config)#flow monitor <name> This creates a flow monitor

policy called name. There
are 60 different flow monitor
policies.
3-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config-monitor)#cache {entries <num>| timeout This sets cache information.

{active | inactive}<seconds>| type normal}
3 ZXR10(config-monitor)#exporter <name> This associates flow exporter

policy.
4 ZXR10(config-monitor)#record {<name>|netflow ipv4 This sets the module to be

protocol-port | netflow-original} used.
entries <num> Set the size of buffer is num. The num represents that the
number of flow which can be stored at the buffer. The range
is 16 to 8192, and the default value is 4096.
timeout<seconds> Set active aging time. The unit is second, the range is 600 to
604800, and the default value is 1800.
timeoutinactive<seconds> Set inactive aging time. The unit is second, the range is 600
to 604800, and the default value is 1800.
type normal Set the mode to send cache to normal mode (that is, sending
data according to the values of cache timeout active and
inactive).
Description of the parameters in Step 3:
exporter <name> Associates a pre-set flow exporter policy. That is, the flow
monitor policy uses the flow exporter policy to output netflow
packets. If the flow exporter policy uses v5 output format,
the module used by the flow monitor has to be the pre-set
netflow-original
record <name> Use a pre-set flow record policy as module
record netflow-original Define v5 module in advance, the key field and non-key field
to be used have to be consistent with that of netflow v5.
netflow ipv4 protocol-port v8 module.
Configuring NetFlow Interface

To configure NetFlow interface, perform the following steps.
3-19

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config)#interface <interface-name> This enters interface

configuration mode.
2 ZXR10(config-if)#ip flow monitor <name>[sampler This configures IP packets

<name>][unicast | multicast]{input | output} sampling on interface.
ip flow monitor <name> Applies a pre-set netflow monitor policy on interface. The
configuration related to the monitor policy and cache size
cannot be modified after the pre-sent netflow monitor policy is
applied. To modify the configuration, the flow monitor policy
has to be deleted first. The following items can be modified,
flow active and inactive aging time, output policy.
sampler <name> Applies a pre-set sampling policy. By default, use random

sampling and 1000:1 sampling rate if the sampling policy is
not used. The sampling policy cannot be modified after it
is applied on interface.
unicast | multicast Set sampling packet type. The unicast means that sample
unicast packets, the multicast means that sample multicast
packets.
input Sample ingress packets
output Sample egress packets
3.2.3 Maintaining NetFlow

To maintain NetFlow on ZXR10 5900E, use the following command.
Command Function
ZXR10#show ip flow exporter [<name>] This shows flow exporter policy

information.
ZXR10#show ip flow interface [<name>] This shows interface configuration.
ZXR10#show ip flow monitor [<name>] This shows flow monitor policy

information.
ZXR10#show ip flow record [<name>| netflow-original] This shows flow record policy
information.
ZXR10#show ip flow sampler [<name>] This shows sampler policy

information.
3-20

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
In all the outputs of the following commands, if the configurations are not the default
configurations, the configurations will be displayed. The default configurations are
displayed by beginning with the # mark.
This example shows what will be displayed after show ip flow exporter [<name>] is used.
ZXR10(config)#show ip flow exporter
flow exporter v5
transport udp 9995
export-protocol netflow-v5
#template data timeout 600
$
flow exporter v9
transport udp 9995
#export-protocol netflow-v9
#template data refresh 1
$
ZXR10(config)#show ip flow exporter v5
flow exporter v5
transport udp 9995
#template data timeout 600
$
transport udp 9995 The UDP port which receives netflow packet on server is
No.9995.
export-protocol netflow-v5 Output protocol is netflow v5
#template data timeout 600 The default retransmission time interval is 600 seconds
template data refresh 60 The module is retransmitted once when the flow exporter
outputs every 60 netflow packets.
This example shows what will be displayed after show ip flow interface [<interface-name>]
is used.
ZXR10(config)#show ip flow interface
interface gei-0/1/1/1
ip flow monitor src_and_dst_addr input
ip flow monitor test sampler determin_2000 unicast output
$
ZXR10(config)#show ip flow interface gei-0/1/1/1

ip flow monitor src_and_dst_addr input
ip flow monitor test sampler determin_2000 unicast output
3-21

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
interface gei-0/1/1/1 Configure netflow service on the interface gei_0/1/1/1
ip flow monitor src_and_dst_addr Sample ingress IPv4 packets, the used flow monitor policy is
input src_and_dst_addr, and the default sampling rate is 1000:1,
random sampling. By default, sample unicast and multicast
packets.
ip flow monitor test sampler Sample egress IPv4 unicast packets, the used flow monitor
determin_2000 unicast output policy is test, the sampler policy used is determin_2000.
This example describes what will be displayed after show ip flow monitor [<name>] is used.
ZXR10(config)#show ip flow monitor
flow monitor test
#cache entries 4096
cache timeout active 6000
#cache timeout inactive 1800
#cache timeout update 1800
#cache type normal
record netflow-original
exporter v5
$
flow monitor src_and_dst_addr
cache entries 1024
#cache timeout active 1800
#cache type normal
record src_and_dst_addr
exporter v9
$
ZXR10(config)#show ip flow monitor test
flow monitor test
#cache entries 4096
#cache type normal
exporter v5
$
3-22

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
#cache entries 4096 The cache size used by flow monitor is 4096
cache timeout active 6000 The active aging time is 6000s
#cache timeout inactive 1800 The inactive aging time is 1800s
record netflow-original Use pre-set module netflow-original
record src_and_dst_addr Use self-defined src_and_dst_addr
exporter v5 Use self-defined flow exporter policy v5
This example shows what will be displayed after show ip flow record [<name>| netflow-ori
gnial] is used.
ZXR10(config)#show ip flow record
flow record src_and_dst_addr
match ipv4 source address
match ipv4 destination address
collect flow direction
collect flow sampler
collect interface input
collect interface output
collect counter bytes
collect counter packets
$
flow record src_and_dst_port
match transport destination-port
match transport source-port
collect counter bytes long
$
ZXR10(config)#show ip flow record src_and_dst_addr

flow record src_and_dst_addr
collect flow direction
collect flow sampler
collect interface input
collect interface output
$
ZXR10(config)#show ip flow record netflow-original

3-23

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

match ipv4 protocol
match ipv4 tos
match interface input
match interface output
collect timestamp sys-uptime last
collect timestamp sys-uptime first
collect routing next-hop-address ipv4
collect ipv4 source address mask
collect ipv4 destination address mask
collect routing source as
collect routing destination as
collect transport tcp flags
In the command of show ip flow record [<name>| netflow-orignial], matchrepresents

key string, collectrepresents non-key string, please see the related NetFlow Module
configuration topics to the description of string.
This example shows what will be displayed after show ip flow sampler [<name>] is used.
ZXR10(config)#show ip flow sampler

sampler determin_2000
mode derterministic 1-out-of 2000
$
ZXR10(config)#show ip flow sampler determin_2000
sampler determin_2000
mode derterministic 1-out-of 2000
$
mode derterministic 1-out-of 2000 Use deterministic sampling, the sampling rate is 2000
3.2.4 NetFlow Configuration Examples

NetFlow V5 Configuration Example
l Configuration Description
As shown in Figure 3-2, configure NetFlow on ZXR10, connect server to the ZXR10,
and configure IP address to send the collected NetFlow packets to server.
3-24

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-2 NetFlow V5 Configuration Example
l Configuration Thought
1. Configure flow exporter output, including server IP address, port number and pro-
tocol type.
2. Configure sampler sampling rate and sampling mode.
3. Configure the size of flow monitor cache, active overtime value and inactive
overtime value, bind the configured flow exporter to system v5 module.
4. Bind flow monitor policy to interface, configure sampling type and direction.
5. Send packets, view the received packets by traffic analyze software on server.
l Configuration Commands
ZXR10 configuration,
ZXR10(config)#flow exporter exp
ZXR10(config-flow-exporter)#destination 169.1.109.60
ZXR10(config-flow-exporter)#transport udp 2055
ZXR10(config-flow-exporter)#export-protocol netflow-v5
ZXR10(config-flow-exporter)#exit
ZXR10(config)#sampler sam
ZXR10(config-sampler)#mode deterministic 1-out-of 1024
ZXR10(config-sampler)#exit
ZXR10(config)#flow monitor mo
ZXR10(config-flow-monitor)#cache entries 4096
ZXR10(config-flow-monitor)#exporter exp
ZXR10(config-flow-monitor)#record netflow-original
ZXR10(config-flow-monitor)#cache timeout inactive 6000
ZXR10(config-flow-monitor)#cache timeout active 1800
ZXR10(config-flow-monitor)#exit
ZXR10(config-if)#ip flow monitor mo sampler sam unicast input
ZXR10(config-if)#exit
l Configuration Verification
Check the configuration on ZXR10, as shown below.

ZXR10(config)#show running-config ipflow all
! <IPFLOW>
sampler sam
mode deterministic 1-out-of 1024
$
3-25

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
flow exporter exp

destination 169.1.109.60
transport udp 2055
template data timeout 600
template data refresh 20
$
flow monitor mo
cache entries 4096
cache timeout inactive 1800
cache type normal
exporter exp
$
ip flow monitor mo sampler sam unicast input
$
! </IPFLOW>
NetFlow V9 Configuration Example

As shown in Figure 3-3, configure NetFlow on ZXR10, connect server to the ZXR10,
and configure IP address to send the collected NetFlow packets to server.
Figure 3-3 NetFlow V9 Configuration Example
1. Configure flow exporter output, including server IP address, port number and
protocol type, module refresh time and refresh rate.
2. Configure match and collect of flow record policy.
3. Configure the size of flow monitor cache, active overtime value and inactive
overtime value, bind the configured flow exporter policy and flow record policy.
4. Configure sampler sampling rate and sampling mode.
5. Bind flow monitor policy to interface, configure sampling type and direction.
6. Send packets, view the received packets by traffic analyze software on server.
ZXR10(config)#flow exporter exp
3-26

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-flow-exporter)#destination 169.1.109.60
ZXR10(config-flow-exporter)#transport udp 2055
ZXR10(config-flow-exporter)#export-protocol netflow-v9
ZXR10(config-flow-exporter)#template data refresh 20
ZXR10(config-flow-exporter)#template data timeout 60
ZXR10(config-flow-exporter)#exit
ZXR10(config)#sampler sam
ZXR10(config-sampler)#mode deterministic 1-out-of 1024
ZXR10(config-sampler)#exit
ZXR10(config)#flow record rec
ZXR10(config-flow-record)#match ipv4 source address
ZXR10(config-flow-record)#match ipv4 destination address
ZXR10(config-flow-record)#match transport source-port
ZXR10(config-flow-record)#match transport destination-port
ZXR10(config-flow-record)#collect counter bytes
ZXR10(config-flow-record)#collect counter packets
ZXR10(config-flow-record)#exit
ZXR10(config)#flow monitor mo
ZXR10(config-flow-monitor)#cache entries 4096
ZXR10(config-flow-monitor)#cache timeout active 6000
ZXR10(config-flow-monitor)#cache timeout inactive 1800
ZXR10(config-flow-monitor)#exporter exp
ZXR10(config-flow-monitor)#record rec
ZXR10(config-flow-monitor)#exit
ZXR10(config-if)#ip flow monitor mo sampler sam unicast input
ZXR10(config-if)#end
Check the configuration on ZXR10, as shown below.
ZXR10(config)#show running-config ipflow all

! <IPFLOW>
sampler sam
mode deterministic 1-out-of 1024
$
flow exporter exp
transport udp 2055
template data timeout 60
template data refresh 20
$
flow record rec
3-27

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

$
flow monitor mo
cache entries 4096
cache timeout inactive 1800
cache type normal
record rec
exporter exp
$
ip flow monitor mo sampler sam unicast input
$
! </IPFLOW>
3.3 SFlow Configuration

3.3.1 SFlow Overview
Introduction to SFlow
The SFlow technology is applied to switches or routers to analyze the traffic flow in a
network.
The SFlow protocol describes how SFlow samples packets in the network. To put it simply,
if an interface on a switch is configured with the SFlow service, this interface becomes a
traffic monitoring point of SFlow.
When packets are passing this interface, SFlow starts sampling them and recording the
related information. SFlow sampling falls into two types: packet sampling and interface
counter information sampling.
After obtaining the sampling information, SFlow encapsulates it into a SFlow format packet,
and then send it to the SFlow server over UDP protocol. The SFlow server is responsible
for analyzing the received packets and thus give the statistical result of the network traffic.
SFlow Principles
To collect network data, SFlow does the following:
1. Configure the SFlow service on some switch interfaces to collect the

incoming/outgoing packets of these interfaces. After an interface is dedicated for
SFlow sampling, it samples packets based on the sampling direction, sampling
3-28

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
rate (only for packet sampling), and sampling interval (only for interface counter
information sampling).
Note:
Packet sampling refers to a process of sampling packets at the specified rate and
recording the header information of sampled packets (the MAC layer information,
switching information or routing information can also be recorded). The SFlow-capable
device only supports recording the header information of the packets.
Interface counter information sampling: is to sample counter information on the

interface at a given sampling interval. The general counter information on the
interface can be recorded.
2. SFlow can send the collected packet information directly to the SFlow server. It can
also store the information temporarily, and send it to the SFlow server at a scheduled
time or when the buffer is full.
3.3.2 Configuring SFlow

Configuring SFlow Output
To configure SFlow output on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#sflow receiver <name> Creates an SFlow receiver policy.

A maximum of ten different Sflow receiver
policies can be configured.
2 ZXR10(config-sflow-receiver)#destination Sets the IP address of the SFlow server.

[vrf < vrf-name >][ipv4-address< ip-addr >]
3 ZXR10(config-sflow-receiver)#transport Sets the protocol port number of the

[udp-port<port-num>] SFlow server.
4 ZXR10(config)#sflow agent<ip-address Sets the IP address of the SFlow agent.
vrf < vrf-name > Vrf is used if the SFlow server is in a VPN. The vrf-name
parameter is 1–32 bytes in length.
ipv4-address< ip-addr > IP address of the SFlow server.
udp-port <port-num> Specifies the protocol for SFlow output is UDP and the
corresponding port number (default: 6343).
3-29

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuring a Packet Sampling Policy

To configure a packet sampling policy on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#sflow fs <name> Creates an SFlow fs policy.

A maximum of 200 different flow fs
2 ZXR10(config-sflow-fs)#sample-rate < rate > Configures the sampling rate of

the packet sampling policy, range:
128–65535, default: 400.
3 ZXR10(config-sflow-fs)#receiver < name > Configures an existing receiver policy

for the packet sampling policy.
Configuring a Policy for Sampling the Counter Information of an Interface

To configure a policy for sampling the counter information of an interface on the ZXR10
5900E, perform the following steps:
1 ZXR10(config)#sflow cp <name> Creates an SFlow cp policy.

A maximum of 200 different flow cp
2 ZXR10(config-sflow-cp)#sample-interval < Specifies the interval (in seconds) for

interval > sampling the counter information of an
interface, range: 10–400, default: 20.
3 ZXR10(config-sflow-cp)#receiver < name > Configures an existing receiver policy for

the sampling policy.
Configuring SFlow Sampling on an Interface

To configure SFlow sampling on an interface on the ZXR10 5900E, perform the following
steps:
1 ZXR10(config)#interface <interface-name> Specifies the name of the interface on

which SFlow sampling is enabled.
2 ZXR10(config-if)#sflow cp < name > Configures a policy for sampling

the counter information of the
SFlow-enabled interface.
3 ZXR10(config-if)#sflow fs < name >[{input | Configures an SFlow packet sampling

output}] policy on the SFlow-enabled interface
and the sampling direction. By
default, the direction is bi-directional.
3-30

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.3.3 Maintaining SFlow

To maintain SFlow on the ZXR10 5900E, run the following commands:
Command Function
ZXR10(config)#show sflow receiver [<name>] Displays the specified SFlow

receiver policy or all SFlow receiver
policies.
ZXR10(config)#show sflow fs [<name>] Displays the SFlow fs policy on the

specified interface or all SFlow fs
policies.
ZXR10(config)#show sflow cp [<name>] Displays the SFlow cp policy on the

specified interface or all SFlow cp
policies.
ZXR10(config)#show sflow interface [<name>] Displays the configuration(s) of the

specified interface or all interfaces.
ZXR10(config)#show sflow agent<ip-address> Displays the the IP address of the

SFlow agent.
3.3.4 SFlow Configuration Examples

On ZXR10 5900E, configure SFlow and connect the SFlow server to the switch. In addition,
configure the IP address of the server, so that the collected SFlow packets can be sent to
the server.
1. Configure the outputs of the flow receiver, including the server address, port number,
and protocol type.
2. Configure the packet sampling fs and sampling rate, and bind the receiver.
3. Configure the interface counter information sampling cp and the sampling interval, and
bind the receiver.
4. Configure both cp and fs sampling on the interface, and specify the fs sampling
direction.
5. Send packets and use the SFlow software to view the received packets on the server.
Configuration Process
The configuration on ZXR10 5900E is as follows:
ZXR10(config)#sflow receiver rtest
ZXR10(config-sflow-receiver)#destination ipv4-address 192.168.1.1
ZXR10(config-sflow-receiver)#transport udp-port 6343
3-31

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-sflow-receiver)#exit
ZXR10(config)#sflow fs ftest
ZXR10(config-sflow-fs)#sample-rate 285
ZXR10(config-sflow-fs)#receiver rtest
ZXR10(config-sflow-fs)#exit
ZXR10(config)#sflow cp ctest
ZXR10(config-sflow-cp)#sample-interval 40
ZXR10(config-sflow-cp)#receiver rtest
ZXR10(config-sflow-cp)#exit
ZXR10(config-if)#sflow fs ftest input
ZXR10(config-if)#sflow cp ctest
Verification
View the configuration result on ZXR10 5900E as follows:
ZXR10(config)#show running-config sflow
! <SFLOW>
sflow receiver rtest
$
sflow fs ftest
receiver rtest
sample-rate 285
$
sflow cp ctest
receiver rtest
sample-interval 40
$
sflow cp ctest
sflow fs ftest input
$
! </SFLOW>
3-32

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.4 SysLog Configuration

3.4.1 SYSLOG Overview
SYSLOG is a kind of log formats, which is used to record the character text to be printed.
SYSLOG is originated from UNIX operating system, and it is used to record system log.
The format of log consists of the following three parts:
l PRI: It is composed by angle brackets and numbers. The numbers represent module
ids and severity. The range of module id is 0-23. The range of severity is 1-8. 1 is the
heaviest, and 8 is the lightest.
l HEADER: It is composed by time and host name.
l MSG: It is the detailed content.
SYSLOG sends data packets to SYSLOG server by using UDP. The default port is 514
and the size of UDP packet is less than 1024 bytes.
System decides whether reports the alarm message to SYSLOG sever according to the
alarm level after SYSLOG function is enabled.
3.4.2 Configuring SYSLOG

To configure SYSLOG on ZXR10 5900E, perform the following steps.
1 ZXR10(config)#syslog level <level> At global configuration mode,

set the level of the alarm which
will be reported to SYSLOG
server. The alarm level range
is 1-8. The default value is
NOTIFICATIONS.
The alarm whose level is no
less than level will be reported
to SYSLOG Server. By default,
alarms with all levels will be
reported.
2 ZXR10(config)#syslog-server facility <facility> This configures report source

of SYSLOG message. The
default value is local0.
3 ZXR10(config)#syslog-server source [ipv4 | This configures the source

ipv6]<source-ip> address of report SYSLOG
message. It supports IPv4 and
IPv6.
3-33

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4 ZXR10(config)#syslog-server host <server-ip>[fport This configures SYSLOG

<fport>][lport <lport>]{[alarmlog],[cmdlog],[debugmsg],[se parameters including IP
rvicelog],[braslog],[natlog]} address and port number of
SYSLOG Server, port number
of client end.
<server-ip> IP address of SYSLOG server which supports IPv6, VRF

and management port
<fport> Remote port number, range is 1-65535, the default value is

514
<lport> Local port number, range is 514È[1024,65535], the default

value is 514
[alarmlog],[cmdlog],[debugmsg],[servic Log type of SYSLOG server

elog],[braslog],[natlog]
3.4.3 Maintaining Syslog

ZXR10 5900E provides the following command to maintain SYSLOG.
Command Function
ZXR10#show logging configuration This shows the configuration about

SYSLOG.
The output example of the show logging configuration command is shown as below:
ZXR10(config)#show logging configuration
syslog level DEBUGGING
syslog-server host 192.168.100.3 fport 514 lport 514 alarmlog
syslog-server facility kern
syslog-server source 192.168.100.100
3.4.4 SYSLOG Configuration Example

The function of SYSLOG is that alarm information is sent to SYSLOG server by specified
format. As shown in Figure 3-4, configure SYSLOG function on the device and then send
alarm to SYSLOG server by SYSLOG protocol.
3-34

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-4 SYSLOG Configuration Example Topology
1. Connect SYSLOG server with switch.
2. Configure SYSLOG server alarm level.
3. Configure SYSLOG type.
4. Specify SYSLOG server address.
The configuration of switch is as follows:
ZXR10(config)#syslog level WARNINGS
/*Configure alarm level of SYSLOG as WARNINGS*/
ZXR10(config)#syslog-server facility syslog
/*Configure type of SYSLOG as SYSLOG*/
ZXR10(config)#syslog-server host 1.1.1.1
/*Configure IP address of SYSLOG server*/
After configuration, use the show command to check configuration.
ZXR10(config)#show running-config | include syslog
syslog level WARNINGS
syslog-server host 1.1.1.1 fport 514 lport 514 alarmlog cmdlog debugmsg
syslog-server facility syslog
3.5 Port Mirroring Configuration

3.5.1 Port Mirroring Overview
Introduction to Port Mirroring
In many cases, it is required to monitor packets sent to or received from the network.
For example, enterprises need to implement real-time monitoring for packets sent and
received for information security purposes.
Port mirroring function applies to enterprise very well. It can monitor and manage the
enterprise network data. When network has fault, it can locate fault. However, it is difficult
that monitor all traffic on current network. Therefore, it is required that configure a switch
to forward the data of one or more ports to another port to provide network monitoring.
3-35

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Port mirroring can copy a part of or all traffic of source port to a designated mirroring port
or destination port.
Port Mirroring Principle

Port mirror function copies the data received or sent by one or more mirror source ports
to a specified mirror destination port and send the data. The data can be obtained from
mirror destination port for analyzing and diagnosing.
Port mirror is divided into three mirror modes: TX, RX and BOTH.
l TX (egress)
It only mirrors the sending traffic of an interface.
l RX (ingress)
It only mirrors the receiving traffic of an interface.
l BOTH (bidirectional)
It mirrors the bidirectional traffic of an interface.
Port mirror modules are divided into two types, normal port mirror and traffic mirror.
Configuring a session with ACL, then it will be considered as traffic mirror. Traffic mirror
collects the data packets filtered by ACL.
Traffic mirror supports applying standard and extended ACL to interface and specifying
the port direction (egress or ingress).
Port mirror modules are divided into local mirror and remote mirror.
l Local mirroring
The source and destination port belong to a router.

l Remote mirroring
The source and destination port belong to different routers respectively. The mirror
traffic can be transmitted between the different routers after encapsulating.
As shown in Figure 3-5, mirror the traffic of port 1 to port 3 on switch 1. In this way, all the
traffic of port 1 can be monitored by port 3. This is called local mirroring. If the traffic of port
1 of switch 1 is mirrored to port 3 of switch 2, this process is called remote mirroring. For
remote mirroring, router 1 and switch 2 even can belong to the different public networks.
3-36

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-5 Port Mirroring Principle
Port mirroring also provides backup tunnel for network transmission. As shown in Figure
3-5, the data transmitted by port 1 is also transmitted by port 3 at the same time. In this
way, even if port 1 has failure, the data of port 3 is available.
3.5.2 Configuring Port Mirroring

To configure port mirroring, perform the following steps.
1 ZXR10(config)#span session <session-number> This adds a port mirroring

session item.
ZXR10(config)#no span session <session-number> This deletes a port mirroring

session.
2 ZXR10(config-span-session)#default destination This adds a default destination

{interface <interface>[rspan-vlan <vlanid>][{tpid <tpid>| port to the session item.
priority <level>}]| erspan interface <interface>[{[tpid
<tpid>], [flags <enable-disable>], [ttl < ttl >], [{dscp <dscp>|
prec <prec>}]}]}
3 ZXR10(config)#span apply session <num> source This binds specified session to

interface <interface>[direction {both|rx|tx|cpu-both source port.
|cpu-rx|cpu-tx }]
ZXR10(config)#no span apply session <num> source This releases specified session
interface <interface>[direction {both|rx|tx|cpu-both to source port.
|cpu-rx|cpu-tx }]
Descriptions of the parameter in Step 1:
3-37

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<session-number> Session number, 1-12
<interface> Specify the port as destination port
<vlanid> Configure RSPAN VLAN ID, range: 1 to 4094.
<tpid> 0x8100 at present
<level> Configure a level, range: 0 to 7.
<dscp> Configure IP DSCP value, range: 0 to 63.
<prec> Configure IP precedence value, range: 0 to 7.
<tpid> Configure whether to delete the vlan ID.
< ttl > Configure the IP TTL value, range: 1 to 255.
<num> Session number, 1-12
interface Specify source port type
both Bind port mirroring direction as bidirectional
rx Bind port mirroring direction as ingress
tx Bind port mirroring direction as egress
cpu-both Bind port mirroring direction as CPU bidirectional
cpu-rx Bind port mirroring direction as CPU ingress
cpu-tx Bind port mirroring direction as CPU egress
3.5.3 Maintaining Port Mirroring

To maintain port mirroring, use the following command.
Command Function
ZXR10#show span session {all |<session-num>} This displays the contents of all or
the specified session.
This example shows how to use show span session all command.
ZXR10(config)#show span session all
Session 1
------------
3-38

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Source Port: gei-0/1/1/1 Port Status:inactive

Direction: rx
Source Port: gei-0/1/1/2 Port Status:inactive
Direction: tx
Destination Port: gre_tunnel1 Port Status:inactive
Destination Port: gei-0/1/1/1 Port Status:active
Session 2
------------
Destination Port: gre_tunnel2 Port Status:inactive
ZXR10(config)#
Source Port Bind source port number of the session
Direction Source port mirror direction: ingress / egress / bidirectional
Destination Port Mirroring destination port name on session
Port Status Port state: active means that it is available for using, and
inactive means that it is unavailable for using.
3.5.4 Port Mirroring Configuration Example

As shown in Figure 3-6, mirror the traffic passing the source port gei-0/1/1/6 on the
receiving direction, and then send it to the destination port gei-0/1/1/7. The destination
port connects to the work station with traffic analyse function.
Figure 3-6 Port Mirroring Configuration Example
3-39

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1. Connect a server to an unused port gei-0/1/1/7 on switch.
2. Configure port mirroring instance.
3. Configure the destination port of port mirroring as gei-0/1/1/7.
4. Configure the source port of port mirroring as gei-0/1/1/6 on the receiving direction.
ZXR10(config)#span session 1
ZXR10(config-span-session)#default destination interface gei-0/1/1/7
ZXR10(config-span-session)#exit
ZXR10(config)#span apply session 1 source interface gei-0/1/1/6 direction rx
Check the configuration by using the show command.
ZXR10(config)#show running-config span
! <SPAN>
span session 1
default destination interface gei-0/1/1/7
!
span apply session 1 source interface gei-0/1/1/6 direction rx
! </SPAN>
3.6 Alarm Module

3.6.1 Alarm Module Overview
Alarm module provides alarm service. Alarm module will report and record alarm message
when hardware or program runs improperly. Meanwhile, alarm module supports back-end
query alarm messages.
The messages processed by alarm module include ordinary alarm and notification.
Ordinary alarm is recoverable, and notification is only to notify the happening of some
event.
The alarm which has been reported but not recovered already is called current alarm.
The alarm which has been reported and recovered already is called history alarm. The
notification is only to notify simply that some event happens, so there is no current and
history notifications.
Alarm module residents its alarm agent process in each line card and alarm server process
in main control board. Once hardware or program runs improperly, the service applications
will report the alarm to its alarm agent. Later, alarm agents report the alarm messages to
alarm server. Alarm server records alarm messages for back-end querying.
3-40

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
According to the configuration, alarm server reports the alarm messages selectively to
log mdoule, terminal, SNMP and SYSLOG. main control board also has alarm agent to
process the alarm events occurred in itself.
3.6.2 Configuring Alarm Module

To configure alarm module on ZXR10 5900E, perform the following steps.
1 ZXR10(config)#logging on This enables alarm record

function so that alarms can
be reported to different
destinations according to their
own levels.
All alarms will be reported
to log, terminal, SNMP
and SYSLOG by default
if this command is used
but the alarm level of the
corresponding destination is
not configured.
2 ZXR10(config)#logging buffer <buffer-size> This sets the size of alarm log

buffer. The unit is kbytes, and
the default value is 200.
Use no command to restore
default configuration.
3 ZXR10(config)#logging timestamps [datetime localtime | This sets displaying time of

precisetime | uptime] alarm time. The default option
is datetime localtime.
4 ZXR10(config)#logging level <level> This configures the level for

saving alarm into log. The
alarm which alarm level is
higher than or equal to the
pre-set value will be saved into
log. The alarm level range is
1-8 and the default value is 7.
the default configuration.
3-41

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
5 ZXR10(config)#logging console <level> This configures the level for

displaying alarm in console
terminal. The alarm which
alarm level is higher that or
equal to the pre-set value
will be displayed in console
terminal. The level range is
1-8 and the default value is 6.
6 ZXR10(config)#logging trap-enable <level> This configures the level for

reporting alarm to SNMP by
TRAP. The alarm which alarm
level is higher that or equal
to the pre-set value will be
reported to SNMP by TRAP.
The level range is 1-8.
By default, no alarm will be
reported.
7 ZXR10(config)#logging alarmlog-interval <minute> This sets the time interval

for writing alarm record from
buffer to log file. The value
ranges from 10-30000, The
unit is minute. The default
value is 10 minutes. Use
no command to restore the
default value.
8 ZXR10(config)#logging cmdlog-interval <minute> This sets the time interval for

writing command log from
buffer to log file. The value
ranges from 2-30000, The unit
is second. The default value is
2 seconds. Use no command
to restore the default value.
9 ZXR10(config)#logging ftp <level>[ vrf <vrf-name>]<ip-ad This configures level of FTP

dress><username><password>[<filename>] to which alarm is reported,
IP address of FTP server,
username, password and
stored file name. By default,
alarm is not reported.
3-42

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
10 ZXR10(config)#logging filesavetime [interval <time1>| This configures time of FTP

everyday <time2>| week <weekday><time3>| month to which alarm is reported,
<mothday><time4>[vrf <vrf-name>]<ftp-server><username IP address of FTP server,
><password>[<filename>] username, password and file
name prefix.
11 ZXR10(config)#alarm heartbeat-period <Interval>{all | This sends alarm heartbeat

console | ftp | snmp | syslog} messages to the type
configured.
12 ZXR10(config)#alarm heartbeat-send {all | console | ftp This configures the intervals of

| snmp | syslog} sending heartbeat messages.
13 ZXR10#alarm-confirm < flowid> This recovers the alarm

according to the flow id.
14 ZXR10#writelog{[alarmlog][cmdlog][natlog][braslog][portal This saves the log from buffer

log][servicelog]} to an outside device.
[datetime localtime | precisetime | This sets display mode of time of alarm event.
uptime]
<level> The least alarm level
<vrf-name> VRF name, with the length to be 1-32 characters
<ip-address> FTP server IP address, IPv4 and IPv6 are supported.
<username> FTP server username, a string of 1-31 characters
<password> FTP server password, a string of 1-31 characters
<filename> File name saved on FTP server, a string of 1-31 characters
<time1> FTP interval time, range: 1:00:00-23:59:59
<time2> Reported FTP time everyday, range: 00:00:00-23:59:59
<weekday> Reported FTP day on some day
<time3> Reported FTP time each week, range: 00:00:00-23:59:59
<mothday> Reported FTP date each month, range: 1-31
3-43

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<time4> Reported FTP time each month, range: 00:00:00-23:59:59
<vrf-name> VRF name, a string of 1-32 characters
<ftp-server> IP address of FTP server, IPv4 and IPv6 are supported.
<username> Username of FTP server, a string of 1-31 characters
<password> Password of FTP server, a string of 1-31 characters
<filename> Prefix of filename saved on FTP server, a string of 1-31

characters
<type> The type includes All, Console, ftp, snmp and syslog.
3.6.3 Maintaining Alarm Module

To maintain alarm module on ZXR10 5900E, use the following commands.
Command Function
ZXR10#show logging alarm {[level <alarmlevel>][start-time This shows the alarm records in
<date><time>][end-time <date><time>][typeid <type>]} the alarm log buffer. The alarm
information can be filtered by
level, combination of start-time
and end-time, or typeid.
ZXR10#show logfile {[username <string>][start-time < date>< This shows the history records of
time>][end-time < date>< time>][vtyno < string>][ip-adress < configuration operation commands
ip-address>]} in the command log buffer. The
log information can be filtered by
the combination of start-time and
end-time, ipadress, user, or vtyno.
ZXR10#show logging configuration This shows the configuration

information of current alarm
module.
Level Alarm level
typeid Alarm type
start-time Alarm starting time
3-44

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
end-time Alarm ending time
start-time Alarm starting time
end-time Alarm ending time
ipadress Host IP address used by login
user Login user name
vtyno vty terminal number used by login
This example shows what is be displayed after show logging configuration command is
used.
ZXR10(config)#show logging configuration

logging on
logging level NOTIFICATIONS
logging console NOTIFICATIONS
logging trap-enable NOTIFICATIONS
logging buffer 200
logging cmdlog-interval 2880
logging timestamps datetime localtime
syslog level NOTIFICATIONS
syslog-server host mng 169.1.110.6 fport 514 lport 514 alarmlog
cmdlog debugmsg
syslog-server facility local0
logging on Alarm total switch
logging level NOTIFICATIONS Alarm level
logging console NOTIFICATIONS Alarm upsending terminal level
logging trap-enable NOTIFICATIONS Trap upsending function and its level
logging cmdlog-interval 2880 The time interval for writing commands
logging timestamps datetime The mode for displaying alarm time

localtime
3-45

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.7 Performance Management Module

3.7.1 Performance Management Module Overview
Performance management module provides the following main functions,
l It accepts the login or logout request coming from service module and collects
performance data according to the registered performance entries.
l It calculates and saves performance data according to the collection interval.
l It provides CLI configuration and request interfaces.
l It provides SNMP request interface.
Performance management module uses the agent server structure, which is composed of
PMServer, PMAgent and PMClient.
PMServer resides in R-CPU. Every daughter-card has a PMAgent, and each PMAgent
acts as an independent process. PMClient resides in every application module. The
service modules of daughter-cards interacts with each other by messages sending
between PMClient and PMAgent. In this way, application module can log in, log off or
report performance value to performance management module.
There are some applications, which use PMServer to mount CallBack function. After
register information is modified, PMServer finishes virtual register / register cancellation,
and refreshes performance values after member interface data binding to these service
types are changed.
3.7.2 Configuring the Performance Management Module

To configure the performance management module on the ZXR10 5900E, perform the
following steps:
1 ZXR10(config)#end Enters privileged configuration mode.
2 ZXR10#clear statistics interface [<interface-name>] Clears the performance value

accumulated on the specified
interface.
3 ZXR10#conf t Enters interface statistics configuration

Enter configuration commands, mode.
one per line. End with CTRL/Z.
ZXR10(config)#intf-statisticsZXR10(config-intf-
statistics)#
4 ZXR10(config-intf-statistics)#one_minute_pe Controls the one-minute peak-value

ak_value {disable|enable}{<interface-name>|default} on the specified Ethernet interface or
all interfaces.
3-46

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
5 ZXR10(config-intf-statistics)#one_minute_pe Resets the one-minute peak-value on

ak_value_clear [<interface-name>] the specified Ethernet interface or all
interfaces.
6 ZXR10(config-intf-statistics)#exit Enters global configuration mode.
7 ZXR10(config)#performance update-interval Specifies the time interval (in seconds)

<periodreport>[checkPtType] for the PMS to sample data on the
PMA, default: 10.
For a description of the parameter in Steps 2 and 6, refer to the following table:
For a description of the parameter in Step 4, refer to the following table:
default All interfaces.
<periodreport> Sampling interval.
[checkPtType] Type of the check point.
Example
The following example shows how to clear the accumulated performance values of all
interfaces:
ZXR10#clear statistics interface
The following example shows how to enable the one-minute peak-value on the gei-0/1/1/1
interface:
ZXR10(config-intf-statistics)#one_minute_peak_value_clear gei-0/1/1/1
The following example shows how to clear the one-minute peak-value on the gei-0/1/1/1
interface:
ZXR10#one_minute_peak_value_clear gei-0/1/1/1
The following example shows how to change the interval for the PMS to sample data on
the PMA to 30 seconds on sub-interfaces:
ZXR10(config)#performance update-interval 30s sub-interface
3-47

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.7.3 Maintaining the Performance Management Module

To maintain the performance management module on the ZXR10 5900E, run the following
commands:
Command Function
ZXR10#show running-config performance Displays the configuration of

the performance management
module.
ZXR10#show running-config interface-perf Displays the configuration

of the interface performance
management module.
ZXR10#show one_minute_peak_value [<interface-name>] Displays the one-minute

peak-value of the interface.
The following is sample output from the show one_minute_peak_value command:

ZXR10#show one_minute_peak_value gei-0/1/1/1
--------------------------------------------------------
Interface Name: gei-0/1/1/1
One Minute Peak Value Appear Time
In_Unicasts : 0 2011-11-30 09:36:51
In_Multicasts : 0 2011-11-30 09:36:51
In_Broadcasts : 0 2011-11-30 09:36:51
In_Errors : 0 2011-11-30 09:36:51
E_Unicasts : 0 2011-11-30 09:36:51
E_Multicasts : 0 2011-11-30 09:36:51
E_Broadcasts : 0 2011-11-30 09:36:51
E_Errors : 0 2011-11-30 09:36:51
--------------------------------------------------------
For a description of the parameters in the execute result, refer to the following table:
In_Errors Number of error messages received.
In_Unicasts Number of unicast messages received.
In_Broadcasts Number of broadcast messages received.
In_Multicasts Number of multicast messages received.
E_Errors Number of error messages sent.
E_Unicasts Number of unicast messages sent.
E_Broadcasts Number of broadcast messages sent.
E_Multicasts Number of multicast messages sent.
appear time Time when the peak value occurs.
3-48

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.7.4 Performance Management Module Configuration Example

Performance management module can modify interface count update time or set count
switch according to user requirement. As shown in Figure 3-7, flow is sent from gei-0/1/1/1
of S1 to gei-0/1/1/1 of S2.
Figure 3-7 Performance Management Configuration Example Topology Diagram
1. Check the count of interface gei-0/1/1/1. To check the new count, clear the previous
count.
2. Modify the time interval of sampling data from PMS to PMA to control count update
time interval of gei-0/1/1/1.
1. Clear gei-0/1/1/1 interface count:
ZXR10#clear statistics interface gei-0/1/1/1
2. Set count update time of physical port such as gei-0/1/1/1 as 30 seconds.
ZXR10(config)#performance update-interval 30s ethernet
Check whether the configuration is valid.
ZXR10(config)#show running-config performance
! <PERFORMANCE>
performance update-interval 30s Ethernet
! </PERFORMANC>
3.8 Time Range Module Configuration

3.8.1 Time Range Module Overview
Introduction to Time Range Module
Time range module is used to provide awakening and hypnotizing service for other
application modules. User can configure multiple time ranges. Every time range has its
own name. A time range can define multiple relative time segments and an absolute time
segment.
3-49

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Time range takes effect at the following three situations,

l Absolute time segment is configured only, and the current system time is within the
configured absolute time segment.
l Relative time segment is configured only. No matter how many relative time segments
are configured, time range is effective if the current system time meets any relative
time segment.
l Both absolute and relative time segments are configured. Time range is effective only
when the current system time meets both absolute time segment and any relative time
segment.
Application module can subscribe to some time range. When the state of subscribed time
range changes, time range module will notify the application module that the current state
of the time range is active or inactive and performs the corresponding operations.
Time Range Module Principle

Time range sub-system uses Client/Server (C/S) structure. The main functions of time
range server are Time Range configuration management, time management, state
broadcast, and data synchronization. Client is responsible for managing the register of
application modules, receiving time range state broadcast packets coming from server
and notifying the changing of time range state to applications. In order to provide time
range searching, the client also needs to maintain a table for saving all configured time
range and the states.
In time range time management, system time is taken as the reference time for setting a
timer. Time management function inspects the states of all time ranges regularly (usually,
every 5 seconds).
The states of time ranges are scanned in every 5 seconds. The state of time range changes
frequently when time range is configured, which is unfavorable to stability. Therefore, the
structure of operation and working area is used. User can modify the data in operation
area when configuring time range. After finishing the configuration, user can exit the
configuration mode and synchronize the data from operation area to working area. In
time segment calculation, only the configuration of working area is read.
Application module quotes time range name directly and obtains the current state from
client. The server notifies all time range tables and states to client at first. Later, it inspects
time range state and notifies to client regularly. The client notifies the application modules
in turn after receiving the notification. Application modules perform the corresponding
operations according to their actual requirements.
3.8.2 Configuring the Time Range Module

To configure the time range module on the ZXR10 5900E, perform the following steps:
3-50

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config)#time-range enable Enables the time range function and

initializes related data.
ZXR10(config)#time-range disenable Disables the time range function.
2 ZXR10(config)#time-range <time-range-name> Creates a time range, and enters

time range configuration mode.
ZXR10(config)#no time-range <time-range-name> Deletes the time range.
3 ZXR10(config-tr)#absolute [start <hh:mm:ss><mm-d Creates an absolute time segment

d-yyyy >][end <hh:mm:ss><mm-dd-yyyy >] rule for the time range.
ZXR10(config-tr)#no absolute Deletes the absolute time segment

rule.
4 ZXR10(config-tr)#periodic [<days-of-week>]<hh:m Configures a relative time segment

m:ss> to [<days-of-week>]<hh:mm:ss> for the time range. A time range
can have multiple relative time
segments.
ZXR10(config-tr)#no periodic [<days-of-week>]<h Deletes the relative time segment

h:mm:ss> to [<days-of-week>]<hh:mm:ss> rule.
5 ZXR10(config)#time-range disable [clear] Disables the time range function. If

the clear parameter is specified, the
time range function is disabled, and
then the non-default configuration is
cleared.
start <time-date> Specifies the start time of the absolute time segment, in
"hh:mm:ss MM DD YY" format. The minimum time is 00:00:00
01-01-2001. The number of seconds must be a multiple of 15.
end <time-date> Specifies the end time of the absolute time segment, in
"hh:mm:ss MM DD YY" format. The minimum time is
00:00:00 01-01-2001. The number of seconds should be 59
or a multiple of 15.
<hh:mm:ss> Start time or end time of the relative period, in hh:mm:ss

format. The number of seconds of the start time must be a
multiple of 15, and the number of seconds of the end time
should be 59 or a multiple of 15.
3-51

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<days-of-week> One or some days in a week, options:

l Monday
l Tuesday
l Wednesday
l Thursday
l Friday
l Saturday
l Sunday
l daily
l weekend
l weekdays
3.8.3 Maintaining the Time Range Module

To maintain the time range module on the ZXR10 5900E, run the following commands:
Command Output
ZXR10#show time-range < time-range-name> Displays the status information

about the time range.
ZXR10#show time-range Displays the status information

about all time ranges.
The following is sample output from the show time-range < time-range-name> command:
ZXR10#show time-range ta
Current time is 15:28:36 07-22-2009 Wednesday
time-range ta <inactive>
absolute start 10:05:15 07-17-2009 end 10:10:30 07-17-2009
periodic tuesday 10:04:15 to 10:05:30
periodic daily 10:05:15 to 10:06:30
Current time is 15:28:36 07-22-2009 The current system time is 15:28:36, 22th, July, 2009,
Wednesday Wednesday.
time-range ta <inactive> The current status of the ta time range is inactive.
absolute start 10:05:15 07-17-2009 The start time of the absolute time segment rule for the ta
end 10:10:30 07-17-2009 time range is 10:05:15 07-17-2009 . The end time is 10:10:30
07-17-2009.
periodic tuesday 10:04:15 to 10:05:30 The time period of the first relative time segment rule for the
ta time range is from 10:04:15 to 10:05:30 on Tuesday.
3-52

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
periodic daily 10:05:15 to 10:06:30 The time period of the second relative time segment rule for
the ta time range is from 10:04:15 to 10:06:30 during each
day.
The following is sample output from the show time-range command:

ZXR10#show time-range
Current time is 15:28:06 07-22-2009 Wednesday
time-range ta <inactive>
periodic tuesday 10:04:15 to 10:05:30
time-range tb <inactive>
periodic weekend 10:04:45 to 10:05:00
It can be seen that the current statuses of all time ranges and all associated time segment
rules are displayed.
3.8.4 Time Range Configuration Example

Time-range active time segment can be configured. The active state of time-range
itself cannot restrict user operation any. Therefore, time-range has to be bound with
the corresponding ACL. In this way, the ACL can enter active state in a specified time
segment.
For example, a company forbids that employees browse Internet webs during working time,
but the employees are permitted to browse Internet webs in free time. For such condition,
time range is required, that is, all Internet requests coming from company employees are
denied during working time and the request are accepted in free time.
As shown in Figure 3-8, PC1 sends Telnet requests to S1 through S2. S1 wants to receive
login requests coming from PC1 in a specified time segment only while denies the login
requests at other times. Therefore, create a corresponding time-range, bind the time-range
to an ACL, and bind ACL to the ingress of gei-0/1/1/3. In this way, S1 can filter Telnet
packets coming from PC1 in a specified time segment (ACL also can be bound in egress
of gei-0/1/1/2).
3-53

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-8 Time Range Configuration Example Topology
Create a time-range and bind it with ACL. Add rules to the ACL: The Telnet packets which
match IP addresses of PC1, the protocol types are TCP and port types are Telnet will be
denied in the time segment specified by time-range. Bind the ACL in ingress of gei-0/1/1/3
or egress of gei-0/1/1/2.
After the configuration above is finished, the bound ACL only takes effect in the time
segment specified by time-range. In this time segment, PC1 cannot logs in S1. However,
PC1 still can logs in S1 at other times.
1. Create a time-range. User can name the time-range by himself. Ensure that the name
length cannot be more than 31 characters.
2. Enter time-range configuration mode after time-range is created. Under time-range
configuration mode, add time segment.
3. According to the actual requirements, bind time-range to the corresponding ACL. The
ACL can take effect in the specified time segment.
The configuration of S1 is shown below.
1. Create a time-range.
S2(config)#time-range enable
/*This enables time-range function.
time-range cannot be created if time-range
function is disbaled.*/
S2(config)#time-range test
S2(config-tr)#
/*This creates a time-range and names it test.*/
2. Add time segment to the time-range
/*Absolute time segment can either take effect in or
before a specified time, or can take effect during
a specified time segment.*/
S1(config-tr)#absolute start 10:10:15 12-12-2012 end 10:10:15 12-12-2012
/* Starting at 10:10:15 on 12-12-2012 and ending at
10:10:15 on 12-12-2012.*/
3. Create ACL and bind it to the time-range.
S2(config)#ipv4-access-list test
S2(config-ipv4-acl)#rule 1 deny tcp 10.20.30.20 0.0.0.0
eq telnet 30.20.10.1 0.0.0.0 time-range test
3-54

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2(config-ipv4-acl)#rule 2 permit any

S2(config-ipv4-acl)#exit
S2(config)#ipv4-access-group interface gei-0/1/1/1 ingress test
/*The binding is successful. ACL only takes effect
in the specified time segment.*/
This shows the information of time-range, including the current system time, every
time-range name, the corresponding time segments, and the state of time-range (active
or inactive).
S1(config)#show time-range
Current time is 08:36:03 08-14-2009 Friday
time-range test <inactive>
This shows the information of a specified time-range.
S1(config)#show time-range test

Current time is 08:37:28 08-14-2009 Friday
time-range test <inactive>
3-55

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3-56

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 4
CHM System Configuration
Table of Contents
CHM Overview ...........................................................................................................4-1
Configuring CHM........................................................................................................4-2
Maintaining CHM........................................................................................................4-3
CHM Configuration Examples ....................................................................................4-5
4.1 CHM Overview

The CHM system is responsible for environment monitoring. For ZXR10 5900 series racks,
the CHM can only configure temperature alarm thresholds. For ZXR10 5900E series
racks, the CHM can provide these functions: rack environment temperature monitoring,
temperature alarm threshold setting, fan state monitoring, fan rotation speed setting, and
rack power state monitoring. The following takes ZXR10 5900E series as an example to
describe the operation principles, work flow, and configuration of the CHM system.
The CHM environment monitoring system is composed of the CHM data processing center,
IPMS environment monitoring system, and intelligent clients (including the intelligent power
client and intelligent fan client).
l CHM Data Processing Center
The CHM data processing center is responsible for receiving and handling the data
requests from users. For a show type command, the CHM data processing center
returns the environment data to the user interface. For a set command, the CHM data
processing center sends the command to the IPMC sub card for further processing
according to established protocols.
l IPMS Environment Monitoring System
The IPMC environment monitoring sub card is responsible for collecting environment
information and reporting it to the CHM data center, controlling fan operation according
to established speed adjustment policies, and sending the commands from the CHM
data center to the specific intelligent client to execute.
l Intelligent Client
Besides the basic functions (such as controlling fan rotation and power supply), an
intelligent client is also responsible for communicating with the IPMC and processing
related data inquiry requests.
4-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4.2 Configuring CHM

To configure the CHM on ZXR10 5900E, perform the following steps:
1 ZXR10(config)#environ Enters environment

configuration mode.
2 2.1 ZXR10(config-environ)#set fan <group_number> all Sets the speed of a fan,

{<speed>|auto} some fans, and all fans in the
specified rack.
2.2 ZXR10(config-environ)#set serial-number board Configures the serial number

<serialnumber>[shelf] of the target board.
2.3 ZXR10(config-environ)#set serial-number fan Configures the serial numbers

<serialnumber><group_number> of fans in the target shelf.
2.4 ZXR10(config-environ)#set serial-number power Configures the serial numbers

<power_index><serialnumber>[shelf] of power supplies in the target
shelf.
2.5 ZXR10(config-environ)#set serial-number subcard Configures the serial numbers

<subcard_index><serialnumber>[shelf] of subcards in the target shelf.
2.6 set temper-threshold {cpu|lenv|renv}<temperature><she Configures the alarm

lf> threshold for each CPU, local
temperature monitoring point,
and remote temperature
monitoring point.
2.7 ZXR10(config-environ)#set utilization-threshold Configures the maximum

{cpu|flash|memory|sd|usb}<temperature>[shelf] numbers of CPUs, Flash
devices, memory devices,
SDs, and USB devices that
can be used.
For a description of the parameters in Step 2.1, refer to the following table.
<group_number> Number of a rack group or fan group.
<speed> Speed.
<serialnumber> Serial number.
[shelf] Rack number.
4-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 4 CHM System Configuration c u -tr a c k
<power_index> Power supply ID.
<subcard_index> Serial number of a subcard.
<temperature> Temperature threshold, range: 1–127.
4.3 Maintaining CHM

To maintain the CHM on ZXR10 5900E, use the following commands:
Command Function
ZXR10#show fan Shows the detailed information about fans.
ZXR10#show temperature Shows the thresholds of temperature monitoring

points of boards in the rack.
ZXR10#show power Shows the detailed information about the power.
The following is an example of the show fan command:

ZXR10(config-environ)#show fan
Shelf 0, Fan version:V1.1, Fan serial-number:
rpm:rounds per minute
FanID Group Present Speed(rpm) status

1 1 Online 3900 Normal


4-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The outputs of the show fan command are described as follows:
FanID Indicates the fan number.
Present Indicates the on-position status.
Speed(rpm) Indicates the fan rotation speed (per minute).
Status Indicates the fan status. The options include normal status and
warning status.
The following is an exmaple of the show temperature command:

ZXR10#show temperature
RENV : Remote environment temperature(Celsius degree)
LENV : Local environment temperature(Celsius degree)
TH : Threshhold temperature(Celsius degree)
Shelf Panel RENV/TH LENV/TH

0 1 -/- 43/77
1 1 -/- 44/77
The outputs of the show temperature command are described as follows:
Shelf Rack number.
Pannel Indicates the physical slot number.
RENV/TH Indicates the remote environment temperature/remote

environment temperature threshold.
LENV/TH Indicates the local environment temperature/local environment

temperature threshold.
The following is an example of the show power command:

ZXR10(config)#show power
Total power: N/A
Power : AC/DC output power(Watt)
Shelf Index PowerID SoftwareVer Present Type Mode Power Status Serial -number
0 1 N/A N/A Online AC N/A N/A Normal

0 2 N/A N/A Online AC N/A N/A Normal
The outputs of the show power command are described as follows:
Shelf Rack number.
4-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
SoftwareVer Version number of the power software.
Present Indicates the on-position status of the power.
Type Indicates the power type. The options include DC and AC.
Mode Indicates whether the power is on. "on" indicates the power is on;
"off" indicates the power is off.
Power Indicates the output power (watt).
Status Indicates the power status. The options include normal status
and warning status.
Serial-number Serial number of the power supply.
4.4 CHM Configuration Examples

As mentioned previously, you can use the commands of the CHM system to view and set
the rotation speed of fans and temperature alarm threshold.
Using the set fan Command to Configure a Fan

The initial fan status is as shown below:
ZXR10#show fan



Run the set fan command to change the rate of fan.

1. Enter the environment configuration mode.
2. Use the set fan command to configure the related fans.
4-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3. Use the show fan command to check the configuration result.

ZXR10(config)#environ
ZXR10(config-environ)#set fan 1 all 1
Use the show fan command to check the configuration result, as shown below: Fan
No.1, No.2, No.3, and No.11 have changed their operation mode (from Auto to
Manual), and the speed is changed to 5, that is, the highest speed (about 6000 rpm).



Using the set temperature Command to Set a Temperature Threshold

In the initial rack environment, the status of each board is as shown below:
ZXR10#show temperature
RENV : Remote environment temperature(Celsius degree)
LENV : Local environment temperature(Celsius degree)
TH : Threshhold temperature(Celsius degree)
Shelf Panel RENV/TH LENV/TH

0 1 43/60 43/75
Now use the set temperature command to change the CPU temperature alarm
threshold.
1. Enter the environment configuration mode.
2. Use the set temperature to configure the related temperature.
4-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3. Use the show temperature command to check the configuration result.

ZXR10(config-environ)#set temper-threshold cpu 127
Use the show temperature command to check the configuration result. The CPU
temperature alarm threshold of the board has been set to the target value. If the
actual temperature of the CPU is higher than this value, related alarm is displayed on
the screen.
Run the set serial-number command to set the serial number of the fan or power
supply.
The initial status of the fan or power supply is as follows:
ZXR10#show fan



ZXR10(config)#(config-environ)#show power
Total power: 31
Shelf Index PowerID SoftwareVer Present Type Mode Power Status Serial
-number
0 1 N/A N/A Online AC N/A N/A Normal N/A

0 2 N/A N/A Offline N/A N/A N/A N/A N/A
Run the set serial-number command to change the serial number of the fan or power
supply.
1. Enters the environmental configuration mode.
4-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2. Run the set serial-number command to configure the fan or power supply.
3. Run the show power or show fan command to check the configuration.
Run the following commands on the ZXR10 5900E:
ZXR10(config-environ)#set serial-number fan 123456789012 1
ZXR10(config-environ)#set serial-number power 1 abc123456789 0
Run the show fan command to verify the configuration.

fan version:1.02 fan serial-number:fan-xxx
FanID Shelf Present Speed(rpm) Mode status
1 0 Online 6120 Mannul Normal
2 0 Online 6420 Mannul Normal
----------------------------------------------------
Run the show power command to verify the configuration.

ZXR10(config)#show power
Total power: 31
Shelf Index PowerID SoftwareVer Present Type Mode Power Status Serial
-number
0 1 N/A N/A Online AC N/A N/A Normal abc1

23456789
0 2 N/A N/A Offline N/A N/A N/A N/A N/A
4-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 5
MAC Configuration
Table of Contents
MAC Overview ...........................................................................................................5-1
Configuring a MAC Address ......................................................................................5-1
Maintaining MAC Addresses ......................................................................................5-6
MAC Configuration Example ......................................................................................5-8
5.1 MAC Overview

A Media Access Control (MAC) address is the hardware identity of a network device. A
switch forwards packets according to MAC addresses. To ensure correct forwarding of
packets, the MAC address must be unique.
Every switch maintains an MAC address table. When the switch receives a data frame,
it determines whether to filter it or forward the data frame to the related port of the switch
according to the MAC address table. Therefore, the MAC address table is the basis and
prerequisite for the switch to provide fast forwarding.
An MAC address table is the key to the correct forwarding of data packets. It shows the
mapping between the MAC addresses of hosts and the ports of an Ethernet switch, and
specifies the direction to the destination host. When the Ethernet switch receives a data
frame, it checks whether the destination MAC address of the data frame plus a VLAN index
matches the MAC address table to obtain an egress for the frame. If no match is found in
the MAC address table, the switch broadcasts the data frame to all the ports in the VLAN
except the receiving port.
The MAC address management module is responsible for managing MAC address tables.
It supports VPLS and source MAC learning in chips and network processors. All software
and hardware forwarding tables are generated based on MAC address tables, so the MAC
address management module is the core in the switch system, and the stability of this
module ensures the stability of other modules.
5.2 Configuring a MAC Address

To configure a MAC address on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#mac Enters MAC configuration mode.
5-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config-mac)#add permanent <mac-address> Adds a permanent MAC address.

interface < interface-name>{ all-owner-vlan | vlan<
vlan-id>}
3 ZXR10(config-mac)#delete{[mac ], [interface Deletes the MAC address.

<interface_name>],[vlan <1-4094>]}
4 ZXR10(config-mac)#aging-time <seconds> Specifies the aging time of MAC

addresses.
To restores the default setting, run
the no aging-time command.
5 ZXR10(config-mac)#filter {source | both | Configures MAC address filtering.

destination} mac vlan <1-4094>
6 ZXR10(config-mac)#learning { disable | enable | Configures MAC address learning.

disable-action {drop | forward}[interface<interface_
name>][vlan <1-4094>]
7 ZXR10(config-mac)#limit-maximum Specifies the upper limit for MAC

<num>[interface <interface-name>]|[vlan address learning.
<vlan-id>] To restores the default setting, run
the no limit-maximum command.
8 ZXR10(config-mac)#alarm-threshold < Specifies the alarm threshold (in

percentage> percent) of the capacity of a MAC
forwarding table.
To restores the default setting, run
the no alarm-threshold command.
9 ZXR10(config-mac)#to-static { interface Configures MAC address

<interface-name>| mac | enable |disable } stabilization.
10 ZXR10(config-mac)#to-permanent interface Sets MAC addresses to permanent.

<interface-name>{enable|disable}
11 ZXR10(config-mac)#auto-write { disable | enable Enables the auto-writing function and

interval <time>} configures the period (unit: minute).
Default: disable.
12 ZXR10(config-mac)#higig-learn {enable | disable } Enables or disables Higig learning.
13 ZXR10(config-mac)#limit-policy {drop | forward Configures the policy used when the

}[interface <interface-name>| vlan <vlan-id>] maximum number of MAC addresses
is exceeded.
14 ZXR10(config-mac)#learn-priority move default Sets whether to allow MAC address

{enable|disable} flapping between the interfaces
(flapping priority: default).
5-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 5 MAC Configuration c u -tr a c k
15 ZXR10(config-mac)#learn-priority move higher Sets whether to allow MAC address

(flapping priority: higher).
16 ZXR10(config-mac)#learn-priority move lower Sets whether to allow MAC address

(flapping priority: lower).
17 ZXR10(config-mac)#learn-priority move normal Sets whether to allow MAC address

(flapping priority: normal).
18 ZXR10(config-mac)#learn-priority interface Sets the MAC address flapping

<interface-name>{default|lower|normal|higher} priority of the interface.
19 ZXR10(config-mac)#safe-mode { all | interface }{ Sets the MAC address anti-flapping

enable {alarm | block}| disable } function.
20 ZXR10(config-mac)#notification {all | Enables or disables the function of

interface}{enable | disabled} regularly reporting MAC address
changes to the NM system globally
or the specific interface.
21 ZXR10(config-mac)#notification history-size<1-3 Configures the size of MAC changes

00> to be reported to the NM system.
22 ZXR10(config-mac)#notification time-interval<5 Configures the interval of report MAC

-86400> changes to the NM system.
23 ZXR10(config-mac)#forbid-learning session Configures the session that is

<1-256> mac-address forbidden to learn MAC addresses.
Use the no forbid-learning command
to remove the configuration.
24 ZXR10(config-mac)#forbid-learning-bind session Binds the session that is forbidden to

<1-256> interface <interface_name> learn MAC addresses to an interface.
Use the no forbid-learning-bind
command to remove the
configuration.
25 ZXR10(config-mac)#forbid-learning-alarm {enable Enables/disables the alarms of MAC

| disabled} address learning on the device.
permanent The MAC address is added permanently and does not age out.
Note that this parameter takes effect after the system reboots.
mac MAC address.
5-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
interface <interface-name> Interface name.
all-owner-vlan Specifies all VLANs configured for the specified interface. The
mappings between the VLANs and MAC addresses are written
into the MAC address table.
vlan <vlan-id> VLAN ID.
mac MAC address.
vlan <1-4094> VLAN ID.
<60-65535> Aging time (in seconds).
source The packets with the source MAC address being filtered.
both The packets with source and destination MAC addresses being
filtered.
destination The packets with the destination MAC address being filtered.
mac MAC address.
vlan <1-4094> VLAN ID.
enable Enables MAC address learning.
disable Disables MAC address learning.
<num> Maximum number of MAC addresses that can be learned.
5-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<precetage> Alarm threshold (in percent).
mac MAC address.
enable Stabilizes the MAC address. If no port is specified, all MAC

addresses are stabilized globally.
disable Destabilizes the MAC address. If no port is specified, all MAC

addresses are destabilized globally.
enable Enables Higig learn.
disable Disables Higig learn.
drop Discards packets.
forward Forwards packets.
enable Enables MAC address flapping between interfaces with the same
priority.
disable Disables MAC address flapping between interfaces with the same
priority.
priority.
priority.
5-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
priority.
priority.
priority.
priority.
interface<interface-name> Interface name.
default Default priority.
lower Lower priority.
normal Common priority.
higher Higher priority.
alarm After the MAC address anti-flapping function is enabled, MAC

address flapping is disallowed, and an alarm indicating that MAC
address flapping is disallowed is generated.
block After the MAC address anti-flapping function is enabled, if a MAC

address is not learned on a port, packets cannot be forwarded.
5.3 Maintaining MAC Addresses

To maintain MAC addresses on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show mac table [{[{ dynamic | static | permanent Displays MAC addresses.
| src-filter | dst-filter | to-static| to-permanent}],[mac],[
interface] , [vlan <1-4094>]}]
5-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#show mac aging-time Displays the aging time of MAC addresses.
ZXR10#show mac learning[interface <interface-name>] Displays whether to learn MAC addresses.
ZXR10#show mac limit-maximum {interface Displays the maximum number of MAC

<interface-name>|vlan<vlan-id>} addresses that can be learned.
ZXR10#show mac higig-learn Displays the MAC higig learning mode.
ZXR10#show running-config mac Displays all MAC configuration information.
ZXR10#show mac port-information interface Displays the MAC status information of the
<interface-name> interface.
ZXR10#show mac count {mac-day | mac-hour| mac-max} Displays the historical peak of the number
of learned MAC addresses, as well as
related time and period-based statistics.
ZXR10#clear max-number Clears the MAC address peak statistics.
ZXR10#show mac flow vpls <vpls-name> Displays the actions taken when the
maximum number of MAC addresses is
exceeded in the VPLS instance.
ZXR10#show mac vpls summary Displays the MAC address statistics of all
VPLS instances.
ZXR10(config-mac)#show mac forbid-learning Displays the setting whether MAC address

learning is forbidden.
The following is sample output from the show mac table command:
ZXR10#show mac table

Total MAC address : 1
Flags: Src--Source filter, Dst--Destination filter

From:0,driver;1,config;2,VPN;3,802.1X;4,micro;5,DHCP;
6,PBT;7,EVB;8,OTV;9,TRILL;10,ESADI,
Time--Day:Hour:Min:Sec
MAC VLAN Outgoing Information Attribute From Time

-----------------------------------------------------------------------------
00e0.d122.1000 111 gei-0/1/1/1 Dynamic 0 02:17:23:13
The following is sample output from the show mac aging-time command:
ZXR10(config-mac)#show mac aging-time
MAC global aging time is 200 seconds.
The following is sample output from the show mac learning command:
ZXR10(config-mac)#show mac learning interface gei-0/1/1/1
MAC interface gei-0/1/1/1 learning is enable.
5-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-mac)#
The following is sample output from the show mac limit-maximum command:
ZXR10(config-mac)#show mac limit-maximum
MAC limit-maximum is 64000.
ZXR10(config-mac)#
The following is sample output from the show mac higig-learn command:
ZXR10(config-mac)#show mac higig-learn
MAC higig learn enable.
The following is sample output from the show running-config mac command:
ZXR10(config)#show running-config mac

! <MAC>
mac
aging-time 200
limit-maximum 23 interface gei-0/1/1/1
add permanent 0000.0000.0006 interface gei-0/1/1/1 vlan 1
add permanent 0000.0000.0003 interface gei-0/1/1/1 vlan 1
$
! </MAC>
The following is sample output from the show mac port-information command:
ZXR10(config)#show mac port-information interface gei-0/1/1/1

The gei-0/1/1/1 limit num = 23; current mac num = 2;
MAC learning is enable.
The following is sample output from the show mac count mac-day command:
ZXR10(config)#show mac count mac-day
MACNum Time
----------------------
ZXR10(config)#show mac count mac-hour
MACNum Time
----------------------
0 : 2010-09-16 11:03:17 UTC
2 : 2010-09-16 12:00:00 UTC
2 : 2010-09-16 13:00:00 UTC
The following is sample output from the clear max-number command:
ZXR10(config)#clear max-number
5.4 MAC Configuration Example

Adding a Permanent MAC Address
5-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Add a permanent MAC address for an interface on the switch.

Add the permanent MAC address directly for this interface.
The DUT1 configuration is as follows:
DUT1(config-mac)#add permanent 0000.0000.0006 interface gei-0/1/1/1 vlan 1
Use the show mac table command to check the result of DUT1 configuration:
DUT1(config-mac)#show mac table


-------------- ---- ---------------------------- -------------- ---- -----------
0000.0000.0006 1 gei-0/1/1/1 Permanent 1 N/A
Configuring the Maximum Number of MAC Addresses Allowed for Learning

Set the maximum number of MACs.
Set the maximum number of MACs by directly using the related command.
The DUT1 configuration is as follows:

DUT1(config-mac)#limit-maximum 4600
Use the show running-config mac command to check the result of DUT1 configuration:
DUT1(config-mac)#show running-config mac
! <MAC>
mac
limit-maximum 4600
$
! </MAC>
DUT1(config-mac)#
5-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
5-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 6
MAC Address Table
Configuration
Table of Contents
MAC Address Table Overview ....................................................................................6-1
Configuring a MAC Address Table..............................................................................6-4
Maintaining and Diagnosing an MAC Address Table...................................................6-5
6.1 MAC Address Table Overview

Introduction
A MAC address is the hardware identity of a network device. A switch forwards packets
by MAC address. The uniqueness of the MAC address ensures the correct forwarding of
packets.
Each switch maintains a MAC address table. When the switch receives a data frame, it
determines whether to filter it or forward it to the related port of the switch based on the
MAC address table.
An entry in a MAC address table is uniquely identified by a MAC address plus a VLAN
ID. Entries that have the same MAC address and the same VLAN ID are considered the
same. An entry in the MAC address table is composed of:
1. MAC address: For example, 00D0.8756.95CA.
2. VLAN ID: ID of the VLAN that the MAC address belongs to.
3. Port number: For example, gei–0/1/1/3.
4. Other flags: These flags indicate the status and operations of the MAC address. There
are seven types of flags:
l static: indicates that the MAC address is static.
l Dynamic: indicates that the MAC address is dynamic to learn.
l To-Permanent: indicates that the MAC address solidify permanent.
l permanent: indicates that the MAC address is permanent.
l Filter(Both): indicates that data frames are filtered based on the source or
destination MAC address.
l to-static: indicates that the MAC address is stabilized.
l Filter(Src): indicates that data frames are filtered based on the source MAC
address.
l Filter(Dst): indicates that data frames are filtered based on the destination MAC
address.
6-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
l from: MAC address of the device from where the packet is sent.
l time: the time period that the dynamic MAC address keeps alive.
When a switch performs layer-2 forwarding, it queries the MAC address table based on
the destination MAC address and VLAN contained in a data frame, to determine to which
port the data frame is to be forwarded.
When a switch performs layer–3 forwarding, it queries the MAC address table after
obtaining the MAC address corresponding to the IP address of the next hop, and similarly
determines to which port a data frame is to be forwarded.
MAC Address Classifications

The MAC addresses in a MAC address table can be classified into three types:
l Dynamic MAC address
A dynamic MAC address is learned by a switch through data frames in the network,
and it is deleted when its aging time arrives. When the ports of the switch connecting
the network device change, the mappings between the MAC addresses and ports in
the MAC address table also change. After the switch is powered off and restarted, the
learned dynamic MAC addresses disappear, and then the switch starts to learn new
dynamic MAC addresses.
l Static MAC address
A static MAC address does not age out, but it disappears when the ZXR10 5900E
reboots. At present, static MAC addresses are not supported.
l Permanent MAC address
A permanent MAC address is generated through the configuration and does not age
out. No matter how the ports of the switch connecting the network device change, the
mappings between the MAC addresses and ports in the MAC address table do not
change. For a port configured with a static or permanent MAC address, if you want
to change the VLAN of the corresponding port so that the port no longer belongs to
this VLAN, the system gives the message that the MAC address should be deleted
before changing the VLAN. After the switch is powered off and restarted, permanent
MAC addresses do not disappear, as long as the configuration is saved on the switch
previously.
l MAC address filtration
MAC address filtration is generated through the configuration and does not age out.
After the configurations on the ZXR10 5900E are stored, MAC addresses filtration
are not lost after the ZXR10 5900E reboots. MAC address filtration is divided into the
following types:
à Source filtration: The source MAC addresses of packets are not learned
à Destination filtration: Packets are not forwarded by destination MAC address.
à Source and destination filtration: The source MAC addresses of packets are not
learned and forwarded.
6-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 6 MAC Address Table Configuration c u -tr a c k
Creating and Deleting a MAC Address Table

In the initial status, a switch does not have a MAC address table. To provide fast
forwarding, you must create a MAC address table for the switch. The capacity of the MAC
address table is limited, and the network devices change frequently, so you must delete
old entries from the MAC address table and update the changed ones.
l Dynamic Learning
The dynamic MAC addresses in the MAC address table are learned dynamically by a
switch. The learning process is as follows:
When a port of the switch receives a data frame, the switch analyzes the source MAC
address and VLAN ID (assume that they are MAC1 + VID1) in the frame. If the MAC
address is legal and can be learned, the switch uses MAC1 + VID1 as the key to query
the MAC address table. If MAC1 + VID1 cannot be found in the MAC address table,
the switch adds it to the table. If MAC1 + VID1 can be found in the table, the switch
updates the corresponding entry in the table.
Note:
à MAC address learning is to learn the source MAC address in the data frame,
instead of the destination MAC address.
à For MAC address learning, only unicast addresses can be learned. Broadcast or
multicast addresses cannot be learned.
l MAC Address Aging

The capacity of the MAC address table is limited. To effectively use the resources in
the MAC address table, the switch provides MAC address aging.
If the switch does not receive any data frame from a device during the specified period
(the aging time), the switch assumes that the device has already left the network. In
this case, the switch deletes the corresponding MAC address from the MAC address
table. In this way, the MAC address table can be updated in time. MAC address aging
is applied only to dynamic MAC addresses.
l Adding or Deleting a MAC Address Manually

If the network is comparatively stable and the switch port connecting a device is fixed,
you can use the configuration commands to add the MAC address directly in the
MAC address table of the switch. The MAC address can be configured as a static
or permanent one. Adding static or permanent MAC addresses can prevent network
attacks that use fraudulent MAC addresses.
The added MAC addresses can be deleted by using the command of deleting a MAC
address. This command can also be used to delete a dynamic MAC address forcedly
and make the switch learn the address again.
6-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
6.2 Configuring a MAC Address Table

Setting the Aging Time of MAC Addresses
The setting of the aging time of MAC addresses may affect the performance of a switch.
If the aging time is too short, the switch may delete many valid entries from the MAC
address table, and thus the switch may broadcast numerous packets whose destination
MAC addresses cannot be found. As a result, a great amount of bandwidth for the switch
may be occupied. On the contrary, if the aging time is too long, the switch may save too
many outdated entries in the MAC address table. Consequently, new MAC addresses
cannot be added to the MAC address table.
Command Function
ZXR10(config-mac)#aging-time <time> Specifies the aging time (in seconds)

of MAC addresses, default: 300.
Stabilizing MAC Addresses

Stabilizing MAC addresses is to convert all the dynamic MAC addresses in the MAC
address table into static MAC addresses or permanent MAC addresses. However,
static MAC addresses are not saved permanently, and they disappear after the switch is
powered off and restarted. But, permanent MAC addresses are saved permanently, and
they exist after the switch is powered off and restarted.
Command Function
ZXR10(config-mac)#to-static [{ interface < port-name >| mac}]{ Stabilizes dynamic MAC

enable| disable} addresses.
ZXR10(config-mac)#to-permanent interface <interface-name>{e Sets MAC addresses to

nable|disable} permanent.
Binding a Port to a MAC Address

Binding a port to a MAC address can be achieved by adding a static or permanent MAC
address on the switch. After the MAC address is bound to the port, the mappings between
the MAC address of the port are fixed, and the MAC address are not learned any more.
1 ZXR10(config-mac)#add permanet <mac-address> Adds a MAC address.

interface < port-name>{ all-owner-vlan | vlan< vlan-id>]
2 ZXR10(config-mac)#delete {[interface < port-name>] Deletes a MAC address.

,[vlan < vlan-id>],[< mac-address>]}
Configuring MAC Address Learning for a Port

By default, the MAC address learning function is enabled for a switch port, so that the port
can dynamically learn MAC addresses. If a device always connects to this port, you can
configure MAC address binding, manually configure all the possible MAC addresses for
6-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 6 MAC Address Table Configuration c u -tr a c k
the port, and then disable the MAC address learning function. In this way, the port does
not learn MAC addresses dynamically any more.
Command Function
ZXR10(config-mac)#learning { enable| disable| disable-action Configures MAC address learning.

{drop | forward}}[ interface <port-name>][vlan <1-4094>]
Configuring the Maximum Number of MAC Addresses for a Port or Switch

The capacity of the MAC address table of a switch is limited. If the number of MAC
addresses is reaching the upper limit, you can limit the number of MAC addresses that
can be learned by the port used by a lower-priority user. This can prevent network attacks
(such as MAC address overflow) caused by MAC address flooding.
Command Function
ZXR10(config-mac)#limit-maximum <max-number>[interface Configures the maximum number

<port-name>| vlan <vlan-id>] of MAC addresses for a port or
switch.
Note:
To cancel the maximum number of MAC addresses for a port or switch, run the no form
of this command.
Configuring MAC Address Filtering

Filtering a data frame by MAC address can be of one of the following:
l Matching the source MAC address of the data frame only
l Matching the destination MAC address of the data frame only
l Matching both the source and destination MAC addresses of the data frame
Command Function
ZXR10(config-mac)#filter { source| both| destination}<mac-addre Configures MAC address filtration.

ss> vlan< vlan-id>
During the MAC address filtration configuration, port name does not need to be specified.
The switch filters data frames from all ports.
6.3 Maintaining and Diagnosing an MAC Address Table

To main MAC on ZXR10 5900E, use the following command:
6-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#show mac table [{[{dynamic| static| permanent | to-static|s This shows the MAC address
rc-filter| dst-filter| to-permanent}],[<mac-address>],[interface < table.
port-name>], [vlan < vlan-id>]}]
The following is an example of the show mac table command:

ZXR10(config-mac)#show mac table
----------------------------------------------------------------------
00e0.d122.1000 111 gei-0/1/1/1 Dynamic 0 02:17:23:13
ZXR10(config-mac)#
6-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 7
RMON Configuration
Table of Contents
RMON Overview ........................................................................................................7-1
Configuring RMON .....................................................................................................7-2
Maintaining RMON .....................................................................................................7-4
7.1 RMON Overview

Introduction
RMON is developed to meet the requirements of monitoring the traffic on subnetworks.
RMON can be used to monitor the traffic on subnetworks of Ethernet and token ring
networks, which is an important enhancement to SNMP. In RFC1757, RMON is defined
by an MIB. In this way, the information about the traffic on the specified subnetwork can
be obtained through the RMON-MIB.
Network flow monitoring is very important in network management. Network operational
status can be obtained by viewing the traffic in the network. If a network has multiple
subnetworks, it is necessary to know the operational status, flow changes, performance
and related information of each subnetwork. Monitoring the network can be more effective
through traffic analysis and statistics.
RMON implements the four basic functions (a statistics group, a history group, an alarm
group, and an event group) defined in RFC1757. A proper configuration can assist
network administrators in knowing and analyzing network operation information, and
obtaining network alarms quickly.
Principles
A detection system (called monitor) should be placed inside each subnetwork for
monitoring purposes. The monitor checks each packet over the network, and collects
statistics (for example, the total number of packets sent and total number of error packets)
and implements analysis on these packets.
RMON defines several physical groups based on the data and functions required by
subnetwork monitoring. In this example, RMON implements four physical groups:
1. Statistics group: collects statistics on error information for each subnetwork.
2. History group: stores the information periodically sampled from the statistics group.
3. Alarm group: allows administrators to set the sampling interval and enables the RMON
system to record the alarms triggered by counters.
4. Event group: records all events generated by the RMON system.
7-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
At the same time, RMON defines 10 groups that are logically consistent. These groups rely
on each other in implementation, and may contain tables from different physical groups.
In this example, the following logical groups are concerned:
1. Ethernet statistics group: stores Ethernet statistics from each monitored Ethernet
interface. This group contains the etherStatsTable.
2. History control group: periodically samples historical data from different networks. This
group contains the historyControlTable.
3. Ethernet history group: stores the periodically-sampled data from Ethernet for future
use. This group contains the etherHistorytable.
4. Alarm group: collects the statistics on the specified variable periodically, and compares
it with the pre-defined threshold. If the monitored variable exceeds the threshold, an
alarm is raised. The delay mechanism is used to restrict the number of alarms. This
group contains the alarmTable and should cooperate with the event group.
5. Event group: controls the generation of monitored events and determines whether to
inform the system. This group contains an eventTable and a logTable.
7.2 Configuring RMON

To configure RMON, perform the following steps:
1 ZXR10(config)#rmon Enters RMON configuration mode.
2 ZXR10(config-rmon)#rmon alarm Configures the RMON alarm table.

<index><variable><interval>{delta | absolute}
rising-threshold <value>[<event-index>]
falling-threshold <value>[<event-index>][owner
<string>]
3 ZXR10(config-rmon)#rmon event Configures the RMON event table.

