EMU Operation Manual (V1.52)

Part 1 Basic Operations
Table of Contents ......................................................................................... Chapter 1 Maintenance Terminal Configuration ........................................... 1.1 Configuring the Local Serial Terminal ............................................... 1.2 Configuring the Remote Serial Terminal ........................................... 1.3 Configuring the Telnet Environment ................................................. Chapter 2 Basic System Operations ............................................................ 2.1 Command Line Operation Characteristics ........................................ 2.1.1 Intelligent Matching ................................................................... 2.1.2 Edit Characteristics ................................................................... 2.1.3 Display Characteristics ............................................................. 2.1.4 Command Line Error Prompts .................................................. 2.1.5 Command Modes ..................................................................... 2.2 Online Help ....................................................................................... 2.3 Setting the Interactive Mode ............................................................. 2.4 Switching the Terminal Languages ................................................... 2.5 Setting the System Time ................................................................... 2.6 Setting the System Name ................................................................. 2.7 Setting the Terminal Type ................................................................. 2.8 Setting the Timeout Exit .................................................................... 2.9 Setting the Terminal Screen Length ................................................. 2.10 Setting the Terminal Screen Clearance .......................................... 2.11 Viewing the Hardware/Software Version ........................................ 2.12 Viewing History Commands ............................................................ 2.13 Viewing the CPU Occupancy Ratio ................................................ 2.14 Network Testing Tools .................................................................... Chapter 3 User Management ....................................................................... 3.1 Overview ........................................................................................... 3.2 Adding/Deleting a User ..................................................................... 3.2.1 Adding a User ........................................................................... 3.2.2 Deleting a User ......................................................................... 3.3 Modifying User Attributes .................................................................. 3.4 Viewing User Information .................................................................. Chapter 4 Line Configuration ....................................................................... 4.1 Overview ........................................................................................... 4.2 Entering Line Configuration Mode .................................................... 4.3 Configuring the Attributes of an Asynchronous Interface.................. 4.4 Defining HyperTerminal Attributes .................................................... 4.5 Viewing Line Information ................................................................... Chapter 5 Board Management ..................................................................... i 1-1 1-1 1-7 1-7 2-1 2-2 2-2 2-2 2-3 2-4 2-4 2-6 2-7 2-8 2-8 2-8 2-9 2-9 2-9 2-10 2-10 2-11 2-11 2-11 3-1 3-1 3-2 3-2 3-3 3-4 3-5 4-1 4-1 4-3 4-3 4-4 4-6 5-1
5.1 Overview ........................................................................................... 5.2 Viewing a Board ................................................................................ 5.3 Adding a Board ................................................................................. 5.4 Confirming a Board ........................................................................... 5.5 Deleting a Board ............................................................................... 5.6 Resetting a Board ............................................................................. 5.7 Replacing a Board ............................................................................ Chapter 6 Network Management Configuration ........................................... 6.1 Overview ........................................................................................... 6.2 Configuring SNMP ............................................................................ 6.2.1 Overview ................................................................................... 6.2.2 Setting the Community Name................................................... 6.2.3 Setting the Trap Sending .......................................................... 6.2.4 Setting Management Attributes ................................................ 6.2.5 Setting the SNMP Packet Size ................................................. 6.2.6 Setting the Name of Local or Remote Device .......................... 6.2.7 Setting an SNMP V3 Group...................................................... 6.2.8 Adding/Deleting a User to/from an SNMP Group ..................... 6.2.9 Creating/Modifying/Deleting/Viewing the View Information ...... 6.3 Configuring the Outband NMS .......................................................... 6.3.1 Setting the IP Address of an Outband Port .............................. 6.3.2 Setting Outband NMS Routes .................................................. 6.3.3 Outband NMS Configuration Example ..................................... 6.4 Configuring the Inband NMS ............................................................. 6.4.1 Setting the IP Address of Inband NMS ..................................... 6.4.2 Setting Inband NMS Routes ..................................................... 6.4.3 Adding an ACL ......................................................................... 6.4.4 Inband NMS Configuration Example ........................................ Chapter 7 RMON Configuration ................................................................... 7.1 Overview ........................................................................................... 7.2 Configuring RMON ............................................................................ 7.2.1 Adding/Deleting an Entry to/from the Alarm Table ................... 7.2.2 Adding/Deleting an Entry to/from the Event Table ................... 7.2.3 Adding/Deleting an Entry to/from the History Control Table ..... 7.2.4 Adding/Deleting an Entry to/from the Statistics Table .............. 7.2.5 Viewing RMON Information ...................................................... 7.3 RMON Configuration Example ..........................................................
5-1 5-2 5-4 5-5 5-6 5-6 5-7 6-1 6-1 6-1 6-1 6-4 6-4 6-5 6-6 6-6 6-6 6-7 6-8 6-8 6-9 6-9 6-10 6-11 6-11 6-12 6-12 6-14 7-1 7-1 7-2 7-2 7-3 7-3 7-4 7-4 7-5
Part 2 Basic Configuration

Table of Contents ......................................................................................... Chapter 8 MAC Address Management ........................................................ i 8-1
8.1 Overview ........................................................................................... 8.2 Configuring MAC Address Table ...................................................... 8.2.1 Adding/Modifying/Deleting Address Items ................................ 8.2.2 Enabling/Disabling the Address Learning................................. 8.2.3 Setting the MAC Address Learning for a Port .......................... 8.2.4 Setting the System MAC Address Aging .................................. 8.2.5 Restoring the Default MAC Address of Main Control Boards ... 8.3 Viewing the MAC Address Table ...................................................... Chapter 9 DHCP Relay Configuration .......................................................... 9.1 Overview ........................................................................................... 9.2 Configuring a DHCP Server .............................................................. 9.2.1 Setting a DHCP Server ............................................................. 9.2.2 Setting the DHCP Relay Standard Mode (VLAN Interface)...... 9.2.3 Setting DHCP Option60............................................................ 9.2.4 Setting the MAC Address Segment .......................................... 9.3 Enabling the Switching Between DHCP L2/L3 Relay ....................... 9.4 Configuring the DHCP Relay Agent Information Option ................... 9.4.1 Enabling/Disabling DHCP Option82 ......................................... 9.4.2 Setting Whether a DHCP packet Includes a Sub-option .......... 9.4.3 Setting the Maximum Length of DHCP Packets ....................... 9.4.4 Viewing the Information on DHCP Option82 Configuration ...... 9.5 Configuration Example ...................................................................... 9.6 DHCP Relay Troubleshooting ........................................................... Chapter 10 ARP Configuration ..................................................................... 10.1 Overview ......................................................................................... 10.2 Configuring the Static ARP ............................................................. Chapter 11 STP Configuration ..................................................................... 11.1 Overview ......................................................................................... 11.1.1 Introduction to STP ................................................................. 11.1.2 Specific Calculation Process of STP Algorithm ...................... 11.1.3 Setting the BPDU Forwarding Mechanism in STP ................. 11.2 Configuring RSTP ........................................................................... 11.2.1 Enabling/Disabling RSTP ....................................................... 11.2.2 Setting/Switching the Operating Mode of RSTP..................... 11.2.3 Setting the Network Diameter ................................................. 11.2.4 Setting the Parameters of a Specified Bridge ......................... 11.2.5 Setting the Parameters of a Specified Port ............................ 11.2.6 Viewing RSTP Information ..................................................... Chapter 12 Cluster Management Configuration ........................................... 12.1 Overview ......................................................................................... 12.1.1 Brief Introduction to Cluster Management ..............................
8-1 8-2 8-2 8-3 8-3 8-4 8-5 8-5 9-1 9-1 9-2 9-3 9-5 9-6 9-7 9-9 9-10 9-11 9-12 9-13 9-13 9-14 9-15 10-1 10-1 10-2 11-1 11-1 11-1 11-1 11-6 11-7 11-8 11-9 11-10 11-10 11-12 11-14 12-1 12-1 12-1
12.1.1 Cluster Roles .......................................................................... 12.1.2 Brief Introduction to HGMP ..................................................... 12.2 Configuring HDP ............................................................................. 12.2.1 Setting HDP ............................................................................ 12.2.2 Viewing HDP Information ....................................................... 12.3 Configuring HTP ............................................................................. 12.3.1 Introduction to HTP ................................................................. 12.3.2 Setting HTP ............................................................................ 12.3.3 Viewing HTP Information ........................................................ 12.4 Configuring a Cluster ...................................................................... 12.4.1 Enabling/Disabling the Cluster Function................................. 12.4.2 Setting the Cluster IP Address Pool ....................................... 12.4.3 Specify the Command Device ................................................ 12.4.4 Adding/Deleting a Cluster Member ......................................... 12.4.5 Setting the Cluster Parameters .............................................. 12.4.6 Setting the Member Accessing ............................................... 12.4.7 Viewing Cluster Information .................................................... 12.5 Cluster Management Configuration Example ................................. Chapter 13 AAA and RADIUS Configuration ............................................... 13.1 Overview ......................................................................................... 13.1.1 Introduction to AAA ................................................................. 13.1.2 Introduction to RADIUS .......................................................... 13.1.3 Implementing AAA on the MA5300 ........................................ 13.2 Configuring AAA ............................................................................. 13.2.1 Setting an Authentication/Authorization Scheme ................... 13.2.2 Setting an Accounting Scheme .............................................. 13.2.3 Creating/Deleting an ISP Domain ........................................... 13.2.4 Configuring a User.................................................................. 13.2.5 Viewing AAA Information ........................................................ 13.3 Configuring RADIUS ....................................................................... 13.3.1 Creating/Deleting a RADIUS Server Group ............................ 13.3.2 Setting the IP Address and Port Number of RADIUS Server ................................................................................................ 13.3.3 Setting the Encryption Key of RADIUS Packet ....................... 13.3.4 Setting the Response Timeout Timer of RADIUS Server ....... 13.3.5 Setting the Retransmit Times of RADIUS Request Packet .... 13.3.6 Setting the Realtime Accounting Interval ................................ 13.3.7 Setting the Maximum Failure Count of Realtime Accounting Request .......................................................................... 13.3.8 Setting the Maximum Times for Resending Account-Stop Request .............................................................................................
12-2 12-3 12-5 12-6 12-7 12-8 12-8 12-9 12-12 12-12 12-14 12-14 12-15 12-15 12-17 12-19 12-22 12-22 13-1 13-1 13-1 13-1 13-2 13-3 13-5 13-6 13-6 13-10 13-11 13-11 13-14 13-14 13-15 13-16 13-16 13-16 13-17 13-18
13.3.9 Setting the RADIUS Server Type ........................................... 13.3.10 Setting the RADIUS Server State ......................................... 13.3.11 Setting the Format of Username Sent to RADIUS Server .... 13.4 Viewing RADIUS Information .......................................................... 13.5 AAA and RADIUS Configuration Example ...................................... 13.6 Fault Diagnosis and Troubleshooting ............................................. Chapter 14 802.1x Configuration ................................................................. 14.1 Overview ......................................................................................... 14.1.1 Introduction to 802.1x ............................................................. 14.1.2 802.1x System Architecture .................................................... 14.1.3 802.1x Authentication Process ............................................... 14.1.4 Implementing 802.1x on MA5300 ........................................... 14.2 Configuring 802.1x .......................................................................... 14.2.1 Enabling/Disabling 802.1x ...................................................... 14.2.2 Setting the Port Access Control Mode.................................... 14.2.3 Setting the Port Access Control Method................................. 14.2.4 Setting the Number of Users Per Port .................................... 14.2.5 Enabling/Disabling the DHCP Trigger Authentication ............ 14.2.6 Setting the Authenticator-to-Supplicant Frame-Retry Times ................................................................................................. 14.2.7 Configuring the Timer Parameters ......................................... 14.2.8 Viewing 802.1x Information .................................................... 14.3 802.1x Configuration Example ........................................................ 14.3.1 802.1x Access (Local Authentication) .................................... 14.3.2 802.1x Access (Remote Authentication) ................................ Chapter 15 ACL Configuration ..................................................................... 15.1 Introduction to ACL ......................................................................... 15.1.1 Overview................................................................................. 15.1.2 Setting the Match Order ......................................................... 15.1.3 ACLs Supported by the MA5300 ............................................ 15.2 Configuring an ACL ......................................................................... 15.2.1 Setting the Time Range .......................................................... 15.2.2 Defining an ACL ..................................................................... 15.2.3 Activating an ACL ................................................................... 15.2.4 Viewing ACL Information ........................................................ 15.3 ACL Configuration Example............................................................ Chapter 16 QoS Configuration ..................................................................... 16.1 Overview ......................................................................................... 16.2 Configuring QoS ............................................................................. 16.2.1 Setting the Traffic Policing ...................................................... 16.2.2 Setting the Port Rate Limit......................................................
13-18 13-18 13-19 13-19 13-20 13-20 14-1 14-1 14-1 14-1 14-3 14-4 14-4 14-5 14-6 14-6 14-7 14-7 14-7 14-7 14-8 14-8 14-9 14-11 15-1 15-1 15-1 15-1 15-2 15-3 15-3 15-4 15-9 15-11 15-12 16-1 16-1 16-5 16-6 16-7
16.2.3 Setting the Packet Redirection ............................................... 16.2.4 Setting the Priority Tag ........................................................... 16.2.5 Setting the Queue Scheduling ................................................ 16.2.6 Setting the Traffic Mirroring .................................................... 16.2.7 Setting Traffic Statistics .......................................................... 16.2.8 Viewing QoS Information ........................................................ 16.3 QoS Configuration Example ........................................................... Chapter 17 IP Performance Configuration ................................................... 17.1 Configuring the TCP Attributes ....................................................... 17.2 Viewing and Debugging the IP Performance .................................. 17.3 IP Performance Troubleshooting .................................................... Chapter 18 Overview of IP Routing Protocol................................................ 18.1 IP Routing and Routing Table ......................................................... 18.1.1 Route and Route Segment ..................................................... 18.1.2 Route Selection through the Routing Table ............................ 18.2 Route Management Policy .............................................................. 18.2.1 Routing Protocols and Routing Priority ................................... 18.2.2 Load Sharing and Route Backup ............................................ 18.3 Configuring a Static Route .............................................................. 18.3.1 Overview................................................................................. 18.3.2 Setting a Static Route ............................................................. 18.3.3 Viewing a Static Route ........................................................... 18.3.4 Static Route Configuration Example....................................... 18.3.5 Static Route Troubleshooting ................................................. 18.4 Configuring OSPF ........................................................................... 18.4.1 Overview................................................................................. 18.4.2 Setting OSPF .......................................................................... 18.4.3 Viewing OSPF Information ..................................................... 18.4.4 OSPF Configuration Example (Setting DR Election by OSPF Preference) ............................................................................. 18.4.5 OSPF Configuration Example (Setting OSPF Virtual Links) ................................................................................................. 18.4.6 OSPF Troubleshooting ...........................................................
16-7 16-7 16-9 16-9 16-10 16-11 16-12 17-1 17-1 17-2 17-2 18-1 18-1 18-1 18-2 18-4 18-4 18-5 18-5 18-5 18-6 18-8 18-9 18-10 18-10 18-10 18-15 18-34 18-35 18-38 18-39
Part 3 Service Configuration

Table of Contents ......................................................................................... Chapter 19 Ethernet Port Configuration ....................................................... 19.1 Overview ......................................................................................... 19.2 Configuring an Ethernet Port .......................................................... 19.2.1 Setting Port Physical Properties ............................................. 19.2.2 Setting the Port Flow Control .................................................. i 19-1 19-1 19-4 19-4 19-5
19.2.3 Setting the Port Broadcast Storm Suppression ...................... 19.2.4 Setting the Port Priority Level ................................................. 19.2.5 Setting the Maximum Multicast Group Counts ....................... 19.2.6 Enabling/Disabling the Long Frames on an Ethernet Port ..... 19.2.7 Setting the MAC Address Learning for an Ethernet Port ........ 19.2.8 Setting the Port Aggregation .................................................. 19.2.9 Adding an Ethernet Port to a VLAN ........................................ 19.2.10 Setting the Ethernet Port Working Mode .............................. 19.2.11 Enabling/Disabling an Ethernet Port ..................................... 19.3 Viewing/Clearing Ethernet Port Information .................................... 19.3.1 Viewing Ethernet Port Information .......................................... 19.3.2 Clearing the Ethernet Port Information ................................... Chapter 20 xDSL Port Configuration ............................................................ 20.1 Overview ......................................................................................... 20.2 Configuring an xDSL port ................................................................ 20.2.1 Setting the Parameters of an xDSL Port ................................ 20.2.2 Description of xDSL Port Status ............................................. 20.2.3 Blocking/Unblocking an xDSL Port ......................................... 20.2.4 Activating/Deactivating an xDSL Port ..................................... 20.3 Configuring an xDSL Line Profile .................................................... 20.3.1 Adding a VDSL line profile...................................................... 20.3.2 Adding an ADSL/ADSL2+ Line profile .................................... 20.3.3 Adding an SHDSL Line Profile ............................................... 20.3.4 Deleting an xDSL Line Profile ................................................. 20.3.5 Modifying an xDSL Line Profile .............................................. 20.3.6 Viewing an xDSL Line Profile ................................................. 20.4 Configuring an xDSL Alarm Profile ................................................. 20.4.1 Adding a VDSL Alarm Profile ................................................. 20.4.2 Adding an ADSL/ADSL2+ Alarm Profile ................................. 20.4.3 Adding an SHDSL Alarm Profile ............................................. 20.4.4 Deleting an xDSL Alarm Profile .............................................. 20.4.5 Modifying an xDSL Alarm Profile ............................................ 20.4.6 Viewing the Configurations of an xDSL Alarm Profile ............ 20.4.7 Binding/Unbinding an xDSL Alarm Profile .............................. 20.5 Viewing the Information of an xDSL Port ........................................ 20.6 Maintaining an xDSL Port ............................................................... 20.6.1 Resetting an xDSL Port and Chipset ...................................... 20.6.2 Setting xDSL Port Loopback .................................................. 20.6.3 Testing the ATM Link Connectivity of an ADSL Port .............. 20.6.4 Single-ended Test of an ADSL2+ Port ................................... 20.6.5 Viewing the Bit Allocation of an ADSL2+ Port ........................
19-5 19-5 19-6 19-6 19-6 19-7 19-8 19-8 19-9 19-9 19-9 19-9 20-1 20-1 20-4 20-4 20-8 20-8 20-8 20-10 20-10 20-13 20-21 20-24 20-24 20-25 20-26 20-26 20-29 20-33 20-35 20-36 20-36 20-37 20-37 20-39 20-39 20-39 20-40 20-41 20-42
20.6.6 Viewing the Power State of an ADSL Port ............................. 20.7 VDSL CPE Management ................................................................ 20.7.1 Enabling/Disabling VDSL CPE Binding .................................. 20.7.2 Enabling/Disabling the Automatic Upgrade of VDSL CPE ..... 20.8 VDSL Configuration Example ......................................................... 20.8.1 Configuration Procedure......................................................... 20.8.2 Networking Description ........................................................... 20.8.3 Data Configuration.................................................................. 20.8.4 Verification .............................................................................. 20.9 ADSL/ADSL2+ Configuration Example ........................................... 20.9.1 Configuration Procedure......................................................... 20.9.2 Networking Description ........................................................... 20.9.3 Data Configuration.................................................................. 20.9.4 Verification .............................................................................. 20.10 SHDSL Configuration Example ..................................................... 20.10.1 Configuration Procedure ....................................................... 20.10.2 Networking Description......................................................... 20.10.3 Data Configuration ................................................................ 20.10.4 Verification ............................................................................ Chapter 21 PVC and Access Configuration ................................................. 21.1 Configuring a Single PVC ............................................................... 21.1.1 Setting the VPI and VCI .......................................................... 21.1.2 Setting the Connection Type of a Single PVC ........................ 21.1.3 Enabling/Disabling the Single-PVC Multi-service Dispatch .... 21.1.4 Viewing the Single-PVC Configuration ................................... 21.2 Configuring Multiple PVCs .............................................................. 21.2.1 Enabling/Disabling the Multi-PVC Function ............................ 21.2.2 Adding PVCs to a Port............................................................ 21.2.3 Deleting a PVC from a Port .................................................... 21.2.4 Modifying the PVC Configurations of a Port ........................... 21.2.5 Viewing the Configuration of Multi-PVC ................................. 21.3 Configuring IPoA ............................................................................. 21.3.1 Overview................................................................................. 21.3.2 Setting an IPoA Connection (Single-PVC) ............................. 21.3.3 Setting an IPoA Connection (Multi-PVC) ................................ 21.3.4 Setting the Source MAC Address ........................................... 21.3.5 Setting the Default IP Address of the Upper Layer Gateway ............................................................................................ 21.3.6 Setting the Mode of Obtaining Peer End IP Address ............. 21.3.7 Viewing IPoA information ....................................................... 21.3.8 L2 IPoA Access Configuration Example .................................
20-42 20-43 20-43 20-44 20-45 20-45 20-45 20-46 20-47 20-47 20-47 20-48 20-48 20-50 20-50 20-50 20-50 20-51 20-52 21-1 21-1 21-2 21-3 21-3 21-5 21-6 21-7 21-8 21-8 21-8 21-9 21-10 21-10 21-12 21-13 21-14 21-15 21-16 21-17 21-19
21.3.9 L3 IPoA Access Configuration Example ................................. 21.4 Configuring PPPoA ......................................................................... 21.4.1 Overview................................................................................. 21.4.2 Setting Up a PPPoA Connection (Single PVC) ...................... 21.4.3 Setting Up a PPPoA Connection (Multi-PVC) ........................ 21.4.4 Setting the PPPoA Source MAC Address .............................. 21.4.5 Setting the PPPoA Destination MAC Address........................ 21.4.6 Setting the PPPoA Session ID Area ....................................... 21.4.7 Viewing PPPoA Information ................................................... 21.4.8 PPPoA Access Configuration Example-Static Mode .............. 21.4.9 PPPoA Access Configuration Example-Dynamic Mode ......... 21.5 Configuring PITP ............................................................................. 21.5.1 Overview................................................................................. 21.5.2 Setting PITP V Mode .............................................................. 21.5.3 Setting the PITP P Mode ........................................................ 21.6 PPPoE Plus Configuration Example ............................................... Chapter 22 VLAN Configuration ................................................................... 22.1 Overview ......................................................................................... 22.2 Configuring a Common VLAN......................................................... 22.2.1 Configuring a Common VLAN ................................................ 22.2.2 Configuring VLANs in Batches ............................................... 22.2.3 Configuring the VLAN Trunk................................................... 22.2.4 Configuring a VLAN Interface ................................................. 22.2.5 VLAN Configuration Example (Configuring LAN Interconnection) ................................................................................. 22.2.6 VLAN Configuration Example (Configuring VLAN Trunk Interconnection) ................................................................................. 22.3 Configuring a Smart VLAN .............................................................. 22.3.1 Setting/Canceling a VLAN as a Smart VLAN ......................... 22.3.2 Adding/Deleting an Upstream Port to/from a Smart VLAN ..... 22.3.3 Adding/Deleting an Downstream Port to/from a Smart VLAN ................................................................................................. 22.3.4 Viewing Smart VLAN Information ........................................... 22.3.5 Smart VLAN Configuration Example (Access Mode) ............. 22.3.6 Smart VLAN Configuration Example (Trunk Mode) ................ 22.3.7 Smart VLAN Configuration Example-Comprehensive Application ......................................................................................... 22.4 Configuring a MUX VLAN ............................................................... 22.4.1 Enabling/Disabling a MUX VLAN ........................................... 22.4.2 Configuring the MUX VLAN Configuration Profile .................. 22.4.3 Specifying the Upstream Port and Range of Local MUX VLANs ...............................................................................................
21-22 21-24 21-24 21-26 21-27 21-28 21-28 21-28 21-30 21-30 21-33 21-35 21-35 21-36 21-37 21-40 22-1 22-1 22-1 22-2 22-4 22-5 22-6 22-7 22-11 22-14 22-14 22-15 22-15 22-16 22-17 22-18 22-20 22-24 22-26 22-26 22-27
22.4.4 Specifying the Cascading Port and Range of Cascaded MUX VLANs ...................................................................................... 22.4.5 Setting the MUX VLANs for a Specified Service Board .......... 22.4.6 Setting the MUX VLAN for a Specified Port ........................... 22.4.7 Viewing MUX VLAN information ............................................. 22.4.8 Basic Application of MUX VLAN ............................................. 22.4.9 MUX VLAN Cascading Application ......................................... 22.4.10 Comprehensive MUX VLAN Application .............................. 22.4.11 Notes for Using MUX VLAN ................................................. 22.5 Configuring a QinQ VLAN ............................................................... 22.5.1 Overview................................................................................. 22.5.2 Setting a Common VLAN as a QinQ VLAN ............................ 22.5.3 Adding/Deleting an Upstream Port to/from a QinQ VLAN ...... 22.5.4 Adding/Deleting a Downstream Port to/from a QinQ VLAN ... 22.5.5 Configuring a QinQ VLAN PVC .............................................. 22.5.6 Viewing the Configuration of a QinQ VLAN ............................ 22.5.7 QinQ VLAN Configuration Example ....................................... 22.6 Configuring VLAN Stacking ............................................................ 22.6.1 Overview................................................................................. 22.6.2 Configuring a Common VLAN as a VLAN Stacking ............... 22.6.3 Adding/Deleting an Upstream Port to/from a VLAN Stacking ............................................................................................. 22.6.4 Adding/Deleting a Downstream Port to/from a VLAN Stacking ............................................................................................. 22.6.5 Configuring the Inner VLAN Tag for a VLAN Stacking Port/PVC ............................................................................................ 22.6.6 Configuring a Port/PVCs Inner Priority ................................ 22.6.7 Configuring a VLAN Stacking PVC ......................................... 22.6.8 Viewing the Configuration of a VLAN Stacking ...................... 22.6.9 VLAN Stacking Configuration Example .................................. Chapter 23 IGMP Snooping Configuration ................................................... 23.1 Overview ......................................................................................... 23.1.1 IGMP Snooping Principle ....................................................... 23.1.2 Implementation of IGMP Snooping ......................................... 23.2 Configuring IGMP Snooping ........................................................... 23.2.1 Enabling/Disabling IGMP Snooping Globally ......................... 23.2.2 Setting the Aging Time of Multicast Group Member Port ....... 23.2.3 Setting the Aging Time of the Router Port .............................. 23.2.4 Setting the Maximum Response Time.................................... 23.2.5 Enabling a User to Leave a Multicast Group Fast .................. 23.2.6 Setting a Router Port .............................................................. 23.2.7 Viewing IGMP Snooping Information ......................................
22-28 22-28 22-29 22-29 22-30 22-34 22-39 22-44 22-45 22-45 22-46 22-46 22-47 22-48 22-49 22-49 22-51 22-51 22-53 22-53 22-54 22-55 22-55 22-56 22-56 22-57 23-1 23-1 23-1 23-2 23-5 23-6 23-6 23-6 23-6 23-7 23-7 23-7
23.3 Configuring Multicast VLAN ............................................................ 23.3.1 Setting the Upstream Port of a Multicast VLAN ...................... 23.3.2 Setting the Downstream Port of a Multicast VLAN ................. 23.3.3 Viewing the Multicast VLAN ................................................... 23.3.4 Multicast VLAN Configuration Example .................................. 23.4 Troubleshooting IGMP Snooping .................................................... Chapter 24 IGMP Proxy Configuration ......................................................... 24.1 Overview ......................................................................................... 24.2 Configuring Basic IGMP Proxy ....................................................... 24.2.1 Enabling/Disabling IGMP Proxy ............................................. 24.2.2 Setting the Master Upstream Port .......................................... 24.2.3 Setting the Parameters for a Multicast Router........................ 24.2.4 Setting the Static Multicast Members of an IGMP Proxy Group ................................................................................................. 24.3 Configuring the Program Library and Authority Profile ................... 24.3.1 Maintaining a Program Library ............................................... 24.3.2 Setting the Authority Profile .................................................... 24.3.3 Setting the User Authority ....................................................... 24.4 Viewing IGMP Proxy Information .................................................... Chapter 25 ISU Configuration ...................................................................... 25.1 Overview ......................................................................................... 25.2 Configuring an ISU Board ...............................................................
23-8 23-9 23-10 23-10 23-11 23-14 24-1 24-1 24-2 24-2 24-3 24-3 24-5 24-6 24-8 24-10 24-13 24-16 25-1 25-1 25-2
Part 4 Maintenance Operations