<index>[log][trap <community>][description
<string>][owner <string>]
4 ZXR10(config-rmon)#interface <name > Enters RMON interface configuration

mode.
5 ZXR10(config-rmon-if)#rmon collection Configures the RMON history table.

history <index>[owner <string>][buckets
<bucket-number>][interval <seconds>]
6 ZXR10(config-rmon-if)#rmon collection Configures the RMON statistics table.

statistics <index>[owner <string>]
<index> Index ID, range: 1–65535.
7-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 7 RMON Configuration c u -tr a c k
<variable> MIB variable to be monitored, range: 1–64

characters. The MIB variable must be an MIB
variable that can be converted into an integer.
<interval> Time interval (in seconds) for monitoring the MIB

variable, range: 10–2147483647.
delta Compares the increment with the threshold.
absoulte Compares the specified variable with the

threshold.
rising-thershold <value> Rising threshold in sampling statistics, range:

-2147483647 to 2147483647.
<event-index> ID of the event triggered when the threshold is

exceeded, range: 1–65535.
falling-threshold <value> Falling threshold in sampling statistics, range:

-2147483647 to 2147483647.
owner<string> Owner of the alarm, range: 1–31 characters,

default: config.
log Whether to generate a log.
trap <community> Community string used for sending traps, range:

1–32 characters.
description <string> Brief description for the event, range: 1–10127

characters, default: zte.
owner<string> Owner of the event, range: 1–31 characters,

default: config.
<name> Interface name.
7-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
owner <string> Owner of the historical record, range: 1–31

characters, default: monitor.
buckets <bucket-number> Bucket size, range: 1–100, default: 50.
interval <seconds> Sampling interval (in seconds), range: 10–3600,

default: 1800. It is recommended that you set the
value to 30 or 1800 for collecting network traffic
during a short-term or long-term period.
owner <string> Owner of the historical record, range: 1–31

characters, default: monitor.
7.3 Maintaining RMON

To maintain RMON, run the following command:
Command Function
ZXR10(config)#show rmon [alarms][events][hist Displays the RMON configuration and related

ory][statistics] information.
For a description of the parameters, refer to the following table:
alarms Displays the information about all alarms.
events Displays the information about all events.
history Displays the information about all historical

records.
statistics Displays the information about all statistics items.
The following is sample output from the show rmon alarms command:
ZXR10(config-rmon)#show rmon alarms
Alarm 1 is valid, and owned by zte
Monitors interfaces.1.0,every 200 second(s)
Taking absolute samples, last value was 7
Rising-threshold is 100,assigned to event 0
Falling-threshold is 10,assigned to event 0
On startup enable rising or falling alarm
7-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 7 RMON Configuration c u -tr a c k
Output Information Description
valid Alarm status.
last value was 7 Previous sampling value.
The following is sample output from the show rmon events command:
ZXR10(config-rmon-if)#show rmon events
Event 2 is valid, and owned by config
Description is zte
Event firing causes log and trap to community/user public, last fired 0w0d,00:00:00
Current log entries:
index time description
valid Event status.
log and trap The event is logged and a trap is sent.
Current log entries Log records.
The following is sample output from the show rmon history command:
ZXR10(config-rmon-if)#show rmon history
historyControlEntry 1 is valid,and owned by monitor
Monitors ifEntry.1.2 (gei-0/1/1/1) every 30 seconds
Requested buckets is 10
Granted buckets is 50
valid Status of the history record.
every 30 seconds Time interval for sampling historical data.
Requested buckets Number of sampling operations that the management

stations wishes to perform.
Granted buckets Number of records that the RMON system

keeps in the etherHistoryTable. When a
histroryCnotrolBucketsResquest message is
created or modified, the RMON system should keep the
setting of the Granted buckets parameter consistent
with that of the Requested buckets parameter.
The following is sample output from the show rmon statics command:
7-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-rmon-if)#show rmon statistics

etherStatsEntry 1 is valid,and owned by monitor
Monitors ifEntry.1.2 (gei-0/1/1/1) which has
Received 0 octets, 0 packets,
0 broadcast and 0 multicast packets,
0 undersized and 0 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions,
0 dropped packets (due to lack of resources).
Packets received (in octets):
64:0, 65-127:0, 128-255:0,
256-511:0, 512-1023:0, 1024-1518:0
valid Status of the history record.
Received 0 octets Number of bytes received.
0 packets Number of packets received.
The following is sample output from the Show rmon command:

ZXR10(config-rmon-if)#show rmon
supports Statistics History Alarm Event etc. group(s) of RFC1757.
Config entries:
etherStats 1
historyControl 1
alarm 1
event 3
ZXR10(config-rmon-if)#
etherStats Number of statistics items.
historyControl Number of historical records.
alarm Number of alarms.
Event Number of events.
7-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 8
PoE Configuration
Table of Contents
PoE Overview ............................................................................................................8-1
Configuring PoE ........................................................................................................8-2
Maintaining PoE .........................................................................................................8-6
PoE Configuration Example........................................................................................8-7
8.1 PoE Overview

Power over Ethernet (PoE) is an extension of network devices that support Ethernet
electrical interfaces. Network devices (including switches and routers) supporting PoE
can provide power supply for remote devices (including IP phones, WLAN APs, and
network cameras) through twisted-pair cables.
PoE is also called power over network. It is a technology used to provide power supply
for devices through electric power transmitted over standard CAT-5 10 BASE-T and 100
BASE-TX Ethernet cables. Based on the existing Ethernet CAT-5 cabling architecture,
without any modification, when data signals are transmitted to IP-based terminals (such
as IP phones, WLAN APs, and network cameras), DC power supply can be provided for
these devices through PoE. PoE ensures security of the existing cabling architecture, and
ensures that the existing network can operate properly. This reduces costs to the maximum
extent. Figure 8-1 shows a PoW application scenario.
Figure 8-1 PoE Application Scenario
8-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The ZXR10 5950–36PM-H and ZXR10 5950–56PM-H switches support the PoE function.
l The ZXR10 5950-36PM-H provides 24 1000 Base-T electrical interfaces, four combo
interfaces, and two expansion slots. It supports PoE and PoE+. For PoE+, full-load
power supply complying with the 802.3at standard must be provided for two thirds
of the ports. The first four interfaces support PoE+ with a maximum of 60 W. The
ZXR10 5950-36PM-H supports modular dual-power and power-down protection, and
provides AC power supply and DC power supply.
l The ZXR10 5950-56PM-H provides 48 1000 Base-T electrical interfaces, and two
expansion slots. It supports PoE and PoE+. For PoE+, full-load power supply
complying with the 802.3at standard must be provided for 26 ports. The first four
interfaces support PoE+ with a maximum of 60 W. The ZXR10 5950-56PM-H
supports modular dual-power and power-down protection.
The ZXR10 5900E provides the following PoE functions:
1. Enables or disables the PoE function on ports.
2. Provides power supply with different powers on ports.
3. Supports port priorities. Power supply is preferentially provided for a port with a higher
priority.
4. Supports configuring the maximum output power for the device.
5. Supports PoE and PoE+. Some ports support 60 W PoE+.
6. Supports remote power supply for ports.
7. Supports configuring the PoE time range.
8. Supports port power detection. If the actual power is greater than the PSE-distributed
power, the device stops providing power supply for ports.
9. Supports stopping providing power supply for new PoE ports if the entire-device PoE
power is exceeded.
10. Supports displaying the PSE power supply state and PD power supply state, such as
whether power supply is provided, power, level, and temperature.
11. Supports testing consistency between 802.3AF and 802.3AT.
12. Supports testing the compatibility of devices connected to ports.
13. Supports over-temperature protection recovery.
14. Supports the PoE module alarm function.
15. Supports online upgrade of PoE power supply management software.
8.2 Configuring PoE

To configure PoE on the ZXR10 5900E, perform the following steps.
Entering PoE Configuration Mode
Command Function
ZXR10(config)#poe Enters PoE configuration mode.
8-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 8 PoE Configuration c u -tr a c k
Enabling or Disabling the PoE Function
Command Function
ZXR10(config-poe)#interface <interface-name> Enables or disables the forcible power supply

function on the specified interface. By default,
ZXR10(config-poe-if-interface-name)#force-
this function is disabled. The forcible power
power {enable | disable}
supply setting conflicts with the normal power
supply setting. Thus, you must disable the normal
power supply setting before enabling the forcible
power supply setting.
Enabling or Disabling the PoE+ Function
Command Function
ZXR10(config-poe)#interface <interface-name> Enables or disables the PoE+ function for the

specified interface. By default, the function is
ZXR10(config-poe-if-interface-name)#enhan
disabled.
ced-mode {enable | disable}
Configuring a Power Supply Priority for a PoE Port
Command Function
ZXR10(config-poe-if-interface-name)#prior Sets a power supply priority for the specified PoE

ity {low | high | critical} port. The priorities in ascending order are low,
high, and critical. The default priority is critical.
By default, the priority of each PoE port is critical (the highest priority), and the power
supply order depends on port number. The power supply is preferentially provided for a
port with a smaller port number. If the priorities of ports are different, the power supply is
provided based on priorities.
Configuring the Maximum Port Power
Command Function
ZXR10(config-poe-if-interface-name)#pd-m Configures the maximum power on a PoE port.

ax-power{4.0 | 7.0| 15.4 | 18 | 27 | 30| ext.34 | ext.37 |
ext.45.4 | ext.48 | ext.57 | ext.60 | auto}
Parameter description:
4.0 Indicates that the maximum power on a PoE port

is set to 4.0 W.

is set to 7.0 W.
8-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

is set to 15.4 W.
18 Indicates that the maximum power on a PoE port

is set to 18 W.

is set to 27 W.

is set to 30 W. The default maximum power on a
PoE port is 30 W.
ext. 34 Indicates that the maximum power on a PoE port

is set to 34 W.

is set to 37 W.
ext. 45.4 Indicates that the maximum power on a PoE port

is set to 45.4 W.

is set to 48 W.

is set to 57 W.

is set to 60 W.
auto Indicates that the maximum power on a PoE port

is set to auto. The default maximum power on a
PoE port is auto.
There is a difference between the PSE power and the PD power. For example, if the PSE
power is set to 30 W, the actual PD power is about 25 W. The cause is that the PoE supply
voltage is low and the current is high, and then the power loss is great.
If the power supply is provided for the device operating in full-power state, much heat is
generated within a short period in the PD due to a large number of ports. Therefore, ensure
that fans of the PD are operating properly.
For the ZXR10 5950-36PM-H and ZXR10 5950-56PM-H, only the first four ports support
the power supply with a maximum of 60 W. Other ports support the power supply with a
maximum of 30 W.
8-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Note:
The maximum power cannot be set to auto for the first four ports.
The device supports PoE with the minimum distance of 100 meters.
Configuring the Timing Function
Command Function
ZXR10(config-poe-if-interface-name)#time- Configures the timer for the specified interface,

range <time-range> so that PoE is valid in the specified time range.
Before configuring the PoE timer, you need to enable the timer function in time-rang
e mode and create the corresponding timer. You can run the show poe config interface
command to verify that the configuration is applied.
To configure the function that the PoE power supply is provided in the specified time period,
enter time-range configuration mode from global configuration mode, set the start time and
end time, enter PoE configuration mode, and bind the time range to the specified port.
Perform Online Software Upgrade
Command Function
ZXR10(config-poe)#upgrade-firmware Performs online upgrade for the PoE power

<firmware file name> device-id <device-id> supply management software.
<firmware file name> File path of the PoE firmware.
<device-id> ID of the device.
Configuring the Temperature Protection Function
Command Function
ZXR10(config-poe)#overtemperature Enables or disables the over-temperature

auto-recovery device-id <device-id>{enable | recovery function. By default, this function is
disable} disabled.
<device-id> ID of the device.
8-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
enable Indicates the temperature protection function is

to be enabled.
disable Indicates the temperature protection function is

to be disabled.
If the power supply is provided for the device operating in full-power state, the
over-temperature protection recovery function must be enabled for the device. When the
device detects that the temperature on a port is higher then 80ºC, the device stops PoE
and generates an alarm. After the temperature is lower, the device provides PoE again.
Configuring the Alarm Threshold for the Electric Energy Occupancy Rate
Command Function
ZXR10(config-poe)#power-threshold Configures the alarm threshold for the electric

<threshold-range> device-id <device-id> energy occupancy rate. By default, the alarm
threshold is not configured.
<threshold-range> Alarm threshold for the electric energy occupancy

rate of a PoE device. The value is a percentage.
<device-id> ID of the device. The device ID of switches is 1.
8.3 Maintaining PoE

To maintain PoE on the ZXR10 5900E, run the following commands.
Command Function
ZXR10(config)#show poe config interface Displays PoE configuration information on the

<interface-name> specified port.
To display the configuration information, the
corresponding port must be enabled.
ZXR10(config)#show poe interface Displays PoE information on the specified port.

<interface-name>
ZXR10(config)#show poe device Displays PoE device information.
The show poe config interface command displays the PSE configuration power, and the
show poe interface displays the actual PD power. If the required PD power is greater than
the PSE configuration power, PoE must be disabled on ports.
8-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
8.4 PoE Configuration Example

Description
As shown in Figure 8-2, PoE is configured on the ZXR10 5950-36PM-H to provide power
supply for the IP phones.
Figure 8-2 PoE Configuration Example
Configuration Flow
1. Enter PoE configuration mode.
2. Enable the PoE function for the ports connected to IP phones.
The configuration on the ZXR10 5950-36PM-H is as follows:
ZXR10(config)#poe
ZXR10(config-poe)#interface gei-0/1/1/5
ZXR10(config-poe-if-gei-0/1/1/1)#enable
ZXR10(config-poe-if-gei-0/1/1/1)#exit
ZXR10(config-poe)#interface gei-0/1/1/28
ZXR10(config-poe-if-gei-0/1/1/28)#enable
ZXR10(config-poe-if-gei-0/1/1/28)#exit
Run the show poe interface command to view PoE power supply information on the ports.
ZXR10(config-poe)#show poe interface gei-0/1/1/5
power up : on
power device : delivering power
power device type : IEEE802.3 AF power device
802.3af classification : class 0
interface current-power : 4.3w
interface avg-power : 4.3w
interface peak-power : 4.4w
8-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
peak-power time : 2013:10:21 13:16:58

interface temperaturte : 45℃
8-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figures
Figure 1-1 ZXR10 5900E's Configuration Methods ................................................... 1-1
Figure 1-2 Network Scenario for the FTP Server....................................................... 1-2
Figure 1-3 Network Scenario for the FTP Client ........................................................ 1-2
Figure 1-4 FTP Server Configuration Example ......................................................... 1-4
Figure 1-5 Connect to Server Dialog Box .................................................................. 1-5
Figure 1-6 Filezilla Server Dialog Box ....................................................................... 1-6
Figure 1-7 Users Dialog Box ..................................................................................... 1-6
Figure 1-8 Target User Settings ................................................................................ 1-7
Figure 1-9 TFTP Server ............................................................................................ 1-9
Figure 1-10 Configure Dialogue Box ......................................................................... 1-9
Figure 1-11 Hyper Terminal Connection 1 ............................................................... 1-11
Figure 1-12 Connection Description ........................................................................ 1-11
Figure 1-13 Selecting a Serial Port ......................................................................... 1-12
Figure 1-14 COM Properties ................................................................................... 1-12
Figure 1-15 Running Telnet..................................................................................... 1-14
Figure 1-16 Telnet.Exe Window .............................................................................. 1-15
Figure 1-17 SSH Client Login Configuration............................................................ 1-23
Figure 1-18 SSH Client Select Version Configuration .............................................. 1-23
Figure 1-19 Successful Login Interface ................................................................... 1-24
Figure 2-1 VSC Configuration Example .................................................................. 2-29
Figure 3-1 SNMP Configuration Example Topology................................................. 3-12
Figure 3-2 NetFlow V5 Configuration Example........................................................ 3-25
Figure 3-3 NetFlow V9 Configuration Example........................................................ 3-26
Figure 3-4 SYSLOG Configuration Example Topology ............................................ 3-35
Figure 3-5 Port Mirroring Principle .......................................................................... 3-37
Figure 3-6 Port Mirroring Configuration Example .................................................... 3-39
Figure 3-7 Performance Management Configuration Example Topology
Diagram................................................................................................ 3-49
Figure 3-8 Time Range Configuration Example Topology........................................ 3-54
Figure 8-1 PoE Application Scenario......................................................................... 8-1
Figure 8-2 PoE Configuration Example ..................................................................... 8-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Figures c u -tr a c k
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Glossary
BGP
- Border Gateway Protocol
CPU
- Central Processing Unit
FTP
- File Transfer Protocol
IS-IS
- Intermediate System-to-Intermediate System
LLDP
- Link Layer Discovery Protocol
MAC
- Media Access Control
NM
- Network Management
NMS
- Network Management System
NVRAM
- Non-Volatile Random Access Memory
OSPF
- Open Shortest Path First
PDU
- Packet Data Unit
PMS
- Performance Management Subsystem
RFC
- Request For Comments
RIP
- Routing Information Protocol
RMON
- Remote Monitoring
SD
- Secure Digital memory card
SNMP
- Simple Network Management Protocol
III

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
SSH
- Secure Shell
TCP/IP
- Transmission Control Protocol/Internet Protocol
TFTP
- Trivial File Transfer Protocol
UDP
- User Datagram Protocol
VTY
- Virtual Teletype
IV

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10 5900E Series

Configuration Guide (IPv4 Routing)
Version: 3.00.11
ZTE CORPORATION
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LEGAL INFORMATION
herein.
Revision History
Serial Number: SJ-20150114102049-003

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Contents
Chapter 1 Static Route Configuration ...................................................... 1-1
1.1 Static Route Overview ........................................................................................ 1-1
1.2 Configuring a Static Route .................................................................................. 1-2
1.3 Maintaining Static Route ..................................................................................... 1-4
1.4 Static Route Configuration Examples................................................................... 1-6
1.4.1 Basic Static Route Configuration Example ................................................. 1-6
1.4.2 Static Route Summary Configuration Example ........................................... 1-8
1.4.3 Default Route Configuration Example ........................................................ 1-9
Chapter 2 RIP Configuration ..................................................................... 2-1

2.1 RIP Overview..................................................................................................... 2-1
2.2 Configuring RIP ................................................................................................. 2-3
2.3 RIP Maintenance................................................................................................ 2-8
2.4 RIP Configuration Example ............................................................................... 2-13
Chapter 3 OSPF Configuration.................................................................. 3-1

3.1 OSPF Overview ................................................................................................. 3-1
3.2 Configuring the OSPF Protocol ........................................................................... 3-8
3.3 Maintaining the OSPF Protocol ......................................................................... 3-38
3.4 OSPF Configuration Examples.......................................................................... 3-45
3.4.1 OSPF Configuration Example One .......................................................... 3-45
3.4.2 OSPF Configuration Example Two .......................................................... 3-47
3.4.3 OSPF Multi-Instance Configuration Example............................................ 3-49
Chapter 4 IS-IS Configuration ................................................................... 4-1

4.1 IS-IS Overview ................................................................................................... 4-1
4.2 Configuring the IS-IS Protocol ............................................................................4-11
4.3 Maintaining the IS-IS Protocol ........................................................................... 4-23
4.4 IS-IS Configuration Examples ........................................................................... 4-28
4.4.1 Single Area IS-IS Configuration Example ................................................. 4-28
4.4.2 Multiple Area IS-IS Configuration Example............................................... 4-32
4.4.3 IS-IS Multi-Instance Configuration Example ............................................. 4-38
Chapter 5 BGP Configuration.................................................................... 5-1

5.1 BGP Overview ................................................................................................... 5-1
5.2 Configuring BGP ................................................................................................ 5-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
5.3 Maintaining BGP .............................................................................................. 5-55

5.4 BGP Configuration Examples............................................................................ 5-60
5.4.1 BGP Configuration Example One ............................................................ 5-60
5.4.2 BGP Configuration Example Two ............................................................ 5-69
5.4.3 BGP FRR Configuration Example............................................................ 5-72
5.4.4 BGP Route Reflector Configuration Example ........................................... 5-74
5.4.5 BGP and VRRP Linkage Configuration Example ...................................... 5-75
5.4.6 BGP Graceful Restart Configuration Example .......................................... 5-77
Figures............................................................................................................. I
Glossary ........................................................................................................ III
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
About This Manual

Purpose
Switch Configuration Guide (IPv4 Routing), which is applicable to the ZXR10 5900E
Intended Audience
l Network planning engineers
l Commissioning engineers
l On-duty personnel

Chapter 1, Static Route Configuration Describes how to configure static route on the
ZXR10 5900E.
Chapter 2, RIP Configuration Describes how to configure Routing Information

Protocol (RIP) on the ZXR10 5900E.
Chapter 3, OSPF Configuration Describes how to configure Open Shortest Path

First (OSPF) on the ZXR10 5900E.
Chapter 4, IS-IS Configuration Describes how to configure IS-IS on the ZXR10

5900E.
Chapter 5, BGP Configuration Describes how to configure Border Gateway

Protocol (BGP) on the ZXR10 5900E.
Conventions
width
| Separates individual parameters in a series of parameters.

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Danger: indicates an imminently hazardous situation. Failure to comply can result in

death or serious injury, equipment damage, or site breakdown.
Warning: indicates a potentially hazardous situation. Failure to comply can result in

serious injury, equipment damage, or interruption of major services.
Caution: indicates a potentially hazardous situation. Failure to comply can result in

moderate injury, equipment damage, or interruption of minor services.
Note: provides additional information about a certain topic.
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 1
Static Route Configuration
Table of Contents
Static Route Overview ................................................................................................1-1
Configuring a Static Route..........................................................................................1-2
Maintaining Static Route.............................................................................................1-4
Static Route Configuration Examples .........................................................................1-6
1.1 Static Route Overview

Static route is the routing information that is designated by network administrator to the
routing table by means of commands. Unlike a dynamic route, it does not set up routing
table according to routing algorithm. In dynamic route configuration, routing information
of the entire Internet must be sent to a router. The router is hard to hold the load. In this
time, static routes can be used to solve the problem. Sometimes, use static route with
less configuration to avoid using dynamic route. However, in a routing environment where
there are multiple routers and paths, it is very complicated to configure static routes.
To generate a static unicast routing table, network administrator has to be familiar with the
network topology and configure it according to the actual routing requirements. In this way,
the routing action can be controlled accurately in network. The static routing table needs
to be reconfigured in time if the network topology is changed.
Static route is different from other dynamic routing protocol. Static route configuration
does not require that configure the related protocol data on interfaces. It only needs to
check the validity of static route parameters configured by users, but whether static route
configuration takes effect is still decided by the state changing of the corresponding egress
interface.
The following content is a routing table of ZXR10 5900E. Here, the administrator distance
of static route is 1.
ZXR10#show ip protocol routing

Protocol routes:
status codes:*valid, >best, i-internal, s-stale
Dest NextHop RoutePrf RouteMetric Protocol
*> 0.0.0.0/0 0.0.0.0 254 8 special
*> 2.2.2.2/32 2.2.2.2 0 0 connected
*> 120.2.2.0/24 120.2.2.2 1 0 static
*> 120.2.2.2/32 120.2.2.2 0 0 connected
*> 255.255.255.255/32 0.0.0.0 254 0 special
1-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k ZXR10 5900E Series Configuration Guide (IPv4 Routing) c u -tr a c k
1.2 Configuring a Static Route

Next hop addresses must be specified for all routing items. When a packet is sent, the
system queries the matched route in the routing table according to the destination address.
If the next hop address is not specified, the link layer cannot find the corresponding address
on the link layer, and the packet cannot be forwarded.
Configuring Direct Static Route

To configure direct static route on ZXR10 5900E, use the following command.
Command Function
ZXR10(config)#ip route [vrf <vrf-name>]<prefix><net-mask This configures direct static route.

>{<next hop address>|<interface-name><next hop address>}[<
distance-metric>]
Descriptions of the parameters used by command are shown below.
<vrf-name> It is used to configure static route of the designated Virtual

Route Forwarding Table (VRF).
The length of VRF name ranges from 1 to 32 characters.
Management port (mng) is a special VRF.
<prefix> Network Internet Protocol (IP) prefix, in dotted decimal

notation
<net-mask> Network Mask, in dotted decimal notation
<next hop address> IP address of the next hop, in dotted decimal notation
<interface-name> Name of the used interface
<distance-metric> Management distance, ranging from 1 to 255
Configuring Indirect Static Route

To configure indirect static on ZXR10 5900E, use the following command.
Command Function
ZXR10(config)#ip route [vrf <vrf-name>]<prefix><net-mask>{<n This configures indirect static

ext hop address>[global]}[<distance-metric>][metric <metric>] route.
Judge whether the route is an
indirect static route according to IP
address of the next hop.
1-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 1 Static Route Configuration c u -tr a c k
<vrf-name> It is used to configure static route of the designated VRF.

The length of VRF name ranges from 1 to 32 characters.
<prefix> Network IP Prefix of destination address, in dotted decimal

notation
<net-mask> Network mask of destination address, in dotted decimal

notation
<next hop address> IP address of the next hop, in dotted decimal notation
[global] Private network route can configure the next hop of public
network, only when the next hop of private network is
configured, it can be configured.
<interface-name> Name of the used interface
[metric <metric>] Metric value of route, range: 0-255, the default value is 0
<distance-metric> Management distance, ranging from 1 to 255
Figure 1-1 Indirect Static Route Next Hop Configuration Example
As show in Figure 1-1, S2 advertises 20.20.20.0/24 to S1. The static route to 30.2.0.0/16
can be configured on S1, the next hop is 20.20.20.2.
The configuration of static route on S1:

S1(config)#ip route 30.2.0.0 255.255.0.0 20.20.20.2
View route table on S1:
ZXR10(config)#show ip protocol routing

Protocol routes:
status codes: *valid, >best, i-internal, s-stale

*> 10.10.10.0/24 10.10.10.1 0 0 connected
* 10.10.10.0/24 10.10.10.0 110 1 ospf
*> 10.10.10.1/32 10.10.10.1 0 0 connected
*> 20.20.20.0/24 10.10.10.2 110 2 ospf
*> 30.2.0.0/16 10.10.10.2 1 0 static
1-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
View forwarding table on S1:

ZXR10(config)#show ip forwarding route
IPv4 Routing Table:
Dest Gw Interface Owner Pri Metric
10.10.10.0/24 10.10.10.1 vlan1 direct 0 0
10.10.10.1/32 10.10.10.1 vlan1 address 0 0
20.20.20.0/24 10.10.10.2 vlan1 ospf 110 2
30.2.0.0/16 10.10.10.2 vlan1 static 1 0
224.0.0.0/4 224.0.0.0 NULL multicast 0 0
224.0.0.0/24 224.0.0.0 NULL multicast 0 0
255.255.255.255/32 255.255.255.255 NULL broadcast 254 0
Configuring FRR function of static routes.

To configure FRR function of static route on ZXR10 5900E, use the following command.
Command Function
ZXR10(config)#ip route-static [vrf <vrf-name>] fast-reroute This enables the FRR function of
static routes.
The generation conditions for
the primary and standby routes
of static routes are: the same
destination address route with
different outgoing interfaces,
different administrative distances
or metric values.
<vrf-name> VRF name, range: 1–32 characters.
fast-reroute Enables the FRR function of static routes.
<time-interval> Interval of WTR, range: 0–12, default: 0.
1.3 Maintaining Static Route

To maintain static route on ZXR10 5900E, use the following command.
Command Function
ZXR10#show ip protocol routing [vrf <vrf_name>] This shows routing table of the
router. Vrf_name is the name of
vrf.
1-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#show ip forwarding route [vrf <vrf_name>] This shows forwarding table of the
router. Vrf_name is the name of
vrf.
Use show ip protocol routing command to show global routing table of the router. Inspect
whether the configured static route exists in routing table. This command is often used for
routing protocol diagnose and maintenance.
This shows what will be displayed after show ip protocol routing is used.
ZXR10(config)#show ip protocol routing
Protocol routes:

*> 10.10.10.0/24 10.10.10.1 0 0 connected
* 10.10.10.0/24 10.10.10.0 110 1 ospf
*> 10.10.10.1/32 10.10.10.1 0 0 connected
*> 20.20.20.0/24 10.10.10.2 110 2 ospf
*> 30.2.0.0/16 10.10.10.2 1 0 static
Descriptions of command output are shown below.
Show Command Outout Description
Dest Destination IP address
NextHop IP address of next hop
RouteRrf Management distance metric
RouteMetric Route metric
Protocol Name of the corresponding routing protocol
Use show ip forwarding route command to show forwarding table of router for inspecting
whether there is static route in forwarding table.
This shows what will be displayed after show ip forwarding route is used.
ZXR10(config)#show ip forwarding route
Status codes: *valid, >best, M: Master, S: Slave;
IPv4 Routing Table:
10.10.10.0/24 10.10.10.1 vlan1 STAT 0 0
10.10.10.1/32 10.10.10.1 vlan1 ADDR 0 0
20.20.20.0/24 10.10.10.2 vlan1 ADDR 110 2
30.2.0.0/16 10.10.10.2 vlan1 DIRECT 1 0
224.0.0.0/4 224.0.0.0 NULL RIP 0 0
224.0.0.0/24 224.0.0.0 NULL DIRECT 0 0
1-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
255.255.255.255/32 255.255.255.255 NULL B 254 0
Show Command Outout Description
Dest Destination IP address
Gw Gateway
Interface Outgoing interface
Owner Route type
Pri Route priority
Metric Route metric
1.4 Static Route Configuration Examples

1.4.1 Basic Static Route Configuration Example
As shown in Figure 1-2, if S1 wants to send packets to the remote network 140.1.1.0/24,
it needs to send the packets to S2 (10.6.1.18) first. S1 and S2 are directly connected.
You need to add a static route whose destination network segment is 140.1.1.0 and the
next hop is 10.6.1.18 on S1. In addition, you need to add a static route whose destination
network segment is 140.1.1.0/24 and the next hop is 10.9.1.39 on S2.
Figure 1-2 Static Route Configuration Example
There are three methods to configure static routes on S1.
l This configures IP address of the next hop.
S1(config)#ip route 140.1.1.0 255.255.255.0 10.6.1.18
l This configures the local egress interface and the direct next hop.
S1(config)#ip route 140.1.1.0 255.255.255.0 vlan1 10.6.1.18
Configuration on S2:
S2(config)#ip route 140.1.1.0 255.255.255.0 10.9.1.39
1-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuration Check
Use show command to validate configuration.
Validate configuration on S1:
S1(config)#show ip protocol routing network 140.1.1.0
Protocol routes:

*> 140.1.1.0/24 10.6.1.18 1 0 static

Protocol routes:

*> 140.1.1.0/24 10.9.1.39 1 0 static
If there are multiple paths to the same destination, a router can be configured with multiple
static routes with different administrative distances. However, routing table only displays
information about route with minimum distance because when router is informed of multiple
competition sources to a network, route with minimum administrative distance takes the
precedence.
Parameter <distance-metric> in static route configuration command about IP route can be
used to change administrative distance value of a static route. Supposing there are two
different routes from S1 to network section 140.1.1.0/24, the configuration is as follows:
S1(config)#ip route 140.1.1.0 255.255.255.0 10.6.1.18
S1(config)#ip route 140.1.1.0 255.255.255.0 10.6.1.1 20
Above commands are used to configure two different static routes arriving to the same
network segment. The first command does not configure administrative distance, so
default value “1” is used. The second command configures administrative distance of 20.
Since administrative distance of the first route is less than that of the second route, only
information about first route appears in routing table. That is, the switch sends packets to
destination network segment 140.1.1.0/24 through next-hop address 10.6.1.18 only. The
second route appears in routing table only when the first route fails and disappears from
the routing table. The two static routes can not have the same tag value, which go to the
same destination network but their next-hop is different.
Use show command to view on S1:
Protocol routes:
1-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
*> 140.1.1.0/24 10.6.1.18 1 0 static

* 140.1.1.0/24 10.6.1.1 20 0 static
1.4.2 Static Route Summary Configuration Example

A summary static route is a special kind of static routes, which can summarize two or
more special route expressions into one expression. In this way, entries of routing table is
reduced but all of original links is reserved.
As shown in Figure 1-3, S2 connects to two network segments 10.9.1.0/24 and 10.3.1.0/24.
If S1 wants to access these two network segments, it needs to have two static routes.
When there are lots of routes in routing table, people can use summary static route to
optimize S1's routing table.
Figure 1-3 Static Route Summary Configuration Example
Configure a static route whose destination address is 10.0.0.0 on S1. All the packets
transmitted to destination network segment 10.0.0.0/8 pass through 10.6.1.18. That is
to say, all the packets which destination address is 10.0.0.0/8 (sub networks 10.3.1.0/24
and 10.9.1.0/24) are sent to 10.6.1.18. In this way, multiple static routes with the same
destination can be summarized to a static route, which can optimize routing table.
S1(config)#ip route 10.0.0.0 255.0.0.0.0 10.6.1.18
Configuration Check
Use show command to view on S1:
S1(config)#show ip protocol routing

Protocol routes:
1-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
*> 10.9.1.0/24 10.6.1.18 1 0 static

*> 10.3.1.0/24 10.6.1.18 1 0 static
1.4.3 Default Route Configuration Example

Default route is also a kind of special static routes. When all routes are failed in routing
table, default route is adopted to make packet has a final destination. In this way, the
processing burden of router can be reduced a lot.
When a router cannot route a packet, the packet has to be dropped. However, this is not
hoped that packet is dropped in an "unknown" destination. To support complete connection
of router, this must have a route connected to a network. If router wants to keep complete
connection and meanwhile does not need to record each independent route, default route
can be used. By use of default route, an independent route can be designated to indicate
all other routes.
As shown in Figure 1-4, since there is no route pointing to Internet on S1, S1 needs to use
default route that send packets to S2 for processing.
Figure 1-4 Default Route Configuration Example
Default route configuration is completely the same as static route configuration and only
difference is that the network part and subnet mask part are all 0.0.0.0.
S1(config)#ip route 0.0.0.0 0.0.0.0 10.6.1.18
Configuration Check
Use show to view S1 routing table.
S1#show ip protocol routing
Protocol routes:
1-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

*> 0.0.0.0/0 10.6.1.18 1 0 static
Here, if the next hop is configured as null interface, the route is black hole route.
S1(config)#ip route 0.0.0.0 0.0.0.0 null1
View S1 routing table by show command:

S1#show ip protocol routing
Protocol routes:

*> 0.0.0.0/0 0.0.0.0 1 0 static
Default route is not always a static route. It also can be routes of other protocols, such
as Border Gateway Protocol (BGP), Routing Information Protocol (RIP) and so on. When
default route is used in routing protocol configuration, default route varies with routing
protocols.
If default route is configured on a router where RIP runs, the RIP will advertise the default
route to its neighbor, and even route redistribution is not needed in RIP domain.
For BGP protocol, a router where the BGP runs will not inject the default route into its
neighbor automatically. For BGP to send the default route to BGP domain, the command
default-information-originate has to be used first, and then redistribute default route.
1-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 2
RIP Configuration
Table of Contents
RIP Overview .............................................................................................................2-1
Configuring RIP .........................................................................................................2-3
RIP Maintenance........................................................................................................2-8
RIP Configuration Example ......................................................................................2-13
2.1 RIP Overview

Introduction to RIP
RIP is relatively old but still commonly used interior gateway protocol created for use in
small and homogeneous networks. This is a classical distance-vector routing protocol.
RIPv1 is documented in Request For Comments (RFC) 1058. RIPv2 is documented in
RFC1723. ZXR10 5900E supports RIPv1 and RIPv2 completely. RIPv2 is used by default.
Compared to RIPv1, RIPv2 has the following advantages.
l Route updating with sub network mask
l Authentication for route updating
l Updating multicast routing
The following topics mainly introduce RIPv2. RIP refers RIPv2 unless special explain.
l RIP Route Metric and Administrative Distance
RIP uses User Datagram Protocol (UDP) packet (port number 520) to exchange RIP
routing information. The routing information containing in RIP packet includes the
number of routers that a route passes through, that is, hop count, according to which,
router determines the route to the destination network.
RFC stipulates that the maximum hop count must be less than 16, so RIP is only
applicable to small-sized network. Hop count of 16 indicates infinite distance,
representing unreachable route, which is one way for RIP to identify and prevent the
routing loop.
Only hop count is taken as the metric for RIP routing; bandwidth, delay and other
variable factors are not considered. RIP always takes paths with the least hop count
as the optimized path, which results that the selected path is not the best one.
Default Administrative Distance (AD) value of RIP is 120. As for AD, the lower the
value, the higher the reliability of routing source. Compared to other routing protocols,
RIP is not quite reliable.
l RIP Timers
2-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
RIP provides the following four types of timers:

à Update timer
Switch running RIP transmits route update message at a certain interval (30s by
default), which reflects all the routing information of the switch. This process is
called routing information advertisement.
à Invalid timer
Invalid timer: When a switch fails to receive update information from another
switch in a certain time period (180s by default), it marks the routes provided by
the switch to be "unavailable".
à Holddown timer
After learning that routes are unavailable, the switch will enter hold-down state.
If switch receives route update packet within the default 180 seconds or if switch
fails to receive route update packet after 180 seconds, the holddown timer will
stop timing.
à Flush Timer
When it is not updated in the succeeding period of time (240 s by default), the
switch clears the route completely from the routing table.
l RIP Route Update
RIP protocol employs trigger update to speed up the spread of routing changes in the
RIP routing domain. When a RIP router detects that an interface is working or has
stopped working, a neighbor node is down or a new subnet or neighbor node joins
in, it will transmit a trigger update. The trigger update packet only contains changed
route.
RIP protocol uses poison reverse to speed up protocol convergence. The poison
reverse sets the metric of the unreachable network prefixes to be 16 (meaning
unreachable). After receiving route update packet of the metric, the switch will
discard the route instead of waiting for the aging time.
RIP uses split horizon to prevent loop and reduce the size of route update packet. Split
horizon means that if an interface receives a route update packet, it will not transmit
this update packet from itself to others.
RIP Working Principle

RIP defines two kinds of message types, request and response messages. Request
message is used to send a update to neighbor switch, and response message is used
to transmit route update.
1. At the start, RIP broadcasts or multicast packets which contain request message from
every RIP interface.
2. Later, RIP enters a loop state, it always monitors the RIP request or response
messages from other switches, and the neighbor switches which accept the request
will reply response messages containing their routing tables.
2-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 2 RIP Configuration c u -tr a c k
3. When the switch which sends request receives the response message, it will process
the route update message information containing in response message.
l For an new route entry, the router adds the new route and IP address of the ad-
vertised router to its routing table.
l For an existent RIP route, the router replaces the original route entry only when
the new route has less hop count.
2.2 Configuring RIP

RIP configuration includes the following contents, basic configuration, enhanced
configuration and version configuration.
Configuring RIP Basic Functions

To configure RIP basic function on ZXR10 5900E, perform the following steps.
1. Enabling RIP
1 ZXR10(config)#router rip This enables RIP routing

process and enters RIP
configuration mode.
2 ZXR10(config-rip)#network < ip-address>< This designates a network

wildcard-mask> segment for RIP routing.
In case that the IP address
of the interface belongs
to the designated network
segment, RIP is enabled on
this interface.
2. Adjusting RIP timer
1 ZXR10(config)#router rip This enables RIP process

and enters RIP configuration
mode.
2 ZXR10(config-rip)#timers basic <update><invalid><hol This adjusts RIP network

ddown>< flush> timer.
3 ZXR10(config-rip)#output-delay < packets>< delay> This sets the delay time for
sending RIP update packets.
Descriptions of the parameters used by step 2 are shown below.
2-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<update> The interval for sending update, the unit is second, the
range is 1-65535, and the default value is 30 seconds.
<invalid> Period before route invalidity in seconds, 1-65535. This

value shall be at least 3 times of update, 180 seconds by
default.
When there is no route refreshing, the route is ineffective.
Here, the route is blocked, marked as inaccessible, and
advertised as unreachable, but the route can still be used
to forward message packets.
<holddown> Period for suppressing optimized route in seconds,

0-65535. This value shall be at least 3 times of update,
180 seconds by default.
When the router receives the update message and
obtains a unreachable route, it will enter the blocked
state, be marked as inaccessible, and be advertised as
unreachable, but the route can still be used to forward
packets. After passing the blocked period, it receives the
routes advertised by other routers, and the route will be
accessible again.
<flush> Period from route invalidity to route clearing in seconds,

1-65535, 240 seconds by default.
The designated time must be greater than the holddown
value. Otherwise, it cannot pass the proper block time. In
this way, the new routes will be received before the block
expires.
<packets> The number of packets, ranging from 1 to 4294967295,

and the default value is 5.
<delay> The time interval for sending the packets in a designated

number.
The unit is second, the range is 0-100, and the default
value is 100ms.
This configures optional RIP parameters related to time.
ZXR10(config)#router rip
ZXR10(config-rip)#timers basic 5 15 15 30
ZXR10(config-rip)#output-delay 500 10
2-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The following are the configuration effects:

l The interval for sending RIP update is 5 seconds.
l The Period before route becomes invalid is 5 seconds.
l Router has 15 seconds for waiting after enters blocked state.
l There are 30 seconds for waiting from the route entry becoming invalid to clearing the
route entry.
l There are 10ms interval for sending each 500 packets.
Configuring RIP Enhanced Functions

To configure RIP enhanced function on ZXR10 5900E, perform the following steps.
1. Configuring RIP neighbor
1 ZXR10(config)#router rip This enters RIP configuration

mode.
2 ZXR10(config-rip)#neighbor <ip-address> This command applies to

non-broadcast link.
This defines neighbor router to
exchange routing information
with the router.
There are 255 neighbors can
be found and configured.
By using this command, RIP routing information can be exchanged by point-to-point

method (non-broadcast). Once the neighbor is designated, the interfaces which
belong to the same network with the router will not use broadcasting (or multicast) to
exchange RIP routing information.
2. Configuring RIP authentication
RIPv2 supports plain text and MD5 authentication modes. Password is configured
on interfaces. Network neighbors have to use the same authentication mode and
password. RIPv1 does not support authentication.
To configure RIP packet plain text authentication mode, perform the following steps.

mode.

configuration mode.
3 ZXR10(config-if)#ip rip authentication mode text This specifies the interface to

authenticate RIP packets by
plain text mode.
2-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4 ZXR10(config-if)#ip rip authentication key <key> This sets the key for interface
plain text authentication.
The length of key is 1-16
characters.
To configure RIP packet MD5 authentication mode, perform the following steps.

mode.

configuration mode.
3 ZXR10(config-if)#ip rip authentication mode md5 This specifies the interface to

authenticate RIP packets with
MD5 mode.
4 ZXR10(config-if)#ip rip authentication key-chain This sets to provide

<key-id><key-string> key-chain in interface MD5
authentication.
<key-id> ID of the key node in key-chain, the range is 1-255.
<key-string> Value of the key, the range is 1-16 characters.
3. Configuring split horizon and poison reverse mechanisms

mode.

configuration mode.
3 ZXR10(config-if)#ip split-horizon This enables split horizon

mechanism.
By default, it is enabled. Use
no to disable split horizon
mechanism.
2-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4 ZXR10(config-if)#ip poison-reverse This enables poison-reverse

mechanism.
By default, it is enabled. Use
no to disable poison-reverse
mechanism.
It is suggested that users do not change the default state of split horizon unless to
ensure to advertise route correctly. If the split horizon is disabled on serial port (and
the port connects to packet switching network), then those of all the related routers
and access servers have to be disabled.
4. Configuring route redistribution
To redistribute routes from a routing domain to RIP routing domain, perform the
following steps.

mode.
2 ZXR10(config-rip)#redistribute <protocol>[process-i This redistributes routes of

d][metric <metric-value>][route-map <name>] other routing protocols to RIP.
<protocol> Source routing protocol of route redistribution, which

can be the following keyword: ospf-ext, ospf-int, static,
bgp-ext, bgp-int, connected, isis-1, isis-2, and isis-1-2
<protocol> The source protocol redistributed. It can be ospf-ext,

ospf-int, static, bgp-ext, bgp-int, connected, isis-1, isis-2
or isis-1-2.
metric <metric-value> Specifies the route metric to introduce the route. If it is not
specified, the default-metric is used. Its range is 1-16.
route-map <map-tag> The name of the route map for redistribution, 1-31
characters.
Configuring RIP Version

ZXR10 5900E supports RIPv1 and RIPv2, and it uses RIPv2 by default.
To specify RIP version for router receiving or sending packets, use the following
commands.
2-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

mode.
2 ZXR10(config-rip)#version {1|2} This configures RIPv1 or RIPv2.

The default setting is RIPv2.
To specify the RIP version of packets to be sent or received by an interface, perform the
following commands.
RIP default state specified by version command can be ignored.

mode.

configuration mode.
3 ZXR10(config-if)#ip rip receive version {1 | 2} This specifies RIP version

(RIPv1 or RIPv2) of the packets
to be received by an interface.
Use default setting if version is
not used, that is, both of RIPv1
and RIPv2 packets are received
4 ZXR10(config-if)#ip rip send version {1 | 2 {broadcast This specifies RIP version

| multicast}} (RIPv1 or RIPv2) of the packets
to be sent by an interface.
1 The interface only sends RIPv1 packets
2 The interface only sends RIPv2 packets. Here, broadcast or multicast mode can
be selected.
broadcast The interface send compatible packets to broadcast address. All of routes are natural
networks, and no supernetting route.
multicast The interface sends RIPv2 packets to multicast address. By using auto-summary,
sub network route can be sent.
2.3 RIP Maintenance

To maintain RIP on ZXR10 5900E, use the following commands.
2-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10(config)#show ip rip [vrf <vrf-name>] This shows the basic information

of RIP running.
ZXR10(config)#show ip rip interface [vrf <vrf-name>]<interface- This shows the current

name> configuration and state of a
RIP interface.
ZXR10(config)#show ip rip database [vrf <vrf-name>][network This shows the route entries
<ip-address>[mask <net-mask>]] generated by RIP.
ZXR10(config)#show ip rip networks [vrf <vrf-name>] This shows information of all RIP
interfaces.
vrf <vrf-name> VRF name, the length is 1-32 characters.
network <ip-address> Network IP address, in dotted decimal notation.
mask <net-mask> Network mask, in dotted decimal notation
<interface-name> Name of RIP interface
This example shows what will be displayed after show ip rip is used.
ZXR10#show ip rip
router rip
auto-summary
default-metric 1
distance 120
validate-update-source
version 2
flash-update-threshold 5
maximum-paths 1
output-delay 5 100
timers basic 30 180 180 240
network
10.0.0.0 0.255.255.255
2-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
show Command Output Description
auto-summary This shows that only the summarized routes of natural

network and suppernetting can be sent (for RIPv2).
Use no to sent all RIP routes.
Be noted that the following policy is still available even if
auto-summary is used. When a router has the RIP sub
network route of the natural network to which the IP address
of a RIP interface belongs, the RIP update packet sent by the
RIP interface to outside does not contain the route of natural
network to which its IP address belongs, but it contains the
routes of other RIP sub networks which do not belong to the
same natural network segment with RIP the interface.
default-metric This sets the default metric value for redistributing the routes
generated by other protocol to RIP routes.
Use no to restore the default value of 1.
This command can be used with redistribute command
together to make route selection protocol use the same
metric value for all redistributed routes.
Default metric helps to solve the route redistribution problem
caused by routes adopting different metric values. It can
provide a reasonable alternative method to ensure that the
redistribution can be performed successfully.
distance This defines RIP route administrative distance.

This changes the decision of global routing table to select
optimized route.
validate-update-source This enables the function that check the validity of source IP
address of the received RIP updating packet.
Use no to disable this function.
flash-update-threshold This defines RIP flash timer.

Protocol flash timer can be set according to the actual
requirements.
maximum-paths This sets the number of routes supported by load balancing.

The number of routes received by RIP protocol can be
changed according to the actual load balancing requirements.
This command shows what will be displayed after show ip rip database is used.
ZXR10(config)#show ip rip database
Routes of rip:
h : is possibly down,in holddown time
2-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
f : out holddown time before flush

Dest Metric RtPrf InstanceID Time From
*> 137.1.0.0/16 1 254 0 00:00:12 0.0.0.0
*> 137.1.1.0/24 0 0 0 00:00:00 0.0.0.0
Metric It shows the weights of the route.

Metric value is 16 that indicates the route is invalid.
RtPrf Route priority

It shows the credibility of the route.
The priority of a summary route is 254, and 255 means a
invalid route.
InstanceID Instance number, only valid for OSPF instance and IS-IS
instance
Time It shows the existing time and timer state of the route.
From It indicates where the route is learnt.

From 0.0.0.0 indicates that the route is generated by the local
router.
This example shows what will be displayed after show ip rip interface is used.
ZXR10(config-rip)#show ip rip interface vlan1
vlan1 ip address:137.1.1.2/24 rip is enabled
receive version 1 2
send version 2
split horizon is effective
poison reverse is effective
send subnet only is ineffective
notify default unset
originate default unset
neighbor restrict is ineffective
interface is nomoral
authentication type:none
2-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
send subnet only This shows that after this command is used, the interface
only sends the information of the route which belongs to the
same sub network with itself, and it blocks the information of
the route which belongs to other sub network.
It applies to such a case that the lower router sends route
information to upper router. Only the information of local sub
network needs to be advertised. In this way, the route traffic
can be reduced a lot.
notify default The route entry sent by interface contains default route.
For parameter only, that means the route entry sent by
interface only contains default route.
originate default A default route is generated on interface, and it is forced to

advertise.
For parameter only, that means the interface only sends
default route. A default route is generated on interface, and it
is forced to advertise, but the default route is not added into
the routing table of local router but it is added into the routing
table of neighbor router.
neighbor restrict Interface neighbor restrict mode

When interface neighbor restrict mode is entered but
neighbor is not configured on the interface, the neighbor
still can be found but no point-to-point packets are sent to
neighbor, and only multicast packets are sent. In this time,
the neighbor can receive the packets. After a neighbor is
configured on the interface, the neighbor which is found
before will be deleted, and no neighbor can be found. At the
same time, the interface only sends point-to-point packets
to the configured neighbor. Meanwhile, the interface can
receive packets from the configured neighbor only, the
packets from other sources are discarded.
To realize the effect described above, neighbor restrict mode
has to be configured on both of routers, and the routers need
to enable neighbor.
This example shows what will be displayed after show ip rip neighbors is used.
ZXR10#show ip rip neighbors
neighbor address interface
10.1.1.15 vlan2
neighbor address IP address identifier of RIP neighbor
2-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
interface Learn an interface from the neighbor
2.4 RIP Configuration Example

Since the realizing principle and configuration of RIP are very simple, it is mainly used to
some simple networks. As shown in Figure 2-1, RIP run on both of S1 and S2.
Figure 2-1 RIP Configuration Example Topology
1. Configure interface IP addresses.
2. Configure RIP.
3. Enable RIP configurations on interfaces.
4. Test configuration result to make sure that neighborhood is established between S1
and S2. S1 and S2 can learn the routes advertised by the peer between each other.
S1(config)#interface vlan10
S1(config-if)#ip address 192.168.1.1 255.255.255.0
S1(config-if)#exit
S1(config-if)#exit
S1(config)#router rip
S1(config-rip)#network 192.168.1.1 0.0.0.255
S1(config-rip)#exit
S2(config-if)#exit
2-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S2(config-if)#exit
S2(config-rip)#end
Configuration Check
After the configuration is finished, the following information needs to be displayed, that
indicates the neighborhood is established between S1 and S2, and they can learn routes
between each other.
Use show running-config rip on S1 to inspect whether RIP configuration is correct.
S1(config-rip)#show running-config rip
router rip
network 192.168.1.0 0.0.0.255
network 10.1.0.0 0.0.255.255
interface vlan10
$
interface vlan20
$
!
S1(config)#show ip rip database

Routes of rip:
Dest Metric RtPrf Time From

*> 10.0.0.0/8 2 120 00:00:12 192.168.1.2
* 10.0.0.0/8 1 254 00:00:29 0.0.0.0
*> 10.1.0.0/16 0 0 00:00:00 0.0.0.0
*> 192.168.1.0/24 0 0 00:00:00 0.0.0.0
S1(config)#show ip rip neighbors

192.168.1.2 vlan10
Use show running-config rip on S2 to inspect whether RIP configuration is correct.

S2(config)#show running-config rip
router rip
network 192.168.1.0 0.0.0.255
network 10.2.0.0 0.0.255.255
interface vlan30
$
2-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
interface vlan10
$
!
S2(config)#show ip rip database

Routes of rip:
Dest Metric RtPrf Time From

*> 10.0.0.0/8 1 254 00:00:03 0.0.0.0
*> 10.2.0.0/16 0 0 00:00:00 0.0.0.0
*> 192.168.1.0/24 0 0 00:00:00 0.0.0.0
S2(config)#show ip rip neighbors

192.168.1.1 vlan10
2-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 3
OSPF Configuration
Table of Contents
OSPF Overview .........................................................................................................3-1
Configuring the OSPF Protocol ..................................................................................3-8
Maintaining the OSPF Protocol ................................................................................3-38
OSPF Configuration Examples.................................................................................3-45
3.1 OSPF Overview

Open Shortest Path First (OSPF) is one of the most popular and widely used routing
protocols. OSPF is a link state protocol, which overcomes the disadvantages of RIP and
other distance vector protocols. OSPF version 1 is defined by RFC1131. At present, OSPF
version 2 is used, which is defined in RFC2328. ZXR10 5900E supports OSPF version 2
completely.
OSPF has the following features.
l It converges fast. To ensure the synchronization of database, OSPF fast floods the
updating of link state and calculates routing table at the same time.
l It does not have route loop. Shortest Path First (SPF) algorithm is applied to guarantee
that no loops will be generated.
l It adopts route aggregation, which reduces the size of the routing table.
l It supports Variable Length Subnet Mask (VLSM) and Classless Inter-Domain Routing
(CIDR).
l It uses trigger updating mechanism to send updating message only when network
changes.
l It supports interface packet authentication to guarantee the security of routing
calculation
l It sends update packet by multicast mode.
OSPF Basic
An OSPF switch generates the routing table by setting up a link state database. The link
state databases of all OSPF switchs must be the totally same. Link state database is built
according to Link State Advertisements (LSAs) which are generated by all switchs and
spread over the whole OSPF network. There are many types of LSAs, and a complete
LSA set shows an accurate distribution diagram over the whole network.
3-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
OSPF Algorithm
OSPF uses cost as the metric. The cost is distributed to each port of a switch. A port
calculates the cost based on 100 M benchmark by default. The path cost to a particular
destination is the total cost of all links between the switch and the destination.
To generate a routing table by using LSA database, a switch runs the Dijkstra SPF
algorithm to construct the shortest path tree. switch is the root of the path tree. The
Dijkstra algorithm calculates the a path with the lowest cost to any node on the network.
switch saves the routes of the paths in the routing table.
Compared to RIP, OSPF does not simply broadcast all its routing information regularly.
An OSPF switch uses hello packets to keep the neighborhood. When a switch does not
receive any hello packets from a neighbor within a period of time (dead-interval), then it
will consider that the neighbor is not already alive.
OSPF routes are incrementally updated. switch sends the update information only when
topology changes. When the age of an LSA reaches 1800 seconds (LSA updating interval,
LSRefreshTime), switch sends an LSA updating packet.
OSPF Network Types

OSPF network type determines the forming of adjacency relationship and the setting of
interface timer. There are five network types in OSPF, and they are as follows:
l Broadcast network
l Non-Broadcast Multiple Access (NBMA) network
l Point-to-Point network
l Point-to-Multipoint network
l Virtual Links network
HELLO Packet and Timer

OSPF routers exchange HELLO packets in a certain interval, which is to keep alive state
among neighbors. By using HELLO packet, router can detect OSPF neighbor and select
the Designated Router (DR) and the Backup Designated Router (BDR). In broadcast,
point-to-multipoint and point-to-point network types, HELLO packets can be sent in
multicast mode. In NBMA network, point-to-multipoint network and virtual links, HELLO
packets are sent in unicast mode.
OSPF uses three kinds of timers relating to HELLO packets:
1. Sending interval (HELLO interval)
HELLO interval is an attribute of interface, which defines the interval that a router sends
HELLO packets by a router from each interface. The default HELLO packet sending
interval depends on the network type.
In broadcast and point-to-point networks, the default HELLO packet sending interval
is 10 seconds. In NBMA and point-to-multipoint networks, the default HELLO packet
sending interval is 30 seconds. The adjacent routers must have the same Hello interval
so as to become neighbors.
3-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 3 OSPF Configuration c u -tr a c k
2. Router dead-interval
The router dead-interval refers to the waiting time from the router receiving the last
hello packet to the router detecting that the neighbor is offline. The default router
dead-interval is four times of HELLO packet sending interval, which is applicable to all
network types.
3. Poll Interval
Poll interval only applies to NBMA network.
OSPF Neighbors
OSPF neighbors are a group of routers belonging to the same network. These routers
stipulate some configuration parameters. The routers must be neighbors to form
adjacency. To form adjacency, the routers have to be neighborhood.
Routers analyze their HELLO packets to make sure that the required parameters are
stipulated when they want to form neighborhood. The following parameters have to be
consistent so that the adjacent routers can set up neighborhood, area ID, area flag,
authentication information, HELLO packet sending interval and router dead interval.
Adjacency and DR
When two routers form an adjacency, they can exchange routing messages. Whether two
routers can form an adjacency depends upon network type connected to routers. The
network type of the connecting router decides whether two routers can form adjacency.
l There are only two routers in point-to point network or virtual links. The two routers
have to exchange the related routing information, so they can form an adjacency
automatically. A point-to-multipoint network can be regarded as a set of point-to-point
networks, so an adjacency is formed between each pair of routers.
l In a broadcast or an NBMA network, an adjacency may not be formed between two
neighbors. If adjacencies are already established among all routers (the number
of routers is "n" for example) on a network, each router will have "(n-1)" adjacent
connections and the network will have "n×(n-1)/2" adjacent connections.
In a large multi-access network, the router will be too heavy traffic if every one needs to
trace so many adjacent connections. Furthermore, the exchanging of routing information
between each adjacent routers wastes lots of network bandwidths.
Since a large multi-access network has a mass of redundancy information, OSPF defines
a DR and a BDR. The DR and BDR must form an adjacency with each OSPF router on
network. Each OSPF router only forms an adjacent relationships with DR and BDR. All
routers only send routing information to DR, and DR sends the information to other routers
in the same network segment. The two routers (neither DR nor BDR) do not establish an
adjacency between each other and neither will they exchange routing information. If the
DR stops working, the BDR will become a DR.
3-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Router Priority and DR Election

Every interface has its own priority on router, which affects the capability of the router to
become a DR or BDR on the network. The priority of router interface is expressed by an
eight-bit unsigned integer, ranging from 0 to 255 (the default value is "1").
In DR election, the interface priorities are compared at first. The router with the highest
priority becomes a DR in the network segment. If the priorities of two routers are the same,
the router which router id is the largest will become a DR. The router which priority is 0
cannot be a DR or BDR.
DR is a concept used in network segment, which is based on router interface. That is,
a router can be a DR on its an interface, and it can be BDR or DROther on its another
interface.
OSPF Area
To reduce the information size that each router stores and maintains and shield the range
that network changing influences on, OSPF divides a network into some minor parts.
Each router must have the complete information of the area where it locates. Area
Border Router (ABR) is used to transmit routing information between different areas. The
information is shared by areas. The routing information can be filtered on area edge,
which reduces the routing information stored in routers.
An area is identified with 32-bit unsigned number. Area 0 is reserved to identify backbone
network, and all other areas must be connected to area 0. The backbone area of OSPF
network has to be continuous. Routers can be one or multiple of the following types
according to its tasks in the area, as shown in Figure 3-1.
Figure 3-1 OSPF Router Type
l Internal router
All interfaces of the router belong to the same OSPF area. An internal router only
generates a Router LSA and saves a Link-state Database (LSDB).
3-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
l Backbone router
A router that its one interface belongs to area 0 at least.
l ABR
A router that its one interface belongs to area 0 at least and one interface belongs to
other area at least.
All ABRs are backbone routers.
l Autonomous System Border Routers (ASBR)
The router has other routing protocols, such as static route, interface direct route and
RIP, IGRP and so on.
The advantages of area division are listed below:
l Since ABR generates LSAs according by using routes in its area after dividing areas,
the routes can be aggregated firstly according to the rule of IP addresses, and then
generate LSAs. In this way, the number of LSAs is reduced a lot in AS.
l After the area is divided, the changing of network topology is synchronized in the area
firstly. If the changing influences on the aggregated route, ABR will notify the changing
to other areas. In this way, most of topology changings are shielded in the area.
LSA Type and Flooding

LSA is a mode of exchanging link state database information among OSPF routers. A
router uses LSAs to construct an accurate and complete network diagram and generates
the routes used in its routing table. ZXR10 5900E supports the following eight types of
LSAs.
l Type 1: Router LSA
It is the basic LSA. Every OSPF router generates a Router LSA. Router LSA is used to
describe the information of the interface running OSPF on router, such as connection
status, cost and so on. An ABR generates a Router LSA for every area. A Router
LSA is transmitted in the whole area at where it locates.
l Type 2: Network LSA
The Network LSA is generated by DR. For a broadcast or NBMA network, to reduce
the times of packet exchanging between routers in a network segment, the concept
of DR is advanced. When a DR exists in a network segment, not only the method
of packets sending is changed, but also the description of link state is changed. The
Router LSA generated by a DROther or BDR only describes the connection from itself
to a DR. While, DR uses the Network LSA to describe all routers which already set
up adjacent relationships with itself in the network segment (it lists the Router IDs of
adjacent routers). A Network LSA is transmitted in the whole area at where it locates.
l Type 3: Network summary LSA
Network summary LSAs are generated by ABRs. When a ABR finishes routing
calculation in the area at where it locates, it enquires the routing table and
encapsulates each OSPF route into a Network Summary LSA. The Network
3-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Summary LSAs are sent out area, which describe some information of a route, such
as the destination address, mask and cost. A Network summary LSA is transmitted
to all areas except the area which generates the LSA.
l Type 4: ASBR summary LSA
The ASBR summary LSA is also generated by an ABR. It describes the route that
goes to the ASBR in the area. The content of ASBR Summary LSA is almost the
same to that of Network summary LSA. The only difference is that the destination
address described by ASBR summary LSA is ASBR (host route, the mask is 0.0.0.0).
A ASBR summary LSA is transmitted to all areas except the area which generates
the LSA.
l Type 5: External LSA of AS
The external LSA of AS is generated by an ASBR. It mainly describes the information
of an route which goes to the external AS. An external LSA of AS contains some
information, such as destination address, mask and cost and so on. External LSA of
AS is an unique type that is independent of area. An external LSA of AS is transmitted
in the whole AS (except STUB area).
l Type 7: External LSA of Not-So-Stubby Area (NSSA)
External LSA of NSSA only applies to NSSA.
l Type 9: Local non-transparent LSA
l Type 10: Area non-transparent LSA
OSPF operation depends on all the routers in one area which share a common link state
database. Therefore, all LSAs are flooded through the area and the processing must be
reliable. A router which receives LSAs from a special area will flood the LSAs to other
interfaces which belong to the i area.
LSAs do not have their own packets, and they are contained in Link state Update (LSU)
packets. A LSU can contain many LSAs.
When a router receives a LSU, it abstracts the LSA from the packet and inputs the LSA to
its database. Meanwhile, the router constructs its own LSU and sends the updated LSU
to its adjacent neighbor router(s).
OSPF uses Link State Acknowledgement (LSAck) to confirm whether each LSA is
successfully received by its neighbor. A LSAck has the header of an acknowledged LSA,
which provides sufficient information for uniquely identifying an LSA.
When a router sends a LSA to an interface, the LSA is recorded in the retransmission
queue of the interface.
The router will wait the maximum time interval to receive the LSAck of LSA. If the router
does not receive the LSAck in the specified time, it will retransmit the LSA.
The router can send the original LSU in unicast or multicast mode, but the retransmitted
LSU is must in unicast mode.
3-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Stub Area and Totally Stubby Area

When a non-backbone area does not have an ASBR, a router only has one path arriving
to an AS external network, that is, a path passing through an ABR. Therefore, the routers
belonging to these areas will send the LSAs sending to the unknown hosts outside the AS
to ABR.
In this way, it is not required that flood LSAs of type 5 to the area. The area does not have
the LSAs of type 4 either. The area is called stub area.
In a stub area, all routers must be configured as stub routers. A HELLO packet contains
a "stub area" flag bit. The flag bit must be consistent among neighbors.
The ABR in a stub area can filter LSAs of type 5 to prevent them from being advertised to
stub area. In meantime, the ABR generates an LSA of type 3 to advertise a default route
arriving to an AS external destination address.
If the ABR also filters the LSA of type 3 and advertises a default route arriving to an AS
external destination address, the area is called totally stubby area.
Not-So-Stubby Area
A router in a stub area refuses LSAs of type 5, so ASBR is not a part of the stub area.
However, it is hoped that a stub area with an ASBR can be generated. In this way, routers
in the area can receive AS external routes from the ASBR belonging to the same area, but
the external routing information from other areas will be blocked.
To realize such an area, OSPF defines NSSA. In a NSSA, an ASBR generates LSAs of
type 7 instead the LSAs of type 5. The ABR can not send the LSAs of type 7 to other
OSPF areas. On the one hand, it blocks external routes to arrive the NSSA area at the
area border. On the other hand, it converts the LSAs of tyoe 7 into the LSAs of type 5 and
sends them to other areas.
OSPF Authentication
Authentication is used to exchange packets between two OSPF neighbors. The
authentication type should be consistent on the OSPF neighbors. Authentication type is
contained by all packets.
Authentication type "0" indicates no authentication, "1" indicates simple password
authentication and "2" indicates MD5 encryption authentication.
For plain text authentication, an interface only allows a password. The password of each
interface can be different, but the interfaces in a special network must have the same
passwords. The simple password is sent through OSPF packets in plain text mode.
DownBit
When Multiprotocol BGP (MP-BGP) routes are redistributed to OSPF vrf instance to
generate LSAs, the option fields of type-3 and type-5 LSAs must be marked as down bit.
The LSAs are displayed as Downward. This is a method to prevent routing loopback.
3-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
When a PE router detects that a LSA is already marked as down bit, the PE will not
participate in the OSPF route calculation. When OSPF routes are redistributed to BGP,
the LSAs with down bit are not redistributed to be BGP route.
max-metric
Considering the requirements for traffic management and so on, some routers need to act
as the terminal rather than transit points of the route. In order to add the nodes without the
capability of traversing to the network, the max-metric function is used.
For example, a router just restarts, and BGP route does not converge, use the max-metric
router-lsa on-startup wait-for-bgp command to avoid route black hole.
3.2 Configuring the OSPF Protocol

Enabling the OSPF Protocol
To enable the Open Shortest Path First (OSPF) protocol on routers and make them learn
routes between each other by using the OSPF protocol, perform the following steps:
1 ZXR10(config)#router ospf <process-id>[vrf <vrf-name>] Starts the OSPF process and

enters OSPF configuration
mode.
After the OSPF protocol is
enabled, one of the current
interfaces (with IP addresses)
is selected as the address of
the OSPF router.
If no interface is configured with
an IP address on a router, the
interface (with IP addresses)
cannot be selected as the
address of the OSPF router.
To obtain an address as the
router ID, you can configure an
interface address or configure
a router ID manually. After you
configure a router ID, clear the
OSPF process.
2 ZXR10(config-ospf-1)#network <ip-address><wildcard- Sets an interface to run the

mask> area <area-id> OSPF protocol, and sets an
area ID for the interface.
If the area does not exist, the
system creates it automatically.
3-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3 ZXR10(config-ospf-1)#router-id <ip-address> Configures an router ID for a

router.
You are recommended to use
the Loopback address as the
router ID.
4 ZXR10(config-ospf-1)#end Returns to privileged mode.
ZXR10#clear ip ospf process <process-id> Restarts the OSPF process.
Enable the OSPF protocol on S1, S2 and S3, see Figure 3-2.
Router IDs are listed below:
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
S3 1.1.1.4
Figure 3-2 OSPF Basic Configuration Example
Run the following commands on S1:

S1(config-if-vlan10)#ip address 30.0.0.1 255.255.255.252
S1(config-if-vlan10)#exit
S1(config)#router ospf 10
S1(config-ospf-10)#network 30.0.0.0 0.0.0.3 area 0
S1(config-ospf-10)#exit
Run the following command to check the OSPF information:

S1(config)#show ip ospf
OSPF 10 Router ID 30.0.0.1 enable
Enabled for 00:00:21,Debug on
Number of areas 1, Stub 0, Transit 0
Number of interfaces 1
3-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
......
Area 0.0.0.0 enable
Enabled for 00:00:05
Area has no authentication
Times spf has been run 1
Number of interfaces 1. Up 1
The OSPF protocol is enabled and configured on S1. The router ID is the IP address of
interface vlan1.
Run the following commands on S2. To set up an OSPF connection by using the loopback
address, the loopback address needs to be configured first, and then you need to enable
the OSPF process.
S2(config)#interface loopback1
S2(config-if-loopback1)#ip adderss 1.1.1.3 255.255.255.255
S2(config-if-loopback1)#exit
Run the following command to check the OSPF information. OSPF selects the IP address
of loopback 1 as the router ID automatically.
Number of areas 0, Normal 0, Stub 0, NSSA 0

Run the following command to check the routing table on S3:

3-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Protocol routes:
*> 1.1.1.4/0 192.168.14.2 115 20 isis-l2
*> 30.0.1.0/32 10.10.10.1 0 0 connected
*> 30.0.1.1/16 10.10.10.2 1 0 static
If you can ping S1 on S3, the route is configured correctly.
Configuring OSPF Interface Attributes

To set up OSPF neighborhood, perform the following steps to modify the attributes of an
OSPF interface. The attributes need to be consistent with each other if devices provided
by different manufactories need to be interconnected.
1 ZXR10(config)#router ospf <process-id>[vrf <vrf-name>] Enters OSPF configuration

mode.
2 ZXR10(config-ospf-1)#interface <interface-name> Enters interface configuration

mode or sub-interface
configuration mode.
3 ZXR10(config-ospfv2-if)#hello-interval <seconds> Sets the interval (second) for

sending HELLO packets on an
interface.
Range: 1-65535, default: 10.
ZXR10(config-ospfv2-if)#dead-interval <seconds> Sets the duration (second) for

considering a neighbor to be
dead.
ZXR10(config-ospfv2-if)#retransmit-interval <seconds> Specifies the interval (second)

for retransmitting LSA packets
on an interface.
ZXR10(config-ospfv2-if)#transmit-delay <seconds> Specifies the delay (second)

for sending a link state update
packet on an interface.
ZXR10(config-ospfv2-if)#cost <cost> Sets the interface cost.

Range: 1-65535, default: 100
M/interface bandwidth.
ZXR10(config-ospfv2-if)#priority <priority> Sets the interface priority.

3-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Modify the OSPF parameters on interfaces that run the OSPF protocol, see Figure 3-3.
Router IDs are listed below:
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
Figure 3-3 OSPF Interface Attribute Configuration
Enable the OSPF protocol on S1 and S2, and advertise the network segment.
S1(config-ospf-10)#router-id 1.1.1.2

Modify the OSPF attributes.

3-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1(config-ospfv2-1)#interface vlan10
S1(config-ospfv2-1-if-vlan10)#hello-interval 20
/*Sets the interval for sending HELLO packets on the
specified interface to 20 seconds.*/
S1(config-ospfv2-1-if-vlan10)#dead-interval 80
/*Sets the duration for considering a neighbor to be dead
to 80 seconds.*/
S1(config-ospfv2-1-if-vlan10)#retransmit-interval 10
/*Sets the interval for retransmitting LSA to 10 seconds.*/
S1(config-ospfv2-1-if-vlan10)#retransmit-delay 2
/*Sets the delay for transmitting a link state update
packet to 2 seconds.*/
S1(config-ospfv2-1-if-vlan10)#cost 10
/*Sets the cost to 100.*/
S1(config-ospfv2-1-if-vlan10)#priority 10
/*Sets the interface priority to 10.*/
Configuring OSPF Authentication

To enhance routing safety on a network, perform the following steps to configure the
authentication function. The passwords used by OSPF neighbors must be the same.
1 ZXR10(config)#router ospf <process-id>[vrf <vrf-name>] Enters OSPF routing mode.
ZXR10(config-ospf-1)#area <area-id> authentication Enables the authentication

[message-digest] function for interfaces that run
the OSPF protocol.
2 ZXR10(config)#router ospf <process-id> Enters OSPF routing mode.
3 ZXR10(config-ospf-1)#interface <interface-name> Enters interface configuration

mode.
ZXR10(config-ospfv2-if)#authentication Sets the authentication function

[null|message-digest] on interfaces.
4 ZXR10(config-ospfv2-if)#authentication-key {<word>| Sets a password for the

encrypted <encrypted_password>} interface that is configured with
the authentication function.
ZXR10(config-ospfv2-if)#message-digest-key <keyid> Sets a key ID or an

md5 {<word>| encrypted <encrypted_password>[delay authentication password
<time>]} for the interface that uses MD5
authentication mode.
3-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<keyid> Key ID. Integer type, range: 1-255.
md5 <password> Authentication password. Length: 1-16 characters (without

space).
delay <time> Time delay (minute). Range: 0-100000.
encypt Used to encrypt the password.
Configure the authentication function on OSPF interfaces of S1 and S2, see Figure 3-4.
Router IDs are listed below.
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
S3 1.1.1.4
Figure 3-4 OSPF Authentication Configuration Example
In area 0, establish OSPF neighborhood between S1 and S2. In area 1, establish OSPF
neighborhood between S2 and S3.
3-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c


S3(config-ospf-10)#ospf-id 1.1.1.4
Enable the plain text authentication function on interfaces that belong to area 0, and set
the authentication password to zte.
S1(config-ospf-10)#area 0 authentication
S1(config-ospf-10)#interface vlan1
S1(config-ospf-10-if-vlan1)#authentication
S1(config-ospf-10-if-vlan1)#authentication-key zte
S1(config-ospf-10-if-vlan1)#exit

S2(config-ospf-1)#area 0 authentication
3-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2(config-ospf-1-if-vlan20)#authentication
S2(config-ospf-1-if-vlan20)#authentication-key zte
To check whether the authentication function is effective in area 0, run the show ip ospf
command.
Number of areas 1, Stub 0, Transit 0
......
Area 0.0.0.0 enable
Area has simple password authentication
Number of ASBR local to this area 0
Number of ABR local to this area 1
......
Enable the MD5 authentication function on interfaces that belong to area 1. The key ID is
1, and the authentication password is zte.
S2(config-ospf-10)#area 1 authentication message-digest
S2(config-ospf-10-if-vlan20)#authentication message-digest
S2(config-ospf-10-if-vlan20)#message-digest-key 1 md5 zte

S3(config-ospf-1)#area 1 authentication message-digest
S3(config-ospf-1-if-vlan10)#authentication message-digest
S3(config-ospf-1-if-vlan10)#message-digest-key 1 md5 zte
Run the following command on S3 to check the information of the OSPF interface. The
result shows that the authentication mode is MD5.
S3(config)#show ip ospf interface vlan10
OSPF Router with ID (1.1.1.4) (Process ID 10)
vlan1 is up
Internet Address 30.0.1.1 255.255.255.252 enable
3-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Up for 00:09:38
In the area 0.0.0.1 BDR
Cost 1, Priority 1, Network Type broadcast
Transmit Delay(sec) 1, Authentication Type message-digest
......
Configuring an OSPF Stub Area

To configure an OSPF stub area, the following conditions are required: The OSPF protocol
is run on routers, and the area to be configured is a non-backbone area.
To configure an OSPF stub area on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#router ospf <process-id>[vrf <vrf-name>] Enters route configuration

mode.
2 ZXR10(config-ospf-1)#area <area-id> stub [default-cost Sets an area to a stub area.

<cost>]
3 ZXR10(config-ospf-1)#area <area-id> stub no-summary Configures ABR not to introduce

[default-cost <cost>] any type-3 route to a stub area.
In a stub area, only one default
type-3 route is supported.
no-summary Summary route information is forbidden to be sent to a stub

area.
default-cost <cost> Cost of the default route advertised to a stub area. Range:
0-65535.
Set area 1 to a stub area, see Figure 3-5.
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
S3 1.1.1.4
3-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-5 OSPF Stub Area Configuration Example

S1(config-ospf-10)#redistribute connected
S2(config-ospf-10)#area 1 stub
3-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S3(config-ospf-10)#area 1 stub
To configure area 1 as a totally stubby area, run the following commands to modify the
configurations on S2:
S2(config-ospf-10)#area 1 stub no-summary
Run the following commands to modify the configurations on S3:

S3(config-ospf-10)#area 1 stub no-summary
Configuring an NSSA Area

To configure an NSSA area, the following conditions are required: The OSPF protocol is
run on routers, and the area to be configured is a stub area or a non-backbone area.
Create a stub area with an ASBR. Routers in this area receive routing messages from an
external AS through the ASBR. External routing messages from other areas are blocked.
Because some routers do not support the NSSA configuration and cannot recognize Type
7 LSAs, the protocol defines that the ABR on the NSSA converts Type 7 LSAs generated
within the NSSA to Type 5 LSAs, and then advertises the LSAs. At this time, the advertiser
of the LSAs is changed to the ABR. This is called routing translation. Using this method,
routers outside the NSSA area are not required to support the NSSA configuration.
To configure an NSSA area on the ZXR10 5900E, perform the following steps:
3-19

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config-ospf-1)#area <area-id> nssa Configures an area to an NSSA

[no-redistribution][default-information-originate [metric area and specifies whether to
<metric-value>][metric-type <type>]][no-summary][ forbid ABR to send summary
trans-type7-suppress-fa ][ translator-role { always | candidate route information to the NSSA
}][ translator-stab-intv<stab-intv>] area, whether to introduce
external LSAs of type 7 to the
NSSA area, and whether to
generate type 7 default LSAs.
The summary route is not
forbidden by default.
Parameters Description
no-redistribution NSSA link state advertisements are not redistributed to the

NSSA area.
default-information-originate A default route LSA of type 7 is generated.
metric <metric-value> Cost for advertising a default LSA of type 7. Value: A 24-bit
integer, ranging from 1 to 16777214.
metric-type <type> Type of a default route LSA of type 7: ext-1 and ext-2.
no-summary Summary LSAs are forbidden to be sent to the NSSA area.
trans-type7-suppress-fa Suppress address forwarding when LSAs of type 7 are

converted to LSAs of type 5.
translator-role Translator role when LSAs of type 7 are converted to LSAs

of type 5.
{ always | candidate } Two roles are supported: always and candidate.
translator-stab-intv<stab-intv The duration for keeping a translator role after translator

qualification is lost.
Set area 1 to an NSSA area, see Figure 3-6.

Device Router ID
S1 1.1.1.2
S2 1.1.1.3
S3 1.1.1.4
3-20

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-6 NSSA Area Configuration Example


S2(config-ospf-10)#area 1 nssa default-information-originate
3-21

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S3(config-ospf-10)#area 1 nssa
To prevent routing messages of type 3 from being advertised to the NSSA area, run the
following commands to modify the configurations on S2:
S2(config-ospf-10)#area 1 nssa default-information-originate no-summary
Configuring OSPF Inter-Area Route Aggregation

Route aggregation saves the resource of backbone areas. You can advertise the
aggregated address instead of a group of network addresses by using route aggregation.
Before configuring inter-area route aggregation, the required areas must have been
created. This command can only be used on the ABR.
To configure route aggregation between OSPF areas, perform the following steps:
2 ZXR10(config-ospf-1)#area <area-id> range Sets the range of summary

<ip-address><net-mask>{ summary-link | nssa-external-link addresses in the area.
}[advertise | not-advertise][ cost <cost-value>]
summary-link | nssa-external-link summary-link: type-3 summary.

nssa-external-link: type-7 summary.
advertise Summary LSA of type 3 is advertised.
not-advertise Summary LSA of type 3 is disabled to be advertised. The

information of the network segment is not received by other
areas.
cost <cost-value> Metric for the range. Set the metric for the aggregation LSA.
Range: 1-16777214.
3-22

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configure the OSPF protocol on S1, S2 and S3. S2 operates as the ABR. Configure route
aggregation on S2, see Figure 3-7.
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
S3 1.1.1.4
Figure 3-7 OSPF Inter-Area Route Aggregation Configuration Example

3-23

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

After the configuration, run the following command to check the routing table. Routes not
aggregated are displayed.
S3#show ip forwarding route
IPv4 Routing Table:
Dest Gw Interface Owner pri metric
1.1.1.2 30.0.1.1 vlan10 ospf 110 20
1.1.1.4 1.1.1.4 loopback1 address 0 0
2.2.2.0 30.0.1.1 vlan10 ospf 110 20
2.2.2.4 30.0.1.1 vlan10 ospf 110 20
30.0.0.0 30.0.1.1 vlan10 ospf 110 2
30.0.1.0 30.0.1.2 vlan10 direct 0 0
30.0.1.2 30.0.1.2 vlan10 address 0 0
Run the following commands to configure inter-area route aggregation on S2:
S2(config-ospf-1)#area 1 range 2.2.2.0 255.255.255.248 summary-link
An aggregated route 2.2.2.0/29 is generated in the S3 routing table.
3-24

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

IPv4 Routing Table:
2.2.2.0 30.0.1.1 vlan10 ospf 110 3
30.0.0.0 30.0.1.1 vlan10 ospf 110 2
30.0.1.0 30.0.1.2 vlan10 direct 0 0
30.0.1.2 30.0.1.2 vlan10 address 0 0
The default setting of "area 1 range 2.2.2.2 255.255.255.248 "is advertise. If not-advertise
is chosen, aggregated route of 2.2.2.0 network segment is not displayed on S3, and this
network segment cannot be pinged.
S2(config-ospf-1)#area 1 range 2.2.2.0 255.255.255.248
summary-link not-advertise
S3(config)#show ip forwarding route
IPv4 Routing Table:
30.0.0.0 30.0.1.1 vlan10 ospf 110 2
30.0.1.0 30.0.1.2 vlan10 direct 0 0
30.0.1.2 30.0.1.2 vlan10 address 0 0
S3 does not learn the routing information from 2.2.2.0. The aggregated information of
2.2.2.0 still exists in S2 database, but the information is not advertised to other areas.
Configuring Route Aggregation upon Route Redistribution

The following configuration can only be used on ASBRs.
After routes using other routing protocols are redistributed to OSPF, each independent
route is advertised as an external LSA. By means of aggregating, these external routes
are advertised as a single route, which reduces the size of OSPF link state database.
To configure route aggregation upon route redistribution, perform the following steps:
Step Commands Function
2 ZXR10(config-ospf-1)#summary-address Creates an aggregate address

<ip-address><net-mask> cost<cost> for OSPF and summarizes
other routing protocol paths
being redistributed to the OSPF.
Cost range: 1-16777214.
Configure the OSPF on S1, S2 and S3. Advertise external routes of S1, and configure
ASBR route aggregation on S1, see Figure 3-8.
3-25

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
S3 1.1.1.4
Figure 3-8 Route Aggregation with Route Redistribution Configuration Example

S1(config-ospf-1)#summary-address 2.2.2.0 255.255.255.248

3-26

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

Run the following command to check the S2 routing table. An aggregated network segment
2.2.2.0/29 exists in the routing table.
IPv4 Routing Table:
1.1.1.2 30.0.0.2 vlan10 ospf 110 20
2.2.2.0 30.0.0.2 vlan10 ospf 110 20
30.0.0.0 30.0.0.1 vlan10 direct 0 0
30.0.0.1 30.0.0.1 vlan10 address 0 0
30.0.1.0 30.0.1.1 vlan20 direct 0 0
30.0.1.1 30.0.1.1 vlan20 address 0 0
Configuring OSPF Route Load Balancing

To configure load balancing on traffic when many paths exist in an OSPF routing table with
the same lowest metric values, perform the following steps.
3-27

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config-ospf-1)#maximum-paths <number> Sets the path. The switch

supports up to 32 paths that
have the same cost.
Enable OSPF on S1 and S2, enable route load balancing between S1 and S2, and
configure the maximum number of routes that can be supported by OSPF when the load
is shared in balanced mode to two.
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
Figure 3-9 OSPF Route Load Balancing Configuration Example

S1(config-ospf-1)#maximum-paths 2
/*Sets the maximum number of routes that can be supported by
OSPF when the load is shared in balanced mode to two*/
3-28

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

/*Sets the maximum number of routes that can be supported by
OSPF when the load is shared in balanced mode to two*/
Run the following command to check the routing table of S1. Two OSPF routes 2.2.2.4/30
with the same destinations are displayed.
IPv4 Routing Table:
2.2.2.0 2.2.2.2 vlan30 direct 0 0
2.2.2.2 2.2.2.2 vlan30 address 0 0
2.2.2.4 30.0.1.2 vlan20 ospf 110 2
2.2.2.4 30.0.0.2 vlan10 ospf 110 2
30.0.0.0 30.0.0.1 vlan10 direct 0 0
30.0.0.1 30.0.0.1 vlan10 address 0 0
30.0.1.0 30.0.1.1 vlan20 direct 0 0
30.0.1.1 30.0.1.1 vlan20 address 0 0
The similar route entries can be viewed on S2.
Configuring OSPF Route Redistribution

By means of advertising routing information of other route protocols to OSPF routers,
different dynamic route protocols can share the routing information.
3-29

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
To configure route redistribution, perform the following steps:
2 ZXR10(config-ospf-1)#redistribute<protocol>[as Controls the redistribution of

<as-number>][peer <peer-address>][tag <tag-value>][metric routes (these routes meet
<metric-value>][metric-type <type>][route-map <map-tag>] the relative conditions) of
other protocols into an OSPF
autonomous system. After
the command is executed, the
router becomes an ASBR.
protocol Perform filtering operations in accordance with protocol

types, Options: connected, static and RIP, bgp-ext and
bgp-int, IS-IS-1, IS-IS-1-2 and IS-IS-2.
as <as-number> If protocol is set to bgp-ext, two additional conditions are

available, <as-number> and <peer-address>. <as-number> is
the AS number of the peer router. Its range is from 1 to
65535.
peer <peer-address> IP address of the peer router.
tag <tag-value> Tag of the redistributed LSA. Range: 0-4294967295.
metric <metric-value> Metric value of the redistributed LSA. By default, use the
default metric. Range: 1-16777214.
metric-type <type> Metric-type of the redistributed LSA. Value: ext-1 and ext-2.
By default, it is ext-2.
route-map <map-tag> Redistributed route mapping name. Length: 1-16 characters.
Redistribute RIP routes in area 0, see Figure 3-10.
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
3-30

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-10 OSPF Redistribution Route Configuration Example
1. Establish OSPF neighborhood between S1 and S2.


2. Run the RIP protocol on S1 and S3.
S1(config-rip)#exit

3-31

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S3(config-if-loopback1)#ip address 2.2.2.1 255.255.255.0
S3(config-rip)#exit
The information related to S3 cannot be displayed in the OSPF area.

3. Run the following commands to redistribute RIP routes on S1:
S1(config-ospf-1)#redistribute rip
The information of 2.2.2.0 network segment is displayed on S2.

IPv4 Routing Table:
2.2.2.0 30.0.0.1 vlan10 ospf 110 20
30.0.0.0 30.0.0.2 vlan10 direct 0 0
30.0.0.2 30.0.0.2 vlan10 address 0 0
Run the following commands to redistribute directly-connected routes on S1:

The information of network segment 30.0.1.0 is displayed on S2.

IPv4 Routing Table:
1.1.1.2 30.0.0.1 vlan10 ospf 110 20
2.0.0.0 30.0.0.1 vlan10 ospf 110 20
30.0.0.0 30.0.0.2 vlan10 direct 0 0
30.0.0.2 30.0.0.2 vlan10 address 0 0
30.0.1.0 30.0.0.1 vlan10 ospf 110 20
3-32

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuring an OSPF Default Route

If a router obtains a default route through other protocols or is configured with a static route,
it needs to advertise the route. If a default route does not exist, advertise reachable routes
in normal mode. After you run this command on a router, the router become an ASBR.

mode.
2 ZXR10(config-ospf-1)#notify default route When router obtains default

[always][metric <metric-value>][metric-type route 0/0 through other
<type>][route-map <map-tag>] protocols or is configured with
the route, it needs to advertise
this route.
always If always is specified, it means that the default route is

advertised no matter whether it exists. If not, whether to
advertise the default route is determined by whether the
default route exists in the routing table. If the default route
exists, it will be advertised.
metric <metric-value> Metric of the default route. Range: 1-16777214, default: 1.
metric-type <type> Type of the default route. Value: ext-1 and ext-2, default:
ext-2.
route-map <map-tag> Name of the route map for generating the default route.
Length: 1-16 characters.
Configuring an OSPF Virtual Link

On OSPF networks, all areas must be connected to the backbone area. An virtual link can
be used to connect a remote area to the backbone area through other areas.
To configure an OSPF virtual link, perform the following steps:
3-33

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config-ospf-1)#area <area-id> virtual-link Defines an OSPF virtual link.