Table of Contents ......................................................................................... i Chapter 26 System Maintenance ................................................................. 26-1 26.1 Overview ......................................................................................... 26-1 26.2 Configuring the File System ............................................................ 26-1 26.2.1 Directory Related Operations ................................................. 26-1 26.2.2 File-Related Operations .......................................................... 26-2 26.2.3 Memory Device Related Operations....................................... 26-2 26.3 Configuring FTP and TFTP ............................................................. 26-3 26.3.1 Overview................................................................................. 26-3 26.3.2 Setting FTP ............................................................................. 26-4 26.3.3 Setting TFTP .......................................................................... 26-6 26.4 Auto Online Upgrading .................................................................... 26-7 26.4.1 Upgrading from a Previous Version to the First Version That Supports Automatic Upgrading ................................................. 26-7 26.4.2 Upgrading a Previous Version to That Later than the First Version Supporting Auto Online Upgrading....................................... 26-11 26.4.3 Upgrading a Version Supporting Auto Online Upgrading or Later Versions ................................................................................... 26-11
26.5 Loading ........................................................................................... 26.5.1 Loading the Version Supporting Auto Online Upgrading ........ 26.5.2 Loading the Version Not Supporting Auto Online Upgrading .......................................................................................... 26.6 Backup ............................................................................................ 26.6.1 Viewing and Saving the System Configuration Files .............. 26.6.2 Backing Up the System Data Using TFTP ............................. 26.6.3 Backing Up the System Data Using FTP ................................ 26.7 Patch Management ......................................................................... 26.7.1 Overview................................................................................. 26.7.2 Procedure for Patch Operations ............................................. 26.8 Patch Loading Examples ................................................................ Chapter 27 Logs and Alarms........................................................................ 27.1 Log Management ............................................................................ 27.1.1 Viewing Logs .......................................................................... 27.1.2 Setting the Log Host ............................................................... 27.2 Configuring Alarms ......................................................................... 27.2.1 Viewing Alarm Records .......................................................... 27.2.2 Viewing the Alarm Configuration ............................................ 27.2.3 Setting Alarm Levels............................................................... 27.2.4 Setting the Alarm Output on a CLI Terminal........................... 27.2.5 Setting Alarm Statistics ........................................................... 27.2.6 Setting the Alarm Threshold ................................................... 27.2.7 Viewing/Clearing Alarm Statistics ........................................... 27.2.8 Viewing Basic Alarm Information ............................................ Chapter 28 Active/Standby Switchover ........................................................ 28.1 Overview ......................................................................................... 28.1.1 Basic Principles ...................................................................... 28.1.2 Active/Standby Switchover Modes ......................................... 28.2 Preconditions for Active/Standby Switchover ................................. 28.3 MA5300+Dual-ISU Active/Standby Switchover .............................. 28.4 ESM+EIU Active/Standby Switchover ............................................ 28.4.1 Establishing the Switch-over Environment ............................. 28.4.2 Active/Standby Switchover Configuration Commands ........... 28.4.3 Setting the Automatic Switchover ........................................... 28.4.4 Setting the Manual Switchover ............................................... Chapter 29 Environment Monitoring Management....................................... 29.1 Overview ......................................................................................... 29.2 Configuration Procedure ................................................................. 29.3 Configuring an EMU........................................................................ 29.3.1 Adding/Deleting/Viewing an EMU ...........................................
26-11 26-12 26-12 26-19 26-19 26-21 26-22 26-23 26-23 26-25 26-25 27-1 27-1 27-1 27-2 27-2 27-4 27-6 27-6 27-7 27-8 27-9 27-10 27-10 28-1 28-1 28-1 28-2 28-3 28-3 28-8 28-8 28-8 28-10 28-10 29-1 29-1 29-2 29-2 29-3
29.3.2 Entering the EMU Configuration Mode ................................... 29.5 Configuring EMU-Power 4875/4845 ............................................... 29.4.1 Setting H303ESC Environment Monitor Parameters .............. 29.4.2 Viewing the H303ESC Environment Information .................... 29.5 Configuring EMU-Power 4875/4845 ............................................... 29.5.1 Configuring the 4875/4845 Power Module ............................. 29.5.2 Viewing the Information on POWER4875/4845 ..................... 29.6 Configuring EMU-DIS ..................................................................... 29.6.1 Setting DIS Parameters .......................................................... 29.6.2 Viewing DIS Information ......................................................... 29.7 Configuration Example .................................................................... 29.7.1 Setting H303ESC ................................................................... 29.7.2 Setting a DIS ..........................................................................
29-5 29-6 29-6 29-7 29-8 29-9 29-10 29-11 29-12 29-12 29-13 29-13 29-16
Part 5 Appendix
Table of Contents ......................................................................................... Appendix A Acronyms and Abbreviations .................................................... i A-1
Index ................................................................................................
HUAWEI
1. Basic Operations 2. Basic Configuration 3. Service Configuration 4. Maintenance Operations 5. Appendix
SmartAX MA5300/5303 Broadband Access System Operation Manual V100R005
Huawei Technologies Proprietary
SmartAX MA5300/5303 Broadband Access System Operation Manual

Manual Version Product Version BOM T2-051692-20050518-C-1.52 V100R005 31161292
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. Please feel free to contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address: Administration Building, Huawei Technologies Co., Ltd., Bantian, Longgang District, Shenzhen, P. R. China Postal Code: 518129 Website: http://www.huawei.com Email: support@huawei.com
Copyright 2005 Huawei Technologies Co., Ltd.
All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks
, HUAWEI, C&C08, EAST8000, HONET,
, ViewPoint, INtess, ETS, DMC,
TELLIN, InfoLink, Netkey, Quidway, SYNLOCK, Radium, M900/M1800, TELESIGHT, Quidview, Musa, Airbridge, Tellwin, Inmedia, VRP, DOPRA, iTELLIN, HUAWEI OptiX, C&C08 iNET, NETENGINE, OptiX, iSite, U-SYS, iMUSE, OpenEye, Lansway, SmartAX, infoX, and TopEng are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this manual are the property of their respective holders.
Notice
The information in this manual is subject to change without notice. Every effort has been made in the preparation of this manual to ensure accuracy of the contents, but all statements, information, and recommendations in this manual do not constitute the warranty of any kind, express or implied.
About This Manual

Release Notes
This manual applies to the SmartAX MA5300/MA5303 Broadband Access System V100R005.
Related Manuals
The following manuals provide information about the MA5300/5303. Manual SmartAX MA5300/5303 Broadband Access System Technical Manual SmartAX MA5300/5303 Broadband Access System Operation Manual SmartAX MA5300/5303 Broadband Access System Command Help (CD-ROM) SmartAX MA5300/5303 Broadband Access System Hardware Description SmartAX MA5300 Broadband Access System Installation Manual SmartAX MA5303 Broadband Access System Installation Manual SmartAX MA5300/5303 Broadband Access System Troubleshooting Manual Documentation CD ROM Content It provides an overall introduction to the MA5300 Series, including the major functions, system structure, service implementation, management & maintenance, networking & applications. It is used for assisting the users in general operations of the MA5300 Series, data configurations and typical applications. It introduces all commands available in the MA5300 Series, as well as the command usage and examples. It is only available in electronic form. It introduces the hardware components of the MA5300 and MA5303, including the service frames, boards, and cables. It provides information on the system installation of the MA5300. It provides information on the system installation of the MA5303. It assists you in analyzing and handling some common faults. It contains the package of documentation.
Difference between the MA5300 and the MA5303

This manual takes the MA5300 for illustration. Also refer to this manual for configuration of the MA5303. The following describes the difference between the MA5300 and the MA5303. Both the MA5300 and the MA5303 are Huawei-developed broadband access devices that provide broadband access services such as ADSL, VDSL and LAN. The MA5300 is of the cabinet structure. Each MA5300 frame has 16 slots, among which slots 7 and 8 house the ESM board, while slots 06, 915 house various service boards. Slots 14 and 15 can also house the ISU boards. The MA5303 has 7 slots, among which slot 7 houses the ESM board, while slots 16 house various service boards. The MA5303 does not support the ISU board or the EIU board. It does not support active/standby switchover either. See the following table. Difference between the MA5300 and the MA5303 MA5300 Indicator Slot No. for ESM Slot No. for service boards MA5300> 78 06, 915 MA5303> 7 16 MA5303
Special care shall be taken in configuring data for the MA5303 slot. The system will issue alarms for configurations in the wrong slot number.
Organization
The manual assists the users in general operations, data configurations and typical applications of the MA5300. There are four parts in the manual, including: Part 1 Basic Operations details the maintenance terminal configuration, basic system operation, user management, line management, board management, network management configuration and RMON configuration. Part 2 Basic Configuration details the MAC address management, DHCP Relay configuration, ARP configuration, STP configuration, cluster management configuration, AAA and RADIUS configuration, 802.1x configuration, ACL and QoS configuration and routing protocol configuration.
Part 3 Service Configuration describes configuration of Ethernet, VDLS, ADSL, ADSL2+ and SHDSL ports, PVC and access configuration, VLAN configuration, multicast configuration and ISU configuration. Part 4 Maintenance Operations elaborates on maintenance operations including file management, loading & backup, patch management, log & alarm management, , active/standby switchover, and environment monitoring management. Appendix lists acronyms and abbreviations involved in this manual.
Intended Audience
The manual is intended for the following readers: Network designers Network administrators xDSL system engineers
Conventions
The manual uses the following conventions:
I. General conventions
Convention Arial Boldface Courier New Description Normal paragraphs are in Arial. Headings are in Boldface. Terminal Display is in Courier New.
II. Command conventions

Convention Boldface italic [] { x | y | ... } [ x | y | ... ] Description The keywords of a command line are in Boldface. Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by vertical bars. One is selected. Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.
Convention { x | y | ... } *
Description Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected. Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.
[ x | y | ... ] *
III. GUI conventions

Convention <> Description Button names are inside angle brackets. For example, click the <OK> button. Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window. Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].
[]
IV. Keyboard operation

Format <Key> <Key1+Key2> <Key1, Key2> Description Press the key with the key name inside angle brackets. For example, <Enter>, <Tab>, <Backspace>, or <A>. Press the keys concurrently. For example, <Ctrl+Alt+A> means the three keys should be pressed concurrently. Press the keys in turn. For example, <Alt, A> means the two keys should be pressed in turn.
V. Mouse operation
Action Click Double Click Drag Description Press the left button or right button quickly (left button by default). Press the left button twice continuously and quickly. Press and hold the left button and drag it to a certain position.
VI. Symbols
Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows:
Caution: Means reader be extremely careful during the operation. Note: Means a complementary description.
Operation Manual SmartAX MA5300/5303 Broadband Access System
Table of Contents
Table of Contents
01-Basic Operations
Chapter 1 Maintenance Terminal Configuration ........................................................................ 1-1 1.1 Configuring the Local Serial Terminal ............................................................................... 1-1 1.2 Configuring the Remote Serial Terminal ........................................................................... 1-7 1.3 Configuring the Telnet Environment .................................................................................. 1-7 Chapter 2 Basic System Operations ........................................................................................... 2-1 2.1 Command Line Operation Characteristics......................................................................... 2-2 2.1.1 Intelligent Matching ................................................................................................. 2-2 2.1.2 Edit Characteristics ................................................................................................. 2-2 2.1.3 Display Characteristics............................................................................................ 2-3 2.1.4 Command Line Error Prompts ................................................................................ 2-4 2.1.5 Command Modes .................................................................................................... 2-4 2.2 Online Help ........................................................................................................................ 2-6 2.3 Setting the Interactive Mode .............................................................................................. 2-7 2.4 Switching the Terminal Languages.................................................................................... 2-8 2.5 Setting the System Time.................................................................................................... 2-8 2.6 Setting the System Name .................................................................................................. 2-8 2.7 Setting the Terminal Type.................................................................................................. 2-9 2.8 Setting the Timeout Exit..................................................................................................... 2-9 2.9 Setting the Terminal Screen Length .................................................................................. 2-9 2.10 Setting the Terminal Screen Clearance......................................................................... 2-10 2.11 Viewing the Hardware/Software Version ....................................................................... 2-10 2.12 Viewing History Commands........................................................................................... 2-11 2.13 Viewing the CPU Occupancy Ratio ............................................................................... 2-11 2.14 Network Testing Tools ................................................................................................... 2-11 Chapter 3 User Management........................................................................................................ 3-1 3.1 Overview ............................................................................................................................ 3-1 3.2 Adding/Deleting a User...................................................................................................... 3-2 3.2.1 Adding a User.......................................................................................................... 3-2 3.2.2 Deleting a User........................................................................................................ 3-3 3.3 Modifying User Attributes................................................................................................... 3-4 3.4 Viewing User Information................................................................................................... 3-5 Chapter 4 Line Configuration....................................................................................................... 4-1 4.1 Overview ............................................................................................................................ 4-1 4.2 Entering Line Configuration Mode ..................................................................................... 4-3 4.3 Configuring the Attributes of an Asynchronous Interface .................................................. 4-3
Huawei Technologies Proprietary i
Table of Contents
4.4 Defining HyperTerminal Attributes..................................................................................... 4-4 4.5 Viewing Line Information ................................................................................................... 4-6 Chapter 5 Board Management ..................................................................................................... 5-1 5.1 Overview ............................................................................................................................ 5-1 5.2 Viewing a Board................................................................................................................. 5-2 5.3 Adding a Board .................................................................................................................. 5-4 5.4 Confirming a Board............................................................................................................ 5-5 5.5 Deleting a Board ................................................................................................................ 5-6 5.6 Resetting a Board .............................................................................................................. 5-6 5.7 Replacing a Board ............................................................................................................. 5-7 Chapter 6 Network Management Configuration......................................................................... 6-1 6.1 Overview ............................................................................................................................ 6-1 6.2 Configuring SNMP ............................................................................................................. 6-1 6.2.1 Overview ................................................................................................................. 6-1 6.2.2 Setting the Community Name ................................................................................. 6-4 6.2.3 Setting the Trap Sending ........................................................................................ 6-4 6.2.4 Setting Management Attributes............................................................................... 6-5 6.2.5 Setting the SNMP Packet Size................................................................................ 6-6 6.2.6 Setting the Name of Local or Remote Device......................................................... 6-6 6.2.7 Setting an SNMP V3 Group .................................................................................... 6-6 6.2.8 Adding/Deleting a User to/from an SNMP Group ................................................... 6-7 6.2.9 Creating/Modifying/Deleting/Viewing the View Information .................................... 6-8 6.3 Configuring the Outband NMS........................................................................................... 6-8 6.3.1 Setting the IP Address of an Outband Port............................................................. 6-9 6.3.2 Setting Outband NMS Routes................................................................................. 6-9 6.3.3 Outband NMS Configuration Example.................................................................. 6-10 6.4 Configuring the Inband NMS ........................................................................................... 6-11 6.4.1 Setting the IP Address of Inband NMS ................................................................. 6-11 6.4.2 Setting Inband NMS Routes.................................................................................. 6-12 6.4.3 Adding an ACL ...................................................................................................... 6-12 6.4.4 Inband NMS Configuration Example..................................................................... 6-14 Chapter 7 RMON Configuration ................................................................................................... 7-1 7.1 Overview ............................................................................................................................ 7-1 7.2 Configuring RMON ............................................................................................................ 7-2 7.2.1 Adding/Deleting an Entry to/from the Alarm Table.................................................. 7-2 7.2.2 Adding/Deleting an Entry to/from the Event Table.................................................. 7-3 7.2.3 Adding/Deleting an Entry to/from the History Control Table ................................... 7-3 7.2.4 Adding/Deleting an Entry to/from the Statistics Table............................................. 7-4 7.2.5 Viewing RMON Information..................................................................................... 7-4 7.3 RMON Configuration Example .......................................................................................... 7-5
Huawei Technologies Proprietary ii
Table of Contents
02-Basic Configuration
Chapter 8 MAC Address Management ........................................................................................ 8-1 8.1 Overview ............................................................................................................................ 8-1 8.2 Configuring MAC Address Table ....................................................................................... 8-2 8.2.1 Adding/Modifying/Deleting Address Items .............................................................. 8-2 8.2.2 Enabling/Disabling the Address Learning ............................................................... 8-3 8.2.3 Setting the MAC Address Learning for a Port......................................................... 8-3 8.2.4 Setting the System MAC Address Aging ................................................................ 8-4 8.2.5 Restoring the Default MAC Address of Main Control Boards ................................. 8-5 8.3 Viewing the MAC Address Table ....................................................................................... 8-5 Chapter 9 DHCP Relay Configuration ......................................................................................... 9-1 9.1 Overview ............................................................................................................................ 9-1 9.2 Configuring a DHCP Server............................................................................................... 9-2 9.2.1 Setting a DHCP Server ........................................................................................... 9-3 9.2.2 Setting the DHCP Relay Standard Mode (VLAN Interface).................................... 9-5 9.2.3 Setting DHCP Option60 .......................................................................................... 9-6 9.2.4 Setting the MAC Address Segment ........................................................................ 9-7 9.3 Enabling the Switching Between DHCP L2/L3 Relay........................................................ 9-9 9.4 Configuring the DHCP Relay Agent Information Option.................................................. 9-10 9.4.1 Enabling/Disabling DHCP Option82 ..................................................................... 9-11 9.4.2 Setting Whether a DHCP packet Includes a Sub-option....................................... 9-12 9.4.3 Setting the Maximum Length of DHCP Packets ................................................... 9-13 9.4.4 Viewing the Information on DHCP Option82 Configuration .................................. 9-13 9.5 Configuration Example .................................................................................................... 9-14 9.6 DHCP Relay Troubleshooting.......................................................................................... 9-15 Chapter 10 ARP Configuration................................................................................................... 10-1 10.1 Overview ........................................................................................................................ 10-1 10.2 Configuring the Static ARP ............................................................................................ 10-2 Chapter 11 STP Configuration ................................................................................................... 11-1 11.1 Overview ........................................................................................................................ 11-1 11.1.1 Introduction to STP ............................................................................................. 11-1 11.1.2 Specific Calculation Process of STP Algorithm .................................................. 11-1 11.1.3 Setting the BPDU Forwarding Mechanism in STP.............................................. 11-6 11.2 Configuring RSTP.......................................................................................................... 11-7 11.2.1 Enabling/Disabling RSTP.................................................................................... 11-8 11.2.2 Setting/Switching the Operating Mode of RSTP ................................................. 11-9 11.2.3 Setting the Network Diameter ........................................................................... 11-10 11.2.4 Setting the Parameters of a Specified Bridge ................................................... 11-10 11.2.5 Setting the Parameters of a Specified Port....................................................... 11-12 11.2.6 Viewing RSTP Information ................................................................................ 11-14
Huawei Technologies Proprietary iii
Table of Contents
Chapter 12 Cluster Management Configuration....................................................................... 12-1 12.1 Overview ........................................................................................................................ 12-1 12.1.1 Brief Introduction to Cluster Management .......................................................... 12-1 12.1.1 Cluster Roles....................................................................................................... 12-2 12.1.2 Brief Introduction to HGMP ................................................................................. 12-3 12.2 Configuring HDP ............................................................................................................ 12-5 12.2.1 Setting HDP......................................................................................................... 12-6 12.2.2 Viewing HDP Information .................................................................................... 12-7 12.3 Configuring HTP ............................................................................................................ 12-8 12.3.1 Introduction to HTP ............................................................................................. 12-8 12.3.2 Setting HTP ......................................................................................................... 12-9 12.3.3 Viewing HTP Information .................................................................................. 12-12 12.4 Configuring a Cluster ................................................................................................... 12-12 12.4.1 Enabling/Disabling the Cluster Function ........................................................... 12-14 12.4.2 Setting the Cluster IP Address Pool.................................................................. 12-14 12.4.3 Specify the Command Device........................................................................... 12-15 12.4.4 Adding/Deleting a Cluster Member ................................................................... 12-15 12.4.5 Setting the Cluster Parameters ......................................................................... 12-17 12.4.6 Setting the Member Accessing ......................................................................... 12-20 12.4.7 Viewing Cluster Information .............................................................................. 12-22 12.5 Cluster Management Configuration Example.............................................................. 12-23 Chapter 13 AAA and RADIUS Configuration ............................................................................ 13-1 13.1 Overview ........................................................................................................................ 13-1 13.1.1 Introduction to AAA ............................................................................................. 13-1 13.1.2 Introduction to RADIUS....................................................................................... 13-1 13.1.3 Implementing AAA on the MA5300 ..................................................................... 13-2 13.2 Configuring AAA ............................................................................................................ 13-3 13.2.1 Setting an Authentication/Authorization Scheme................................................ 13-5 13.2.2 Setting an Accounting Scheme ........................................................................... 13-6 13.2.3 Creating/Deleting an ISP Domain ....................................................................... 13-6 13.2.4 Configuring a User ............................................................................................ 13-10 13.2.5 Viewing AAA Information .................................................................................. 13-11 13.3 Configuring RADIUS.................................................................................................... 13-11 13.3.1 Creating/Deleting a RADIUS Server Group ...................................................... 13-14 13.3.2 Setting the IP Address and Port Number of RADIUS Server ........................... 13-14 13.3.3 Setting the Encryption Key of RADIUS Packet ................................................. 13-15 13.3.4 Setting the Response Timeout Timer of RADIUS Server ................................. 13-16 13.3.5 Setting the Retransmit Times of RADIUS Request Packet .............................. 13-16 13.3.6 Setting the Realtime Accounting Interval .......................................................... 13-16 13.3.7 Setting the Maximum Failure Count of Realtime Accounting Request ............. 13-17 13.3.8 Setting the Maximum Times for Resending Account-Stop Request................. 13-18 13.3.9 Setting the RADIUS Server Type...................................................................... 13-18
Huawei Technologies Proprietary iv
Table of Contents