<router-id>[hello-interval <seconds>][retransmit-interval If the designated area does
<seconds>][transmit-delay <seconds>][dead-interval <sec not exist, an area is created
onds>][authentication-key <key>][message-digest-key automatically.
<keyid> md5 <cryptkey>[delay <time>]][authentication Use the no format of command
[null|message-digest]] to delete a designated virtual
link.
Virtual links cannot be created
in area 0, stub areas, and NSSA
areas.
<area-id> ID of the area through which the virtual link transits. The area
cannot be a stub area, an NSSA area, or area 0.
<router-id> ID of the peer router connected with the virtual link.
hello-interval <seconds> Interval (second) for sending HELLO packets on the virtual
link. Range: 1-8192, default: 10.
retransmit-interval <seconds> Retransmission interval (second) on the virtual link. Range:

1-8192, default: 5.
transmit-delay <seconds> Time delay (section) for transmitting a link state update
packet on the virtual link. Range: 1-8192, default: 1.
dead-interval <seconds> Duration (second) for considering a neighbor router to be

dead. Range: 1-8192, default: 40.
Establish a virtual link between the interconnected interfaces of S2 and S3, see Figure
3-11.
Device Router ID
S1 1.1.1.2
S2 1.1.1.3
S3 1.1.1.4
3-34

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-11 OSPF Virtual Link Configuration Example


S2(config-ospfv2)#area 1 virtual-link 1.1.1.4

S3(config-ospf-1)#network 10.0.1.0 0.0.0.3 area 0.0.0.1
3-35

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S3(config-ospf-1)#network 2.2.2.4 0.0.0.3 area 0.0.0.2

S3(config-ospf-1)#area 1 virtual-link 1.1.1.3
Configuring Sham-link
Because the priority of an OSPF route is higher than that of a BGP route, an OSPF private
route is usually the first choice if both a public network route and an OSPF private network
route are available. However, comparing with the public network route, the private network
route is not suitable for carrying a large flow because its bandwidth is smaller. Therefore,
a mechanism is required to enable the public network to share the private network flow.
The public and private network can be selected flexibly to carry the flow.
As shown in Figure 3-12, S1 and S2 are in the same area. There are two types of LSAs
learnt by S1 when it accesses S2. One is LSAs of type 3 advertised by a PE router, another
is LSAs of type 1 flooded by area 0. In accordance with the OSPF route selection policy,
the route calculated by LSAs of type 1 is optimal, so the OSPF private network route is
selected. Sham-link is configured to enable the public network to share the flow.
Figure 3-12 Sham-link
Enable sham-link between PE routers, establish neighborhood, and establish an

interactive database. A private network router belonging to the same area can learn two
inner-area routes: one route uses sham-link (MPLS VPN Backbone), another uses the
private network. To select a route, modify metric attribute.
To configure sham-link on PEs, perform the following steps:
1 ZXR10(config)#router ospf <area-id> Enters OSPF configuration

mode.
2 ZXR10(config-ospf-1)#area <area-id> sham-link<ip-addr Sets up MPLS VPN between

ess1><ip-address2> cost<cost> two PE routers to transmit
OSPF protocol packets.
3-36

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<area-id> Area ID.
<router-id1> ID of the local router in sham-link.
<router-id2> ID of the peer router in sham-link.
<cost> Cost value of the Shamlink. Range: 1-65535.
Configuring max-metric
To configure max-metric on the ZXR10 5900E, perform the following steps:
2 ZXR10(config-ospf-1)#max-metric router-lsa Configures a router not to learn

OSPF routes. Transit-link of
local router-lsa is set to 65535.
Only routes generated by
this router can be learnt by
other routers. The router is
accessible in topology, but other
routers cannot access through
it.
3 ZXR10(config-ospf-1)#max-metric router-lsa on-startup l If a BGP neighbor is up,

wait-for-bgp after one minute, it can be
accessed by other devices.
l If a BGP neighbor is down,
after 10 minutes, it can be
4 ZXR10(config-ospf-1)#max-metric router-lsa on-startup Configures the waiting time

timeout<seconds> (second) after restarting to
avoid a routing black hole.
The router needs to wait a
period and then it can be
Range: 5-86400.
Configuring the OSPF Graceful Restart

To configure the OSPF graceful restart, perform the flowing steps:

mode.
3-37

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config-ospf-process-id)#nsf Runs the nsf command on the

help party.
When the OSPF GR is enabled,
there are two roles: the restart
party and the help party. The
restart party restarts a router
and the help party helps to
complete the GR operation.
3 ZXR10(config-ospf-process-id)#grace-period <time> (Optional) Configures the

duration for the OSPF GR. By
default, it is set to 120 seconds.
If there are too many route
entries to be switched, you can
prolong this duration.
4 ZXR10(config-ospf-process-id)#interface Enters OSPF interface

<interface-name> configuration mode.
5 ZXR10(config-ospf-process-id-if-interface- (Optional) This command is

name)#dead-interval <time> used when the rack switching
operation takes too long.
3.3 Maintaining the OSPF Protocol

To maintain the OSPF protocol on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show ip ospf [<process-id>] Displays the summary information

about the OSPF protocol and each
OSPF area.
ZXR10#show ip ospf interface [<interface-name>][process Displays the information about an

<process-id>] OSPF interface.
ZXR10#show ip ospf database [database-summary | adv-router Displays the information about an

<router-id>|self-originate][area <area-id>][process <process-id>] OSPF link state database.
ZXR10#show ip ospf database router [<link-state-id>][adv-router Displays the information about

<router-id>|self-originate][area <area-id>][process <process-id>] router LSAs in an OSPF link state
database.
ZXR10#show ip ospf database network [<link-state-id>][adv-router Displays the information about

<router-id>|self-originate][area <area-id>][process <process-id>] network LSAs in an OSPF link
state database.
3-38

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#show ip ospf database summary [<link-state-id>][adv Displays the information about

-router <router-id>|self-originate][area <area-id>][process summary LSAs in an OSPF link
<process-id>] state database.
The following is sample output from the show ip ospf command:

ZXR10(config)#show ip ospf 1
Domain ID type 0x5,value 0.0.0.1
Number of areas 2, Normal 2, Stub 0, NSSA 0
Number of interfaces 2
Number of neighbors 2
Number of adjacent neighbors 2
Number of virtual links 0
Total number of entries in LSDB 13
Number of ASEs in LSDB 1, Checksum Sum 0x0000dc0d
Number of grace LSAs 0
Number of new LSAs received 23
Number of self originated LSAs 22
Hold time between consecutive SPF 1 secs
Non-stop Forwarding disabled, last NSF restart 00:21:13 ago (took 0 secs)
Area 0.0.0.0 enable (Demand circuit available)

Total number of intra/inter entries in LSDB 7. Checksum Sum 0x00046565
Area-filter out not set
Area-filter in not set
Area ranges count 0
Area 0.0.0.1 enable (Demand circuit available)

Total number of intra/inter entries in LSDB 5. Checksum Sum 0x00025888
Area-filter out not set
3-39

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Area-filter in not set

Area ranges count 0
OSPF 1 Router ID 100.100.100.14 This OSPF instance is available.

enable
Domain ID type 0x5,value 0.0.0.1 The domain ID type is 0x5, and the value is 0.0.0.1.
Number of areas 2, Normal 2, Stub There are two areas: two normal areas, 0 stub area, and 0
0, NSSA 0 NSSA area.
Area 0.0.0.0 enable (Demand circuit Detailed content of each area.

available) and the following contents
The following is sample output from the show ip ospf interface command:
ZXR10(config)#show ip ospf interface
vlan1 is up
Up for 00:17:51
In the area 0.0.0.0 DR
Transmit Delay(sec) 1, Authentication Type null
Timer intervals(sec) : Hello 10, Dead 40, Retransmit 5
Designated Router (ID) 100.100.100.14, Interface address 100.100.100.14
Backup Designated router (ID) 100.1.1.2, Interface address 100.100.100.12
Number of Neighbors 1, Number of Adjacent neighbors 1
100.1.1.2 BDR
vlan2 is up
Up for 00:16:25
In the area 0.0.0.1 DR
Transmit Delay(sec) 1, Authentication Type null
Timer intervals(sec) : Hello 10, Dead 40, Retransmit 5
Designated Router (ID) 100.100.100.14, Interface address 1.1.1.1
Backup Designated router (ID) 100.1.1.2, Interface address 1.1.1.10
Number of Neighbors 1, Number of Adjacent neighbors 1
100.1.1.2 BDR
3-40

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Internet Address 100.100.100.14 Interface address.

255.255.255.0 enable
In the area 0.0.0.0 DR The router operates as a DR in area 0.0.0.0.
Timer intervals(sec) : Hello 10, Dead The interval for sending Hello packets is 10 seconds, the
40, Retransmit 5 duration for considering a neighbor to be dead is 40 seconds,
and the interval for retransmitting LSAs is 5 seconds.
The following is sample output from the show ip ospf database command:
ZXR10#show ip ospf database
Router Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# Checksum Link count
110.1.1.1 110.1.1.1 3 0x80000002 0x3dbe 1
Summary Net Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# Checksum
112.1.1.0 110.1.1.1 6 0x80000001 0xd99f
168.1.0.0 110.1.1.1 6 0x80000001 0xff43
Summary ASB Link States (Area 0.0.0.0)
168.1.1.3 110.1.1.1 6 0x80000001 0xc875
Link ID ADV Router Age Seq# Checksum Link count
110.1.1.1 110.1.1.1 3 0x80000025 0xf8f8 1
168.1.1.3 168.1.1.3 61 0x80000005 0x70e 2
Net Link States (Area 0.0.0.1)
168.1.1.1 110.1.1.1 1183 0x80000002 0x9787
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
113.1.0.0 168.1.1.3 48 0x80000001 0xa0dd 0
111.1.0.0 110.1.1.1 272 0x80000001 0x4ae3 3489660928
Link ID LSA ID
ADV Router Advertising router
Age Aging time
Seq# Sequence number of LSA
Checksum -
Link count Number of connections
3-41

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The following is sample output from the show ip ospf database router command:
ZXR10#show ip ospf database router
Routing Bit Set on this LSA
LS age: 1700
Options: (No TOS-capability, No DC)
LS Type: Router Links
Link State ID: 110.1.1.1
Advertising Router: 110.1.1.1
LS Seq Number: 0x8000001f
Checksum: 0xf9e7
Length: 36
Number of Links: 1
Link connected to: a Stub Network
(Link ID) Network/subnet number: 110.1.0.0
(Link Data) Network Mask: 255.255.0.0
Number of TOS metrics: 0
TOS 0 Metrics: 1
LS age LSA aging time
LS Type LSA type
Link State ID -
Advertising Router -
LS Seq Number LSA sequence number
Checksum -
Length -
The following is sample output from the show ip ospf database network command:
ZXR10#show ip ospf database network
Net Link States (Area 0.0.0.1)
Routing Bit Set on this LSA
LS age: 789
LS Type: Network Links
Link State ID: 168.1.1.1 (Address of Designated Router)
LS Seq Number: 0x80000002
Checksum: 0x9787
3-42

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Length: 32
Network Mask: /16
Attached Router: 110.1.1.1
Attached Router: 168.1.1.3
LS Type LSA type
Link State ID -
Checksum -
Length -
The following is sample output from the show ip ospf database summary command:
ZXR10#show ip ospf database summary
Summary Net Link States (Area 0.0.0.0)
LS age: 129
LS Type: Summary Links(Network)
Link State ID: 112.1.1.0 (Summary Network Number)
Checksum: 0xd99f
Length: 28
Network Mask: /24
TOS: 0 Metric: 2
LS Type LSA type
Link State ID -
Checksum -
Length -
3-43

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The following is sample output from the show ip ospf database external command:
ZXR10#show ip ospf database external
Type-5 AS External Link States
LS age: 18
LS Type: AS External Link
Link State ID: 111.1.0.0 (External Network Number)
Checksum: 0x4ae3
Length: 36
Network Mask: /16
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 110.1.1.111
External Route Tag: 3489660928
LS Type LSA type
Link State ID LS ID
The following is sample output from the show ip ospf database asbr-summary command:
ZXR10#show ip ospf database asbr-summary
Summary ASB Link States (Area 0.0.0.0)
LS age: 68
LS Type: Summary Links(AS Boundary Router)
Link State ID: 168.1.1.3 (AS Boundary Router address)
Checksum: 0xc875
Length: 28
Network Mask: /0
TOS: 0 Metric: 1
3-44

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LS Type LSA type
Link State ID LS ID
Checksum -
3.4 OSPF Configuration Examples

3.4.1 OSPF Configuration Example One
As shown in Figure 3-13, S1 and S2 set up connection by two links, and advertise their
loopback address route respectively.
Figure 3-13 OSPF Configuration Example One
1. Configure IP addresses of the interconnected interfaces between S1 and S2, and
configure loopback interface IP address.
2. Add interfaces to OSPF area 0.
3. Configure load balancing on both S1 and S2. S1 and S2 can learn the loopback
address route advertised by the peer through two links.
3-45

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

Configuration Check
The following content will be shown after the configuration above is finished. It shows that
S1 and S2 set up neighborhood already. S1 and S2 ping the loopback interface of the
peer between each other, and the pings are successful. It shows that the configuration is
successful.
S1#show ip ospf neighbor
Neighbor ID Pri State DeadTime Address Interface

32.33.1.1 1 FULL/DR 00:00:40 11.22.1.2 vlan30
32.33.1.1 1 FULL/DR 00:00:37 11.22.10.2 vlan40
S1(config-ospf-1)#show ip forwarding route 1.1.1.22

IPv4 Routing Table:
1.1.1.22/32 11.22.1.2 vlan30 OSPF 110 2
3-46

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1.1.1.22/32 11.22.10.2 vlan40 OSPF 110 2
Use ping to test the connectivity.

S1#ping 1.1.1.22
sending 5,100-byte ICMP echoes to 1.1.1.22,timeout is 2 seconds.
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max= 1/1/2 ms.
3.4.2 OSPF Configuration Example Two

As shown in Figure 3-14, S1 does not need to learn the external route of backbone area,
while it needs to advertise itself external route. Here, establish NSSA area between S1
and S2, set up link between S2 and S3 in backbone area.
Figure 3-14 OSPF Configuration Example Two
1. Set up link between S1 and S2 in NSSA area 255, and set up link between S2 and S3
in area 0.
2. Redistribute direct-connected route on S3 and S1 respectively.
3. Configure NSSA default route advertisement on S2.
4. As a result, S1 can not learn the detailed route of S3 address, but there is a default
route pointing to S2. S3 can learn the direct-connected route redistributed by S1.
3-47

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1(config-ospf-1)#area 255 nssa
S2(config-ospf-1)#area 255 nssa default-information-originate
Configuration Check
Use show ip forwarding route 1.1.1.33 on S1 to view whether S1 learns the detailed route
of S3.
S1(config)#show ip forwarding route 1.1.1.33
IPv4 Routing Table:
Use show ip forwarding route 0.0.0.0 on S1 to view whether there is a default route pointing
to S2.
S1(config)#show ip forwarding route 0.0.0.0
IPv4 Routing Table:
0.0.0.0/0 11.22.1.2 vlan20 OSPF 110 2
Use show ip forwarding route 1.1.1.11 to inspect whether S3 learns the detailed route of
S1.
3-48

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S3(config-ospf-1)#show ip forwarding route 1.1.1.11

IPv4 Routing Table:
1.1.1.11/32 33.32.1.1 vlan40 OSPF 110 2
Use ping on S2 to detect the connectivity from S3 to S1.

S3#ping 1.1.1.11
!!!!!
3.4.3 OSPF Multi-Instance Configuration Example

Users can configure multiple protocol instances. These protocol instances can belong
to the same VPN/public network or different Virtual Private Networks (VPNs). Different
protocol instances are independent of each other. They maintain the neighbor relationship,
LSDB of their own and calculate routes. However, the multiple instances belonging to the
same VPN/pbulic network share the same VPN/public network routing table. This is mainly
to divide and isolate networks.
In the following example, CE1 isolates the information flooded by PE1 and PE2. The
network topology is shown in Figure 3-15.
Figure 3-15 OSPF Multi-Instance Configuration Example
1. PE1 and CE1 establish OSPF neighbor relationship.
2. PE2 and CE1 establish OSPF neighbor relationship.
3. PE2 should not learn the link-state information related to vpn1.
Configuration on PE1:
3-49

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
PE1(config)#interface loopback1
PE1(config-if-loopback1)#ip vrf forwarding vpn1
PE1(config-if-loopback1)#ip address 1.1.1.17 255.255.255.255
PE1(config-if-loopback1)#exit
PE1(config)#interface vlan1
PE1(config-if-vlan1)#ip vrf forwarding vpn1
PE1(config-if-vlan1)#ip address 100.101.102.17 255.255.255.0
PE1(config-if-vlan1)#exit
PE1(config)#router ospf 1 vrf vpn1
PE1(config-ospf-1)#network 1.1.1.17 0.0.0.0 area 0
PE1(config-ospf-1)#exit
Configuration on CE1:
CE1(config)#interface loopback1
CE1(config-if-loopback1)#ip address 1.1.1.18 255.255.255.255
CE1(config-if-loopback1)#exit
CE1(config)#interface loopback2
CE1(config-if-loopback2)#ip address 2.2.2.18 255.255.255.255
CE1(config-if-loopback2)#exit
CE1(config)#interface vlan2
CE1(config-if-vlan2)#ip address 100.101.102.18 255.255.255.0
CE1(config-if-vlan2)#exit
CE1(config)#interface vlan3
CE1(config-if-vlan3)#ip address 100.102.102.18 255.255.255.0
CE1(config-if-vlan3)#exit
CE1(config)#router ospf 1
CE1(config-ospf-1)#network 1.1.1.18 0.0.0.0 area 0
CE1(config-ospf-1)#exit
CE1(config)#router ospf 2
CE1(config-ospf-2)#exit
Configuration on PE2:
PE2(config)#interface loopback1
PE2(config-if-loopback1)#ip vrf forwarding vpn2
PE2(config-if-loopback1)#ip address 1.1.1.19 255.255.255.255
PE2(config-if-loopback1)#exit
PE2(config)#interface vlan4
PE2(config-if-vlan4)#ip vrf forwarding vpn2
PE2(config-if-vlan4)#ip address 100.102.102.17 255.255.255.0
PE2(config-if-vlan4)#exit
PE2(config)#router ospf 1 vrf vpn2
3-50

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

PE2(config-ospf-1)#exit
Configuration Check
CE1 can learn the looback1 route advertised by PE1 and the loopback1 route advertised
by PE2. PE2 and PE1 cannot learn routes from each other. This indicates that the
multi-instance configuration takes effect.
CE1#show ip forwarding route ospf
IPv4 Routing Table:
1.1.1.17/32 100.101.102.17 vlan2 ospf 110 2
1.1.1.18/32 100.102.102.17 vlan3 ospf 110 2
PE2#show ip forwarding route vrf vpn2

IPv4 Routing Table:
2.2.2.18/32 100.102.102.18 vlan3 ospf 110 2
PE1#show ip forwarding route vrf vpn1

IPv4 Routing Table:
1.1.1.18/32 100.101.102.18 vlan1 ospf 110 2
3-51

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3-52

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 4
IS-IS Configuration
Table of Contents
IS-IS Overview ...........................................................................................................4-1
Configuring the IS-IS Protocol ..................................................................................4-11
Maintaining the IS-IS Protocol ..................................................................................4-23
IS-IS Configuration Examples...................................................................................4-28
4.1 IS-IS Overview

Introduction to IS-IS
Intermediate System to-Intermediate System (IS-IS) is launched by International Standard
Organization (ISO), which is a routing protocol used for Connectionless Network Service
(CLNS). IS-IS is a network layer protocol of Open System Interconnection (OSI). By
expanding IS-IS protocol, the support to IP routing is added, and the integrated IS-IS
protocol is formed.
IS-IS is already widely used in network acting as a kind of Interior Gateway Protocol (IGP).
The working principle of IS-IS is similar to that of OSPF. IS-IS divides a network into some
areas. The routers of an area only manage the routing information of their area. In this
way, the router cost is saved. IS-IS can satisfy the requirements for middle and large-scale
network.
Since the IS-IS protocol is based on CLNS (not IP), IS-IS uses Protocol Data Unit (PDU)
defined by ISO to implement communication between routers. The types of PDUs used in
IS-IS protocol are as follows:
l Hello PDU
l Link state PDU (LSP)
l Sequence Number PDU (SNP)
Where, Hello PDU is similar to the HELLO packet in OSPF protocol, which is responsible
to form adjacency between routers, discovers new neighbors and detects the leaving of
any neighbors.
IS-IS routers uses LSA to exchange routing information, set up and maintain link state
database. A LSP indicates the important information related to a router, including the area
and the connected network. SNP is used to ensure that LSPs can be transmitted reliably.
SNP contains the summary information of every LSP on the network. When a router
receives a SNP, it compares the SNP with its link state database. If the router loses a
4-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LSP existing in the SNP, it will send a SNP in multicast mode to ask for the required LSP
from other routers on the network.
By using LSPs in conjunction with SNPs, IS-IS protocol can interact routes reliably on a
large network.
Likewise, IS-IS protocol also uses the Dijkstra SPF algorithm to calculate routes. Based
on the link state database, it uses the SPF algorithm to calculate the optimal route and
then adds the route to IP routing table.
IS-IS Operation Principle

Basic IS-IS Concepts
l Area partition
The IS-IS dynamic route protocol uses a layered topology architecture. The network
consists two layers to reduce the load of the router. This architecture can better meet
the requirements of large scale network applications. For the architecture, see Figure
4-1.
Figure 4-1 IS-IS Architecture
The IS-IS architecture consists of two layers: L1 and L2. The L2 layer consists of L2
routers. It operates as the backbone network. The L1 layer consists of L1 routers and
L1/L2 routers. It operates as a non-backbone network. L1 routers can only exchange
routing information with L1 routers and L1/L2 routers in this area.
4-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 4 IS-IS Configuration c u -tr a c k
The relation that can be established between routers is as follows:

à L1 neighbor relation can be established between two L1 routers only when the
area IDs of them match each other.
à L2 neighbor relation can be established between two L2 routers even if the area
IDs do not match each other.
à L1 neighbor relation can be established between one L1 router and one L1/L2
router only when the area IDs of them match each other.
à L2 neighbor relation can be established between one L2 router and one L1/L2
router even if the area IDs of the routers do not match each other.
à L1 neighbor relation and L2 neighbor relation can be established between two

L1/L2 routers at the same time if the area IDs of them match each other.
à L2 neighbor relation can be established between two L1/L2 routers if the ares IDs
of them do not match each other.
l IS-IS address architecture
ISO address is a network address. It is used to indicate the area ID and the system ID.
The NET address format can be expanded. The system ID usually consists 6 bytes.
It is used to identify the interface MAC address.
NSAP consists of the Initial Domain Part (IDP) and the Domain Specific Part (DSP),
see Figure 4-2. The IDP is similar to the network ID in an IP address, and the DSP is
similar to the subnet ID, host address, and the port in an IP address.
Figure 4-2 NSAP Address Architecture
The IDP is defined by the ISO. It consists of the Authority and Format Identifier (AFI)
and the Initial Domain Identifier (IDI). AFI refers to the address allocation organization
and the address format. The IDI is used to identify the domain.
The DSP consists of the High Order DSP, SystemID and the SEL.
à The HODSP is used to divide areas.

à The system ID is used to distinguish hosts.
à The SEL is used to indicate service type.
The length of the IDP and the DSP can be changed. The NSAP can be up to 20 bytes
in length and at least 8 bytes. The system ID identifies a unique host or a router in an
area. Its length is 48 bit (6 bytes) invariably. The SEL (NSAP Selector, sometimes it is
4-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
shorted to N-SEL) is similar to the protocol ID in an IP address. Different transmission

protocols have different SELs. In an IP address, the SEL is 00.
IS-IS neighbor establishment
The IS-IS distinguishes networks as point-to-point networks and broadcast networks. The
neighbor establish processes are different on these two types of networks.
l Establish neighbor on a point-to-point link
If the Intermediate System (IS) on the network is configured with the IS-IS routing
protocol and the interface is in UP state, the system sends IIH PDU packets. The other
neighboring intermediate systems perform the following operations after receiving the
packets:
When the IS receives a point-to-point IIH PDU packet, it compares the area addresses
of these two ISs to ensure that the neighbor can be established. If the two ISs have
the same area address, the neighbor can be established for all IS router combinations
(except the connection between one L1 IS and one L2 Only IS). However, if the area
addresses are different, the neighbor can only be established between two L2 ISs.
On a point-to-point network, if the area address is correct, the local intermediate
system matches the circuit type of the received IIH PDU packet with that in the local
intermediate system. If they match each other, neighbor relation can be established,
the neighbor information is added to the neighbor database, and the neighbor state is
set to UP. If the circuit types do not match each other, this packet is dropped.
The above neighbor establishment process is proposed in RFC1142, which is based
on the premise that the point-to-point network is absolutely reliable. However, the
network is not necessarily reliably. Therefore, the RFC3373 introduced the TLV.
Establish neighbor relation after three times of handshaking, see Figure 4-3.
Figure 4-3 Three Times of Handshaking
The IIH PDU sent by router RTA carries the type 240 TLV, in which, the neighbor's
three states are saved. When router RTB receives the packet, it confirms the next
neighbor state according to the state of its neighbor and the neighbor state in the TLV.
For the state changes, refer to Table 4-1.
Table 4-1 Neighbor State Changes
- Down Init Up
Down Init Up Down
4-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Init Init Up Up
Up Init Accept Accept
l Establish neighbor on a broadcast link

On a broadcast network, neighbor relation is also established through three times of
handshaking. The L1 intermediate system sends L1 LAN IIH PDUs to the broadcast
address AllL1ISs, and intercepts packets based on this address. The L2 intermediate
system sends L2 LAN IIH PDUs to the broadcast address AllL2ISs, and intercepts
packets based on this address.
To create a neighbor for L1, the intermediate system receives a L1 LAN IIH PDU
packet on the broadcast address AllL1ISs. It compares every area address in the
received IIH PDU with the locally configured area address. If the area addresses do
not match each other, the neighbor cannot be created.
When the intermediate system receives a LAN IIH PDU packet, it checks whether the
neighbor already exists in its neighbor database.
à The neighbor's MAC is similar to the MAC source address in the PDU.
à The neighbor system ID is consistent with that of the PDU.
à The neighbor types are also consistent with each other.
If the above conditions are complied with, the neighbor exists, and the intermediate
system updates the timer, priority, and neighbor area addresses according to the
values in the PDU. If the above conditions are not complied with, for example, the
MAC addresses are in consistent with each other, this packet is dropped.
If the neighbor type is not consistent with the system ID, this neighbor is considered
to be a new neighbor, and this neighbor is added to the neighbor database. The state
of this neighbor will be set to INIT. The intermediate system then checks the neighbor
TLV carried in the IIH PDU packet. If its MAC address is contained in the neighbor TLV,
the state of the neighbor is set to UP, and an IIH PDU packet is sent. The intermediate
system neighbor TLV of the PDU will carry the MAC address of the neighbor.
After the neighbor receives the IIH PDU packet, it performs the similar operations. If
this neighbor does not exists, the neighbor is added to its neighbor state database
and the state is set to INIT. The intermediate system queries its MAC address in the
IIH PDU packet and sets the state to UP. For the process, see Figure 4-4.
4-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 4-4 Neighbor Establishment on a Broadcast Network
l DIS election on a broadcast link

The IS-IS protocol selects a specified Designate IS (DIS) to reduce the neighbor
information carried in the LSP sent on the broadcast network and simplify the network
architecture. The IS-IS protocol considers the network as a DIS or a pseudo-node.
Each intermediate system, including the DIS advertises links to the pseudo-node. The
DIS also advertises a link to all intermediate systems that are connected with itself,
see Figure 4-5.
Figure 4-5 DIS on a Broadcast Network
A DIS is the system that has the highest priority on a broadcast network. If the priorities
of all intermediate systems are the same, the intermediate system with the greatest
MAC address is the DIS. Generally, each network has two DISs: the L1 DIS and the
L2 DIS.
The conditions for electing a DIS are as follows:
à When the IS-IS process is started on a router, the DIS election is performed after
three Hello packets are sent
4-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
à At least one neighbor in UP state is required.

à If the state of a neighbor changes, DIS election is required.
à If the LAN ID in the IIH PDU carried by the neighbor changes, DIS election is
required.
Both the local router and other routers can be elected as the DIS. If the local router is
elected as the DIS, the DIS performs the following steps:
1. If other ISs exist, set the lifetime of the pseudo-nodes to 0 and delete them on the
network.
2. Generate new pseudo-node LSP and perform flooding.
3. Generate new nonpseudo-node LSP and perform flooding.
If the local IS does not operate as the DIS, perform the following steps:
1. Set the lifetime of the pseudo-nodes generated by itself to 0 and perform flooding
on the network.
2. Generate new nonpseudo-node LSP and perform flooding.
Reliable flooding and link state database synchronization
The following describes the frequently used terms in the IS-IS:
l CSNP: Complete Sequence Numbers Protocol Data Unit.
It is used to check link state consistency on both point-to-point links and broadcast
links.
l PSNP: Partial Sequence Numbers Protocol Data Unit.
It is used to
à acknowledge the received LSP on point-to-point links.
à apply for latest version or the lost LSP.

l SRM: Send Routing Message.
It is used to control the LSP to transmit messages to a neighbor router.
l SSN: Send Sequence Numbers Message.
It is used to
à acknowledge the received LSP that is flooded on point-to-point links.
à apply for the complete LSP information for synchronizing the database on
broadcast links.
l TLV: Type/Length/Value. Type: Type of a specified field. Length: Length of a specified
field. Value: Information contents.
The TLV is carried in the PDU of the IS-IS, and is used to describe the extendable
fields.
The CSNP and PSNP have the same package format, and carry the LSP abstract
information respectively. The difference between them is that the CSNP advertised
4-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
by a router carries all LSP abstract information that is available in the router link state
database. But the PSNP only carries a subset of the information.
The SRM and the SSN are mainly used for router selection information diffusion and
database synchronization.
l Point-to-point links
The IS-IS protocol uses a reliable flooding mechanism on point-to-point links. On a
point-to-point link, there is only one neighbor router on the opposite end of the link,
and the router uses limited bandwidth to trace acknowledge messages sent by the
neighbor router.
The CSNP simplifies the database synchronization process. When the neighbor
relation between two connected routers is established for the first time, all CSNPs on
the point-to-point link are exchanged. Through comparing the CSNP with the local
database and the database of each neighbor router, the missing or expired LSP can
be confirmed.
Use the PSNP to apply for the missing or the LSP of the current version. If the router
finds that some neighbor routers lack the LSP, the router can flood the LSP. During the
flooding, use the SSN to identify that it is the PSNP that needs to be sent, and use the
SRM to identify that it is the LSP that needs to be sent. When the PSNP acknowledge
packet is received from the peer end, the SRM tag can be cleared. If the acknowledge
packet is not received, the corresponding packet is resent after timeout.
For the example of the diffusion process on point-to-point networks, see Figure 4-6.
The neighbor relation between RTB and RTC is normal, and RTA and RTB establish
the adjacent relation for the first time.
Figure 4-6 Point-to-point Diffusion and Database Synchronization
1. The process for establishing the adjacent relation and database synchronization
is as follows:
Step RTA RTB
1 Send CSNP send CSNP
2 - Receives the CSNP from RTA and

sends the PSNP request. The RTA's
CSNP is lost. RTB finds the LSP of
the local link state database that is
lost by the RTA' CSNP, RTB sends the
RTC.00-00 LSP to RTA.
3 Receives the PSNP and sends RTA.00-00 -

LSP
4-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Step RTA RTB
4 Receives the RTC.00-00 LSP and -

updates the database.
Sends the acknowledge PSNP of the
RTC.00-00 LSP
5 - Receives the RTA.00-00 LSP and

updates the database.
2. After the adjacent relation is established between RTB and RTA, the RTA
information is flooded to RTC. The process is as follows:
Step RTB RTC
1 Receives the RTA.00-00 from RTA, and Sends the CSNP.

the LSP from the SEQ 100 through
interface 2.
Checks the database and finds that the
LSP is unavailable.
Sets the SSN for the RTA.00-00 on
interface 2.
Sets the SRM for the RTA.00-00 on
interface 3.
Sends the PSNP acknowledge packet for
the RTA.00-00 on interface 2.
Clears the SSN on interface 2.
2 - Receives the RTA.00-00 SEQ 100

from RTB on interface 4.
Checks the database and finds
that the LSP is unavailable in the
database.
Sets the SSN for the RTA.00-00 on
interface 4.
Adds the RTA00-00 SEQ 100 to the
database.
Sends the PSNP acknowledge packet
for the RTA.00-00 on interface 4.
Clears the SSN on interface 4.
3 Receives the PSNP acknowledge packet -

for the RTA.00-00 on interface 3.
Clears the SRM for the RTA.00-00 on
interface 3.
l Broadcast links
4-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
On broadcast links, LSP is diffused to adjacent routers on layer 1 and layer 2 through
broadcast addresses ALL L1S and ALL L2S. The diffusion on broadcast links does
not require reliable transmission.
Unreliable diffusion requires a mechanism to guarantee database synchronization.
The IS-IS router uses the DIS to broadcast CNSP periodically to implement database
synchronization on broadcast links.
The DIS controls the diffusion and database synchronization on broadcast links. The
IS-IS protocol does not require that the IS-Is routers can only establish adjacent
relation with DIS on broadcast links. After the hello packet is broadcasted and three
times of handshaking, adjacent relation can be established between routers. Three
times of handshaking means that all routers report the detected routers. The CSNP
sent by the DIS is transmitted periodically to ensure that all routers on the LAN
receives a copy. Through comparing the CNSP and that in the link state database,
the missing LSP and new version LSP can be recognized. The router can then send
the PSNP packet to apply for the LSP.
Broadcasting CSNP periodically consumes lots of bandwidth and thus the cost is high.
However, this is a simple reliable transmission policy on a broadcast link. You can
reduce the sending frequency by increasing the sending interval.
RTA and RTB are connected to the link, and RTC is the last router that is connected
to the link. The RTA link state database contains RTA.00-00, RTA.01-00(pseudo lsp),
and RTB.00-00, see Figure 4-7.
Figure 4-7 Diffusion and Database Synchronization on a Broadcast Link
1. RTC generates an LSP (RTC.00-00) after RTA establishes the adjacent relation
with RTB. RTC then copies the LSP and saves it to its database. After this, RTC
diffuses another copy to the link through interface 3.
2. RTA that operates as the DIS advertises a CSNP to the link in broadcast mode.
3. After RTC receives the CSNP, it compares the CSNP with that in the local link
state database. It finds that three LSPs are unavailable: RTA.00-00, RTA.01-00,
and RTB.00-00. RTC sends a PSNP to the link to request for the LSPs.
4. RTA sends RTA.00-00, RTA.01-00, and RTB.00-00 in broadcast mode. After RTC
receives the copies, the RTC's database can be synchronized with the RTA's
database.
4-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Route-leaking
Attatch bit: The RFC1195 defines that if an L1/L2 router in an area is connected with a
router in another area, the L1/L2 router sets the ATT bit in its L1 LSP to inform the L1
router in this area that there is an egress. the L1 router in this area selects the nearest L2
on which the ATT bit is set as the egress of the area, and then a default route is generated.
The L1 router selects the nearest L1/L2 router as the egress of this area, but the nearest
route is not necessarily the optimum route, the second optimum route may be used.
Therefore, the RFC2966 defined the route-leaking. To avoid the use of second optimum
route, the routing information in the backbone area is leaked to the Level–1 area. Using
this method, the common areas also have the routing information of the entire IS-IS route
domain.
For the route-leaking operation, see Figure 4-8.
Figure 4-8 Route-leaking
4.2 Configuring the IS-IS Protocol

The IS-IS configuration described in this section is based on IP routing. If no instance or
interface is specified in the following configurations, the process ID is assumed to be 0 and
VLAN100 is used as the interface.
Enabling the IS-IS Protocol

To enable the IS-IS protocol on the ZXR10 5900E, perform the following steps:
4-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config)#router isis<process-id>[vrf <vrf-name>] Enables the IS-IS protocol.
2 ZXR10(config-isis-0)#area <area-address> Configures an IS-IS area in

IS-IS routing mode and set the
router to this area.
The area address is a hex
character string with 1-13
bytes.
3 ZXR10(config-isis-0)#system-id <system-id>[range Sets a system ID for the IS-IS

<range-number>] protocol. An system ID is used
to identify a router in an area.
It is a hex character string with
6 bytes. Usually, it is a MAC
address of an interface on the
router.
By default, a router running the
IS-IS protocol is identified to be
LEVEL-1-2.
4 ZXR10(config-isis-0)#interface <interface-name> Enters interface configuration

mode.
ZXR10(config-isis-0-if-vlan100)#ip router isis Specifies an interface to run

the IS-IS protocol.
Configuring IS-IS Global Parameters

For a network on which all ZXR10 series routers or switches run, use the default
parameters in IS-IS configuration. To connect to devices of other manufactories, the
related interface parameters and timers should be adjusted to acquire higher running
efficiency.
To configure IS-IS global parameters on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#router isis <process-id>[vrf <vrf-name>] Enters IS-IS route configuration

mode.
2 ZXR10(config-isis-0)#is-type {level-1 | level-1-2 | Sets an operation mode for the

level-2-only} router.
The operation modes
include level-1, level-1-2,
and level-2-only.
3 ZXR10(config-isis-0)#metric-style < narrow | wide > Configures the metric style.

Default: narrow.
4-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4 ZXR10(config-isis-0)#lsp-refresh-time < refresh-time > Configures the interval

(second) for refreshing local
LSPs. Range: 1-65535.
On a stable network, the
local LSPs are refreshed
periodically.
Default: 900.
5 ZXR10(config-isis-0)#max-lsp-lifetime < time > Configures the maximum

duration (second) for
maintaining a local LSP
alive. Range: 1-65535.
Default: 1200.
6 ZXR10(config-isis-0)#distance < value > Sets the priority of the IS-IS

protocol on the local router.
7 ZXR10(config-isis-0-vlan100)#passive-mode Sets a passive interface. If an

interface is configured as a
passive interface, its address
information is added to the local
LSP, but the passive interface
is not used to forward packets.
8 ZXR10(config-isis-0)#set-overload-bit [on-start-up Sets an OL flag. If the router

{<5-86400>| auto | wait-for-bgp}][suppress {all | external fails to reach the required
| interlevel}] processing capability, it sends
advertising packets to other
routers that run the IS-IS
protocol.
9 ZXR10(config-isis-0)#default-information originate Originates a default route.

[always][metric <metric-value>][metric-type <type>][level-1 When you configure route
| level-1-2 | level-2] redistribution, run this
command to redistribute
default routes to IS-IS areas.
10 ZXR10(config-isis-0)#summary-address Configures the IS-IS protocol

<ip-address><net-mask>[metric <metric-value>][level-1 | to aggregate routes.
level-1-2 | level-2] The IS-IS protocol can
aggregate multiple route
entries to one aggregated route
and advertise this route instead
of advertising all routes.
4-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
11 ZXR10(config-isis-0)#hello padding {multi-point | Configures the IS-IS protocol

point-to-point } to pad hello packets to the
maximum length.
12 ZXR10(config-isis-0)#ignore-lsp-errors Configures the system to drop

the incorrect checksum LSPs
received by the IS-IS router.
13 ZXR10(config-isis-0)#i-spf Enables the IS-IS instance to

support the incremental SPF
calculation.
14 ZXR10(config-isis-0)#route-leak level-2 into level-1 Configures route-leaking from

route-map <map-tag> IS-IS level-2 to level-1
15 ZXR10(config-isis-0)#spf-interval <interval>[<initial-wai Configures the minimum

t>[<wait-first-second>]][{level-1|level-2}] interval for IS-IS topology
calculation.
< narrow | wide > In narrow mode, six bits are used to carry the metric value.
In wide mode, 24 bits are used to carry the metric value. In
addition, more TLVs can be carried in wide mode.
The range for bringing the metric value in narrow mode is
smaller than that in wide mode. When devices are connected
and form neighbor relations, a topology may fail to be
established because of different metric styles.
on-start-up { 5-86400 | auto | l 5-86400: After the router is restarted, the OL flag cannot
wait-for-bgp } be set after a period within this range.
l auto: The OL flag cannot be set after databases are
synchronized.
l wait-for-bgp: The OL flag cannot be set after the BGP
is synchronized.
suppress {all | external | interlevel} l all: Suppress the leakage of both external and internal
routes
l external: Suppress the local router to learn redistributed
routes
l interlevel: Suppress the leakage of internal routes
between level-1 and level-2.
4-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
always No matter whether a default route exists in redistributed route

entries, the system generates a default route advertisement
entry. If this parameter is not set, the system only advertises
a default route when the redistributed route entries have a
default route.
metric <metric-value> Metric value. Range: 0-4261412864.
metric-type <type> Metric type. Value: external and internal. Default, internal.
level-1 The default route is generated on level-1.
level-1-2 The default route is generated on both level-1 and level-2.
level-2 The default route is generated on level-2 (default setting).
<ip-address> Allocated aggregated address.
<net-mask> IP subnetwork mask. It is used to aggregate routes.
metric <metric-value> Metric value. Range: 0-4261412864.
level-1 Router locates at level-1.
level-1-2 Router locates at level-1-2.
level-2 Router locates at level-2.
<interval> Maximum interval (second) for calculating the SPF. Default:

10, range: 1-120.
<initial-wait> Initial waiting duration (millisecond) for calculating the SPF.

Default: 5500, range: 0-120000.
<wait-first-second> Minimum waiting duration (millisecond) between calculating

the SPF for the first time and the second time. Default: 5500,
range: 0-120000.
level-1 Interval for calculating the SPF on router level-1.
level-2 Interval for calculating the SPF on router level-2.
Configuring IS-IS Interface Parameters

To configure IS-IS interface parameters on the ZXR10 5900E, perform the following steps:
4-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config)#router isis Enters IS-IS configuration

mode.
2 ZXR10(config-isis-0)#interface <interface-name> Enters IS-IS interface

configuration mode.
3 ZXR10(config-isis-0-if-vlan100)#circuit-type Configures an interface

{level-1|level-1-2|level-2-only} operation type.
Default: level-1-2.
The configuration must be
consistent with the IS-IS global
operation type. In addition, the
operation types of the directly
connected neighbors must also
be consistent with the operation
type.
ZXR10(config-isis-0-if-vlan100)#hello-interval Interval (second) for sending

<interval>[level-1 | level-2] Hello packets. Range:
1-65535, default, 10.
If optional parameters are
not set, the configuration is
effective for both level-1 and
level-2 operation types.
ZXR10(config-isis-0-if-vlan100)#hello-multiplier Configures the times of

<multiplier>[level-1 | level-2] the duration for keeping
neighborhood than the interval
for sending Hello packets.
ZXR10(config-isis-0-if-vlan100)#lsp-interval Configures the interval

<interval>[level-1 | level-2] (second) for transmitting LSPs.
ZXR10(config-isis-0-if-vlan100)#retransmit-interval Configures the interval

<interval>[level-1 | level-2] (second) for retransmitting
LSPs. Range: 1-65535,
default: 2.
4-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The configuration only applies

to point-to-point links.
ZXR10(config-isis-0-if-vlan100)#priority Configures the DIS election

<priority>[level-1 | level-2] priority for an interface. Range:
0-127, default: 64. The router
with a higher priority is elected
to be the DIS.
The configuration is only
effective for broadcast links.
ZXR10(config-isis-0-if-vlan100)#metric Sets the metric value of an

<metric-value>[level-1 | level-2] IS-IS interface. In wide mode,
range: 1-16777215, default:
10. In narrow mode, range:
1-63.
The metric value is used when
the interface participates in the
calculation of the shortest IS-IS
path.
ZXR10(config-isis-0-if-vlan100)#network Configures the interface on

point-to-point which the IS-IS protocol
is enabled to simulate a
point-to-point interface.
ZXR10(config-isis-0-if-vlan100)#bfd-enable Enables the BFD function for

the IS-IS protocol.
ZXR10(config-isis-0-if-vlan100)#max-burst Sets the maximum number of

<number> LSPs that can be sent each
time. Range: 1-50.
4-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-isis-0-if-vlan100)#mtu <512-4096> Sets the maximum length

(byte) of hello packets sent by
the IS-IS interface.
ZXR10(config-isis-0-if-vlan100)#ignore-mtu Ignores the checking of IS-IS

packets if they can be received
when they exceed the MTU of
the corresponding interface.
If the length of the received
packets is too long that the
packets are not received
completely, this command is
not effective, and the length of
packets is checked.
ZXR10(config-isis-0-if-vlan100)#csnp-interval Defines the interval (second)

<interval>[level-1 | level-2] for sending CSNP packets.
Range: 1-65535. For
broadcast links, the default
setting is 10. For point-to-point
networks, the default value is
3600.
ZXR10(config-isis-0-if-vlan100)#psnp-interval Configures the interval

<interval>[level-1 | level-2] (second) for sending PSNP
packets on an interface.
PSNP usually applies to
point-to-point networks. If
optional parameters are
Configuring IS-IS Authentication

The ZXR10 5900E supports the following four IS-IS authentication types:
l Inter-neighbor authentication
l Intra-area authentication
l Inter-area authentication
l Inter-SNP authentication
4-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
At present, the ZXR10 5900E supports plain text and MD5 authentication modes.
To configure IS-IS authentication on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#router isis [process-id][vrf <vrf-name>] Enters IS-IS route configuration

mode.
2 ZXR10(config-isis-0)#authentication-type <type>[level-1 Configures an authentication

| level-2] mode: text or md5.
ZXR10(config-isis-0)#authentication [encrypt]<key>[lev Configures IS-IS authentication

el-1 | level-2] in routing mode. Password
length: 1-100 characters.
By default, SNP packets and
LSPs are authenticated
in routing mode. To
authenticate LSPs only, run
the disable-snp-authentication
command.
not set, the authentication is
effective for both SNP packets
of level-1 and level-2 operation
types.

configuration mode.
4 ZXR10(config-isis-0-if-vlan100)#authentication-type Configures authentication

<type>[level-1 | level-2] mode in interface mode,
If optional parameters are not
set, the authentication mode is
ZXR10(config-isis-0-if-vlan100)#authentication Configures the authentication

[encrypt]<key>[level-1 | level-2] mode for Hello packets.
Password range: 1-100
characters.
If optional parameters are not
set, the authentication mode
is effective for Hello packets
of both level-1 and level-2
operation types.
4-19

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

mode.
6 ZXR10(config-isis-0)#enable-snp-authentication Enables SNP authentication.
ZXR10(config-isis-0)#disable-snp-authentication Disables the authentication for

SNP packets.
Configuring an IS-IS Hostname

To configure an IS-IS hostname on the ZXR10 5900E, perform the following steps:

mode.
2 ZXR10(config-isis-0)#hostname dynamic enable Sets the IS-IS hostname

function to obtain system
names dynamically. By default,
this function is enabled.
ZXR10(config-isis-0)#hostname dynamic disable Disables the IS-IS hostname

function.
Configuring IS-IS Mesh-Group

To configure an IS-IS mesh-group on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#router isis [process-id][ vrf < vrf-name>] Enters IS-IS route configuration
mode.
2 ZXR10(config-isis-0)#interface <interface name> Enters interface configuration

mode.
3 ZXR10(config-isis-0-if-vlan100)#mesh-group blocked Set meshEnable to

meshBlocked. LSP packets
are blocked on the interface.
4 ZXR10(config-isis-0-if-vlan100)#mesh-group Configures an interface to a

<mesh_group_number> mesh_group. Mesh-group
number range: 1-4294967295.
Configuring IS-IS Redistribution

To configure IS-IS redistribution on the ZXR10 5900E, perform the following steps:

mode.
4-20

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config-isis-0)#redistribute <protocol>[[level-1 Configures route redistribution

| level-1-2 | level-2][{[ metric <metric-value>]| in IS-IS routing mode.
with-originate-metric}][metric-type <type>][route-map
<map-tag>]]
<protocol> (Required) Protocol source. Options are as follows: connect,

static, rip, isis <process-id>, ospf <process-id> and bgp. It is
mandatory. To redistribute IS-IS/OSPF routes, it is necessary
to specify the process ID.
level-1 Sets the redistributed routes to enter Level-1.
level-1-2 Sets the redistributed routes to enter Level-1 and Level-2.
level-2 Sets the redistributed routes to enter Level-2.
with-originate-metric Uses the metric value in the originating routing protocol as

the flag.
<metric-value> Metric value. Range: 0-4261412864.
<metric-type> Whether to carry an external metric value of an interval

metric value.
route-map <map-name> Use a route-map.
Configuring IS-IS Load Balancing

IS-IS supports load balancing. Load balancing indicates that multiple links with the same
cost and destination can share traffic. Load balancing has two modes: packet-based and
flow-based. The default mode is flow-based.
To configure IS-IS load balancing on the ZXR10 5900E, perform the following steps:

mode.
2 ZXR10(config-isis-0)#maximum-paths <1-32> Configures load balancing in

IS-IS route configuration mode.
The parameter < 1-32>
indicates the load balancing
entries supported by the
system.
Configuring Traffic Engineering

The ZXR10 5900E IS-IS IPv4 supports the public network TE function.
4-21

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
To configure IS-IS traffic engineering on the ZXR10 5900E, perform the following steps:

mode.
2 ZXR10(config-isis-0)#metric-style wide In IS-IS routing mode, configure

the wide metric.
3 ZXR10(config-isis-0)#mpls traffic-eng level-1 Enables TE on IS-IS Level-1.
4 ZXR10(config-isis-0)#mpls traffic-eng level-2 Enables TE on IS-IS Level-2.
Configuring IS-IS FRR

The IS-IS FRR function is used to calculate the backup topology. If the active link is invalid,
traffic can be forwarded to the backup route immediately to avoid data loss.
To configure the IS-IS FRR function on the ZXR10 5900E, perform the following steps:

mode.
2 ZXR10(config-isis-0)#fast-reroute enable Configures the wide metric.
3 ZXR10(config-isis-0)#fast-reroute alternate-type Sets the IS-IS FRR calculation

down-stream-path mode to down-stream-path.
Default: LFA.
4 ZXR10(config-isis-0)#interface <interface-name> Enters route interface mode.
5 ZXR10(config-isis-0-if-interface-name)#fast-rero Sets this interface not to be

ute block used in IS-IS FRR calculation
and not to be used to form a
backup link.
Configuring IS-IS GR
The IS-IS Graceful Restart (GR) function is used to guarantee that the forwarding process
can continue if the corresponding router is restarted. A neighbor router can process
messages when it is restarted. With this function, this process does not result in route
oscillation.
To configure the graceful-restart on the ZXR10 5900E, perform the following steps:

mode.
2 ZXR10(config-isis-0)#restart enable Enables the graceful restart

function in IS-IS routing mode.
4-22

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3 ZXR10(config-isis-0)#restart t2-timer <t2-interval>[lev Sets a database

el-1 | level-2] synchronization timer for
the graceful restart function.
4 ZXR10(config-isis-0)#restart t3-timer {adjacency | Sets a completion timer for the

manual<t3-interval>} graceful restart function.

configuration mode.
6 ZXR10(config-isis-0-if-vlan100)#restart {t1-retry Sets the retry times of t1

<retry-timers>[level-1 | level-2]}|{t1-timer <interval>[level-1 timer. For broadcast links,
| level-2]} if the router is selected as a
DIS router, and this command
is run on the interface, you
are recommended to run the
hello-multiplier command to
increase the hello-multiplier
value.
t1-retry Number of times that t1 timer is reset.
t1-timer Time set by t1 timer.
<retry-timers> Number of times that t1 timer can be reset. Default: 3.
<interval> Interval (second). Range: 1-65535, default: 3.
level-1 The router is in the Level-1 area.
level-2 The router is in the Level-2 area.
4.3 Maintaining the IS-IS Protocol

To maintain the IS-IS protocol on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show isis adjacency [up-time][ level-1 | level-2][process-id Displays the adjacency relations
<process-id>] and the status of current
neighbors.
ZXR10#show isis circuits [detail][process-id]show isis circuits Displays the information about the
[detail][process-id<process-id>] IS-IS interface.
ZXR10#show isis database [LSP-ID][level-1| level-2][verbose][de Displays the information about an

tail][process-id<process-id>] IS-IS neighbor.
4-23

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#show isis topology [level-1|level-2][process-id<process-id Displays the IS-IS topology.

>][vrf < vrf-name>]
ZXR10#show isis mpls traffic-eng tunnel [process-id<process-id>] Displays the usage of the IS-IS
tunnel.
ZXR10#show isis fast-reroute-topology [ level-1|level-2][process-id] Displays the backup IS-IS

topology.
level-1 A router locates in the level-1 area.
level-2 A router locates in the level-2 area.
up_time The up time of a neighbor.
process-id Instance number. Range: 0-65535.
detail Detailed information.
The following is sample output from the show isis adjacency command:
ZXR10(config-isis)#show isis adjacency
Process ID: 0
Interface System id State Lev Holds SNPA(802.2) Pri MT
gei-0/1/1/1 3333.3333.3333 UP L1 23 00E0.D021.0205 64
gei-0/1/1/2 3333.3333.3333 UP L2 24 00E0.D021.0203 64
Process ID Instance number.
Interface Name of the local interface that sets up neighborhood with

the peer.
System id System ID of a neighbor, in xxxx.xxxx.xxxx mode.
State Neighborhood status. Options: UP and INIT.
Lev The level where neighborhood locates. Three levels are

available: L1, L2, and L3.
Holds Duration for maintaining a neighborhood relation.
SNPA(802.2) Access point of a subnetwork.
Pri Priority of a router.
MT Multiple topology identifier.
The following is sample output from the show isis circuits command:
4-24

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#show isis circuits

Process ID: 0
Interface State Lev CirId Level1-DR Level2-DR Pri(L1/L2)
gei-0/1/1/1 Up L1 2 No found Disabled 64/64
Interface IS-IS port name.
State If an interface that runs the IS-IS protocol is enabled, it is in

the UP state. If it is not enabled, it is in the down state.
Lev Interface level.
CirId Interface ID.
Level1-DR Router of level 1.
Level2-DR Router of level 2.
Pri(L1/L2) L1/L2 priority.
The following is sample output from the show isis database command:
ZXR10(config-isis-0)#show isis database detail

Process ID:0
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
0000.2222.6666-00-00 0x4 0x8b7a 1152 0/0/0
NLPID: 0xcc
Hostname: 8905E-1
Area Address: ff
IP Address: 1.1.1.48
Metric: 10 IS neighbor 0000.2222.6666-02
Metric: 10 IP-Internal 1.1.1.0 255.255.255.0
0000.2222.6666-02-00 0x1 0x3551 1047 0/0/0
0000.2222.7878-00-00* 0x13 0xfb1a 1034 0/0/0
NLPID: 0xcc
NLPID: 0x8e
Area Address: ff
IPv6 Address: 1::
4-25

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

Metric: 10 IPv6 1::/64
IS-IS Level-2 Link State Database:
0000.2222.6666-00-00 0x5 0xaf92 1151 0/0/0
NLPID: 0xcc
Hostname: 8905E-1
Area Address: ff
0000.2222.6666-02-00 0x1 0x3551 1046 0/0/0
0000.2222.7878-00-00* 0x13 0xfb1a 1032 0/0/0
NLPID: 0xcc
NLPID: 0x8e
Area Address: ff
IPv6 Address: 1::
Metric: 10 IPv6 1::/64
LSPID Link state packet ID.
LSP Seq Num Link state packet sequence number.
LSP Checksum Link state packet checksum.
LSP Holdtime LSP life time.
ATT/P/OL Whether to connect to external area (ATT) bit/partition

bit/overload bit.
The following is sample output from the show isis topology command:
ZXR10(config-isis-0)#show isis topology
4-26

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Process ID: 0
IS-IS paths to Level-1 routers
System id Metric Next-Hop Interface SNPA
2222.2222.2222 10 2222.2222.2222 vlan1 00E0.D021.0204
3333.3333.3333 --
2222.2222.2222 10 2222.2222.2222 vlan2 00E0.D021.0205
3333.3333.3333 --
System id System ID of the destination IS.
Metric Metric value to the destination IS, "--" indicates itself, "**"
means that the route can not be calculated.
Next-Hop The next hop IS to the destination IS.
Interface Interface for forwarding route.
SNPA SNPA address of the next hop. P-P interface flag: "*ppp*".
The following is sample output from the show isis mpls traffic-eng tunnel command:
ZXR10(config)#show isis mpls traffic-eng tunnel
Process ID: 0
state codes: * the only next hop, ** one of next hops,
-not chosen as next hop
System id Tunnel-name Next-hop Metric Mode State

2222.2222.1111 te_tunnel1 1.1.2.110 10 Absolute **
System Id System ID of the destination IS.
Tunnel-name Tunnel name.
Next-Hop The next hop IS to the destination IS.
Metric The metric to the destination IS.
Mode Metric mode of an automatic tunnel.
State Usage state of an automatic tunnel in espf calculation.
The following is sample output from the show isis fast-reroute-topology command:
4-27

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-isis-0-if-vlan10)#show isis fast-reroute-topology

Process ID: 0
IS-IS ipfrr paths to Level-1 routers
System id Interface Ipfrr interface Ipfrr type metric
1111.1111.1111 vlan10 vlan20 Link 10
IS-IS ipfrr paths to Level-2 routers
System id Interface Ipfrr interface Ipfrr type metric
1111.1111.1111 vlan10 vlan20 Link 10
System id System ID of the destination IS.
Interface Master outgoing interface to the destination IS.
Ipfrr interface Backup outgoing interface to the destination IS.
Ipfrr type IS-IS FRR calculation mode, including LFA and

down-stream-path.
metric Metric to the destination IS.
4.4 IS-IS Configuration Examples

4.4.1 Single Area IS-IS Configuration Example
It is required that analyze the network before starting IS-IS configuration. According to
network size, decide the network topology that how many areas to be divided and how
many routing protocol to be ran on network. Configure IS-IS on a single area if the network
scale is not much larger.
As shown in Figure 4-9, configure IS-IS on a single area.
Figure 4-9 Single Area IS-IS Configuration Example
4-28

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1. Configure IP addresses of interfaces
2. Configure IS-IS protocol
3. Enable IS-IS protocol on interface
4. Test the configuration result. Make sure that S1 and S2 can set up neighborhood
between each other and calculate topology correctly. Make sure that S1 and S2 can
ping the loopback interface of the peer between each other.
Configuration ON S1:
S1(config)#router isis
S1(config-isis-0)#area 01
S1(config-isis-0)#system-id 00D0.D0C7.5460
S1(config-isis-0)#interface vlan10
S1(config-isis-0-if-vlan10)#ip router isis
S1(config-isis-0-if-vlan10)#exit
S1(config-isis-0)#interface loopback1
S1(config-isis-0-if-loopback1)#ip router isis
S1(config-isis-0-if-loopback1)#exit
Configuration ON S2:
S2(config-isis-0)#system-id 00D0.D0C7.53E0
S2(config-isis-0)#interface loopback1
S2(config-isis-0-if-loopback1)#ip router isis
S2(config-isis-0-if-loopback1)#end
4-29

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuration Check
After finishing the configuration above, the following content can be viewed on both S1
and S2. It means that S1 and S2 can set up neighborhood and calculate topology. Ping
the loopback address of the peer on S1 and S2 respectively.
Use show running-config isis on S1 to view whether the IS-IS configuration is correct.
S1(config)#show running-config isis
!
router isis
area 01
system-id 00D0.D0C7.5460
interface vlan10
ip router isis
$
interface loopback1
ip router isis
$
Use show isis adjacency on S1 to view whether the neighborhood is normal. After the
neighborhood is set up, UP will be shown under the field of state.
S1(config)#show isis adjacency
gei-0/1/1/1 00D0.D0C7.53E0 UP/UP L1L2 8/7 0030.3144.5566 64/64
Use show isis topology on S1 to view whether the topology can be calculated correctly. If
the topology is calculated correctly, the following entry can be viewed on the command
output. If "–" is shown under the field of metric, it means the local router. If "**" is shown
under the field of metric, it means inaccessible.
S1(config)#show isis topology
00D0.D0C7.53E0 10 00D0.D0C7.53E0 vlan10 0030.3144.5566
00D0.D0C7.5460 --

00D0.D0C7.53E0 10 00D0.D0C7.53E0 vlan10 0030.3144.5566
00D0.D0C7.5460 --
Use show isis circuits on S1 to view the interface information and the DIS election. The
UP means that the interface state is normal. The Down means that the interface state
is abnormal. For abnormal interface state, it is required that inspect the link state and IP
configuration.
S1(config)#show isis circuits
IS-IS interface database:
4-30

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
loopback1 Up L1L2 0 No found No found 64/64

gei-0/1/1/1 Up L1L2 2 00D0.D0C7.53E0-02 00D0.D0C7.53E0-02 64/64
S1#ping 192.168.6.1
!!!!!

!
router isis
area 01
system-id 00D0.D0C7.53E0
interface vlan10
ip router isis
$
interface loopback1
ip router isis
$
!
S2(config)#show isis circuits
loopback1 Up L1L2 0 No found No found 64/64
gei-0/1/1/1 Up L1L2 2 Dis is me Dis is me 64/64
ZXR10(config)#show isis adjacency
gei-0/1/1/1 00D0.D0C7.5460 UP/UP L1L2 23/23 0030.3144.5560 64/64
ZXR10(config)#show isis top
00D0.D0C7.53E0 --
00D0.D0C7.5460 10 00D0.D0C7.5460 vlan10 0030.3144.5560

00D0.D0C7.53E0 --
00D0.D0C7.5460 10 00D0.D0C7.5460 vlan10 0030.3144.5560
S2#ping 192.168.3.1
!!!!!
4-31

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4.4.2 Multiple Area IS-IS Configuration Example

For a larger size network, use multiple IS-IS areas. According to the geographic locations
and the functions of routers, partition the close routers to an area. Area division helps
to lighten the demands for memory. The area only need to maintain a smaller link state
database. A router only needs to maintain a smaller link state database in its area.
As shown in Figure 4-10, S1 belongs to area 1, S2 belongs to area 0, and S3 and S4
belong to area 2. S1 aggregates the routes of the network segment in area 1, and S4
redistributes the default route to IS-IS.
Figure 4-10 Multiple Area IS-IS Configuration Example
1. Configure IP addresses of interfaces.
2. Configure IS-IS protocol.
3. Enable IS-IS protocol on interfaces.
4. Enable route aggregation on S1.
5. Configure static route on S4 and redistribute default route.
6. Test the configuration. Make sure that the neighborhood is set up between S1 and S2,
between S2 and S3, and between S3 and S4 already and the topology is calculated
correctly. Ping the peer interface by one of any pair of interfaces successfully.
4-32

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1(config-isis-0)#system-id 00D0.D0C7.5460
S1(config-isis-0)#is-type level-1-2
S1(config-isis-0-if-vlan10)#circuit-type level-2
S1(config-isis-0)#summary-address 192.168.100.0 255.255.252.0
S1(config-isis-0)#exit
S2(config-isis-0)#system-id 00D0.D0C7.53E0
4-33

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S3(config-isis-0)#system-id EF00.AB00.DF12
S4(config-isis-0)#system-id 00DE.FD11.AD00
S4(config-isis-0)#is-type level-1
S4(config)#ip route 0.0.0.0 0.0.0.0 192.168.13.1
S4(config-isis-0)#default-information originate
S4(config-isis-0)#redistribute static metric 10
S4(config-isis-0)#end
Configuration Check
After the configuration above is finished, the following content can be viewed on one of
any pair of devices. It shows that the neighborhood is set up already and the topology is
4-34

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
calculated correctly. The peer interface can be pinged successfully by one end of any pair
of devices.
Use show ip protocol routing to view the default static route redistributed by S4 on S1.
!
router isis
area 01
system-id 00D0.D0C7.5460
is-type level-1-2
summary-address 192.168.100.0 255.255.252.0
interface vlan10
ip router isis
circuit-type level-2-only
$
interface vlan20
ip router isis
$
interface vlan30
ip router isis
$
interface vlan40
ip router isis
$
!
gei-0/1/1/3 00D0.D0C7.53E0 UP L2 7 0030.3144.5566 64
00D0.D0C7.5460 --

00D0.D0C7.53E0 10 00D0.D0C7.53E0 gei-0/1/1/3 0030.3144.5566
00D0.D0C7.5460 --
Router 30 00D0.D0C7.53E0 gei-0/1/1/3 0030.3144.5566
Router 20 00D0.D0C7.53E0 gei-0/1/1/3 0030.3144.5566

Protocol routes:
4-35

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

*> 0.0.0.0/0 192.168.15.2 115 30 isis-l2
* 0.0.0.0/0 0.0.0.0 254 8 special
View S2 configuration:
!
router isis
area 00
system-id 00D0.D0C7.53E0
is-type level-2-only
interface vlan20
ip router isis
$
interface vlan10
ip router isis
$
!

00D0.D0C7.53E0 --
00D0.D0C7.5460 10 00D0.D0C7.5460 gei-0/1/1/3 0030.3144.5560
Router 20 Router vlan10 CA00.1016.0008
Router 10 Router vlan10 CA00.1016.0008

gei-0/1/1/3 Up L2 3 Disabled Dis is me 64/64
gei-0/1/1/1 Up L2 2 Disabled Router.01 64/64
Protocol routes:

*> 0.0.0.0/0 192.168.14.2 115 20 isis-l2
* 0.0.0.0/0 0.0.0.0 254 8 special
4-36

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
*> 192.168.100.0/22 192.168.15.1 115 10 isis-l2
!
router isis
area 02
system-id EF00.AB00.DF12
is-type LEVEL-1-2
interface vlan10
ip router isis
$
interface vlan20
ip router isis
circuit-type level-1
$
!

IS-IS paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
Router --

00D0.D0C7.53E0 10 00D0.D0C7.53E0 vlan10 0030.3144.5566
00D0.D0C7.5460 20 00D0.D0C7.53E0 vlan10 0030.3144.5566
Router 10 Router gei-0/1/1/3 ca01.1016.001c
Router --
System Id Type Interface IP Address State Holdtime Circuit Id

00D0.D0C7.53E0 L2 vlan10 192.168.14.1 UP 27 Router.01
Router L2 gei-0/1/1/3 192.168.13.2 UP 7 Router.01

Protocol routes:

*> 0.0.0.0/0 192.168.13.2 115 20 isis-l2
* 0.0.0.0/0 0.0.0.0 254 8 special
*> 192.168.100.0/22 192.168.14.1 115 10 isis-l2
4-37

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S4(config)#show running-config
!
router isis
area 02
system-id 00de.fb11.ad00
is-type LEVEL-1
redistribute static ip metric 10
default-information originate
interface vlan10
ip router isis
circuit-type level-1
!
ip route 0.0.0.0 0.0.0.0 192.168.13.1

Router --

00D0.D0C7.53E0 20 Router gei-0/1/1/3 ca00.1016.001c
00D0.D0C7.5460 30 Router gei-0/1/1/3 ca00.1016.001c
Router --
Router 10 Router gei-0/1/1/3 ca00.1016.001c
S4(config)#show isis neighbors

System Id Type Interface IP Address State Holdtime Circuit Id
Router L2 gei-0/1/1/3 192.168.13.1 UP 29 Router.01
S4#ping 192.168.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 192/709/1148 ms
4.4.3 IS-IS Multi-Instance Configuration Example

It is required to configure two instances on S1, and then add vlan10 and vlan20 to the
instances. Meanwhile, configure two instances on S2, and then add two interfaces to
Instance 1 and Instance 2 respectively. The network topology is shown in Figure 4-11.
4-38

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 4-11 IS-IS Multi-Instance Configuration Example
1. Establish neighbor relationship on vlan10 of S1 and vlan10 of S2 in Instance 100.
2. Establish neighbor relationship on vlan20 of S1 and vlan20 of S2 in Instance 200.
3. Redistribute direct-connected routes in the instances of S1. Check whether load
sharing is performed through different instances on S2. (Load sharing cannot be
performed, as the route with a smaller instance number of the same prefix has a
higher priority.)
S1(config)#router isis 100
S1(config-isis-100)#system-id 1111.0100.0000
S1(config-isis-100)#redistribute connected
S1(config-isis-200)#redistribute connected

4-39

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuration Check
S1#show isis adjacency
Process ID: 100
gei-0/1/1/1 S2 UP/UP L1L2 26/26 0021.8844.5541 64/64
Process ID: 200
gei-0/1/1/2 S2 UP/UP L1L2 25/25 0021.8844.5541 64/64
The result shows that the traffic goes through vlan10, that is, the route with a smaller
instance number is preferred.
S2#show ip forwarding route isis-l2
IPv4 Routing Table:
1.1.1.12/32 56.3.3.2 vlan10 isis_l2 115 10
88.6.5.5/32 56.3.3.2 vlan10 isis_l2 115 10
4-40

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 5
BGP Configuration
Table of Contents
BGP Overview............................................................................................................5-1
Configuring BGP ........................................................................................................5-4
Maintaining BGP ......................................................................................................5-55
BGP Configuration Examples ...................................................................................5-60
5.1 BGP Overview

Introduction to BGP
BGP is an inter-domain routing protocol used between ASs. By means of BGP, ASs can
exchange the information of network reachability between each other. The information
is a list of ASs where a route passes through, which is sufficient to set up a diagram to
indicate the connection status of the ASs. In this way, AS-based routing selection policy
is available, and BGP also solves the problem of route loop.
BGP of version 4 (BGP4) is the latest BGP version, which is defined in RFC1771. It has
the following features,
l It supports to realize CIDR, supernet and subnet and so on.
l It supports route aggregation.
l BGP running is reliable. It uses Transfer Control Protocol (TCP) as its bottom layer
protocol. It uses TCP No.179 port.
l It only sends route updating information.
l It sends keepalive packets regularly to make sure that TCP connection is well.
l It has consummate metric values.
l It has abundant attributes and control functions.
l It applies to large-scale network especially.
The session which is set up by BGP routers belonging to different ASs is called External
Border Gateway Protocol (EBGP) session, while a session which is set up between BGP
routers belonging to the same AS is called Internal Border Gateway Protocol (IBGP)
session.
An administrative area with independent routing policies is called an AS. The important
feature of an AS is that it has a unified internal route for another AS, and it has a consistent
topology for reachable destinations. The AS indicator is a value of 16-bit, ranging from 1
to 65535, where, 1–32767 are assignable, 32768–64511 are reserved, and 64512–65534
are used for private ASs (similar to private network addresses). When 16–bit AS number
5-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
is used, the AS number range is 1–65535. Current version also supports 32–bit AS which
is in the range of 1-4294967295.
BGP Working Principle

l BGP Attribute
The router sends BGP update messages related to the destination network to its peer
router. The BGP updating messages contain the information related to BGP metric
(called path attribute). By means of BGP attributes, the special route can be described
in detail. In this way, user can select and filter routes. The path attributes have the
following four independent types:
1. Well-known mandatory attribute: This kind of attributes has to be contained by
route description.
à AS-path
à Next-hop
à Origin
2. Well-known discretionary attribute: The kind of attributes is not necessary
contained by route description.
à Local preference
à Atomic aggregate
3. Optional transitive attributes: This kind of attributes does not require that all BGP
examples support it. However, if it is supported, it can be transmitted to its BGP
neighbor. while, if it is not supported by the current router, it will be transmitted to
other BGP routers continuously.
à Aggregator
à Community
4. Optional nontransitive attribute: This kind of attributes shows that the routers
which do not support the attribute need to delete it.
Multi-Exit Discriminator (MED)
The kinds of BGP attributes can be expanded into 256 but not all attributes are used
together. The attributes can be used selectively and flexibly.
l BGP Message Type
Four types of messages are available for BGP working:
à OPEN
It establishes BGP connection. The message includes BGP version number, local
AS number and the shortest hold time for negotiation, BGP ROUTER-ID and
other optional parameters.
à UPDATE
5-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 5 BGP Configuration c u -tr a c k
It sends BGP route updating packets. The message is sent only once route is
updated.
à KEEPALIVE
It confirms the peer status. The default sending interval is 60 seconds, and the
Hold-time is 180 seconds by default. Once the neighbor receives the KEEPALIVE
packet, the Hold-time timer will be reset. If the hold-time expires, then consider
that the neighbor is in abnormal status, and disconnect the BGP connection with
neighbor.
à NOTIFICATION
It is used to notify error. The router sends NOTIFICATION packet because of

errors, such as the TCP connection is failed with neighbor, failed authentication
and routing loop and so on. After sending NOTIFICATION packet, BGP
connection will be disabled.
l BGP Working Process
BGP working process is shown in Figure 5-1.
Figure 5-1 BGP Working Process
1. Idle State
It is the initial state. The BGP starts initialization after the protocol is activated. It
resets the timer, launches the first TCP connection and enters state 2.
2. Connect state
The BGP starts TCP connection and waits for the message of TCP successful
connection. If the connection is successful, then the BGP enters OpenSent state.
Otherwise, the BGP enters Active state.
5-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3. Active state: The BGP always tries to establish TCP connection. If the connection
timer times out, then the BGP returns to Connect state. If TCP connection is
successful, then BGP enters OpenSent state.
4. OpenSent state
TCP connection is established already. The BGP sends the first OPEN packet
and waits for the reply from the peer. BGP examines the reply packet. If the BGP
finds error, it will send a NOTIFICATION packet and return to Idle state. If there
is no error in the reply packet, BGP will send a KEEPALIVE packet. KEEKALIVE
timer starts timing. The BGP enters into OpenConfirm state.
5. OpenConfirm state
The BGP waits for KEEPALIVE packet and resets the KEEPALIVE timer. When
the BGP receives a KEEPALIVE packet, it enters Established state.
6. Established state
Neighborhood is set up already. Router exchanges Update packet with its
neighbor, and meanwhile, the KEEPALIVE timer is reset.
In initial, the exchanging of routing information includes all BGP routes, that is, all
entries in BGP routing table will be exchanged. After the initial exchanging is finished,
the incremental and burst routing update is launched only when the route entries are
changed or been unavailable. The meaning of the so-called incremental is that not the
entity BGP table will be exchanged but only update the changed route entries. The
burst means that update routes only when the routing table is changed rather than
periodically route updating.
When a router sends route information to its neighbor, it will save the route entries sent
to neighbor at local. When the router receives a route updating packet, it will compare
updating packet with the locally saved routing entries. If this entry is not sent before,
then the router will send it to its neighbor. If the entry is sent already and better, the
router will send the entry to its neighbor and update its locally saved routing entries.
Compared with the conventional periodical routing table updating, this updating mode
saves the bandwidth a lot. Route updating is achieved by UPDATE packets.
During the process above, if the BGP connection fails to be established because of
any connection failure, authentication failure and route loopback and so on, the router
will send NOTIFICATION packet to its peer that close BGP session will be closed.
Later, the router enters Idle state.
5.2 Configuring BGP

BGP Neighborhood Establishment
Two routers are called as peers or neighbors if BGP session is set up between them.
There are two connection modes of peers, IBGP and EBGP. If the two routers which
exchange BGP packets belong to the same AS, then these two routers adopt IBGP as
5-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
their connection mode. Otherwise, if the two routers belong to different ASs, then they
adopt EBGP as their connection mode.
As shown in Figure 5-2, S1 and S2 are EBGP neighbors, S2 and S3 are IBGP neighbors.
Figure 5-2 IBGP and EBGP
l Establishing EBGP Neighborhood

Make sure that the physical connection between two nodes is normal and the nodes
belong to different ASs before configure EBGP neighbor.
In most of EBGP cases, two routers are directly connected by physical interfaces.
Usually, use the IP addresses of the interconnected interfaces to set up BGP
connection, but also can use loopback addresses to set up BGP connection.
What draws special attention during the configuration is that multi-hop connection
has to be specified if do not use physical connection to set up EBGP connection.
That because the router sets the TTL value of BGP protocol packet as 1 by default.
Therefore, even if TCP connection is set up, OPEN packets still can not be sent to the
CPU of the peer. In this way, BGP connection can not enter Established state.
To establish EBGP neighborhood, perform the following steps.
5-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config)#router bgp <as-number> This starts BGP routing

process and specifies the AS
number of router.
<as-number>is the AS system
ID of router, the range is
1-65535. 1-64511 is the
global common AS number.
64512-65535 is used by
private networks. Current
version also supports 32-bit
AS which is in the range of
1-4294967295.
2 ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-gr This configures a BGP

oup-name>] remote-as <number> neighbor or the AS number of
a peer.
3 ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-gr This establishes EBGP

oup-name>] ebgp-multihop [ttl <value>] neighborhood on
indirect-connected networks.
4 ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-gr This specifies local loopback

oup-name>] update-source <interface-name> address as source IP address
to set up TCP connection.
<ipv4-address> IPv4 address of neighbor, in dotted decimal notation
<peer-group-name> peer-group name
<number> The AS system that the neighbor belongs to. The range of
a 2-byte AS number is 1-65535, and the range of a 4-byte
AS number is 1-4294967295.
<value> The number of ttl, the range is 1-255
5-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<interface-name> The interface to be specified as source address to set up

TCP connection in BGP session
1. Set Up EBGP through Direct-Connected Address
As shown in Figure 5-3, S1 belongs to AS65000, and S2 belongs to AS65001.
Establish EBGP neighborhood between S1 and S2 through physical interfaces.
Figure 5-3 EBGP Physical Direct-Connected Configuration Topology
S1#config terminal
S1(config)#router bgp 65000
S1(config-bgp)#neighbor 129.213.1.2 remote-as 65001
S1(config-bgp)#exit
S2#config terminal
5-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2(config-bgp)#exit
View configuration result.

To view the established BGP neighborhood, use show ip bgp neighbor on S1.
S1#show ip bgp neighbor
BGP neighbor is 129.213.1.2, remote AS 65001, external link
BGP version 4, remote router ID 129.213.1.2
BGP state = Established, up for 00:04:21
hold time is 90 seconds, keepalive interval is 30 seconds
......
Connections established 1
Local host: 129.213.1.1, Local port: 179
Foreign host: 129.213.1.2, Foreign port: 1024
The IP address of BGP neighbor is 129.213.1.2. The neighbor belongs to

AS65001. EBGP connection is set up already. The router-ID of neighbor is
129.213.1.2 and the state is Established. The session is set up 4 minutes 21
seconds.
To view the established BGP neighborhood, use show ip bgp neighbor on S2.
......
2. Set Up EBGP through Loopback Addresses
As shown in Figure 5-4, EBGP neighborhood is set up through loopback
addresses between S1 and S2.
5-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-4 EBGP Configuration through Loopback Address
S1#config terminal
S1(config)#interface Loopback1
S1(config-bgp)#neighbor 1.1.1.2 ebgp-multihop ttl 5
S1(config-bgp)#neighbor 1.1.1.2 update-source loopback1
S1(config-bgp)#exit
S1(config)#ip route 1.1.1.2 255.255.255.255 192.168.1.2
S2#config terminal
5-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S2(config-bgp)#exit
S2(config)#ip route 1.1.1.1 255.255.255.255 192.168.1.1
Note that if the number of hops is not designated behind ebgp-mulitihop, the
system will set TTL value as 1 by default.
To view the established BGP neighborhood, use the show ip bgp neighbor
command on S1.
......
S1 establishes EBGP connection with the router 1.1.1.2 belonging to AS 65000

already.
To view the established BGP neighborhood, use the show ip bgp neighbor
command on S2.
......
S2 establishes EBGP connection with the router 1.1.1.1 belonging to AS 65000

already.
l Establishing IBGP Neighborhood
Make sure that the physical connection between two nodes is normal and the nodes
belong to the same AS before configure IBGP neighbor.
IBGP is used to exchange BGP update packets in an AS and maintain the internal
connectivity.
BGP rules that an IBGP router can not send the routes received from another IBGP
router to the third IBGP router. This is the rule of Split-horizon. When a router receives
a update packet through EBGP, it will process and send the packet to all IGBP routers
and EBGP peers, but when a router receives update packet through IBGP, it will
process and send the packet through EBGP rather than send it to IBGP neighbors.
5-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Therefore, to keep the connectivity of the BGP, BGP routers have to set up a full
meshed network through IBGP session.
1 ZXR10(config)#router bgp <as-number> This starts BGP process and

specifies the AS number of
router.
2 ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-gr This configures a BGP

oup-name>] remote-as <number> neighbor or AS number of the
peer.
3 ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-gr This specifies an interface to

oup-name>] update-source <interface-name> be used as source address
to set up TCP connection in
BGP session.
4 ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-g This makes the router itself as

roup-name>] next-hop-self the next hop for advertising
routes by constraint.
5 ZXR10(config-bgp)#no synchronization This makes BGP advertise a

network route without waiting
IGP.
<number> The AS that the neighbor belongs to. The range of a

2-byte AS number is 1-65535, and the range of a 4-byte
AS number is 1-4294967295.
<interface-name> The interface to be specified as source address to set up

TCP connection in BGP session
5-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
In step 4, NEXT_HOP is a BGP well-known mandatory attribute. It shows the IP

address of the next-hop to destination address. There are three kinds of conditions,
à If the advertising and receiving routers belong to different ASs, the next-hop is
the IP address of the interface of the advertising router.
à If the advertising and receiving routers belong to the same ASs, and the NLRI
destination address containing in updating message also belongs to the AS, the
next hop is the IP addressed of the neighbor of the advertised router.
à If the advertising and receiving routers are a pair of internal peers, and the NLRI
containing in updating message points to another AS, the next-hop is the IP
address of the external peer. The IP address has to be accessible, otherwise,
the advertised entry is invalid.
In step 5, the synchronization rule is that when an AS provides transition service for
another AS, after all the routers belonging to the AS receive the route through the
transmission of IGP route information, BGP can send the route to outside. When a
router receives a route updating message from IBGP, it will valid the synchronization
before forward the message to other EBGP peers. Once IGP routing table contains
the entry corresponding to the updating message, the router will forward the message
by EBGP. Otherwise, the router will not forward the message.
Synchronization rule is to ensure the connectivity in AS and prevent route blackhole.
However, in practical use, synchronization function is usually disabled, and IBGP full
meshed structure is adopted to ensure the connectivity in AS. Full-meshed structure
can avoid that lots of BGP routes are sent to IGP, which can quicken the speed of
router processing. Additionally, it ensures that the data packets are not lost. To disable
synchronization function, one of the following two conditions needs to be satisfied.
1. The AS at where routers locate only has one egress, or it is a stub AS. That is to
say, the AS only has one point to connect to external network.
2. The AS at where routers locate is a transition type (that is to say, an AS can
connect to the third AS through the AS), but all routers of the AS run BGP.
The second condition is common. Since all routers have BGP information in AS, IGP
only needs to transmit routing information for local AS.
Synchronization function is enabled on router by default. Use no synchronization to
cancel synchronization function.
As shown in Figure 5-5, S2 and S3 belong to the same AS. Set up IBGP connection
between S2 and S3 through Loopback addresses.
5-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-5 IBGP Configuration
S2#config terminal
S2(config-bgp)#neighbor 1.1.1.3 next-hop-self
S2(config-bgp)#no synchronization
S2(config-bgp)#exit
S2(config-ospfv2)#network 192.168.2.0 0.0.0.3 area 0
S2(config-ospfv2)#exit
S3#config terminal
5-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S3(config-bgp)#exit
Use show ip bgp neighbor to view the established BGP neighborhood on S2.
BGP neighbor is 1.1.1.3, remote AS 65001, internal link
......
last error code is 6
S2 sets up IBGP neighborhood with S3 (1.1.1.3) already.

Use show ip bgp neighbor to view the established BGP neighborhood on S3.
BGP neighbor is 1.1.1.2, remote AS 65001, internal link
......
last error code is 5
S3 sets up IBGP connection with S2 (1.1.1.2) already.
l Configuring BGP Neighborhood Authentication Password

To make the MD5 authentication be available on TCP connection between a pair of
BGP peers, perform the following steps to configure neighborhood password. The
password can be encrypted to enhance the safety of BGP connection.
5-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

router.
2 ZXR10(config-bgp)#neighbor <ip-address> password This encrypts the

[<string 1>| encrypt < string 2>] neighborhood password.
<ip-address> IPv4 address of neighbor, in dotted decimal notation
<string 1> Character string password, in case sensitive, the length is

1-80 characters.
<string 2> The length is 81-120 characters
This example shows how to configure BGP neighbor password authentication and
encrypt the password.
ZXR10(config)#router bgp 100
ZXR10(config-bgp)#neighbor 192.168.0.2 remote-as 100
ZXR10(config-bgp)#neighbor 192.168.0.2 password 789
ZXR10(config-bgp)#neighbor 192.168.0.2 password encrypt 123
ZXR10(config-bgp)#show running-config bgp
router bgp 100
neighbor 192.168.0.2 password encrypt u5pd4oR1YGR1E+My5y4ec1dbC7
eZf4gsX0qhVYXcb6KV1CMnm8VFlX9dcceOjgUYrxPGh3Gy7Rl8VxSlqtHcujwZ5qzj
LbVOkiKWz41nHPk=
!
l Restarting BGP Process
When BGP neighbor enters abnormal state, restart BGP neighbor process to recover.
To restart a BGP neighbor, use the following command in global configuration mode.
Command Function
ZXR10(config)#reset ip bgp [vrf <vrf-name>][<ipv4-address This restarts BGP instance, a

>|<peer-group-name>] peer or a pair of peers.
<vrf-name> VRF name, the length is 1-32 characters.
<ipv4-address> IPv4 address of neighbor
5-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<peer-group-name> Name of the peer group
Configuring BGP Route Advertisement

l BGP Route Advertisement Rules
The routes to be advertised by BGP have to exist in IGP routing table already. The
source of BGP route updating is that inject IGP routing information to BGP. It has
an influence on the stability of Internet routes directly. There are two route injection
methods, dynamic injection and static injection.
Dynamic injection is divided into two types, full dynamic injection and selective
dynamic injection.
Full dynamic injection means that all IGP routes are redistributed (Redistribution) to
BGP. This method is very easy to configure but controllability is weak and low efficient.
Selective dynamic injection means that inject a part of IGP routes to BGP (use
network command). This method verifies address and mask first, which improves
controllability and efficiency. In this way, the error routing information can be avoided
to inject.
However, no matter which method is adopted, the routes will be unstable. That
because dynamic injection totally depends on IGP information. When route flapping
occurs on IGP routes, BGP route update will be affected. Lots of updating packets
are generated because of the unstable routes, and the bandwidth will be wasted
heavily. To make up this disadvantage, route dampening and aggregation can be
adopted on the border.
Static injection solves the unstable routes greatly. It injects static routes to BGP.
Static routes are added manually, so it is influenced by IGP route flapping. Therefore,
the repeated updating will be prevented by the stability. However, if the subnetwork
partition is not very clear, static injection also brings data flow blocking.
In conclusion, there are three BGP route advertisement methods.