13.3.10 Setting the RADIUS Server State ................................................................... 13-18 13.3.11 Setting the Format of Username Sent to RADIUS Server .............................. 13-19 13.4 Viewing RADIUS Information....................................................................................... 13-19 13.5 AAA and RADIUS Configuration Example .................................................................. 13-20 13.6 Fault Diagnosis and Troubleshooting .......................................................................... 13-20 Chapter 14 802.1x Configuration ............................................................................................... 14-1 14.1 Overview ........................................................................................................................ 14-1 14.1.1 Introduction to 802.1x.......................................................................................... 14-1 14.1.2 802.1x System Architecture ................................................................................ 14-1 14.1.3 802.1x Authentication Process............................................................................ 14-3 14.1.4 Implementing 802.1x on MA5300 ....................................................................... 14-4 14.2 Configuring 802.1x......................................................................................................... 14-4 14.2.1 Enabling/Disabling 802.1x................................................................................... 14-5 14.2.2 Setting the Port Access Control Mode ................................................................ 14-6 14.2.3 Setting the Port Access Control Method ............................................................. 14-6 14.2.4 Setting the Number of Users Per Port ................................................................ 14-7 14.2.5 Enabling/Disabling the DHCP Trigger Authentication......................................... 14-7 14.2.6 Setting the Authenticator-to-Supplicant Frame-Retry Times .............................. 14-7 14.2.7 Configuring the Timer Parameters ...................................................................... 14-7 14.2.8 Viewing 802.1x Information................................................................................. 14-8 14.3 802.1x Configuration Example....................................................................................... 14-8 14.3.1 802.1x Access (Local Authentication)................................................................. 14-9 14.3.2 802.1x Access (Remote Authentication)........................................................... 14-11 Chapter 15 ACL Configuration................................................................................................... 15-1 15.1 Introduction to ACL ........................................................................................................ 15-1 15.1.1 Overview ............................................................................................................. 15-1 15.1.2 Setting the Match Order ...................................................................................... 15-1 15.1.3 ACLs Supported by the MA5300......................................................................... 15-2 15.2 Configuring an ACL ....................................................................................................... 15-3 15.2.1 Setting the Time Range ...................................................................................... 15-3 15.2.2 Defining an ACL .................................................................................................. 15-4 15.2.3 Activating an ACL................................................................................................ 15-9 15.2.4 Viewing ACL Information................................................................................... 15-11 15.3 ACL Configuration Example ........................................................................................ 15-12 Chapter 16 QoS Configuration................................................................................................... 16-1 16.1 Overview ........................................................................................................................ 16-1 16.2 Configuring QoS ............................................................................................................ 16-5 16.2.1 Setting the Traffic Policing .................................................................................. 16-6 16.2.2 Setting the Port Rate Limit .................................................................................. 16-7 16.2.3 Setting the Packet Redirection............................................................................ 16-7 16.2.4 Setting the Priority Tag........................................................................................ 16-7
Huawei Technologies Proprietary v
Table of Contents
16.2.5 Setting the Queue Scheduling ............................................................................ 16-9 16.2.6 Setting the Traffic Mirroring................................................................................. 16-9 16.2.7 Setting Traffic Statistics..................................................................................... 16-10 16.2.8 Viewing QoS Information .................................................................................. 16-11 16.3 QoS Configuration Example ........................................................................................ 16-12 Chapter 17 IP Performance Configuration................................................................................ 17-1 17.1 Configuring the TCP Attributes ...................................................................................... 17-1 17.2 Viewing and Debugging the IP Performance................................................................. 17-2 17.3 IP Performance Troubleshooting ................................................................................... 17-2 Chapter 18 Overview of IP Routing Protocol............................................................................ 18-1 18.1 IP Routing and Routing Table........................................................................................ 18-1 18.1.1 Route and Route Segment.................................................................................. 18-1 18.1.2 Route Selection through the Routing Table ........................................................ 18-2 18.2 Route Management Policy............................................................................................. 18-4 18.2.1 Routing Protocols and Routing Priority ............................................................... 18-4 18.2.2 Load Sharing and Route Backup ........................................................................ 18-5 18.3 Configuring a Static Route............................................................................................. 18-5 18.3.1 Overview ............................................................................................................. 18-5 18.3.2 Setting a Static Route ......................................................................................... 18-6 18.3.3 Viewing a Static Route ........................................................................................ 18-8 18.3.4 Static Route Configuration Example ................................................................... 18-9 18.3.5 Static Route Troubleshooting............................................................................ 18-10 18.4 Configuring OSPF........................................................................................................ 18-10 18.4.1 Overview ........................................................................................................... 18-10 18.4.2 Setting OSPF .................................................................................................... 18-15 18.4.3 Viewing OSPF Information................................................................................ 18-34 18.4.4 OSPF Configuration Example (Setting DR Election by OSPF Preference)...... 18-35 18.4.5 OSPF Configuration Example (Setting OSPF Virtual Links)............................. 18-38 18.4.6 OSPF Troubleshooting...................................................................................... 18-39
03-Service Configuration
Chapter 19 Ethernet Port Configuration ................................................................................... 19-1 19.1 Overview ........................................................................................................................ 19-1 19.2 Configuring an Ethernet Port ......................................................................................... 19-4 19.2.1 Setting Port Physical Properties.......................................................................... 19-4 19.2.2 Setting the Port Flow Control .............................................................................. 19-4 19.2.3 Setting the Port Broadcast Storm Suppression .................................................. 19-5 19.2.4 Setting the Port Priority Level.............................................................................. 19-5 19.2.5 Setting the Maximum Multicast Group Counts.................................................... 19-5 19.2.6 Enabling/Disabling the Long Frames on an Ethernet Port.................................. 19-6 19.2.7 Setting the MAC Address Learning for an Ethernet Port .................................... 19-6 19.2.8 Setting the Port Aggregation ............................................................................... 19-7
Huawei Technologies Proprietary vi
Table of Contents
19.2.9 Adding an Ethernet Port to a VLAN .................................................................... 19-8 19.2.10 Setting the Ethernet Port Working Mode .......................................................... 19-8 19.2.11 Enabling/Disabling an Ethernet Port ................................................................. 19-8 19.3 Viewing/Clearing Ethernet Port Information .................................................................. 19-9 19.3.1 Viewing Ethernet Port Information ...................................................................... 19-9 19.3.2 Clearing the Ethernet Port Information ............................................................... 19-9 Chapter 20 xDSL Port Configuration......................................................................................... 20-1 20.1 Overview ........................................................................................................................ 20-1 20.2 Configuring an xDSL port .............................................................................................. 20-4 20.2.1 Setting the Parameters of an xDSL Port............................................................. 20-4 20.2.2 Description of xDSL Port Status.......................................................................... 20-8 20.2.3 Blocking/Unblocking an xDSL Port ..................................................................... 20-8 20.2.4 Activating/Deactivating an xDSL Port ................................................................. 20-8 20.3 Configuring an xDSL Line Profile................................................................................. 20-10 20.3.1 Adding a VDSL line profile ................................................................................ 20-10 20.3.2 Adding an ADSL/ADSL2+ Line profile .............................................................. 20-13 20.3.3 Adding an SHDSL Line Profile .......................................................................... 20-21 20.3.4 Deleting an xDSL Line Profile ........................................................................... 20-24 20.3.5 Modifying an xDSL Line Profile ......................................................................... 20-24 20.3.6 Viewing an xDSL Line Profile............................................................................ 20-25 20.4 Configuring an xDSL Alarm Profile .............................................................................. 20-26 20.4.1 Adding a VDSL Alarm Profile ............................................................................ 20-26 20.4.2 Adding an ADSL/ADSL2+ Alarm Profile ........................................................... 20-29 20.4.3 Adding an SHDSL Alarm Profile ....................................................................... 20-33 20.4.4 Deleting an xDSL Alarm Profile......................................................................... 20-35 20.4.5 Modifying an xDSL Alarm Profile ...................................................................... 20-36 20.4.6 Viewing the Configurations of an xDSL Alarm Profile....................................... 20-36 20.4.7 Binding/Unbinding an xDSL Alarm Profile ........................................................ 20-37 20.5 Viewing the Information of an xDSL Port..................................................................... 20-37 20.6 Maintaining an xDSL Port ............................................................................................ 20-39 20.6.1 Resetting an xDSL Port and Chipset ................................................................ 20-39 20.6.2 Setting xDSL Port Loopback ............................................................................. 20-39 20.6.3 Testing the ATM Link Connectivity of an ADSL Port ........................................ 20-40 20.6.4 Single-ended Test of an ADSL2+ Port.............................................................. 20-41 20.6.5 Viewing the Bit Allocation of an ADSL2+ Port .................................................. 20-42 20.6.6 Viewing the Power State of an ADSL Port........................................................ 20-42 20.7 VDSL CPE Management ............................................................................................. 20-43 20.7.1 Enabling/Disabling VDSL CPE Binding ............................................................ 20-43 20.7.2 Enabling/Disabling the Automatic Upgrade of VDSL CPE ............................... 20-44 20.8 VDSL Configuration Example ...................................................................................... 20-45 20.8.1 Configuration Procedure ................................................................................... 20-45 20.8.2 Networking Description ..................................................................................... 20-45
Huawei Technologies Proprietary vii
Table of Contents
20.8.3 Data Configuration ............................................................................................ 20-46 20.8.4 Verification......................................................................................................... 20-47 20.9 ADSL/ADSL2+ Configuration Example ....................................................................... 20-47 20.9.1 Configuration Procedure ................................................................................... 20-47 20.9.2 Networking Description ..................................................................................... 20-48 20.9.3 Data Configuration ............................................................................................ 20-48 20.9.4 Verification......................................................................................................... 20-50 20.10 SHDSL Configuration Example ................................................................................. 20-50 20.10.1 Configuration Procedure ................................................................................. 20-50 20.10.2 Networking Description ................................................................................... 20-50 20.10.3 Data Configuration .......................................................................................... 20-51 20.10.4 Verification....................................................................................................... 20-52 Chapter 21 PVC and Access Configuration.............................................................................. 21-1 21.1 Configuring a Single PVC .............................................................................................. 21-1 21.1.1 Setting the VPI and VCI ...................................................................................... 21-2 21.1.2 Setting the Connection Type of a Single PVC .................................................... 21-3 21.1.3 Enabling/Disabling the Single-PVC Multi-service Dispatch ................................ 21-3 21.1.4 Viewing the Single-PVC Configuration ............................................................... 21-5 21.2 Configuring Multiple PVCs............................................................................................. 21-6 21.2.1 Enabling/Disabling the Multi-PVC Function ........................................................ 21-7 21.2.2 Adding PVCs to a Port ........................................................................................ 21-8 21.2.3 Deleting a PVC from a Port................................................................................. 21-8 21.2.4 Modifying the PVC Configurations of a Port ....................................................... 21-8 21.2.5 Viewing the Configuration of Multi-PVC.............................................................. 21-9 21.3 Configuring IPoA.......................................................................................................... 21-10 21.3.1 Overview ........................................................................................................... 21-10 21.3.2 Setting an IPoA Connection (Single-PVC)........................................................ 21-12 21.3.3 Setting an IPoA Connection (Multi-PVC) .......................................................... 21-13 21.3.4 Setting the Source MAC Address ..................................................................... 21-14 21.3.5 Setting the Default IP Address of the Upper Layer Gateway............................ 21-15 21.3.6 Setting the Mode of Obtaining Peer End IP Address........................................ 21-16 21.3.7 Viewing IPoA information .................................................................................. 21-17 21.3.8 L2 IPoA Access Configuration Example ........................................................... 21-19 21.3.9 L3 IPoA Access Configuration Example ........................................................... 21-22 21.4 Configuring PPPoA...................................................................................................... 21-24 21.4.1 Overview ........................................................................................................... 21-24 21.4.2 Setting Up a PPPoA Connection (Single PVC)................................................. 21-26 21.4.3 Setting Up a PPPoA Connection (Multi-PVC)................................................... 21-27 21.4.4 Setting the PPPoA Source MAC Address......................................................... 21-28 21.4.5 Setting the PPPoA Destination MAC Address .................................................. 21-28 21.4.6 Setting the PPPoA Session ID Area ................................................................. 21-28 21.4.7 Viewing PPPoA Information .............................................................................. 21-30
Huawei Technologies Proprietary viii
Table of Contents
21.4.8 PPPoA Access Configuration Example-Static Mode ........................................ 21-30 21.4.9 PPPoA Access Configuration Example-Dynamic Mode ................................... 21-33 21.5 Configuring PITP.......................................................................................................... 21-35 21.5.1 Overview ........................................................................................................... 21-35 21.5.2 Setting PITP V Mode......................................................................................... 21-36 21.5.3 Setting the PITP P Mode................................................................................... 21-37 21.6 PPPoE Plus Configuration Example............................................................................ 21-40 Chapter 22 VLAN Configuration ................................................................................................ 22-1 22.1 Overview ........................................................................................................................ 22-1 22.2 Configuring a Common VLAN ....................................................................................... 22-1 22.2.1 Configuring a Common VLAN............................................................................. 22-2 22.2.2 Configuring VLANs in Batches............................................................................ 22-4 22.2.3 Configuring the VLAN Trunk ............................................................................... 22-5 22.2.4 Configuring a VLAN Interface ............................................................................. 22-6 22.2.5 VLAN Configuration Example (Configuring LAN Interconnection)...................... 22-7 22.2.6 VLAN Configuration Example (Configuring VLAN Trunk Interconnection) ....... 22-11 22.3 Configuring a Smart VLAN .......................................................................................... 22-14 22.3.1 Setting/Canceling a VLAN as a Smart VLAN.................................................... 22-14 22.3.2 Adding/Deleting an Upstream Port to/from a Smart VLAN ............................... 22-15 22.3.3 Adding/Deleting an Downstream Port to/from a Smart VLAN .......................... 22-15 22.3.4 Viewing Smart VLAN Information...................................................................... 22-16 22.3.5 Smart VLAN Configuration Example (Access Mode)........................................ 22-17 22.3.6 Smart VLAN Configuration Example (Trunk Mode) .......................................... 22-18 22.3.7 Smart VLAN Configuration Example-Comprehensive Application ................... 22-20 22.4 Configuring a MUX VLAN ............................................................................................ 22-24 22.4.1 Enabling/Disabling a MUX VLAN ...................................................................... 22-26 22.4.2 Configuring the MUX VLAN Configuration Profile............................................. 22-26 22.4.3 Specifying the Upstream Port and Range of Local MUX VLANs...................... 22-27 22.4.4 Specifying the Cascading Port and Range of Cascaded MUX VLANs............. 22-28 22.4.5 Setting the MUX VLANs for a Specified Service Board.................................... 22-28 22.4.6 Setting the MUX VLAN for a Specified Port...................................................... 22-29 22.4.7 Viewing MUX VLAN information ....................................................................... 22-29 22.4.8 Basic Application of MUX VLAN ....................................................................... 22-30 22.4.9 MUX VLAN Cascading Application ................................................................... 22-34 22.4.10 Comprehensive MUX VLAN Application......................................................... 22-39 22.4.11 Notes for Using MUX VLAN ............................................................................ 22-44 22.5 Configuring a QinQ VLAN............................................................................................ 22-45 22.5.1 Overview ........................................................................................................... 22-45 22.5.2 Setting a Common VLAN as a QinQ VLAN ...................................................... 22-46 22.5.3 Adding/Deleting an Upstream Port to/from a QinQ VLAN ................................ 22-46 22.5.4 Adding/Deleting a Downstream Port to/from a QinQ VLAN.............................. 22-47 22.5.5 Configuring a QinQ VLAN PVC......................................................................... 22-48
Huawei Technologies Proprietary ix
Table of Contents
22.5.6 Viewing the Configuration of a QinQ VLAN ...................................................... 22-49 22.5.7 QinQ VLAN Configuration Example .................................................................. 22-49 22.6 Configuring VLAN Stacking ......................................................................................... 22-51 22.6.1 Overview ........................................................................................................... 22-51 22.6.2 Configuring a Common VLAN as a VLAN Stacking.......................................... 22-53 22.6.3 Adding/Deleting an Upstream Port to/from a VLAN Stacking........................... 22-53 22.6.4 Adding/Deleting a Downstream Port to/from a VLAN Stacking ........................ 22-54 22.6.5 Configuring the Inner VLAN Tag for a VLAN Stacking Port/PVC ..................... 22-55 22.6.6 Configuring a Port/PVCs Inner Priority............................................................. 22-55 22.6.7 Configuring a VLAN Stacking PVC ................................................................... 22-56 22.6.8 Viewing the Configuration of a VLAN Stacking................................................. 22-56 22.6.9 VLAN Stacking Configuration Example ............................................................ 22-57 Chapter 23 IGMP Snooping Configuration ............................................................................... 23-1 23.1 Overview ........................................................................................................................ 23-1 23.1.1 IGMP Snooping Principle .................................................................................... 23-1 23.1.2 Implementation of IGMP Snooping ..................................................................... 23-2 23.2 Configuring IGMP Snooping .......................................................................................... 23-5 23.2.1 Enabling/Disabling IGMP Snooping Globally...................................................... 23-6 23.2.2 Setting the Aging Time of Multicast Group Member Port ................................... 23-6 23.2.3 Setting the Aging Time of the Router Port .......................................................... 23-6 23.2.4 Setting the Maximum Response Time ................................................................ 23-6 23.2.5 Enabling a User to Leave a Multicast Group Fast .............................................. 23-7 23.2.6 Setting a Router Port........................................................................................... 23-7 23.2.7 Viewing IGMP Snooping Information .................................................................. 23-7 23.3 Configuring Multicast VLAN........................................................................................... 23-8 23.3.1 Setting the Upstream Port of a Multicast VLAN .................................................. 23-9 23.3.2 Setting the Downstream Port of a Multicast VLAN ........................................... 23-10 23.3.3 Viewing the Multicast VLAN .............................................................................. 23-10 23.3.4 Multicast VLAN Configuration Example ............................................................ 23-11 23.4 Troubleshooting IGMP Snooping................................................................................. 23-14 Chapter 24 IGMP Proxy Configuration ...................................................................................... 24-1 24.1 Overview ........................................................................................................................ 24-1 24.2 Configuring Basic IGMP Proxy ...................................................................................... 24-2 24.2.1 Enabling/Disabling IGMP Proxy .......................................................................... 24-2 24.2.2 Setting the Master Upstream Port....................................................................... 24-3 24.2.3 Setting the Parameters for a Multicast Router .................................................... 24-3 24.2.4 Setting the Static Multicast Members of an IGMP Proxy Group ......................... 24-5 24.3 Configuring the Program Library and Authority Profile .................................................. 24-6 24.3.1 Maintaining a Program Library ............................................................................ 24-8 24.3.2 Setting the Authority Profile............................................................................... 24-10 24.3.3 Setting the User Authority ................................................................................. 24-13 24.4 Viewing IGMP Proxy Information................................................................................. 24-16
Huawei Technologies Proprietary x
Table of Contents
Chapter 25 ISU Configuration .................................................................................................... 25-1 25.1 Overview ........................................................................................................................ 25-1 25.2 Configuring an ISU Board.............................................................................................. 25-2
04-Maintenance Operations
Chapter 26 System Maintenance ............................................................................................... 26-1 26.1 Overview ........................................................................................................................ 26-1 26.2 Configuring the File System........................................................................................... 26-1 26.2.1 Directory Related Operations.............................................................................. 26-1 26.2.2 File-Related Operations ...................................................................................... 26-2 26.2.3 Memory Device Related Operations ................................................................... 26-2 26.3 Configuring FTP and TFTP............................................................................................ 26-3 26.3.1 Overview ............................................................................................................. 26-3 26.3.2 Setting FTP ......................................................................................................... 26-4 26.3.3 Setting TFTP ....................................................................................................... 26-6 26.4 Auto Online Upgrading .................................................................................................. 26-7 26.4.1 Upgrading from a Previous Version to the First Version That Supports Automatic Upgrading....................................................................................................................... 26-7 26.4.2 Upgrading a Previous Version to That Later than the First Version Supporting Auto Online Upgrading ................................................................................................. 26-11 26.4.3 Upgrading a Version Supporting Auto Online Upgrading or Later Versions..... 26-11 26.5 Loading ........................................................................................................................ 26-11 26.5.1 Loading the Version Supporting Auto Online Upgrading .................................. 26-12 26.5.2 Loading the Version Not Supporting Auto Online Upgrading ........................... 26-12 26.6 Backup ......................................................................................................................... 26-19 26.6.1 Viewing and Saving the System Configuration Files ........................................ 26-19 26.6.2 Backing Up the System Data Using TFTP........................................................ 26-21 26.6.3 Backing Up the System Data Using FTP .......................................................... 26-22 26.7 Patch Management...................................................................................................... 26-23 26.7.1 Overview ........................................................................................................... 26-23 26.7.2 Procedure for Patch Operations........................................................................ 26-25 26.8 Patch Loading Examples ............................................................................................. 26-25 Chapter 27 Logs and Alarms...................................................................................................... 27-1 27.1 Log Management ........................................................................................................... 27-1 27.1.1 Viewing Logs ....................................................................................................... 27-1 27.1.2 Setting the Log Host............................................................................................ 27-2 27.2 Configuring Alarms ........................................................................................................ 27-2 27.2.1 Viewing Alarm Records....................................................................................... 27-4 27.2.2 Viewing the Alarm Configuration......................................................................... 27-6 27.2.3 Setting Alarm Levels ........................................................................................... 27-6 27.2.4 Setting the Alarm Output on a CLI Terminal ....................................................... 27-7 27.2.5 Setting Alarm Statistics ....................................................................................... 27-8
Huawei Technologies Proprietary xi
Table of Contents
27.2.6 Setting the Alarm Threshold................................................................................ 27-9 27.2.7 Viewing/Clearing Alarm Statistics ..................................................................... 27-10 27.2.8 Viewing Basic Alarm Information ...................................................................... 27-10 Chapter 28 Active/Standby Switchover..................................................................................... 28-1 28.1 Overview ........................................................................................................................ 28-1 28.1.1 Basic Principles ................................................................................................... 28-1 28.1.2 Active/Standby Switchover Modes...................................................................... 28-2 28.2 Preconditions for Active/Standby Switchover ................................................................ 28-3 28.3 MA5300+Dual-ISU Active/Standby Switchover ............................................................. 28-3 28.4 ESM+EIU Active/Standby Switchover ........................................................................... 28-8 28.4.1 Establishing the Switch-over Environment.......................................................... 28-8 28.4.2 Active/Standby Switchover Configuration Commands........................................ 28-8 28.4.3 Setting the Automatic Switchover ..................................................................... 28-10 28.4.4 Setting the Manual Switchover.......................................................................... 28-10 Chapter 29 Environment Monitoring Management .................................................................. 29-1 29.1 Overview ........................................................................................................................ 29-1 29.2 Configuration Procedure................................................................................................ 29-2 29.3 Configuring an EMU ...................................................................................................... 29-2 29.3.1 Adding/Deleting/Viewing an EMU ....................................................................... 29-3 29.3.2 Entering the EMU Configuration Mode ............................................................... 29-5 29.4 Configuring EMUH303ESC ......................................................................................... 29-6 29.4.1 Setting H303ESC Environment Monitor Parameters .......................................... 29-6 29.4.2 Viewing the H303ESC Environment Information ................................................ 29-7 29.5 Configuring EMUPower 4875/4845 ............................................................................. 29-8 29.5.1 Configuring the 4875/4845 Power Module.......................................................... 29-9 29.5.2 Viewing the Information on POWER4875/4845................................................ 29-10 29.6 Configuring EMUDIS ................................................................................................. 29-11 29.6.1 Setting DIS Parameters .................................................................................... 29-12 29.6.2 Viewing DIS Information.................................................................................... 29-12 29.7 Configuration Example ................................................................................................ 29-13 29.7.1 Setting H303ESC .............................................................................................. 29-13 29.7.2 Setting a DIS ..................................................................................................... 29-16
05-Appendix
Appendix A Acronyms and Abbreviations .................................................................................A-1 Index ................................................................................................................................................ i-1
Huawei Technologies Proprietary xii
HUAWEI
SmartAX MA5300/5303 Broadband Access system Operation Manual
Part 1 Basic Operations
Operation Manual - Basic Operations SmartAX MA5300/5303 Broadband Access System
Table of Contents
Table of Contents
Chapter 1 Maintenance Terminal Configuration ........................................................................ 1-1 1.1 Configuring the Local Serial Terminal ............................................................................... 1-1 1.2 Configuring the Remote Serial Terminal ........................................................................... 1-6 1.3 Configuring the Telnet Environment .................................................................................. 1-7 Chapter 2 Basic System Operations ........................................................................................... 2-1 2.1 Command Line Operation Characteristics......................................................................... 2-2 2.1.1 Intelligent Matching ................................................................................................. 2-2 2.1.2 Edit Characteristics ................................................................................................. 2-2 2.1.3 Display Characteristics............................................................................................ 2-3 2.1.4 Command Line Error Prompts ................................................................................ 2-4 2.1.5 Command Modes .................................................................................................... 2-4 2.2 Online Help ........................................................................................................................ 2-6 2.3 Setting the Interactive Mode .............................................................................................. 2-7 2.4 Switching the Terminal Languages.................................................................................... 2-8 2.5 Setting the System Time.................................................................................................... 2-8 2.6 Setting the System Name .................................................................................................. 2-8 2.7 Setting the Terminal Type.................................................................................................. 2-9 2.8 Setting the Timeout Exit..................................................................................................... 2-9 2.9 Setting the Terminal Screen Length .................................................................................. 2-9 2.10 Setting the Terminal Screen Clearance......................................................................... 2-10 2.11 Viewing the Hardware/Software Version ....................................................................... 2-10 2.12 Viewing History Commands........................................................................................... 2-11 2.13 Viewing the CPU Occupancy Ratio ............................................................................... 2-11 2.14 Network Testing Tools ................................................................................................... 2-11 Chapter 3 User Management........................................................................................................ 3-1 3.1 Overview ............................................................................................................................ 3-1 3.2 Adding/Deleting a User...................................................................................................... 3-2 3.2.1 Adding a User.......................................................................................................... 3-2 3.2.2 Deleting a User........................................................................................................ 3-3 3.3 Modifying User Attributes................................................................................................... 3-4 3.4 Viewing User Information................................................................................................... 3-5 Chapter 4 Line Configuration....................................................................................................... 4-1 4.1 Overview ............................................................................................................................ 4-1 4.2 Entering Line Configuration Mode ..................................................................................... 4-3 4.3 Configuring the Attributes of an Asynchronous Interface .................................................. 4-3 4.4 Defining HyperTerminal Attributes..................................................................................... 4-5
Table of Contents
4.5 Viewing Line Information ................................................................................................... 4-6 Chapter 5 Board Management ..................................................................................................... 5-1 5.1 Overview ............................................................................................................................ 5-1 5.2 Viewing a Board................................................................................................................. 5-2 5.3 Adding a Board .................................................................................................................. 5-4 5.4 Confirming a Board............................................................................................................ 5-5 5.5 Deleting a Board ................................................................................................................ 5-6 5.6 Resetting a Board .............................................................................................................. 5-6 5.7 Replacing a Board ............................................................................................................. 5-7 Chapter 6 Network Management Configuration......................................................................... 6-1 6.1 Overview ............................................................................................................................ 6-1 6.2 Configuring SNMP ............................................................................................................. 6-1 6.2.1 Overview ................................................................................................................. 6-1 6.2.2 Setting the Community Name ................................................................................. 6-4 6.2.3 Setting the Trap Sending ........................................................................................ 6-4 6.2.4 Setting Management Attributes............................................................................... 6-5 6.2.5 Setting the SNMP Packet Size................................................................................ 6-6 6.2.6 Setting the Name of Local or Remote Device......................................................... 6-6 6.2.7 Setting an SNMP V3 Group .................................................................................... 6-7 6.2.8 Adding/Deleting a User to/from an SNMP Group ................................................... 6-8 6.2.9 Creating/Modifying/Deleting/Viewing the View Information .................................... 6-8 6.3 Configuring the Outband NMS........................................................................................... 6-9 6.3.1 Setting the IP Address of an Outband Port............................................................. 6-9 6.3.2 Setting Outband NMS Routes............................................................................... 6-10 6.3.3 Outband NMS Configuration Example.................................................................. 6-10 6.4 Configuring the Inband NMS ........................................................................................... 6-11 6.4.1 Setting the IP Address of Inband NMS ................................................................. 6-12 6.4.2 Setting Inband NMS Routes.................................................................................. 6-12 6.4.3 Adding an ACL ...................................................................................................... 6-13 6.4.4 Inband NMS Configuration Example..................................................................... 6-14 Chapter 7 RMON Configuration ................................................................................................... 7-1 7.1 Overview ............................................................................................................................ 7-1 7.2 Configuring RMON ............................................................................................................ 7-2 7.2.1 Adding/Deleting an Entry to/from the Alarm Table.................................................. 7-2 7.2.2 Adding/Deleting an Entry to/from the Event Table.................................................. 7-3 7.2.3 Adding/Deleting an Entry to/from the History Control Table ................................... 7-3 7.2.4 Adding/Deleting an Entry to/from the Statistics Table............................................. 7-4 7.2.5 Viewing RMON Information..................................................................................... 7-4 7.3 RMON Configuration Example .......................................................................................... 7-5
Chapter 1 Maintenance Terminal Configuration