à Use network command to advertise routes.
à Use redistribute command to redistribute the routes learned by other protocols
to BGP.
à Use BGP route aggregation to advertisement.
l Advertising Routes by network Command
The routes to be advertised by BGP have to exist in IGP routing table already.
The common method of BGP route advertisement is to select the network segment to
advertise by the network command. This command specifies the destination network
segment and mask, and then the routes which match with the rule accurately will enter
into BGP routing table. The routes will be filtered and advertised.
5-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
For example, use network 18.0.0.0 255.0.0.0 in BGP. The network segments 18.0.0.0/8,
18.1.0.0/16 and 18.2.0.0/24 are added to BGP routing table. If these network
segments and subnetworks do not exist in routing table, then no route is injected to
BGP routing table. In order to cooperate with BGP route advertisement, it is required
that configure some static routes pointing to loopback address on router.
It is notable that not all routes injected to BGP routing table can be advertised. It
relates to BGP route filtering or routing policy.
In BGP, use network command to advertise known network to router. The known
network can be learned by direct-connected route, static route and dynamic route.
The usage of network in BGP is different to that of in IGP.

router.
2 ZXR10(config-bgp)#network<ip-address><net-mask>[r This outputs the routes to be

oute-map<map-tag>] advertised to BGP routing
table.
The routes are learnt from
the direct-connected route,
dynamic routing selection and
static route.
As shown in Figure 5-6, S2 runs OSPF as IGP protocol. S2 requires that advertise
the network segment 18.0.0.0/8 advertised by OSPF to BGP.
Figure 5-6 Use network Command to Advertise BGP Route
5-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2#config terminal
S2(config-bgp)#network 18.0.0.0 255.255.255.0
S2(config-bgp)#exit
S2(config-ospf)#network 18.0.0.0 0.255.255.255 area 0
S2(config-ospf)#exit
S1#config terminal
S1(config-bgp)#exit
Use show ip bgp route to view BGP routing table on S1.

S1#show ip bgp route
Status codes: *-valid, >-best, i-internal,s-stale
Origin codes: i-IGP, e-EGP, ?-incomplete
Network Next Hop Metric LocPrf RtPrf Path

*>18.0.0.0/8 192.168.2.1 20 65001 i
The address under the entry of Next-hop is the next-hop address of BGP route. If the
address is represented as full zero, that means this route is generated by router itself.
The value under the Local-Pre is the priority level of route which is learned by BGP.
The default value is 100.
The field Path shows the origin of this route. Three types: IGP, EGP and incomplete.
Note:
à The symbol * indicates the route is available.
à The symbol > indicates the route is the optimized choice.
à The symbol i indicates the route is a IBGP route.
à The route without "i" indicates this is a EBGP route or local route.
5-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The above example shows that the network segment 18.0.0.0/8 exists in BGP routing
table already. The next hop address is the interface 192.168.2.1 of S2.
l Redistributing Routes by redistribute Command
IGP needs to be configured on router already.
Full dynamic injection has to be chosen to advertise BGP routes when there are lots
of route entries and aggregation is not convenient.
When there are lots of route entries and aggregation is not convenient, use redistrib
ute command to redistribute one or more IGP protocol (RIP, OSPF and IS-IS) routes
to BGP.
Make sure that IGP does not redistribute the routes learnt by BGP to BGP again. Use
filter command to avoid loopback if it is necessary.
To redistribute routes on ZXR10 5900E, perform the following steps.
1 ZXR10(config)#router bgp <as-number> This enters BGP route

configuration mode and
specifies AS number of
router.
2 ZXR10(config-bgp)#redistribute ospf-int <id>[metric | This redistributes the routes

route-map <map-tag>] learned by other routing
protocol to BGP routing table.
<protocol> The name of other protocols, connected, static and rip,

ospf-int and ospf-ext, isis-1, isis-2 and isis-1-2
<metric-value> Metric value of the redistributed routes. Use default value

if it is not specified. The range is 0-4294967295.
<map-tag> The name of route mapping of the redistributed route, the

length is 1-31 characters.
As shown in Figure 5-7, S2 runs OSPF as IGP protocol. It is required that redistribute
all OSPF routing information of S2 to BGP.
5-19

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-7 Redistribute OSPF Routes by Using redistribute Command
S2#config terminal
S2(config)#exit
S2(config-bgp)#redistribute ospf-int
S2(config-bgp)#redistribute connected
S2(config)#exit
Use show ip bgp route to view BGP routing table of S1.

*> 18.0.0.0/8 192.168.2.1 20 65001 ?
Add the OSPF external route to S2 and set the metric value as 5.
S2#config terminal
5-20

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2(config)#exit
S2(config-bgp)#redistribute ospf-ext metric 5
S2(config)#exit
l Configuring Route Aggregation
To prevent route blackhole, aggregate the routes with the same mask on router in
route aggregation configuration.
BGP protocol aggregates the learnt routes to a route for advertisement. Thus, route
entries can be reduced a lot in routing table.
To configure route aggregation, perform the following steps.

router.
2 ZXR10(config-bgp)#aggregate-address <ip-address><n This creates an aggregated

et-mask>[count <count>][as-set][summary-only][strict][su policy in BGP routing table.
bnet]<ip-address><net-mask>
<ip-address> The aggregation network to be aggregated, in dotted

decimal notation
<net-mask> The aggregation mask to be generated, in dotted decimal

notation
<count> The number of sub-networks, the range is 0-255, and the

default value is 1.
as-set Set path information
summary-only Filter the special routes from updates
strict According to RFC1771, only the routes which the attributes

of MED and NEXT_HOP are the same respecivetily can
be aggregated. If the command is used without strict, do
not consider MED and NEXT_HOP attributes.
1. Route Aggregation Configuration
5-21

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
As shown in Figure 5-8, S1 advertises the network segments 192.168.0.0/24,

192.168.1.0/24 and 192.168.2.0/24, 192.168.3.0/24 to S2 belonging to AS300.
Run OSPF routing protocol between S1 and S3.
Figure 5-8 Route Aggregation Configuration Example
S1(config-bgp)#aggregate-address 192.168.0.0 255.255.252.0 count 0 summary-only
S1(config-bgp)#exit
S1 learns four routes 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24

and 192.168.3.0/24 through IBGP, but it advertises the aggregated route
192.168.0.0/22 to S2 running EBGP only. If the command is used without the
parameter summary-only, S2 will advertise the aggregated route and the detailed
routes.
Use show ip bgp route on S2 to view the routing table.
5-22

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

Status codes: *valid, >best, i-internal
*>192.168.0.0/22 2.2.2.2 20 100 i
S2#show ip bgp route detail 192.168.0.0 255.255.252.0

BGP routing table entry for 192.168.0.0/22
01:02:19 received from 2.2.2.2
Origin ?, nexthop 2.2.2.2,atomic,aggr 100 2.2.2.2,
As path [100]
As4 path
Received label notag
After the aggregation, there is only one route in BGP routing table of S2 belonging
to AS300. It reduces the size of routing table.
If the command is used without summary-only, S2 will advertise the detailed routes
with the aggregated route.

*>192.168.0.0/22 2.2.2.2 20 100 i
*>192.168.0.0/24 2.2.2.2 20 100 i
*>192.168.1.0/24 2.2.2.2 20 100 i
*>192.168.2.0/24 2.2.2.2 20 100 i
*>192.168.3.0/24 2.2.2.2 20 100 i
In BGP routing table, there are four routes 192.168.0.0/24, 192.168.1.0/24 and
192.168.2.0/24, 192.168.3.0/24 except the aggregated route 192.168.0.0/22.
The parameter count <count> indicates the number of subnetworks which
are waiting to implement aggregation. <count> ranges from 0 to 255 and the
default value is 1, which means the number of subnetworks has to exist in
IGP. If the parameter is 0, that means advertise the route 192.168.0.0/22 when
any subnetwork of 192.168.0.0 255.255.252.0 appears in IGP routes. If the
parameter is 1 or other value, the following command is required using to specify
the related subnetwork segment.
aggregate-address <ip-address><net-mask> subnet <subnet-address><subnet-mask>
The above command means that the routing information can be aggregated and
advertised only when the specified subnetwork routing information appears in IGP
routing table and the route number satisfies the defined count number.
2. Aggregate Routes using the Parameter count and subnet
5-23

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
When IGP ran by S1 confirms that the three routes 192.168.1.0/24,

192.168.2.0/24 and 192.168.3.0/24 exist in the routing table, it will send the
aggregated route 192.168.0.0/22 to S2.
S1(config-bgp)#aggregate-address 192.168.0.0 255.255.252.0
count 3 summary-only
subnet 192.168.1.0 255.255.255.0
subnet 192.168.2.0 255.255.255.0
subnet 192.168.3.0 255.255.255.0
S1(config-bgp)#exit
For that moment, as long as these three routes 192.168.1.0/24, 192.168.2.0/24

and 192.168.3.0/24 are normal, S2 will send an aggregated route 192.168.0.0/22
to S1 no matter whether 192.168.0.0/22 normal or not. However, if any one
of these three routes is abnormal, S2 will not advertise the aggregated route
192.168.0.0/22.
Configuring BGP Route Attribute and Route Filtering

l The concept of BGP Attributes
BGP defines various attributes. each attribute has its own function, that is why BGP
is the most flexible route protocol with the best expansibility and high controllability.
BGP routING attribute is the core concept of BGP route protocol. It is a group of
parameters sent to the connected peer in UPDATE packets. These parameters
records BGP routing information for route selection and filter, which can be considered
as Metric.
Route attributes are divided into four types:
à Well-known mandatory attributes
à Well-known discretionary attributes
5-24

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
à Optional transitive attributes

à Optional nontransitive attributes
The attribute Well-known is identified by all BGP routers. Each UPDATE message
has to contain the attribute mandatory, but the attribute discretionary is optional.
For an optional attribute, it is not supported by all BGP routers. When BGP does not
support an attribute, if it is transitive, it will be accepted and sent to other BGP peers.
If this attribute is nontransitive, it willl be ignored and not sent to other peers.
RFC1771 defines No.1-7 BGP route attribute, as follows:
à No.1: ORIGIN
Route origin, that is the AS that generate this routing information.
à No.2: AS_PATH
AS path, that is the AS group or series which has been passed by route entry.
à No.3: NEXT-HOP
The next hop address. IBGP connection will not change NEXT-HOP sent by
EBGP.
à No.4: MULTI_EXIT_DISC
It is used to distinguish many exits to other ASs, which is used by local AS router.
à No.5: LOCAL-PREF
It is transmitted within the local AS, indicating the priority of each path.
à No.6: ATOMIC_AGGREGATOR
à No.7: AGGREGATOR
à No.8: RFC1997 defines another common attribute: COMMUNITY
Here, No.1, 2 and 3 attribute are well-known mandatory attributes. No.5 and 6 are
well-konwn discretionary attributes. No.7 and 8 are optional transitive attributes. No.4
is optional nontransitive attribute. They have different priorities, LOCAL-PREF has the
highest priority, and the second one is AS-PATH and ORIGIN.
For other attributes used by BGP, please refer to FRC documentation.
l Filtering Routes by Route Map

The bases of performing BGP are route filter and attribute configuration. By means
of route filter, the input or output route attributes can be controlled.
Route map is used to control routing information, which redistributes routes between
routing areas by defining rules. The route map usually cooperates with the route
attributes to decide route.
To filter routes by route map, perform the following steps.
5-25

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config)#route-map <map-tag>[permit | This defines a route map.

deny][<sequence-number>]
2 ZXR10(config)#ipv4-access-list { name <acl-name>} This configures serial number,

name or alias to an ACL in
standard ACL configuration
mode.
ZXR10(config-ipv4-acl)#rule <rule-no >{permit | This defines the rule of

deny}{<source>[<source-wildcard>]| any} standard ACL.
3 ZXR10(config)#router bgp <as-number> This starts BGP process

and specifies AS number of
router.
ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-gr This defines a route map.

oup-name>] route-map <map-tag>{in | out}
<map-tag> Name of route mapping, the length is 1-31 characters.
permit Permits redistribution or policy routing tag if the route map

meets the matching condition
deny Denies redistribution or policy routing tag if the route map

meets the matching condition
<sequence-number> Sequence No. in the range of 0-65535
<acl-name> Standard ACL list name, the length is 1-31 characters.
<rule-no > ACL rule range: 1-2147483644.
permit Permit the packets matching with the rule to pass
deny Deny the packets matching with the rule to pass
<source> Source IP address
<source-wildcard> Wild mask of source IP address
any Any source IP address
5-26

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<map-tag> Name of route mapping, the length is 1-31 characters
in | out It applies to in or out
As shown in Figure 5-9, S1 and S2 set up EBGP connection between them. Configure
a route-map on S1. The route-map permits to advertise network 172.3.0.0/16 to
AS200, and set the MED value as 5.
Figure 5-9 Filter Routes by Using Route-Map
S1(config-bgp)#neighbor 182.17.20.1 route-map MAP1 out
S1(config-bgp)#neighbor 182.17.20.1 send-med
S1(config-bgp)#exit
S1(config)#route-map MAP1 permit 10
S1(config-route-map)#match ip address 1
S1(config-route-map)#set ip metric 5
S1(config-route-map)#exit
S1(config)#ipv4-access-list 1
S1(config-ipv4-acl)#rule 10 permit 172.3.0.0 0.0.255.255
5-27

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
When filtering route through route map, the match and set commands are usually used
together with route map. The match command defines the matching standard. The
set command defines the action satisfying matching standard.
Use the neighbor 182.17.20.1 send-med command to send MED attribute with
advertising routes to neighbor 182.17.20.1.
To view BGP routing table on S2, use the show ip bgp route command.
*>172.3.0.0/16 182.17.20.2 5 20 100 i

07:18:49 received from 182.17.20.2 (172.3.0.1)
Origin ?, nexthop 182.17.20.2,metric 5,
As path [100]
As4 path
The above result shows that S2 learns the route from 172.3.0.0/16 only, and its MED
value is 5.
l Filtering Routes by Using NLRI

To restrict a router to receive or advertise routing information, filter the route updating
packets from or send to a special device. The filter includes a update list sent to
neighbor, or a list coming from neighbor.
To configure NLRI to filter route, perform the following steps.
1 ZXR10(config)#route-map <map-tag>[permit | This defines a route-map.

2 ZXR10(config)#ipv4-access-list { name <acl-name>} This enters standard ACL

specifies ACL sequence
number, name and alias.

5-28

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3 ZXR10(config)#router bgp <as-number> This enters BGP route

configuration mode.
ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-gr This defines a route map,

oup-name>] route-map <map-tag>{in | out} filtering the routes which are
advertised by neighbor or are
sent to neighbor.
in implies the input route.
out implies the output route.
<map-tag> Name of route mapping, the length is 1-31 characters
permit Permit redistribution if the route mapping matches

condition
deny Do not permit redistribution if the route mapping matches

condition
<sequence-number> Sequence number, 0-65535
<acl-name> Standard ACL table name, the length is 1-31 characters
permit Permit the packets matching rule to pass
deny Deny the packets matching rule to pass
<map-tag> The name of route mapping, the length is 1-31 characters
in | out It applies to in or out
5-29

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
As shown in Figure 5-10, S1 and S2 are a pair of IBGP peers, S1 and S3 are a pair
of EBGP peers, S2 and S4 are a pair of EBGP peers, S2 and S4 are a pair of EBGP
peers. To avoid AS100 to act as transitive AS and prevent S1 from advertising network
segment 192.18.10.0/24 of AS300 to AS200, configure filter function on S1.
Figure 5-10 Filtering Route by Using NLRI
Configuration on S1(The following content omits configuration of port and IGP):

S1(config-bgp)#neighbor 182.17.20.1 route-map MAP1 out
S1(config-bgp)#exit
S1(config)#route-map MAP1 permit 10
S1(config-ipv4-acl)#rule 1 deny 192.18.10.0 0.0.0.255
The route-map command and ACL are used to prevent S1 from advertising the route
with prefix 192.18.10.0/24 to AS200, that is, this route is filtered on S1. Therefore, S3
can not learn the route 192.18.10.0/24.
To view BGP routing table on S3, use the show ip bgp route command.
*>192.168.11.0/24 182.17.20.2 20 300 100 i
5-30

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
*>192.168.12.0/24 182.17.20.2 20 300 100 i

*>192.168.13..0/24 182.17.20.2 20 300 100 i
The above result shows S3 locating at AS200 does not learn the route pointing to
192.18.10.0/24.
l Restricting the Number of Route Advertisements Received by Neighbor
To restrict the number of route received by a neighbor, perform the following steps.

router.
2 ZXR10(config-bgp)#neighbor <ip-address> This configures the number of

maximum-prefix <value>[<threshold-value>| route received by a neighbor.
drop-routes | restart <time>| warning-only]
<ip-address> Neighbor IP address, in dotted decimal notation
<value> The maximum number of routes received by a neighbor,

the range is 1-4294967295, and the default value is
4294967295
<threshold-value> Generate an alarm when the number of the received

routes reaches to the threshold value, the unit is %.
drop-routes Drop the routes when the number of the received routes
exceeds the threshold value
<time> The connection will be disconnected when the number of

the received routes exceeds the threshold value, and set
up neighborhood after waiting a specified time. The unit is
minute, the range is 1-30000
warning-only Print the alarm when the number of the received routes
exceeds the threshold value
As shown in Figure 5-11, S1 can receive 10 routes advertised by S2 at most, and it will
drop routes if more than 10 routes are received. S2 can receive 20 routes advertised
by S1, and neighborhood will be disconnected and set up again after 10 minutes if
more than 20 routes advertised by S1.
5-31

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-11 Restrict the Number of Route Advertisements Received by Neighbor
S1(config-bgp)#neighbor 10.1.1.1 maximum-prefix 10 drop-routes
S2(config-bgp)#neighbor 10.1.1.2 maximum-prefix 20 restart 1
Without the configuration of time for waiting reconnection (use parameter warning-onl
y) , when S1 advertises more than 20 routes to S2, S2 will display the alarm information
only.
S2(config-bgp)#neighbor 10.1.1.2 maximum-prefix 20 warning-only
l Filtering Routes by Using AS_PATH
AS-PATH is a well-known mandatory attribute. The attribute is a path filed, which is
composed of a series of AS numbers passing by a route pointing to one destination.
When the origin AS initiates a route to other external BGP peers, it will add its AS
number into the route. Subsequently, each route receiver will add its AS number into
route and place AS number on the head of AS sequence when sending the route to
other BGP peers.
BGP adopts AS-PATH as the factor of its route update to realize no-loop topology
of Internet. Each route contains a list with all passed AS numbers. When the route
is advertised to its origin AS, AS examines its AS number has been existed in AS
sequence, and it will not accept this route. Meanwhile, AS-PATH will be used for
deciding the optimum route. When multiple routes (their attributes except for AS-PATH
are the same) to the same destination are available, BGP will select a route with
the shortest path as the optimum route according to AS-PATH. Therefore, increasing
AS-PATH can affect BGP route selection.
When all routes of one or multiple AS require filtering, the filter method based on
AS-PATH is usually adopted.
5-32

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config)#route-map <map-tag>[permit | This defines a route-map

2 ZXR10(config)#ip as-path access-list <access-list-numbe This defines an ACL related

r>{permit | deny}<as-regular-expression> to BGP AS_PATH.
3 ZXR10(config)#route-map <map-tag>[permit | This enters route mapping

deny][<sequence-number>] configuration mode.
ZXR10(config-route-map)#set as-path prepend This modifies BGP route AS

<as-path-number>[<as-path-number>] path. as-path-number ranges
from 1 to 65535 or 1 to
4294967295.
<map-tag> The name of route mapping, the length is 1-31 characters.

condition

condition
<sequence-number> Sequence number, ranging from 0-65535
<access-list-number> The number of regular express access list

condition

condition
<as-regular-expression> Use AS represented as regular express in access list
As shown in Figure 5-12, in Internet, the route to 10.10.0.0/24 of AS 100 is the optimum
path, and the path must be AS500→AS300→AS200→AS100.
5-33

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-12 Filtering Routes by Using AS_PATH
Egress router of AS100 configuration:

ZXR10_AS100(config)#router bgp 100
ZXR10_AS100(config-bgp)#network 10.0.1.0 255.255.255.0
ZXR10_AS100(config-bgp)#neighbor 192.168.1.2 remote-as 400
ZXR10_AS100(config-bgp)#neighbor 192.168.1.2 activate
ZXR10_AS100(config-bgp)#neighbor 192.168.1.2 route_map PATH out
ZXR10_AS100(config-bgp)#exit
ZXR10_AS100(config)#ipv4-access-list 1
ZXR10_AS100(config-ipv4-acl)#permit 10.1.0.0 0.0.0.255
ZXR10_AS100(config-ipv4-acl)#exit
ZXR10_AS100(config)#route-map PATH permit 0
ZXR10_AS100config-route-map)#match ip address 1
ZXR10_AS100(config-route-map)#set as-path prepend 100 100 100 100
ZXR10-AS100(config-route-map)#exit
By means of routing policy, AS_PATH is configured on the advertised route. Thus, the
route from AS 500 to AS 100 is changed.
To view BGP routing table on a router in AS500, use the show ip bgp route command.
ZXR10_AS500#show ip bgp route
5-34

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
*>10.0.1.0/24 192.168.1.17 20 300 200 100 i

*>10.0.2.0/24 192.168.1.17 20 300 200 100 400 i
*>10.0.3.0/24 192.168.1.17 20 300 200 i
*>10.0.4.0/24 192.168.1.17 0 300 i
*>10.1.0.0/24 192.168.1.17 20 300 200 100 i
>10.1.0.0/24 192.168.1.13 20 400 100 100 100 100 100 i
ZXR10_AS500#show ip bgp route detail 10.1.0.0 255.255.255.0

01:19:50 received from 192.168.1.11 (10.0.2.1)
Origin ?, nexthop 192.168.1.13,
As path [400 100 100 100 100 100]
As4 path
AS 500 realizes that there are 6 ASs passing by the route from AS 400 to AS 100, and
3 ASs passing by the route if it is from AS 300 to AS 100. Therefore, BGP will select
the routing that passes the less ASs if other priorities are the default settings. That is,
the routing that is from AS 300 to AS 100 satisfies the configuration requirement.
l Selecting Routes by Using LOCAL_PREF
Local_PREF is a well-known discretionary attribute. The default value is 100.
When a BGP router broadcasts routes to other BGP routers in the same AS, this
attribute shall be used. The value of attribute has influence on the path priority directly.
The route with the highest priority will be chosen as the optimum path. This attribute
also affects the local outbound traffic, and it is only used for local AS, that is, other
ASs will not affected by this attribute. Local-PREF is only exchanged between IBGP
neighbors, and it will not be advertised to EBGP neighbors.


specifies ACL sequence
number, name or alias.


ZXR10(config-route-map)#set local-preference This specifies priority value

<value> for AS. 0-4294967295, and
the default value is 100.
5-35

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

condition

condition
<acl-name> Standard ACL list name, the length is l-31 characters.
permit Permit the matched packets to pass
deny Deny the matched packets to pass
As shown in Figure 5-13, S1, S2 and S3 adopts IBGP full connection. Use BGP
LOCAL-PREF attribute to meet the requirement that all egress services arrive AS300
by using the egress of S1.
5-36

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-13 Select Route by Using LOCAL_PREF Attribute
S1(config-bgp)#neighbor 172.16.1.2 activate
S1(config-bgp)#neighbor 172.16.1.2 route-map Local_Pref in
S1(config-bgp)#exit
S1(config-ipv4-acl)#permit any
S1(config)#route-map Local_Pref permit 10
S1(config-route-map)#set local-preference 200
5-37

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S2(config-bgp)#neighbor 172.16.0.2 route-map Local_Pref in
S2(config)#route-map Local_Pref permit 10

*>i 10.0.0.0/24 192.168.1.6 200 200 300 i
*i 10.0.0.0/24 192.168.1.2 100 200 300 i

01:24:10 received from 192.168.1.2 (172.16.0.1)
Origin ?,nexthop 192.168.1.2, localpref 100,
as path [300]
01:21:46 received from 192.168.1.6 (172.16.1.1)
origin i,nexthop 192.168.1.6, localpref 200,
As path [300]
As4 path
Modify the Local_Pref value of S3 to specify an egress for the service. In this example,
the traffic going to 10.0.0.0/24 of AS300 are forwarded by S1 preferably. Therefore,
the route coming from S1 has higher Local_Pref value.
l Selecting Route by Using MED
MED is an optional nontransitive attribute. MED is used to affect the inbound service
flow. When there are many ingress in an AS, the one with the smallest MED will be
the ingress for external neighbor router entering AS. The default MED value is 0.

5-38

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

configures ACL number,
name and alias.


ZXR10(config-route-map)#set metric [+ | This sets the MED of BGP.

-]<metric-value>
<map-tag> The name of route mapping, the length is 1-31 characters

condition

condition
<acl-name> Standard ACL list name, the length is l-31 characters.
permit Permit the matched packets to pass
deny Deny the matched packets to pass
+ Add MED value
- Decrease MED value
<metric-value> MED value, the range is 0-4294967295
5-39

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
As shown in Figure 5-14, AS 100 and AS 400 are interconnected by two links.
Configure AS100 to make AS400 select link 1 to route to AS100 preferably.
Figure 5-14 Select Route by Using MED
Configuration on S1(The following content omits configuration of port and IGP):

S1(config-bgp)#neighbor 192.168.1.2 route-map Med1 out
S1(config-bgp)#neighbor 192.168.2.2 route-map Med2 out
S1(config-bgp)#exit
S1(config)#route-map Med1 permit 10
S1(config)#route-map Med2 permit 10
5-40

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2(config-bgp)#exit
To view BGP routing table on S2, use show ip bgp route.

S2(config-bgp)#show ip bgp route
*>10.0.1.0/24 192.168.2.1 50 20 100 i
*10.0.1.0/24 192.168.1.1 100 20 100 i
*>10.0.2.0/24 0.0.0.0 0 i
S2(config)#show ip bgp route detail 10.0.1.0 255.255.255.0

01:44:13 received from 192.168.2.1 (10.0.1.1)
origin i,nexthop 192.168.2.1,metric 50,
as path [100]
01:47:25 received from 192.168.1.1 (10.0.1.1)
As path [100]
As4 path
By means of MED modification, S2 selects the link 1 (MED value is 50 smaller than
that of link 2) to route to AS 100 preferably.
l Configuring BGP Community String Attributes
The community string attributes are optional transitive attributes. The community is a
group of destination routes with one or more common features. It has 4 bytes, the first
2 bytes are AS number and the last 2 bytes are identifier. When aggregate community
routes, the aggregated route inherits all the community attributes from all routes.
The definitions of several well-known community attributes are given as follows:
à no-export: Advertisement to EBGP neighbors is disabled.
à no-advertise: Advertisement to any BGP neighbors is disabled.

à no-export-subconfed: Forbid to advertise the route with this attribute to
confederation outside.
à local-AS: Advertise the route with this attribute to BGP neighbor routers in AS.
à Internet: Advertise the route with this attribute to all other routers.
5-41

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
To configure BGP community string attributes, perform the following steps.
1 ZXR10(config)#route-map <map-tag>[permit | This defines a route map.

2 ZXR10(config)#ip prefix-list <prefix-list-name>[seq This configures a list of

<seq-number>]{permit | deny}<network-num><len>[ge address prefixes. It is used
<value>| le <value>] to filter the advertisements of
routing protocol.

ZXR10(config-route-map)#set as-path prepend This modifies BGP route AS

<as-path-number>[<as-path-number>] path.
ZXR10(config-route-map)#set local-preference This specifies priority for AS

<value> path.
ZXR10(config-route-map)#setip metric [+ | This configures the metric of

-]<metric-value> routing.
ZXR10(config-route-map)#set community This sets community attribute

{none |[additive]{no-advertise | no-export | of BGP route.
no-export-subconfed |<aa:nn>|<nn>}[{no-advertise |
no-export | no-export-subconfed |<aa:nn>|<nn>}]}
ZXR10(config-route-map)#set dampening This sets BGP route

<half-life><reuse><suppress><max-suppress-time> dampening.

condition

condition
<prefix-list-name> The name of prefix-list, the length is 1-31 characters
seq <seq-number> Sequence number of prefix-list entry. The matching

starts from the one with smaller value. The range is
1-4294967294
5-42

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
permit If a IP address to be filtered is in the range of prefixes of

the entry, do not perform further matching.
If a IP address to be filtered is not in the range of prefixes
of the entry, perform further matching.
deny If a IP address to be filtered is in the range of prefixes

of the entry, the IP address will be filtered and do not
perform further matching.
If a IP address to be filtered is not in the range of prefixes
of the entry, perform further matching.
<network-num> Specify the range of IP address prefixes
<len> Specify the length of mask of IP address, the range is 0-32
ge <value> Specify the matching range of IP address prefixes, and

the length of the prefix of the matched IP address needs
to be larger than the specified value. The value ranges
from 1-32
le <value> Specify the matching range of IP address prefixes, and

the length of the prefix of the matched IP address needs
to be smaller than the specified value. The value ranges
from 0-32
1. Marking the Routes with Community
As shown in Figure 5-15, AS600 configures attribute values for the route coming
from different ASs. The attribute of AS300 is 300:1, and attribute of AS400 is
400:1.
5-43

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-15 Use Community to Control Routes
AS300 router (The following content omits configuration of port and IGP)
configuration:
ZXR10_AS300(config-bgp)#neighbor 192.168.1.18 route-map community out
ZXR10_AS300(config-bgp)#neighbor 192.168.1.18 send-community
ZXR10_AS300(config)#ip prefix-list AS200 seq 5 permit 10.0.3.0 24
ZXR10_AS300(config)#route-map Community permit 10
ZXR10_AS300(config-route-map)#match ip address prefix-list AS200
ZXR10_AS300(config-route-map)#set community 300:1
ZXR10_AS300(config-route-map)#exit
configuration:

5-44

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10_AS400(config-bgp)#neighbor 192.168.1.14 route-map community out

ZXR10_AS400(config-bgp)#neighbor 192.168.1.14 send-community
ZXR10_AS400(config)#ipv4-access-list 1
ZXR10_AS400(config-ipv4-acl)#rule 1 permit any
ZXR10_AS400(config-ipv4-acl)#exit
ZXR10_AS400(config)#route-map Community permit 10
ZXR10_AS400(config-route-map)#match ip address 1
ZXR10_AS400(config-route-map)#set community 400:1
Use show ip bgp route to view BGP routing table on AS600.
ZXR10_AS600(config)#show ip bgp route

*>10.0.1.0/24 192.168.1.13 20 400 100 i
*>10.0.2.0/24 192.168.1.13 20 400 i
*>10.0.3.0/24 192.168.1.17 20 300 200 i
* 10.0.3.0/24 192.168.1.13 20 400 100 200 i
*>10.0.4.0/24 192.168.1.13 20 400 100 200 300 i
ZXR10_AS600(config)#show ip bgp route detail 10.0.3.0 255.255.255.0

00:28:52 received from 192.168.1.17 (10.0.4.1)
origin ?,nexthop 192.168.1.17,
community 300:1
as path [300 200]
00:28:54 received from 192.168.1.13 (10.0.2.1)
origin i,nexthop 192.168.1.13,
community 400:1
As path [400 100 200]
As4 path
The BGP routes received by AS600 device are marked, the routes coming from
AS300 are marked as 300:1, and the routes coming from AS400 are marked as
400:1.
2. Filter Routes by Using Community

Configuration requirements: According to Community attribute of AS600, select
route by configuring Local_Pref.
configuration:
5-45

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

ZXR10_AS600(config-bgp)#neighbor 192.168.1.13 route-map Local_Pref in
ZXR10_AS600(config)#route-map Local_Pref permit 10
ZXR10_AS600(config-route-map)#match community-list 1
ZXR10_AS600(config-route-map)#set local-preference 200
ZXR10_AS600(config)#ip community-list 1 permit 400:1
Use show ip bgp route to view BGP routing table of AS600.

ZXR10_AS600(config)#show ip bgp route
*>10.0.1.0/24 192.168.1.13 200 20 400 100 i
*>10.0.2.0/24 192.168.1.13 200 20 400 i
*>10.0.3.0/24 192.168.1.13 200 20 400 100 200 i
* 10.0.3.0/24 192.168.1.17 20 300 200 i
*>10.0.4.0/24 192.168.1.13 200 20 400 100 200 300 i
BGP select the route with higher Local_Pref value preferably. In this example, the
route from AS400 to 10.0.3.0/24 is selected.
BGP Configuration for Large-scale Network

Neighborhood must be established between every two BGP routers in the same AS to
form full interconnection. In this way, with the increasing of the number of IBGP routers,
the number of neighbors will increment by n (n-1)/2 (n is the number of IBGP routers).
To reduce the work load of maintenance and configuration, use route reflector and
confederation.
l Configuring BGP Route Reflector
IBGP routers are not fully connected in an AS, and every IBGP router has more than
100 BGP sessions.
For an AS of a large-scale network, select a IBGP router to be a Route Reflector (RR),
and all other IBGP routers serve as clients. Each client only establishes neighborhood
with RR and then multiple RRs establish neighborhood with each other. All clients
reflect routes through the RR. In this way, the number of neighbors is reduced to n-1.
The clients stand for that IBGP neighbors which set up full interconnection with the
RR. The clients form a group. IBGP neighbors of the RR whom do not belong to the
group are non-clients.
When a route is received by RR, it will be reflected according to the different peer
types.
5-46

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
à If the update message is sent by an EBGP neighbor, then advertise it to all clients
and non-clients.
à If the update message is sent by a non-client, then advertise it to clients.
à If the update message is sent by a RRC, then advertise it to all clients and
non-clients except the originator of this update message.
When multiple RRs are available in an AS, divide many RRs belonging to the same
AS to a cluster. An AS can have many clusters, and a cluster has one RR at least.
Note that RR is recommended to use only when every router holds more than 100
BGP sessions in an AS.
To configure BGP RR, perform the following steps.

router.
2 ZXR10(config-bgp)#bgp cluster-id {<value>|<ip-add This configures the cluster ID

ress>} of a RR.
By default, router-ID is the
cluster ID.
3 ZXR10(config-bgp)#neighbor [<ipv4-address>|<peer-gr This sets a neighbor or

oup-name>] router-reflector-client neighbor peer group to route
reflector client peer.
<value> Cluster ID, the range is 1-4294967295
<ip-address> Cluster ID, in dotted decimal notation
<ipv4-address> IPv4 address, in the dotted decimal notation
<peer-group-name> The name of peer-group
As shown in Figure 5-16, S1, S2 and S3 are IBGP neighbors but they are not fully
connected. Configure a router reflector to make S3 forward the routes received by an
IBGP neighbor to another IBGP neighbor. Considering IBGP neighbors are not fully
interconnected in AS600, configure router reflector to avoid full interconnection.
5-47

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-16 BGP Route Reflector Configuration Example
Configuration on S1 (The following content omits the configuration of port and IGP):
S1(config-bgp)#exit
Configuration on S2 (The following content omits the configuration of port and IGP):
S2(config-bgp)#bgp cluster-id 3.3.3.3
S2(config-bgp)#neighbor 192.168.1.2 route-reflector-client
S2(config-bgp)#exit
5-48

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S3(config-bgp)#exit

S1(config)#show ip bgp route
Network NextHop Metric LocPrf RtPrf Path
*> 10.0.0.0/24 172.16.1.2 20 300 i
*>i 10.0.1.0/24 192.168.1.2 100 200 400 i

05:04:45 received from 192.168.1.5 (192.168.1.1)
origin i,nexthop 192.168.1.2,localpref 100, originator_id 172.16.0.1
cluster_list 3.3.3.3
As path [400]
As4 path

*>i 10.0.0.0/24 192.168.1.6 100 200 300 i
*> 10.0.1.0/24 172.16.0.2 20 400 i

05:05:19 received from 192.168.1.1 (192.168.1.1)
origin ?,nexthop 192.168.1.6,localpref 100, originator_id 172.16.1.1
cluster_list 3.3.3.3
As path [300]
As4 path
Here, S1 and S2 learn the route from their peers respectively.

l Configuring BGP Confederation
The function of route confederation is the same to that of RR. The route confederation
is used to reduce the number of BGP neighbor connections in an AS. Route
confederation divides an AS into many sub-ASs, and the IBGP routers in the AS
belong to different sub-ASs. IBGP is established inside each sub-AS, and EBGP is
established among sub-ASs. Sub-ASs are invisible to the external AS.
To configure BGP Confederation, perform the following steps.
5-49

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

router.
2 ZXR10(config-bgp)#bgp confederation identifier This sets confederation ID,

<value> the range is 1-65535.
3 ZXR10(config-bgp)#bgp confederation peers This configures the AS

<value>[<value>] number of confederation
peer. The range is 1-65535
As shown in Figure 5-17, use confederation to avoid IBGP full connection in AS600.
Figure 5-17 BGP Confederation Configuration Example
Configuration on S2(The following content omits the configuration of port and IGP):
S2(config-bgp)#bgp confederation identifier 600
S2(config-bgp)#bgp confederation peers 65001 65002
5-50

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S2(config-bgp)#exit
Configuration on S4(The following content omits the configuration of port and IGP):
S4(config-bgp)#bgp confederation identifier 600
S4(config-bgp)#bgp confederation peers 65003
S4(config-bgp)#exit

*>i 10.0.0.0/24 172.16.1.2 100 200 65002 i
*> 10.1.0.0/24 172.16.2.2 20 500 i
The output above shows that there is a route pointing to S4 on S2.

*>10.0.0.0/24 0.0.0.0 0 i
*>10.1.0.0/24 172.16.2.2 100 200 65003 500 i

06:27:14 received from 172.16.1.1 (172.16.1.1)
origin i,nexthop 172.16.2.2,localpref 100,
As path (65003) [500]
As4 path
The output above shows that there is a route pointing to AS500 on R4.
A larger AS is divided into some smaller ASs, and these samller ASs are connected
by EBGP. Each AS acts as an independent BGP AS to run IBGP.
A complete AS only runs an IGP protocol, and every sub-AS has IGP routing
information of all other sub-ASs.
l Configuring BGP Route Dampening
5-51

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
BGP provides a mechanism called Route Dampening to reduce the network

instability caused by route flapping. Since the update and cancellation messages
are transmitted in network continually when route flapping occurs, the bandwidth and
router processing resource are used a lot.
The principle of BGP route dampening is that allocate a penalty of 1000 to route
whenever the route flapping occurs. When the penalty reaches to a suppress-limit, the
advertisement of the route will be suppressed. The penalty decreases geometrically
after passing every half-life-time. When the penalty reduces to the reuse-limit, the
route advertisement dampening will be cancelled.
The following values are used by BGP route dampening.
à Half-life-time: Ranging from 1 to 45 minutes (The default value is 15 minutes)
à Reuse-value: Ranging from 1 to 20000 (The default value is 750)
à Suppress-value: Ranging from 1 to 20000 (The default value is 2000)

à Max-suppress-time: Ranging from 1 to 255 (The default value is four times of the
value of half-life-time)
To configure BGP route dampening, perform the following steps.

router.
2 ZXR10(config-bgp)#bgp dampening [<half-life><reuse This activates BGP route

><suppress><max-suppress-time>| route-map <map-tag>] dampening and modifies the
factors of route dampening.
<half-life> Half-life, the range is 1-45, the default value is 15 and

the unit is minute.
<reuse> Reuse value, the range is 1-20000, and the default value
750
<suppress> Route suppress value, the range is 1-20000, and the

default value is 2000
<max-suppress-time> The maximum suppress time, the range is 1-255, the

default value is 60, and the unit is minute
<map-tag> Available route mapping tag, the length is 1-31 characters.
5-52

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Enable BGP route dampening function on router. Set the half-life is 30 minutes, the
re-use value is 500, and the suppress value is 2000, the maximum suppress time is
120 minutes.
ZXR10(config-bgp)#bgp dampening 30 500 2000 120
ZXR10(config-bgp)#network 203.250.15.0 255.255.255.0
ZXR10(config-bgp)#neighbor 192.208.10.5 remote-as 300
ZXR10(config-bgp)#exit
Use show ip bgp protocol to view the configuration of route dampening on router.
ZXR10#show ip bgp protocol
BGP router ID is 1.1.1.2, Local as is 1
Hold time is 90 seconds, KeepAlive time is 30 seconds
Default local preference is 100
Default export metric is 0
IPv4 IGP synchronization is disabled
IGP synchronization is disabled
Default information advertise is disabled
Always compare med is disabled
Fast fallover is enabled
Client-to-client reflection is enabled
Enforce-first-as is enabled
IPv4 client-number: 1
Ipv4 unicast is activated
BGP FRR is disabled
BGP IPv6 frr is disabled
Router target is filtered
Graceful restart is disabled
As-path ignore is disabled
Router-id ignore is disabled
BGP advertise-active-only is disabled
BGP VPNv4 advertise-active-only is disabled
BGP IPv4 rib-only is disabled
Route dampening enabled, halflife-time is 30,
reuse is 500, suppress is 2000, max-suppress-time is 120
Distance : external 20 internal 200
Here, the route dampening mechanism is activated. The half-life is 30 minutes, the
reuse value is 500, and the suppress value is 2000, and the maximum suppress time
is 120 minutes.
l Configuring BGP Peer Group
BGP peer group is to implement cluster management to BGP peer, which adds
peers into the uniform peer group and configure them. In this way, reduce the work
5-53

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
load of peer configuration, simply the configuration process and manage peers in
classification, improve the reliability and convenience of maintenance.

router.
2 ZXR10(config-bgp)#neighbor <word> peer-group This creates a BGP peer

group. The length of peer
group ranges from 1 to 16
characters.
3 ZXR10(config-bgp)#neighbor <word> remote-as This configures an AS number

<number> of a neighbor peer group.
4 ZXR10(config-bgp)#neighbor <ip-address> peer-group This adds a neighbor to BGP

<word> peer group.
<word> Name of peer group, the length is 1-16 characters
<word> Name of peer group, the length is 1-16 characters.
<number> AS of neighbor, the range is 1-65535 or 1-4294967295
<ip-address> IPv4 address of neighbor, in dotted decimal notation
<word> Name of peergroup, the length is 1-16 characters
Create a BGP peer group. The name of the group is zte. In the AS100, add neighbors
192.168.0.2 and 192.168.0.3 to the group. Run the following command:

ZXR10(config-bgp)#neighbor zte peer-group
ZXR10(config-bgp)#neighbor zte remote-as 100
ZXR10(config-bgp)#neighbor 192.168.0.2 peer-group zte
ZXR10(config-bgp)#neighbor 192.168.0.3 peer-group zte
5-54

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
5.3 Maintaining BGP

If a BGP routing fault occurs, use debugging commands to locate and remove the fault.
The following show commands are the frequently used ones. They can be used to check
the current status of a BGP neighbor and the BGP routing information learned by a router.
To maintain BGP, use the following commands.
Command Function
ZXR10#show ip bgp protocol Displays the configuration of the

local BGP module.
ZXR10#.show ip bgp neighbor Displays an adjacent BGP

neighbor and the corresponding
status.
ZXR10#show ip bgp route [network <ip-address>[mask Displays entries in a BGP routing

<net-mask>]] table.
ZXR10#show ip bgp summary Displays the status of all BGP

neighbor connections.
The following is sample output from the show ip bgp protocol command:
ZXR10#show ip bgp protocol
BGP router ID is 1.1.1.2, Local as is 1
Hold time is 90 seconds, KeepAlive time is 30 seconds
Default local preference is 100
Default export metric is 0
IGP synchronization is disabled
Default information advertise is disabled
Always compare med is disabled
Fast fallover is enabled
Client-to-client reflection is enabled
Enforce-first-as is enabled
IPv4 client-number: 1
Ipv4 unicast is activated
BGP FRR is disabled
BGP IPv6 frr is disabled
Router target is filtered
Graceful restart is disabled
As-path ignore is disabled
Router-id ignore is disabled
BGP advertise-active-only is disabled
BGP VPNv4 advertise-active-only is disabled
5-55

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

Route dampening is disabled
Distance : external 20 internal 200
Hold time is 90 seconds, KeepAlive The hold period is 90 seconds, and the keep-alive period is
time is 30 seconds 30 seconds.
Default local preference is 100 By default, the priority of the local router is 100.
Default export metric is 0 By default, the export metric value is 0.
Distance : external 20 internal 200 The external administrative distance is 20, and the internal
administrative distance is 200.
The following is sample output from the show ip bgp neighbor command:
ZXR10#show ip bgp neighbor
Neighbor capabilities:
Route refresh: advertised and received
Address family IPv4 Unicast: advertised and received
All received 10 messages
0 updates, 0 errs
1 opens, 0 errs
9 keepalives
0 vpnv4 refreshs, 0 ipv4 refreshs, 0 ipv4 multicast refreshs, 0 ipv6 refreshs,
0 errs
0 notifications, 0 other errs
After last established received 8 messages
0 updates, 0 errs
0 opens, 0 errs
8 keepalives
0 errs
All sent 10 messages
0 updates, 1 opens, 9 keepalives
0 notifications
After last established sent 8 messages
0 updates, 0 opens, 8 keepalives
5-56

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
0 notifications
For address family: IPv4 Unicast

All received nlri 0, unnlri 0, 0 accepted prefixes
All sent nlri 0, unnlri 0, 0 advertised prefixes
maximum limit 4294967295
Minimum time between advertisement runs is 30 seconds
Minimum time between origin runs is 15 seconds
......
BGP neighbor is 129.213.1.2, remote The IP address of the BGP neighbor is 129.213.1.2. The peer
AS 65001, external link router belongs to AS65001, and it uses an EBGP connection.
BGP version 4, remote router ID BGP-4 is used. The ID of the peer BGP router is 129.213.1.2.
129.213.1.2
BGP state = Established, up for The neighbor status is Established. The session has been
00:04:21 established for 4 minutes and 21 seconds.
hold time is 90 seconds, keepalive The hold period is 90 seconds, and the keepalive period is
interval is 30 seconds 30 seconds.
Neighbor capabilities: The following content describes the capability of the peer
router.
Route refresh: advertised and The peer supports route refreshing.

received
Address family IPv4 Unicast: The peer supports unicast NLRI.

advertised and received
All received 10 messages Ten messages are received. The messages include one
0 updates, 0 errs open message, nine keepalive messages. A VPNV4 route
1 opens, 0 errs update message is not received. There is no IPv4 route
9 keepalives update message, Notification message, and error message.
0 vpnv4 refreshs, 0 ipv4 refreshs,
0 ipv4 multicast refreshs, 0 ipv6
refreshs, 0 errs
5-57

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
After last established received 8 Eight messages have been received since the neighborhood
messages is established for the last time. They are all keepalive
0 updates, 0 errs messages.
0 opens, 0 errs
8 keepalives
refreshs, 0 errs
All sent 10 messages Ten messages are sent. The messages include 0 update
0 updates, 1 opens, 9 keepalives message, one open message and nine keepalive messages.
refreshs, 0 notifications
After last established sent 8 Eight messages have been sent since the neighborhood is
messages 0 updates, 0 opens, 8 established for the last time. The messages include 0 update
keepalives 0 vpnv4 refreshs, 0 ipv4 message, 0 open message and eight keepalive messages.
refreshs, 0 ipv4 multicast refreshs, 0
ipv6 refreshs, 0 notifications
For address family: IPv4 Unicast Unicast IPv4 route.
All received nlri 0, unnlri 0, 0 accepted NLRI and unnlri messages are not received. The prefix of
prefixes unicast is not received.
All sent nlri 0, unnlri 0, 0 advertised NLRI and unnlri messages are not sent. A prefix of unicast
prefixes is advertised.
Minimum time between advertisement The minimum update interval is 30 seconds.

runs is 30 seconds
Connections established 1 A BGP connection with the peer is established once already.
Local host: 129.213.1.1, Local port: Local IP socket, including the local IP address and TCP port
179 number.
Foreign host: 129.213.1.2, Foreign Peer IP socket, including the peer IP address and TCP port
port: 1024 number.
The following is sample output from the show ip bgp route command:
ZXR10#show ip bgp route

*>10.0.1.0/24 192.168.2.1 50 20 100 i
*10.0.1.0/24 192.168.1.1 100 20 100 i
*>10.0.2.0/24 0.0.0.0 0 i
5-58

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#show ip bgp route detail 10.0.1.0 255.255.255.0

01:44:13 received from 192.168.2.1 (10.0.1.1)
as path [100]
01:47:25 received from 192.168.1.1 (10.0.1.1)
As path [100]
As4 path
l The symbol * indicates that the route is available.
l The symbol > indicates that the route is the best choice.
l The symbol i indicates that this is an IBGP route.
l The route without "i" indicates that this is an EBGP route or a local route.
l The address under the entry of Next-hop is the next-hop address of the BGP route. If
the address is full zero, it means that this route is generated by the router itself.
l The value under the Local-Pre is the priority level of the route that is learned by BGP.
l The field path indicates the origin of this route. Three types are available: IGP, EGP
and incomplete.
The result shows that two routes arriving at 10.0.1.0/24 are valid. The next-hop addresses
are 192.168.2.1 and 192.168.1.1. The optimum route is the route whose nexthop is
192.168.2.1, because its metric value is 50, which is smaller than another route.
Network Destination address.
Next Hop The nexthop of the BGP route. The nexthop represented
as full zero means that the route is generated by the local
router itself.
Metric Metric value.
LocPrf The local priority of the route learnt by BGP.
RtPrf Route priority.
Path Route source. Options: IGP, EGP and incomplete.
The following is sample output from the show ip bgp summary command:
ZXR10#show ip bgp summary
Neighbor Ver As MsgRcvd MsgSend Up/Down(s) State/PfxRcd
1.1.1.1 4 2 14 13 00:06:06 6
1.1.1.3 4 1 6 9 00:02:33 2
5-59

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Neighbor BGP neighbor.
Ver BGP version.
As AS number of a neighbor.
MsgRcvd Number of messages received by BGP.
MsgSend Number of messages sent by BGP.
Up/Down(s) The time for setting up a connection.
State/PfxRcd A number is displayed if the neighborhood is set up, indicating

the number of routes received. A character is displayed if the
neighborhood fails to be set up.
5.4 BGP Configuration Examples

5.4.1 BGP Configuration Example One
Scenario Description
S1 and S2 belong to AS1, S4 belongs to AS2, and S3 and S5 belong to AS3, see Figure
5-18. Loopback addresses of the routers are shown below.
Router Loopback Address
S1 1.1.1.2/32
S2 1.1.1.3/32
S3 1.1.1.4/32
S4 1.1.1.1/32
S5 1.1.1.5/32
5-60

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-18 BGP Configuration Example One
1. Establish an IBGP connection between S1 and S2. Establish an EBGP connection

between S1 and S4. Establish an EBGP connection between S2 and S3.
2. S3 and S5 are interconnected by static routes and OSPF routes.
3. S3 distributes OSPF routes to BGP, and set the metric value of the OSPF route is 122.
4. There are static routes pointing to 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24,
192.168.3.0/24 and 192.168.100.0/24 and 10.1.1.0/24 on R4.
5. S4 distributes its static routes to BGP and sets the metric value to 33. The route of
192.168.100.0/24 requires filtering.
6. Implement route aggregation on S4 and advertise the detailed routes.
7. Ensure that PCs in AS2 can intercommunicate with 20.1.1.0/24 connecting to S5.
8. All routers use the address of Loopback1 as the source address for connection, and
the length of the interconnection address mask is 30 bits.
Configuration Flow
1. Configure a static route.
2. Configure an IGP (OSPF).
3. Enable BGP.
4. Configure a neighbor.
5. Modify a source address.
6. Configure route aggregation.
5-61

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
7. Configure multi-hops.
8. Cancel synchronization.
9. Configure a route-map to filter out specified routes.
10. Modify the metric value of the route to be advertised.
S1(config-bgp)#exit
S1(config)#ip route 1.1.1.1 255.255.255.255 11.1.1.1
S1(config)#ip route 1.1.1.3 255.255.255.255 13.1.1.2

5-62

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S2(config-bgp)#exit
S2(config)#ip route 1.1.1.4 255.255.255.255 12.1.1.1
S2(config)#ip route 1.1.1.2 255.255.255.255 13.1.1.1

S3(config-bgp)#redistribute ospf-int 1 metric 122
S3(config-bgp)#exit
S3(config)#ip route 1.1.1.3 255.255.255.255 12.1.1.2
S3(config-ospfv2)#network 14.1.1.0 0.0.0.3 area 0.0.0.0
S4(config-if-vlan1)#negotiation auto
5-63

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S4(config-bgp)#redistribute static
S4(config-bgp)#aggregate-address 192.168.0.0 255.255.252.0 count 0 as-set
S4(config-bgp)#neighbor 1.1.1.2 route-map test-static out
S4(config-bgp)#exit
S4(config)#ip route 1.1.1.2 255.255.255.255 11.1.1.2
S4(config)#ip route 192.168.100.0 255.255.255.0 10.1.1.2
S4(config)#ip route 192.168.1.0 255.255.255.0 10.1.1.2
S4(config)#ip route 192.168.0.0 255.255.255.0 10.1.1.2
S4(config)#ip route 192.168.3.0 255.255.255.0 10.1.1.2
S4(config)#ip route 192.168.2.0 255.255.255.0 10.1.1.2
S4(config)#route-map test-static permit 10

S5(config)#interface null1
S5(config-if-null1)#exit
S5(config-if-vlan2)#negotiation auto
5-64

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S5(config)#ip route 0.0.0.0 0.0.0.0 14.1.1.1
Run the following command to check the BGP routing table and route forwarding table on
S1.
*>1.1.1.2/32 1.1.1.2 0 ?
*>10.1.1.0/24 1.1.1.1 33 20 2 i
*>11.1.1.0/30 11.1.1.2 0 ?
*>i 12.1.1.0/30 1.1.1.3 100 200 ?
*>13.1.1.0/30 13.1.1.1 0 ?
*i 13.1.1.0/30 1.1.1.3 100 200 ?
*>i 14.1.1.0/30 1.1.1.3 0 100 200 3 ?
*>i 20.1.1.0/24 1.1.1.3 122 100 200 3 ?
*>192.168.0.0/22 1.1.1.1 33 20 2 i
*>192.168.0.0/24 1.1.1.1 33 20 2 ?
*>192.168.1.0/24 1.1.1.1 33 20 2 ?
*>192.168.2.0/24 1.1.1.1 33 20 2 ?
*>192.168.3.0/24 1.1.1.1 33 20 2 ?

IPv4 Routing Table:
1.1.1.1 11.1.1.1 vlan1 static 1 0
1.1.1.3 13.1.1.2 vlan2 static 1 0
10.1.1.0 11.1.1.1 vlan1 bgp 20 33
11.1.1.0 11.1.1.2 vlan1 direct 0 0
11.1.1.2 11.1.1.2 vlan1 address 0 0
12.1.1.0 13.1.1.2 vlan1 bgp 200 0
13.1.1.0 13.1.1.1 vlan1 direct 0 0
13.1.1.1 13.1.1.1 vlan1 address 0 0
14.1.1.0 13.1.1.2 vlan1 bgp 200 0
20.1.1.0 13.1.1.2 vlan2 bgp 200 122
192.168.0.0 11.1.1.1 vlan1 bgp 20 33
192.168.0.0 11.1.1.1 vlan1 bgp 20 33
192.168.1.0 11.1.1.1 vlan1 bgp 20 33
192.168.2.0 11.1.1.1 vlan1 bgp 20 33
192.168.3.0 11.1.1.1 vlan1 bgp 20 33
S2.
5-65

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

*>1.1.1.3/32 1.1.1.3 0 ?
*>i 10.1.1.0/24 1.1.1.2 33 100 200 2 i
*>i 11.1.1.0/30 1.1.1.2 100 200 ?
*> 12.1.1.0/30 12.1.1.2 0 ?
* 12.1.1.0/30 1.1.1.4 0 20 3 ?
*> 13.1.1.0/30 13.1.1.2 0 ?
*i 13.1.1.0/30 1.1.1.2 100 200 ?
*>14.1.1.0/30 1.1.1.4 0 20 3 ?
*>20.1.1.0/24 1.1.1.4 122 20 3 ?
*>i 192.168.0.0/22 1.1.1.2 33 100 200 2 i
*>i 192.168.0.0/24 1.1.1.2 33 100 200 2 ?
*>i 192.168.1.0/24 1.1.1.2 33 100 200 2 ?
*>i 192.168.2.0/24 1.1.1.2 33 100 200 2 ?
*>i 192.168.3.0/24 1.1.1.2 33 100 200 2 ?

IPv4 Routing Table:
1.1.1.2 13.1.1.1 vlan1 static 1 0
1.1.1.4 12.1.1.1 vlan2 static 1 0
10.1.1.0 13.1.1.1 vlan1 bgp 200 33
11.1.1.0 13.1.1.1 vlan1 bgp 200 0
12.1.1.0 12.1.1.2 vlan1 direct 0 0
12.1.1.2 12.1.1.2 vlan1 address 0 0
13.1.1.0 13.1.1.2 vlan1 direct 0 0
13.1.1.2 13.1.1.2 vlan1 address 0 0
14.1.1.0 12.1.1.1 vlan1 bgp 20 0
20.1.1.0 12.1.1.1 vlan2 bgp 20 122
192.168.0.0 13.1.1.1 vlan1 bgp 200 33
192.168.0.0 13.1.1.1 vlan1 bgp 200 33
192.168.1.0 13.1.1.1 vlan1 bgp 200 33
192.168.2.0 13.1.1.1 vlan1 bgp 200 33
192.168.3.0 13.1.1.1 vlan1 bgp 200 33
S3.

5-66

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
*>1.1.1.4/32 1.1.1.4 0 ?
*>10.1.1.0/24 1.1.1.3 20 1 2 i
*>11.1.1.0/30 1.1.1.3 20 1 ?
*>12.1.1.0/30 12.1.1.1 0 ?
*12.1.1.0/30 1.1.1.3 20 1 ?
*>13.1.1.0/30 1.1.1.3 20 1 ?
*>14.1.1.0/30 14.1.1.1 0 ?
*>20.1.1.0/24 14.1.1.2 122 110 ?
*>192.168.0.0/22 1.1.1.3 20 1 2 ?
*>192.168.0.0/24 1.1.1.3 20 1 2 ?
*>192.168.1.0/24 1.1.1.3 20 1 2 ?
*>192.168.2.0/24 1.1.1.3 20 1 2 ?
*>192.168.3.0/24 1.1.1.3 20 1 2 ?

IPv4 Routing Table:
1.1.1.3 12.1.1.2 vlan1 static 1 0
10.1.1.0 12.1.1.2 vlan1 bgp 20 0
11.1.1.0 12.1.1.2 vlan1 bgp 20 0
12.1.1.0 12.1.1.1 vlan1 direct 0 0
12.1.1.1 12.1.1.1 vlan1 address 0 0
13.1.1.0 12.1.1.2 vlan1 bgp 20 0
14.1.1.0 14.1.1.1 vlan1 direct 0 0
14.1.1.1 14.1.1.1 vlan1 address 0 0
20.1.1.0 14.1.1.2 vlan1 ospf 110 2
192.168.0.0 12.1.1.2 vlan1 bgp 20 0
192.168.0.0 12.1.1.2 vlan1 bgp 20 0
192.168.1.0 12.1.1.2 vlan1 bgp 20 0
192.168.2.0 12.1.1.2 vlan1 bgp 20 0
192.168.3.0 12.1.1.2 vlan1 bgp 20 0
S3#show ip forwarding route ospf

IPv4 Routing Table:
20.1.1.0 14.1.1.2 vlan2 ospf 110 2
S4.

*>1.1.1.1/32 1.1.1.1 0 ?
5-67

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
*>1.1.1.2/32 11.1.1.2 1 ?
*>10.1.1.0/24 10.1.1.1 0 i
*>11.1.1.0/30 11.1.1.1 0 ?
*11.1.1.0/30 1.1.1.2 20 1 ?
*>12.1.1.0/30 1.1.1.2 20 1 ?
*>13.1.1.0/30 1.1.1.2 20 1 ?
*>14.1.1.0/30 1.1.1.2 20 1 3 ?
*>20.1.1.0/24 1.1.1.2 20 1 3 ?
*>192.168.0.0/22 0.0.0.0 254 i
*>192.168.0.0/24 10.1.1.2 1 ?
*>192.168.1.0/24 10.1.1.2 1 ?
*>192.168.2.0/24 10.1.1.2 1 ?
*>192.168.3.0/24 10.1.1.2 1 ?
*>192.168.100.0/24 10.1.1.2 1 ?

IPv4 Routing Table:
1.1.1.2 11.1.1.2 vlan1 static 1 0
10.1.1.0 10.1.1.1 vlan2 direct 0 0
10.1.1.1 10.1.1.1 vlan1 address 0 0
11.1.1.0 11.1.1.1 vlan1 direct 0 0
11.1.1.1 11.1.1.1 vlan1 address 0 0
12.1.1.0 11.1.1.2 vlan1 bgp 20 0
13.1.1.0 11.1.1.2 vlan1 bgp 20 0
14.1.1.0 11.1.1.2 vlan1 bgp 20 0
20.1.1.0 11.1.1.2 vlan1 bgp 20 0
192.168.0.0 10.1.1.2 vlan1 static 1 0
192.168.1.0 10.1.1.2 vlan1 static 1 0
192.168.2.0 10.1.1.2 vlan1 static 1 0
192.168.3.0 10.1.1.2 vlan1 static 1 0
192.168.100.0 10.1.1.2 vlan1 static 1 0
Run the following command to test network connectivity between S4 and S5.
S4#ping 20.1.1.1
sending 5,100-byte ICMP echos to 20.1.1.1,timeout is 2 seconds.
!!!!!
S4#trace 20.1.1.1
tracing the route to 20.1.1.1
1 11.1.1.2 20 ms <20ms <20ms
2 13.1.1.2 <20ms <20ms <20ms
3 12.1.1.1 <20ms <20ms <20ms
4 14.1.1.2 <20ms <20ms <20ms
5-68

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
[finished]
S5#ping 10.1.1.2
sending 5,100-byte ICMP echos to 10.1.1.2,timeout is 2 seconds.
!!!!!
S5#trace 10.1.1.2
tracing the route to 10.1.1.2
1 14.1.1.1 <20ms <20ms <20ms
2 12.1.1.2 <20ms <20ms <20ms
3 13.1.1.1 <20ms <20ms <20ms
4 11.1.1.1 <20ms <20ms <20ms
5 * * *
[finished]
Run the following command to test network connectivity on a PC (IP address is 10.1.1.2
255.255.255.0).
C:\Documents and Settings\Administrator>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time=1ms TTL=251
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\Documents and Settings\Administrator>tracert 20.1.1.1

Tracing route to 20.1.1.1 over a maximum of 30 hops
1 <1 ms 6 ms <1 ms 10.1.1.1
2 1 ms 1 ms 1 ms 11.1.1.2
3 1 ms 1 ms 1 ms 13.1.1.2
4 1 ms 1 ms 1 ms 12.1.1.1
5 1 ms 1 ms 1 ms 20.1.1.1
Trace complete.
The test results above show that AS2 can communicate with AS3 normally.
5.4.2 BGP Configuration Example Two

The following describes a BGP instance. In this instance, the application of route
aggregation and static route redistribution are described.
5-69

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S4 and S1 establish an EBGP neighborhood, S1 and S2 establish an IBGP neighborhood,

S2 and S5 establish multi-hops EBGP neighborhood, see Figure 5-19. Assume that four
static routes exist on S4.
S4 only advertises the network segment 192.16.0.0/16 by aggregation, and it uses a route
map to forbid BGP to advertise network segment 170.16.10.0/24. S2 and S5 establish an
EBGP multi-hop connection through S3. Ensure that the addresses used by two routers
(S2 and S5) to establish neighborhood can be pinged mutually.
Figure 5-19 BGP Configuration Example

S2(config)#ip route 183.16.0.0 255.255.0.0 173.16.2.1
5-70

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S4(config-bgp)#exit

S4(config-bgp)#redistribute static
S4(config-bgp)#aggregate-address 192.16.0.0 255.255.0.0 count 0
as-set summary-only
S4(config-bgp)#neighbor 172.16.20.2 route-map torouter1 out
S4(config-bgp)#exit
S4(config-ipv4-acl)#rule 1 deny 170.16.10.0 0.0.0.255
S4(config)#route-map torouter1 permit 10

S5(config)#ip route 173.16.0.0 255.255.0.0 183.16.20.1
Run the show ip bgp summary command to check the neighborhood on S4.
S4(config)#show ip bgp summary
172.16.20.2 4 1 46 140 00:22:35 0
Run the show ip bgp route command to check the BGP routing table on S4.

Status codes: *-valid, >-best, i-internal, s-stale
*> 192.16.0.0/16 0.0.0.0 254 i
*> 192.16.20.0/24 10.9.1.39 1 ?
*> 192.16.21.0/24 10.9.1.39 1 ?
*> 192.16.22.0/24 10.9.1.39 1 ?
*> 170.16.10.0/24 10.9.1.39 1 ?

172.16.20.1 4 2 46 140 00:22:35 1
5-71

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
172.16.1.2 4 1 46 140 00:22:35 0
Run the following command to check the BGP routing table on S1:
*> 192.16.0.0/16 172.16.20.1 20 i 2
183.16.20.2 4 3 46 140 00:22:35 0
172.16.1.1 4 1 46 140 00:22:35 1
*>i 192.16.0.0/16 172.16.1.1 20 i 2
Run the show ip bgp summay command to check the neighborhood on S5.

173.16.20.2 4 1 46 140 00:22:35 1
*> 192.16.0.0/16 173.16.20.2 20 i 1 2
5.4.3 BGP FRR Configuration Example

For the architecture of the BGP FRR configuration, see Figure 5-20.
5-72

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-20 BGP FRR Configuration Example
Configuration Flow
1. Establish EBGP neighbor relations among S1, S2, and S3. Set the priority of the route
learnt from S2 on S1 to 200.
2. Enable the BGP FRR function on S1.
Establish EBGP neighbor relations among S1, S2, and S3, and enable the FRR function
on S1. In the example, the priority of the route learnt from S2 on S1 is set to 200. The
optimal routing path for 1.1.1.150/32 advertised by S3 is S1→S2→S3.
/*Run the following commands to establish EBGP neighbor relations:*/

S1(config-bgp)#bgp frr /*Enables the FRR function*/
S1(config-bgp)#exit
S1(config)#route-map lt /*Configures the route map*/
S1(config-bgp)#neighbor 172.16.1.2 route-map lt in
S1(config-bgp)#exit

S2(config-bgp)#exit

S3(config-bgp)#exit
5-73

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Run the show ip forwarding backup route command to check whether the configuration
can enable the FRR function:
Run the following command to check whether the BGP FRR function is enabled on S1:
S1#show ip forwarding backup route
IPv4 Backup Routing Table:
Dest Gw Interface Owner Pri Metric M/S Status
1.1.1.150/32 172.16.1.2 gei-0/1/1/1 BGP 20 0 M I
1.1.1.150/32 171.16.20.2 gei-0/1/1/2 BGP 20 0 S U
5.4.4 BGP Route Reflector Configuration Example

A BGP route reflector is used to advertise routes between clients, between a client and
a non-client, and between a client and an EBGP. For the procedure of advertising routes
among clients, see Figure 5-21.
Figure 5-21 BGP Route Reflector Configuration Example
Configuration Flow
1. Establish IBGP neighbor relations among S1, S2, and S3.
2. Configure S2 as the RR, and set S1 and S3 as clients of S2.
3. Redistribute a route on S1 and advertise it to S2.
4. S2 reflects this route to S3.
Run the following commands on S1 (the configuration of the interface address is omitted):
S1(config-bgp)#redistribute connected /*Redistribute a directly connected route
for ease of verifying a route*/
S1(config-bgp)#exit
5-74

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S2(config-bgp)#exit
S3(config-bgp)#exit

*> 1.1.1.0/24 1.1.1.1 0 0 ?
Run the following command to check the route reflected by S2 on S3:


i 1.1.1.0/24 1.1.1.1 100 200 ?
5.4.5 BGP and VRRP Linkage Configuration Example

Configure the Virtual Router Redundancy Protocol (VRRP) on a downlink interface. The
virtual address is used as the gateway for accessed devices. The uplink interfaces are
connected through the BGP (IBGP, EBGP, MP-IBGP, and MP-EBGP), see Figure 5-22.
To guarantee that the uplink and downlink traffic are the same, the VRRP BGP route from
which master packets are sent must be set as the optimized route.
5-75

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-22 BGP and VRRP Linkage Configuration Example
Configuration Flow
1. Establish BGP relations between S1 and S3, and between S2 and S3.
2. Check active and standby routers status when S1 and S2 operate as VRRPs.
3. Configure a track samgr object in BGP mode.
Note:
For how to establish BGP neighbor relations between S1 and S3, and between S2 and
S3, refer to the BGP Configuration Example.
For how to check active and standby routers status when S1 and S2 operate as
VRRPs, refer to the VRRP Confguration section in the ZXR10 8900E (V3.01.01)
Series Core Switch Configuration Guide Configuration Guide (Reliability).
Run the following commands on S1
S1(config)#interface gei-0/1/1/1
S1(config-if-gei-0/1/1/1)#no shutdown
S1(config-if-gei-0/1/1/1)#ip address 13.13.13.1 255.255.255.0
/*Configure the VRRP interfaces in VRRP mode.

The virtual VRRP address is 13.13.13.66*/
S1(config-if-gei-0/1/1/1)#exit
S1(config)#vrrp
S1(config-vrrp)#interface gei-0/1/1/1
S1(config-vrrp-if-gei-0/1/1/1)#vrrp 66 ipv4 13.13.13.66
5-76

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1(config-vrrp-if-gei-0/1/1/1)#exit
S1(config-vrrp)#exit
/*Configure the track VRRP object in samgr mode*/

S1(config)#samgr
S1(config-samgr)#track zte vrrp interface gei-0/1/1/1 vrid 66
/*Configure the track samgr object in BGP address family mode*/

S1(config-samgr)#exit
S1(config)#router bgp 66.66
S1(config-bgp)#track zte adjust-priority 67

S2(config-if-gei-0/1/1/1)#no shutdown
/*Configure the VRRP interfaces in VRRP mode.

The virtual VRRP address is 13.13.13.66*/
S2(config)#vrrp
S2(config-vrrp)#interface gei-0/1/1/1
S2(config-vrrp-if-gei-0/1/1/1)#vrrp 66 ipv4 13.13.13.66
S2(config-vrrp-if-gei-0/1/1/1)#exit
S2(config-vrrp)#exit
/*Configure the track VRRP object in samgr mode*/

S2(config)#samgr
S2(config-samgr)#track zte vrrp interface gei-0/1/1/1 vrid 66
/*Configure the track samgr object in BGP address family mode*/

S2(config-samgr)#exit
S2(config)#router bgp 66.66
S2(config-bgp)#track zte adjust-priority 67
If S1 operates as the active router, traffic is forwarded from S1 to S3. If S1 is disconnected,
the traffic is forwarded from S2 to S3.
5.4.6 BGP Graceful Restart Configuration Example

S1 and S2 are in a BGP neighbor relation, see Figure 5-23. Enable the graceful restart
function on S1 and S2. One router operates as the GR and another as the helper. If
5-77

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
routes are limited, you can use the default configuration. If S1 or S2 is restarted, packets
forwarding is not interrupted.
Figure 5-23 BGP Graceful Restart Configuration Example
Configuration Flow
1. Establish a BGP neighbor relation between S1 and S2.
2. Enable the graceful restart function on S1 and S2 respectively.
S1(config-bgp)#bgp graceful-restart

S2(config-bgp)#bgp graceful-restart
/*To learn routes between loopback addresses, configure the IGP*/
If traffic can be forwarded properly after the active/standby switchover operation, the
configuration is performed correctly.
5-78

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figures
Figure 1-1 Indirect Static Route Next Hop Configuration Example............................. 1-3
Figure 1-2 Static Route Configuration Example......................................................... 1-6
Figure 1-3 Static Route Summary Configuration Example......................................... 1-8
Figure 1-4 Default Route Configuration Example ...................................................... 1-9
Figure 2-1 RIP Configuration Example Topology ..................................................... 2-13
Figure 3-1 OSPF Router Type .................................................................................. 3-4
Figure 3-2 OSPF Basic Configuration Example......................................................... 3-9
Figure 3-3 OSPF Interface Attribute Configuration .................................................. 3-12
Figure 3-4 OSPF Authentication Configuration Example ......................................... 3-14
Figure 3-5 OSPF Stub Area Configuration Example................................................ 3-18
Figure 3-6 NSSA Area Configuration Example........................................................ 3-21
Figure 3-7 OSPF Inter-Area Route Aggregation Configuration Example ................. 3-23
Figure 3-8 Route Aggregation with Route Redistribution Configuration
Example ............................................................................................... 3-26
Figure 3-9 OSPF Route Load Balancing Configuration Example............................. 3-28
Figure 3-10 OSPF Redistribution Route Configuration Example.............................. 3-31
Figure 3-11 OSPF Virtual Link Configuration Example ............................................ 3-35
Figure 3-12 Sham-link............................................................................................. 3-36
Figure 3-13 OSPF Configuration Example One....................................................... 3-45
Figure 3-14 OSPF Configuration Example Two....................................................... 3-47
Figure 3-15 OSPF Multi-Instance Configuration Example ....................................... 3-49
Figure 4-1 IS-IS Architecture..................................................................................... 4-2
Figure 4-2 NSAP Address Architecture ..................................................................... 4-3
Figure 4-3 Three Times of Handshaking ................................................................... 4-4
Figure 4-4 Neighbor Establishment on a Broadcast Network..................................... 4-6
Figure 4-5 DIS on a Broadcast Network .................................................................... 4-6
Figure 4-6 Point-to-point Diffusion and Database Synchronization ............................ 4-8
Figure 4-7 Diffusion and Database Synchronization on a Broadcast Link ................ 4-10
Figure 4-8 Route-leaking ........................................................................................ 4-11
Figure 4-9 Single Area IS-IS Configuration Example............................................... 4-28
Figure 4-10 Multiple Area IS-IS Configuration Example........................................... 4-32
Figure 4-11 IS-IS Multi-Instance Configuration Example ......................................... 4-39

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 5-1 BGP Working Process ............................................................................. 5-3

Figure 5-2 IBGP and EBGP ...................................................................................... 5-5
Figure 5-3 EBGP Physical Direct-Connected Configuration Topology ....................... 5-7
Figure 5-4 EBGP Configuration through Loopback Address...................................... 5-9
Figure 5-5 IBGP Configuration ............................................................................... 5-13
Figure 5-6 Use network Command to Advertise BGP Route ................................... 5-17
Figure 5-7 Redistribute OSPF Routes by Using redistribute Command................... 5-20
Figure 5-8 Route Aggregation Configuration Example ............................................ 5-22
Figure 5-9 Filter Routes by Using Route-Map ......................................................... 5-27
Figure 5-10 Filtering Route by Using NLRI.............................................................. 5-30
Figure 5-11 Restrict the Number of Route Advertisements Received by
Neighbor............................................................................................... 5-32
Figure 5-12 Filtering Routes by Using AS_PATH..................................................... 5-34
Figure 5-13 Select Route by Using LOCAL_PREF Attribute ................................... 5-37
Figure 5-14 Select Route by Using MED................................................................. 5-40
Figure 5-15 Use Community to Control Routes ....................................................... 5-44
Figure 5-16 BGP Route Reflector Configuration Example ....................................... 5-48
Figure 5-17 BGP Confederation Configuration Example ......................................... 5-50
Figure 5-18 BGP Configuration Example One......................................................... 5-61
Figure 5-19 BGP Configuration Example ................................................................ 5-70
Figure 5-20 BGP FRR Configuration Example ........................................................ 5-73
Figure 5-21 BGP Route Reflector Configuration Example ....................................... 5-74
Figure 5-22 BGP and VRRP Linkage Configuration Example.................................. 5-76
Figure 5-23 BGP Graceful Restart Configuration Example ...................................... 5-78
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Glossary
ABR
- Area Border Router
AD
- Administrative Domain
ASBR
- Autonomous System Boundary Router
BDR
- Backup Designate Router
BGP
- Border Gateway Protocol
CIDR
- Classless Inter-Domain Routing
CLNS
- ConnectionLess Network Service
DIS
- Designate IS
DR
- Designated Router
EBGP
- External Border Gateway Protocol
IBGP
- Interior Border Gateway Protocol
IGP
- Interior Gateway Protocol
IP
- Intelligent Peripheral
IS-IS
- Intermediate System-to-Intermediate System
ISO
- International Organization for Standardization
LSA
- Link State Advertisement
LSDB
- Link-state Database
III

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LSP
- Link State Packet
LSU
- Link State Update
MAC
MED
- MULTI_EXIT_DISC
MP-BGP
- Multiprotocol BGP
NBMA
- Non-Broadcast Multiple Access
NSAP
- Network Service Access Point
NSSA
- Not-So-Stubby Area
OSI
- Open System Interconnection
OSPF
- Open Shortest Path First
PDU
- Protocol Data Unit
PE
- Provider Edge
RFC
- Remote Feature Control
RIP
- Routing Information Protocol
RR
- Router Reflector
SNP
- Sequence Num PDU
SPF
- Shortest Path First
TCP
- Transmission Control Protocol
TLV
- Type/Length/Value
IV

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Glossary c u -tr a c k
UDP
VLSM
- Variable Length Subnet Mask
VPN
- Virtual Private Network
VRF
- Virtual Route Forwarding
VRRP
- Virtual Router Redundancy Protocol

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10 5900E Series

Configuration Guide (IP Service)
Version: 3.00.11
ZTE CORPORATION
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LEGAL INFORMATION
herein.
Revision History
Serial Number: SJ-20150114102049-004

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Contents
Chapter 1 IP Address Configuration......................................................... 1-1
1.1 IP Address Overview .......................................................................................... 1-1
1.2 Configuring IP Address ....................................................................................... 1-2
1.3 Maintaining IP Address ....................................................................................... 1-2
1.4 IP Address Configuration Example ...................................................................... 1-3
Chapter 2 IP Performance.......................................................................... 2-1

2.1 ICMP Response ................................................................................................. 2-1
2.2 Clearing Static Data ........................................................................................... 2-2
2.3 Configuring IP Source Route Options .................................................................. 2-2
2.4 Enabling the ICMP Redirection Packet Function................................................... 2-3
2.5 Maintaining IP Performance ................................................................................ 2-4
Chapter 3 IP MTU Configuration ............................................................... 3-1

3.1 IP MTU Overview ............................................................................................... 3-1
3.2 Configuring IP MTU ............................................................................................ 3-2
3.3 Maintaining IP MTU ............................................................................................ 3-2
3.4 IP MTU Configuration Example ........................................................................... 3-3
Chapter 4 DHCP Configuration ................................................................. 4-1

4.1 DHCP Server Configuration ................................................................................ 4-2
4.1.1 DHCP Server Overview ............................................................................ 4-2
4.1.2 Configuring a DHCP Server ...................................................................... 4-2
4.1.3 Maintaining a DHCP Server ...................................................................... 4-6
4.1.4 DHCP Server Configuration Example .......................................................4-11
4.2 DHCP Relay Configuration ............................................................................... 4-14
4.2.1 DHCP Relay Overview ........................................................................... 4-14
4.2.2 Configuring a DHCP Relay ..................................................................... 4-15
4.2.3 Maintaining a DHCP Relay ..................................................................... 4-21
4.2.4 DHCP Relay Configuration Example........................................................ 4-25
4.3 DHCP Proxy Configuration ............................................................................... 4-29
4.3.1 DHCP Proxy Overview ........................................................................... 4-29
4.3.2 Configuring a DHCP Proxy ..................................................................... 4-30
4.3.3 Maintaining a DHCP Proxy ..................................................................... 4-32
4.3.4 DHCP Proxy Configuration Example........................................................ 4-34

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4.4 DHCP Snooping Configuration .......................................................................... 4-36

4.4.1 DHCP Snooping Overview ...................................................................... 4-36
4.4.2 Configuring DHCP Snooping................................................................... 4-38
4.4.3 Maintaining DHCP Snooping................................................................... 4-46
4.4.4 DHCP Snooping Configuration Examples ................................................ 4-49
Chapter 5 TCPv4 Configuration ................................................................ 5-1

5.1 TCPv4 Overview ................................................................................................ 5-1
5.2 Configuring TCPv4 ............................................................................................. 5-1
5.3 Maintaining TCPv4 ............................................................................................. 5-4
Chapter 6 UDPv4 Configuration................................................................ 6-1

Chapter 7 Cluster Management Configuration ........................................ 7-1
7.1 Cluster Management Overview ........................................................................... 7-1
7.2 Configuring Cluster Management Configuration ................................................... 7-1
7.3 Maintaining Cluster Management ........................................................................ 7-3
7.4 Cluster Management Configuration Example........................................................ 7-4
Chapter 8 IPTV Configuration ................................................................... 8-1

8.1 IPTV Overview ................................................................................................... 8-1
8.2 Configuring IPTV................................................................................................ 8-3
8.3 Maintaining IPTV................................................................................................ 8-9
8.4 IPTV Configuration Example ............................................................................. 8-14
Figures............................................................................................................. I
Glossary ........................................................................................................ III
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
About This Manual

Purpose
Switch Configuration Guide (IP Service), which is applicable to the ZXR10 5900E
Intended Audience
l Network planning engineers

l Debugging engineers
l Attendants

Chapter 1, IP Address Describes the overview and principles of IP address configuration,

Configuration related configuration and maintenance commands, and configuration
examples.
Chapter 2, IP Performance Describes the overview and principles of IP performance configuration,

related configuration and maintenance commands, and configuration
examples.
Chapter 3, IP MTU Describes the overview and principles of MTU configuration, related
Chapter 4, DHCP Describes the overview and principles of DHCP configuration, related
Chapter 5, TCPv4 Describes the overview and principles of TCPv4 configuration, related
Chapter 6, UDPv4 Describes the overview and principles of UDPv4 configuration, related
Chapter 7, Cluster Describes the overview and principles of cluster management

Management Configuration configuration, related configuration and maintenance commands, and
configuration examples.
Chapter 8, IPTV Describes the overview and principles of IPTV configuration, related
Conventions

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
width
| Separates individual parameters in a series of parameters.
Danger: indicates an imminently hazardous situation. Failure to comply can result in

death or serious injury, equipment damage, or site breakdown.
Warning: indicates a potentially hazardous situation. Failure to comply can result in

serious injury, equipment damage, or interruption of major services.
Caution: indicates a potentially hazardous situation. Failure to comply can result in

moderate injury, equipment damage, or interruption of minor services.
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 1
IP Address Configuration
Table of Contents
IP Address Overview..................................................................................................1-1
Configuring IP Address...............................................................................................1-2
Maintaining IP Address...............................................................................................1-2
IP Address Configuration Example .............................................................................1-3
1.1 IP Address Overview

Internet Protocol (IP) address is an unique 32 bit identifies, which is allocated to the host
or router indirectly connecting to Internet. IP address is graduated. An IP address is
composed of network ID (the first grade) and host ID (the second grade) that is convenient
for people to manage IP addresses. IP address is used to help people do addressing in
Internet.
IP addresses are divided into five classes: A, B and C, D and E. Among class A, B and
C addresses, some addresses are reserved for private networks. This is recommended
that private network addresses must be used for establishing internal networks. These
addresses refer to:
l Class A: 10.0.0.0-10.255.255.255
l Class B: 172.16.0.0-172.31.255.255
l Class C: 192.168.0.0-192.168.255.255
Address division is originally intended to facilitate design of routing protocols, so that

header feature bit of an IP address is enough for judging type of a network. However,
classification method restricts utilization of address space to greatest extent. With rapid
expansion of Internet, problem of insufficient addresses becomes more and more serious.
To utilize IP addresses to greater extent, a network can be divided into multiple subnets.
The "bit borrowing" mode can be used: highest bits of host bits are borrowed to serve
as subnet bits and left host bits still serve as host bits. Thus structure of an IP address
consists of three parts: Network bits, subnet bits and host bits.
Network bits and subnet bits are used to uniquely identify a network. Use subnet mask to
find which part in IP address indicates network bits and subnet bits, which part stands for
host bits. The part with subnet mask of "1" corresponds to network bits and subnet bits of
IP address, while the part with subnet mask of "0" corresponds to host bits.
Division of subnets greatly improves utilization of IP addresses, which relieves the problem
of insufficient IP addresses to some extent.
Regulations on IP addresses are shown below.
1-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k ZXR10 5900E Series Configuration Guide (IP Service) c u -tr a c k
l (0.0.0.0) is used when a host without an IP address is started. Reverse Address

Resolution Protocol (RARP), BOOTstrap Protocol (BOOTP) and Dynamic Host
Configuration Protocol (DHCP) are used to obtain IP address. The address serves
as default route in routing table.
l 255.255.255.255 is a destination address used for broadcast and cannot serve as a
source address.
l 127. X.X.X is called loopback address. Even if actual IP address of host is unknown,
address still can be used to stand for the "local host".
l Only IP addresses with host bits being all "0" indicate network itself. An IP address
with host bits being all "1" serves as broadcast address of the network.
l For a legal host IP address, the network part or the host part must not be all "0" or all
"1".
1.2 Configuring IP Address

To configure IP address on ZXR10 5900E, perform the following steps.
ZXR10(config)#interface < interface-name> This enters layer 3 vlan

1
interface configuration mode.
ZXR10(config-if-interface-name)#ip address This configures IP address.

2
<ip-address><net-mask>[<broadcast-address>| secondary]
Descriptions of the parameters are shown below.
<ip-address> IP address, in decimal dotted notation
<net-mask> IP subnetwork mask, in decimal dotted notation
<broadcast-address> The broadcast address connecting to the interface, in decimal

dotted notation
secondary Interface secondary address
1.3 Maintaining IP Address

People can use the following command to locate and solve fault when the fault occurs in
IP address. The common-used command is show.
Command Function
ZXR10#show ip interface [ brief [ phy This shows the information of the IP address
|<interface-name >|[{ exclude | include}<line>]]] configured in the current interface.
Descriptions of the parameters are shown below.
1-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 1 IP Address Configuration c u -tr a c k
brief This shows the brief information of interface.
<interface-name > Interface name
phy This shows the state of physical interface
{ exclude | include}<line>] <line> is regular expression.
This example describes how to show the information of vlan1.

ZXR10#show ip interface vlan1
vlan1 AdminStatus is up, PhyStatus is up, line protocol is down
Internet address is 180.1.1.1/24
Broadcast address is 255.255.255.255
IP MTU 1500 bytes
AdminStatus is up It indicates whether the administrator state of interface is

available. The up represents that the administrator state is
available while the down represents that the administrator
state is unavailable.
PhyStatus is down It indicates whether the physical state of interface is available.

The up represents that the physical state is available while
the down represents that the physical state is unavailable.
line protocol is up It indicates whether the link layer protocol is available. The
up represents that the alink layer protocol state is available
while the down represents that the link layer protocol state
is unavailable.
Internet address IP address of interface. An interface can have many IP

addresses.
Broadcast address Broadcast address. It is decided by IP address. The default

value is 255.255.255.255
IP MTU MTU value of IP packet
1.4 IP Address Configuration Example

As shown in Figure 1-1, the interfaces gei-0/1/1/1 of S1 and gei-0/1/1/2 of S2 connect each
other directly. It is required that S1 and S2 can ping each other successfully.
1-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 1-1 IP Address Configuration Example Topology
Configuration Flow
1. Configure IP addresses of the layer 3 vlan interface.
2. Test the configuration result to confirm that S1 and S2 can ping each other.
S1 configuration,
S1(config)#switchvlan-configuration
S1(config-swvlan)#interface gei-0/1/1/1
S1(config-swvlan-if-gei-0/1/1/1)#switchport access vlan50
S1(config-swvlan-if-gei-0/1/1/1)#!
S2 configuration,
S2(config-swvlan-if-gei-0/1/1/2)#switchport access vlan50
S1(config-swvlan-if-gei-0/1/1/2)#!
Validate the configuration on S1,
S1#ping 10.1.1.2
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max=
129/185/200 ms.

S2#ping 10.1.1.1
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max=
129/185/200 ms.
1-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 2
IP Performance
Table of Contents
ICMP Response .........................................................................................................2-1
Clearing Static Data ...................................................................................................2-2
Configuring IP Source Route Options .........................................................................2-2
Enabling the ICMP Redirection Packet Function.........................................................2-3
Maintaining IP Performance .......................................................................................2-4
2.1 ICMP Response

ICMP Fast Response Overview
The fast response function of ICMP is comparative to ICMP slow response. Fast ICMP
response function reduces time delay and decreases delay jitter, which increases network
delay stand-reaching rate.
ICMP Response Configuration Example

As shown in Figure 2-1, the interface gei-0/1/1/1 of S1 connects to gei-0/1/1/2 of S2

directly. ICMP response (ping) is required between S1 and S2.
Figure 2-1 ICMP Response Configuration Example Topology
1. Configure IP addresses of S1 and S2 interfaces.
2. Test configuration result to make sure that ICMP response (ping) is realized
between S1 and S2.
l Configuration Process
S1 configuration,
S1(config-swvlan-intf)#switchport access vlan 1
S1(config-swvlan-intf)#exit
2-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2 configuration,
S2(config-swvlan-intf)#switchport access vlan 2
S2(config-swvlan-intf)#exit
l Configuration Check
S1#ping 10.1.1.2
!!!!!
S2#ping 10.1.1.1
!!!!!
2.2 Clearing Static Data

User needs to view the current statistic data sometimes, therefore, it is necessary to clear
the history statistic data on interface. To clear the statistic data on ZXR10 5900E, use the
following command.
Command Function
ZXR10#clear statistics interface This clears the performance value

which is continuously accumulated on
an interface (if not specified, it means
all interfaces).
2.3 Configuring IP Source Route Options

Switch has software to inspect the IP packet header option of each packet. Currently, the
following packet header options are supported, Strict Source Route, and Loose Source
Route. Router will perform the corresponding operation if the software finds any packet
header option is available. When a packet containing invalid option is received, router
will send a ICMP invalid parameter packet to the packet's source address and discard the
packet.
2-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 2 IP Performance c u -tr a c k
The source host specifies a path called source path by IP network. Software forwards the
packets according to the specified source path. This function is required when a packet
has to be transmitted by using the specified path. By default, source route processing is
executed.
To configure IP source route options on ZXR10 5900E, use the following commands.
Command Function
ZXR10(config)#ip source-route This makes the switch process the data

packets containing IP source route
options.
ZXR10(config)#no ip source-route This configures to discard the data

packets containing IP source route
options.
2.4 Enabling the ICMP Redirection Packet Function

If the redirection packet function is enabled on a switch interface, the switch can send a
redirection packet to notify the host of a better next hop address, so the host can locate a
better next hop switch. The switch can also notify the host through the redirection packet
that the destination address is a neighbor node.
To enable or disable sending ICMP redirection packets on the ZXR10 5900E, perform the
following steps:
ZXR10(config)#icmp-config Enters ICMP configuration

1
mode.
ZXR10(config-icmp)#interface<interface-name> Enters ICMP interface

2
configuration mode.
ZXR10(config-icmp-if)#ip redirect Enables the switch to send

3
ICMP redirection packets.
ZXR10(config-icmp-if)#no ip redirect Disables the ICMP redirection

4
packet function.
Example
The following example shows how to enable the ICMP redirection packet function on
interface vlan50:
ZXR10(config)#icmp-config
ZXR10(config-icmp)#interface vlan50
ZXR10(config-icmp-if)#ip redirect
2-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2.5 Maintaining IP Performance

To maintain IP performance on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show ip traffic Displays IP transmission statistics.
ZXR10#clear ip traffic Clears IP transmission statistics.
The following shows the output of the show ip traffic command:

ZXR10#show ip traffic
IP statistics:
Rcvd: 116 total, 0 local destination
format errors checksum errors bad hop count unknown protocol
0 0 0 0
Frags:reassembled timeouts couldn't reassemble
0 0 0
fragmented couldn't fragment
0 0
Bcast:received sent
0 0
Sent: generated forwarded encapsulation failed no route
0 114 114 0
ICMP statistics:
Rcvd: 0 total
format errors redirects unreachable echo
0 0 0 0
echo reply mask requests mask replies quench
0 0 0 0
timestamp request timestamp reply time exceeded parameter problem
0 0 0 0
Sent: 0 total
format errors redirects unreachable echo
0 0 0 0
echo reply mask requests mask replies quench
0 0 0 0
timestamp request timestamp reply time exceeded parameter problem
0 0 0 0
UDP statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 0 total
TCP statistics:
Rcvd: 0 total, 0 checksum errors
Sent: 0 total
2-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 3
IP MTU Configuration
Table of Contents
IP MTU Overview .......................................................................................................3-1
Configuring IP MTU....................................................................................................3-2
Maintaining IP MTU....................................................................................................3-2
IP MTU Configuration Example ..................................................................................3-3
3.1 IP MTU Overview

Both Ethernet and 802.3 have a restriction in the data frame length, which the maximum
values are 1500 bytes and 1476 bytes respectively. This feature is called IP Maximum
Transmission Unit (MTU). Most of networks have their own restriction.
When a data packet is transmitted in IP layer but its length is more than MTU, IP layer
will do fragmentation. That is to say, the data packet is divided into many fragments, and
every fragment is smaller than IP MTU.
IP MTU values are different in the different networks. In order to avoid fragmentation and
improve network performance, use ip mtu command to modify the size of IP MTU.
In order to get higher transmission efficiency in network layer, the data packets which
containing byte values are less than the restricted values are not sent. Therefore, the
restricted value indicates the data packet size.
An important problem is that the larger the IP MTU value is set, the more packets are
saved in cache. Thus, the client sends packets with lower rate that causes the time delay
for sending packets is bigger.
Another problem is that when a large packet is transmitted from a PC to another PC, it will
pass through many network connections which have smaller IP MTU values. In this way,
the large packet will be disassembled, sent and reassembled. The packet transmission
time is increased a lot.
However, IP MTU value cannot be set too small because each packet has a 40 bytes
header containing important control information. The header occupies lots of available
bandwidth if IP MTU value is smaller. For example, a good working 56k modem can upload
data at 4200bytes/second. If IP MTU value is set to 90 bytes, and the header occupies 40
bytes (44% of the size of the whole data packet). The utilization rate of bandwidth is very
low because 44% of 4200 (1428 bytes) bytes are used to transmit the header, only 2772
bytes are used to transmit user data. Therefore, it is necessary to configure an appropriate
IP MTU value.
3-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3.2 Configuring IP MTU

To configure IP MTU value on ZXR10 5900E, perform the following steps.
ZXR10(config)#interface {<interface-name>| byname This enters interface mode of

1
<byname>} the interface to be configured.
ZXR10(config-if-interface-name)#ip mtu <bytes> This configures IP MTU value

2
of the interface.
Description of the parameter used by step 2 is shown below.
<bytes> IP MTU value of the interface. The unit is byte.

In Ethernet port, the value of IP MTU equals to 68-9202. The
default value is 1500.
3.3 Maintaining IP MTU

When IP MTU problem occurs in interfaces, people can use command to locate and solve
fault. Here, the most common-used command is show. To view IP MTU value of interface,
use the following command.
Command Function
ZXR10# show ip interface <interface-name> Displays the IP MTU value of the

interface.
For example: to view the IP MTU value of the vlan100 interface, run the following
command:
ZXR10(config-if-vlan100)#show ip interface vlan100
gre_tunnel1 AdminStatus is up, PhyStatus is up, line protocol is down
IP MTU 1000 bytes
Show Command Output Description
IP MTU 1000 bytes The IP MTU value of interface VLAN100 is 1000bytes.
3-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 3 IP MTU Configuration c u -tr a c k
3.4 IP MTU Configuration Example

This example describes how to control the maximum packet length of forwarding flow by
setting IP MTU value. As shown in Figure 3-1, the interface gei-0/1/1/4 of S1 connects to
gei-0/1/1/1 of S2. gei-0/1/1/4 on S1 and gei-0/1/1/1 on S2 are for VLAN100 and VLAN200
respectively. The L2 packet can be forwarded properly if the length of packet is less than
the MTU value preset in gei-0/1/1/4. Otherwise, the packet will be discarded directly.
Figure 3-1 MTU Configuration Example Topology
Configuration Flow
1. Enter interface configuration mode.
2. Configure IP MTU value of the interface.
S1 configuration,
S1(config-if-vlan100)#ip mtu 1300
Verification
Run the following command to verify the IP MTU value of the interface for VLAN100:
S1(config-if-vlan100)#show running-config-interface vlan100
!<INTERFACE>
interface vlan100
ip mtu 1300
$
!</INTERFACE>
As shown above, the IP MTU value of the interface for VLAN100 is 1300 bytes.
3-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 4
DHCP Configuration
The predecessor of DHCP BOOTP. BOOTP is applied for the network connecting to a
diskless PC. The PC connects to the network by using BOOTROM (the client), not starting
from a disk. BOOTP (the server) can establish TCP/IP environment automatically.
DHCP is the enhanced version of BOOTP. It has two parts, one is the server, and another is
the client. The DHCP service manages all the IP network configuration data in a centralized
way and processes DHCP requests coming from the client. The client uses the IP data
allocated by the server.
DHCP uses UDP as the transmission protocol. The host sends a message to port 67 of
the DHCP server, and the DHCP server replies a message to port 68 of the host. The
DHCP works in the following steps:
1. The host sends a broadcast packet DHCP Discover to request IP address and other
configuration parameters.
2. The DHCP server returns a unicast/broadcast DHCP Offer packet that contains a valid
IP address and the configurations.
3. The host selects the server that receives the DHCP Offer first, and then sends
a broadcast packet DHCP Request to the server, indicating that the related
configurations are accepted.
4. The selected DHCP server returns a unicast/broadcast DHCP Ack packet.
By now the host can use the IP address and configurations obtained from the DHCP server
for communication.
The IP addresses allocated by the DHCP server to the host fall into the following three
forms:
1. The administrator allocates an IP address to a specific host.
2. An IP address is allocated to a host randomly and permanently.
3. An IP address is allocated to a host for a certain period randomly.
Usually the third method is used. The valid time segment is called lease period. Once the
lease period expires, the host must request the server for renewing the lease. The host
cannot renew the lease until the server accepts the request. Otherwise, the host must give
up unconditionally.
A router does not forward the received broadcast packet from a subnet to another by
default. However, the router acting as the default gateway of the user host must send the
broadcast packet to the subnet where the DHCP server is located if the DHCP server and
the user host are not in the same subnet. This function is called DHCP relay.
ZXR10 5900E can act as a DHCP server or DHCP relay to forward DHCP information.
Table of Contents
4-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
DHCP Server Configuration........................................................................................4-2

DHCP Relay Configuration .......................................................................................4-14
DHCP Proxy Configuration .......................................................................................4-29
DHCP Snooping Configuration .................................................................................4-36
4.1 DHCP Server Configuration

4.1.1 DHCP Server Overview
DHCP server is responsible for allocating IP address and initialization configuration data
to DHCP client.
DHCP server is driven by DHCP client. It gives the corresponding response according to
the request packets coming from DHCP client.
DHCP server allocates a free IP address from IP address pool and obtains the parameters
requested by DHCP client after receiving DHCP Discover packet. It makes a DHCP Offer
packet to reply DHCP client.
When the DHCP Server receives the DHCP Request packet, if a valid IP address and the
configurations can be allocated to a user, the server returns the DHCP Ack packet as a
reply, and then the DHCP Client obtains the IP address and the configurations. Otherwise,
the server returns the DHCP NAK packet as a reply. The DHCP Client repeats the DHCP
process again automatically.
When DHCP server receives a DHCP Release packet, it will cancel the binding between
the IP address and the DHCP client, and reclaim the IP address for next allocation.
When DHCP server receives a DHCP Decline packet, it will disable the client IP address
and not allocate this IP address to other.
4.1.2 Configuring a DHCP Server

To configure a DHCP server on the ZXR10 5900E, perform the following steps:
ZXR10(config)#dhcp Enters DHCP configuration

1
mode.
ZXR10(config-dhcp)#enable Enables the embedded DHCP

2
process.
ZXR10(config-dhcp)#max-hops <1-16> Configures the maximum

3
number of hops for DHCP.
ZXR10(config-dhcp)#ramble Enables the DHCP roaming

4
function.
ZXR10(config-dhcp)#suppress-nak Suppresses DHCP NAK

5
packets.
4-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 4 DHCP Configuration c u -tr a c k
ZXR10(config-dhcp)#server update arp Enables the server to learn

6
ARP entities.
ZXR10(config-dhcp)#server max-user <1-64000> Configures the maximum

7 number of users for the DHCP
server.
ZXR10(config)#ip dhcp access list <access-list-name> Enters DHCP access list

8
configuration mode.
ZXR10(config-dhcp-access-list)#rule <rule-id>{deny | Configures a filtering rule for

9
permit}{any | option60 <option60-string>} the DHCP access list.
ZXR10(config-dhcp-access-list)#default-rule {deny Configures the default filtering

10
| permit} any rule for the DHCP access list.
ZXR10(config-dhcp)#interface <interface-name> Enters DHCP interface

11
configuration mode.
ZXR10(config-dhcp-if)#mode [server | relay | proxy] Configures the DHCP operating

mode on the interface.
12
server: sets the device as a
DHCP server.
ZXR10(config)#ip pool <pool-name> Configures an IP address pool.

The DHCP server allocates
ZXR10(config-ip-pool)#range <start-ip><end-ip><mask-
addresses in the IP address
ip>
pool to clients.
ZXR10(config-ip-pool)#exclude <exclude-ip>[<exclude
13
-end-ip>]
ZXR10(config-ip-pool)#conflict-time <1-18000>
ZXR10(config-ip-pool)#network <network-number><ne
twork-mask>
ZXR10(config)#ip dhcp pool <dhcppool-name> Binds the specified IP pool to

the DHCP pool.
ZXR10(config-dhcp-pool)#ip-pool <ip-pool-name>
ZXR10(config-dhcp-pool)#binding <mac-address><ip-add Static bind the IP address and

ress><ip-address-mask>[vrf-instance <instance-name>] MAC address in the DHCP
pool.
14 ZXR10(config-dhcp-pool)#lease-time [[infinite]|[<days><h Configures the lease time for

ours><minutes>]] how long the DHCP server
rents IP addresses to the
clients.
ZXR10(config-dhcp-pool)#dns-server *(<ip-address>) Configures the DNS address

that the DHCP server returns
to users.
4-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-dhcp-pool)#default-router *<ip-address> Configures the IP address of

the default router.
ZXR10(config-dhcp-pool)#option <option_code>[subopti Configures other DHCP

on_code <sub_option_code>]{ascii <ascii_string>|hex <hex options.
_string>|ip <IP>[<IP>][<IP>]}[<IP>][<IP>][<IP>][<IP>][<IP>]
ZXR10(config)#ip dhcp policy < policy-name>< priority> Binds the specified DHCP pool
to a DHCP policy.
ZXR10(config-dhcp-policy)#dhcp-pool<dhcppool-name>
ZXR10(config-dhcp-policy)#relay-agent <ip-address> Specifies the IP address of a

relay agent.
15
ZXR10(config-dhcp-policy)#option60 { partial-match Creates an option60 matching
| string <option60>| other} policy.
ZXR10(config-dhcp-policy)#vrf-instance Binds a VRF instance.

<instance-name>
ZXR10(config-dhcp-if)#policy <policy-name> Binds the DHCP policy to the

16
interface.
ZXR10(config-dhcp-if)#user quota <limit-value> Configures the quota of

DHCP users for the interface,
17 meaning the maximum number
of DHCP clients permitted on
the interface.
ZXR10(config-dhcp-if)#dscp <value> Configures the DSCP value,

18
range: 0-63.
ZXR10(config-dhcp-if)#dhcp-access-list <name> Configures the name of a

19
DHCP access list.
ZXR10(config-dhcp-if)#server relay destination udp port Configures the UDP port

20 {67 | 68} number that the server returns
to the relay.
ZXR10#kick-off ip dhcp server user [[interface <interface-n Gets users offline based on the
21 ame>]|[mac <mac-address>]|[ip <ip-address>[vrf-instance specified attribute (interface,
<vrf-name>]]] MAC address, or IP address).
<relay> Enables the DHCP relay function on the interface.
<server> Enables the DHCP server function on the interface.
<proxy> Enables the DHCP proxy function on the interface.
4-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<pool-name> Name of an IP address pool, range: 1-16 characters.
<start-ip> Start IP address of the range.
<end-ip> End IP address of the range.
<mask-ip> IP mask of the range.
<exclude-ip> Start IP address of the reserved addresses.
<exclude-end-ip> End IP address of the reserved addresses.
<conflict-time> Conflict time of the address pool.
<dhcp-pool-name> Name of the DHCP address pool, range: 1-16 characters.
<IP-pool-name> Name of the IP address pool, range: 1-16 characters.
<days> Number of days, range: 0-365.
<hours> Number of hours, range: 0-23.
<minutes> Number of minutes, range: 0-59.
infinite Sets the lease time to infinite.
<option_code> Option code, range: 1-254.
<sub_option_code> Sub-option code.
<ascii_string> ASCII string, range: 1-64 characters.
<hex_string> Hex string, range: 1-64 characters.
<IP> IP address.
<ip-addr> IP address. A maximum of eight IP addresses can be

configured.
<ipv6-prefix> Prefix and length of IPv6 addresses, format:

X:X::X:X/<1-128>.
<ipv4-mask-length> Length of IPv4 address masks, range: 1-32, unit: bytes.
<ipv6-prefix> Prefix and length of IPv6 addresses, format:

X:X::X:X/<1-128>.
<ipv4-mask-length> Length of IPv4 address masks, range: 1-32, unit: bytes.
<policy-name> Name of a DHCP policy, range: 1-16 characters.
<priority> Priority, range: 1-5.
4-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<dhcp-pool-name> Name of a DHCP address pool, range: 1-16 characters.
<ip-address> IP address.
<option60> Option60 contained in packets. The policy is matched when

the contents of option60 and option60-string are the same.
<instance-name> Name of a VRF instance, range: 1-32 characters.
<policy-name> Name of the DHCP policy that is bound to the interface.
<limit-value> Limit of DHCP users configured on the interface, range:

1-32000.
4.1.3 Maintaining a DHCP Server

To maintain a DHCP server on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show ip dhcp configuration Displays the configuration of the

DHCP process module.
ZXR10#show ip local pool {[configure <pool-name> Displays the information about the
vrf-instance <instance name>] , [conflict-ip <pool-name> local address pool.
vrf-instance <instance name>] , [exclude-ip <pool-name>
vrf-instance <instance name>] , [statistics <pool-name> total],
[used-exclude-ip <pool-name> vrf-instance <instance name>] ,
[used-ip <pool-name> vrf-instance <instance name>]}
ZXR10# show ip dhcp server user [interface <interface-name>[ Displays the information about
total-count]]|[ total-count] current online users on the DHCP
server.
ZXR10#show running-config [<interface-name>] Displays the configuration of

the DHCP server or relay on an
interface.
ZXR10#show ip dhcp packet statistic MP-0/1/0 {global | mgmt_eth | Displays statistics of DHCP
supervlan <1-4000>| vlan <1-4094>} packets sent and received.
4-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10#show ip dhcp pool [<dhcp-pool-name>[binding]] Displays the information about a

DHCP pool.
ZXR10#show ip dhcp policy [<policyname>] Displays the information about a

DHCP policy.
Run the show ip dhcp configuration command to display the configuration of the DHCP
process module. The following shows the output of the show ip dhcp configuration
command:
DHCP process state information
process state :enable(running)
ramble state:disable
suppress_nak state:disable
max_hops: 4
DHCP server configure:
server support max user: 64000
server update arp: off
DHCP relay configure:
not insert relay option82 information in BOOTREQUEST.
relay option82 policy: replace
relay option82 format: china-tel
relay option82 user policy: interface
relay support max user: 64000
relay update arp: off
For a description of the fields, refer to the following table:
Field Description
process state Whether the DHCP process is operating.
ramble state Whether the roaming function is enabled.
suppress_nak state Whether the NAK packet suppression function is enabled.
max_hops Maximum number of hops for DHCP packets.
server support max user Maximum number of users supported on the server.
server update arp Whether the ARP update function is enabled on the server.
not insert relay information in Whether Option82 is inserted. Here, it is not inserted.
BOOTREQUEST
relay information policy Policy of Option82.
relay information format Format of Option82. The user-configuration indicates

Option82 configured by users. The default configuration is
China-Tel.
4-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
relay information user policy Policy of Option82. There are two modes, uniform, and
interface.
relay support max user Maximum number of users supported on the relay.
relay update arp Whether the ARP update function is enabled on the relay.
Run the show ip local pool command to display the information about the local address
pool. The following shows the output of the show ip local pool command:
ZXR10(config)#show ip local pool
PoolName Begin End Mask Free Used
zte 20.1.1.1 20.1.1.100 24 100 0
TotalPool: 1
Field Description
PoolName Address pool name.
Begin Start IP address of the address pool.
End End IP address of the address pool.
Mask Subnetwork mask of the address pool.
Free Number of free IP addresses in the address pool.
Used Number of used IP addresses in the address pool.
TotalPool Number of IP address pools.
Run the show ip dhcp server user command to display the information about the current
online users on the DHCP server. The following shows the output of the show ip dhcp
server user command:
ZXR10#show ip dhcp server user
CLIENT MAC addr: 0010.9400.0001
IP addr: 29.160.1.10
State: BOUND
Expiration: 11:16:07 06/07/2010
VRF:
CLIENT MAC addr: 0010.9400.0002
IP addr: 29.160.1.11
State: BOUND
Expiration: 11:16:07 06/07/2010
VRF:
ZXR10#show ip dhcp server user interface vlan1000 total-count
Current online users on this interface are: 2
ZXR10#show ip dhcp server user total-count
Current online users are: 2
4-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Run the show running-config command to display the configuration of the DHCP server or
relay on an interface. The following shows the output of the show running-config command:
ZXR10#show running-config vlan1000
!<Interface>
interface vlan1000
ip address 30.1.1.100 255.255.0.0
$
!</Interface>
!<ETHER_PORT>
interface vlan1000
!</ETHER_PORT>
!</DHCP>
dhcp
interface vlan1000
mode server
policy 1000
$
$
!</DHCP>
Field Description
mode Interface mode.
policy Policy bound to the interface of the server.
ip address IP address of the interface.
Run the show ip dhcp packet statistic command to display statistics of DHCP packets sent
and received. The following shows the output of the show ip dhcp packet statistic command:
ZXR10#show ip dhcp packet statistic MP-0/1/0 global
----------------------------------------------
All received DHCP packet of the slot 1 is: 0
----------------------------------------------
Valid request packet: 0
DHCPDISCOVER: 2
DHCPREQUEST : 1
DHCPDECLINE : 0
DHCPRELEASE : 0
DHCPINFORM : 0
reply packet: 0
DHCPOFFER: 0
DHCPACK : 0
DHCPNAK : 0
4-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
----------------------------------------------
ZXR10#
Field Description
Valid request packet Number of valid request packets.
DHCPDISCOVER Number of Discover packets.
DHCPREQUEST Number of Request packets.
DHCPDECLINE Number of Decline packets.
DHCPRELEASE Number of Release packets.
DHCPINFORM Number of Inform packets.
reply packet Number of reply packets.
DHCPOFFER Number of Offer packets.
DHCPACK Number of Ack packets.
DHCPNAK Number of Nak packets.
Run the show ip dhcp pool command to display the information about a DHCP pool. The
following shows the output of the show ip dhcp pool command:
ZXR10#show ip dhcp pool
PoolName IpPool LeaseTime DnsNum RouterNum OptionNum BindNum
1 ss 0 2 0 0 0 0 0
Total: 1
Field Description
PoolName Name of the DHCP pool.
IpPool Name of the IP pool.
LeaseTime Lease time.
DnsNum Number of DNSs.
RouterNum Number of default gateways.
OptionNum Number of options.
BindNum Number of users bound statically.
Total Number of DHCP pools.
Run the show ip dhcp policy command to display the information about a DHCP policy. The
following shows the output of the show ip dhcp policy command:
ZXR10#show ip dhcp policy

PolicyName Priority DhcpPool RelayAgent Vrf-instance Option60
4-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 1 ss 1.1.1.1
Total: 1
Field Description
PolicyName Name of the DHCP policy.
Priority Priority of the DHCP policy.
DhcpPool Name of the DHCP pool.
RelayAgent Gateway address.
Vrf-instance Name of the VRF instance.
Option60 Option60
Total Number of DHCP policies.
4.1.4 DHCP Server Configuration Example

As shown in Figure 4-1, S1 acts as both DHCP server and the default gateway. PC obtains
IP address dynamically by DHCP.
Figure 4-1 DHCP Server Configuration Example Topology
l In global configuration mode, configure IP Pool, DHCP Pool, DHCP Policy on S1, and
enable DHCP function.
l In interface configuration mode, configure IP address and DHCP server mode and
bind DHCP Policy on S1.
Configuration Flow
1. Configure IP pool. The range of address pool needs to be configured in a network
segment.
2. Configure DHCP Pool. DHCP Pool needs to bind with IP Pool and configures DNS,
lease-time, and default router.
3. Configure DHCP Policy. DHCP Policy is a policy option. Many priorities are supported
by a name for policy management.
4. Configure DHCP Server. Configure Server functional mode in DHCP interface mode
and bind the policy.
5. Enable DHCP globally.
4-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1 configuration,
/*This configures IP Pool.*/
S1(config)#ip pool pool1
S1(config-ip-pool)#range 10.10.1.3 10.10.1.254 255.255.255.0
S1(config-ip-pool)#exit
/*This binds IP Pool to DHCP Pool.*/

S1(config)#ip dhcp pool pool1
S1(config-dhcp-pool)#ip-pool pool1
S1(config-dhcp-pool)#exit
/*This binds DHCP Pool to DHCP Policy.*/

S1(config)#ip dhcp policy policy1 1
S1(config-dhcp-policy)#dhcp-pool pool1
S1(config-dhcp-policy)#exit
/*This configures interface and the IP address of interface*/

S1(config-swvlan)#vlan1000
S1((config-swvlan-sub)#switchport pvid gei-0/1/1/1
S1((config-swvlan-sub)#exit
S1(config-swvlan)#exit
S1(config-if)#exit
/*This enables DHCP.*/

S1(config)#dhcp
S1(config-dhcp)#enable
/*This configures Server mode in interface and selects policy.*/

S1(config-dhcp)#interface vlan1000
S1(config-dhcp-if)#mode server
S1(config-dhcp-if)#policy policy1
S1(config-dhcp-if)#exit
S1(config-dhcp)#exit
View the configuration of IP Pool on S1.
S1(config)#show ip local pool

pool1 10.10.1.3 10.10.1.254 24 252 0
4-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
TotalPool: 1
View the configuration of DHCP Pool on S1.

S1(config)#show ip dhcp pool
pool1 pool1 0 1 0 0 0
View the configuration of DHCP policy on S1.

S1(config)#show ip dhcp policy
PolicyName Priority DhcpPool RelayAgent Vrf-instance
policy1 1 pool1
Total: 1
Show DHCP configuration on S1.

S1(config)#show running-config dhcp
!<DHCP>
ip dhcp pool pool1
ip-pool pool1
!
ip dhcp policy policy1 1
dhcp-pool pool1
!
dhcp
enable
interface vlan1000
mode server
policy policy1
$
!</DHCP>
Show DHCP configuration of the specified interface on S1.

S1(config)#show running-config-interface vlan1000
!<Interface>
interface vlan1000
ip address 10.10.1.1 255.255.255.0
$
!</Interface>
!<ETHER_PORT>
interface vlan1000
!</ETHER_PORT>
!</DHCP>
dhcp
interface vlan1000
mode server
policy 1000
$
4-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
$
!</DHCP>
4.2 DHCP Relay Configuration

4.2.1 DHCP Relay Overview
The main functions of DHCP Relay module include:
l Realizes the transparent interaction between DHCP Client and DHCP Server.
l Allocates and manages dynamic addresses of DHCP Client.
For DHCP Client, DHCP Relay Agent acts as a DHCP Server while for DHCP Server,
DHCP Relay Agent acts as a DHCP Client. Therefore, DHCP Relay Agent needs to
capture and process DHCP protocol network packets coming from both DHCP Client and
DHCP Server. It remakes the message protocol packets according to the requirements of
Relay Agent protocol, fills the data option field of Relay Agent into packets, and performs
the transforming of DHCP protocol network packets between the Client and Server.
When a DHCP user tries to obtain an address, the DHCP request packet is sent in
broadcast mode, which cannot be transmitted to multiple subnets. To send the packet to
multiple subnets, a DHCP Relay is required. The DHCP Relay can be a router or a host.
In generally, UDP packets whose UDP destination ports are 67 sent between all devices
that provide the DHCP Relay function need special processing. Therefore, the DHCP
Relay needs to monitor all packets whose UDP destination port number is 67.
When DHCP Relay receives a packet which UDP destination port number is 67, it will judge
whether the packet is user's request packet. If this port number exceeds the configured
value, this packet will be dropped.
If the hop value is in the ruled region, and DHCP Relay decides to transmit this packet, it
will inspect the value of "Relay Agent" field. There are two conditions,
l The value of "Relay Agent" field is 0.
DHCP Relay fills the IP address of the port which receives the request packet in the
"Relay Agent" field. If this port has many IP addresses, DHCP Relay will select an IP
address and continue to use this IP address to transmit all DHCP packets.
l The value of "Relay Agent" field is not 0.

The value of this field cannot be modified, and broadcast address cannot be filled in.
Under both of the conditions described above, the packets are transmitted to a new
destination (or DHCP Server) in unicast. Obviously, the new destination address is
configurable. In this way, DHCP packets can pass through many sub-networks.
When DHCP Relay finds a responding packet coming from DHCP Server, it inspects the
"Relay Agent", "Client hardware address" fields and so on. These fields provide enough
informations to DHCP Relay for transmitting responding packet to client PC.
4-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The value of "Relay Agent" field (non-zero) is often used to identify a logical port for
transmitting responding packets. The responding packet will be discarded if the value
cannot match any logical port directly connecting to DHCP Relay.
Meanwhile, DHCP Relay inspects the value of broadcast identifier bit containing in "flag"
field. If the value is 1, it will broadcast the encapsulated packet. Otherwise, the packet will
be encapsulated and transmitted to DHCP Client in unicast way.
The message interaction procedure is shown in Figure 4-2.
Figure 4-2 DHCP Message Interaction
1. When a DHCP client begins DHCP initialization, it broadcasts a configuration Request

message on the local network.
2. If there is a DHCP server on the local network, DHCP configuration can be performed
without a DHCP relay.
3. If there is no DHCP server on the local network, when a network device with DHCP
relay function connecting to the local network receives the broadcast message, it
handles the message and then forwards the message to a DHCP server on other
networks.
4. The DHCP server performs the configuration according to the information provided by
the DHCP client, and then sends the configuration information to the client through the
DHCP relay. Dynamic configuration of the DHCP client is completed.
In fact, from the begin to the end, there are several interaction procedures such like this.
The DHCP relay modifies the related fields in the DHCP message to modify the DHCP
broadcast message to a unicast message. It is responsible for the conversion between
the server and the client.
4.2.2 Configuring a DHCP Relay

To configure a DHCP relay on the ZXR10 5900E, perform the following steps:
4-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#dhcp Enters DHCP configuration

1
mode.
ZXR10(config-dhcp)#enable Enables the embedded DHCP

2
process.
ZXR10(config-dhcp)#max-hops <max-hops> Configures the maximum

3
number of hops for DHCP.
ZXR10(config-dhcp)#ramble Enables the DHCP roaming

4
function.
ZXR10(config-dhcp)#suppress-nak Suppresses DHCP NAK

5
packets.
ZXR10(config-dhcp)#proxy client leasetime Configures the short lease time

6 <short-leasetime> of the DHCP proxy, range:
30–3600.
ZXR10(config)#ip dhcp access list <access-list-name> Enters DHCP access list

7
configuration mode.
ZXR10(config-dhcp-access-list)#rule <rule-id>{deny | Configures a filtering rule for

8
permit}{any | option60 <option60-string>} the DHCP access list.
ZXR10(config-dhcp-access-list)#default-rule {deny Configures the default filtering

9
| permit} any rule for the DHCP access list.
ZXR10(config-dhcp)#interface <interface-name> Enters DHCP interface

10
configuration mode.
ZXR10(config-dhcp-if)#relay agent <ip-address> Configures the default gateway

11 address on the interface
connected to users.
ZXR10(config-dhcp)#relay forbid send release Forbids the proxy relay to send

12
release packets to the server.
ZXR10(config-dhcp)#relay update arp Enables the DHCP relay to

13
learn ARP entities.
ZXR10(config-dhcp)#relay max-user <max-user-num> Configures the maximum

number of users supported by
14
the DHCP relay on each line
card.
ZXR10(config-dhcp)#relay option82 format {china-tel | Configures the format of

dsl-forum |telenor| user-configuration} Option82 inserted when the
15
DHCP process performs relay
forwarding.
4-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-dhcp)#relay option82 option Inserts Option82 when the

16 DHCP process performs relay
forwarding.
ZXR10(config-dhcp)#relay option82 policy{add| keep | Maintains or replaces the

replace} existing Option82 when
Option82 has been inserted in
17
relay forwarding packets while
the local configuration requires
inserting Option82.
ZXR10(config-dhcp)#relay option82 uniform circuit-id Configures the DHCP OPT82

18 <circuit-id string > circuit-id sub-option based on
unified mode.
ZXR10(config-dhcp)#relay option82 uniform remote-id Configures the DHCP OPT82

19 <remote-id string > remote-id sub-option based on
unified mode.
ZXR10(config-dhcp)#relay option82 user-configuration Configures the policy of

policy { uniform | interface } selecting the DHCP OPT82
user-configuration mode based
20 on unified mode (uniform or
interface). This command is
used when the agent-format is
set to user-configuration.
ZXR10(config-dhcp-if)#relay option82 circuit-id Configures the DHCP OPT82

21 <circuit-id string > circuit-id sub-option based on a
layer-3 interface.
ZXR10(config-dhcp-if)#relay option82 remote-id Configures the DHCP OPT82

22 <remote-id string > remote-id sub-option based on
a layer-3 interface.
ZXR10(config-dhcp-if)#relay server group < Configures the group of the

23 group-number> DHCP server group of the
interface.
ZXR10(config)#ip dhcp relay server group < group-number> Configures a DHCP server
group, and binds the server
ZXR10(config-dhcpr-server-group)#server <server-
24
address to the group.
number><ip-address>{security | standard}[master][dscp
<dscp-number>]
4-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#ip dhcp relay server policy group Enters DHCP relay server
<group-no> policy group configuration
mode.
ZXR10(config-dhcpr-policy-group)#server-group Binds the server group.

<server-group-number>
25
ZXR10(config-dhcpr-policy-group)#vclass-id Configures option60 of the
<option-string> group.
ZXR10(config-dhcpr-policy-group)#vlan-id <vlan-id-i Configures the VLAN-ID range

ndex>{internal-vlan <internal-vlan-range>[external-vlan of the DHCP relay server policy
<external-vlan-range>]} group.
ZXR10(config-dhcpr-server-group)#max-retry < Configures the number of times

retry-times> that the DHCP relay retries
26
to requests address from the
DHCP server.
ZXR10(config-dhcpr-server-group)#algorithm {first | Configures the algorithm of

forward-all | round-robin} selecting a server in the DHCP
relay server group.
ZXR10(config-dhcpr-server-group)#deadtime <5-3600> Configures the deadtime of the

27
server in the DHCP relay server
group.
ZXR10(config-dhcpr-server-group)#description <1-32> Configures the description for

the DHCP relay server group.
ZXR10#kick-off ip dhcp relay user [[interface <interface-n Gets users offline from the relay
ame>]|[mac <mac-address>]|[ip <ip-address>[vrf-instance based on the specified attribute
28
<vrf-name>]]] (interface, MAC address, or IP
address).
ZXR10(config-dhcp-if)#relay source-ip <relay-source-ip Configures the source IP

29 -address> address of the packets sent by
the relay.
ZXR10(config-dhcp-if)#user quota <limit-value> Configures the quota of users

30 supported on the interface on
the relay, range: 1-32000.
ZXR10(config-dhcp-if)#helper-address policy [vclass-id Configures the type of matching

31 | vlan-id] the related relay policy for the
interface on the relay.
ZXR10(config-dhcp-if)#dhcp-access-list <dhcp-access-li Configures a DHCP access list

32 st-name> used to match option60 for the
interface on the relay.
4-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<ip-address> IP address of the DHCP agent on the interface, in dotted

decimal notation.
china-tel Option82 format of China-Tel.
dsl-forum Option82 format of the DSL forum.
telenor Option82 format of telenor.
user-configuration User-configured Option82 format.
keep Maintains the original Option82, and transmits it transparently.
replace Replaces the original Option82.
add Maintains the original Option82, and adds Option82 of the

relay in front of the original Option82.
uniform Uniform mode.
interface Interface mode.
circuit-id string Contents of Option 82 circuit-id configured by users.
<remote-id-string > Contents of Option 82 remote-id configured by users, range:

1–64 characters.
4-19

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<group-number> Serial number of the DHCP Relay server group bound to the
interface, range: 1–20.
<group-number> Serial number of the DHCP Relay server group bound to the
interface, range: 1–20.
<server-number> Serial number of the server, range: 1–128.
<ip-address> IP address of the server, in dotted decimal notation.
security Security mode.
standard Standard mode.
master Master server.
<dscp-number> Priority.
<group-no> Serial number of the DHCP relay server policy group, range:
1–20.
<server-group-number> Serial number of the bound server group, range: 1–20.
<option-string> Option60 contents, with a maximum of 32 characters.
vlan-id-index VLAN index.
internal-vlan-range Internal VLAN label, range: 1–4094.
external-vlan-range External VLAN label, range: 1–4094.
<retry-times> Number of time that the server retries, range: 5–20.
<interface-name> Gets all DHCP relay users offline compulsively on the

interface.
<mac-address> Gets the DHCP relay users whose MAC is mac-address

offline compulsively.
4-20

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<ip-address> Gets the DHCP relay users offline compulsively based on

the IP address.
<vrf-name> Gets the DHCP relay users offline compulsively based on

the VRF instance.
4.2.3 Maintaining a DHCP Relay

To maintain a DHCP relay on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show ip dhcp configuration Displays the configuration of the

DHCP process module.
ZXR10#show ip dhcp relay user [interface <interface-name>[ Displays the information about
total-count]]|[ total-count] current online users on the DHCP
relay.
ZXR10#show running-config [<interface-name>] Displays the configuration of

the DHCP server or relay on an
interface.
ZXR10#show ip dhcp packet statistic MP-0/1/0 {global | mgmt_eth | Displays statistics of DHCP
supervlan <1-4000>| vlan <1-4094>} packets sent and received.
ZXR10#show ip dhcp relay server group [<group-no>] Displays the information about a
DHCP relay server group.
ZXR10#show ip dhcp relay server policy [<policy_no>] Displays the information about a
DHCP relay server policy group.
ZXR10#show ip dhcp relay information {[interface Displays the information related to

<interface-name>]| uniform} DHCP relay option82.
ZXR10#show ip dhcp proxy client Display the lease time of the

DHCP proxy.
Run the show ip dhcp configuration command to display the configuration of the DHCP
process module. The following shows the output of the show ip dhcp configuration
command:
process state: disable(stop)
ramble state: disable
suppress_nak state: disable
max_hops: 4
4-21

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
server update arp: off

relay option82 policy: replace
relay option82 format: china-tel
relay update arp: off
process state Whether the DHCP process is operating.
ramble state Whether the roaming function is enabled.
server support max user Maximum number of users supported on the server.
server update arp Whether the ARP update function is enabled on the server.
not insert relay option82 information Whether Option82 is inserted. Here, it is not inserted.
in BOOTREQUEST
relay option82 policy Policy of Option82.
relay option82 format Format of Option82. User-configuration means Option82

configured by users. Default: China-Tel.
relay option82 user policy Policy of user-configured Option82. There are two modes,
uniform, and interface.
relay support max user Maximum number of users supported on the relay.
relay update arp Whether the ARP update function is enabled on the relay.
Run the show running-config [<interface-name>] command to display the configuration of

the DHCP server or relay on an interface. The following shows the output of the show
running-config [<interface-name>] command:
ZXR10#show running-config vlan2000
!<Interface>
interface vlan2000
ip address 30.1.1.100 255.255.0.0
$
!</Interface>
!<ETHER_PORT>
interface vlan2000
!</ETHER_PORT>
!</DHCP>
dhcp
interface vlan2000
mode relay
4-22

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
relay server group 1

relay agent 30.1.1.100
$
$
!</DHCP>
Field Description
relay agent Relay agent.
relay server group DHCP server group.
Run the show ip dhcp packet statistic command to display statistics of DHCP packets sent
and received. The following shows the output of the show ip dhcp packet statistic command:
ZXR10#show ip dhcp packet statistic MP-0/1/0 global
-------------------------------------------------
All received DHCP packet of the slot 1 is: 0
-------------------------------------------------
Valid request packet: 0
DHCPDISCOVER: 2
DHCPREQUEST : 1
DHCPDECLINE : 0
DHCPRELEASE : 0
DHCPINFORM : 0
reply packet: 0
DHCPOFFER: 0
DHCPACK : 0
DHCPNAK : 0
--------------------------------------------------
ZXR10#
Field Description
Valid request packet Number of valid request packets.
DHCPDISCOVER Number of Discover packets.
DHCPREQUEST Number of Request packets.
DHCPDECLINE Number of Decline packets.
DHCPRELEASE Number of Release packets.
DHCPINFORM Number of Inform packets.
reply packet Number of reply packets.
DHCPOFFER Number of Offer packets.
4-23

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
DHCPACK Number of Ack packets.
DHCPNAK Number of Nak packets.
Run the show ip dhcp relay server group command to display the information about a DHCP
relay server group. The following shows the output of the show ip dhcp relay server group
command:
ZXR10#show ip dhcp relay server group 1
group-no: 1 deadtime: 60 max-retries: 8 algorithm: round-robin
description:
DHCP server group server: 1 2.2.2.2 security dscp 0
ZXR10#
Field Description
group-no Serial number of the group
deadtime Deadtime.
max-retries Maximum number of retry times.
algorithm Algorithm of selecting the server.
description Description.
DHCP server group server Information about the server, including the serial number of
the serve, IP address, mode, and DSCP value.
Run the show ip dhcp relay server policy command to display the information about a DHCP
relay server policy group. The following shows the output of the show ip dhcp relay server
policy command:
ZXR10#show ip dhcp relay server policy 1

PolicyNo ServerNo VclassID InternalVLAN ExternalVLAN
1 1 llll
VlanNum:0
ZXR10#
Field Description
PolicyNo Serial number of the group.
ServerNo Serial number of the DHCP relay server group.
VclassID Option60.
InternalVLAN Internal VLAN label.
ExternalVLAN External VLAN label.
4-24

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Run the show ip dhcp relay information command to display the information about DHCP
relay option82. The following shows the output of the show ip dhcp relay information
command:
ZXR10#show ip dhcp relay information
DHCP relay information of all by user configuration are:
TYPE circuit-id-len remote-id-len
uniform 3 3
ZXR10#
Field Description
TYPE Whether the Option82 policy is globally valid or valid for an

interface.
circuit-id-len Length of the circuit-id.
remote-id-len Length of the remote-id.
Run the show ip dhcp proxy client command to display the information about the lease
time of the DHCP proxy. The following shows the output of the show ip dhcp proxy client
command:
ZXR10#show ip dhcp proxy client
DHCP client configure information in proxy mode:
leasetime :33 seconds
ZXR10#
4.2.4 DHCP Relay Configuration Example

When DHCP client and server do not belong to the same network, a router connecting
directly to user side needs to act as DHCP Relay.
As shown in Figure 4-3, DHCP Relay function is enabled on S1, a single server (IP address
is 10.10.2.2) acts as DHCP server on S2. This method is usually adopted when many PCs
require DHCP service.
Figure 4-3 DHCP Relay Configuration Example Topology
l Configure IP address, DHCP Server address, DHCP Relay mode on S1 interface.

l Configure IP address, DHCP Server mode and bind DHCP Policy on S2 interface.
4-25

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
l In global configuration mode on S2, enable DHCP, configure IP Pool, DHCP Pool,
DHCP Policy and the route pointing to S1 interface network segment.
Configuration Flow
1. A route has to be required between the DHCP Server and the Relay interface (Global
static route can be used for testing).
2. For the configuration of server, see DHCP Server Configuration. In policy configura-
tion, Relay Agent is the IP address of Relay interface.
3. For Relay configuration, the parameters need to be configured in DHCP interface. IP
addresses of Relay interface and IP Pool corresponding to DHCP Server need to be
in the same network segment.
4. DHCP Relay configuration:
l Configure Relay mode.
l Enable Relay function in DHCP interface mode, configure Relay Agent to be the
IP address of Relay interface and configure Relay Server to be the IP address
of configured DHCP server. Make sure that the IP addresses of DHCP Server
interface and Relay interface are not in the same network segment but the IP
addresses of the allocated IP pool and Relay interface are in the same network
segment.
S1 configuration,
/*This configures Relay interface.*/
S1(config-swvlan)#vlan 1000
S1(config-swvlan-sub)#switchport pvid gei-0/1/1/1
S1(config-swvlan-sub)#exit
S1(config-if)#exit
/*Specify Server*/
S1(config)#ip dhcp relay server group 1
S1(config-dhcpr-server-group)#server 1 10.10.2.2 standard master
S1(config-dhcpr-server-group)#exit
/*This enables DHCP function.*/

S1(config)#dhcp
/*This configures DHCP mode and other attributes in interface./*

S1(config-dhcp-if)#mode relay
4-26

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1(config-dhcp-if)#relay agent 10.10.1.1

S1(config-dhcp-if)#relay server group 1
/* Configure the interface that connects to the DHCP Server/*

S1(config-if)#exit
S2 configuration,
/*This enables DHCP.*/

S2(config)#dhcp
/*This configures interface and the IP address of interface*/

S2(config-if)#exit
/*This configures IP pool.*/

/*This binds IP Pool with DHCP Pool.*/

S2(config-dhcp-pool)#default-router 10.0.1.1
/*This binds DHCP Pool with DHCP Policy.*/

S2(config-dhcp-policy)#relay-agent 10.0.1.1
4-27

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2(config)#dhcp
/*This configures DHCP mode of interface./*

S2(config)#ip route 10.10.1.0 255.255.255.0 10.10.2.1
Show IP Pool configuration on S2,
S2(config)#show ip local pool
pool1 10.10.1.3 10.10.1.254 24 252 0
TotalPool: 1
Show DHCP Pool configuration on S2,

S2(config)#show ip dhcp pool
policy1 pool1 0 1 0 0 1 0 0
Total: 1
Show DHCP Policy configuration on S2,

PolicyName Priority DhcpPool RelayAgent Vrf-instance
pool1 1 pool1 10.10.1.1
Total: 1
Show DHCP configuration on S2.

S2(config)#show running-config dhcp
!<DHCP>
ip dhcp pool pool1
ip-pool pool1
default-router 10.0.1.1
!
ip dhcp policy policy1 1
dhcp-pool pool1
relay-agent 10.0.1.1
!
dhcp
enable
interface vlan2000
mode server
4-28

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
policy policy1
!</DHCP>
This shows DHCP configuration of a specified interface on S1.

S1(config)#show running-config-interface vlan2000
!<Interface>
interface vlan2000
ip address 10.10.2.1 255.255.255.0
$
!</Interface>
!<ETHER_PORT>
interface vlan2000
!</ETHER_PORT>
!</DHCP>
dhcp
interface vlan2000
mode relay
$
$
!</DHCP>
4.3 DHCP Proxy Configuration

4.3.1 DHCP Proxy Overview
DHCP Proxy Overview
The DHCP proxy function is an extension based on the DHCP relay function. The
processing of the DHCP proxy function is more complex than that of the DHCP relay
function. A DHCP proxy needs to directly respond renewal requests from users. Seen
from a client, the DHCP proxy operates as a server. However, the DHCP proxy also
operates as a client at the specified time to send renewal requests to the server.
A short lease must be configured for the DHCP proxy. This short lease is shorter than
that configured for the DHCP server. The time-out interval of the binding state timer for
the DHCP proxy is shorter than that for the DHCP server, so the DHCP proxy can fast
detect user disconnection and notify the DHCP server to release IP addresses as soon
as possible. In case of a large number of renewal requests from users, the DHCP proxy
reduces the load of the DHCP server.
DHCP Proxy Characteristics

If the DHCP proxy function is configured, on a DHCP relay, there are two different leases
for each user. The lease between the relay and the server is the long lease (L1), and the
4-29

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
lease between the client and the relay is the short lease (L2). After receiving a response,
the server replaces L1 in the Lease Time field with L2 and sends packets to the client.
Therefore, the client uses the short lease, and the renew time and rebinding time
calculated based on the short lease.
If the client has retrieved an IP address, the DHCP relay proxy sets the state of the user
to BOUND, and sets the time-out interval of the state timer to L2. If the DHCP relay proxy
receives no request from the client when the timer expires, it is considered that the user
is disconnected. The DHCP relay proxy releases the data area of the user, and replaces
the client to send a DHCP Release message to the server, so that the server releases
the IP address of the user. The time-out interval of the binding state timer for the proxy is
shorter than that for the server, so the proxy can fast detect user disconnection and notify
the server to release the IP address as soon as possible.
The renewal interval and rebinding interval of the client are shorter than those returned
from the server, so the time when the client sends a renewal request or rebinding request
is earlier than the preset time, and requests are sent more frequently. To prevent the server
from being too busy due to frequent requests from the client, the proxy can use selectivity
determination.
When the DHCP relay proxy receives a renewal request from the client, if the state of the
user is BOUND, the proxy returns L2 to the client and resets the state timer. If the user
is in another state, the proxy returns no response. The proxy needs to check whether the
actual renewal time (calculated based on L1) of the client arrives. If yes, the proxy sends
a request to the server by using L1. If the server returns a DHCP ACK message, the L1
of the proxy is updated. If the server returns a DHCP NAK message, the data area of the
user is released.
4.3.2 Configuring a DHCP Proxy

To configure a DHCP proxy on the ZXR10 5900E, perform the following steps.
Enabling the DHCP Function
1 ZXR10(config)#dhcp Enters DHCP configuration mode.
2 ZXR10(config-dhcp)#enable Enables the DHCP function.
3 ZXR10(config-dhcp)#interface<interface-n Enters DHCP interface configuration mode.

ame>
4 ZXR10(config-dhcp-if-interface- Sets the operating mode of the DHCP

name)#mode proxy interface to proxy.
5 ZXR10(config-dhcp-if-interface- Sets the DHCP proxy IP address on the

name)#relay agent <ip-address> interface connected to the subnet of the
client.
4-30

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuring DHCP Relay Parameters
1 ZXR10(config-dhcp)#relay option82 format Sets the format of Option82 inserted

{china-tel | dsl-forum | user-configuration | when the DHCP process performs relay
telenor} forwarding.
2 ZXR10(config-dhcp)#relay option82 option Inserts Option82 inserted when the DHCP

process performs relay forwarding.
3 ZXR10(config-dhcp)#relay option82 Sets the processing policy for the DHCP

policy{add | keep | replace} process if Option82 needs to be instered but
there is already Option82 when the DHCP
process performs relay forwarding.
4 ZXR10(config-dhcp)#relay option82 Sets the contents of the uniform circuit-id

uniform circuit-id <circuit-id string > sub-option in Option82.
5 ZXR10(config-dhcp)#relay option82 Sets the contents of the uniform remote-id

uniform remote-id <remote-id string > sub-option in Option82.
6 ZXR10(config-dhcp)#relay option82 Sets the uniform policy of selecting

user-configuration policy {uniform | user configuration in Option82. After
interface} agent-format is set to user-configuration
(namely, in user configuration mode), use
command to set the policy of selecting user
configuration.
china-tel China telecome format.
dsl-forum DSL forum format.
user-configuration User configuration format.
telenor Telenor format. The remote-id field is added on

the base of the China telecom format.
keep The original Option82 is kept, and transparent

transmission is performed.
replace The original Option82 is replaced.
add Relay Option82 is added.
uniform The contents of Option82 configured in uniform

mode are inserted to DHCP packets.
interface The contents of Option82 configured in interface

mode are inserted to DHCP packets.
4-31

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuring a DHCP Relay Server Group

1 ZXR10(config)#ip dhcp relay server group Configures a group that the external DHCP
<group-number> server of an interface belongs to and enters
DHCP relay server group configuration
mode.
2 ZXR10(config-dhcpr-server-group)#ser Adds a server to the DHCP relay server

ver <server-number><ip-address>{security | group.
standard}[master][dscp]
3 ZXR10(config-dhcpr-server-group)#ma Sets the number of times that the DHCP

x-retry <retry-times> relay retries to request an address from an
external DHCP server.
Binding a Group to an Interface

1 ZXR10(config-dhcp)#interface<interface-n Enters DHCP interface configuration mode.

ame>
2 ZXR10(config-dhcp-if-interface- Binds a DHCP relay server group to the

name)#relay server group <group-number> interface.
3 ZXR10(config-dhcp-if-interface- Sets the contents of the interface-based

name)#relay option82 circuit-id <circuit-id circuit-id sub-option in Option82.
string >
4 ZXR10(config-dhcp-if-interface- Sets the contents of the interface-based

name)#relay option82 remote-id <remote-id remote-id sub-option in Option82.
string >
4.3.3 Maintaining a DHCP Proxy

To maintain a DHCP proxy on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show ip dhcp configuration Displays the configuration

information about the DHCP
module.
ZXR10#show ip dhcp relay user [interface<interface-name>[ Displays information about online

total-count]]|[ total-count] users on the DHCP relay.
ZXR10#show running-config-interface dhcp [<interface-name>] Displays the configuration

server or DHCP relay on the
specified interface.
4-32

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The following shows the output of the show ip dhcp configuration command:
ZXR10#show ip dhcp configuration
process state :enable(running)
ramble state:disable
suppress_nak state:disable
max_hops: 4
server update arp: default(off)
relay option82 policy: default(replace)
relay option82 format: default(china-tel)
relay update arp: default(off)
For a description of the fields, refer to the following table.
Field Description
process state Indicates whether the DHCP process is enabled.
ramble state Indicates whether the roaming function is enabled.
max_hops Indicates the maximum number of hops, namely, the

maximum number of times that the relay forwards a packet.
server support max user Indicates the maximum number of users on the server.
server update arp Indicates whether ARP entries can be added on the server.
not insert relay option82 information Indicates that Option82 is not inserted.
in BOOTREQUEST
relay option82 policy Indicates the policy of selecting Option82.
relay option82 format Indicates the format of Option82. The user-configuration

parameter indicates the user configuration format. The
default format is China telecom.
relay option82 user policy Indicates the selected policy of user-configured Option82.
There are two modes, uniform mode and interface mode.
relay support max user Indicates the maximum number of users on the relay.
relay update arp Indicates whether ARP entries can be added on the relay.
4-33

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4.3.4 DHCP Proxy Configuration Example

If the DHCP client and the DHCP server are not in the same network, the router directly
connected to the client needs to operate as the DHCP proxy.
As shown in Figure 4-4, the DHCP proxy function is enabled. The independent server
whose IP address is 10.10.2.2 operates as the DHCP server.
Figure 4-4 DHCP Proxy Configuration Topology
On the interfaces of S1, the IP addresses, DHCP server address, and DHCP proxy mode
need to be configured. On the interfaces of S2, the IP addresses, and DHCP server mode
need to be configured, and a DHCP policy needs to be bound. On S2, DHCP needs to be
enabled. An IP pool, DHCP pool, DHCP policy, and route to the network segment of the
proxy interface on S1 need to be configured.
Configuration Flow
1. Configure proxy parameters on the DHCP interfaces. The IP address of the proxy
interface must be in the same network segment as the addresses in the IP pool
corresponding to the server.
2. Configure the proxy mode, and set the relay agent to the address of the proxy interface.
The relay server is set to the address of the server. The address of the server interface
and the address of the proxy interface are in different network segments. The address
of the proxy interface is in the same network segment as the addresses in the IP pool.
3. On the server, configure a route to the proxy interface.
4. Set the relay agent to the proxy interface when configuring a policy.
S1 configuration:
/*Configure a proxy interface*/

S1(config-if)#exit
/*Specify a server*/
S1(config)#ip dhcp relay server group 1
S1(config-dhcpr-server-group)#server 1 10.10.2.2 standard master
S1(config-dhcpr-server-group)#exit
/*Enable DHCP*/
S1(config)#dhcp
4-34

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
/*Set the DHCP mode of an interface and other attributes/*
S1(config-dhcp)#interface gei-0/1/1/1
S1(config-dhcp-if)#mode proxy
S1(config-dhcp-if)#relay agent 10.10.1.1
S1(config-dhcp-if)#relay server group 1
S2 configuration:
/*Enable DHCP*/
S2(config)#dhcp
S2(config-if)#exit
/*Configure an IP pool*/
/*Bind the IP pool to the DHCP pool*/
S2(config-dhcp-pool)default-router 10.10.1.1
/*Bind the DHCP pool to the DHCP policy*/
S2(config-dhcp-policy)#relay agent 10.10.1.1
S2(config)#dhcp
/*Set the DHCP mode of an interface/*
S2(config-dhcp)#interface gei-0/1/1/3
S2(config)#ip route 10.10.1.0 255.255.255.0 10.10.2.1
View the DHCP configuration of the specified interface on S1:
S1(config)#show running-config-interface
dhcp gei-0/1/1/1
4-35

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
!<DHCP>
dhcp
mode proxy
!</DHCP>
View the configuration of the DHCP policy on S2.

PolicyName Priority DhcpPool RelayAgent Vrf-instance Option60
pool1 1 pool1 10.10.1.1
Total: 1
4.4 DHCP Snooping Configuration

4.4.1 DHCP Snooping Overview
Introduction to DHCP Snooping
DHCP is a Transfer Control Protocol/Internet Protocol (TCP/IP) standard that simplifies the
management of host IP address configuration. It provides an effective method for DHCP
server use, that is, it manages the dynamic assignment of IP addresses to clients on the
network and other related configuration information of DHCP clients on the network. By
installing and configuring a DHCP server on the network, DHCP clients can be used, and
the DHCP clients can obtain the IP addresses related parameter values that are needed
to get online when the DHCP clients joins the network. This reduces the configuration
management, and provides secure and reliable configuration.
However, with the wide applications of DHCP service, some problems appear.
l First, it is allowed to be several DHCP servers on a subnet, which means that
administrators cannot ensure that the IP addresses of clients are obtained from legal
DHCP servers instead of illegal servers created by some users privately.
l Second, on the subnets deployed DHCP service, hosts specified with legal IP
addresses, masks and gateways can access the network properly. However, the
DHCP server still may assign the addresses in use to other hosts. This will cause
address conflict and affect IP address assignment.
DHCP snooping and Dynamic ARP inspection can solve the above problems.
DHCP snooping is a technology used to snoop into the validity of DHCP packets. Dynamic
ARP inspection is used to validate the security of ARP packets on network, and it can
prevent, record and drop ARP packets in which illegal IP addresses are bound to Medium
Access Control (MAC) addresses. The topology of DHCP snooping is shown in Figure
4-5.
4-36

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 4-5 Network Topology of DHCP Snooping
DHCP Snooping Principle

As shown in Figure 4-6, R1 and R2 are two interconnected switches. The clients obtain IP
addresses through the DHCP server to set online. According to the requirement, the ports
on the switch connecting to the clients are set to be un-trusted, and the port on the switch
connecting to the DHCP server is set to be trusted.
Figure 4-6 DHCP Snooping Typical Application
When a DHCP server and a client are not on the same subnet and the client wants to obtain
an IP address from the DHCP server, it is necessary to use a DHCP relay agent to forward
the DHCP Request message. Before the DHCP relay agent forwards the DHCP message
of the client to the DHCP server, it can inserts some optional information so that the DHCP
server can know the client information more correctly. In this way, the IP address and other
parameter values can be assigned more flexibly according to the related policy.
4-37

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The option is named DHCP relay agent information option, and the option number is 82.
Therefore, it is also called Option82. The related standard document is Request For
Comments (RFC) 3046.
Option82 is an extended application of DHCP options. It is only an extension. That whether
Option82 is contained does not affect the application of DHCP. In addition, it is necessary
to check whether the DHCP server supports Option82. If a DHCP server that does not
support Option82 receives packets containing Option82 information, or a DHCP server
that supports Option82 receives packets not containing Option82 information, the basic
DHCP service will not be affected.
To support the extended application brought by Option82, the DHCP server must support
Option82 and Option82 information must be inserted into the DHCP packets received.
When a DHCP Request message is received on an un-trusted port, no matter whether the
DHCP server and the client are in the same subnet, The switch on which DHCP snooping is
enabled can choose whether to insert Option82 information. By default, the switch inserts
Option82 information to the DHCP Request message received on the un-trusted port.
4.4.2 Configuring DHCP Snooping

To configure the DHCP snooping function on the ZXR10 5900E, perform the following
steps:
1 ZXR10(config)#dhcp-snoop Enters DHCP snooping

configuration mode.
2 ZXR10(config-dhcp-snoop)#ip dhcp snooping {enable Enables the DHCP snooping

| disable} function globally.
3 ZXR10(config-dhcp-snoop)#ip dhcp snooping clear Clears the entities in the DHCP

snooping binding database
manually.
4 ZXR10(config)#dhcp-snoop Enters DHCP snooping VLAN

ZXR10(config-dhcp-snoop)#vlan2 configuration mode.
5 ZXR10(config-dhcp-snoop-vlan1)#ip dhcp snooping Adds a user binding entity

binding <mac-address><ipv4-address>[gateway-address>]<in to the DHCP snooping
terface-name> infinite binding database manually.
config-dhcp-snoop-vlan1
ZXR10(config-dhcp-snoop-vlan1)#no ip dhcp snooping
means that the VLAN ID is 1.
binding <mac-address>
6 ZXR10(config-dhcp-snoop)#ip dhcp snooping information Configures the format of

format {china-tel | dsl-forum} Option82 inserted in DHCP
packets during DHCP snooping
forwarding.
4-38

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
7 ZXR10(config-dhcp-snoop)#ip dhcp snooping information Configures whether to insert

option Option82 in DHCP packets
during DHCP snooping
forwarding.
8 ZXR10(config-dhcp-snoop)#ip dhcp snooping information Maintains or replaces the

policy {keep | replace} existing Option82 when
Option82 has been inserted in
DHCP packets.
9 ZXR10(config-dhcp-snoop)#ip dhcp snooping max-user Configures the maximum

<max-user> number of users supported by
DHCP snooping.
10 ZXR10(config-dhcp-snoop)#ip dhcp snooping ramble Configures the DHCP snooping

roaming function.
11 ZXR10(config-dhcp-snoop)#ip dhcp snooping trust Configures the interface

[<interface-name>] connected to the DHCP server
to a trusted interface.
12 ZXR10(config-dhcp-snoop)#vlan [<vlan-id>] Enters DHCP snooping VLAN

configuration mode.
13 ZXR10(config-dhcp-snoop-vlan1)#ip dhcp snooping Enables DHCP snooping

enable function in the specified VLAN
range.
14 ZXR10(config-dhcp-snoop-vlan1)#ip dhcp snooping Disables DHCP snooping

disable function in the specified VLAN
range.
15 ZXR10(config-dhcp-snoop)#ip dhcp snooping verify mac Configures the ether mac and
bootp mac verification function
for DHCP snooping.
16 ZXR10(config-dhcp-snoop)#ip dhcp snooping file Downloads the DHCP snooping

download database configured.
17 ZXR10(config-dhcp-snoop)#ip dhcp snooping file server Configures the address of the

{ftp|tftp}[ipv6][vrf<name>]<URL> FTP or TFTP server for the
DHCP snooping user table.
18 ZXR10(config-dhcp-snoop)#ip dhcp snooping file timeout Configures the time-out

<time> period of the DHCP snooping
database.
19 ZXR10(config-dhcp-snoop)#ip dhcp snooping file upload Configures the time when to

time <time> upload information.
20 ZXR10(config-dhcp-snoop)#ip dhcp snooping file localdir Configures the download

<directory-name> directory for the local server.
4-39

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
21 ZXR10(config-dhcp-snoop)#ip dhcp snooping file Downloads the DHCP snooping

localload database binding table. It is
necessary to configure the
download directory in advance.
22 ZXR10(config-dhcp-snoop-if)#ip dhcp snooping Configures the maximum

max-user <max-user> number of users supported by
DHCP snooping.
23 ZXR10(config-dhcp-snoop-if)#ip dhcp snooping trust Sets the interface to be trusted

by the DHCP server.
24 ZXR10(config-dhcp-snoop-if)#ip dhcp snooping Configures the maximum

packet-rate <rate> DHCP packet rate.
25 ZXR10(config-dhcp-snoop-if)#ip dhcp snooping sleep Configures the DHCP packet

<time> dampening time for the
interface.
26 ZXR10(config)#dhcpv6-snoop Enters DHCPv6 snooping

configuration mode from global
configuration mode.
27 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping enable Enables the DHCPv6 snooping

function globally.
28 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping clear Clears the DHCPv6 snooping

entries in the binding database
manually.
29 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping Adds binding entries to the

binding <mac>vlan <vlan>{<ipv6 address>|<ipv6 DHCPv6 snooping binding
addressprefix>}<interface-number>[infinite] database.
30 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping Configures the maximum

DHCPv6 snooping.
31 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping ramble Enables the DHCPv6 snooping

roaming function.
32 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping trust Sets the DHCPv6 server

[<interface-name>] interface to a trusted interface.
33 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping vlan Enables the DHCPv6 snooping

<vlan> function in the special VLAN
range.
34 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Downloads the DHCPv6

download snooping database configured.
4-40

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
35 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Configures the address of the

server {ftp|tftp}[ipv6][vrf<name>]<URL> FTP or TFTP server for the
DHCPv6 snooping user table.
36 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Configures the time-out period

timeout <time> of the DHCPv6 snooping
database.
37 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Configures the time when to

upload time <time> upload information.
38 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Configures the download

localdir <directory-name> directory for the local server.
39 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping file Downloads the DHCPv6

localload snooping database binding
table. It is necessary to
configure the download
directory in advance.
40 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Configures the maximum

DHCPv6 snooping
41 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Sets the interface to be trusted

trust by the DHCPv6 server.
42 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Configures the maximum

packet-rate <rate> DHCPv6 packet rate.
43 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Configures the user-defined

interface-id <interface-id> interface ID format for the
DHCPv6 snooping interface.
44 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping intfid-f Sets the interface ID format in

ormat {china-tel|dsl-forum|telenor|user-configuration} Option18/37 to the Option18/37
format.
45 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping Configures the enterprise ID in

remoteid-number <enterprise-number> Option18/37.
46 ZXR10(config-dhcpv6-snoop)#ipv6 dhcp snooping Configures the enterprise name

remoteid-string <enterprise-string> in Option18/37.
47 ZXR10(config-dhcpv6-snoop-if)#ipv6 dhcp snooping Configures the DHCPv6

sleep <time> packet dampening time for the
interface.
48 ZXR10(config)#ip-source-guard Enters ip-source-guard

configuration mode from
global configuration mode.
4-41

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
49 ZXR10(config-ip-source-guard)#ip-source-guard Enables the ip-source-guard

<interface-name>{ip-base | mac-base | mac-ip-base }[vlan filtering function for an interface.
{<vlan_id>|default}]
ZXR10(config-ip-source-guard)#no ip-source-guard Disables the ip-source-guard

<interface-name> filtering function for an interface.
50 ZXR10(config-dhcp-snoop)#ip dhcp snooping logging [off Configures the DHCP snooping

| on] log function.
<mac> MAC address of the user.
<vlan> VLAN which the user belongs to.
<ip address> IP address bound to DHCP.
<gateway ip address> IP address of the gateway.
<interface-number> Serial number of a physical interface, such as fei, gei, and

smartgroup
china-tel Option82 format of China Telecom.
dsl-forum Option82 format of the DSL forum.
keep Maintains Option82, and transmits it transparently.
replace Replaces Option82.
<max-user> Maximum number of users supported by the DHCP snooping

board, range: 1–256000.
<interface-name> Serial number of a physical interface, such as gei, and

smartgroup
4-42

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<vlan> VLAN which a user belongs to, range: 1-4094.
[ftp/tftp] Server type.
[ipv6] Whether to use the IPv6 service.
<name> VRF instance name.
<URL> URL address.
<time> Database time-out period, range: 1–2147483647.
<directory-name> Directory name, range: 1–32 characters. This command

creates a folder automatically.
The directory must not be null. The first character must be /,
and the last character must not be /. Only one-level directory
is supported.
<max-user> Maximum number of users supported by DHCP snooping,

range: 1–32000.
<rate> Maximum packet rate on the interface, range: 1–2048.
4-43

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<time> Dampening time, range: 0–3600.
<mac> MAC address of the user.
<vlan> VLAN which the user belongs to.
<ipv6 address> IPv6 address bound to DHCP.
<interface-number> Serial number of a physical interface, such as fei, and

smartgroup.
infinite Permanent.

range: 1–256000.
<interface-name> Physical interface, for example, fei, gei, and smartgroup.
<vlan> VLAN which a user belongs to, range: 1–4094.
{ftp|tftp} Server type.
[ipv6] Whether to use the IPv6 service.
<name> VRF instance name.
<URL> URL address.
4-44

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<directory-name> Directory name, range: 1–32 characters. This command

creates a folder automatically.
The directory must not be null. The first character must be /,
and the last character must not be /. Only one-level directory
is supported.

range: 1–32000.
<rate> Maximum packet rate for the interface, range: 1–2048.
<time> Dampening time, range: 0–3600.
mac-base Filters packets based on the MAC address.
ip-base Filters packets based on the source IP address.
mac-ip-base Filters packets based on the source IP address and MAC

address.
default Filters packets in all VLANs.
<vlan_id> VLAN ID, range: 1–4094.
4-45

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4.4.3 Maintaining DHCP Snooping

To maintain the DHCP snooping function on the ZXR10 5900E, run the following
commands.
Command Function
ZXR10(config)#show ip dhcp snooping configure Displays the global configuration

information about DHCP snooping.
ZXR10(config)#show ip dhcp snooping database Displays the information about the

[<interface-name>] DHCP snooping database.
ZXR10(config)#show ip dhcp snooping ramble Displays the configuration

snooping roaming function.
ZXR10(config)#show ip dhcp snooping trust Displays the DHCP snooping

trusted interfaces.
ZXR10(config)#show ip dhcp snooping vlan [<vlan>] Displays the DHCP snooping state
of a VLAN.
ZXR10(config)#show ipv6 dhcp snooping configure Displays the global configuration

information about DHCPv6
snooping.
ZXR10(config)#show ipv6 dhcp snooping database Displays the information about the
[<interface-name>] DHCPv6 snooping database.
ZXR10(config)#show ipv6 dhcp snooping interface Displays the interface

configuration information about
DHCPv6 snooping.
ZXR10(config)#show ipv6 dhcp snooping ramble Displays the configuration

information about the DHCPv6
snooping roaming function.
ZXR10(config)#show ipv6 dhcp snooping trust Displays the DHCPv6 snooping

trusted interfaces.
ZXR10(config)#show ipv6 dhcp snooping vlan [<vlan>] Displays the DHCPv6 snooping
state of a VLAN.
interface-name Serial number of a physical interface , such as fei, gei, and

smartgroup
vlan VLAN which a user belongs to.
The following shows the output of the show ip dhcp snooping configure command:
4-46

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#show ip dhcp snooping configure

DHCP snooping configure information
Global state :disable(stop)
Mac-verifying state :disable
Not insert relay information in BOOTREQUEST
Relay information policy :keep
Relay information format :china-tel
Support max user :2048
The following shows the output of the show ip dhcp snooping database command:
ZXR10(config)#show ip dhcp snooping database smartgroup1
Current bind users are: 1
Index : 1
MAC addr: 0000.1111.2222
Vpls :
Layer : 2
External-vlan: 1
Internal-vlan: 0
State : static
Interface : smartgroup1
IP addr : 1.1.1.1 expiration infinite
Option82 :
The following shows the output of the show ip dhcp snooping ramble command:
ZXR10(config)#ip dhcp snooping ramble
ZXR10(config)#show ip dhcp snooping ramble
Current DHCP snooping user ramble state : enable
The following shows the output of the show ip dhcp snooping trust command:
Interface State
-------------------------------------------
gei_0/1/1/1 Trusted
The following shows the output of the show ip dhcp snooping vlan command:
ZXR10(config)#show ip dhcp snooping vlan
DHCP snooping state on VLANs
VLAN State
-------------------------------------------
1 disable
2 disable
10 enable
The following shows the output of the show ipv6 dhcp snooping configure command:
ZXR10(config-dhcpv6-snoop)#show ipv6 dhcpsnooping configure

DHCPv6 snooping configure information
4-47

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
DHCPv6 snooping globally state : disable(stop)

snooping support max user : 2048
remote-id enterprise number : 0
remote-id string :
interface-id format
The following shows the output of the show ipv6 dhcp snooping database command:
ZXR10(config-dhcpv6-snoop)#show ipv6 dhcp snooping database
Current bind users are: 1
Index : 1
MAC addr: 0000.1111.2222
Vpls :
Vlan : 1
Internal-vlan: 0
State : static
Interface : smartgroup1
IPv6 addr : 2:3::2:3 expiration infinite
The following shows the output of the show ipv6 dhcp snooping interface command:
ZXR10(config)#show ipv6 dhcp snooping interface smartgroup1
Name : smartgroup1
Index : 13
Trust status : Untrusted
User quota : 2048
Packet speed : 2048(pps)
Sleep time : 3600(s)
Current bind users: 0
Interface-id :
The following shows the output of the show ipv6 dhcp snooping ramble command:
ZXR10(config-dhcpv6-snoop)#show ipv6 dhcp snooping ramble
Current DHCPv6 snooping user ramble state :disable
The following shows the output of the show ipv6 dhcp snooping trust command:
ZXR10(config)#show ipv6 dhcp snooping trust
Interface State
-------------------------------------------
gei_0/1/1/1 Trusted
The following shows the output of the show ipv6 dhcp snooping vlan command:
ZXR10(config)#show ipv6 dhcp snooping vlan
DHCPv6 snooping state on VLANs
VLAN State
-------------------------------------------
1 disable
2 disable
4-48

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
10 enable
4.4.4 DHCP Snooping Configuration Examples

4.4.4.1 Enabling DHCP Snooping Globally
The network topology is shown in Figure 4-7.
Figure 4-7 Enabling DHCP Snooping Globally
Note:
The network topology is suitable for all the configuration examples in this section
Configuration Flow
1. Enter DHCP snooping configuration mode.
2. Enable and disable the DHCP snooping function globally.
ZXR10(config)#dhcp-snoop
ZXR10(config-dhcp-snoop)#ip dhcp snooping enable
ZXR10(config-dhcp-snoop)#no ip dhcp snooping enable
ZXR10(config-dhcp-snoop)#exit
Check the DHCP snooping global configuration information as follows:
ZXR10(config-dhcp-snoop)#show ip dhcp snooping configure
Global state :enable(running)
4-49

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4.4.4.2 Enabling DHCP Snooping in a VLAN
Figure 4-7 shows the network topology.
Configuration Flow
2. Enable the DHCP snooping function globally.
3. Enable and disable the DHCP snooping function in a specified VLAN.
ZXR10(config-dhcp-snoop)#vlan 1
ZXR10(config-dhcp-snoop-vlan1)#ip dhcp snooping enable
ZXR10(config-dhcp-snoop-vlan1)#ip dhcp snooping disable
ZXR10(config-dhcp-snoop-vlan1)#exi
Check the DHCP snooping states in VLANs as follows:
ZXR10(config)#show
ip dhcp snooping vlan
DHCP snooping state on VLANs
VLAN State
-------------------------------
1 enable
2 enable
3 enable
4 enable
4.4.4.3 Configuring DHCP Snooping Option82
Configuration Flow
2. Enable the DHCP snooping function, and insert Option82 to DHCP packets. By
default, Option82 is not inserted.
4-50

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-dhcp-snoop)#ip dhcp snooping information option
ZXR10(config-dhcp-snoop)#no ip dhcp snooping information option
Check the DHCP snooping configuration information as follows:
DHCP snooping configure
information
4.4.4.4 Configuring DHCP Snooping Option82 Format
The network topology is shown in Figure 4-8.
Figure 4-8 Configuring DHCP Snooping Option82 Format
Configuration Flow
2. Configure the format of Option82 inserted to DHCP packets, including CHINA-TEL and
DSL-FORUM. The default format is CHINA-TEL. Run the corresponding no command
to restore the default format.
ZXR10(config-dhcp-snoop)#ip dhcp snooping information format
{china-tel | dsl-forum}
ZXR10(config-dhcp-snoop)#no ip dhcp snooping information format
4-51

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
information
4.4.4.5 Configuring DHCP Snooping Option82 Policy
Configuration Flow
2. Configure the policy to handle a DHCP packet when Option82 is has been inserted
to DHCP packets in which Option82 information exists. There are two policies,
maintaining Option82, or replacing Option82.
ZXR10(config-dhcp-snoop)#ip dhcp snooping information policy replace
ZXR10(config-dhcp-snoop)#ip dhcp snooping information policy keep

information
4-52

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4.4.4.6 Configuring DHCP Snooping Trusted and Untrusted Interfaces
Configuration Flow
2. Configure an interface on the DHCP server as a trusted interface. Configure other
interfaces as untrusted interfaces.
ZXR10(config-dhcp-snoop)#ip dhcp snooping trust gei-0/1/1/1
ZXR10(config-dhcp-snoop)#no ip dhcp snooping trust gei-0/1/1/1
Check the DHCP snooping interface state as follows:
ZXR10(config)#show ip dhcp snooping trust
Interface State
---------------------------------------------------
gei-0/1/1/1 Trusted
4.4.4.7 Configuring DHCP Snooping Binding
Configuration Flow
2. Add binding entities to the DHCP snooping database manually. Run the corresponding
no command to delete the binding entities from the database.
ZXR10config-dhcp-snoop)#vlan 2
ZXR10(config-dhcp-snoop-vlan2)#ip dhcp snooping binding
0010.9400.0001 1.2.3.4 gei-0/1/1/1 infinite
ZXR10(config-dhcp-snoop-vlan2)#no ip dhcp snooping binding 0010.9400.0001
Check the binding information in the DHCP Snooping database as follows:
4-53

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config)#show ip dhcp snooping database

user total: 1
Index : 1
MAC addr: 0010.9400.0001
Vpls :
Vlan : 2
Internal-vlan: 0
State : static
Interface : gei-0/1/1/1
IP addr : 1.2.3.4 expiration 02:46:33
Option82
Gateway IP :
4.4.4.8 Clearing DHCP Snooping Binding Entities
Configuration Flow
2. Clear the entities in the DHCP snooping database manually.
ZXR10(config-dhcp-snoop)#ip dhcp snooping clear
ZXR10(config-dhcp-snoop)#ip dhcp snooping clear gei-0/1/1/1
Check the information in the DHCP Snooping database as follows:
ZXR10(config)#show ip dhcp snooping database
4.4.4.9 Configuring DHCP Snooping Ramble
Configuration Flow
2. Enable the DHCP snooping roaming function, so that users can be changed over on
different physical interfaces. By default, the roaming function is disabled.
4-54

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-dhcp-snoop)#ip dhcp snooping ramble
ZXR10(config-dhcp-snoop)#no ip dhcp snooping ramble
Check the configuration information of the DHCP snooping roaming function as follows:
ZXR10(config-dhcp-snoop)#show ip dhcp snooping ramble
Current DHCP snooping user ramble state :
ramble state: enable
4.4.4.10 Configuring the Maximum Number of DHCP Snooping Users
Configuration Flow
2. Configure the maximum number of DHCP snooping users. By default, the maximum
number of users supported on a board is 2048.
3. Enable the DHCP snooping function globally.
ZXR10(config-dhcp-snoop)#no ip dhcp snooping enable
ZXR10(config-dhcp-snoop)#ip dhcp snooping max-user 2
ZXR10(config-dhcp-snoop)#no ip dhcp snooping max-user
Check the DHCP Snooping configuration information as follows:

Support max user :2
4-55

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4.4.4.11 Configuring DHCP Snooping Source MAC Authentication
Configuration Flow
2. Enable the ether mac and bootp mac verification function for DHCP snooping. If the
ether mac and bootp mac are not the same, the packet will be dropped.
ZXR10(config-dhcp-snoop)#ip dhcp snooping verify-mac
ZXR10(config-dhcp-snoop)#no ip dhcp snooping verify-mac
Check the DHCP Snooping configuration information as follows:
Support max user :2
4.4.4.12 Uploading, Downloading, and Restoring the User Binding Table
Figure 4-7 shows the network topology. An available FTP or TFTP server must be provided
on the network.
Configuration Flow
2. Configure the storage directory of the user binding table.
3. Start the write timer.
4. Configure the IP address of the FTP or TFTP server.
5. Configure the upload timer for the FTP or TFTP server.
6. Restore the use binding table through the local configuration if necessary after the
device is restarted.
4-56

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
7. Restore the user binding table through downloading the table if necessary after the
device is restarted.
ZXR10(config-dhcp-snoop)#ip dhcp snooping file localdir /flash
ZXR10(config-dhcp-snoop)#ip dhcp snooping file timeout 5
ZXR10(config-dhcp-snoop)#ip dhcp snooping file server ftp //2.1.1.101/
dhcp.xml@root:root
ZXR10(config-dhcp-snoop)#ip dhcp snooping file upload time 10
ZXR10(config-dhcp-snoop)#ip dhcp snooping file localload
ZXR10(config-dhcp-snoop)#ip dhcp snooping file download
ZXR10(config-dhcp-snoop)#show running-config dhcp-snoop
!<dhcp-snoop>
dhcp-snoop
ip dhcp snooping file localdir /flash
ip dhcp snooping file timeout 5
ip dhcp snooping file upload time 10
ip dhcp snooping file server ftp //2.1.1.101/dhcp.xml@root:root
vlan 2
ip dhcp snooping enable
$
$
!</dhcp-snoop>
4-57

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4-58

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 5
TCPv4 Configuration
Table of Contents
TCPv4 Overview ........................................................................................................5-1
Configuring TCPv4 .....................................................................................................5-1
Maintaining TCPv4 .....................................................................................................5-4
5.1 TCPv4 Overview

Transfer Control Protocol (TCP)v4 is a kind of IPv4 protocols, which is a
connection-oriented full-duplex data transmission control protocol. It is a service for
byte flow. By means of TCPv4, the reliable guarantee is provided for network data
transmission. TCPv4 usually applies to the applications concerning data transmission
quality and result.
TCPv4 uses a mechanism that is similar to virtual connection. Make sure that both of
two ends prepare well and the acknowledgement and retransmission methods can ensure
the transmission safety before starting data transmission. The acknowledgement that the
last packet is already received has to be received by the sender before it sends the new
packet. This is a transmission method more reliable than UDP. Windowing can improve
network throughput a lot. Congestion control and fast retransmission can solve the time
delay and retransmission problems well. State machine and timer mechanism are the key
guarantee for TCP data transmission.
5.2 Configuring TCPv4

To configure the TCPv4 function on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#ip tcp synwait-time <seconds> Configures the waiting time for

establishing a TCP connection.
ZXR10(config)#no ip tcp synwait-time
Unit: seconds, range: 30–80,
default: 30 seconds.
The setting is invalid for the
current TCP connection.
Use the no command to restore
the default value.
5-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config)#ip tcp window-size <bytes> Configures the TCP window

size. Unit: seconds, range:
ZXR10(config)#no ip tcp window-size
100–65535, default: 32678
bytes.
It is invalid for the TCP
connections that have been
established.
the default value.
3 ZXR10(config)#ip tcp finwait-time <seconds> Configures the time to wait to

close a TCP connection. Unit:
ZXR10(config)#no ip tcp finwait-time
seconds, range: 100–600,
default: 150 seconds.
the default value.
4 ZXR10(config)#ip tcp synflood-protect enable Enables the TCP protection

function. By default, the
ZXR10(config)#no ip tcp synflood-protect enable
function is disabled.
5 ZXR10(config)#ip tcp mss<bytes> Configures the TCP MSS.