The command line interface (CLI) of the MA5300 Multi-service Access Module (the MA5300 for short) offers two configuration modes: Serial port configuration Telnet configuration Local maintenance is done through the serial port or Telnet. Remote maintenance is done through the Modem or Telnet. The configuration of the maintenance terminal mainly involves: Configuring the Local Serial Terminal Configuring the Remote Serial Terminal Configuring the Telnet Environment
1.1 Configuring the Local Serial Terminal

To configure the local serial terminal, you can use the HyperTerminal software under a Windows operating system. Follow these steps to set up the serial terminal environment. 1) Connect the serial port of the PC with the console port in the main control board (namely the ESM board) of the MA5300 by using the RS-232 serial cable. See Figure 1-1.
CON ETH MON
Serial port PC ESM MA5300
Figure 1-1 Setting up the serial port configuration environment 2) Select the menu in this way to start the HyperTerminal and set up the related port connection: [Start/Program/Accessories/Communication/HyperTerminal] See Figure 1-2.
Huawei Technologies Proprietary 1-1
Figure 1-2 Selecting the serial port for connection Select the standard character terminal or PC terminal serial port that is actually connected to the MA5300. Assume it is serial port 2 here. 3) Click <OK> to display the COM2 Properties dialog box. Then set the serial port parameters to the values in Table 1-1. Table 1-1 Recommended configuration of serial port parameters Parameter baud rate data bits stop bits parity flow control 9600 bit/s 8 1 none none Value
Note that the setting of baud rate should be the same as of the serial port parameter. The default baud rate for the system is 9600 bit/s. See Figure 1-3.
Figure 1-3 Setting console port parameters 4) Click <OK> to display the HyperTerminal interface. See Figure 1-4.
Figure 1-4 HyperTerminal interface 5) Select [File/Properties] menu in the HyperTerminal interface. Then click the [Settings] tab to choose VT100 or Auto Detection as the type of terminal emulation. See Figure 1-5.
Figure 1-5 Defining the terminal type 6) Next, click [ASCII Setup] to set the properties of ASCII code. See Figure 1-6.
Figure 1-6 Setting ASCII code
Note: For pasting files to the HyperTerminal, Character delay controls the transmission speed of each character and Line delay controls the time interval of every line. Too short delay may cause character missing. When the commands for file pasting functions are abnormal, such values should be modified.
7)
Enter the user name and password in the prompt box for registration. Then wait until the command line prompt (such as MA5300>) appears. By default, the super user name is root and the super user password is admin. If you fail to log in to the MA5300, click [Hang-up] first and [Dial] next. Then press the <Enter> key. If you still cannot log in, return to last step to check the parameter settings and physical connection, and then try again.
1.2 Configuring the Remote Serial Terminal

To remotely configure the MA5300 through a serial port, you need an external Modem. Before powering on the MA5300, you should power on its external Modem first. Then wait for the remote PC to initiate a call through the Modem. Once the dialup connection is set up, all other configuration steps are the same as those for configuring a local serial port. Figure 1-7 shows how to configure the remote serial terminal using Modems.
MA5300
CON ETH MON
MODEM Telephone line PSTN ESM
Serial port MODEM PC
Figure 1-7 Configuring the remote serial terminal
1.3 Configuring the Telnet Environment

I. Configuring the outband port /inband port
You can configure the MA5300 Telnet environment through two types of ports: An outband port, namely the ETH port. An inband port, namely the Fast Ethernet/Gigabit Ethernet (FE/GE) port or the ADSL/VDSL port. To configure Telnet by using an ETH port, you should set the correct IP address and reachable route for the MA5300s ETH port through the serial port first. After that, you can Telnet to the MA5300 through Local Area Network (LAN) or Wide Area Network (WAN) for configuration. To configure Telnet by using an inband port, you should set the correct VLAN IP address and reachable route for the inband port. After that, you can use Telnet to log in to the MA5300 through LAN or WAN.
After the configuration completes, you should check whether the MA5300 can ping the IP address of the PC. If yes, the configuration is successful. Otherwise, check the network interface address and network status indicators.
Note: When the PC used for the Telnet test is located in the same segment as that of the MA5300, you only need to configure a maintenance port or a VLAN IP address. If they are not in the same subnet, you need to configure the route.
II. Setting up the configuration environment
Note: The Telnet environment configuration example shown below is based on Windows 98. Different operating systems offer different prompts, but have similar configuration procedure.
1)
Set up the local configuration environment. To set up the local configuration environment, you need only to connect the PCs network port with the MA5300 through LAN. See Figure 1-8.
MA5300
CON ETH MON
LAN
ESM
PC
PC
Figure 1-8 Setting up the local configuration environment through LAN 2) Set up the remote configuration environment.
To set up the remote configuration environment, you need to connect the PC with the MA5300 through WAN network port. See Figure 1-9.
MA5300 LAN PC WAN
CON ETH MON
PC
PC
ESM
Figure 1-9 Setting up the remote configuration environment through WAN
III. Running Telnet application

The following terminal operations are performed based on Windows 98. 1) Click [Start/Run] in the PC to run Telnet application. See Figure 1-10.
Figure 1-10 Interface for running Telnet application 2) Select [Terminal/Preferences] menu to set the Telnet terminal preferences. See Figure 1-11.
Figure 1-11 Setting Telnet terminal preferences 3) Select [Connection/Remote system] menu in the Telnet interface. Then enter the IP address of the MA5300 in the [Connect] dialog box to set up Telnet connection with the MA5300. See Figure 1-12.
Figure 1-12 Setting up Telnet connection with the MA5300
IV. Logging in to the system

When you log in to the MA5300, the system prompts:
HUAWEI SmartAX MA5300 series Broadband Access System Copyright(C) 2001-2004 by Huawei Technologies Co., Ltd. User Access Verification Username:root Password:
The default user name and password for an administrator is root and admin respectively.
V. RADIUS authentication for Telnet users

Telnet users involve: A Telnet user with no domain name (such as aaa) . The user is authenticated locally. You can run the command terminal user name to add such a user. A Telnet user with a domain name (such as aaa@huawei.com) The user is authenticated on the RADIUS server. The configuration and authentication for such a user are the same as those for a common user. For details, refer to the chapter AAA and RADIUS Configuration.
VI. ACL for Telnet

The system is designed with an ACL module, which maintains an access list. With the access list, the system permits or prohibits the access of Telnet users with certain IP addresses. In line-vty configuration mode, you can run the following command to control the access of a Telnet user: access-class acl_no { in | out } Configure the virtual Telnet terminal, provided that only Telnet users with IP address of 10.0.0.1 are allowed to access the MA5300. 1) Configure the ACL rule.
MA5300(config)#access-list 1 permit 10.0.0.1 0.0.0.0 MA5300(config)#access-list 1 deny any
2)
Configure the virtual Telnet terminal.
MA5300(config)#line vty 0 3 MA5300(config-line-vty0-3)#access-class 1 in
Chapter 2 Basic System Operations

Basic system operations refer to the common operations and information queries performed for the MA5300 and the operation terminal. Table 2-1 lists the basic operation commands. Table 2-1 Basic operation commands To Enable/Disable interactive mode Obtain online information the help (no) smart help terminal language show language time show time hostname terminal type show terminal type (no) length cls show version show history show cpu ping/tracert (no) exec-timeout Use In Privileged mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode User EXEC mode Line configuration mode Line configuration mode
Change the terminal display language View the terminal display language Set the system time View the system time Set the system name Set the terminal type View the terminal type Set the length terminal screen
Set the terminal screen clearance View the hardware/software version View history commands View the CPU occupancy ratio Use network test tools Enable/Disable the timeout exit Set the displayable commands number of history
history size
2.1 Command Line Operation Characteristics

Through the CLI, you can manage, maintain and configure the MA5300.
Note: For command line format, refer to II Command conventions in the preface of the manual.
2.1.1 Intelligent Matching

1) Command matching
The command line descriptor facilitates incomplete searching. It can offer explanation for any key word input as long as that key word does not cause confusion. For example, you can just enter en or ena for enable. 2) Auto key word matching
When entering a key word, you can enter a part of the key word, and then press the <Space> key to display the completely-matched key word. By doing this, you do not need to enter long key words, thus making the operation more convenient. If no correct match is found, you cannot proceed with the next key word or parameter. Therefore, when you are operating the system through the CLI, the command lines displayed are always in complete form. If you cannot enter a space, it indicates that you have entered a wrong command. In this case you should check and enter the correct one.
2.1.2 Edit Characteristics