Range: 68–10000, unit: bytes.
6 ZXR10(config)#ip tcp synflood-protect defence Configures a defence policy,

{<defence-parameter-0> waittime <wait-time> num the SYN wait time, and the
<half-connect-numbers>|<defence-parameter-1> num number of half-connections. In
<half-connect-numbers>|<defence-parameter-2> waittime the default configuration, the
<wait-time>} protection policy is that the
SYN wait time decrements, and
ZXR10(config)#no ip tcp synflood-protect defence
the old half-connections are
deleted. By default, the SYN
wait time is 30 seconds, the
number of half-connections is
1.
7 ZXR10(config)#ip tcp synflood-protect max-connect {[high Configures the threshold of total

<number>][low <number>]} connections for the system.
ZXR10(config)#no ip tcp synflood-protect max-connect
8 ZXR10(config)#ip tcp synflood-protect one-minute{[high Configures the threshold of

<number>][low <number>]} total connections in one minute
for the system.
ZXR10(config)#no ip tcp synflood-protect one-minute
9 ZXR10#clear tcp connect {<local-ip-address>|mng Deletes a TCP connection.

<local-ip-address>|vrf <vrf-name><local-ip-address>}<local-p
ort><remote-ip-address><remote-port>
5-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 5 TCPv4 Configuration c u -tr a c k
10 ZXR10#clear tcp statistics Clears TCP statistics.
11 ZXR10#clear tcp tcb <tcb-index> Clears the information about

the TCB.
Tcb-index: TCB index, range:
1–4294967295.
<defence-parameter-0> Defence policy 0, meaning decrementing the SYN wait time

and deleting the old half-connections.
<wait-time> SYN wait time, unit: seconds, range: 1–80, default: 30

seconds.
<half-connect-numbers> Number of half-connection, range: 1–65535, default: 1.
<defence-parameter-1> Defence policy 1, meaning deleting the old half-connections.
<half-connect-numbers> Number of half-connection, range: 1–65535, default: 1.
<defence-parameter-2> Defence policy2, meaning decrementing the SYN wait time.
<wait-time> SYN wait time, unit: seconds, range: 1–80, default: 30

seconds.
high <number> Range: 1–100, default: 90.
low <number> Range: 1–100, default: 60.
high <number> Range: 1–100, default: 80.
low <number> Range: 1–100, default: 50.
mng Sets the local IP address as the management interface

address.
vrf <vrf-name> Name of the VRF instance which the IP address belongs to,
range: 1–16 characters.
5-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<local-host-address> Local IP address, in dotted decimal notation.
<local-port> Local port number, range: 1–65535.
<remote-ip-address> Remote IP address, in dotted decimal notation.
<remote-port> Remote port number, range: 1–65535.
5.3 Maintaining TCPv4

To maintain the TCPv4 function on the ZXR10 5900E, run the following commands.
Command Function
ZXR10# show tcp Displays the information about TCP

connections.
ZXR10# show tcp brief Displays the brief information about all
TCP connections.
ZXR10# show tcp config Displays TCP configuration information.
ZXR10# show tcp statistics Displays statistics at the TCP layer.
ZXR10# show tcp tcb <tcb-index> Displays the information about the
corresponding of a specified TCB.
ZXR10# show tcp synflood-protect config Displays the configuration information

about the TCP SYN flood protection
function.
ZXR10# show tcp synflood-protect statistics Displays statistics of the TCP SYN flood
protection function.
ZXR10# show tcp synflood-protect all Displays all information about the TCP
SYN flood protection function in the
system.
ZXR10#show sockets Displays all sockets, including the

sockets based on TCP, UDP, and raw IP.
Run the show tcp command to display the information about TCP connections, including
local and remote IP address, port number, states of timers, and packets sent. The following
shows the output of the show tcp command:
ZXR10#show tcp
Stand-alone TCP connection from host 192.168.109.6
Connection state is ESTABLocal host: 192.168.5.1, Local port: 22
Event Timers (Current time is 0x12a34e6):
5-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Timer Starts Wakeups

Retrans 33 0
TimeWait 0 0
AckHold 16 0
KeepAlive 30 30
Persist 0 0
SynWait 1 0
FinWait 0 0
iss: 588787704 snduna: 588790029 sndnxt: 588790081 sndwnd: 15656

irs: 3358386391 rcvnxt: 3358388028 rcvwnd: 32768
SRTT: 555 ms, RTTO: 395 ms, KRTT: 395 ms
minRTT: 10 ms, maxRTT: 690 ms, ACK hold: 200 ms
Flags: Passive open
Datagrams (max data segment is 1460 bytes):

Rcvd: 34 (out of order: 0), with data: 21, total data bytes: 1636
Sent: 33 (retransmit: 0), with data: 29, total data bytes: 2376
Field Description
Local host: 192.168.5.1, Local port: Local address and port.

22
Foreign host: 192.168.109.6, Foreign Remote address and port.

port: 2335
Timer Starts Wakeups Timer state.
iss: 588787704 snduna: 588790029 Packet state of the sending window

sndnxt: 588790081 sndwnd: 15656
irs: 3358386391 rcvnxt: 3358388028 Packet state of the receiving window

rcvwnd: 32768
SRTT: 555 ms, RTTO: 395 ms, KRTT: Times used for sending or receiving packets, and
395 ms minRTT: 10 ms, maxRTT: retransmission time-out period of the connection.
690 ms, ACK hold: 200 ms
Flags: Passive open Mode of opening the connection.
Rcvd: 34 (out of order: 0), with data: Numbers of packets received and bytes.
21, total data bytes: 1636
Run the show tcp brief command to display the brief information about all TCP connections,
including TCB, and IP addresses of sender and receiver. The following shows the output
of the show tcp brief command:
ZXR10#show tcp brief

TCB Local Address Foreign Address State
5-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
9 192.168.5.4:23 192.168.109.6:2382 ESTAB

11 169.1.5.4 : 23 169.1.110.5:3183 ESTAB
10 192.168.5.4:23 192.168.110.5:3182 ESTAB
7 169.1.5.4:23 169.1.108.5:1380 ESTAB
Field Description
TCB Index of a TCB.
Local Address Local IP address and port.
Foreign Address Remote IP address and port.
State State of a TCP connection.
Run the show tcp config command to display TCP configuration information, including the
wait time for establishing and disconnecting a connection, the length of the wait queue,
and the window size. The following shows the output of the show tcp config command:
ZXR10#show tcp config
TCP SYNWAIT: 30
TCP FINWAIT: 150
TCP WINDOWSIZE: 32768
Field Description
TCP SYNWAIT: 30 Wait time of SYN packets for the TCP connection, unit:
seconds.
TCP FINWAIT: 150 Wait time of FIN packets for the TCP connection, unit:
seconds.
TCP WINDOWSIZE: 32768 Size of the receiving window for the TCP connection, unit:
bytes.
Run the show tcp statistics command to display statistics at the TCP layer, including the
number of packets received, the number of error packets, and the numbers of various
packets. The following shows the output of the show tcp statistics command:
ZXR10#show tcp statistics
Rcvd: 2966 Total, 0 no port
0 checksum error, 0 bad offset, 0 too short
2955 packets (12107 bytes) in sequence
0 out-of-order packets (0 bytes)
0 packets (0 bytes) with data after window
0 packets after close
0 window probe packets, 2058 window update packets
38 dup ack packets, 0 ack packets with unsend data
2960 ack packets (12123 bytes)
5-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Sent: 2420 Total, 0 urgent packets

172 control packets (including 126 retransmitted)
2124 data packets (70207 bytes)
468 data packets (10748 bytes) retransmitte)
30 ack only packets (0 delayed)
0 window probe packets, 64 window update packets
42 Connections initiated, 4 connections accepted,
4 Connections established, 41 connections closed ,
594 Total rxmt timeout, 0 connections dropped in rxmt timeout
0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepalive
Field Description
Rcvd: 2966 Total, 0 no port 0 Total number of packets received, including the numbers of
checksum error, 0 bad offset, 0 too various packets, and error packets (for example, the packets
short,2955 packets (12107 bytes) in containing ports that do not exist, and packets containing
sequence,0 out-of-order packets (0 checksum errors or offset errors.)
bytes),0 packets (0 bytes) with data
after window,0 packets after close,0
window probe packets, 2058 window
update packets,38 dup ack packets,
0 ack packets with unsend data,2960
ack packets (12123 bytes)
Run the show tcp tcb <tcb-index> command to display the information about the
corresponding of a specified TCB. The following shows the output of the show tcp tcb
<tcb-index> command:
ZXR10#show tcp tcb 2
Stand-alone TCP connection from host 169.1.109.6
Connection state is ESTAB
Event Timers (Current time is 0xa452ae):

Timer Starts Wakeups
Retrans 330 1
TimeWait 0 0
AckHold 55 6
KeepAlive 250 398
Persist 0 0
SynWait 1 0
FinWait 0 0
iss: 1573322500 snduna: 1573324458 sndnxt: 1573324460 sndwnd: 15932
5-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
irs: 927338897 rcvnxt: 927339017 rcvwnd: 32768

SRTT: 569 ms, RTTO: 466 ms, KRTT: 466 ms
minRTT: 9 ms, maxRTT: 1105 ms, ACK hold: 200 ms
Flags: Passive open
Field Description
show tcp tcb 2 Displays the information about the corresponding of TCB
2. For the field descriptions, refer to that of the show tcp
command.
Run the show tcp synflood-protect config command to display configuration information
about the TCP SYN flood protection function, including whether the protection function is
enabled, the connection wait time, the number of half-connections, and the threshold of
total connections. The following shows the output of the show tcp synflood-protect config
command:
ZXR10# show tcp synflood-protect config
synflood-prevnet is enable
prevent means is quickening the tcp connect aging
and deleting the old tcp half connect
syn-waittime is 600 (seconds)
old-half-connect is 500
max-connect high limit is 90%
max-connect low limit is 70%
one-minute high limit is 80%
one-minute low limit is 50%
Field Description
syn-flood-prevnet is enable The TCP SYN flood protection function is enabled.
prevent means is quickening the tcp Decrements the syn wait time, and deletes the old
connect aging and deleting the old half-connections.
tcp half connect
syn-waittime is 600 The connection wait time is 600 seconds.
max-connect high limit is 90% The high threshold of total connections is 90.
one-minute low limit is 50% The low threshold of connections in one minute is 50.
Run the show tcp synflood-protect statistics command to display statistics of the TCP SYN
flood protection function. The following shows the output of the show tcp synflood-protect
statistics command:
ZXR10#show tcp synflood-protect statistics
MPU:Main Processing Unit
5-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
maxcon:current total connect maxhcon:current total half connect

onecon:oneminute connect onehcon:oneminute half connect
maxper:maxcon/tolcon*100% oneper:onecon/tolcon*100%
tolcon:max connect of the cpu allowed
CPU status maxcon maxhcon onecon onehcon tolcon maxper oneper
MPU safety 1 0 0 0 3072 0.03% 0.00%
Run the show tcp synflood-protect all command to display all information about the TCP
SYN flood protection function in the system. The following shows the output of the show
tcp synflood-protect all command:
ZXR10# show tcp synflood-protect all
configuration infomation:
syn-flood-prevnet is enable
prevent means is quickening the tcp connect
aging and deleting the old tcp half connect
syn-waittime is 600 (seconds)
old-half-connect is 500
max-connect high limit is 90%
max-connect low limit is 70%
one-minute high limit is 80%
one-minute low limit is 50%
statistics infomation:
MP:Manage Processor RP:Routing Processor
maxcon:current total connect maxhcon:current total half connect
onecon:oneminute connect onehcon:oneminute half connect
maxper:maxcon*100/tolcon*100% oneper:onecon*100/tolcon*100%
tolcon:max connect of the cpu allowed
CPU status maxcon maxhcon onecon onehcon tolcon maxper oneper
MP safety 2 0 0 0 3072 0f 0f(null)
For a description of the fields, refer to those of the show tcp synflood-protect config and
show tcp synflood-protect statics commands.
Run the show sockets commands to display all sockets. The following shows the output of
the show sockets command:
ZXR10#show sockets
Proto Local Address Foreign Address In Out State
IPv4 TCP 0.0.0.0:23 *:* 0 0 LISTEN
IPv4 UDP 0.0.0.0:3503 *:* 0 0
IPv4 RAW(112) 0.0.0.0:* *:* 0 0
IPv6 TCP 0:0:0:0:0:0:0:0:23 *:* 0 0 LISTEN
IPv6 UDP 0:0:0:0:0:0:0:0:161 *:* 0 0
IPv6 RAW(58) 0:0:0:0:0:0:0:0:33024 *:* 0 0
5-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
5-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 6
UDPv4 Configuration
UDPv4 is a kind of user data protocols. It is a simple data transmission protocol. Its
transmission mechanism is irresponsible that it sends the data out but cannot ensure
the data is received by destination. Additionally, its retransmission and error correction
functions are decided by the applications of upper layer.
UDPv4 establishes connection between two application programs by combining

source/destination ports and IP addresses. It is a connectionless data transmission
mechanism. That is to say, no echo information is provided when data is transmitted. The
sender does not care about the data transmission validity, and the receiver reassembles
the data packet according to the sequence number containing in data segments. The
upper layer program can retransmit the entity packet if a data segment is not received.
6-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
6-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 7
Cluster Management
Configuration
Table of Contents
Cluster Management Overview ..................................................................................7-1
Configuring Cluster Management Configuration .........................................................7-1
Maintaining Cluster Management ...............................................................................7-3
Cluster Management Configuration Example..............................................................7-4
7.1 Cluster Management Overview

Cluster is a combination of a group of switches in a specific broadcast domain. This
group of switches forms a unified management domain which provides a public network
IP address and a management interface to the outside and provides the functions of
managing and accessing every member in the cluster.
Management switch is configured with public network IP address as a command switch
and other managed switches such as member switches. Public network IP address is not
configured for the member switch but a private address is assigned to the member switch
with similar DHCP function of the command switch. Command switch and member switch
form a cluster (private network).
It is recommended to isolate the broadcast domain of the public network and that of
the private network on the command switch, and shield the direct access to the private
address. The command switch provides a management and maintenance channel to the
outside to manage the cluster in a centralized and unified manner.
A broadcast domain is composed of four kinds of switches:
l Command switch
l Member switch
l Candidate switch
l Backup switch
7.2 Configuring Cluster Management Configuration

To configure Cluster Management, perform the following steps.
7-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config)#group-management Enters cluster management

configuration mode
ZXR10(config-gm)#zdp enable This enables ZDP
ZXR10(config-gm)#zdp disable This disables ZDP
ZXR10(config-gm)#zdp holdtime This configures holdtime of

ZDP
ZXR10(config-gm)#zdp timer This configures time interval of

transmitting ZDP packets
2 ZXR10(config-gm)#ztp enable This enables ZTP
ZXR10(config-gm)#ztp disable This disables ZTP
ZXR10(config-gm)#ztp start This conducts once topology

collection
ZXR10(config-gm)#ztp hop This sets maximum hops of

ZTP topology collection
ZXR10(config-gm)#ztp hop-delay This sets each hop delay in

sending ZTP protocol packets
ZXR10(config-gm)#ztp port-delay This sets delay in sending ZTP

protocol packets on the port
ZXR10(config-gm)#ztp timer This sets ZTP timing topology

collection time
ZXR10(config-gm)#ztp vlan This conducts ZTP topology

collection on different VLANs
3 ZXR10(config-gm-if)#bind-ip-pool This binds pool of interface

addresses
ZXR10(config-gm)#group switch-type This configures type of a switch
ZXR10(config-gm)#group name This configures name of a

cluster
ZXR10(config-gm)#group handtime This configures the handshake

time
ZXR10(config-gm)#group holdtime This configures holdtime

between member switch
and command switch on a
commander switch
ZXR10(config-gm)#group member This adds a designated device

or MAC address as a member
on a commander switch
7-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 7 Cluster Management Configuration c u -tr a c k
ZXR10(config-gm)#group tftp-server This configures the tftp server

on the cluster
ZXR10(config-gm)#group trap-host This configures the alarm

receiver of the cluster
ZXR10(config-gm)#group erase-member This deletes the member

configuration file from the
command switch
ZXR10(config-gm)#group save-member This saves the member

configuration on the command
switch
ZXR10(config-gm)#group refresh-member This refreshes the member on

the command switch
ZXR10(config-gm)#group reset-member This restarts the member on

the command switch
7.3 Maintaining Cluster Management

To maintain cluster management, perform the following steps.
Command Function
show zdp This shows configuration of ZDP
show zdp neighbour This shows detail of ZDP neighbors
show ztp This shows configuration of ZTP
show ztp device-list This shows device list of ZTP
show ztp device This shows designated device of ZTP
show ztp topology This shows topology of ZTP
show group This shows configuration of a cluster
show group candidate This shows candidate switch
show group member This shows members of a cluster
The following is a sample output from the show zdp neighbour command:
ZXR10(config)#show zdp neighbour
Peer-Mac Local-Port Hdtm Peer-Port Platform Hostname
--------------------------------------------------------------------------------
00D0.D087.1500 gei-0/1/1/5 164 gei-0/1/2/3 5900 5928#_102
7-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
7.4 Cluster Management Configuration Example

This example describes how to connect two devices to implement cluster management,
as shown inFigure 7-1.
Figure 7-1 Cluster Management Configuration Example
Configuration Flow
1. Create a ip pool of interface addresses.
2. Configure Switch1 as a command switch.
3. Configure Switch2 as a member switch.
Switch1 configuration:
ZXR10(config)#ip pool zte
ZXR10(config-ip-pool)#network 192.168.1.0 255.255.255.0
ZXR10(config-ip-pool)# exit
ZXR10(config)#interface vlan1
ZXR10(config)#exit
ZXR10(config)#group-management
ZXR10(config-gm)#ztp vlan 1
ZXR10(config-gm)#interface vlan1
ZXR10(config-gm-if-vlan1)#bind-ip-pool zte
ZXR10(config-gm-if-vlan1)#exit
ZXR10(config-gm)#group switch-type commander
ZXR10(config-gm)#ztp start
ZXR10(config-gm)#group member all-candidates
Switch2 configuration:
ZXR10(config)# group-management
ZXR10(config-gm)# ztp vlan 1
ZXR10(config-gm)# exit
ZXR10(config-gm)#show group members
Index MemID MacAddress IPAddr Mask Stat Hostname
----------------------------------------------------
1 1 0000.0205.0000 192.168.1.2 255.255.255.0 Up Mem1.ZXR10
7-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 8
IPTV Configuration
Table of Contents
IPTV Overview ...........................................................................................................8-1
Configuring IPTV ........................................................................................................8-3
Maintaining IPTV ........................................................................................................8-9
IPTV Configuration Example ....................................................................................8-14
8.1 IPTV Overview

Internet Protocol Television (IPTV) is also called Interactive Network TV. IPTV is a
method of distributing television content over IP that enables a more customized and
interactive user experience. IPTV allows people who are separated geographically to
watch a movie together, while chatting and exchanging files simultaneously. IPTV uses
a two-way broadcast signal that is sent through the service provider's backbone network
and servers. It allows the viewers to select content on demand, and take advantage of
other interactive TV options. IPTV can be used through PC or "IP machine box + TV".
IPTV Service Architecture

For the IPTV service architecture, see Figure 8-1. The IPTV service mainly consists of
two layers: the service control layer and the service bearer layer. The service control layer
provides user management, service management, authentication, authorization, charging,
and program forecast functions and implements the control and management functions.
On the service bearer layer, the video source network provides the video coding function
and transmits the video service to the Metropolitan Area Network (MAN).
The IP MAN uses the IP unicast/broadcast function to transmit the video service to the
broadband access network. The broadband access network then operates with the
operation & management network to provide the access authentication management
function and the control function for joining in or leaving from a video broadcast group.
The video flow required by a user is granted. On the user side, when users watch TV
programs using the PC or TV+STB devices, the STB joins in the corresponding broadcast
group. The broadcast flow is transmitted to the STB through the xDSL or LAN cables.
The STB decode the flow and output the video to the PC or the TV set.
8-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 8-1 IPTV Service Architecture
IPTV access control

The IPTV access control mainly refers to user authentication. For an IPTV user, four rights
are available: view, preview, query, and deny. For a carrier, the access control means to
allow different users to view different programs. For example, if a user paid for a channel,
this user has the right to view the programs provided by the channel. If the user does not
pay for the channel, this user can only preview some programs provided by the channel
instead of viewing the programs.
For the convenience of managing the broadcast flow, a static channel list (or a package
list) needs to be created first, and then a static port rule table (CAC) needs to be created.
After they are created, channels or packages can be applied to the rule, which means that
some channels can be viewed, some can be previewed, and some can be queried.
The IPTV access and control process is as follows: A user client sends a report (join in) or
leave packet to the IPTV module. The IPTV module queries the corresponding CAC rule
according to the user port and the VLAN, and authenticates the channel rights requested
by the user. For the query packet received from a route port, the IPTV module queries the
corresponding CAC rule according to the route port and the VLAN, and authenticates the
query request. Authentication means to query the channel rights ( view, preview, query,
and deny) configured in a rule. After the rights is queried, the result is returned to the
IGMP Snooping for further processing. The following describes how the IGMP Snooping
processes different rights:
l For the view and preview rights: Add the port to which the user belongs to the
broadcast forwarding table.
l For the query rights: Broadcast the query packet to the VLAN to which the route port
belongs.
8-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 8 IPTV Configuration c u -tr a c k
8.2 Configuring IPTV

Configuring IPTV Global Parameters
To configure IPTV global parameters on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#iptv Enters IPTV configuration

mode.
2 ZXR10(config-iptv)#control { enable | disable } Enables or disables the IPv4

IPTV function.
ZXR10(config-iptv)#ipv6 control { enable | disable } Enables or disables the IPv6

IPTV function.
3 ZXR10(config-iptv)#cac { enable | disable } Enables or disables the IPTV

CAC function.
4 ZXR10(config-iptv)#sms-server <server-ip> Configures the IP address of

the SMS server.
5 ZXR10(config-iptv)#sms-server-port < port-number> Configures the port of the SMS

server, Range: 1025–65535.
Configuring Global Parameters for IPTV Preview

To configure global parameters for IPTV preview on the ZXR10 5900E, perform the
following steps:
1 ZXR10(config-iptv)#prw { enable | disable } Enables or disables the IPTV

preview function.
2 ZXR10(config-iptv)#prw reset Resets the preview function.
3 ZXR10(config-iptv)#prw autoreset-time < HH:MM:SS> Configures the time when to

reset the IPTV preview function
automatically.
4 ZXR10(config-iptv)#prw recognition-time < recog-time> Configures preview recognition

time.
5 ZXR10(config-iptv)#prw overcout-cdr { enable | disable} Configures whether to generate

CDRs when the number of
preview times reaches the
maximum value.
<HH:MM:SS> Time when to reset the IPTV preview function automatically.
8-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<recog-time> Range: 1–65535.
Configuring IPTV CDR Parameters

To configure IPTV CDR parameters on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#cdr { enable | disable } Enables or disables the CDR

function.
2 ZXR10(config-iptv)#cdr max-records < cdr-size> Configures the maximum

number of CDRs.
3 ZXR10(config-iptv)#cdr report Reports CDR manually.
4 ZXR10(config-iptv)#cdr report-interval < report-interval> Configures the interval of

reporting CDRs.
5 ZXR10(config-iptv)#cdr create-period < period> Configures the period to

generate CDRs for allowing
users to watch programs for
long time.
6 ZXR10(config-iptv)#cdr deny-right{ enable | disable} Configures whether to generate

CDRs when the access right is
set to deny.
7 ZXR10(config-iptv)#cdr prw-right { enable | disable} Configures whether to generate

CDRs when the access right is
set to preview.
8 ZXR10(config-iptv)#cdr warning-threshold < threshold Configures the alarm threshold

value> of the CDR buffer pool.
9 ZXR10(config-iptv)#cdr report-threshold < threshold Configures the threshold for

value> sending CDR. When the
number of CDRs reaches the
threshold, CDRs are sent.
<cdr-size> Range: 500–10000.
<report-interval> Range: 1–65535, unit: seconds.
8-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<period> Range: 1–65535, unit: seconds.
<threshold value> Range: 1–100.
<threshold value> Range: 1–1000.
Configuring an IPTV Preview Profile

To configure an IPTV preview profile on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#view-profile name< viewfile-name> id Creates a preview profile.

<viewfile-id>
2 ZXR10(config-iptv)#view-profile name< viewfile-name> Configures the maximum

count <view-count> number of preview times.
3 ZXR10(config-iptv)#view-profile name< viewfile-name> Configures the maximum

duration <view-duration> duration for single preview.
4 ZXR10(config-iptv)#view-profile name< viewfile-name> Configures the minimum

blackout< view-interval> preview interval.
5 ZXR10(config-iptv)#no view-profile name <viewfile-name> Deletes a preview profile.

id <viewfile-id>
<viewfile-name> Name of a preview profile.
<viewfile-id> ID of a preview profile, range: 1–255.
<view-count> Range: 1–65535.
8-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<view-duration> Range: 1–65535.
<view-interval> Range: 1–65535.
Configuring an IPTV Channels

To configure an IPTV channel on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#channel mvlan < vlan-id>{ group Creates an IPTV channel.

< group-ip>| ipv6-group < ipv6-group-ip >}[{ name <
channel-name >|[ id < channel-id>]}]
2 ZXR10(config-iptv)#channel { name < channel-name>| Specifies a preview profile for

id <0-2047>}{viewfile-name < viewfile-name>| viewfile-id the channel.
< viewfile-id>}
3 ZXR10(config-iptv)#channel { id <0-2047>| name Enables or disables the log

<channel-name>} cdr{ enable | disable} function for the channel.
4 ZXR10(config-iptv)#no channel { id < channel-id>| name< Deletes a channel.

channel-name>}
5 ZXR10(config-iptv)#channel {name <channel-name>| id Configures bandwidth for the

<channel-id>} bandwidth <bandwidth value> channel. Default: 0, meaning
that the channel does not take
any bandwidth.
<vlan-id> MVLAN of the channel, range: 1–4094.
<group-ip> IPv4 multicast address.
<ipv6-group-ip> IPv6 multicast address.
<channel-name> Channel name.
<channel-id> Channel ID.
<viewfile-name> Name of the preview profile bound to the channel.
<viewfile-id> ID of the preview profile bound to the channel.
8-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<channel-id> Channel ID, range: 0–2047.
<bandwidth value> Bandwidth for the channel, range: 0–256, unit: Mbps.
Configuring an IPTV Service Package

To configure an IPTV service package on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-iptv)#package name < package-name> id Creates an IPTV service

<package-id> package.
2 ZXR10(config-iptv)#package name <package-name> Adds a channel to the service

channel { id <channel-id>| name<channel-name>}{deny | package, and sets the right of
permit | preview} the channel.
3 ZXR10(config-iptv)#no package name <package-name> Deletes the service package,

id <package-id> or a channel in the service
package.
<package-name> Service package name.
<package-id> Service package ID, range: 0–127.
<channel-id> Channel ID, range: 0–2047.
<package-id> Service package ID, range: 0–127.
Configuring a CAC Rule

To configure a CAC rule on the ZXR10 5900E, perform the following steps:
8-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1 ZXR10(config-iptv)#interface < interface-name> Enters IPTV interface

configuration mode.
2 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Configures the current service

vlan-id>]service { start | pause | resume | remove} state of a user.
3 ZXR10(config-iptv-if-interface-name)#iptv [ vlan< Configures the multicast control

vlan-id>]control-mode { package | channel} mode for a user.
4 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Assigns a service package to a

vlan-id>]package { name < package-name>| id < package-id>} user.
5 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Configures the channel access

vlan-id>]channel{ name < channel-name>| id < channel-id>}{ right for a user interface.
deny | permit | preview | query}
6 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Configures whether to generate

vlan-id>] cdr{ enable | disable} CDRs.
7 ZXR10(config-iptv-if-interface-name)#iptv [ vlan < Configures the maximum

vlan-id>]max-bandwidth< max-bandwidth> bandwidth for the rule.
8 ZXR10(config-iptv-if-interface-name)#no iptv[ vlan < Deletes the service package

1-4094>] package{ name < package-name>| id <package-id>} allocated to the rule.
<vlan-id> Range: 1–4094.
<max-bandwidth> Range: 1–2048, unit: Mbps.
<package-id Range: 0–127.
Managing IPTV Users

To manage IPTV users on the ZXR10 5900E, run the following command:
Command Function
ZXR10(config-iptv)#clear client port < port-name> vlan< Deletes online IPTV users.
vlan-id> channel { id < channel-id>| id-list<channel-idlist>| name
< channel-name>}
8-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<port-name> Name of the interface connected to users.
<vlan-id> VLAN which users belong to, range: 1–4094.
<channel-id> ID of the channel that users request.
<channel-idlist> Range of channels that users can request, range: 0–2047.
<channel-name> Name of the channel that users request.
8.3 Maintaining IPTV

To maintain the IPTV function on the ZXR10 5900E, run the following commands.
Command Function
ZXR10#show iptv control Displays the information about

global IPTV configuration.
ZXR10#show iptv prw Displays the information about

global IPTV preview configuration.
ZXR10#show iptv cdr [record id-list <cdr-idlist>] Displays the information about
CDR configuration.
ZXR10#show iptv channel { all | name < channel-name>| id-list< Displays the information about
channel-idlist>} IPTV channels.
ZXR10#show iptv package [{ name < package-name>|id < Displays the information about an
package-id>}] IPTV service package.
ZXR10#show iptv view-profile [< viewfile-name>] Displays the information about a

preview profile.
ZXR10#show iptv rule{all |{port < port-name>[ vlan-id Displays the information about a
<vlan-id>][channel][package]}} CAC rule.
ZXR10#show iptv client {all |{port <port-name>| NPC Displays online IPTV users
<slot-no>[vlan-id <vlan-id>]}}
ZXR10#show iptv channel statistics [ channel-id < channel-id>] Displays channel statistics.
The following shows the output of the show iptv control command:
ZXR10#show iptv control

Iptv control status :disable
Iptv v6-control status :disable
Cac status :disable
Sms-server IP :192.168.0.119
Sms-server port :5115
8-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
Iptv control status Whether the IPv4 IPTV service is enabled.
Iptv v6-control status Whether the IPv6 IPTV service is enabled.
Cac status Whether the CAC function is enabled.
Sms-server IP IP address of the SMS server, default: 192.168.0.119.
Sms-server port Port number of the SMS server, default: 5115.
The following shows the output of the show iptv prw command:
ZXR10#show iptv prw
PrwEnable : disable
PrwOverCount-Cdr : disable
PrwRecognitionTime : 4
PrwAutoResetTime : 23:59:59
Field Description
PrwEnable Whether the global preview function is enabled.
PrwOverCount-Cdr Whether to generate CDRs when the number of preview

times reaches the maximum value.
PrwRecognitionTime Minimum preview recognition time. If the preview duration is

less than this value, the number of preview times does not
increment.
PrwAutoResetTime Time when to reset the IPTV preview function automatically.
The following shows the output of the show iptv cdr record id-list 2 command:
ZXR10#show iptv cdr record id-list 2
Index :2 Findex :54 Time_Stamp :2013/3/4 09:00:20
VlanId :100 Mvlan :4000 OnLine_Time(s):0
Sourceip :
Groupip :225.1.1.0
Validility :invalid
Cdrtype :preview
Leave reason :prw overcount leave
Field Description
Index Index of a CDR generated on a line card.
Findex Global user port number.
8-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
Time_Stamp Time when the user leaves.
VlanId VLAN which the user port belongs to.
Mvlan Multicast VLAN.
OnLine_Time(s) Time for how long the user is online.
Sourceip IP address of the multicast source.
Groupip Multicast address.
Validility Whether it is valid that the user watches programs on the port.
Cdrtype User access type, including deny, permit, and preview.
Leave reason Reason why the user leaves.
The following shows the output of the show iptv channel all command:
ZXR10#show iptv channel all
Id Name MVlan GroupIp
------ ------------------------------- --------- --
0 CHNAME0 1 225.0.0.0
1 CHNAME1 1 225.0.0.1
2 CHNAME2 1 225.0.0.2
3 CHNAME3 1 225.0.0.3
4 CHNAME4 1 225.0.0.4
5 CHNAME5 1 225.0.0.5
6 CHNAME6 1 225.0.0.6
7 CHNAME7 1 225.0.0.7
8 CHNAME8 1 225.0.0.8
9 CHNAME9 1 225.0.0.9
Field Description
Id Channel ID.
Name Channel name.
GroupIp Multicast address of the channel.
MVlan VLAN which the multicast address belongs to.
The following shows the output of the show iptv package command:
ZXR10#show iptv package
Pkgid Pkgname
----- ---------
0 ZTE
8-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
Pkgid Service package ID.
Pkgname Service package name.
The following shows the output of the show iptv view-profile command:
ZXR10#show iptv view-profile
ViewprofileId ViewprofileName
------------- ---------------
0 DEFVAL
Field Description
ViewprofileId Profile ID.
ViewprofileName Profile name.
The following shows the output of the show iptv rule command:
ZXR10#show iptv rule
MaxRuleNum: 2048
CurrentConfigTotal: 1 HistoryConfigTotal: 1
Id Port Vlan Mode Service Cdr ViewNum PrwNum QryNum PkgNum
---- -------- ----- ------- ------- ----- ------- ------ ------ ------
1 gei-0/1/1/22 package IN FALSE 0 0 0 0
Field Description
MaxRuleNum Maximum number of rules.
CurrentConfigTotal Number of rules configured.
HistoryConfigTotal Number of historical rules.
Id Rule ID.
Port Interface name.
Vlan VlAN ID.
Mode Multicast control mode, package or channel.
Service Rule state. “IN” means that the rule is applied.
Cdr CDR state of the rule.
ViewNum Number of view channels in the rule.
PrwNum Number of preview channels in the rule.
QryNum Number of query rights in the rule.
PkgNum Number of service packages in the rule.
8-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The following shows the output of the show iptv channel statistics command:
ZXR10#show iptv channel statistics
ChannelNo CurPrwUser CurViewUser hisPrwUser hisViewUser
--------- ---------- ----------- ---------- -----------
0 0 0 0 0
1 0 0 0 0
2 0 0 0 0
3 0 0 0 0
4 2 0 0 0
5 0 0 0 1
6 0 4 0 0
7 0 0 0 0
8 0 0 0 0
9 0 0 0 0
Field Description
ChannelNo Channel ID.
CurPrwUser Number of current online preview users.
CurViewUser Number of current online subscribers.
HisPrwUser Number of historical online preview users.
HisViewUser Number of historical online subscribers.
The following shows the output of the show iptv client command:
ZXR10#show iptv client all
Client View Channel Count: 1
ChanId GroupIp Port Vlan Rule Record TimeStamp
------ -------- ------------- ---------- ------ ------------ --
0 225.0.0.1 gei-0/1/1/2 200 5 2 2013/06/9 19:34:54
Field Description
ChanId ID of the channel that the user previews.
GroupIp Multicast address that the user previews.
Port Name of the user port.
Vlan VLAN which the user belongs to.
Rule Rule number of the user.
Record CDR flag.
TimeStamp Time when the user gets online.
8-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
8.4 IPTV Configuration Example

As shown in Figure 8-2, it is required to configure IPTV on switch A. One interface
connected to users is gei-0/1/1/1 and another interface connected to network is
gei-0/1/1/2.
Figure 8-2 IPTV Configuration Example
Configuration Flow
1. Configure a traffic flow of IPTV channel
2. Enable IPTV
3. Configure inquiry permissions on a interface connected to network
4. Configure rules of users on a interface connected to users
SwitchA configuration:
ZXR10(config)#igmpsnoop
ZXR10(config-igmpsnoop)#vlan 22
ZXR10(config-igmpsnoop-vlan22)#igmp snooping enable
ZXR10(config-igmpsnoop-vlan22)#exit
ZXR10(config-igmpsnoop)#exit
ZXR10(config)#iptv
ZXR10(config-iptv)#channel mvlan 100 group 225.0.0.1 name cctv1
ZXR10(config-iptv)#control enable
ZXR10(config-iptv)#cac enable
ZXR10(config-iptv)#interface gei-0/1/1/2
ZXR10(config-iptv-if-gei-0/1/1/2)#iptv vlan 100 service start
ZXR10(config-iptv-if-gei-0/1/1/2)#iptv vlan 100 control-mode channel
ZXR10(config-iptv-if-gei-0/1/1/2)#iptv vlan 100 channel name cctv1 query
8-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-iptv-if-gei-0/1/1/2)#exit
ZXR10(config-iptv)#interface gei-0/1/1/1
ZXR10(config-iptv-if-gei-0/1/1/1)#iptv vlan 20 channel name cctv1 permit
ZXR10(config-iptv-if-gei-0/1/1/1)#iptv vlan 22 channel name cctv1 permit
Check configuration of SwitchA.
ZXR10#show iptv channel all
Id Name MVlan GroupIp
------ -------- --------------- ------------
0 cctv1 100 225.0.0.1
ZXR10#show iptv rule
MaxRuleNum: 2048
CurrentConfigTotal: 2 HistoryConfigTotal: 2
Id Port Vlan Mode Service Cdr ViewNum PrwNum QryNum PkgNum
---- ------ ---- ------- ------- ----- ------- ------ ------ ------
1 gei-0/1/1/1 20 channel IN FALSE 1 0 0 0
2 gei-0/1/1/2 100 channel IN FALSE 0 0 1 0
ZXR10#show iptv control

Iptv control status :enable
Iptv v6-control status :disable
Cac status :enable
Sms-server IP :192.168.0.119
Sms-server port :5115
8-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
8-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figures
Figure 1-1 IP Address Configuration Example Topology........................................... 1-4
Figure 2-1 ICMP Response Configuration Example Topology ................................... 2-1
Figure 3-1 MTU Configuration Example Topology ..................................................... 3-3
Figure 4-1 DHCP Server Configuration Example Topology ..................................... 4-11
Figure 4-2 DHCP Message Interaction.................................................................... 4-15
Figure 4-3 DHCP Relay Configuration Example Topology ....................................... 4-25
Figure 4-4 DHCP Proxy Configuration Topology ..................................................... 4-34
Figure 4-5 Network Topology of DHCP Snooping.................................................... 4-37
Figure 4-6 DHCP Snooping Typical Application ...................................................... 4-37
Figure 4-7 Enabling DHCP Snooping Globally ........................................................ 4-49
Figure 4-8 Configuring DHCP Snooping Option82 Format ...................................... 4-51
Figure 7-1 Cluster Management Configuration Example ........................................... 7-4
Figure 8-1 IPTV Service Architecture ........................................................................ 8-2
Figure 8-2 IPTV Configuration Example .................................................................. 8-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Figures c u -tr a c k
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Glossary
ARP
- Address Resolution Protocol
BOOTP
- Bootstrap Protocol
CAC
- Channel Access Control
CAC
- Connection Admission Control
CDR
- Call Detail Record
DHCP
- Dynamic Host Configuration Protocol
DNS
- Domain Name System
DNS
- Domain Name Server
DSCP
- Differentiated Services Code Point
FTP
- File Transfer Protocol
ICMP
- Internet Control Message Protocol
IP
- Internet Protocol
IPTV
- Internet Protocol Television
MAC
MAN
- Metropolitan Area Network
MTU
- Maximum Transmission Unit
MVLAN
- Multicast Virtual Local Area Network
III

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
RARP
- Reverse Address Resolution Protocol
RFC
- Request For Comments
SMS
- Service Management System
STB
- Set-top Box
TCB
- Transmission Control Block
TCP
- Transmission Control Protocol
TCP/IP
TFTP
- Trivial File Transfer Protocol
UDP
URL
- Uniform Resource Locator
VLAN
- Virtual Local Area Network
VPN
VRF
- Virtual Route Forwarding
IV

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10 5900E Series

Configuration Guide (Link Layer)
Version: 3.00.11
ZTE CORPORATION
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LEGAL INFORMATION
herein.
Revision History
Serial Number: SJ-20150114102049-005

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Contents
Chapter 1 ARP Configuration.................................................................... 1-1
1.1 ARP Overview ................................................................................................... 1-1
1.2 ARP Limit Overview ........................................................................................... 1-2
1.3 Configuring ARP ................................................................................................ 1-3
1.4 Maintaining ARP ................................................................................................ 1-9
1.5 ARP Configuration Examples ............................................................................ 1-10
1.5.1 Permanent ARP Configuration Example .................................................. 1-14
1.5.2 Common ARP Attributes Configuration Example ...................................... 1-14
1.5.3 ARP Proxy Application............................................................................ 1-15
1.5.4 ARP Source Filter Application ................................................................. 1-17
Chapter 2 VLAN Configuration.................................................................. 2-1

2.1 VLAN Overview.................................................................................................. 2-1
2.2 Configuring a VLAN............................................................................................ 2-2
2.3 Maintaining a VLAN............................................................................................ 2-9
2.4 VLAN Basic Configuration Example....................................................................2-11
2.4.1 VLAN Basic Configuration Example..........................................................2-11
2.4.2 VLAN Translation Configuration Example ................................................ 2-12
Chapter 3 SuperVLAN Configuration ....................................................... 3-1

3.1 SuperVLAN Overview......................................................................................... 3-1
3.2 Configuring a SuperVLAN................................................................................... 3-2
3.3 Maintaining a SuperVLAN................................................................................... 3-5
3.4 SuperVLAN Configuration Example ..................................................................... 3-6
Chapter 4 Voice VLAN Configuration ....................................................... 4-1

4.1 Voice VLAN Overview......................................................................................... 4-1
4.2 Configuring a Voice VLAN................................................................................... 4-2
4.3 Maintaining a Voice VLAN................................................................................... 4-3
4.4 Voice VLAN Configuration Example..................................................................... 4-4
4.4.1 Voice VLAN Configuration Example (Manual Mode) ................................... 4-4
4.4.2 Voice VLAN Configuration Example (Automatic Mode) ............................... 4-5
Chapter 5 PVLAN Configuration ............................................................... 5-1

5.1 PVLAN Overview ............................................................................................... 5-1
5.2 Configuring a PVLAN ......................................................................................... 5-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
5.3 PVLAN Maintenance .......................................................................................... 5-3

5.4 PVLAN Configuration Example............................................................................ 5-3
Chapter 6 QinQ Configuration................................................................... 6-1

6.1 QinQ Overview................................................................................................... 6-1
6.2 Configuring QinQ ............................................................................................... 6-1
6.3 QinQ Maintenance ............................................................................................. 6-2
6.4 QinQ Configuration Example............................................................................... 6-2
Chapter 7 STP Configuration .................................................................... 7-1

7.1 STP Overview.................................................................................................... 7-1
7.2 Configuring STP................................................................................................. 7-4
7.3 STP Maintenance............................................................................................... 7-9
7.4 STP Configuration Examples ............................................................................ 7-12
7.4.1 Configuring Multiple STP ........................................................................ 7-12
7.4.2 Configuring Fast STP ............................................................................. 7-14
7.4.3 Configuring Single STP .......................................................................... 7-16
Chapter 8 LLDP Configuration .................................................................. 8-1

8.1 LLDP Overview .................................................................................................. 8-1
8.2 Configuring LLDP............................................................................................... 8-3
8.3 Maintaining LLDP............................................................................................... 8-6
8.4 LLDP Configuration Examples ............................................................................ 8-9
8.4.1 LLDP Neighbor Configuration Example.....................................................8-11
8.4.2 LLDP Attribute Configuration Example......................................................8-11
Chapter 9 SmartGroup Configuration ...................................................... 9-1

9.1 SmartGroup Overview ........................................................................................ 9-1
9.2 Configuring SmartGroup ..................................................................................... 9-2
9.3 Maintaining a SmartGroup .................................................................................. 9-7
9.4 SmartGroup Configuration Examples................................................................... 9-9
9.4.1 Basic SmartGroup Configuration Example ............................................... 9-13
9.4.2 On Mode SmartGroup Configuration Example.......................................... 9-16
Chapter 10 SVLAN Configuration ........................................................... 10-1

10.1 SVLAN Overview............................................................................................ 10-1
10.2 Configuring an SVLAN...................................................................................10-10
10.3 Maintaining an SVLAN...................................................................................10-12
10.4 SVLAN Configuration Example.......................................................................10-14
Chapter 11 ZESR Configuration .............................................................. 11-1

11.1 ZESR Overview...............................................................................................11-1
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
11.2 Configuring a ZESR .........................................................................................11-6

11.3 Maintaining a ZESR .........................................................................................11-9
11.4 ZESR Configuration Example ......................................................................... 11-11
11.4.1 Configuring Basic Single-Ring ZESR .................................................... 11-12
11.4.2 Configuring Basic Single-Ring ZESR .................................................... 11-13
Chapter 12 ZESS Configuration .............................................................. 12-1

12.1 ZESS Overview.............................................................................................. 12-1
12.2 Configuring ZESS........................................................................................... 12-2
12.3 ZESS Maintenance......................................................................................... 12-4
12.4 ZESS Configuration Example .......................................................................... 12-5
Chapter 13 ZESR+ Configuration............................................................ 13-1

13.1 ZESR+ Overview............................................................................................ 13-1
13.2 Configuring ZESR+ ........................................................................................ 13-3
13.3 ZESR+ Maintenance ...................................................................................... 13-4
13.4 ZESR+ Configuration Example........................................................................ 13-5
Chapter 14 LinkGroup Configuration ..................................................... 14-1

14.1 LinkGroup Overview ....................................................................................... 14-1
14.2 Configuring LinkGroup .................................................................................... 14-1
14.3 LinkGroup Maintenance .................................................................................. 14-2
14.4 LinkGroup Configuration Example ................................................................... 14-3
Chapter 15 L2PT Configuration............................................................... 15-1

15.1 L2PT Overview .............................................................................................. 15-1
15.2 Configuring L2PT ........................................................................................... 15-2
15.3 Maintaining L2PT ........................................................................................... 15-3
15.4 L2PT Configuration Example........................................................................... 15-4
Chapter 16 GVRP Configuration ............................................................. 16-1

16.1 GVRP Overview ............................................................................................. 16-1
16.2 Configuring GVRP .......................................................................................... 16-2
16.3 Maintaining GVRP .......................................................................................... 16-2
16.4 GVRP Configuration Example ......................................................................... 16-3
Figures............................................................................................................. I
Glossary ........................................................................................................ III
III

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
IV

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
About This Manual

Purpose
Switch Configuration Guide (Link Layer), which is applicable to the ZXR10 5900E
Intended Audience
l Network planning engineer

l Debugging engineer
l Attendant

Chapter 1, ARP Describes the ARP principle, and the configuration commands,
Configuration maintenance commands, and configuration examples of the ZXR10
5900E.
Chapter 2, VLAN Describes the VLAN principle, and the configuration commands,
Configuration maintenance commands, configuration examples of the ZXR10 5900E.
Chapter 3, SuperVLAN Describes the SuperVLAN principle, and the configuration commands,
Chapter 4, Voice VLAN Describes the Voice VLAN principle, and the configuration commands,
Chapter 5, PVLAN Describes the PVLAN principle, and the configuration commands,
Chapter 6, QinQ Describes the QinQ principle, and the configuration commands,
Chapter 7, STP Describes the STP principle, and the configuration commands,
Chapter 8, LLDP Describes the LLDP principle, and the configuration commands,
Chapter 9, SmartGroup Describes the SmartGroup principle, and the configuration commands,
Chapter 10, SVLAN Describes the SVLAN principle, and the configuration commands,

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 11, ZESR Describes the ZESR principle, and the configuration commands,
Chapter 12, ZESS Describes the ZESS principle, and the configuration commands,
Chapter 13, ZESR+ Describes the ZESR+ principle, and the configuration commands,
Chapter 14, LinkGroup Describes the LinkGroup principle, and the configuration commands,
Chapter 15, L2PT Describes the L2PT principle, and the configuration commands,
Chapter 16, GVRP Describes the GVRP principle, and the configuration commands,
Conventions
width
| Separates individual parameter in series of parameters.
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 1
ARP Configuration
Table of Contents
ARP Overview............................................................................................................1-1
ARP Limit Overview ...................................................................................................1-2
Configuring ARP ........................................................................................................1-3
Maintaining ARP ........................................................................................................1-9
ARP Configuration Examples ...................................................................................1-10
1.1 ARP Overview

Introduction to ARP
When a network device sends data to another network device, besides Internet Protocol
(IP) address, the physical address (Media Access Control (MAC) address) of the
destination device is also necessary to be known. Address Resolution Protocol (ARP) is
used to map IP addresses into physical addresses to guarantee smooth communications.
To reduce ARP packets in a network and send data faster, the mapping relation between IP
addresses and MAC addresses is cached in the local ARP table. When a network device
needs to send data, it first searches the ARP table according to the IP address. If the MAC
address of the destination device is found in the ARP table, the device does not need to
send any ARP request. The dynamic entities in the ARP table will be deleted automatically
after a period. This period is called the ARP aging time.
ARP Principle
First, the source device broadcasts an ARP request containing the IP address of the
destination device. All devices in the network will receive ARP request. If a device finds
that the IP address in request matches its own IP address, it will send a reply containing
its MAC address to the source device. The source device obtains the MAC address of
the destination device through this reply.
To prevent the attacks from ARP virus, or to prevent that users connect devices to the
network randomly, permanent ARP entities can be configured on the device. A permanent
ARP entity takes effect immediately once the configuration is finished. It will not be lost
even if the device is reset.
User can configure ARP common attributions, such as clearing time, aging time, automatic
binding of dynamic ARP entities, and so on. ARP protection mode can also be configured.
1-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k ZXR10 5900E Series Configuration Guide (Link Layer) c u -tr a c k
ARP protection is based on a port or a device. If the number of entities in the ARP table is
more than the pre-configured ARP protection threshold, the excess ARP packets will be
discarded and the corresponding alarm will be printed to notify network administrators.
When there is a router (or several routers) between the devices for communication, it is
necessary to enable ARP proxy function on the switch.
When ARP source filter function is enabled, the device will search its routing table after
receiving an ARP packet. The device inspects whether there is a route that uses the
interface (on which this ARP packet is received) as the egress for the ARP packet with this
source IP. The ARP entity will be learnt if the route is found. Otherwise, the ARP packet
will be discarded. In this way, some virus attacks can be prevented.
1.2 ARP Limit Overview

Introduction to ARP Limit
ARP is one of basic protocol in Transfer Control Protocol/Internet Protocol (TCP/IP)
protocol stack. The attacks based on ARP always occur in the network. Excess ARP
packets will cost a lot of bandwidth and cause the network congestion.
Therefore, it is required that timestamp limit of ARP packets should be configured on
interface boards of high-end routers. This is to limit the speed of the ARP packets received
on interfaces. When the speed of the ARP packets received exceeds the limit value, the
device will inform the bottom to stop sending ARP packets.
ARP Limit Principle

ARP protocol provides an interactive mechanism between packets request and response
to achieve the translation between Ethernet IP addresses and physical addresses.
l When a host A needs to translate its IP address Ib, it broadcasts a special packet in
the network to ask the host whose IP address is Ib to reply with its MAC.
l All hosts in the network receive this request. But only the host B can identify its
IP address, and then it sends a reply containing its MAC address. Host A finishes
translating the Ethernet IP address of Host B to the physical address after it receives
this reply.
ARP limit function is to limit the number of ARP packets received on the specific interface
per second through the user configuration. This is to make the protocol safe.
On a physical port or a sub-interface on which ARP packet limit is enabled, when the
number of ARP packets received per second exceeds the threshold set by users, the
device will trigger the bottom layer through the socket to forbid forwarding and stop adding
ARP entities. The device will start the limit timer and send alarm message. The timer
expires when the triggering recovers.
The ARP module counts the ARP packets on each interface in split time. The interval is
set to 1 second which corresponds to the counting cycle of timestamp limit. When the ARP
module receives an ARP packet, the count of packet on the interface increments. After
1-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 1 ARP Configuration c u -tr a c k
the count is up to the threshold in the counting cycle, the device will notify the bottom to
stop forwarding ARP packets.
The limit relief is implemented by judging whether the limit times on the interfaces are up
through timer polling. If the limit time is up, the limit will be relieved. Otherwise, the limit is
still on.
1.3 Configuring ARP

Configuring a Permanent ARP Entity
To configure a permanent ARP entity on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#arp Enters ARP configuration

mode from global configuration
mode.
2 ZXR10(config-arp)#arp < interface-name > permanent Configures a permanent ARP

<ip-address><hardware-address>[<external-vlanId>][<internal entity.
-vlanId>][<physical-portname>]
A description of the parameters in Step 2 is as follows:
permanent Permanent binding. The configuration is applied immediately,

and it is still effective after the device is reset.
<ip-address> IP address, in dotted decimal notation.
<hardware-address> MAC address, in dotted decimal notation.
<external-vlanId> VLAN ID or external ID of the entity.
<internal-vlanId> Internal VLAN ID of the entity.
<physical-portname> Applicable to QinQ only. Specifies a physical interface for

a permanent ARP entity on a superQinQ interface. This
parameter is applicable to QinQ only.
Configuring Common ARP Attributes

To configure common ARP attributes on the ZXR10 5900E, perform the following steps:
1 ZXR10(config-arp)#protect {interface [<interface-name>]| Configures ARP protection

whole| common-mac|special-mac <mac-address>}[limit- function. By default, ARP
num <num>] protection is disabled.
1-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
2 ZXR10(config-arp)#to-static [ interface <interface-name>] Converts a dynamic ARP entity

to a static type entity.
3 ZXR10(config-arp)#purge-delay <interface-name><value> Configures the ARP clearing

time.
4 ZXR10(config-arp)#timeout <interface-name><seconds> Configures the aging time of

ARP entities in the ARP cache.
5 ZXR10(config-arp)#learn-disable <interface-name> This disables ARP learning

function.
6 ZXR10(config-arp)#backupvrrp-learn <interface-name> Configures the VRRP ARP

learning function for an
interface.
7 ZXR10(config-arp)#gratuitous-learn <interface-name> Configures the gratuitous

ARP learning function for an
interface.
8 ZXR10(config-arp)#netwrok-learn <interface-name> Configures the same-network

segment ARP learning function
for an interface.
9 ZXR10(config-arp)#arp <interface-name> {permanent Configures the permanent and

<IP address> <MAC address> <External VLAN ID>| static static type ARP entity.
<IP address> <MAC address> <External VLAN ID>}
10 ZXR10(config-arp)#interface <interface-name> Enters ARP interface

configuration mode.
ZXR10(config-arp-if)#protect [limit-num ]<num> Configures interface ARP

protection. By default, ARP
protection is disabled.
ZXR10(config-arp-if)#purge-delay <value> Configures ARP clearing time.
ZXR10(config-arp-if)#timeout <seconds> Configures the aging time of

ARP entities in the ARP cache.
ZXR10(config-arp-if)#learn-disable This disables ARP learning

function.
ZXR10(config-arp-if)#backupvrrp-learn Configures the VRRP ARP

learning function.
ZXR10(config-arp-if)#gratuitous-learn Configures the gratuitous ARP

learning function.
ZXR10(config-arp-if)#network-learn Configures the same-network

segment ARP learning function.
1-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
11 ZXR10#clear arp-cache [interface <interface-name>][{ip Deletes dynamic ARP entities.

<ip-address>| mac <mac-address>| ip-rang
from<lower-ip-address> to<upper-ip-address>}]
ZXR10#clear arp-cache static [interface<interface-name>] Deletes static ARP entities.
ZXR10#clear arp-cache permanent interface [interface Deletes permanent ARP

<interface-name>] entities based on on the
specified range.
ZXR10#clear arp-cache to-static [interface <interface-name>] Deletes static ARP entities

based on on the specified
range.
interface Port-based ARP protection.
<interface-name> Configures ARP protection on the specific interface.
common-mac Configures the function of common MAC protection. For all

MAC addresses, when the specific MAC protection is not
enabled, the number of dynamic ARP records cannot exceed
the configured threshold of common MAC protection.
special-mac Configures the function of special MAC protection. For a

specific MAC address, the number of dynamic ARP records
cannot exceed the configured threshold of special MAC
protection.
whole ARP protection based on the number of global ARP records.
<num> Configures the maximum number of ARP protection records.

The value of this parameter ranges from 1 to 65536. By
default, the protection is disabled. In addition, no default
value is provided.
A description of the parameter in Step 2 is as follows:
<value> Clearing time, range: 1–36000, unit: seconds, default: 1

seconds.
1-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
seconds The aging time of ARP entities in the ARP cache, range: 1
–2147483, unit: seconds, default: 14400 seconds.
interface<interface-name> Interface name.
<value> Clearing time, range: 1–36000, unit: seconds, default: 1

seconds.
<seconds> The aging time of ARP entities in the ARP cache, range: 1
–2147483, unit: seconds, default: 14400 seconds.
<ip-address> IP address.
interface Delete dynamic ARP entities on the specified interface.
ip Delete dynamic ARP entities based on the specified IP

address.
mac Delete dynamic ARP entities based on the specified MAC

address.
ip-range Delete dynamic ARP entities based on the specified IP

address range.
<ip-address> IP address, in dotted decimal notation.
<mac-address> MAC address, in dotted decimal notation.
<lower-ip-address> Lower limit of the IP address range.
<upper-ip-address> Upper limit of the IP address range.
1-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Configuring an ARP Proxy

To configure an ARP proxy on the ZXR10 5900E, perform the following steps:

mode.
2 ZXR10(config-arp)#proxy <interface-name> Configures ARP proxy function.

By default, ARP proxy function
is disabled.

configuration mode.
4 ZXR10(config-arp-if)#proxy Configures ARP proxy function.

By default, the ARP proxy
Configuring an ARP Local Proxy

To configure an ARP local proxy on the ZXR10 5900E, perform the following steps:

mode.
2 ZXR10(config-arp)#local-proxy-arp <interface-name> Configures ARP local proxy

function. By default, ARP
local proxy function is
disabled.<interface-name>
is layer 3 VLAN port of a switch
only.

configuration mode.
4 ZXR10(config-arp-if)#local-proxy-arp Configures ARP local proxy

function. By default, ARP local
proxy function is disabled.
Configuring ARP Source Filtering

To configure the ARP source filtering function on the ZXR10 5900E, perform the following
steps:
1-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

mode.

configuration mode.
3 ZXR10(config-arp-if)# source-filtered Enables the ARP source

filtering function. By default,
this function is enabled. Use
no source-filtered command to
disable this function.
Configuring DAI
To configure DAI on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#arp Enters the ARP configuration

mode.
2 ZXR10(config-arp)#inspection validate src-mac Enables or disables the global

{enable|disable} ip {enable|disable} dst-mac {enable|disable} ARP packet check switch in the
ARP configuration mode. By
default, all the three switches
are disabled.
3 ZXR10(config-arp)#inspection vlan <1-4094> Enables the DAI of a VLAN in

the ARP configuration mode.
the DAI to the default disabled
state.
4 ZXR10(config-arp)#inspection trust < interface-name > Configures the trustworthiness

of a specified interface in the
ARP configuration mode. Use
the no command to restore
the interface to the default
untrusted state.
5 ZXR10(config-arp)#inspection limit <interface-name><1 Configures the inspection limit

-100> for the specified interface in
the no command to restore the
default inspection limit (15).
6 ZXR10(config-arp)#interface <interface-name> Enters the ARP interface

configuration mode.
1-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
7 ZXR10(config-arp-if)#inspection trust Configures the trustworthiness

of a specified interface in the
the interface to the default
untrusted state.
8 ZXR10(config-arp-if)#inspection limit <1-100> Configures the inspection limit

for the specified interface in
ARP interface configuration
mode. Use the no command to
restore the default inspection
limit (15).
1.4 Maintaining ARP

To maintain the ARP function on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show arp [<ip-address>| arp-to-static | begin<word>| Displays different types of ARP

dynamic<word>| exclude<word>| include<word>| entities.
interface<interface-name>| ip-range from <ip-address> to
<ip-address>| permanent | static | vlan {extervlanid | intervlanid
}<vlan-id>]
ZXR10#show running-config arp Displays the ARP configuration

information on the switch.
ZXR10#show ip arp inspection { vlan [{<1-4094>| disable | enable | Displays the DAI configuration
name <vlan-name>}]| interface [<interface-name>]| configure} information of protocol entities on
the switch.
The following is sample output from the show arp command:
ZXR10#show arp
Arp protect whole is disabled
The count is 1
IP Hardware Exter Inter Sub
Address Age Address Interface VlanID VlanID Interface
--------------------------------------------------------------------------
192.168.88.200 H 00e0.d021.0203 vlan10 N/A N/A N/A
1.1.1.1 P 0011.0011.0011 vlan1 N/A N/A N/A
2.2.2.2 D 0022.0022.0022 vlan2 N/A N/A N/A
Field descriptions are as follows:
1-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
IP Address IP address.
Age Time of generating a dynamic ARTP entry (the number

indicates the duration during which a dynamic ARP entry
exists).
Hardware Address MAC address.
Interface Interface name.
Exter VlanID External VLAN tag.
Inter VlanID Internal VLAN tag.
Sub Interface Sub-interface (physical port).
The following is sample output from the show running-config arp command:
ZXR10(config)#show running-config arp
!<ARP>
arp
interface vlan100
protect limit-num 100
timeout 3000
$
$
!</ARP>
ZXR10(config)#
The following is sample output from the show ip arp inspection command:
ZXR10#show ip arp inspection configure
Source Mac Validation : Disabled
Destination Mac Validation : Disabled
IP Address Validation : Enabled
1.5 ARP Configuration Examples

Permanent ARP Configuration Example
It is required to configure permanent ARP on an interface.
Method 1: Configure a permanent ARP entity in ARP configuration mode. Make sure
that an IP address has already been configured on the interface.
ZXR10(config)#arp
ZXR10(config-arp)#arp vlan400 permanent 120.1.1.1 0020.1122.3344
1-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Method 2: Enter ARP interface configuration mode and then configure a permanent
ARP entity.
ZXR10(config-arp)#interface vlan400
ZXR10(config-arp-if)#arp permanent 120.1.1.3 0020.1122.3355
Use the show command to view the configuration result, as shown below.
ZXR10(config)#show arp permanent
The count is 1
--------------------------------------------------------------------------
1.1.1.1 P 0020.1122.3344 vlan400 N/A N/A N/A
ZXR10(config)#show arp permanent vlan400

The count is 1
--------------------------------------------------------------------------
1.1.1.3 P 0020.1122.3355 vlan400 N/A N/A N/A
Common ARP Attributes Configuration Example

The configuration of common ARP attributes is shown below.
ZXR10(config-arp-if)#learn-disable
/*This disables ARP learning function on an interface.*/
ZXR10(config-arp-if)#protect limit-num 10
/*This sets the number of ARP entities protected to 10.*/
ZXR10(config-arp-if)#proxy
/*This enables ARP proxy function.*/
ZXR10(config-arp-if)#purge-delay 10
/*This configures ARP clearing time to 10 s.*/
ZXR10(config-arp-if)#no source-filtered
/*This disables source filter function.*/
ZXR10(config-arp-if)#timeout 10
/*This sets the aging time to 10 s.*/
ZXR10(config-arp-if)#show running-config arp
/*This views the configuration result.*/
arp
interface vlan400
timeout 10
purge-delay 10
proxy
1-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
learn-disable
no source-filtered
$
!
ARP Proxy Application

As shown in Figure 1-1, Host A thinks that Host D is in the same segment with itself
(according to the masks). When Host A intends to communicates with Host D, Host
A sends an ARP request to Host D, as shown below:
Sender's MAC Addr Sender's IP Target MAC Addr Target IP
00-00-0c-94-36-aa 172.16.10.100 00-00-00-00-00-00 172.16.20.200
As shown in Figure 1-1, the ARP request cannot reach Host D, as a route does not
forward broadcast messages generally. In the condition that there is no ARP proxy,
the communication will fail.
Figure 1-1 Topology of ARP Proxy Application
When ARP proxy function is enabled on the switch, the router will request for valid IP
addresses except the IP address of the receiving interface on the switch. The switch
replies with the MAC address on the ingress interface of the ARP packet, as shown
below:
00-00-0c-94-36-ab 172.16.20.200 00-00-0c-94-36-aa 172.16.10.100
1-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Therefore, a new entity is added into the ARP table of Host A, as shown below:
ZXR10(config)#show arp
The count is 2
--------------------------------------------------------------------------
172.16.20.200 00:00:03 0000.0c94.36ab vlan10 N/A N/A gei-0/1/0/1
The configuration to enable ARP proxy function on the router:
ZXR10(config-arp-if)#exit
ZXR10(config-arp)#exit
arp
interface vlan10
proxy
$
!
ARP Source Filter Application

ARP source filter function is enabled by default. After this function is enabled, the
switch will search its routing table to check whether there is a route that uses the
interface (on which this ARP packet is received) as the egress for the ARP packet
with this source IP. The ARP entity will be learnt if the route is found. Otherwise, the
ARP packet will be discarded.
The configuration is shown below:
/*Disable source filter*/
arp
interface vlan400
no source-filtered
$
!
ZXR10(config-arp-if)#source-filtered
/*Enable source filter*/
1-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1.5.1 Permanent ARP Configuration Example

It is required to configure permanent ARP on an interface.
Method 1: Configure a permanent ARP entity in ARP configuration mode. Make sure that
an IP address has already been configured on the interface.
ZXR10(config)#arp
ZXR10(config-arp)#arp vlan400 permanent 120.1.1.1 0020.1122.3344
Method 2: Enter ARP interface configuration mode and then configure a permanent ARP
entity.
ZXR10(config-arp-if)#arp permanent 120.1.1.3 0020.1122.3355
Use the show command to view the configuration result, as shown below.
ZXR10(config)#show arp permanent
The count is 1
--------------------------------------------------------------------------
1.1.1.1 P 0020.1122.3344 vlan400 N/A N/A N/A
ZXR10(config)#show arp permanent vlan400

The count is 1
--------------------------------------------------------------------------
1.1.1.3 P 0020.1122.3355 vlan400 N/A N/A N/A
1.5.2 Common ARP Attributes Configuration Example

The configuration of common ARP attributes is shown below.
ZXR10(config-arp-if)#learn-disable
/*This disables ARP learning function on an interface.*/
ZXR10(config-arp-if)#protect limit-num 10
/*This sets the number of ARP entities protected to 10.*/
/*This enables ARP proxy function.*/
ZXR10(config-arp-if)#purge-delay 10
1-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
/*This configures ARP clearing time to 10 s.*/

/*This disables source filter function.*/
ZXR10(config-arp-if)#timeout 10
/*This sets the aging time to 10 s.*/
/*This views the configuration result.*/
arp
interface vlan400
timeout 10
purge-delay 10
proxy
learn-disable
no source-filtered
$
!
1.5.3 ARP Proxy Application

As shown in Figure 1-2, Host A thinks that Host D is in the same segment with itself
(according to the masks). When Host A intends to communicates with Host D, Host A
sends an ARP request to Host D, as shown below:
00-00-0c-94-36-aa 172.16.10.100 00-00-00-00-00-00 172.16.20.200
As shown in Figure 1-2, the ARP request cannot reach Host D, as a route does not
forward broadcast messages generally. In the condition that there is no ARP proxy, the
communication will fail.
1-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 1-2 Topology of ARP Proxy Application
When ARP proxy function is enabled on the switch, the router will request for valid IP
addresses except the IP address of the receiving interface on the switch. The switch
replies with the MAC address on the ingress interface of the ARP packet, as shown below:
00-00-0c-94-36-ab 172.16.20.200 00-00-0c-94-36-aa 172.16.10.100
Therefore, a new entity is added into the ARP table of Host A, as shown below:
ZXR10(config)#show arp
The count is 2
--------------------------------------------------------------------------
172.16.20.200 00:00:03 0000.0c94.36ab vlan10 N/A N/A gei-0/1/0/1
The configuration to enable ARP proxy function on the router:
ZXR10(config-arp-if)#exit
ZXR10(config-arp)#exit
arp
interface vlan10
proxy
1-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
$
!
1.5.4 ARP Source Filter Application

ARP source filter function is enabled by default. After this function is enabled, the switch
will search its routing table to check whether there is a route that uses the interface (on
which this ARP packet is received) as the egress for the ARP packet with this source IP.
The ARP entity will be learnt if the route is found. Otherwise, the ARP packet will be
discarded.
The configuration is shown below:
/*Disable source filter*/
arp
interface vlan400
no source-filtered
$
!
ZXR10(config-arp-if)#source-filtered
/*Enable source filter*/
1-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 2
VLAN Configuration
Table of Contents
VLAN Overview..........................................................................................................2-1
Configuring a VLAN....................................................................................................2-2
Maintaining a VLAN....................................................................................................2-9
VLAN Basic Configuration Example .........................................................................2-11
2.1 VLAN Overview

Introduction to VLAN
The virtual local area network (VLAN) is a technology that logically divides the devices in
a LAN into network segments to implement the functions of virtual workgroup. A VLAN is
mainly used to isolate the broadcast domain.
The VLAN logically divides network resources and users according to certain rules. That
is, it divides a physical network into several small logical networks. These logical networks
form their respective broadcast domains, that is, VLANs.
VLAN Principle
The VLAN functions on a switch in the following four ways:
l VLAN allocated by interface
In this case, VLANs are allocated by interfaces on Ethernet switches. To be specific,
the VLAN to which each interface belongs is clearly specified. Allocating VLANs by
interface is one of the most widely used methods. The IEEE 802.1Q provides an
international standard for allocating VLANs by interfaces on Ethernet switches.
l VLAN allocated by MAC address
In this case, VLANs are allocated by the MAC address of each host. To be specific,
the group to which each host belongs is clearly specified. That is, the VLAN to which
an interface belongs is determined by querying and recording the MAC address of the
network adaptor on the host connected to the interface. Suppose that MAC address A
is configured by a switch to belong to VLAN 10. In this case, no matter which interface
on the switch is used to connect the host with MAC address A, the interface will be
allocated to VLAN 10. For example, if interface 1 is used to connect the host, interface
1 belongs to VLAN 10; if interface 2 is used to connect the host, interface 2 belongs
to VLAN 10.
l VLAN allocated by IP subnet
2-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
In this case, VLANs are allocated by subnet. To be specific, the VLAN to which an
interface belongs is determined by the IP address of the connected host. Unlike
the VLAN allocated by MAC address, an interface can be successfully added to the
original VALN for a same IP address, even though the MAC address is changed due to
replacement of network adaptor or other reasons. For the VLAN allocated by subnet,
the VLAN of a frame is determined by the subnet to which the frame belongs. To
achieve this, the switch must check the network-layer content of a received frame.
This kind of VLAN is like a switch, dividing subnets into different broadcast domains.
l VLAN allocated by network protocol
In this case, VLANs are allocated by protocol. To be specific, a physical network is
divided into multiple logical VLANs based on protocol. When an interface receives a
frame, its VLAN is determined by the protocol type in the packet. For example, IP,
IPX, and Appletalk may have their own independent VLAN. The IP broadcast frames
are sent only to all the interfaces in the IP VLAN.
This allocation method is quite flexible, which is the same as the advantage of
the VLAN allocated by subnet. It is applicable to the L3 network or the network
environment with various protocols.
VLAN Translation
VLAN translation is used in metropolitan area networks. The VLAN IDs of switches used
for edge access can be the same. VLAN translation can modify the same VLAN IDs to
different VLAN IDs, and then forwards packets through the uplink interface on the ZXR10
5900E. In this way, user isolation on L2 switches can be achieved.
The ZXR10 5900E supports ingress VLAN translation and egress VLAN translation.
2.2 Configuring a VLAN

Configuring VLAN Properties of Single L2 Interface
To configure VLAN properties of a single L2 interface on the ZXR10 5900E, perform the
following steps:
Steps Command Function
1 ZXR10(config)#switchvlan-configuration Enters switch VLAN

configuration mode.
2 ZXR10(config-swvlan)#interface <interface-name> Enters switch VLAN interface

configuration mode.
3 ZXR10(config-swvlan-if-ifname)#switchport mode Configures the VLAN link mode

{access|hybrid|trunk} of an Ethernet interface. The
default mode is access.
2-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 2 VLAN Configuration c u -tr a c k
4 ZXR10(config-swvlan-if-ifname)#switchport access Adds an access interface to a

vlan <vlan_id> VLAN. If the VLAN does not
exist, create it.
5 ZXR10(config-swvlan-if-ifname)#switchport trunk Configures the native VLAN of

native vlan <vlan_id> a trunk interface. If the VLAN
does not exist, create it.
6 ZXR10(config-swvlan-if-ifname)#switchport hybrid Configures the native VLAN of

native vlan <vlan_id> a hybrid interface. If the VLAN
does not exist, create it.
7 ZXR10(config-swvlan-if-ifname)#switchport trunk vlan Adds a trunk interface to a

<vlan_list> VLAN. If the VLAN does not
exist, create it.
8 ZXR10(config-swvlan-if-ifname)#switchport hybrid Adds a hybrid interface to a

vlan <vlan_list>{tag|untag} VLAN. If the VLAN does not
exist, create it.
9 ZXR10(config-swvlan-if-ifname)#acceptable frame Configures the mode of an

types {all|tag} interface for receiving frames.
If the value of this parameter is
configured to tag, the interface
receives only the frames with
VLAN tag. For the frames
without VLAN tag, the interface
discards them. If the value of
this parameter is configured
to all, the interface receives
all the frames. The default
configuration is all.
10 ZXR10(config-swvlan-if-ifname)#ingress filtering Configures the ingress filtering

{enable|disable} function of an interface. If
the function is enabled, the
interface discards the VLAN
packets that do not belong to it.
If the function is not enabled,
the interface does not discard
the VLAN packets that do
not belong to it. The default
configuration is enable.
11 ZXR10(config-swvlan-if-ifname)#protocol-map Enables or disables the

{enable|disable} protocol map function of an
interface, default: enable.
2-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
12 ZXR10(config-swvlan-if-ifname)#subnet-map Enables or disables the subnet

{enable|disable} map function of an interface,
default: enable.
13 ZXR10(config-swvlan-if-ifname)#switchport qinq Configures the QinQ mode of

{normal|uplink|customer} an interface. The default mode
is normal.
14 ZXR10(config-swvlan-if-ifname)#switchport qinq tpid Configures the external QinQ

external <ex_tpid> TPID of an interface, default:
0x8100.
15 ZXR10(config-swvlan)#set-qinq-internal-tpid <in_tpid> Configures the internal QinQ

TPID of an interface, default:
0x8100.
16 ZXR10(config-swvlan-if-ifname)#switchport tag trunk Enables or disables the tag

native vlan {enable|disable} function of an native vlan
interface.
access Configures the QinQ mode of an interface to access.
trunk Configures the QinQ mode of an interface to trunk.
hybrid Configures the QinQ mode of an interface to hybrid.
A description of the parameter in Step 4 through Step 6 is as follows:
<vlan_id> Indicates the VLAN ID. The value of this parameter ranges
from 1 to 4094.
<vlan_list> Indicates the VLAN list that supports batch configuration. The
value of this parameter ranges from 1 to 4094.
<vlan_list> Indicates the VLAN list that supports batch configuration. The
value of this parameter ranges from 1 to 4094.
tag Indicates that the interface is tagged.
2-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
untag Indicates that the interface is untagged.
all Configures the interface to receive all the types of frames.
tag Configures the interface to receive only the tagged frames.
A description of the parameters in Step 10 through Step 12 is as follows:
enable Enables the function.
disable Disables the function.
normal Configures the QinQ mode of an interface to normal.
customer Configures the QinQ mode of an interface to customer.
uplink Configures the QinQ mode of an interface to uplink.
<ex_tpid> Configures the external TPID of an interface. The available

options are 0x88a8, 0x8100, 0x9100, 0x9200, and 0x9300.
<in_tpid> Configures the internal TPID of an interface. The available

options are 0x88a8, 0x8100, 0x9100, 0x9200, and 0x9300.
Configuring a MAC-Based VLAN

To configure a MAC-Based VLAN on the ZXR10 5900E, perform the following steps:
Ste- Command Function

ps
1 ZXR10(config-swvlan)#mac-vlan session-no <session-id> Enter a MAC-based VLAN

session.
2-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Ste- Command Function

ps
2 ZXR10(config-swvlan-mac-vlan-X)#rule 1 mac-address Sets MAC-based VLAN rules.

<mac-address> mac-mask <mac-mask> vlan <vlan-id>
3 ZXR10(config-swvlan)#mac-vlan interface Binds a specific MAC-based

<interface-name> session-no <session-id> VLAN session to multiple ports.
<session-id> Session ID, range: 1–64
<rule-id> Rule ID, range: 1–1024
Configuring VLAN Properties of Ethernet Interfaces in Batches

To configure VLAN properties of Ethernet interfaces in batches on the ZXR10 5900E,
perform the following steps:
Step- Command Function

s
1 ZXR10(config)#switchvlan-configuration Enters the switch VLAN

configuration mode.
2 ZXR10(config-swvlan)#switchport <port_list> qinq Configures the QinQ mode of

{normal|customer|uplink} Ethernet interfaces in batches.
The default mode is normal.
3 ZXR10(config-swvlan)#switchport <port_list> qinq tpid Configures the external QinQ

external <ex_tpid> TPID of Ethernet interfaces in
batches, default: 0x8100.
4 ZXR10(config-swvlan)#subnet-map session-no Creates a subnet VLAN

<1-256><ip-adress><ip-mask> vlan {<vlan-id>| WORD }
5 ZXR10(config-swvlan)#protocol-map session-no Creates a protocol VLAN

<1-16>{ethernet2 | llc | snap} 0xHHHH vlan {<1-4094>|
WORD}
6 ZXR10(config-swvlan)#protocol-map interface Enables or disables the

<port_list>{enable|disable} protocol VLAN function of
Ethernet interfaces in batches,
default: enable.
2-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Step- Command Function

s
7 ZXR10(config-swvlan)#subnet-map interface Enables or disables the subnet

<port_list>{enable|disable} VLAN function of Ethernet
interfaces in batches, default:
enable.
8 ZXR10(config-swvlan)#vlan statistics list Enables or disables the

[<vlan_id>|<vlan_list>]{enable|disable} VLAN-based counter statistics
function.
9 ZXR10#clear vlan statistics vlan [<vlan_id>] Clears VLAN-based counter

statistics.
<port_list> Indicates the interface list for batch configuration.
normal Configures the QinQ mode of Ethernet interfaces to normal.
customer Configures the QinQ mode of Ethernet interfaces to

customer.
uplink Configures the QinQ mode of Ethernet interfaces to uplink.
<ex_tpid> Configures the external TPID of Ethernet interfaces. The

available options are 0x88a8, 0x8100, 0x9100, 0x9200, and
0x9300.
A description of the parameters in Step 6 and Step 7 is as follows:
enable Enables the function.
disable Disables the function.
Configuring VLAN Translation

To configure VLAN translation on the ZXR10 5900E, perform the following steps:
2-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

configuration mode.
2 ZXR10(config-swvlan)#vlan translate session-no Creates a VLAN-ingress

<session_no> ingress-port <interface_name> translation rule, including the
session number and ingress
interface, and enters VLAN
translation configuration mode.
The VLAN-ingress
translation cannot configure
qinq-customer type.
Otherwise VLAN translation
become invalid.
3 ZXR10(config-swvlan)#vlan translate session-no Creates a VLAN-egress

<session_no> exgress-port <interface_name> translation rule, including the
session number and egress
interface, and enters VLAN
translation configuration mode.
4 ZXR10(config-swvlan-trans-session-number)#ingress- Configures the ID of the internal

invlan <vlan-list> VLAN before translation.
Multiple VLAN IDs can be
configured in batches.
5 ZXR10(config-swvlan-trans-session-number)#ingre Configures the ID the external

ss-outvlan <vlan-list> VLAN before translation.
Multiple VLAN IDs can be
configured in batches.
6 ZXR10(config-swvlan-trans-session-number)#exgress- Configures the VLAN of the

invlan {ingress-same |<vlan_id>} internal tag after translation.
7 ZXR10(config-swvlan-trans-session-number)#exgress- Configures the VLAN of the

outvlan {untag | ingress-same |<vlan_id>} external tag after translation.
8 ZXR10(config-swvlan-trans-session-number)#exgres Configures the priority of the

s-invlan-prio {<prio>| map} internal tag after translation.
If this command is used, the
VLAN of the internal tag after
translation configured in Step 6
must be the specific VLAN ID.
2-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
9 ZXR10(config-swvlan-trans-session-number)#exgress- Configures the priority of the

outvlan-prio {<prio>| map} external tag after translation.
If this command is used, the
VLAN of the external tag after
translation configured in Step 7
must be the specific VLAN ID.
10 ZXR10(config-swvlan)#no vlan translate session-no Deletes the specified session

{<session_no>| all} or all sessions.
11 ZXR10(config-swvlan)#vlan translate statistics session Enables or disables the VLAN

<session_no>{enable | disable} translation statistics function.
By default, the function is
disabled.
12 ZXR10#clear vlan translate statistics session <session_no> Clears VLAN translation

statistics.
A description of the parameters in Step 2 through Step 4 is as follows:
<session_no> Serial number of a session, range: 1–1024.
<interface_name> Port name.
<vlan-list> Ingress VLAN list.
<prio> Priority of the tag.
<vlan_id> VLAN ID.
all All sessions.
2.3 Maintaining a VLAN

To maintain the VLAN function on the ZXR10 5900E, run the following commands:
Command Function
ZXR10(config-swvlan)#show vlan Displays the configuration of

interfaces in a VLAN.
ZXR10(config-swvlan)#show running-config switchvlan [all] Displays the configuration of a

switch.
ZXR10(config-swvlan)#show vlan translation <session_no> Displays the information about

VLAN translation of the specified
session.
2-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Command Function
ZXR10(config-swvlan)#show vlan translate statistics session Displays packet statistics on VLAN

<session_no> translation.
ZXR10(config-swvlan)#show vlan statistics vlan {<vlan_id>} Displays VLAN-based counter

statistics.
The following is sample output from the show vlan command:

ZXR10(config-swvlan)#show vlan
VLAN Name PvidPorts UntagPorts TagPorts
--------------------------------------------------------------
1 vlan0001 gei-0/1/1/1 gei-0/1/1/1
gei-0/1/1/3
2 vlan0002 gei-0/1/1/1
3 vlan0003 gei-0/1/1/1
gei-0/1/1/3
4 vlan0004 gei-0/1/1/1
5 vlan0005 gei-0/1/1/2 gei-0/1/1/1
6 vlan0006 gei-0/1/1/1
The following is sample output from the show running-config switchvlan command:
ZXR10(config-swvlan)#show running-config switchvlan
! <switchvlan>
switchvlan-configuration
vlan 1
$
vlan 2
$
vlan 3
$
vlan 4
$
vlan 5
$
vlan 6
$
switchport mode trunk
switchport trunk vlan 1-6
$
switchport access vlan 5
$
switchport mode hybrid
2-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
switchport hybrid vlan 3 tag

$
! </switchvlan>
The following is sample output from the show vlan translation command:
ZXR10(config-swvlan)#show vlan translation 1
SESS TRANSPORT INMAP OUTMAP INVLAN PRI OUTVLAN PRI ADV
-----------------------------------------------------------------
1 [I]gei-0/1/1/1 10 100 0
The following is sample output from the show vlan translate statistics session command:
ZXR10(config-swvlan)#show vlan translate statistics session 1

vlan translate session 1 statistics:
120s input rate : 0Bps 0Pps
120s output rate : 0Bps 0Pps
StreamCounters(update interval 10s)

In_Bytes 0 In_Packets 0
E_Bytes 0 E_Packets 0
ZXR10(config-swvlan)#
2.4 VLAN Basic Configuration Example

2.4.1 VLAN Basic Configuration Example
As shown in Figure 2-1, switch A is connected to switch B. They have both VLAN 10 and
VLAN 20 users.
Figure 2-1 Network Topology with VLAN
The configuration of switch A:
ZXR10(config)#switchvlan-configuration
ZXR10(config-swvlan)#vlan 10
ZXR10(config-swvlan-sub)#switchport pvid gei-0/1/1/1-2
ZXR10(config-swvlan-sub)#exit
2-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

ZXR10(config-swvlan)#interface gei-0/1/1/24
ZXR10(config-swvlan-if-gei-0/1/1/24)#switchport mode trunk
ZXR10(config-swvlan-if-gei-0/1/1/24)#switchport trunk vlan 10
The configuration of switch B:

ZXR10(config-swvlan-if-gei-0/1/1/24)#switchport mode trunk
2.4.2 VLAN Translation Configuration Example

The network topology of a VLAN translation configuration example is shown in Figure 2-2.
PC1 is connected to the downlink interface of Switch1, and Switch1 is connected to Router
A through the uplink interface.
Figure 2-2 VLAN Translation Configuration Example
1. For packets with single tag 100 received on the ingress gei-0/1/1/1, after VLAN
translation, the tag is changed to 200.
2. For packets with dual tags (the inner tag is 100 and the outer tag is 200) received on
the ingress gei-0/1/1/1, after VLAN translation, the inner tag is changed to 101 and the
outer tag is changed to 201.
3. For packets with single tag 100 forwarded on the egress gei-0/1/1/3, after VLAN
translation, the tag is changed to 200.
2-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4. For packets with dual tags (the inner tag is 100 and the outer tag is 200) forwarded on
the egress gei-0/1/1/3, after VLAN translation, the inner tag is changed to 101 and the
outer tag is changed to 201.
1. The configuration for single-tag translation on the ingress:
ZXR10(config-swvlan)#vlan translate session-no 1 in
ZXR10(config-swvlan)#sate session-no 1 ingress-port gei-0/1/1/1
ZXR10(config-swvlan-trans-session-1)#ingress-invlan 100
ZXR10(config-swvlan-trans-session-1)#exgress-invlan 200
ZXR10(config-swvlan-trans-session-1)#exgress-outvlan untag
ZXR10(config-swvlan-trans-session-1)#
Configuration verification:
ZXR10(config-swvlan-trans-session-1)#show vlan translation
----------------------------------------------------------------------------
1 [I]gei-0/1/1/1 100 200 untag 0
2. The configuration for dual-tag translation on the ingress:
ZXR10(config-swvlan)#vlan translate session-no 2 in
ZXR10(config-swvlan)#sate session-no 2 ingress-port gei-0/1/1/1
ZXR10(config-swvlan-trans-session-1)#ingress-outvlan 200
ZXR10(config-swvlan-trans-session-1)#exgress-outvlan 201
----------------------------------------------------------------------------
1 [I]gei-0/1/1/1 100 200 101 201 0
3. The configuration for single-tag translation on the egress:
ZXR10(config-swvlan)#vlan translate session-no 2 exgress-port gei-0/1/1/3
ZXR10(config-swvlan-trans-session-1)#exgress-outvlan untag
2-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

----------------------------------------------------------------------------
1 [E]gei-0/1/1/3 100 200 untag 0
4. The configuration for dual-tag translation on the egress:
ZXR10 (config-swvlan)#vlan translate session-no 2 exgress-port gei-0/1/1/3
ZXR10(config-swvlan-trans-session-1)#ingress-outvlan 200
ZXR10(config-swvlan-trans-session-1)#exgress-outvlan 201
----------------------------------------------------------------------------
1 [E]gei-0/1/1/3 100 200 101 201 0
2-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 3
SuperVLAN Configuration
Table of Contents
SuperVLAN Overview ................................................................................................3-1
Configuring a SuperVLAN ..........................................................................................3-2
Maintaining a SuperVLAN ..........................................................................................3-5
SuperVLAN Configuration Example............................................................................3-6
3.1 SuperVLAN Overview

Introduction to SuperVLAN
SuperVLAN is a type of virtual interface formed by binding several interfaces, such as
VLAN sub-interface nn different boards.
SuperVLAN technology aggregates many subVLANs together. These subVLANs share
one IP sub-network and the same default gateway. In a SuperVLAN, all subVLANs can
allocate IP addresses in the SuperVLAN flexibly and use the default gateway of the
SuperVLAN. Each subVLAN has its own independent broadcast domain, which ensures
the isolation between different users. The communication between subVLANs is routed
by the SuperVLAN. The SuperVLAN supports cross-board interface binding .
SuperVLAN Principle
SuperVLAN is advanced by Internet Society RFC 3069. After VLAN is introduced, different
VLANs cannot communicate with each other through L2 forwarding. The communication
is implemented through L3 routing. Thus, it is necessary to configure different IP address
segments between VLANs. To save IP addresses, SuperVLAN is used.
The principle of common VLAN is shown in Figure 3-1.
Figure 3-1 VLAN Configuration on Device without SuperVLAN
3-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
On the device, the ports connecting A, B,C and D belong to different VLANs. Therefore,
the different IP address segments are configured on A, B, C and D. The communications
are implemented through L3 route forwarding.
As shown in Figure 3-2, after SuperVLAN is used, VLAN 1 and VLAN 2 are bound to
SuperVLAN1, while VLAN 3 and VLAN 4 are bound to SuperVLAN2.
Figure 3-2 Configuration on Device with SuperVLAN
The network segment x.x.x.0/24 is configured on A and B, and x.x.y.0/24 network segment
is configured on C and D. SuperVLAN 1 acts as the ARP proxy between A and B, and
SuperVLAN2 acts as the ARP proxy between C and D. Therefore, the communications
between A and B, and between C and D can be implemented through L2 forwarding.
However, the communication between the hosts in different network segments (such as A
and C) still needs to be implemented through L3 forwarding.
In addition, each VLAN member of SuperVLAN is allocated an IP address segment.
To ensure the security, the packets will be discarded if the IP addresses of the packets
received by the SuperVLAN do not match the allocated IP address segment.
3.2 Configuring a SuperVLAN

Configuring SuperVLAN Switch Attributes
To configure SuperVLAN switch attributes on ZXR10 5900E, perform the following steps:
1 ZXR10(config)#supervlan Enters SuperVLAN

configuration mode.
2 ZXR10(config-supervlan)#interface supervlan Enters SuperVLAN interface

<supervlan-id> configuration mode.
3 ZXR10(config-supervlan-superif)#arp-broadcast Enables or disables the

{enable | disable} function that SuperVLAN
broadcasts ARP to all its
subVLANs. By default, this
3-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 3 SuperVLAN Configuration c u -tr a c k
4 ZXR10(config-supervlan-superif)#inter-subvlan-rout Enables or disables the

ing {enable | disable} inter-subVLAN routing
function. By default, this
function is enabled.
5 ZXR10(config-supervlan-superif)#ip-pool-filter Enables or disables

{enable | disable} SuperVLAN IP pool filter
function. By default, this
function is enabled.
This filter function command
are effective only for ICMP and
ARP protocol.
6 ZXR10(config-supervlan-superif)#gratuitous-arp-bro Enables or disables the

adcast {enable | disable} function that SuperVLAN
broadcasts ARP to all its
subVLANs for free. By default,
this function is enabled.
supervlan <supervlan-id> SuperVLAN ID, range: 1–4000.
Configuring Interface Properties of a SuperVLAN Member

To configure interface properties of a SuperVLAN member on ZXR10 5900E, perform the
following steps:

configuration mode.
2 ZXR10(config-supervlan)#subvlan <subvlan-id> Enters SUPERVLAN_SUB-

VLAN configuration mode.
3 ZXR10(config-supervlan-subvlan)#supervlan Binds an specified SubVLAN

<supervlan-id> interface to a SuperVLAN.
4 ZXR10(config-supervlan-subvlan)#vlanpool Binds an IP address segment

<ip-address1><ip-address2> to a subVLAN interface.
5 ZXR10(config-supervlan-subvlan)#gratuitous-arp-bro Enables or disables the

adcast {enable | disable} function that SubVLAN
broadcasts ARP for free.
By default, this function is
enabled.
3-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<subvlan-id> SubVLAN ID number, range: 1–4094.
supervlan <supervlan-id> SuperVLAN ID number, range: 1–4000.
<ip-address1> The start IP address of the address segment, in A.B.C.D

format.
<ip-address2> The end IP address of the address segment, in A.B.C.D

format.
enable Enables the function that SubVLAN broadcasts ARP for free.
disable Disables the function that SubVLAN broadcasts ARP for free.
On the ZXR10 5900E, use the following commands to bind SubVLANs to a specified
SuperVLAN in batches.
To bind SubVLAN to a specified SuperVLAN on ZXR10 5900E, perform the following steps:

configuration mode.
2 ZXR10(config-supervlan)#interface supervlan Enters SuperVLAN

<supervlan-id> aggregation interface
configuration mode.
3 ZXR10(config-supervlan-superif)#subvlan Binds a single or several

<subvlan-id> SubVLAN interfaces to
a specified SuperVLAN
interface.
supervlan<supervlan-id> SuperVLAN ID number, range: 1–4000.
3-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<subvlan-id> SubVLAN ID number, range: 1–4094.
3.3 Maintaining a SuperVLAN

To maintain the SuperVLAN function on the ZXR10 5900E, run the following commands:
Command Function
ZXR10(config)#show supervlan [<supervlan-id>] Displays the configuration of a

SuperVLAN.
ZXR10(config)#show supervlan-pool [<supervlan-id>] Displays the IP pool bound to a

subVLAN.
The following is sample output from the show supervlan command:
ZXR10(config)#show supervlan
The total SuperVLAN number:1
SuperVLAN No: 10
ARP-Broadcast : Disable
Gratuitous-ARP-Broadcast : Enable
Inter-SubVLAN-Routing-IPv4: Enable
IP-POOL-Filter : Enable
ND-Broadcast : Disable
----------------------------------------
SubIntf : subvlan10
Field Description
ARP-Broadcast: Disable The function that SuperVLAN broadcasts ARP to all its
subVLANs is disabled.
Gratuitous-ARP-Broadcast: Enable The function that SuperVLAN broadcasts ARP to all its
subVLANs for free is enabled.
IP-POOL-Filter: Enable The function that SuperVLAN filter the source IP address
is enabled.
3-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
Inter-SubVLAN-Routing-IPv4: The inter-subVLAN routing function is enabled. By default,

Enable the function is enabled in IPv4 and IPv6.
Inter-SubVLAN-Routing-IPv6:
Enable
ND-Broadcast: Disable The function that the SuperVLAN broadcasts ND to all

SubVLANs is disabled. This function cannot be enabled
through command configuration.
SubIntf: subvlan10 The member interface SubVLAN 10 of the SuperVLAN 10

interface.
The following is sample output from the show supervlan-pool command:

ZXR10(config-supervlan)#show supervlan-pool
Addr-Begin Addr-End Supervlan-Name SubIntf-Name
1.1.1.1 1.1.1.255 supervlan10 subvlan10
Field Description
From 1.1.1.1 To 1.1.1.255 The filter range of SuperVLAN IP pool is from 1.1.1.1 to
1.1.1.255.
3.4 SuperVLAN Configuration Example

SuperVLAN technology aggregates many subVLANs together. These subVLANs share
one IP sub-network and the same default gateway. In a SuperVLAN, all subVLANs
can allocate IP addresses of SuperVLAN flexibly and use the default gateway of the
SuperVLAN. Each subvlan has its own independent broadcast domain, which ensures
the isolation between different users. The communication between subVLANs is routed
by the SuperVLAN.
The network topology of a SuperVLAN configuration example is shown in Figure 3-3.
3-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 3-3 SuperVLAN Configuration Example
1. Create a SuperVLAN interface.
2. Configure an IP address.
3. Input SuperVLAN interface name, and then enter SuperVLAN aggregation interface
configuration mode.
4. Disable ip-pool-filter.
5. Enable arp-broadcast.
6. Input the created SubVLAN interface, and then enter SUPERVLAN_SUBVLAN
configuration mode.
7. Bind this interface to SuperVLAN.
8. Configure IP-POOL on the SubVLAN.
The configuration of ZXR10:
ZXR10(config)#interface supervlan11
ZXR10(config-if)#ip address 192.11.1.1 255.255.255.0
ZXR10(config)#supervlan
ZXR10(config-supervlan)#interface supervlan11
ZXR10(config-supervlan-superif)#ip-pool-filter disable
ZXR10(config-supervlan-superif)#arp-broadcast enable
ZXR10(config-supervlan-superif)#exit
ZXR10(config-supervlan)#subvlan 2
ZXR10(config-supervlan-subvlan)#supervlan 11
ZXR10(config-supervlan-subvlan)#vlanpool 192.11.1.1 192.11.1.10
ZXR10(config-supervlan-subvlan)#exit
3-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Use the show command to check the configuration result, as shown below.
ZXR10#show supervlan
The total SuperVLAN number:1
SuperVLAN No: 11
ARP-Broadcast : Enable
Gratuitous-ARP-Broadcast : Enable
IP-POOL-Filter : Disable
ND-Broadcast : Disable
----------------------------------------
SubIntf : subvlan2
ZXR10#show running-config supervlan
! </SuperVLAN>
supervlan
interface supervlan11
arp-broadcast enable
inter-subvlan-routing enable
ip-pool-filter disable
$
subvlan 2
supervlan 11
vlanpool 192.11.1.1 192.11.1.10
$
! </SuperVLAN>
ZXR10(config)#show supervlan-pool
Addr-Begin Addr-End Supervlan-Name SubIntf-Name
192.11.1.1 192.11.1.10 supervlan11 subvlan2
3-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 4
Voice VLAN Configuration
Table of Contents
Voice VLAN Overview ................................................................................................4-1
Configuring a Voice VLAN ..........................................................................................4-2
Maintaining a Voice VLAN ..........................................................................................4-3
Voice VLAN Configuration Example ...........................................................................4-4
4.1 Voice VLAN Overview

Introduction to Voice VLAN
Voice VLAN is a VLAN created especially for voice data traffic of users. Ports connecting
to voice devices are added to a Voice VLAN, and relevant QoS parameters are configured
to enhance the transmission priority of voice traffic and ensure reliable voice quality.
Voice VLAN Principle

An OUI address, which is a globally unique identifier assigned by the IEEE to an
equipment provider, refers to the first 24 bits of a MAC address (in binary system).
The switch determines a voice packet if the source MAC address carried in the packet
matches the OUI address of a voice device.
The work mode of a Voice VLAN may be manual or automatic, depending on the way of
adding ports to the Voice VLAN.
l In manual mode, the port through which voice data is transmitted should be added to
the Voice VLAN manually, and the ACL should be delivered to configure the packet
priority. Otherwise, the voice packet is discarded.
l In automatic mode, when detecting voice data, the switch adds the port to the Voice
VLAN automatically, delivers the ACL to configure the packet priority, and learns the
MAC address of the voice packet. When the port is added to the Voice VLAN, the
switch starts an aging timer. When the aging time expires, the switch detects the
MAC address table. If no MAC address of voice packets is found, the port will be
removed from the Voice VLAN.
The work mode of a Voice VLAN may be strict safety mode, non-strict safety mode, or
normal mode, depending on the packet filtering mechanism on the port with the Voice
VLAN function enabled.
l In strict safety mode, source MAC addresses of untagged and tagged packets are
checked. If the source MAC address of a packet does not match the MAC address
configured for voice data, the packet is discarded.
4-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
l In non-strict safety mode, source MAC addresses of packets with Voice VLAN tags
are checked. If the source MAC address of a packet does not match the MAC address
configured for voice data, the packet is discarded. Untagged packets are forwarded
properly.
l In normal mode, the switch forwards both voice and service packets properly. Voice
packets follow the forwarding mechanism of Voice VLANs, while non-voice packets
follow the forwarding mechanism of common VLANs.
For voice packets carrying non-Voice VLAN tags, if the VLAN translation function is
enabled for voice packets, non-Voice VLAN tags will be translated into Voice VLAN tags
and the voice packets are forwarded in the Voice VLAN.
4.2 Configuring a Voice VLAN

To configure a voice VLAN on the ZXR10 5900E, perform the following steps:
Enters voice VLAN

1 ZXR10(config)#voice-vlan-configuration
configuration mode.
ZXR10(config-voice-vlan)#oui <1-100><mac-addr><
2 Configures an OUI.
mac-mask>
Configures the aging time of

3 ZXR10(config-voice-vlan)#aging-time <60-600>
the voice VLAN.
Enters voice VLAN interface

4 ZXR10(config-voice-vlan)#interface <name>
configuration mode.
ZXR10(config-voice-vlan-interface)#voice-vlan Adds the interface to the voice

5
<1-4094>[cos <0-7>][ dscp <0-63>] VLAN.
ZXR10(config-voice-vlan-interface)#mode {auto [ Configures the operating mode

6
tag | untag [save | recovery]]| manual} of the voice VLAN.
ZXR10(config-voice-vlan-interface)#security Configures the security mode

7
{normal | strict | instrict } of the voice VLAN.
ZXR10(config-voice-vlan-interface)#session <1-10> Configures voice VLAN

8
ingress-vlan [vlan-list] translation.
For a description of the parameters in Step 2, refer to the following table.
<1-100> OUI ID.
<mac-addr> OUI MAC address.
< mac-mask> OUI MAC mask.
For a description of the parameter in Step 3, refer to the following table.
4-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 4 Voice VLAN Configuration c u -tr a c k
<60-600> Unit: seconds, default: 60.
For a description of the parameter in Step 4, refer to the following table.
<name> Interface name.
<1-4094> Voice VLAN on the interface.
<0-7> By default, the CoS value is 0.
<0-63> By default, the DSCP value is 0.
{auto | manual} Default: manual.
tag | untag Sets the interface added to the voice VLAN to a

tag port or an untag port.
save After the configuration is saved and the device is

restarted, the port still belongs to the voice VLAN.
recovery After the configuration is saved and the device is

restarted, the port does not belong to the voice
VLAN.
4.3 Maintaining a Voice VLAN

To maintain a voice VLAN on the ZXR10 5900E, run the following commands:
Command Function
ZXR10show voice-vlan Displays the operating state of the voice VLAN.
Displays the configuration information about

ZXR10show running-config voice-vlan
the voice VLAN.
The following is sample output from the show voice-vlan command:

ZXR10(config)#show voice-vlan
Voice-vlan aging-time 76
Voice-vlan oui 1: 0000.0000.0001 mask: ffff.ffff.ffff
Current voice-vlan enabled port information:
4-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Port Voice-VLAN Mode Security Auto-added

------------------------------------------------------------------------
gei-0/1/1/1 1 Auto Strict True
gei-0/1/1/2 4094 Auto Normal True
The following is sample output from the show running-config voice-vlan command:
ZXR10(config)#show running-config voice-vlan
!<voice-vlan>
voice-vlan-configuration
aging-time 76
mode auto
security strict
session 1 ingress_invlan 1-22,30
voice-vlan 1 cos 1 dscp 2
$
mode auto
session 1 ingress_invlan 100,200,256-4094
voice-vlan 4094 cos 5 dscp 5
$
oui 1 0000.0000.0001 ffff.ffff.ffff
$
!</voice-vlan>
4.4 Voice VLAN Configuration Example

4.4.1 Voice VLAN Configuration Example (Manual Mode)
Figure 4-1 shows that an IP phone connects to port gei-0/1/1/1 of switch A, and port
gei-0/1/1/2 of switch A connects to the Internet. Port gei-0/1/1/1, which is added to Voice
VLAN 100, is a trunk port allowing the traffic from VLAN 100. The switch allows the inbound
voice packets through port gei-0/1/1/1 with OUI being 0000.1122.0001 and mask being
ffff.ffff.0000 to be forwarded in the Voice VLAN.
Figure 4-1 Voice VLAN Networking Topology (Manual Mode)
Configurations on switch A:
/*Run the following command to configure the OUI for a Voice VLAN*/
Switch_A(config-voice-vlan)#oui 1 0000.1122.0001 ffff.ffff.0000
4-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 4 Voice VLAN Configuration c u -tr a c k
/*Run the following command to add a port to the Voice VLAN and configure the priority*/
Switch_A(config-voice-vlan-if-gei-0/1/1/1)#voice-vlan 100 cos 6 dscp 6
/*Run the following commands to configure the VLAN ID to be the same as the Voice VLAN
ID on the ports*/
Switch_A(config-swvlan-if-gei-0/1/1/1)#switchport mode trunk
Switch_A(config-swvlan-if-gei-0/1/1/1)#switchport trunk vlan 100
/*Run the following command to configure the Voice VLAN to be strict safety mode*/
Switch_A(config-voice-vlan-if-gei-0/1/1/1)#security strict
4.4.2 Voice VLAN Configuration Example (Automatic Mode)

Figure 4-2 shows that an IP phone connects to port gei-0/1/1/1 of switch A, and port
gei-0/1/1/2 of switch A connects to the Internet. Port gei-0/1/1/1 is added to Voice VLAN
100, and the aging time is 100 seconds. The switch allows the inbound voice packets
through port gei-0/1/1/1 carrying tag 10 with OUI being 0000.1122.0001 and mask being
ffff.ffff.0000 to be translated into packets carrying tag 100 and forwarded in the Voice VLAN.
Figure 4-2 Voice VLAN Networking Topology (Automatic Mode)
Configurations on switch A:
/*Run the following command to configure the OUI for a Voice VLAN*/
Switch_A(config-voice-vlan)#oui 1 0000.1122.0001 ffff.ffff.0000
/*Run the following command to configure the aging time*/

Switch_A(config-voice-vlan)#aging-time 100
/*Run the following command to add a port to the Voice VLAN and configure the priority*/
Switch_A(config-voice-vlan-if-gei-0/1/1/1)#voice-vlan 100 cos 6 dscp 6
/*Run the following command to add a port to the Voice VLAN automatically*/
Switch_A(config-voice-vlan-if-gei-0/1/1/1)#mode auto tag save
/*Run the following commands to configure VLAN attributes of the port*/

/*Run the following command to configure the Voice VLAN to be non-strict safety mode*/
4-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Switch_A(config-voice-vlan-if-gei-0/1/1/1)#security instrict
/*Run the following commands to configure the VLAN list for the Voice VLAN*/
Switch_A(config-voice-vlan-if-gei-0/1/1/1)#session 1 ingress-vlan 10-20
4-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 5
PVLAN Configuration
Table of Contents
PVLAN Overview .......................................................................................................5-1
Configuring a PVLAN .................................................................................................5-2
PVLAN Maintenance ..................................................................................................5-3
PVLAN Configuration Example...................................................................................5-3
5.1 PVLAN Overview

Introduction to PVLAN
For some actual requirements, the interfaces on a switch must be isolated. In the case
of the common VLAN mode, you need to assign a VLAN for each interface. If so, there
must be a large number of VLANs required but the actual VLANs are limited. In addition,
packets are transmitted to the upper-layer device by transparent transmission over a large
number of VLANs, which wastes IP addresses and increases the load on the upper-layer
device. On the other hand, it is inconvenient for network management and network audit.
In this case, the PVLAN function of a switch is required.
PVLAN is one of the features provided by the ZTE Ethernet switch. For layer-2 accesses,
PVLAN divides users in the same VLAN, and sets the port connected to users to an isolated
port. This isolates layer-2 packets of different users.
PVLAN Principle
The switch requires that all interfaces are isolated from each other according to network
application. That is, each interface will be allocated with a VLAN. Meanwhile, the number
of VLANs for the upper-layer device is limited and thus the VLANs from the switch cannot
be transparently transmitted. In this case, the working mode of the uplink interface on the
switch must be configured to access. PVLAN achieves port-based isolation in a VLAN. It
is easy to isolation users at layer 2, and it is unnecessary to allocate a VLAN ID for each
user. PVLAN is one of the features provided by the ZTE Ethernet switch. In the process
of cell access, the PVLAN allocates users into different VLANs to isolate the L2 packets
of these users.
The PVLAN uses the L2 VLAN structure and VLAN interfaces are classified into the
following types:
l Isolate port
l Promiscuous port
l Community port
5-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
An isolate port can communicate only with promiscuous ports, and isolate ports cannot
communicate with each other directly. A community port can communicate with other
community ports or promiscuous ports. Community ports cannot communicate with isolate
ports. Promiscuous ports can communicate with other ports for layer-2 communications.
In PVLAN applications, the ports connected to users are set to isolate ports, and the
ports connected to uplink switches are set to promiscuous ports. The users in the same
VLAN are isolated and users can communicate only with their own default gateway, which
ensures network security.
One ore more PVLANs exist on an Ethernet switch. Each PVLAN contains multiple isolate
interfaces and uplink promiscuous interfaces. For the upper-layer router, only several
PVLANs exist on the lower-layer switch and the upper-layer router does not concern the
VLAN to which each interface in the PVLAN belongs. This simplifies configuration and
saves VLAN resources. To be specific, all the isolate interfaces in one PVLAN belong to
a same subnet, which saves the number of subnets and IP addresses.
The PVLAN provides flexible configuration mode. To isolate L2 packets sent from users,
you can configure an isolate interface for each user and make each VLAN contain only the
connected interface of the user and the uplink interface. To restore communication based
on L2 packets between users, the ports connected to users can be divided into community
ports.
5.2 Configuring a PVLAN

To configure a PVLAN on the ZXR10 5900E, perform the following steps:

configuration mode.
2 ZXR10(config-swvlan)#private-map session-no <id> Creates a PVLAN, and enters

PVLAN configuration mode.
3 ZXR10(config-swvlan-pvlan-session)#isolate Configures an isolate port.

<port-list>
4 ZXR10(config-swvlan-pvlan-session)#promis Configures a promiscuous

<port-list> port.
5 ZXR10(config-swvlan-pvlan-session)#community Configures a community port.

<port-list>
6 ZXR10(config-swvlan)#no private-map session-no <id> Deletes a PVLAN.
<id> range: 1–256
5-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 5 PVLAN Configuration c u -tr a c k
5.3 PVLAN Maintenance

On the ZXR10 5900E, use the following command to maintain the PVLAN.
Command Function
ZXR10#show vlan private-map This shows the PVLAN

configuration.
An example of the show vlan private-map command output is shown below.

ZXR10(config-swvlan)#show vlan private-map
SESSION VLANFLAG PROMPORT COMMPORT ISOLPORT VLANMAP
------------------------------------------------------------------------
1 0 gei-0/1/1/2 gei-0/1/1/3 gei-0/1/1/1
5.4 PVLAN Configuration Example

As shown in Figure 5-1, PC1 and PC2 are in the same segment and connected to a router
through a switch. The PVLAN function is configured on the switch to isolate PC1 and PC2
but they can successfully communicate with the switch.
Figure 5-1 Network Topology with PVLAN
ZXR10(config-swvlan)#private-map session-id 1
ZXR10(config-swvlan-pvlan-session)#isolate gei-0/1/1/1-2
ZXR10(config-swvlan-pvlan-session)#promis gei-0/1/1/3
5-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
5-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 6
QinQ Configuration
Table of Contents
QinQ Overview...........................................................................................................6-1
Configuring QinQ .......................................................................................................6-1
QinQ Maintenance .....................................................................................................6-2
QinQ Configuration Example ......................................................................................6-2
6.1 QinQ Overview

QinQ is short for 802.1Q in 802.1 Q. With more and more deployment of Ethernet
technologies in network (Metro Ethernet Network (MEN)), 802.1Q VLAN is restricted a lot
in user isolation and identifying. As there are only 12 bits in the VLAN tag field defined by
IEEE802.1Q, which identifies 4k VLANs. QinQ comes into birth to solve the problem that
there are lots of users needing to be identified in MEN.
QinQ is generated to increase the number of VLANs. It adds a 802.1Q label on the base
of the conventional 802.1Q packet. Now, there are 4k*4k VLANs available by using QinQ.
The internal and external tags of QinQ represent different information. For example, the
internal tag represents users, and the external tag represents services. A QinQ packet
is transmitted through operator networks with two tags. The internal tag is transmitted
transparently. QinQ is a simple and utility Virtual Private Network (VPN) technology.
Therefore, it can act as the extension of core Multi Protocol Label Switching (MPLS) VPN
in MEN VPN to form an end-to-end VPN technology finally.
6.2 Configuring QinQ

To configure QinQ on ZXR10 5900E, perform the following steps.
1 ZXR10(config)#vlan-configuration This enters VLAN configuration

mode.
2 ZXR10(vlan-config)#interface <interface-name> This enters VLAN sub-interface

service configuration mode.
3 ZXR10(subvlan-if-config)#qinq internal-vlanid This configures the internal

<vlan-id> external-vlanid <vlan-id> VLAN-ID and the external
VLAN-ID.
6-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<vlan-id> The VLAN-ID supported by a sub-interface, in the range of

1-4094
6.3 QinQ Maintenance

On the ZXR10 5900E, use the following command to maintain the QinQ.
Command Function
ZXR10(config)#show interface-vlan qinq [<interface>] This shows QinQ configuration on

a specific port or all ports.
An example of the show interface-vlan qinq command output is shown below.
ZXR10(config)#show interface-vlan qinq gei-0/1/1/1.3

interface: gei-0/1/1/1.3
exter_tpid: 0x8100, inter_tpid: 0x8100
inter-vlan: 3 - 0, exter-vlan: 7 -0,
Output descriptions:
Output Item Description
inter-vlan: 3-0;exter-vlan: 7-0, The internal tag is 3 on gei-0/1/1/1.3, and the external tag is 7.
6.4 QinQ Configuration Example

The network topology of a QinQ configuration example is shown in Figure 6-1.
Figure 6-1 QinQ Configuration Example
1. Create a sub-interface.
2. Enter sub-interface VLAN configuration mode.
3. Configure QinQ ID.
4. Configure an IP address on the sub-interface.
6-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 6 QinQ Configuration c u -tr a c k
The configuration of S1:
S1(config-if)#sub-if-mode qinq
S1(config-subif)#exit
S1(config)#interface gei-0/1/1/2.1
S1(config)#vlan
S1(vlan-config)#interface gei-0/1/1/2.1
S1(subvlan-if-config)#qinq internal-vlanid 1 external-vlanid 2
S1(subvlan-if-config)#exit
S1(vlan-config)#exit
S1(config-subif)#ip address 192.168.1.1 255.255.255.252

S2(config-if)#sub-if-mode qinq
S2(config)#vlan
S2(vlan-config)#interface gei-0/1/1/3.1
S2(subvlan-if-config)#qinq internal-vlanid 1 external-vlanid 2
S2(subvlan-if-config)#exit
S2(vlan-config)#exit
S2(config-subif)#ip address 192.168.1.2 255.255.255.252
Use the show command to check the configuration result.
The configuration result on S1:

S1#show running-config vlan
!<VLAN>
sub-if-mode qinq
$
vlan-configuration
interface gei-0/1/1/2.1
qinq internal-vlanid 1 external-vlanid 2
$
6-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
!<VLAN>

S2#show running-config-interface gei-0/1/1/3.1
!<INTERFACE>
!<VLAN>
vlan-configuration
interface gei-0/1/1/3.1
qinq internal-vlanid 1 external-vlanid 2
!</VLAN>
6-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 7
STP Configuration
Table of Contents
STP Overview ............................................................................................................7-1
Configuring STP.........................................................................................................7-4
STP Maintenance.......................................................................................................7-9
STP Configuration Examples....................................................................................7-12
7.1 STP Overview

Working Characteristics of Transparent Bridge
Bridge works at the data link layer. It connects two LANs and forwards data frames
according to MAC addresses, which implements data exchange between different LANs.
The process of determining data forwarding is generally called transparent bridge in
Ethernet. However, it is called source route bridge in a token ring network, which is
different from transparent bridge. Therefore, bridges are classified into several categories
including transparent bridge and source route bridge. This section mainly introduces the
function of transparent bridge in Ethernet.
Transparent bridge is mainly used in Ethernet. Transparent bridge is so named because
it is transparent to the end node. That is, the data forwarding process from one network
host to another is completely transparent to the hosts. These network hosts cannot sense
the device types involved during this process and can automatically work without any
configuration. Furthermore, a transparent bridge, except the trunk line of VLAN, does
not modify the frames it forwards in any way.
Transparent bridge processes the abilities of learning and forwarding. The learning ability
of a transparent bridge is to record the source MAC address and interface number of each
received data frame. Next time when receiving a packet with the destination MAC address,
it directly forwards the packet to the interface recorded. If the current MAC address is not
recorded or the destination MAC address is a multicast address, the transparent bridge
forwards the packet to to all the interfaces.
By using a transparent bridge, different LANs can communicate with each other and the
scope for operating a network expands. Meanwhile, a transparent bridge has the ability to
learn MAC addresses. Therefore, it will not cause the same problem of packet collision or
flush just as that of Hub. However, a transparent bridge has its own disadvantages, such
as its function for transparent transmission. A transparent bridge is not similar to a hub
that can sense how many times a packet is forwarded. Once a loop exists in the network,
a packet will be continuously cycled and multiplied within the loop, which finally results in
7-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
broadcast storm.Figure 7-1 shows an example of packet cycling and multiplication caused
by a loop.
Figure 7-1 Packet Cycling and Multiplication
Suppose that site A does not send any packet. Thus, there is no address record of site A
in the address lists on switch 1 and switch 2. When site A sends a packet, both of the two
switches receive this packet, record the address on LANA, and then wait in the queue for
forwarding the packet to LANB. According to the rule of LAN, one of the two switches will
successfully forward the packet to LAN2. If such a switch is switch 1, switch 2 will receive
this packet again because switch 1 is transparent to switch 2, which is like sending the
packet from LANB rather than site A. In this case, switch 2 records the address of site A
on LANB and waits in the queue for forwarding the new packet to LANA. On the contrary,
if switch 2 successfully forwards the original packet to LANB at the beginning, switch 1 will
receive this packet again. When detecting that the packet from site A has been forwarded
to LANB, switch 1 will wait in the queue for forwarding the new packet to LANA. In this way,
the packet will continuously cycled in the loop. What is worse, if the packet is a broadcast
packet and there are other hosts connected to switch 1 and switch 2, the packet will be
multiplied each time when it is forwarded successfully, which finally results in broadcast
storm in the network.
To solve this problem, the IEEE develops a new protocol called 802.1D defining that a
bridge has the abilities of STP leaning and calculation. In addition, it has the abilities to
locate the fault of packet cycling and disconnect redundancy links.
Therefore, a transparent bridge must provide the following three working characteristics:
learning, forwarding, and eliminating of packet cycling.
Instruction to STP
The basic principle of the STP protocol is very simple. The loop dose not exist on the
trees growing in the nature. If the network can grow like a tree, the loop will not exist in
the network. Based on such a thought, the STP protocol defines the concepts including
Root Bridge, Root Port, Designated Port, and Path Cost. Its purpose is to cut redundancy
loops by constructing a natural tree and to implement link backup and the best path. In
addition, the STP protocol supports link backup in the network. When the network topology
7-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 7 STP Configuration c u -tr a c k
changes, the STP protocol can automatically sense the changes, re-calculate the spanning
tree to generate a new one, and meanwhile confirm that no loop forward path exists.
Figure 7-2 STP Network Topology
As shown in Figure 7-2, the interface between S3 and S2 does not involve in data
forwarding. Therefore, the forward path for the information sent from the PC of user A in
the network is shown in the above figure. The specific content of the protocol will not be
described in this section. For details, see the IEEE 802.1D.
STP Principle
The STP protocol solves the loop problem for a transparent bridge. However, with the
development of applications and network technologies, its disadvantages are exposed
gradually. The main disadvantage of STP is the convergence speed. To improve this
disadvantage, the IEEE developed a 802.1W protocol standard as a supplement to the
802.1D. The IEEE 802.1W standard defines a new protocol, that is, Rapid Spanning Tree
Protocol (RSTP). There are three major modifications in the RSTP based on the STP.
Therefore, the convergence speed is faster than that of the STP.
l The RSTP defines two roles for the root port and the designated port, namely Alternate
Port (AP) and Backup Port (BP). These two ports will be used during fast switching.
When a root port or a designated port is unavailable, the AP or BP will be in data
forwarding state without any delay.
l By using the P/A mechanism, for a point-to-point link that connects only two switch
ports, the designated port can be in data forwarding state without any delay after
handshaking with the downlink bridge just once.
l A port that is directly connected to a terminal rather than a bridge is called an edge
port. Such a port can be in data forwarding state without any delay. However, manual
configuration is required because a bridge cannot sense whether a port is directly
connected to a terminal.
Both RSTP and STP belong to Single Spanning Tree (SST). That is to say, there is only
one spanning tree in the whole switch network. Therefore, a longer convergence time is
7-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
consumed in the case of a large-scale network. When the configuration of 802.1Q leads
to the asymmetric structure of VLAN in network bearer, SST affects the connectivity of
some VLANs in the network. Meanwhile, when a link is blocked in the case of SST, it does
not bear any traffic, which causes huge waste of bandwidth and cannot implement load
sharing.
The above disadvantages cannot be overcame by SST. Therefore, the multi-instance STP
protocol supporting VLAN emerges, that is, the Multiple Spanning Tree Protocol (MSTP)
defined in IEEE 802.1S.
MSTP introduces a concept of domain. A large network can be divided into multiple
domains based on configuration. Each domain applies a multi-instance spanning tree,
which improves the expansibility and stability of a spanning tree. When the spanning tree
in a domain changes, the changed information will be transmitted in the spanning tree of
the domain, which does not affect other domains. In this case, the whole network does
not re-calculate the topology of spanning trees. Meanwhile, the MSTP has the ability
to recognize VLANs. Multiple VLANs can be bound to one instance and these VLANs
use different forwarding paths, which decreases the occupancy of various resources and
implements load sharing. The principle of the CST, IST, or MSTI is similar to that of the
RSTP.
7.2 Configuring STP

Configuring STP properties
On the ZXR10 5900E, use the following commands to configure STP properties.
1 ZXR10(config)#spantree This enters the STP config

mode from the config mode.
2 ZXR10(config-stp)#enable This enables the STP function

globally.
3 ZXR10(config-stp)#edged-port-batch enable This configures interfaces as

<interface-name> edge interfaces.
4 ZXR10(config-stp)#mode {sstp | rstp | mstp} This configures the current

mode for the STP.
5 ZXR10(config-stp)#forward-delay <time> This configures the STP

forward-delay interval.
<time > indicates the forwarding
delay time, ranging from 4 to
30. The unit is second. The
7-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
6 ZXR10(config-stp)#hello-time <time> This configures the interval

of the STP in sending hello
packets.
<time > indicates the aging
time of packets, ranging from 6
to 40. The unit is second. The
7 ZXR10(config-stp)#max-age <time> This configures the maximum

validity time of a STP BPDU
packet.
<time > indicates the forwarding
delay time, ranging from 4 to
30. The unit is second. The
8 ZXR10(config-stp)#mst hmd5-digest {CISCO | HUAWEI This configures the digest

<key>} value in the created
mst_config_id.
<key > indicates the 34-bit
hexadecimal number starting
from 0x.
9 ZXR10(config-stp)#mst hmd5-key {CISCO | HUAWEI This configures the key value

<key>} of Hmd5 required by the
digest value in the created
mst_config_id.
<key > indicates the 34-bit
hexadecimal number starting
from 0x.
10 ZXR10(config-stp)#mst max-hops <hop> This configures the maximum

number of valid hops for BPDU
packets in the MST area.
<hop >indicates the maximum
number of valid hops for BPDU
packets, ranging from 1 to 40.
11 ZXR10(config-stp)#mst name <string> This configures the MST

name configured in the
mst_config_id.
<string> indicates a
configuration name. The
length of the name does not
exceed 32 characters.
7-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
12 ZXR10(config-stp)#mst priority <priority>instance This configures the priority of

<instance> bridge in an existing instance.
13 ZXR10(config-stp)#mst revision <version> This configures the version

number configured in the
mst_config_id.
<version> indicates a version
number, ranging from 0 to
65535. The default value is 0.
14 ZXR10(config-stp)#mst vlans <vlan-range>instance This configures the VLAN

<instance> mapping table of bridge in an
existing instance.
15 ZXR10(config-stp)#transparent {enable | disable} This disables the transparent

transmission flag of the STP
protocol. The STP must
be disabled globally when
the function of transparent
transmission is enabled.
The command parameters in step 4 are described as follows:
sstp Indicates the compatible STP mode (for single spanning tree).
rstp Indicates the RSTP mode (for fast spanning tree).
mstp Indicates the MSTP mode (for multiple spanning tree).
<instance> Indicates the instance number. The value of this parameter

ranges from 0 to 63. Instance 0 exists permanently.
priority <priority> Indicates the bridge priority. It must be a multiple of 4096.

The default value is 32768 (8 x 4096) and the maximum
value is 61440 (15 x 4096).

ranges from 1 to 63.
vlans <vlan-range> Indicates the VLAN range. The value of this parameter
7-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
enable Enables the transparent transmission protocol.
disable Disables the transparent transmission protocol.
Configuring the properties in the STP interface config mode

On the ZXR10 5900E, use the following commands to configure the properties in the STP
interface config mode.
1 ZXR10(config-stp)#interface <port-name> This enters the STP interface

config mode.
2 ZXR10(config-stp-if-gei-0/1/1/23)#enable This enables or disables the

STP function, and determines
whether an interface involves
spanning tree calculation.
3 ZXR10(config-stp-if-gei-0/1/1/23)# bpdu-guard This configures BPDU

{enable | disable} protection for an interface.
4 ZXR10(config-stp-if-gei-0/1/1/23)#guard {loop | This configures the STP

root} instance {<instance range>} protection type (loopback
protection or root interface
protection) of an interface.
5 ZXR10(config-stp-if-gei-0/1/1/23)#edged-port This configures an STP

{enable | disable} interface as the edge interface.
6 ZXR10(config-stp-if-gei-0/1/1/23)#linktype {auto | This configures the link type of

p2p | share} an interface.
7 ZXR10(config-stp-if-gei-0/1/1/23)#mcheck This specifies whether an

interface performs the mcheck
operation.
8 ZXR10(config-stp-if-gei-0/1/1/23)#packet-type This configures the BPDU

{<IEEE | CISCO | HUAWEI | HAMMER>} packet type of an STP
interface.
9 ZXR10(config-stp-if-gei-0/1/1/23)#mst priority This configures the priority

<priority> instance <instance> of an interface in an existing
instance.
10 ZXR10(config-stp-if-gei-0/1/1/23)#mst path-cost This configures the path cost

<cost> instance <ins-index> of an interface.
11 ZXR10(config-stp)#mac-flush-fast instance <0-63> Quickly refreshes MAC

first-interface <interface-name> second-interface<inte addresses.
rface-name>
7-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<port-name> Indicates the interface name.
enable Enables the BPDU protection function.
disable Disables the BPDU protection function.
loop Configures the interface mode to loopback protection.
root Configures the interface mode to root protection.
<instance range> Indicates the instance range. The value of this parameter
auto Senses the duplex mode of an interface automatically. The

available options are p2p (full duplex mode) and share (half
duplex mode).
p2p Configures the duplex mode to p2p forcibly.
share Configures the duplex mode to share forcibly.
IEEE Indicates the standard IEEE BPDU packet type.
CISCO Indicates the Cisco BPDU packet type.
HAMMER Indicates the Hammer BPDU packet type.
HUAWEI Indicates the Huawei BPDU packet type.

ranges from 0 to 63. Instance 0 exists permanently.
7-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
priority <priority> Indicates the interface priority. It must be a multiple of 16.

The default value is 128 (8 x 16) and the maximum value
is 240 (15 x 16).
<ins-index> Indicates the instance number of an interface. The value of

this parameter ranges from 0 to 63.
<cost> Indicates the path cost of an interface. The value of this

parameter ranges from 1 to 2000000.
7.3 STP Maintenance

On the ZXR10 5900E, use the following commands to maintain the STP.
Command Function
ZXR10#show spantree { inconsistentports | instance This shows various information, including:

<instance-ID>| interface <interface-name>| mst-config | l Information of the interface blocked by
statistics <interface-name>| transparent } the protection or loopback protection
function enabled on the root interface.
l Information of a special instance.
l Information of all instances on a
specified interface.
l Configurations in the MSTP mode.
l Statistics of an STP interface.
l STP transparent transmission flag.
An example of the show spantree inconsistentports command output is shown below.

ZXROSNG#show spanning-tree inconsistentports
Mst_Instance interface
Name name Inconsistency
-------------------------------------------------
MST00 gei_0/1/1/1 Root Inconsistent
Mst Instance Name Indicates the MST instance name.
Interface name Indicates the interface name.
Inconsistency Indicates that data is inconsistent.
7-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
An example of the show spantree instance command output is shown below.

ZXR10#show spantree instance 0
MST00
Spantree enabled protocol MSTP
Root ID: Priority 4096; Address 0000.0100.0006
Hello-Time 2 sec; Max-Age 6 sec
Forward-Delay 15 sec;
RegRootID: Priority 4096; Address 0000.0100.0006
BridgeID: Priority 4096; Address 0000.0100.0006

Forward-Delay 15 sec; Max-Hops 20
Message-Age 0 sec; RemainHops 20
Interface Prio.Nbr
Name Port ID Cost State Role Type Bound
------------------------------------------------------------------------
gei-0/1/1/1 128.1 200000 Forward Designated p2p MSTP
gei-0/1/1/5 128.4 200000 Forward Designated Edge MSTP
Root ID Indicates the information of root ID.
Interface name Indicates the interface name.
BridgeID Indicates the information of bridge ID.
An example of the show spantree interface command output is shown below.

ZXR10#show spantree interface gei-0/1/1/1
Mst_Instance Prio.Nbr
Name Port ID Cost State Role
-----------------------------------------------------------------
MST00 128.1 200000 Forward Designated
Mst Instance Name Indicates the MST instance name.
Prio.Nbrport ID Indicates the interface priority.
Cost Indicates the path cost.
7-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
State Indicates the interface state.
Role Indicates the interface role.
An example of the show spantree mst-config command output is shown below.

ZXR10(config)#show spantree mst-config
spantree mode: [MSTP]
CISCO HMD5-key : 0x13ac06a62e47fd51f95d2ba243cd0346
CISCO HMD5-digest : 0x00000000000000000000000000000000
HUAWEI HMD5-key : 0x13ac06a62e47fd51f95d2ba243cd0346
HUAWEI HMD5-digest : 0x00000000000000000000000000000000
Name : [000001000006]
Revision : 0
Instance Vlans mapped
-------- ------------------------------------
0 1-4094
spantree mode Indicates the type of spanning tree.
Name Indicates the name of spanning tree.
Revision Indicates the version number.
Instance Indicates the instance name.
Vlans mapped Indicates the mapped VLAN.
An example of the show spantree statistics command output is shown below.

ZXR10(config)#show spantree statistics gei-0/1/1/1
statistics of port gei-0/1/1/1
--------------------------------------------------------
BPDU-related parameters
--------------------------------------------------------
port spantree Enabled
edge_port Enabled
state(instance 0) Forward
port_priority(instance 0) 0x80
port_number 0x01
path cost (instance 0) 200000
designated_root 00-00-01-00-00-06
designated_ext_cost 0
designated_int_cost 0
designated_bridge 00-00-01-00-00-06
designated_port 0x8001
7-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
---------------------------------------------------------
Port based information & statistics
---------------------------------------------------------
all BPDU xmitted 5086
all BPDU received 12
MST BPDU xmitted 5086
MST BPDU received 12
RST BPDU xmitted 0
RST BPDU received 0
config BPDU xmitted 0
config BPDU received 0
TCN BPDU xmitted 0
TCN BPDU received 0
discard BPDU 0
----------------------------------------------------------
Bridge based information
----------------------------------------------------------
spantree type ieee
multicast mac address 01-80-c2-00-00-00
bridge priority 4096
bridge mac address 00-00-01-00-00-06
bridge hello time 2 sec
bridge forward delay 5 sec
bridge max age 6 sec
bridge max hops 20
BPDU-related parameters Indicates the parameters of BPDU.
Port based information & statistics Indicates the statistics based on interface.
Bridge based information Indicates the bridge information.
An example of the show spantree transparent command output is shown below.

ZXR10(config-stp)#show spantree transparent
Spantree transparent is enabled
7.4 STP Configuration Examples

7.4.1 Configuring Multiple STP
Configure the multiple STP on two switches.Figure 7-3 shows the network topology.
7-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 7-3 Configuring Multiple STP
1. Configure the STP mode to MSTP and enable the STP function.
2. Configure the bridge priority of DUT1 to 32768 and that of DUT2 to 40960.
The configuration of DUT1:
DUT1(config)#spantree
DUT1(config-stp)#enable
DUT1(config-stp)#mode mstp
DUT1(config-stp)#mst priority 32768 instance 0

DUT2(config-stp)#mode mstp
DUT2(config-stp)#mst priority 40960 instance 0
Use the show spantree instance 0 command to view the configuration result of DUT1:
DUT1(config-if)#show spantree instance 0
MST00

Interface Prio.Nbr
7-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
---------------------------------------------------------------------------
DUT2(config)#show spantree instance 0
MST00

Interface Prio.Nbr
---------------------------------------------------------------------------
gei-0/1/1/1 128.1 200000 Forward Root p2p MSTP
gei-0/1/1/2 128.2 200000 Discard Alternate p2p MSTP
7.4.2 Configuring Fast STP

Configure the fast STP on two switches.Figure 7-4 shows the network topology.
Figure 7-4 Configuring Fast STP
1. Configure the STP mode to RSTP.
2. Enable the STP function.
7-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
DUT1(config-stp)#mode rstp

DUT2(config-stp)#mode rstp
DUT1(config-stp)#show spantree instance 0
MST00
Spantree enabled protocol RSTP

Interface Prio.Nbr
---------------------------------------------------------------------------
gei-0/1/1/1 128.1 200000 Forward Designated p2p RSTP
gei-0/1/1/2 128.2 200000 Forward Designated p2p RSTP
MST00

7-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

Interface Prio.Nbr
---------------------------------------------------------------------------
gei-0/1/1/1 128.1 200000 Forward Root p2p RSTP
gei-0/1/1/2 128.2 200000 Discard Alternate p2p RSTP
7.4.3 Configuring Single STP

Configure the single STP on two switches.Figure 7-5 shows the network topology.
Figure 7-5 STP Network Topology (Example 3)
1. Configure the STP mode to SSTP.
2. Enable the STP function.
DUT1(config-stp)#mode sstp

DUT2(config-stp)#mode sstp
MST00
Spantree enabled protocol SSTP
7-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c


Interface Prio.Nbr
---------------------------------------------------------------------------
gei-0/1/1/1 128.1 200000 Forward Designated p2p SSTP
gei-0/1/1/2 128.2 200000 Forward Designated p2p SSTP
MST00
Spantree enabled protocol SSTP

Interface Prio.Nbr
---------------------------------------------------------------------------
gei-0/1/1/1 128.1 200000 Forward Root p2p SSTP
gei-0/1/1/2 128.2 200000 Discard Alternate p2p SSTP
7-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
7-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 8
LLDP Configuration
Table of Contents
LLDP Overview ..........................................................................................................8-1
Configuring LLDP .......................................................................................................8-3
Maintaining LLDP .......................................................................................................8-6
LLDP Configuration Examples....................................................................................8-9
8.1 LLDP Overview

Introduction to LLDP
With the wide applications of Ethernet on LAN and Metropolitan Area Network (MAN),
users have higher and higher requirements for Ethernet management ability. At present,
many network management systems use the automatic discovery function to trace the
topology changes. However, most network management systems can only analyze the
network topology up to the network layer. The information, such as the interfaces on a
device, the interfaces connected to other devices, and the paths among clients, network
devices and servers, need to be collected through the link layer. With enough detailed
information, users can locate network faults correctly.
Link Layer Discovery Protocol (LLDP) is a protocol defined by IEEE 802.1ab. Network
management systems can know the topology and changes of L2 networks through LLDP.
LLDP organizes local device information into Type/Length/Value (TLV) and encapsulates
it in a Link Layer Discovery Protocol Data Unit (LLDPDU) to send it to the direct-connected
neighbor. Meanwhile, LLDP saves the LLDPPDU sent by neighbors in the standard MIB,
so that network management systems can query and judge the communication states of
links.
LLDP Principle
LLDP is defined in 802.1ab. As shown in Figure 8-1, LLDP works at the data link layer.
It is a neighbor discovery protocol that defines a standard for Ethernet devices (such as
switches, routers and wireless LAN access points). Through LLDP, an Ethernet device
can advertise its existence to other nodes on the network and save discovery information
of neighbor devices. The device sends the state information to other devices. The
information is stored on each port of all devices. If necessary, the device can send update
information to the neighbor devices that are connected directly, and the neighbor devices
store the information in standard SNMP MIBs.
8-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Network management systems can query the L2 connection information in the MIB. LLDP
does not configure or control network elements or traffic. It just reports the position of L2.
Another function defined in 802.1ab is that network management software can use the
information provided by LLDP to find conflicts at L2 network. At present, IEEE uses the
physical topologies, interfaces and entity MISs existing in IETF.
Figure 8-1 LLDP System Structure
LLDP defines a general advertisement set, a transport advertisement protocol and a

method of storing all received advertisements. A device that wants to advertise its
information can put several advertisements in a LAN packet. The mode to transmit the
packets is the TLV field.
The information includes the chassis ID (mandatory), port ID (mandatory), system name,
system function, system description and some other attributes.
A device that supports LLDP must support chassis ID advertisements and port ID
advertisements. Most devices need to support system name advertisements, system
description advertisements and system capability advertisements. System name
advertisements and system description advertisements can provide useful information to
collect network traffic. System description advertisements also can contain information
such as the full name of the device, the type of the system hardware and the version of
the software operating system.
LLDP information is transmitted periodically and it can only be stored for a period. IEEE
has defined a recommended transmission frequency, about once per 30 seconds. When
an LLDP device receives an LLDP packet sent by a neighbor LLDP device, it stores the
8-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 8 LLDP Configuration c u -tr a c k
information in the CACHE of SNMP MIB defined by IEEE. The information is invalid during
a period. The value of TTL to define the period is contained in the received packets.
LLDP makes network management systems be able to discover and simulate physical
network topologies correctly. LLDP devices send and receive advertisements, so the
devices save the information of the discovered neighbor devices. The advertisement data,
such as the management address, device type and port number of a neighbor device, is
helpful to know the type and interconnected interfaces of the neighbor device. An LLDP
device advertises its information to direct-connected neighbor devices periodically. It also
receives, refreshes and saves the advertisements from neighbor devices. The device
scans the CACHE every second. If no new packet is received during the hole-time period,
the information is aged.
l Chassis ID is the first mandatory TLV in an LLDPDU. It is the unique ID of a device that
supports to send LLDPDUs. It is recommended to use the chassis MAC address as
the chassis ID for a switch, and use the loopback address or an interface IP address
as the chassis ID for a router.
l Port ID is the second mandatory TLV in an LLDPPDU. It is the unique ID of port that
sends LLDPDUs. For a switch, it is recommended to use the port name as the port
ID, such as fei4/1.
l TTL is the third mandatory TLV in an LLDPPDU. It is the living time (in the unit of
second) of an LLDPPDU received by the peer. When a peer receives an LLDPPDU
of which the TTL is 0, the device deletes all related information.
l End of LLDPDU is the last mandatory TLV in an LLDPPDU. It defines the end of an
LLDPPDU.
8.2 Configuring LLDP

To configure LLDP on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#lldp Enters LLDP configuration

mode.
2 ZXR10(config-lldp)#hellotime <times> Configures the interval of

sending LLDP neighbor
discovery packets. Use the no
command to restore the default
value.
3 ZXR10(config-lldp)#holdtime <times> Configures the hold-time of an

LLDP neighbor. Use the no
value.
8-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
4 ZXR10(config-lldp)#maxneighbor <num> Configures the maximum

number of neighbors that can
be discovered by LLDP. Use
the no command to restore the
default value.
5 ZXR10(config-lldp)#lldp {enable|disable} Enables or disables the LLDP

function.
ZXR10(config-lldp)#lldp-rx {enable|disable} Enables or disables receiving

LLDP packets.
ZXR10(config-lldp)#lldp-tx {enable|disable} Enables or disables sending

LLDP packets.
6 ZXR10(config-lldp)#clearneighbor Clears an LLDP neighbor

relationship that has been
established.
7 ZXR10(config-lldp)#clearstatistic Clears LLDP statistical

information.
8 ZXR10(config-lldp)#interface {<interface-name>| Enters LLDP interface

byname <interface-byname>} configuration mode.
9 ZXR10(config-lldp-if-interface-name)#lldp Enables or disables the LLDP

{enable|disable} function on the interface.
10 ZXR10(config-lldp-if-interface-name)#lldp-rx Enables or disables receiving

{enable|disable} LLDP packets on the interface.
11 ZXR10(config-lldp-if-interface-name)#lldp-tx Enables or disables sending

{enable|disable} LLDP packets on the interface.
12 ZXR10(config-lldp-if-interface-name)#maxneighbor Configures the maximum

<num> number of neighbors that can
be discovered by LLDP on
the interface. Use the no
value.
13 ZXR10(config-lldp-if-interface-name)#clearneigh Clears neighbors on the

bor interface.
14 ZXR10(config-lldp-if-interface-name)#clearstatistic Clears statistics on the

interface.
15 ZXR10(config-lldp)#msgfasttx <fast-tx-interval> Configures the interval of

sending packets fast , default:
1, unit: seconds.
8-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
16 ZXR10(config-lldp)#txcreditmax<max-tx-credit> Configures the maximum credit

of sending packets, default: 5.
17 ZXR10(config-lldp)#txfastinit<fast-tx-num> Configures the maximum

number of packets sent fast,
default: 4.

{enable|disable} nearest- customer -bridge customer neighbor function.
19 ZXR10(config-lldp-if-interface-name)#lldp-tx Enables or disables the packet

{enable|disable} nearest-customer-bridge transmit function for the LLDP
customer neighbor.
20 ZXR10(config-lldp-if-interface-name)#lldp-rx Enables or disables the packet

{enable|disable} nearest-customer-bridge receive function for the LLDP
customer neighbor.

{enable|disable} nearest-non-tpmr-bridge non-tpmr neighbor function.
22 ZXR10(config-lldp-if-interface-name)#lldp-tx Enables or disables the packet

{enable|disable} nearest-non-tpmr-bridge transmit function for the
non-tpmr customer neighbor.
23 ZXR10(config-lldp-if-interface-name)#lldp-rx Enables or disables the packet

{enable|disable} nearest-non-tpmr-bridge receive function for the LLDP
non-tpmr neighbor.
<times> Interval of sending LLDP neighbor discovery packets, unit:

seconds, range: 5–32768.
<times> Multiple of the interval of sending neighbor discovery packets,

range: 2–10, default: 4.
<num> Global maximum number of neighbors, range: 1–128.
8-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<num> Maximum number of neighbors on an interface, range: 1–8,

default: 8.
8.3 Maintaining LLDP

To maintain the LLDP function on the ZXR10 5900E, run the following command:
Command Function
ZXR10#show lldp { config interface <interface-name>| Displays LLDP related

entry interface <interface-name>| neighbor interface configuration information,
<interface-name>| statistic interface <interface-name>} l config: configuration
information
l entry: detailed neighbor
information
l neighbor: brief neighbor
information
l statistic: statistical
information
The following is sample output from the show lldp config command:
ZXR10#show lldp config
-------------------------------
LLDP enable: enabledRxTx
LLDP helloTime: 30s
LLDP holdTime: 4
LLDP msgFastTx: 1s
LLDP txCreditMax: 5
LLDP txFastInit: 4
LLDP deadTime: 120s
LLDP maxNeighbor: 128
LLDP curNeighbor: 0
----------------------------
Field Description
LLDP enable LLDP enabling state.
8-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
LLDP helloTime Interval of sending discovery packets to LLDP neighbors.
LLDP holdTime Hold-time of an LLDP neighbor.
LLDP maxNeighbor Maximum number of neighbors that can be discovered by

LLDP.
LLDP curNeighbor Number of neighbors that has been discovered by LLDP.
LLDP msgFastTx Interval of transmitting LLDP packets fast.
LLDP txCreditMax Maximum number of LLDP packets transmitted fast.
LLDP txFastInit Number of LLDP packets transmitted fast.
LLDP deadTime Deadtime of sending LLDP packets.
The following is sample output from the show lldp entry command:
ZXR10#show lldp entry
--------------------------------------------------------
Local Port: gei-0/1/1/2 | Interface Name
Local Group MAC address: Nearest Bridge | MAC Address
Chassis ID: 00d0d0641000 | MAC Address
Peer Port: gei-0/1/1/2 | Interface Name
TTL: 96 | Time to live
Port Description: Port name gei-0/1/1/2, PortPhyStatus is up,
PortPhotoElectricityMode is electric, Pvid 830 Nearest Bridge
System Name: 56TM-64
System Description: 3.00.10., 56TM-64, 5900 Software, ZXR10 5950-56TM-H
System Capability: Bridge, Router
Management Address: IPv4 - 192.168.36.64, ifIndex - 15, OID - Null
Link Aggregation TLV: not enabled
MED Network Policy:
Application Type: Reserved
U: defined
T: untagged
X: Reserved
VLAN ID: 0
L2 Priority: 0
DSCP Value: 0
Field Description
LocalPort Interface name.
Chassis ID MAC address.
Peer Port Peer interface.
8-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
Port Description Interface description.
System Name System name.
System Description System description.
System Capability System capability.
Link Aggregation Link aggregation.
The following is sample output from the show lldp neighbor command:
ZXR10#show lldp neighbor
Capability Codes:
N - Other, r - Repeater, B - Bridge, W - WLAN Access Point,
R - Router, T - Telephone, D - DOCSIS Cable Device,
S - Station Only, C - C-VLAN Component of a VLAN Bridge,
s - S-VLAN Component of a VLAN Bridge,
t - Two-port MAC Relay (TPMR)
Local-Port Dest-MAC Chassis-ID Holdtime Capability Platform Peer-Port

-------------------------------------------------------------------------------
gei-0/1/1/2 Nearest 00d0d064100 116 B R 3.00.10., 56T gei-0/1/1/2
Bridge 0 M-64, 5900 So
ftw..
gei-0/1/1/3 Nearest 00d0d064100 116 B R 3.00.10., 56T gei-0/1/1/3
Bridge 0 M-64, 5900 So
ftw..
Field Description
Local-port Local Interface.
Chassis ID MAC address.
Holdtime hold-time.
Capability Capability.
Platform Platform.
Peer-port Peer ID.
The following is sample output from the show lldp statistic command:
ZXR10(config)#show lldp statistic

LLDP global counters:
Total packets output: 9687, input: 7056
Total packets error: 0, discarded: 0
Total TLVs discarded: 0, unrecognized: 0
8-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Total neighbors added: 8, deleted: 5

Total neighbors aged: 0, droped: 0
Field Description
LLDP counters LLDP counter.
8.4 LLDP Configuration Examples

LLDP Neighbor Configuration Example
As shown in Figure 8-2, it is required to configure LLDP on gei-0/1/0/1 of R1.
Figure 8-2 LLDP Neighbor Configuration Example
1. Enter LLDP configuration mode.
2. Enter an interface.
3. Enable LLDP.
Enter an interface in LLDP configuration mode and then configure LLDP, as shown
below.
R1(config)#lldp
R1(config-lldp)#interface gei-0/1/0/1
R1(config-lldp-if-gei-0/1/0/1)#lldp enable
Use the show lldp neighbor command to check the configuration result, as shown
below.
R1(config-if)#show lldp neighbor
Capability Codes:
S - Station Only
Local-Port Chassis-ID Holdtime Capability Platform Peer-Port
----------------------------------------------------------------------
gei-0/1/0/1 000101040507 92 B S Software gei-0/1/0/1
8-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LLDP Attribute Configuration Example

As shown in Figure 8-3, it is required to configure LLDP attributes on R1.
Figure 8-3 LLDP Attribute Configuration Example
2. Configure LLDP attributes.
The configuration of R1:
R1(config)#lldp
R1(config-lldp)#maxneighbor 3
/*Configure the maximum number of system neighbors*/
R1(config-lldp)#hellotime 30000
/*Configure the intervals to send LLDP neighbor discovery packets*/
R1(config-lldp)#holdtime 8
/*Configure LLDP neighbor hold-time*/
R1(config-lldp)#lldp enable
/*Enable LLDP*/
R1(config-lldp)#lldp-rx enable
/*Enable LLDP receiving*/
R1(config-lldp)#lldp-tx enable
/*Enable LLDP sending*/
R1(config-lldp)#clearneighbor
/*Clear LLDP neighbor relationship that has been established*/
R1(config-lldp)#clearstatistic
/*Clear LLDP statistical information*/
Use the show running-config lldp command to check the configuration result, as shown
below.
ZXR10(config-lldp)#show running-config lldp
! <LLDP>
lldp
hellotime 30000
holdtime 8
maxneighbor 3
! </LLDP>
8-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
8.4.1 LLDP Neighbor Configuration Example

As shown in Figure 8-4, it is required to configure LLDP on gei-0/1/1/1 of S1.
Figure 8-4 LLDP Neighbor Configuration Example
2. Enter an interface.
3. Enable LLDP.
Enter an interface in LLDP configuration mode and then configure LLDP, as shown below.
S1(config)#lldp
S1(config-lldp)#interface gei-0/1/1/1
S1(config-lldp-if-gei-0/1/1/1)#lldp enable
Use the show lldp neighbor command to check the configuration result, as shown below.
S1(config-if)#show lldp neighbor
Capability Codes:
S - Station Only
Local-Port Chassis-ID Holdtime Capability Platform Peer-Port
----------------------------------------------------------------------
gei-0/1/1/1 000101040507 92 B S Software gei-0/1/1/1
8.4.2 LLDP Attribute Configuration Example

As shown in Figure 8-5, it is required to configure LLDP attributes on S1.
8-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 8-5 LLDP Attribute Configuration Example
2. Configure LLDP attributes.
S1(config)#lldp
S1(config-lldp)#maxneighbor 3
/*Configure the maximum number of system neighbors*/
S1(config-lldp)#hellotime 30000
/*Configure the intervals to send LLDP neighbor discovery packets*/
S1(config-lldp)#holdtime 8
/*Configure LLDP neighbor hold-time*/
S1(config-lldp)#lldp enable
/*Enable LLDP*/
S1(config-lldp)#lldp-rx enable
/*Enable LLDP receiving*/
S1(config-lldp)#lldp-tx enable
/*Enable LLDP sending*/
S1(config-lldp)#clearneighbor
/*Clear LLDP neighbor relationship that has been established*/
S1(config-lldp)#clearstatistic
/*Clear LLDP statistical information*/
Use the show running-config lldp command to check the configuration result, as shown
below.
ZXR10(config-lldp)#show running-config lldp
! <LLDP>
lldp
hellotime 30000
holdtime 8
maxneighbor 3
! </LLDP>
8-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 9
SmartGroup Configuration
Table of Contents
SmartGroup Overview ................................................................................................9-1
Configuring SmartGroup.............................................................................................9-2
Maintaining a SmartGroup..........................................................................................9-7
SmartGroup Configuration Examples .........................................................................9-9
9.1 SmartGroup Overview

Introduction to SmartGroup
The definition of link aggregation is shown below:
l Link aggregation is also called port trunk or port aggregation.
l Link aggregation is to aggregate several ports into a aggregation group to implement
load balance of in/out flows on each member port.
l This improves the reliability of the connections at the same time. When a link is
disconnected, the traffic will be reassigned among the remaining link automatically.
l Link aggregation is implemented on the data link layer.
The definition of smartgroup is shown below:
SmartGroup is to bind several different types of Ethernet interfaces into a logical
SmartGroup interface. On ZXR10 5900E, SmartGroup provides more flexible and
effective solutions about network architecture for users. It brings more flexibility in network
planning and network architecture designing with ZXR10 series products. It also improves
the network stability greatly, especially for Ethernet and network environments in which
Ethernet interfaces are used. SmartGroup function can extend bandwidth, which makes
the cost to construct network more reasonable.
l SmartGroup supports aggregation of Ethernet interfaces across boards.

l 128 SmartGroup interfaces can be configured at most.
l There are 8 Ethernet interfaces at most in each SmartGroup interface.
SmartGroup Principle
The link aggregation of SmartGroup is to aggregate several ports into an aggregation
group, thus to share out/in load among the member ports. This also improves the reliability
of the connections. Outwardly, the aggregation group seems as a port. Load sharing of link
aggregation supports load-sharing aggregation and non-load-sharing aggregation.Figure
9-1 shows a SmartGroup link aggregation.
9-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 9-1 SmartGroup Link Aggregation
Link Aggregation Control Protocol (LACP) provides a standardized method to exchange

information between mate systems on links. LACP allows link aggregation control entities
to make an agreement on the unity of the link aggregation cluster. It also allows to class a
link to a link aggregation cluster and enable the functions of receiving and sending in order.
The principle of LACP includes the following points:
l LACP runs on a single physical port. It relies on the transmission of information and
state instead of command.
l LACP is a procedure of constant negotiation at two ends. There are two negotiation
modes, active mode and passive mode.
l If the negotiation is successful on a port, this port is an active port, otherwise it is a
member port. Only active ports can send and receive packets.
l Negotiation packets are sent continually, and they are terminated on ports.
l The negotiation of the ports in an aggregation group is independent between each
other without any interaction.
l There is no obvious mechanism about packet loss monitoring or retransmission in
LACP.
9.2 Configuring SmartGroup

To configure a SmartGroup on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#interface <smartgroup-name> Creates a SmartGroup

interface, and enters
SmartGroup interface
configuration mode. Use
the no command to delete the
interface.
2 ZXR10(config)#lacp Enters LACP configuration

mode.
9-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 9 SmartGroup Configuration c u -tr a c k
3 ZXR10(config-lacp)#lacp system-priority <priority> Configures the LACP system

priority. Use the no command
to restore the default value.
The default priority is 32768.
4 ZXR10(config-lacp)#lacp minimum-member < Configures the global threshold

member_number> for a SmartGroup interface to
be up. Use the no command to
restore the default value. The
default value is 1.
5 ZXR10(config-lacp)#clear lacp [<smartgroup-id>] Clears the count of LACP

counters packets sent and received.
6 ZXR10(config-lacp)#interface <interface-name> Enters LACP interface

configuration mode.
7 ZXR10(config-lacp-sg-if-interface-name)#lacp Configures the aggregation

mode {802.3ad | on} mode. Use the no command
to restore the default
configuration. By default,
the aggregation mode is static
trunk (on) mode.
8 ZXR10(config-lacp-sg-if-interface-name)#lacp Configures the load sharing

load-balance <mode> mode of LACP. Use the no
configuration.
9 ZXR10(config-lacp-sg-if-interface-name)#lacp Configures the threshold for

minimum-member < member_number> the SmartGroup interface to be
up.
10 ZXR10(config-lacp-member-if-interface-name)#sma Adds an interface to the

rtgroup <smartgroup-id> mode {passive | active | on} SmartGroup and sets the
link aggregation mode of this
interface. Use the no command
to delete this interface from the
SmartGroup.
11 ZXR10(config-lacp-member-if-interface-name)#lacp Configures the long time-out

timeout {long | short} time or short time-out time of
an LACP member port. Use
long time-out time.
9-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
12 ZXR10(config-lacp-member-if-interface-name)#lacp Configures the priority of an

port-priority <priority> LACP member port. Use the
default value. The default
priority is 32768.
13 ZXR10(config-lacp-sg-if-interface-name)#lacp fast Configures LACP negotiation

respond fast response mode. Use the
no command to restore to the
default mode.
14 ZXR10(config-lacp-sg-if-interface-name)#lacp Configures the maximum

active limitation < member-number> number of members that can
be activated. Use the no
value.
15 ZXR10(config-lacp-sg-if-interface-name)#lacp Configures the LACP system

sys-priority<priority> priority in SmartGroup interface
configuration mode. Use the
default value.
16 ZXR10(config-lacp-sg-if-interface-name)#lacp Configures the mode of

restore{ revertive <holdoff-time>| immediately | switchover from the standby
non-revertive} aggregation port to the active
aggregation port. If the mode is
set to revertive, the revertiving
time can be configured
(unit: seconds). Use the no
mode (immediately).
17 ZXR10(config-lacp-member-if-interface-name)#tr Configures the track name

ack <track-name> of SAMGR which LACP
members associate with.
The track name association
detection mechanism can be
used for fast detection of link
state. Use the no command to
delete the association.
9-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
18 ZXR10(config-lacp-sg-if-interface-name)#lacp Configures the time-out

aggregator timeout <10-500> time of an aggregation
group in SmartGroup
interface configuration mode,
unit: seconds. When an
aggregation group is selected
but LACP is not up within the
time-out time, it is necessary
to re-select an aggregation
group. Use the no command
to restore the default value (30
seconds).
19 ZXR10(config-lacp-sg-if-interface-name)#lacp Configures compulsive

force-switch switchover in SmartGroup
interface configuration mode.
<smartgroup-name> SmartGroup name, such as smartgroup1.
<priority> Priority of the LACP system, range: 1-65535, default: 32768.
< member_number> Global threshold for a Smartgroup interface to be up, range:

1-8, default: 1.
<smartgroup-id> SmartGroup ID, range: 1-128.
9-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<interface> Name of a specific interface (Ethernet interface or

SmartGroup interface) that supporting LACP. The format of
the interface name is "smartgroup+Group ID". The range of
the group ID is 1-128.
802.3ad The aggregation control mode of the SmartGroup interface

uses LACP of 802.3ad standard.
on Static trunk, meaning that LACP is not used.
<mode> Load sharing mode of LACP. The supported modes are dstip,
dst-mac, src-dst-ip, src-dst-mac, src-ip, src-mac, src-port,
dst-port, src-dst_port and enhance, and the default mode
is src_dst_mac.
< member_number> Upper threshold of Smartgroup, range: 1-8. The global

threshold is used if this parameter is not configured.
<smartgroup-id> Smartgroup ID, range: 1-128.
passive The interface LACP is in passive negotiation mode.
active The interface LACP is in active negotiation mode.
on Static trunk. In this mode, the interface does not run LACP,
and it is necessary to set the mode to "on" on both ends.
long LACP long time-out time.
short LACP short time-out time.
9-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<priority> Priority of an LACP port, range: 1–65535, default: 32768.
<member_number> Configures maximum number of members that can be

activated, range: 0–8, default: 8.
<priority> SmartGroup system priority, range: 1–65535, default: 32768.
Revertive Revertiving mode.
holdoff-time Wait time for switchover, range: 1–65535, unit: seconds.
Immediately Immediately switchover.
non-revertive No switchover.
track-name Track name of the SAMGR which SmartGroup members

associate with.
<10-500> Time-out time of an aggregation group, range: 10–500, unit:

seconds, default: 30 seconds.
9.3 Maintaining a SmartGroup

To maintain the SmartGroup function on the ZXR10 5900E, run the following command:
Command Function
ZXR10#show lacp {[<smartgroup-id>]{counters | internal | Displays the current LACP

neighbors}| sys-id} configuration and state.
9-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<smartgroup-id> Smartgroup ID, range: 1–128.
counters Displays the counts of LACP packets sent and received on

an interface.
internal Displays the aggregation state of the member ports.
neighbors Displays the state of member ports on the peer.
sys-id Displays the LACP system priority.
The following is sample output from the show lacp 1 internal command (the aggregation
state of member ports in smatgroup1 is displayed):
ZXR10(config-lacp)#show lacp 1 internal

Smartgroup:1
Flags: * - Port is Active member Port
S - Port is requesed in Slow LACPDUs
F - Port is requested in Fast LACPDUs
A - Port is in Active mode P - Port is in Passive mode
Actor Agg LACPDUs Port Oper Port RX Mux
Port[Flags] State Interval Priority Key State Machine Machine
---------------------------------------------------------------------------
gei-0/1/1/6[SA] INACTIVE 30 32768 0x109 0x45 DEFAULTED DETACHED
gei-0/1/1/1[SA] INACTIVE 30 32768 0x109 0x45 DEFAULTED DETACHED
Field Description
Actor Port Local port name.
Agg State Aggregation state. If the negotiation is successful, the state

is ACTIVE, otherwise it is INACTIVE.
LACPDU Interval Interval of sending LACPDUs.
Port Priority Port priority .
Oper Key Local key.
Port State Port state.
RX Machine The state of the receiving state machine.
MUX Machine The state of the mixed state machine.
9-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
9.4 SmartGroup Configuration Examples

Basic SmartGroup Configuration Example
As shown in Figure 9-2, S1 and S2 run LACP. The interface gei-0/2/0/5 on S1 and
the interface gei-0/3/0/5 on S2 are directly connected. The interface gei-0/2/0/9 on
S1 and the interface gei-0/3/0/9 on S2 are directly connected.
Figure 9-2 802.3ad Mode Configuration
1. Create smartgroup1 on S1, and create smartgroup1 on S2. Enter interface
configuration mode.
2. Configure the switch attribute of smartgroup1 on S1 and S2 in interface
configuration mode, and exit to global configuration mode.
3. Enter LACP configuration mode from global configuration mode, and then enter
the smartgroup interfaces.
4. Set the aggregation mode of smartgroup1 to LACP on S1 and S2. Configure load
sharing policy and the minimum number of members.
the physical interfaces.
6. Add the physical interfaces on S1 and S2 to the smartgroup1.
7. Configure LACP negotiation mode and time-out period on the member interfaces
of smartgroup1 on S1 and S2.
S1(config)#interface smartgroup1
S1(config-if)#switch attribute enable
S1(config-if)#exit
S1(config)#lacp
S1(config-lacp)#interface smartgroup1
S1(config-lacp-sg-if)#lacp mode 802.3ad
S1(config-lacp-sg-if)#lacp load-balance dst-mac
S1(config-lacp-sg-if)#lacp minimum-member 1
S1(config-lacp-sg-if)#exit
S1(config-lacp)#interface gei-0/2/0/5
S1(config-lacp-member-if)#smartgroup 1 mode active
S1(config-lacp-member-if)#lacp timeout short
S1(config-lacp-member-if)#exit
9-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

S2(config-if)#exit
S2(config)#lacp
S2(config-lacp-member-if)#end
Check the configuration on S1 and check whether the configuration takes effect.
S1(config)#show lacp 1 internal
Smartgroup:1
S - Port is requested in Slow LACPDUs F - Port is requested
in Fast LACPDUs
A - Port is in Active mode P - Port is in Passive
mode
Port[Flags] State Interval Priority Key State Machine Machin
e
--------------------------------------------------------------------------------
gei-0/2/0/5 [FA*] ACTIVE 1 32768 0x111 0x3f CURRENT COLL
/*Port aggregation, Active means success; Inactive means failure*/
S1(config)#show running-config-interface smartgroup1

! <INTERFACE>
interface smartgroup1
index 26
9-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
switch attribute enable

!
! </INTERFACE>
! <LACP>
lacp
lacp mode 802.3ad
/*Negotiation mode*/
lacp minimum-member 1
/*The minimum number of members aggregated successfully. When the
number of links aggregated successfully is not less than this
value, smartgroup is up.*/
smartgroup 1 mode active
/*In 802.3ad mode, only when at least one end of the link is in
active mode will the aggregation succeeds.*/
lacp timeout short
lacp timeout short
! </LACP>
S1(config)#show lacp 1 neighbors /*View neighbors*/

Smartgroup 1 neighbors
Actor Partner Partner Port Oper Port
Port System ID Port No. Priority Key State
---------------------------------------------------------------------
gei-0/2/0/9 0x8000,00d0.d012.1127 21 0x8000 0x111 0x3f
gei-0/2/0/5 0x8000,00d0.d012.1127 17 0x8000 0x111 0x3f
S1(config)#show lacp 1 counters

Smartgroup:1
Actor LACPDUs Marker LACPDUs Marker
Port Tx Rx Tx Rx Err Err
-------------------------------------------------------------------
gei-0/2/0/9 1840 1840 0 0 0 0
/*The value of Tx and Rx increments or decrements every 30 seconds
according to the configuration of timeput.*/
gei-0/2/0/5 1840 1840 0 0 0 0
On Mode SmartGroup Configuration Example

As shown in Figure 9-3, the interface gei-0/2/0/5 on S1 and the interface gei-0/3/0/5 on
S2 are directly connected; the interface gei-0/2/0/9 on S1 and the interface gei-0/3/0/9
9-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
on S2 are directly connected. S1 and S2 establish the connection through on mode

without negotiation.
Figure 9-3 ON Mode Configuration
configuration mode.
2. Configure the switch attribute of smartgroup1 on S1 and S2 in interface
configuration mode, and exit to global configuration mode.
the smartgroup interfaces.
4. Configure the same negotiation mode “on” on the smartgroup1 interfaces on S1
and S2.
the physical interfaces.

S1(config-if)#exit
S1(config)#lacp
S1(config-lacp-sg-if)#lacp mode on
S1(config-lacp-member-if)#smartgroup 1 mode on
S2(config-if)#exit
S2(config)#lacp
9-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1#show lacp 1 internal
Smartgroup:1
Flags: *-Port is Active member Port
S-Port is requested in Slow LACPDUs F-Port is requested in Fast LACPDUs
A-Port is in Active mode P-Port is in Passive mode
----------------------------------------------------------------------------
gei-0/2/0/9 ACTIVE 30 32768 0x11 0x3d N/A N/A
S1#show running-config-interface smartgroup1

! <INTERFACE>
index 34
!
! </INTERFACE>
! <LACP>
lacp
smartgroup 1 mode on
! </LACP>
9.4.1 Basic SmartGroup Configuration Example

As shown in Figure 9-4, S1 and S2 run LACP. The interface gei-0/1/1/5 on S1 and the
interface gei-0/1/1/5 on S2 are directly connected. The interface gei-0/1/1/9 on S1 and the
interface gei-0/1/1/9 on S2 are directly connected.
9-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 9-4 802.3ad Mode Configuration
configuration mode.
2. Configure the switch attribute of smartgroup1 on S1 and S2 in interface configuration
mode, and exit to global configuration mode.
3. Enter LACP configuration mode from global configuration mode, and then enter the
smartgroup interfaces.
4. Set the aggregation mode of smartgroup1 to LACP on S1 and S2. Configure load
sharing policy and the minimum number of members.
physical interfaces.
7. Configure LACP negotiation mode and time-out period on the member interfaces of
smartgroup1 on S1 and S2.
S1(config-if)#exit
S1(config)#lacp

S2(config-if)#exit
9-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S2(config)#lacp
S1(config)#show lacp 1 internal
Smartgroup:1
S - Port is requested in Slow LACPDUs F - Port is requested
in Fast LACPDUs
A - Port is in Active mode P - Port is in Passive
mode
Port[Flags] State Interval Priority Key State Machine Machin
e
--------------------------------------------------------------------------------
/*Port aggregation, Active means success; Inactive means failure*/
S1(config)#show running-config-interface smartgroup1

! <INTERFACE>
index 26
!
! </INTERFACE>
! <LACP>
lacp
lacp mode 802.3ad
/*Negotiation mode*/
9-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
lacp minimum-member 1
/*The minimum number of members aggregated successfully. When the
number of links aggregated successfully is not less than this
value, smartgroup is up.*/
/*In 802.3ad mode, only when at least one end of the link is in
active mode will the aggregation succeeds.*/
lacp timeout short
lacp timeout short
! </LACP>
S1(config)#show lacp 1 neighbors /*View neighbors*/

Smartgroup 1 neighbors
Actor Partner Partner Port Oper Port
Port System ID Port No. Priority Key State
---------------------------------------------------------------------
gei-0/1/1/9 0x8000,00d0.d012.1127 21 0x8000 0x111 0x3f
gei-0/1/1/5 0x8000,00d0.d012.1127 17 0x8000 0x111 0x3f
S1(config)#show lacp 1 counters

Smartgroup:1
Actor LACPDUs Marker LACPDUs Marker
Port Tx Rx Tx Rx Err Err
-------------------------------------------------------------------
gei-0/1/1/9 1840 1840 0 0 0 0
/*The value of Tx and Rx increments or decrements every 30 seconds
according to the configuration of timeput.*/
gei-0/1/1/5 1840 1840 0 0 0 0
9.4.2 On Mode SmartGroup Configuration Example

As shown in Figure 9-5, the interface gei-0/1/1/5 on S1 and the interface gei-0/1/1/5 on
S2 are directly connected; the interface gei-0/1/1/9 on S1 and the interface gei-0/1/1/9 on
S2 are directly connected. S1 and S2 establish the connection through on mode without
negotiation.
9-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 9-5 ON Mode Configuration
configuration mode.
2. Configure the switch attribute of smartgroup1 on S1 and S2 in interface configuration
mode, and exit to global configuration mode.
smartgroup interfaces.
4. Configure the same negotiation mode “on” on the smartgroup1 interfaces on S1 and
S2.
physical interfaces.
S1(config-if)#exit
S1(config)#lacp
S2(config-if)#exit
S2(config)#lacp
9-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
S1#show lacp 1 internal
Smartgroup:1
Flags: *-Port is Active member Port
S-Port is requested in Slow LACPDUs F-Port is requested in Fast LACPDUs
A-Port is in Active mode P-Port is in Passive mode
----------------------------------------------------------------------------
S1#show running-config-interface smartgroup1

! <INTERFACE>
index 34
!
! </INTERFACE>
! <LACP>
lacp
! </LACP>
9-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 10
SVLAN Configuration
Table of Contents
SVLAN Overview .....................................................................................................10-1
Configuring an SVLAN ...........................................................................................10-10
Maintaining an SVLAN ...........................................................................................10-12
SVLAN Configuration Example...............................................................................10-14
10.1 SVLAN Overview

Introduction to SVLAN
The selective VLAN (SVLAN) is a VLAN tunnel technology. It adds a VLAN tag based on
the original 802.1Q tag, shields the inner VLAN tag, and finally removes the outer VLAN
tag when a message is transparently transmitted to the edge switch over an SP network. In
this way, it implements the transparent transmission service over a multipoint to multipoint
virtual LAN and provides users with a relatively simple L2 VPN tunnel. With the technology,
a packet can carry two tags, which efficiently increases the number of VLANs (up to 4096
x 4096). Usually, an outer VLAN tag refers to the service provider VLAN (SPVLAN) and
an inner VLAN tag refers to the customer VLAN (CVLAN).
The common QinQ adds only one outer tag for the packets of an interface, which greatly
restricts networking flexibility. However, the SVLAN function can selectively add outer tags
for the packets received on a same interface based on different inner tags according to
customer requirements.
For some services, the system must ensure that their packets are not affected when
passing through a switch, that is, the quantity and values of tags remain unchanged. The
SVLAN supports such a function for transparently transmitting VLANs.
In addition, the SVLAN can implement 802.1P CoS priority mapping between outer tags
and inner tags.
SVLAN Principle
Currently, SVLAN is mainly implemented by VFP and IFP, based on which two types
of CLI configuration are provided. It is recommended that you use the SVLAN in VFP
mode because it can fully implement unicast forwarding in uplink and downlink directions.
Furthermore, with ACL rules, it can perform data filtering by packet type or IP address to
implement stream splitting in a better way. This section details the SVLAN in VFP mode.
SVLAN supports five service types. Users can flexibly choose a combination of these
10-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
service types according to their own network. This ensures that SVLAN applies proper
service types for different networking environments.
The following sections detail all the service types.
Service Type 1 (in1-out2)
As shown in Figure 10-1, an outer OVLAN can be added according to the designated inner
VLAN.
Figure 10-1 Service Type 1 (in1-out2)
l In uplink direction:
The switch splits data streams received on the customer port according to the
carried inner VLANs. To be specific, the switch adds outer OVLANs for data streams
according to the carried inner VLANs and then forwards the data streams based on
the L2 forwarding principle and the outer VLANs.
l In downlink direction:
When receiving data streams with double tags on the uplink port, the switch forwards
them based on the L2 forwarding principle and the outer VLANs. The switch then
removes the outer tags when the data streams reach the customer port.
10-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 10 SVLAN Configuration c u -tr a c k
Note:
There is anther configuration type, namely IFP SVLAN. The switch learns the PVID by
using the function of MAC address learning and then redirects to the uplink port. Therefore,
in the downlink direction, data streams are broadcast in OVLANs as unknown unicast to
the customer port.
Service Type 2 (in1-out2 pri designated)

As shown in Figure 10-2, the switch adds outer OVLANs according to the carried inner
VLANs and supports 802.1Q configuration for the data streams with outer OVLANs based
on user priorities. This facilitates QoS management.
Figure 10-2 Service Type 2 (in1-out2 pri designated)
according to the carried inner VLANs and configures the 802.1Q property of OVLAN.
10-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Note:
the customer port.
Service Type 3 (in1-out2 pri mapping)

As shown in Figure 10-3, the switch adds outer OVLANs for data streams according to
the carried inner VLANs and maps 802.1Q configuration of inner VLANs to OVLANs,
which facilitates QoS management. In this case, the QoS of the original network remains
unchanged.
Figure 10-3 Service Type 3 (in1-out2 pri mapping)
according to the carried inner VLANs and configures the 802.1Q property of OVLAN
as mapping of inner VLAN.
10-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Note:
the customer port.
Service Type 4 (in1-out1)

As shown in Figure 10-4, the switch transparently transmits data streams according to the
carried inner VLANs.
Figure 10-4 Service Type 4 (in1-out1)
The switch splits data streams received on the customer port according to the carried
inner VLANs. To be specific, the switch transparently transmits the data streams with
inner VLANs without any data processing.
When data streams with tags reach the uplink port, the switch forwards them based
on the L2 forwarding principle.
VFP:
l Just support a single port transparent transmission configuration type.
l For in-vlan any configuration type, It transparently transmits all the inner VLANs.
10-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
IFP:
l There are two configuration types, namely configuration based on a single session
(transparent transmission for only a single inner VLAN) and configuration based
on all sessions except single-tag to double-tag sessions (default-vlan-forwarding:
transparent transmission for all inner VLANs).
l If default-vlan-forwarding is required, this function must be configured at last. After
configuration, the configuration of IFP SVLAN does not take effect.
l The switch learns the PVID by using the function of MAC address learning and then
redirects to the uplink port. Therefore, in the downlink direction, data streams are
broadcast in inner VLANs as unknown unicast to the customer port.
Service Type 5 (int2-out2)
If the received packets carry double tags, the above mentioned transparent transmission
can implement In and Out with double tags.
Service Type 6 (untag-out1, supported only by SVLAN in IFP mode)
As shown in Figure 10-5, the switch adds tags for the data streams without any tag received
on the customer port. Unlike common ports that use only the default PVID, the switch can
add different tags for the data streams without any tag received on the customer port,
which omits the process of VLAN translation.
Figure 10-5 Service Type 6 (untag-out1, supported only by SVLAN in IFP mode)
The switch splits data streams without any tag received on the customer port
according to their configurations. To be specific, the switch adds outer OVLANs for
the data streams and then forwards them based on the L2 forwarding principle.
10-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
When data streams with tags reach the uplink port, the switch forwards them based
on the L2 forwarding principle and then removes their tags on the customer port.
Service Type 7 (untag-untag)
After the untagged packets pass through the untag to single-tag service, their tags are
removed on the uplink port to form the untag to untag service.
Service Type 8 (enhance vfp)
Packets with single tag is sent to the switch. The switch adds outer tags in accordance
with policies.
The switch modifies inner VIDs and adds outer VIDs according to the properties and VIDs
carried in the single-tag packets.
The switch deletes outer VIDs according to the properties and inner and outer VIDs carried
in the received packets.
For the received double-tag packets, the switch deletes their outer tags and modifies their
inner tags according to the policy.
For the received double-tag packets, the switch modifies their outer tags according to the
policy.
The switch modifies inner VIDs according to the properties and inner and outer VIDs carried
in the received packets.
The switch modifies inner and outer VIDs according to the properties and inner and outer
VIDs carried in the received packets.
For the received double-tag packets, the switch removes the inner or outer tags in
accordance with policies.
For the received untag packets, the switch adds inner and outer tags in accordance with
policies.
For the advanced VFP function, the customer port need not run the switchport qinq custo
mer command for configuration. customer refers to the updated OVLAN. In this case, the
switch forwards packets to the uplink port according to the updated OVLAN and the MAC
learns the updated OVLAN.
Note:
There is another configuration type, namely IFP SVLAN. The switch matches inner and
outer tags for the double-tag packets and then removes their outer tags. The customer
port need not run the switchport qinq customer command for configuration. customer refers
to the OVLAN before update. In this case, the switch forwards packets to the uplink port
according to the updated OVLAN and the MAC learns the OVLAN before replacement.
10-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Actual Network Application of SVLAN

Typical Network Scheme with SVLAN (Case 1)
Figure 10-6 Network Topology with SVLAN (1)
l Network Characteristics
1. A customer interface requires both the QinQ service and the transparent
transmission service.
2. The SmartGroup function is not enabled on the uplink interface and a BRAS and
a router exist in the uplink direction. In this case, a large number of packets
from PPPoE users are added with QinQ tags and then transmitted to the BRAS
for authentication. The packets from other private line users are transparently
transmitted to the router.
3. A network management VLAN is used to manage the T64G and its mounted
devices.
l Functions Implemented by SVLAN
1. The packets with a same OVLAN can be transmitted to different networks. In
addition, the packets are forwarded to the BRAS and router respectively based
on L2 unicast.
2. The packets with the network management VLAN can be transmitted over a same
network to a device, for example, BRAS. This facilitates the NMS to implement
centralized management.
3. Different OVLANs can be added for a same inner VLAN of different interfaces.
4. OVLANs can be added for different inner VLANs on a same interface.
5. OVLANs can be added for a same inner VLAN but different IP segments on a
same interface.
10-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
l Key Configuration Points

1. In addition to the sessions of in-vlan any type, the VFP SVLAN implements uni-
cast-based forwarding in all cases including single tag to double tags and trans-
parent transmission in pinpoint and global modes.
2. Compared with the transparent transmission VLAN, the IFP SVLAN usually
configures helper-vlan to a VLAN that is not used, for example, 4094. In this
case, the helper-vlan parameter of the uplink interface must be configured to
untag.
Typical Network Scheme with SVLAN (Case 2)
Figure 10-7 Network Topology with SVLAN (2)
l Network Characteristics
1. A customer interface requires both the QinQ service and the transparent
transmission service.
2. The SmartGroup function is enabled on the uplink interface and a BRAS and
a router exist in the uplink direction. In this case, a large number of packets
from PPPoE users are added with QinQ tags and then transmitted to the BRAS
for authentication. The packets from other private line users are transparently
transmitted to the router. In addition, the uplink interfaces of the BRAS and T64G
are connected by using the SmartGroup function.
3. A network management VLAN is used to manage the T64G and its mounted
devices.
l Functions Implemented by SVLAN
10-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1. The packets with a same OVLAN can be transmitted to different networks. In

addition, the packets are forwarded to the BRAS and router respectively based
on L2 unicast.
2. The packets with the network management VLAN can be transmitted over a same
network to a device, for example, BRAS. This facilitates the NMS to implement
centralized management.
3. Different OVLANs can be added for a same inner VLAN of different interfaces.
4. OVLANs can be added for different inner VLANs on a same interface.
5. OVLANs can be added for a same inner VLAN but different IP segments on a
same interface.
6. The load sharing of data can be implemented. That is, the link data can be backed
up and the bandwidth can be greatly expanded.
l Key Configuration Points
1. In addition to the sessions of in-vlan any type, the VFP SVLAN implements
unicast-based forwarding in all cases including single tag to double tags and
transparent transmission in pinpoint and global modes.
2. Compared with the transparent transmission VLAN, the IFP SVLAN usually
configures helper-vlan to a VLAN that is not used, for example, 4094. In this
case, the helper-vlan parameter of the uplink interface must be configured to
untag.
3. During configuration, enter vlan session and configure uplink as smartgroupID.
10.2 Configuring an SVLAN

To configure the SVLAN VFP on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#svlan-configuration Enters SVLAN configuration

mode.
2 ZXR10(config-svlan)#vfp <interface-name> session Configures the VFP, matches

<session-id> invlan <vlan-id> in type ipv4 name the inner VLAN ID, and adds
<acl-name> rule <rule-id> ovlan <vlan-id>[priority {<0-7>| the outer VLAN ID to packets
mapping}] for the specified rule.
ZXR10(config)#ipv4-access-list <acl-name><vlan-id>
3 Configures a VFP rule.
ZXR10(config-ipv4-acl)#rule <rule-id> per <ip-address>
4 ZXR10(config-svlan)#vfp<interface-name>
Configures descriptions of a
session<session-id> type <ipv4|link|ipv4-mixed|ipv6 |link >
VFP session.
description <str>
To configure the traffic statistics function for the SVLAN VFP on the ZXR10 5900E, perform
the following steps:
10-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

mode.
2 ZXR10(config-svlan)#vfp-statics <interface name> Starts session statistics for

session <session-id> type <ipv4 | link | ipv4-mixed | ipv6 the VFP.
|link ><enable|disable>
3 ZXR10#clear vfp statistics <interface name> session Clears session statistics for
<session-id> type <ipv4 | link | ipv4-mixed | ipv6 | link > the VFP.
To configure the enhanced VFP of an SVLAN on the ZXR10 5900E, perform the following
steps:

mode.
2 ZXR10(config-svlan)#vfp-extra <interface-name> Configures the enhanced

session <session-id> enhanced ingress-invlan <vlan-id> VFP. For the packets whose
ingress-outvlan <vlan-id> in type ipv4 name <acl-name> inner VLAN is 100, outer
rule <rule-id> egress-outvlan <vlan-id> egress-invlan VLAN is 200, type is IPv4 and
<vlan-id> match rule1, the inner VLAN
is modified to 300, and the
outer VLAN is modified to
400.
ZXR10(config)#ipv4-access-list <acl-name>
3 Configures a VFP rule.
ZXR10(config-ipv4-acl)#rule <rule-id> per <ip-address>
4 ZXR10(config-svlan)#vfp-extra <interface-name>
Configures descriptions of an
session<session-id> type <ipv4|link|ipv4-mixed|ipv6 |link >
enhanced VFP session.
description <str>
To configure the traffic statistics function for the enhanced SVLAN VFP on the ZXR10
5900E, perform the following steps:

mode.
2 ZXR10(config-svlan)#vfpextra-statics <interface name> Starts session statistics for

session <session-id> type <ipv4 | link | ipv4-mixed | ipv6 | the enhanced VFP.
link ><enable | disable>
3 ZXR10#clear vfp statistics <interface name> session Clears session statistics for
<session-id> type <ipv4 | link | ipv4-mixed | ipv6 | link > the enhanced VFP.
To configure the SVLAN IFP on the ZXR10 5900E, perform the following steps:
10-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

mode.
2 ZXR10(config-svlan)#vlan-qinq session-no <session-id> Configures the IFP, matches

customer-port <interface-name> uplink-port the inner VLAN ID, and adds
<interface-name> in-vlan <vlan-id> ovlan <vlan-id> the outer VLAN ID to packets
for the specified rule.
3 ZXR10(config-svlan)#vlan-qinq session-no<session-id> Configures descriptions of an

description <str> IFP session.
Except the function of untag to single tag, the other SVLAN functions of the VFP and IFP
are the same. It is recommended that you use the SVLAN of VFP and meanwhile do not
configure two SVLANs with the same function provided by VFP and IFP.
SVLAN consists of IFP and VFP. VFP consists of common VFP and enhanced VFP. For
enhanced VFP, the downlink port cannot be set to a customer port.
When the same function can be accomplished by common VFP and enhanced VFP, it is
recommended that users use enhanced VFP. It is not recommended that users configure
common VFP and enhanced VFP on the same port.
10.3 Maintaining an SVLAN

To maintain the SVLAN function on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show vfp-entry shelf<shelf-id>slot<line-card> Displays the usage of VFP entries

on a line card.
ZXR10#show vfp-config <interface name> type <acl type> Displays the VFP configuration
information on an interface.
ZXR10#show vfp statistics <interface name>session<session-id Displays traffic statistics of the

><acl-type> VFP.
ZXR10#show running-config<pm-svlan> Displays the configuration

information about the VFP and
IFP.
ZXR10#show vlan-qinq [all | brief] Displays the configuration

information about VLAN QinQ.
The following is sample output from the show vfp-entry command:

ZXR10(config)#show vfp-entrys shelf 0 slot 3
===============================================================
===============================================================
shelf : shelf number
10-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
phySlot : linecard Physical number

unitSum : unit sum in linecard
unit0 : unit 0 all entrys Number in VFP
unit1 : unit 1 all entrys Number in VFP
freeUnit0 : unit 0 free entrys Number in VFP
freeUnit1 : unit 1 free entrys Number in VFP
================================================================
==============================================================
shelf phySlot unitSum unit0 unit1 freeUnit0 freeUnit1
================================================================
0 3 1 2048 0 1991 0
----------------------------------------------------------------
Field Description
shelf Shelf number.
phySlot Indicates the ID of a line card.
unitSum Indicates the number of chips on a line card.
unit0 Indicates the number of entries used by chip 0.
unit1 Indicates the number of entries used by chip 1.
FreeUnit0 Indicates the number of free entries for chip 0.
FreeUnit1 Indicates the number of free entries for chip 1.
The following is sample output from the show vfp-config command:

ZXR10(config-svlan)#show vfp-config gei-0/1/1/1 type ipv4
vfp gei-0/1/1/1 session 1 invlan 10 in type ipv4 name ipv4acl rule 1 ovlan 100
The following is sample output from the show vfp statistics gei-0/1/1/1 session 1 type ipv4
command:
ZXR10#show vfp statistics gei-0/1/1/1 session 1 type ipv4
session 1 statistics:
120s input rate : 1693971851Bps 13234155Pps
StreamCounters(update interval 10s)
In_Bytes 203276622080 In_Packets 1588098610
Field Description
120s input rate Number of bytes per 120 seconds, and number of packets
per 120 seconds.
In_Bytes Number of bytes received per 10 seconds.
In_Packets Number of packets received per 10 seconds.
10-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
The following is sample output from the show running-config pm-svlan command:
ZXR10(config-svlan)#show running-config pm-svlan
!<SVLAN>
svlan-configuration
vfp gei-0/1/1/1 session 1 invlan 10 in type ipv4 name ipv4acl rule 1 ovlan 100
vlan-qinq session-no 1 customer-port gei-0/1/1/2 uplink-port gei-0/1/1/4 in-vlan
200 ovlan 400
$
!</SVLAN>
The following is sample output from the show vlan-qinq brief command:
ZXR10(config-svlan)#show vlan-qinq brief
Count:1
Free Count:3999
Sess Customer Uplink Redirect Hvlan Ovlan Invlan
1 gei-0/1/1/2 gei-0/1/1/4 400 200
Field Description
Count Number of IFP sessions that have been configured.
Free Count Number of left sessions that can be configured.
Sess Serial number of a session.
Customer Customer port.
Uplink Uplink port or SmartGroup number
Redirect Redirection.
Hvlan ID of the VLAN that can be transmitted to the network

management system transparently.
Ovlan Outer VLAN ID
Invlan Inner VLAN ID, such as 1–100, 200, or 300. The value untag
means packets without tags.
10.4 SVLAN Configuration Example

A same customer interface supports multiple different outer tags and packets transparently
transmitted. The specific configuration requirements are as follows:
1. The packet with the tag of 10 received from customer interface gei-0/1/1/1 will be added
with inner and outer tags (inner tag: 10; outer tag: 997) on the ZXR10 5900Eand then
forwarded through uplink interface gei-0/1/1/2.
10-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
with inner and outer tags (inner tag: 11; outer tag: 998) on the ZXR10 5900E and then
3. The packet with the tag of 999 received from customer interface gei-0/1/1/1 will be
transparently transmitted through uplink interface gei-0/1/1/2.
Figure 10-8 SVLAN Configuration Example
If the traditional method of SVLAN configuration is used, the command output is shown
below:
SVLAN configuration on the ZXR10 5900E:
ZXR10(config-svlan)#vlan-qinq session-no 1 customer-port gei-0/1/1/1 uplink-port
gei-0/1/1/2 in-vlan 10 ovlan 997
gei-0/1/1/2 in-vlan 11 ovlan 998
gei-0/1/1/2 in-vlan 999 untag helper-vlan 4094
SVLAN interface configuration on the ZXR10 5900E:

ZXR10(config-if)#no shutdown
ZXR10(config-swvlan-intf)#switchport qinq customer
ZXR10(config-swvlan-intf)#switchport mode hybrid
ZXR10(config-swvlan-intf)#switchport hybrid vlan 999 tag
ZXR10(config-swvlan-intf)#switchport hybrid vlan 997-998 untag
10-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-swvlan-intf)#switchport hybrid vlan 997-998 tag
ZXR10(config-swvlan-intf)#switchport hybrid vlan 4094 untag
ZXR10(config-swvlan-intf)#switchport qinq uplink
If the configuration requirements are changed as follows:

1. The packet with the tag of 10 and the source IP address of 192.168.0.1 received from
customer interface gei-0/1/1/1 will be added with inner and outer tags (inner tag: 10;
outer tag: 997) on the ZXR10 5900E and then forwarded through uplink interface
gei-0/1/1/2.
2. The packet with the tag of 10 and the source IP address of 192.168.0.2 received from
customer interface gei-0/1/1/1 will be added with inner and outer tags (inner tag: 10;
outer tag: 998) on the ZXR10 5900E and then forwarded through uplink interface
gei-0/1/1/2.
with inner and outer tags (inner tag: 11; outer tag: 998) on the ZXR10 5900E and then
4. The packet with the tag of 999 received from customer interface gei-0/1/1/1 will be
transparently transmitted through uplink interface gei-0/1/1/2.
In this case, the method of SVLAN configuration based on VFP is used. The command
output is shown below:
SVLAN configuration on the ZXR10 5900E:
ZXR10(config)#svlan-configuration
ZXR10(config-svlan)#vfp gei-0/1/1/1 session 1 invlan 10 in type ipv4
name ipv4acl rule 1 ovlan 997
name ipv4acl rule 3 untag
ZXR10(config)#ipv4-access-list ipv4 acl
ZXR10(config-ipv4-acl)#rule 1 permit 192.168.0.1 0.0.0.0
ZXR10(config-ipv4-acl)#rule 2 permit 192.168.0.2 0.0.0.0
ZXR10(config-ipv4-acl)#rule 3 permit any
SVLAN interface configuration on the ZXR10 5900E:

10-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-swvlan-intf)#switchport hybrid vlan 997-998 untag
ZXR10(config-swvlan-intf)#switchport qinq customer
ZXR10(config-swvlan-intf)#switchport hybrid vlan 997-998 tag
10-17

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
10-18

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 11
ZESR Configuration
Table of Contents
ZESR Overview........................................................................................................11-1
Configuring a ZESR .................................................................................................11-6
Maintaining a ZESR .................................................................................................11-9
ZESR Configuration Example................................................................................. 11-11
11.1 ZESR Overview

Introduction to ZESR
The ZTE Ethernet switch ring (ZESR) is an Ethernet ring technology based on the EAPS
(RFC3619) protocol. It allows the network administrator to create an Ethernet ring network,
which is similar to the fiber distributed data interface (FDDI) or SONET or SDH ring in terms
of network scheme. The ZESR can recover the system from any link or node fault within
50 ms.
As shown in Figure 11-1, S1 functions as a primary node and other switches function
as transport nodes. For the two interfaces on the primary node, one functions as the
master interface and the other functions as the slave interface. During initialization, the
slave interface is blocked to avoid a loop. When a transport node detects that any of its
connected links is faulty, it sends a message to the primary node, notifying that the link is
broken. After receiving the message, the primary node clears the bridging table, enables
the slave interface, and sends control frames to the transport nodes, notifying them to clear
their own bridging tables. After that, the process of MAC address learning restarts in the
common mode.
Figure 11-1 ZESR Single-Ring Network Topology
11-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZESR Principle
In the case of a complete ZESR loop (the state of all links is up), the state of the ZESR
protocol is COMPLETE. If a fault occurs in the loop, the state of the ZESR protocol is
FAILED. Therefore, the link state of a loop determines the state of the ZESR protocol.
When the link state changes, the ZESR protocol performs link switching.
Fault detection mechanism of ZESR link: Its key mechanism is link-down. The Hello
timeout mechanism is not the default detection mechanism but it can be used after
configuration. As shown in Figure 11-2, when the interface between S3 and S4 is down,
S3 and S4 send link-down frames every 1s to the primary node S1 after detecting the
fault. After receiving the link-down frame, the S1 knows that a fault occurs on the link.
Figure 11-2 Loop Fault in ZESR Single-Ring Network
Meanwhile, the link-hello mechanism of ZESR can be configured as an assistant means

to detect the link state between two adjacent nodes. To be specific, it helps to detect the
link faults including monologue, deterioration, and cross transport device. The link-hello
packets are sent mutually at intervals between two adjacent nodes. If one node does
not receive the link-hello frame from the other node within the specified time, the node
considers that the link is faulty. In this case, the node sends link-down frames every 1s to
the primary node, notifying the link fault.
In the case of ZESR switching, the system performs operations on the interfaces and
instances protected by the domain. The instances described here are the same as those
of the STP. The ZESR uses the control VLAN as the unique ID of a domain and meanwhile
as the tag of a frame. To make full use of link bandwidth, multiple ZESR domains can be
configured on a same ring.
l ZESR Single-Ring Principle
11-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 11 ZESR Configuration c u -tr a c k
Figure 11-4 Loop Fault of ZESR Single-Ring
1. Fault troubleshooting in a single-ring network

When detecting a link fault, the node on the ring blocks the interface connected to
the faulty link and then sends a link-down frame to the primary node, notifying
that the link is faulty. After receiving the link-down frame or detecting that a
link connected with the primary node is faulty, the primary node performs link
switching. To be specific, it enables the standby link (the link fault does not occur
on the standby link), clears the bridge table, and sends a down-flush frame to
the transport node, notifying that link switching is performed on the ring. After
receiving the down-flush frame, the transport node clears the bridge table. If the
link connected to the slave interface on the primary node is faulty, the primary node
changes the ring state to FAILED and does not perform any other operation. As
shown in Figure 11-4, when the link between S3 and S4 is faulty, S3 and S4 block
the faulty interfaces respectively and send link-down frames to S1 at intervals.
After receiving the link-down frame, S1 enables the slave interface and sends a
down-flush frame from both the master and slave interfaces. After receiving the
down-flush frame, S2, S3, and S4 clear their own bridge table and learn MAC
addresses again.
2. Fault restoring in a single-ring network
When detecting that a link recovers, the node on the ring stops sending link-down
frames. If the primary node does not receive the link-down frame within the
11-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
timeout time (8s), it considers that the link recovers. In this case, the primary
node blocks the slave interface (if the fault occurs on the link connected to the
master interface on the primary node, the master interface must be enabled),
clears the bridge table of the slave interface, and sends an up-flush frame to the
transport node, notifying that the link recovers on the ring. After receiving the
up-flush frame, the transport node unblocks the interface and clears the bridge
table. When the loop changes fromFigure 11-4 to Figure 11-3, the link between
S3 and S4 recovers. In this case, S3 and S4 stop sending link-down frames. If
the primary node S1 does not receive the link-down frame within the timeout time,
it considers that the link recovers. To be specific, S1 blocks the slave interface,
clears the bridge table, and sends an up-flush frame from both the master and
slave interfaces. After receiving the up-flush frame, S2, S3, and S4 unblock the
interface and clear their own bridge table.
l ZESR Multi-Ring Principle
Figure 11-5 shows the ZESR multi-ring network topology.
Figure 11-5 ZESR Multi-Ring Network Topology
S1, S2, S3, and S4 form a master ring. S1 acts as the primary node, and S3, S4, S5
and S6 act as a slave ring with the level and segment of 1. S5 acts as the primary
node, S3 and S4 acts as edge assistant nodes. In addition, S3, S4, S6, and S7 form
a slave ring with the level of 2 and the segment of 1. S3 acts as an edge assistant
node, S4 acts as an edge control node. For a slave ring configured with an edge
control node, the functions of this node are similar to those of the primary node. The
state of the slave ring is determined by the edge control node after calculation. During
configuration for a domain on the slave ring, either of the primary node or the edge
control node is deployed. When the state of a slave ring is COMPLETE, the interface
of the edge control node is blocked.
11-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Fault troubleshooting and recovery for a master ring: In the ZESR multi-ring network
topology, the fault troubleshooting and recovery for the master ring with the level
and segment of 0 are the same as those in the ZESR single-ring network topology
(described in the section "ZESR Single-Ring Principle"). The fault troubleshooting
and recovery do not affect the state of the slave ring.
Fault troubleshooting and recovery for a slave ring: When detecting a link fault, the
node on the slave ring blocks the interface connected with the faulty link and then
sends a link-down frame to the primary node (or the edge control node) and the edge
assistance node at intervals. After receiving the link-down frame, the primary node
(or the edge control node) enables the slave interface (or the access interface on the
edge control node) and meanwhile sends a down-flush frame (in the case of the edge
control node, it sends a down-flush frame to the two interfaces at the primary level).
After receiving the down-flush frame, the transport node and the edge assistance node
on the slave ring clear their own bridge table. If the state of the edge assistance node
is COMPLETE, the access interface is also used to send a down-flush frame to the two
interfaces at the primary level. When the transport node at the upper layer receives
the down-flush frame from the ring at a lower layer, it clears the bridge table on the
ring interface. In some cases, protocol frames are not processed no matter it is a
single-ring network or a multi-ring network.
à When the state of the master node or the edge control node is FAILED, it takes
no actions while receiving the link-down frame from the same layer.
à When the state of the transport node or the edge assistance node is FAILED, it
takes no actions while receiving the down-flush frame from the same layer.
à When the state of the transport node or the edge assistance node is COMPLETE,
it takes no actions while receiving the up-flush frame from the current layer.
Fault troubleshoot and recovery for a slave ring: When detecting that a link recovers,
the node on the slave ring stops sending link-down frames. If the primary node (or
the edge control node) does not receive the link-down frame within the timeout time,
it considers that the link recovers. In this case, the primary node blocks the slave
interface (or, the edge control node blocks the access interface), clears the bridge
table on the slave interface (or access interface on the edge control node), and then
sends an up-flush frame to both the master and slave interfaces (access interface
and the two interfaces at the upper layer in the case of the edge control node). After
receiving the up-flush frame, the transport node or the edge assistance node on the
slave ring unblocks the interface and clears the bridge table of the ring interface. After
receiving the up-flush frame, the transport node at the upper layer clears the bridge
table.
l Relations Between ZESR and STP
Both the ZESR and the STP implement data forwarding and blocking by configuring
the status of an STP instance on the interface. Therefore, the ZESR and the STP
are mutually exclusive based on interface + instance. That is, an interface instance
managed by ZESR will not be calculated by the STP. However, its STP state will be
11-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
calculated by the ZESR. The protection instance used by the ZESR is configured
based on the STP protocol. Therefore, when the ZESR protocol is used, a protection
instance can take effect only after the STP is enabled globally. Except the interface
instances managed by the ZESR, the STP state of other interface instances is
managed by the STP protocol, which avoids a loop.
11.2 Configuring a ZESR

To configure a ZESR on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#zesr Enters ZESR configuration

mode.
2 ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> Configures the protection

protect-instance <0-64> instance of a ZESR domain.
Use the no zesr ctrl-vlan
<1-4094> protect-instance
command to delete the
protection instance.
ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> snooping Enables associating ZESR

vpls {enable | disable} with VPLS. If the function
is enabled, when the node
receives flush packets, it
notifies the VPLS to recalculate
links. By default, the function
is disabled.
3 ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> major-level Configures the role and

role {master | transit}<port1><port2> interface for a ZESR node
on the master ring. Use the
no zesr ctrl-vlan <1-4094>
major-level command to delete
the configuration.
ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> level <1-2> Configures the role and

seg <1-4> role {master | transit}<port1><port2> interface for a ZESR node on
the slave ring. Use the no zesr
ctrl-vlan <1-4094> level <1-2>
seg <1-4> command to delete
the configuration.
ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> level <1-2> Configures the role and

seg <1-4> role {edge-control | edge-assistant}<port1> interface for a ZESR node at
the access layer. Use the no
zesr ctrl-vlan <1-4094> level
11-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
<1-2> seg <1-4> command to

delete the configuration.
4 ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> major-level Configures the preforward

preforward <9-600>[preup <0-500>] and preup time of the master
ring. The preup time can be
configured only on the primary
node.
ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> level <1-2> Configures the preforward

seg <1-4> preforward <9-600>[preup <0-500>] and preup time of the slave
ring. The preup time can be
configured only on the primary
node or the edge control node.
5 ZXR10(config-zesr)#zesr restart-time <120-600> Configures the ZESR restart

time, default: 120 seconds.
ZXR10(config-zesr)#zesr port-detect {normal | fast} Configures the detection mode

of a ZESR interface, default:
normal.
ZXR10(config-zesr)#zesr protocol-mac {normal | special} Configures the ZESR MAC

mode. The special mode is
for the compatibility with the
ZESR protocol on medium-end
switches. The default mode is
normal.
ZXR10(config-zesr)#zesr link-degrade <smartgroupxx>{n Configures the link-degrade

ormal | special count <1-8>} property of a ZESR interface
(SmartGroup interface only),
default: normal.
ZXR10(config-zesr)#zesr link-hello <gei-xx>{normal | Enables or disables the

special} link-hello function of a
ZESR interface (physical
interface only). To enable
this function, configure the
property to special. The
default configuration is normal
(disabled).
6 ZXR10#clear zess-switchtimes domain {all |<1-16>}
ZXR10#clear zesr-switchtimes ctrl-vlan <1-4094> all

Clears the statistics on ZESR
ZXR10#clear zesr-switchtimes ctrl-vlan <1-4094> major
switching times.
ZXR10#clear zesr-switchtimes ctrl-vlan <1-4094> level
<1-2> seg <1-4>
11-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
For the above ZESR commands, the parameter names are the same. Therefore, these
parameters will not be described repeatedly in the following tables. The ZESR uses control
VLAN as the unique ID of a domain.
ctrl-vlan <1-4094> Indicates the control VLAN of a specified ZESR domain.
protect-instance <0-64> Configures the protection instance of a domain, which is the

same as the STP instance in terms of parameter value.
snooping vpls {enable | disable} Enables or disables associating ZESR with VPLS.
major-level Configures the master ring of ZESR.
role {master | transit} Configures the role of a ZESR node, that is, primary node
or transport node.
level <1-2> seg <1-4> Configures the level and segment of the ZESR slave ring.
role {edge-control | edge-assistant} Configures the role of a ZESR access node.
<port1><port2> Configures the primary and secondary interfaces of ZESR.
preforward <9-600>[preup <0-500> Configures the preforward and preup time of a ZESR node.
The preup time is optional and can be configured only on the
primary node or the edge control node.
zesr-switchtimes all Clears the statistics on switching times of all ZESR domains.
ctrl-vlan <1-4094> all Clears the statistics on switching times of all the levels and
segments for a specified ZESR domain.
ctrl-vlan <1-4094> major Clears the statistics on switching times of the master ring
for a specified ZESR domain.
ctrl-vlan <1-4094> level<1-2> seg Clears the statistics on switching times of a specified level
<1-4> and segment of the slave ring for a specified ZESR domain.
11-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Note:
The control VLAN of ZESR is special. It can be used only by the ZESR. In addition to
the control VLAN trunked on a ring interface, other interfaces cannot use this VLAN. A
ZESR ring interface cannot work in the QinQ mode. In addition, to improve switching
performance, the detection mode of a ZESR interface must be configured to fast and the
function of broadcast and unicast suppression must be configured for all the ring interfaces
and traffic interfaces.
ZESR can be associated with VPLS for only boundary nodes at the access layer.
11.3 Maintaining a ZESR

To maintain the ZESR function on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show zesr brief Displays brief information about all

domains of ZESR.
ZXR10#show zesr ctrl-vlan <1-4094> Displays detailed information

about a specified domain of ZESR.
ZXR10#show zesr port-mode [<port>] Displays property configuration of

a ZESR interface.
brief Displays brief information about all domains of ZESR.
ctrl-vlan <1-4094> Displays detailed information about a specified domain of

ZESR.
port-mode [<port>] Displays property configuration of a ZESR interface. <port>

is an optional parameter. If it is not specified, the system
shows property configuration of all ZESR interfaces.
The following is sample output from the show zesr brief command:
ZXR10(config)#show zesr brief

ctrl-vlan: 100 protectinstance: 1 snoop-vpls: disable
level seg role port port level-state switch-times
major transit smartgroup1(P) gei-0/1/1/6(S) down 1
ctrl-vlan: 200 protectinstance: 2
11-9

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
restarttime: 120(s)
port detect: fast
protocol mac: normal
Field Description
ctrl-vlan Control VLAN of a domain.
protectinstance Protection instance of a domain.
level, seg Level and segment of a domain. For a main ring, the level is
output as major and the segment is not output.
role Role of a ZESR node.
port Interface of a ZESR domain.
level-state State at the current level of a ZESR domain.
switch-times Statistics on switching times at the current level of a ZESR

domain.
restarttime Restart time at the current level of a ZESR domain.
port detect Detection mode of a ZESR interface.
protocol mac MAC mode used by ZESR.
The following is sample output from the show zesr ctrl-vlan <1-4094> command:
ZXR10(config)#show zesr ctrl-vlan 100
level: major
state: down
role: transit
port: smartgroup1(P) portstate: block
port: gei-0/1/1/6(S) portstate: block
preforward: 20(s)
switch-times: 1
Field Description
portstate Interface state. block indicates that the interface is blocked

and forward indicates that the interface is enabled.
The following is sample output from the port-mode [<port>] command:

ZXR10(config-if)#show zesr port-mode
Interface Link-hello Link-degrade Count
----------------------------------------------------
gei-0/1/1/2 normal N/A N/A
11-10

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
Link-hello A property provided in the configuration by using the

Link-hello command of ZESR.
Link-degrade A property provided in the configuration by using the

Link-degrade command of ZESR.
Count A property provided in the configuration by using the Count

command of ZESR.
11.4 ZESR Configuration Example

The ZESR configuration includes the STP instance, control VLAN trunked on an interface,
and interface properties. Therefore, this section provides an example for configuring the
STP, interface VLAN, and other parameters.
Configure instance 1 with the VLAN ranging from 1 to 1000. The detailed STP configuration
is shown below.
ZXR10(config)#spantree
ZXR10(config-stp)#enable
ZXR10(config-stp)#mst vlans 1-1000 instance 1
If VLAN 4001 is used as the control VLAN of a ZESR domain and instance 1 is used as
the protection instance, the ZESR interface must trunk the control VLAN and the VLAN
contained in the protection instance. The detailed configuration is shown below.
ZXR10(config-swvlan-intf)#switchport mode trunk
ZXR10(config-swvlan-intf)#switchport trunk vlan 4001,1-1000
Configure the broadcast and unknown unicast suppression properties of an instance

interface:
ZXR10(config-swvlan-intf)#switchport mode trunk
ZXR10(config-swvlan-intf)#switchport trunk vlan 4001,1-1000
The above configurations are used as pre-configuration requirements of subsequent

configuration examples and will not be described again.
11-11

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
11.4.1 Configuring Basic Single-Ring ZESR

Figure 11-6 shows a network topology with the ZESR single ring. In the network, S1
acts as the primary ZESR node, and S2, S3, and S4 act as ZESR transport nodes. It is
recommended that users configure the master node and edge control nodes before other
types of nodes are configured.
1. Enter the ZESR config mode and configure the control VLAN and protection instance
of the ZESR domain.
2. Configure the level, segment, role, and interface of the ZESR node.
3. If there are other functional requirements, configure the ZESR properties further.
ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 protect-instance 1
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role master gei-0/1/1/1 gei-0/1/1/2

ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role transit gei-0/1/1/1 gei-0/1/1/2
The configuration of S3 and S4 is similar to that of S2 and therefore will not be described
again.
11-12

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

level: major
state: up
role: master
port: gei-0/1/1/1(P) portstate: forward
preforward: 20(s) preup: 2(s)
switch-times: 1

level: major
state: up
role: transit
port: gei-0/1/1/2(S) portstate: forward
preforward: 20(s)
switch-times: 1
11.4.2 Configuring Basic Single-Ring ZESR

Figure 11-7 shows a network topology with multiple rings. S1, S2, S3, and S4 form a
master ring. S1 acts as the primary node, and S2, S3, and S4 act as transport nodes.
To be specific, S3, S4, and S5 form a slave ring with the level and segment of 1. S3
acts as an edge assistant node, S4 acts as an edge control node, and S5 acts as a
transport node. The master ring configuration for S1 and S2 is the same as the single-ring
configuration described in section Configuring Basic Single-Ring ZESR. Therefore, this
section describes only an example of master and slave ring configuration for S3, S4, and
S5.
11-13

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 11-7 Multi-Ring ZESR Network Topology
of the ZESR domain.
2. Configure the level, segment, role, and interface of the ZESR node.
ZXR10(config)#zesr
/*master ring configuration*/
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role
transit gei-0/1/1/1 gei-0/1/1/2
/*slave ring configuration*/
ZXR10(config-zesr)#zesr ctrl-vlan 4001 level 1 seg 1 role
edge-assistant gei-0/1/1/3

ZXR10(config)#zesr
/*master ring configuration*/
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role
/*slave ring configuration*/
edge-control gei-0/1/1/3
11-14

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

ZXR10(config)#zesr
ctrl-vlan: 4001 protectinstance: 1 snoop-vpls:disable
level: major
state: up
role: transit
preforward: 20(s)
switch-times: 1
level: 1 seg: 1
state: up
role: edge-control
port: gei-0/1/1/3 portstate: block
switch-times: 1

ctrl-vlan: 4001 protectinstance: 1 snoop-vpls:disable
level: major
state: up
role: transit
preforward: 20(s)
switch-times: 1
level: 1 seg: 1
state: up
role: edge-assistant
port: gei-0/1/1/3 portstate: forward
preforward: 20(s)
switch-times: 1
11-15

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
11-16

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 12
ZESS Configuration
Table of Contents
ZESS Overview........................................................................................................12-1
Configuring ZESS ....................................................................................................12-2
ZESS Maintenance ..................................................................................................12-4
ZESS Configuration Example ...................................................................................12-5
12.1 ZESS Overview

Introduction to ZESS
The ZTE Smart Switch (ZESS) is an Ethernet smart switching technology. As shown in
Figure 12-1, node 1 supports the ZESS function, interface 1 acts as the master interface,
and interface 2 acts as a slave interface. When detecting that the master and slave
interfaces are both up, node 1 blocks the data forwarding function on the slave interface.
When detecting that the master interface is down, node 1 blocks the master interface and
enables the slave interface. When detecting that the master interface recovers, node
1 determines whether to enable the master interface and re-block the slave interface
according to the configured ZESS mode. When performing link switching, the ZESS must
update the bridge table of the blocked interface.
Figure 12-1 ZESS Network Topology
ZESS Principle
The ZESS uses a backup link to transmit data when the active link is faulty, which protects
network connectivity. In addition, the ZESS uses a protection instance to protect the data
transmitted over network. The instance used by the ZESS is the same as that used by the
STP.
12-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
When both of the active and standby links work normally, the ZESS blocks the standby link
and forwards data by using the active link. When the active link is faulty, the ZESS blocks
the active link and forwards data by using the standby link, and meanwhile clears the bridge
table of the active link. When the active link recovers, the ZESS perform operations bases
on the configured mode (revertive or non-revertive). In the revertive mode, the ZESS
blocks the standby link, enables the active link, and meanwhile clears the bridge table of
the standby link. In the non-revertive mode, the ZESS does not perform active/standby
switching.
Both the ZESS and the STP implement data forwarding and blocking by configuring
the status of an STP instance on the interface. Therefore, the ZESS and the STP are
mutually exclusive based on interface + instance. That is, an interface instance managed
by ZESS will not be calculated by the STP. However, its STP state will be calculated by
the ZESS. The protection instance used by the ZESS is configured based on the STP
protocol. Therefore, when the ZESS protocol is used, a protection instance can take
effect only after the STP is enabled globally. Except the interface instances managed by
the ZESS, the STP state of other interface instances is managed by the STP protocol,
which avoids a loop.
12.2 Configuring ZESS

On the ZXR10 5900E, use the following commands to configure the ZESS.
1 ZXR10(config)#zess This enters the ZESS config

mode.
2 ZXR10(config-zess)#zess domain <1-16> This configures the protection

protect-instance <0-64> instance of a ZESS domain.
The no zess domain <1-16>
command can be used to clear
configuration.
3 ZXR10(config-zess)#zess domain <1-16> member This configures the interface

primary <port1> secondary <port2> of a ZESS domain. The no
zess domain <1-16>member
configuration.
ZXR10(config-zess)#zess domain <1-16> mode <revertive This configures the ZESS

| non-revertive> revertive mode. The default
value is revertive.
ZXR10(config-zess)#zess domain <1-16> preup <1-900> This configures the preup time
of ZESS. The default value is
2s
12-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 12 ZESS Configuration c u -tr a c k
4 ZXR10(config-zess)#zess port-detect {normal | fast} This configures the detection

mode of a ZESS interface. The
default value is normal.
5 ZXR10#clear zess-switchtimes domain all This clears the statistics on

switching times of all ZESS
domains.
ZXR10#clear zess-switchtimes domain <1-16> This clears the statistics on

switching times of a specified
ZESS domain.
For the above ZESS commands, the parameter names are the same. Therefore, these
parameters will not be described repeatedly in the following tables. The ZESS uses domain
ID as the unique ID of a domain.
The command parameters in step 2 are described as follows.
domain<1-16> Configures the ID of a ZESS domain.
protect-instance <0-64> Configures the protection instance of a domain, which is the same
as the STP instance in terms of parameter value.
member primary <port1> Configures the primary interface of a ZESR domain.
secondary <port2> Configures the secondary interface of a ZESR domain.
mode <revertive | non-revertive> Configures the revertive mode of a ZESS domain. The available
options are revertive and non-revertive. The default value is
revertive.
preup <1-900> Configures the preup time of a ZESS domain. The value of this
parameter ranges from 1s to 900s. The default value is 2s.
port-detect {normal | fast} Configures the detection mode of a ZESS interface. The available
options are normal and fast. The default value is normal.
12-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Caution!
To improve the switching performance of ZESS, the detection mode of a ZESS interface
must be configured to fast. In addition, the properties of broadcast and unicast
suppression must be configured for the ZESS interface and the peer interface of the link.
In addition, the STP function must be disabled for the peer interface of the ZESS link.
Otherwise, data forwarding will be affected during switching.
12.3 ZESS Maintenance

On the ZXR10 5900E, use the following commands to maintain the ZESS.
Command Function
ZXR10#show zess brief This shows brief information about

all domains of ZESS.
ZXR10#show zess domain [<1-16>] This shows detailed information

about a specified domain of ZESS.
The parameters in the above command are described as follows.
brief Shows brief information about all domains of ZESS.
domain [<1-16>] Shows detailed information about a specified domain of ZESS.
An example of the show zess brief command output is shown below.

ZXR10(config)#show zess brief
Domain Instance Pri_Port Sec_Port Mode State Chang-time
-------------------------------------------------------------------------------
1 2 smartgroup1 gei-0/1/1/6 revertive down 0
An example of the show zess domain 1 command output is shown below.

ZXR10(config)#show zess domain 1
domain ID: 1 protectinstance: 2
state: down mode: revertive
port : smartgroup1(P) portstate: block
port : gei-0/1/1/6(S) portstate: block
preup: 2(s) changeTimes : 0
port-detect mode: fast
An example of the show zess domain command output is shown below.

ZXR10(config)#show zess domain
12-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 12 ZESS Configuration c u -tr a c k

state: down mode: revertive
port : smartgroup1(P) portstate: block
12.4 ZESS Configuration Example

Figure 12-2 shows a typical ZESS network topology. S1 enables the ZESS protocol,
interface 1 acts as the master interface, and interface 2 acts as a slave interface.
Figure 12-2 ZESS Configuration Example
1. Enter the ZESS config mode and configure the ID and protection instance of the ZESR
domain.
2. Configure the interface and other parameters of a ZESR node.
3. If there are other functional requirements, configure the ZESS properties further.
ZXR10(config)#zess
ZXR10(config-zess)#zess domain 1 protect-instance 1
ZXR10(config-zess)#zess domain 1 member primary gei-0/1/1/1 secondary gei-0/1/1/2
ZXR10(config-zess)#zess port-detect fast
/*If necessary, configure the ZESS properties, such as
the revertive mode and preup time.*/
ZXR10(config-zess)#zess domain 1 mode non-revertive
12-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10(config-zess)#zess domain 1 preup 300
ZXR10(config)#show zess domain 1
state: up mode: non-revertive
port : gei-0/1/1/1(P) portstate: forward
12-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 13
ZESR+ Configuration
Table of Contents
ZESR+ Overview......................................................................................................13-1
Configuring ZESR+ ..................................................................................................13-3
ZESR+ Maintenance ................................................................................................13-4
ZESR+ Configuration Example.................................................................................13-5
13.1 ZESR+ Overview

Introduction to ZESR+
In the uplink direction of the core network and backbone network in a metropolitan area
network (MAN), two uplink interface on a switch are usually connected with two BRAS or
SR devices respectively. In this way, the ZESS can be used to implement dual-protection
in the uplink direction. This connection mode implements protection for the upstream link,
SR, or BRAS but has a risk that a single-point failure may occur on the switch to the
BRAS or SR in the uplink direction. In an actual network scheme, the egress interfaces
connected to a same SR or BRAS are distributed on two switches respectively. In this
way, the protection function with dual nodes and dual upstream links is implemented, that
is, the ZSER+ described in this topic.
As shown in Figure 13-1, two switches (S1 and S4) in the ring network are connected to
the SR and BRAS in the uplink direction, which implements protection for the upstream
links of the SR and BRAS. Suppose that the link from S1 to the SR is broken. In this case,
the traffic on this link will be automatically transmitted to the SR through S4. By using the
protection function with dual nodes and dual upstream links, the system can implement
switching within 50 ms when an upstream link is faulty.
13-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 13-1 ZESR+ Network Topology
ZESR+ Principle
When the dual-node and dual-uplink ZESR+ protocol is working, two roles are available:
primary node ZESS-MASTER and transport node ZESS-TRANSIT. The nodes use the
Hello packet and interface detection function to detect link status. When the link works
properly, the primary node blocks the slave interface and enables the master interface.
At this time, the transport node enables both of the master and slave interfaces. When
detecting a link fault, the transport node blocks the interface connected with the faulty link,
clears the bridge table, and sends a link-down frame to the primary node notifying the
fault information. After receiving the link-down frame, the primary node enables the slave
interface, clears the bridge table, and sends a down-flush frame. When detecting a link
fault, the primary node actively performs link switching. The format of frames used by the
ZESR+ and the specific meanings are the same as those of the ZESR. The ZESR+ is
quite similar to the ZESR master ring in terms of function. Therefore, the ZESR+ can work
together with the ZESR.
Figure 13-2 shows a typical network topology of the ZESR+ with dual nodes and dual
upstream links. S2 is a ZESS-MASTER node and S3 is a ZESS-TRANSIT node.
The ZESR+ protects upstream links and transport node S3 sends protocol packets to S2
through the master interface. Therefore, when the ZESR+ is working, you must configure
the master interface on the link where the two nodes are directly connected. Otherwise,
an error occurs in the protocol.
13-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 13 ZESR+ Configuration c u -tr a c k
Figure 13-2 Typical ZESR+ Network Topology
Both the ZESR+ and the STP implement data forwarding and blocking by configuring the
status of an STP instance on the interface. Therefore, the ZESR+ and the STP are mutually
exclusive based on interface + instance. That is, an interface instance managed by ZESR+
will not be calculated by the STP. However, its STP state will be calculated by the ZESR+.
The protection instance used by the ZESR+ is configured based on the STP protocol.
Therefore, when the ZESR+ protocol is used, a protection instance can take effect only
after the STP is enabled globally. Except the interface instances managed by the ZESR+,
the STP state of other interface instances is managed by the STP protocol, which avoids
a loop.
13.2 Configuring ZESR+

On the ZXR10 5900E, use the following commands to configure the ZESR+.
1 ZXR10(config)#zesr This enters the ZESR config

mode.
2 ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> This configures the protection

protect-instance <0-64> instance of a ZESR+ domain.
The no zesr ctrl-vlan <1-4094>
protect-instance command can
be used to clear configuration.
13-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3 ZXR10(config-zesr)#zesr ctrl-vlan <1-4094> major-level This configures the role and

role {zess-master | zess-transit}<port1><port2> interface for a ZESR node on
the master ring. The no zesr
ctrl-vlan <1-4094> major-level
configuration.
The parameters of ZESR+ commands are almost the same as those of ZESR commands
in terms of parameter meaning. In a command, the role of a node is uniquely used to
distinguish whether a domain belongs to ZESR+ or ZESR.
role {zess-master | zess-transit} Configures the role of a ZESR+ domain node. ZESS-MASTER
refers to the primary node and ZESS-TRANSIT refers to a
transport node.
13.3 ZESR+ Maintenance

On the ZXR10 5900E, use the following commands to maintain the ZESR+.
Command Function
ZXR10#show zesr brief This shows brief information about

all domains of ZESR or ZESR+.
ZXR10#show zesr ctrl-vlan <1-4094> This shows detailed information

about a specified domain of ZESR
or ZESR+.
brief Shows brief information about all domains of ZESR or ZESR+.
ctrl-vlan <1-4094> Shows detailed information about a specified domain of ZESR

or ZESR+.
An example of the show zesr brief command output is shown below.

ZXR10(config)#show zesr brief
level seg role port port level-state switch-times
major zess(T) smartgroup1(P) gei-0/1/1/6(S) down 1
13-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ctrl-vlan: 200 protectinstance: 2
restarttime: 120(s)
port detect: fast
protocol mac: normal
An example of the show zesr ctrl-vlan <1-4094> command output is shown below.
level: major
state: down
role: zess(T)
port: smartgroup1(P) portstate: block
preforward: 20(s)
switch-times: 1
Caution!
During ZESR+ node configuration, because of special application scenarios of ZESR+,
you must configure the master interface to the link that directly connects the two nodes.
Other configuration requirements are similar to those of ZESR.
13.4 ZESR+ Configuration Example

Figure 13-3 shows a typical network topology of the ZESR+ with dual nodes and dual
upstream links. S1 is a common switch. S1, S2, and S3 form a virtual master ring. The
ZESR+ function is working on S2 and S3. To be specific, S2, S3, and S4 form a slave ring
with the level and segment of 1. S4 acts as the primary node, and S2 and S3 act as edge
assistant nodes.
13-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 13-3 Single-Ring ZESR+ Configuration
of the ZESR domain.
2. Configure the level, segment, role, and interface of the ZESR/ZESR+ node.
These properties of ZESR are applicable to the ZESR+.
ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role zess-master gei-0/1/1/1 gei-0/1/1/2
ZXR10(config-zesr)#zesr ctrl-vlan 4001 level 1 seg 1 role edge-assistant gei-0/1/1/3
ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 major-level role zess-transit gei-0/1/1/1 gei-0/1/1/2
ZXR10(config-zesr)#zesr ctrl-vlan 4001 level 1 seg 1 role edge-assistant gei-0/1/1/3

ZXR10(config)#zesr
ZXR10(config-zesr)#zesr ctrl-vlan 4001 level 1 seg 1 role master gei-0/1/1/1 gei-0/1/1/2
13-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
level: major
state: up
role: zess(M)
hello: 1(s) fail: 3(s)
switch-times: 1
level: 1 seg: 1
state: up
preforward: 20(s)
switch-times: 1

level: major
state: up
role: zess(T)
preforward: 20(s)
switch-times: 1
level: 1 seg: 1
state: up
preforward: 20(s)
switch-times: 1
13-7

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
13-8

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 14
LinkGroup Configuration
Table of Contents
LinkGroup Overview.................................................................................................14-1
Configuring LinkGroup .............................................................................................14-1
LinkGroup Maintenance ...........................................................................................14-2
LinkGroup Configuration Example ............................................................................14-3
14.1 LinkGroup Overview

LinkGroup is an interface management function. It uses an interface linkage group to link
interface states, which effectively monitors the link status. When working together with link
protection protocols such as ZESS, it can protect the link layer in a better way to ensure
network connectivity.
The LinkGroup configures an uplink interface group and a downlink interface group to link
the states of interfaces in the two groups. If all the interfaces in the uplink interface group
are up or down, the states of interfaces in the downlink interface group are configured to
up or down accordingly. By the operation performed on the state of a downlink interface,
the fault that occurs on the upstream link can be sensed quickly by the downstream link.
In this way, the link layer protocol can sense topology changes.
14.2 Configuring LinkGroup

On the ZXR10 5900E, use the following commands to configure a LinkGroup.
1 ZXR10(config)#linkage This enters the LinkGroup

config mode.
2 ZXR10(config-linkage)#group <1-8> downlink <port> This configures the downlink

interface for a LinkGroup of an
interface. The system supports
eight LinkGroups at most and
each LinkGroup supports up to
16 downlink interfaces.
14-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
3 ZXR10(config-linkage)#group <1-8> uplink <port> This configures the uplink

interface for a LinkGroup of
an interface. Each LinkGroup
supports up to eight downlink
interfaces.
4 ZXR10(config-linkage)#no group <1-8>[downlink This clears LinkGroup

<port>| uplink <port>] configuration of an interface.
group<1-8> Configures a LinkGroup ID. The system supports up to eight

LinkGroups.
downlink <port> Configures the downlink interface. port refers to a physical

interface or a SmartGroup interface.
uplink <port> Configures the uplink interface. port refers to a physical interface
or a SmartGroup interface.
The command for clearing configuration in step 4 is the same as the above commands in
terms of description.
14.3 LinkGroup Maintenance

On the ZXR10 5900E, use the following command to maintain the LinkGroup.
Command Function
ZXR10(config)#show linkage-group [<1-8>] This shows the LinkGroup

information of an interface. If no
LinkGroup ID is specified, the
system shows the information of
all LinkGroups.
linkage-group <1-8> Configures a LinkGroup ID. The system supports up to eight

LinkGroups.
14-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 14 LinkGroup Configuration c u -tr a c k
14.4 LinkGroup Configuration Example

As shown in Figure 14-1, the data from interfaces gei-0/1/1/3 and gei-0/1/1/3 on S1 is
forwarded to the upper-layer device through interfaces gei-0/1/1/1 and gei-0/1/1/2. In
addition, the downstream link must sense the fault that occurs on the upstream link. In
this way, a LinkGroup can be configured on an interface to make the downstream link
sense the changes on the upstream link. Interfaces gei-0/1/1/1 and gei-0/1/1/2 are uplink
interfaces, and interfaces gei-0/1/1/3 and gei-0/1/1/4 are downlink interfaces.
Figure 14-1 LinkGroup Configuration
1. Enter the LinkGroup config mode.
2. Configure the uplink interface and downlink interface of a LinkGroup.
ZXR10(config)#linkage
ZXR10(config-linkage)#group 1 downlink gei-0/1/1/3
ZXR10(config-linkage)#group 1 downlink gei-0/1/1/4
ZXR10(config-linkage)#group 1 uplink gei-0/1/1/1
ZXR10(config-linkage)#group 1 uplink gei-0/1/1/2
ZXR10(config)#show linkage-group 1
Group 1
Uplink Interfaces:
Interface: gei-0/1/1/1 Status: up
Downlink Interfaces:
It indicates that the uplink interface and downlink interface are configured successfully.
14-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
14-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 15
L2PT Configuration
Table of Contents
L2PT Overview.........................................................................................................15-1
Configuring L2PT .....................................................................................................15-2
Maintaining L2PT .....................................................................................................15-3
L2PT Configuration Example....................................................................................15-4
15.1 L2PT Overview

Introduction to L2PT
L2PT is a protocol that allows BPDU packets to be transmitted in a layer-2 network
transparently. At the ingress of a BPDU tunnel, L2PT substitutes the MAC address
configured by the users for the original destination MAC address of a BPDU packet.
The packet is transmitted through the BPDU tunnel after being encapsulated. At the
egress of the BPDU tunnel, after receiving and recognizing the packet, L2PT restores
the original destination MAC address of the BPDU packet, and forwards the packet
to the corresponding user network. L2PT achieves transparent transmission of BPDU
packets that use layer-2 management protocols at layer-2 switching networks. L2PT is
independent of the types of layer-2 management protocols, so the applicable layer-2
management protocols provide high extensibility and flexibility.
L2PT Principle
As shown in Figure 15-1, the destination MAC address of the BPDU packets sent from
fei-0/1/0/1 on customer switch A is substituted by the MAC address configured by the users
on edge switch B. After that, the packets are broadcast in the VLAN of the receiving port.
The packets pass across the service provider network, and arrive at edge switch C. On
edge switch C, the original destination MAC addresses of the BPDU packets are restored,
and then the packets are sent to fei-0/1/0/4 of customer switch D from fei-0/1/0/3. It looks
like that customer switch A and customer switch D are connected directly. In this way,
BPDU packets of layer-2 management protocols are transmitted transparently on layer-2
switching networks.
15-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 15-1 L2PT Network Topology
15.2 Configuring L2PT

To configure L2PT on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#l2pt Enters L2PT configuration

mode.
2 ZXR10(config-l2pt)#bpdu-substitute-dmac { dot1x | gvrp Configures the MAC address

| lacp | lldp | stp |<key>} used to substitute the MAC
addresses of BPDU packets.
3 ZXR10(config-l2pt)#Interface<interface name> Enters L2PT interface

configuration mode.
4 ZXR10(config-l2pt-if-interface name)#bpdu-rewrite Enables the destination

{ dot1x | gvrp | lacp | lldp | stp |<key>} MAC address substitution
on an interface. Use the no
configuration.
5 ZXR10(config-l2pt-if-interface name)#bpdu-protect Configures the rate threshold

<num> of protocol packets on an
interface. Use the no
command to restore the
default configuration.
<key> Destination MAC address, format: XXXX.XXXX.XXXX .
15-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 15 L2PT Configuration c u -tr a c k
<key> The value is enable or disable.
<num> Rate threshold of protocol packets, range: 10-300.
15.3 Maintaining L2PT

To maintain the L2PT function on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show l2pt information Displays global configuration

information about L2PT.
ZXR10#show l2pt information <interface-name> Displays configuration information

about L2PT on an interface.
The following is sample output from the show l2pt information command:
ZXR10(config-l2pt)#show l2pt information
All substituted ports: 1
Default protect pps: 100
Protocol Default destination MAC Substituted destination
stp 0180.c200.0000 0123.4567.8989
lldp 0180.c200.000e 0123.4567.8979
Field Description
All substituted ports Number of ports where the destination MAC address
substitution function is enabled.
Default protect pps Default rate threshold of protocol packets.
Protocol Type of the protocol for which the destination MAC address
substitution function is enabled.
The following is sample output from the show l2pt information <interface-name> command:
ZXR10(config-l2pt-if)#show l2pt information gei-0/1/1/1
Interface: gei-0/1/1/1
Destination MAC rewrite: Enable
Protect packages per second: 50
Substituted protocol: stp
15-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Field Description
Interface Interface name.
Destination MAC rewrite Whether the destination MAC address substitution function
is enabled on the interface.
Protect packages per second Rate threshold of protocol packets on the interface.
Substituted Type of the protocol for which the destination MAC address
substitution function is enabled on the interface.
15.4 L2PT Configuration Example

In the network shown in Figure 15-2, L2PT substitutes the destination MAC address of
STP BPDU packets.
Figure 15-2 L2PT Configuration Example
Configuration Flow
1. Enable STP on switch A and switch D.
2. Enable the destination MAC address substitution for STP BPDU packets on switch B
and switch C. Enable the substitution on the interfaces.
Configuration for Switch A:
Switch A(config)#spantree
Switch A(config-stp)#enable
Switch A(config-stp)#mode mstp
Switch A(config-stp)#mst priority 32768 instance 0
Switch A(config-stp-if-gei-0/1/1/1)#enable
Configuration for Switch D:

D(config)#spantree
15-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 15 L2PT Configuration c u -tr a c k
Switch D(config-stp)#enable
Switch D(config-stp)#mode mstp
Switch D(config-stp)#mst priority 40960 instance 0
Switch D(config-stp-if-gei-0/1/1/4)#enable
Configuration for switch B:

Switch B(config-l2pt)#bpdu-substitute-dmac stp 0123.4567.8989
Switch B(config-l2pt-if-gei-0/1/1/2)#bpdu-rewrite stp
Configuration for switch C:

Switch C(config-l2pt)#bpdu-substitute-dmac stp 0123.4567.8989
Switch C(config-l2pt-if-gei-0/1/1/3)#bpdu-rewrite stp
Verify the result of configuration for switch A through the show spantree instance 0 command
as follows:
DUT1(config-if)#show spantree instance 0
MST00

Interface Prio.Nbr
--------------------------------------------------------------------------
Verify the result of configuration for switch D through the show spantree instance 0 command
as follows:
DUT2(config)#show spantree instance 0
MST00
15-5

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c

Interface Prio.Nbr
--------------------------------------------------------------------------
gei-0/1/1/4 128.1 200000 Forward Root p2p MSTP
15-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Chapter 16
GVRP Configuration
Table of Contents
GVRP Overview .......................................................................................................16-1
Configuring GVRP....................................................................................................16-2
Maintaining GVRP....................................................................................................16-2
GVRP Configuration Example ..................................................................................16-3
16.1 GVRP Overview

GARP Overview
Generic Attribute Registration Protocol (GARP) provides a method of dynamically
distributing, transmitting, and registering an attribute between members belonging to
the same switching network. The attribute can be a characteristic such as the VLAN,
multicast MAC address, and port filtering mode. GARP can carry multiple attributes
that need to be transmitted by switches, so the GARP functions are provided by GARP
application protocols.
GVRP Overview
GARP VLAN Registration Protocol (GVRP) is an application protocol defined by GARP. It
dynamically maintains VLAN information on switches based on the protocol mechanism
of GARP. Each switch supporting the GVRP function can receive VLAN registration
information from other switches and dynamically update the local VLAN registration
information, including the VLANs on the switch and the ports in each VLAN. Each
switch supporting the GVRP function can send the local VLAN registration information
to other switches, so that all devices supporting the GVRP function in the same
switching network reach an agreement on intercommunity in VLAN configuration as
needed. VLAN registration information transmitted through GVRP includes static VLAN
information manually configured on the local device and dynamic VLAN information
from other switches. With the GVRP function, VLAN information on different switches
can be dynamically maintained and updated through the protocol. Users only need to
configure VLAN information on a few switches, and the configuration can be applied
on the entire network. Users do not need to spend a lot of time in topology analysis
and configuration management. The protocol dynamically transmits VLAN information
and adds configuration to the corresponding ports based on VLAN configuration on the
network.
GVRP provides the following port registration types, normal, fixed, and forbidden.
16-1

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
1. Normal: A port whose registration type is normal can process received GVRP
messages. On this port, VLANs can be created and registered, and VLAN registration
can be canceled.
2. Fixed: A port whose registration type of a port is fixed ignores all GVRP messages, but
the port remains registration state. VLANs can be created and registered manually.
VLAN registration is disallowed on the port, and VLANs known on this port cannot be
registered on other ports.
3. Forbidden: A port whose registration type of a port is forbidden ignores all GVRP
messages. The registration state of the port is EMPTY. On this port, registration of all
VLANs is canceled, and VLANs are disallowed to be created or registered.
16.2 Configuring GVRP

To configure GVRP on the ZXR10 5900E, perform the following steps:
1 ZXR10(config)#garp Enters GVRP configuration mode.
2 ZXR10(config-garp)#gvrp {enable | disable} Enables or disables the GVRP function.
3 ZXR10(config-garp)#interface Enables or disables the GVRP function on

<interface-name> an interface. To enable the GVRP function
ZXR10(config-garp-if-interface- on an interface, the mode of the interface
name)#gvrp enable must be trunk, and the global GVRP function
must be enabled.
4 ZXR10(config-garp-if-interface- Configures the registration mode of the

name)#garp registration {normal | fixed | interface.
forbidden}
5 ZXR10(config-garp)#garp {hold | join | Configures the GARP timer.

leave | leaveall}timer <time-value>
6 ZXR10(config)#show garp config Displays GARP-related configuration.
16.3 Maintaining GVRP

To maintain GVRP on the ZXR10 5900E, run the following commands:
Command Function
ZXR10#show gvrp statistics interface Displays GVRP statistics.

<interface-name>
ZXR10(config)#clear gvrp statistics {all | interface Clears GVRP statistics.

}
The following is sample output from the show gvrp statistics interface <interface-name>
command:
16-2

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
c u -tr a c k Chapter 16 GVRP Configuration c u -tr a c k
ZXR10(config)#show gvrp statistics interface gei-0/1/1/1

GVRP is enabled.
InterfaceName Status RegMode LastPduOrigin VLAN FailedReg
---------------------------------------------------------------------------
gei-0/1/1/1 Enabled Normal 4c09.b4fc.dd40 0
The following is sample output from the clear gvrp statistics all command:
ZXR10#clear gvrp statistics all
ZXR10#show gvrp statistics interface gei-0/1/1/1
GVRP is enabled.
InterfaceName Status RegMode LastPduOrigin VLAN FailedReg
---------------------------------------------------------------------------
gei-0/1/1/1 Enabled Normal 0000.0000.0000 0
16.4 GVRP Configuration Example

In the network shown in Figure 16-1, gei-0/1/1/1 of switch A belongs to trunk VLAN 100,
and the registration mode is normal. Gei-0/1/1/2 of switch B belongs to trunk VLAN 200,
and the registration mode is fixed. Gei-0/1/1/3 of switch B belongs to trunk VLAN 300, and
the registration mode is normal. Gei-0/1/1/4 of switch C belongs to trunk VLAN 400, and
the registration mode is normal.
Figure 16-1 GVRP Configuration Example
Configuration for switch A:

/*Enable the GVRP function*/
Switch_A(config)#garp
Switch_A(config-garp)#gvrp enable
/*Enable the GVRP function on an interface*/
Switch_A(config-garp)#interface gei-0/1/1/1
Switch_A(config-garp-if-gei-0/1/1/1)#gvrp enable
/*Configure the VLAN attribute on the interface*/
Switch_A(config)#switchvlan-configuration
Switch_A(config-swvlan)#interface gei-0/1/1/1
Configuration for switch B:

Switch_B(config)#garp
16-3

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Switch_B(config-garp)#gvrp enable
Switch_B(config-garp)#interface gei-0/1/1/2
Switch_B(config-garp-if-gei-0/1/1/2)#gvrp enable
Switch_B(config-garp)#interface gei-0/1/1/3
Switch_B(config-garp-if-gei-0/1/1/3)#gvrp enable
/*Configure the registration mode of the interface*/
Switch_B(config-garp)interface gei-0/1/1/2
Switch_B((config-garp-if-gei-0/1/1/2)#garp registration fixed
Switch_B(config)#switchvlan-configuration
Switch_B(config-swvlan)#interface gei-0/1/1/2
Switch_B(config-swvlan-if-gei-0/1/1/2)#switchport mode trunk
Switch_B(config-swvlan-if-gei-0/1/1/2)#switchport trunk vlan 200
Switch_B(config)#switchvlan-configuration
Switch_B(config-swvlan)#interface gei-0/1/1/3
Switch_B(config-swvlan-if-gei-0/1/1/3)#switchport mode trunk
Switch_B(config-swvlan-if-gei-0/1/1/3)#switchport trunk vlan 300
Configuration for switch C:

Switch_C(config)#garp
Switch_C(config-garp)#gvrp enable
Switch_C(config-garp)#interface gei-0/1/1/4
Switch_C(config-garp-if-gei-0/1/1/4)#gvrp enable
Switch_C(config)#switchvlan-configuration
Switch_C(config-swvlan)#interface gei-0/1/1/4
Switch_C(config-swvlan-if-gei-0/1/1/4)#switchport mode trunk
Switch_C(config-swvlan-if-gei-0/1/1/4)#switchport trunk vlan 400
16-4

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figures
Figure 1-1 Topology of ARP Proxy Application ........................................................ 1-12
Figure 1-2 Topology of ARP Proxy Application ........................................................ 1-16
Figure 2-1 Network Topology with VLAN ................................................................. 2-11
Figure 2-2 VLAN Translation Configuration Example .............................................. 2-12
Figure 3-1 VLAN Configuration on Device without SuperVLAN ................................. 3-1
Figure 3-2 Configuration on Device with SuperVLAN ............................................... 3-2
Figure 3-3 SuperVLAN Configuration Example ......................................................... 3-7
Figure 4-1 Voice VLAN Networking Topology (Manual Mode) ................................... 4-4
Figure 4-2 Voice VLAN Networking Topology (Automatic Mode) ............................... 4-5
Figure 5-1 Network Topology with PVLAN................................................................. 5-3
Figure 6-1 QinQ Configuration Example.................................................................... 6-2
Figure 7-1 Packet Cycling and Multiplication ............................................................. 7-2
Figure 7-2 STP Network Topology ............................................................................ 7-3
Figure 7-3 Configuring Multiple STP ....................................................................... 7-13
Figure 7-4 Configuring Fast STP............................................................................. 7-14
Figure 7-5 STP Network Topology (Example 3)....................................................... 7-16
Figure 8-1 LLDP System Structure ........................................................................... 8-2
Figure 8-2 LLDP Neighbor Configuration Example.................................................... 8-9
Figure 8-3 LLDP Attribute Configuration Example ................................................... 8-10
Figure 8-4 LLDP Neighbor Configuration Example.................................................. 8-11
Figure 8-5 LLDP Attribute Configuration Example ................................................... 8-12
Figure 9-1 SmartGroup Link Aggregation.................................................................. 9-2
Figure 9-2 802.3ad Mode Configuration .................................................................... 9-9
Figure 9-3 ON Mode Configuration ......................................................................... 9-12
Figure 9-4 802.3ad Mode Configuration .................................................................. 9-14
Figure 9-5 ON Mode Configuration ......................................................................... 9-17
Figure 10-1 Service Type 1 (in1-out2) ..................................................................... 10-2
Figure 10-2 Service Type 2 (in1-out2 pri designated) .............................................. 10-3
Figure 10-3 Service Type 3 (in1-out2 pri mapping).................................................. 10-4
Figure 10-4 Service Type 4 (in1-out1) ..................................................................... 10-5
Figure 10-5 Service Type 6 (untag-out1, supported only by SVLAN in IFP
mode) ................................................................................................... 10-6

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Figure 10-6 Network Topology with SVLAN (1) ....................................................... 10-8

Figure 10-7 Network Topology with SVLAN (2) ....................................................... 10-9
Figure 10-8 SVLAN Configuration Example .......................................................... 10-15
Figure 11-1 ZESR Single-Ring Network Topology ................................................... 11-1
Figure 11-2 Loop Fault in ZESR Single-Ring Network ............................................. 11-2
Figure 11-3 ZESR Single-Ring Network Topology ................................................... 11-3
Figure 11-4 Loop Fault of ZESR Single-Ring........................................................... 11-3
Figure 11-5 ZESR Multi-Ring Network Topology...................................................... 11-4
Figure 11-6 ZESR Single-Ring Network Topology ................................................. 11-12
Figure 11-7 Multi-Ring ZESR Network Topology.................................................... 11-14
Figure 12-1 ZESS Network Topology ...................................................................... 12-1
Figure 12-2 ZESS Configuration Example............................................................... 12-5
Figure 13-1 ZESR+ Network Topology .................................................................... 13-2
Figure 13-2 Typical ZESR+ Network Topology ........................................................ 13-3
Figure 13-3 Single-Ring ZESR+ Configuration ........................................................ 13-6
Figure 14-1 LinkGroup Configuration ...................................................................... 14-3
Figure 15-1 L2PT Network Topology ....................................................................... 15-2
Figure 15-2 L2PT Configuration Example ............................................................... 15-4
Figure 16-1 GVRP Configuration Example.............................................................. 16-3
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Glossary
ACL
- Access Control List
ARP
- Address Resolution Protocol
BPDU
- Bridge Protocol Data Unit
GARP
- Generic Attribute Registration Protocol
GVRP
- GARP VLAN Registration Protocol
IP
- Internet Protocol
L2PT
- Layer 2 Protocol Tunnel
LACP
- Link Aggregation Control Protocol
LACPDU
- Link Aggregation Control Protocol Data Unit
LLDP
- Link Layer Discovery Protocol
LLDPDU
- Link Layer Discovery Protocol Data Unit
MAC
MAN
- Metropolitan Area Network
MEN
- Metro Ethernet Network
MPLS
- Multiprotocol Label Switching
MSTP
- Multiple Spanning Tree Protocol
OUI
- Organizationally Unique Identifier
III

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
PVLAN
- Private Virtual Local Area Network
QoS
- Quality of Service
STP
- Spanning Tree Protocol
SVLAN
- Selective Virtual Local Area Network
TCP/IP
TLV
- Type/Length/Value
VLAN
- Virtual Local Area Network
VPLS
- Virtual Private LAN Service
VPN
ZESR
- ZTE Ethernet Switch Ring
ZESS
- ZTE Ethernet Smart Switch
IV

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
ZXR10 5900E Series

Configuration Guide (Interface Configuration)
Version: 3.00.11
ZTE CORPORATION
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
LEGAL INFORMATION
herein.
Revision History
Serial Number: SJ-20150114102049-006

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
Contents
Chapter 1 Interface Introduction ............................................................... 1-1
1.1 Interface Types .................................................................................................. 1-1
1.2 Interface Naming Rule ........................................................................................ 1-1
1.3 Viewing Interface Information .............................................................................. 1-2
1.4 Viewing Interface Description .............................................................................. 1-4
Chapter 2 Ethernet Interface Configuration............................................. 2-1

2.1 Ethernet Interface Overview................................................................................ 2-1
2.2 Configuring an Ethernet Interface ........................................................................ 2-2
2.3 Configuring Ethernet Interfaces in Batches......................................................... 2-14
2.4 Ethernet Interface Maintenance......................................................................... 2-19
2.5 Ethernet Interface Configuration Example .......................................................... 2-24
Chapter 3 Logical Interface Configuration............................................... 3-1

3.1 Loopback Interface Configuration ........................................................................ 3-1
3.1.1 Loopback Interface Overview .................................................................... 3-1
3.1.2 Configuring Loopback Interface................................................................. 3-2
3.1.3 Maintaining Loopback Interface................................................................. 3-3
3.1.4 Loopback Interface Configuration Examples .............................................. 3-4
3.2 NULL Interface Configuration .............................................................................. 3-5
3.2.1 NULL Interface Overview .......................................................................... 3-5
3.2.2 Configuring NULL Interface....................................................................... 3-5
3.2.3 Maintaining NULL Interface....................................................................... 3-5
3.2.4 NULL Interface Configuration Example ...................................................... 3-6
Figures............................................................................................................. I
Glossary ........................................................................................................ III

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to
to
k
k
lic
lic
C
C
w
w
m
m
w w
w
w
o
o
.d o .c .d o .c
II

XC e XC e
F- w F- w
PD
PD
er
er
!
!
W
W
O
O
N
N
y
y
bu
bu
to

ZXR10 5900E Series Easy-Maintenance MPLS PDF

Uploaded by

Copyright:

Available Formats

ZXR10 5900E Series Easy-Maintenance MPLS PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ZXR10 5900E Series Easy-Maintenance MPLS PDF

Uploaded by

Copyright:

Available Formats

h a n g e Vi h a n g e Vi

ZXR10 5900E Series

Revision No. Revision Date Revision Reason

R1.0 2015–01–15 First edition

Serial Number: SJ-20150114102049-002

Publishing Date: 2015-01-15 (R1.0)

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

Chapter 2 System Management ................................................................ 2-1

Chapter 3 Network Management............................................................... 3-1

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

3.1.1 SNMP Overview....................................................................................... 3-1

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

3.8.4 Time Range Configuration Example ........................................................ 3-53

Chapter 4 CHM System Configuration ..................................................... 4-1

Chapter 5 MAC Configuration ................................................................... 5-1

Chapter 6 MAC Address Table Configuration.......................................... 6-1

Chapter 7 RMON Configuration ................................................................ 7-1

Chapter 8 PoE Configuration .................................................................... 8-1

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

This page intentionally left blank.

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

About This Manual

What Is in This Manual

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

| Separates individual parameter in series of parameters.

Note: provides additional information about a topic.

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

1.1 Connection Modes

Figure 1-1 ZXR10 5900E's Configuration Methods

1.1.1 FTP Connection Configurations

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

Figure 1-2 Network Scenario for the FTP Server

Figure 1-3 Network Scenario for the FTP Client

FTP Server Configuration

ZXR10(config)#ftp-server enable [listen {<default-port-nu Enables the FTP server

à Disconnect an FTP user.

ZXR10(config)#ftp-server kick-user <user-id> Disconnects the user from the

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

à Configure the top directory.

ZXR10(config)#ftp-server top-directory <word>[{read- Configures the top directory

à Configure the FTP username and password.

ZXR10#show ftp-server Displays the configuration of the

The following is sample output from the show ftp-server command:

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

FTP secure server run state:

Command Output Description

ftp_server run state Operational status of the FTP server.

ftp_server listen port Port number listened to by the FTP server.

user id/username ID or name of the online FTP user.

status Online status of the FTP user.

ip address IP address of the FTP user.

port Port number of the FTP user.

l FTP Server Configuration Example

Figure 1-4 FTP Server Configuration Example

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

FTP Client Configuration

Figure 1-5 Connect to Server Dialog Box

SJ-20150114102049-002|2015-01-15 (R1.0) ZTE Proprietary and Confidential

Figure 1-6 Filezilla Server Dialog Box