The CLI provides basic command edit functions. It allows multi-line editing and up to 256 bytes for each command. Such function is available for both HyperTerminal and Telnet terminal. However, for HyperTerminal, and arrow keys are disabled, whereas for other terminals, some editing keys are disabled. Table 2-2 lists the edit functions. Table 2-2 Edit functions Key Common keys Functionality If the edit buffer is not full, press such keys will move the cursor rightward from its current position.
Key <BackSpace>
Functionality Delete the character before the cursor and move the cursor forward. When reaching the beginning of the command, the cursor stops. Delete a character in the position of the current cursor.
<Delete> Left arrow <Ctrl+A> Right arrow <Ctrl+D> key key <> <> or or
Move the cursor leftward for the length of one character. Move the cursor rightward for the length of one character. Display history commands. (For some display terminals which do not support up/down arrow keys, you can use <Ctrl+P> or <Ctrl+N> to select the last or next history command.) Delete the characters before the current cursor and move the cursor to the beginning of the line. Delete the characters after the current cursor and move the cursor to the end of the line. Move the cursor to the beginning of the line. Move the cursor to the end of the line. Undo current input by pressing such key twice.
Up/down arrow key <><>
<Ctrl+U> <Ctrl+K> <Ctrl+F> <Ctrl+B> <ESCAPE>
2.1.3 Display Characteristics

During information query, sometimes the displayed information is too much to be displayed on one screen. In such a case, you can use the pause function to view information displayed on multiple screens. Three choices are available, as shown in Table 2-3. Table 2-3 Display functionalities Key or command Press <Ctrl+C> when the display is frozen Press <Space> key when the display is frozen Press <Enter> key when the display is frozen Functionality Suspend the display and execution of the commands. Continue to display the information on the next screen. Continue to display the information of the next line.
2.1.4 Command Line Error Prompts

The system performs grammar check for every command entered, and runs it if it proves correct. For the command that fails to pass the check, the system will prompt you with error information. Table 2-4 lists the common error information. Table 2-4 List of common command line error information Error prompt Cause Such command cannot be found. Unrecognized command Such key word cannot be found. The parameter type is erroneous. The parameter value exceeds the threshold. Incomplete command Too many parameters Ambiguous command The input command is incomplete. The input parameters are too many. The input parameter is poorly defined.
2.1.5 Command Modes

The command modes for the MA5300 involve: User EXEC mode Privileged mode Global configuration mode Port configuration mode Service modes The command modes feature downward compatibility, which means: All commands in user EXEC mode can be run in privileged mode All commands in user EXEC mode and privileged mode can be run in global configuration mode. The MA5300s CLI adopts hierarchical protection to prevent any unauthorized access. For users of different levels, the command modes involved vary, and the executable commands are also vary even though they operate in the same mode. Figure 2-1 shows the relationship between various command modes in the MA5300 system.

interface exit interface exit vlan exit line Port configuration mode MA5300(config-if-...)# VLAN interface configuration mode MA5300(config-if-..)# VLAN configuration mode MA5300(config-vlan..)# Line configuration mode MA5300(config-line...)#
exit User EXEC mode MA5300>
enable disable Privileged mode MA5300#
configure terminal Global configuration mode MA5300(config)# exit board exit
exit
Board configuration mode MA5300(config-board-...)# Other modes
exit end
MA5300(config-...)#
Figure 2-1 Diagram of the relationship between the command modes Table 2-5 lists the functionalities and characteristics of the command modes. Table 2-5 Functionalities and characteristics of command modes Command mode User mode EXEC Functionality To show basic system information. To make basic system configuration. To configure the equipment and global attributes. To configure FE port attributes. Prompt Entry You can enter the mode directly after log-on MA5300>enable
MA5300>
Privileged mode Global configuration mode Fast Ethernet (FE) port configuration mode Gigabit Ethernet (GE) port configuration mode VDSL port configuration mode
MA5300#
MA5300(config)#
MA5300#config terminal MA5300(config) # interface ethernet slot/subslot/port MA5300(config) # interface gigabit-ethernet slot/subslot/port MA5300(config) # interface vdsl slot/subslot/port
MA5300(config-if-ethern et7/1/0)#
To configure GE port attributes.
MA5300(config-if-gigabi tethernet-7/1/0)#
To configure VDSL port attributes.
MA5300 (config-if-vdsl2/0/0)#
Command mode ADSL port configuration mode SHDSL port configuration mode
Functionality To configure ADSL port attributes. To configure SHDSL port attributes To configure the attributes of IP interface corresponding to VLAN and VLAN interface. To configure VLAN attributes. To configure Line attributes.
Prompt MA5300 (config-if-adsl2/0/0)#
Entry MA5300(config) # interface adsl slot/subslot/port MA5300(config) # interface shdsl slot/subslot/port
MA5300 (config-if-shdsl2/0/0)#
VLAN interface configuration mode
MA5300(config-if-vlan-i nterface1)#
MA5300(config) #interface vlan-interface 1
VLAN configuration mode Line configuration mode
MA5300 (config-vlan1)#
MA5300(config) #vlan 1 MA5300(config) #line 0
MA5300 (config-line0)#
Note: To exit command mode level by level, you can run the command exit. To exit from the current mode to privileged mode, you can run the command end. To exit privileged mode and enter user EXEC mode, you can run the command disable. By default, the command line prompt uses MA5300 as its prefix. It can be modified using the command hostname. What is included in the bracket is used to describe current configuration mode.
2.2 Online Help

The CLI offers four means for you to obtain online help. You can run the command help to obtain an overview of the system.
MA5300>help Help may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list may be empty Two styles of help are provided:
You can type ? after the command line prompt to display the current mode and all commands available in that mode.

MA5300>?
-------------------------------------------------------------------Command Of user Mode: -------------------------------------------------------------------clear cls Reset functions. Clear screen.
You can type ? after an incomplete key word to obtain online help information on that key word.
MA5300>s? -------------------------------------------------------------------Command Of user Mode: -------------------------------------------------------------------send[3] show[13] system send command group,3 sub-command. show command group,13 sub-command. Show used percent of memory.
You can type ? after a complete key word to obtain brief online help information on the current command and its parameters.
MA5300>show ? -------------------------------------------------------------------Command Of user Mode: -------------------------------------------------------------------alarm[4] board alarm command group, 4 sub-command. Show information of board.
2.3 Setting the Interactive Mode

To enable interactive command input mode, you can run the command smart. To disable the mode, you can run the command no smart. The default one is to enable interactive command input mode. After the interactive mode is enabled, pressing the <Enter> key after inputting a command will enable the system to check whether the command and its parameters have been completely entered. If not, the system will prompt you to make them complete. Prompt information is also available for optional parameters, but you can press <Enter> key to ignore them.
MA5300#smart MA5300#config { terminal<K> }:
After the interactive mode is disabled, if you press the <Enter> key after typing an incomplete command, the system will prompt you with error information.
MA5300#no smart

MA5300#config
^
% Incomplete command, and error detected at '^' marker.
2.4 Switching the Terminal Languages

The MA5300 system supports two languages: Local language General language Currently, the supported languages are English and Chinese. English is the default language. You can run the command load language to load Chinese. To view the information concerning the names and version of the loaded languages, you can run the command show language. To switch the current language to the other language, you can run the command terminal language. You can choose one of them for information display according to your personal preference.
2.5 Setting the System Time

You can run the command show time to view current system time and check whether it is correct. If not, the system administrator is entitled to modify it by running the command time. The modification takes effect upon the completion of the setting. The time format for the setting is hh:mm:ss yyyy-mm-dd, namely hour:minute:second year-month-day. Take special care in setting the leap year and leap month.
MA5300#time 09:00:00 2004-8-1 MA5300#show time Date: Time: 2004-08-01 09:00:03
2.6 Setting the System Name

To differentiate various MA5300 devices, the administrator can rename the device by running the command hostname. Such setting takes effect soon after it is made. The command line prompt will change accordingly with the name of the associated equipment. The default equipment name is MA5300. This example shows how to name the first MA5300 in office A.
MA5300(config)#hostname A_MA5300_A A_MA5300_A (config)#
2.7 Setting the Terminal Type

Different terminals feature different edit characteristics. To make most terminals become mutually compatible, terminals can be divided into two types, namely the standard terminal (ANSI) and the VT series terminal . The system terminal type should be correctly set according to the type of your terminal to ensure correct command line editing. VT100 and ANSI are two terminal types available in the system. The default one is ANSI. 1) 2) Set terminal type by running the command terminal type {ansi | vt100}. Display terminal type by running the command show terminal type.
The terminal type: VT100
MA5300#terminal type vt100
MA5300#show terminal type
Note: For some terminal tools allowing terminal type setting (such as HyperTerminal, Telnet and neterm), you can use the associated menu to set the terminal emulation type so that the type of the terminal tool is consistent with that of terminal in the system.
2.8 Setting the Timeout Exit

To set the timeout exit for the system, you can run the command exec-timeout. With such function, the system will exit from the terminal if no information is entered for the specified period of time. By default, the timeout exit function is enabled whenever you log on. You can run the command no exec-timeout to disable it. However, to prevent the system from being occupied by a user performing no operation for too long period, the system will still exit as long as no information is entered on the terminal for 120 minutes, even though the timeout exit function is disabled. This example shows how to set the time for timeout exit to 5 minutes.
MA5300(config-line0)#exec-timeout 5 0
2.9 Setting the Terminal Screen Length

To set the length of terminal screen required, you can run the command length.
To disable the screen splitting function, you can run the command length 0. To restore the default setting, you can run the command no length. The default terminal screen length is 24 lines.
MA5300(config-line0)#length 12
2.10 Setting the Terminal Screen Clearance

To facilitate information display, you can run the command cls to clear the screen. This command will clear the screen output, and display the command prompt on the upper left of the screen. This command only clears what is displayed on the screen rather than those in the buffer.
2.11 Viewing the Hardware/Software Version

To view the version of the system and a board, you can run the command show version. To view detailed information on the version, use the scout parameter. Only the information for boards in good working status is available. This example shows how to view the board information on the board in frame 0, slot 7.
MA5300>show version 0/7 Board Name PCB Version BIOS Version :H531ESMA :REV.1 :V1.09
Software Version :V100R005 CPLD Version :300
This example shows how to view the detailed information of all boards.
MA5300#show version scout -------------------------------------------------------------------SlotID BoardName Software BIOS CPLD
-------------------------------------------------------------------0 1 2 3 4 5 6 7 H531ESMA V100R005B01D061-Jul 21 2004, 16:05:47 V1.09 300 H531EVDA H531EADA V100R005B01D061-Jul 7 2004, 19:25:14 V1.09 V1.08 100 200
V100R005B01D061-Jul 21 2004, 13:19:56
--------------------------------------------------------------------
2.12 Viewing History Commands

To view the history commands, you can run the command show history. This command can only display the commands executed by the current user. After re-login, the history commands will be cleared. To set the number of history commands that can be displayed, you can run the command history size. By default, 10 commands will be displayed.
2.13 Viewing the CPU Occupancy Ratio

To view CPU occupancy ratio of a specific board, you can run the command show cpu. The system will generate alarms when the CPU occupancy ratio exceeds the threshold.
MA5300>show cpu 0/7 CPU occupancy: 12%
2.14 Network Testing Tools

Network test tools refer to the commands used to test the network connectivity and the host reachability. You can run the commands to check all gateways passed by data packets sent from the host to the destination, and locate network faults. ping and tracert are two commonly used commands.
I. ping
To check the network connectivity and the host reachability, you can run the command ping.
MA5300#ping 10.11.106.133 PING 10.11.106.133: 56 data bytes, press CTRL_C to break
Reply from 10.11.106.133: bytes=56 Sequence=0 ttl=125 time = 6 ms Reply from 10.11.106.133: bytes=56 Sequence=1 ttl=125 time = 6 ms
II. tracert
To check the gateways passed by a data packet sent from the host to the destination, you can run the command tracert. This aims to check the connectivity of network and locate faults in the network. First, the host sends a data packet with the Time to Live (TTL) value as 1 is sent to the destination. During the first hop, the system returns an Internet Control Message
Protocol (ICMP) message to indicate the failure in transmitting the data packet due to TTL timeout. Then, the data packet is re-sent, its TTL is 2. The system also returns TTL timeout in the second hop. In this way, the process continues until the data packet reaches the destination. Doing so will record the source address of each ICMP TTL timeout message, so as to provide a path that an IP packet passes along the way to the destination.
MA5300#tracert 10.11.106.133 traceroute to 10.11.106.133 max hops 30 ,packet 40 bytes press CTRL_C to break 1 2 3 4 253 ms * * 4 ms 476 ms * * 4 ms 508 ms * * 5 ms 10.11.120.62 Request timed out. Request timed out. 10.11.106.133
Chapter 3 User Management

3.1 Overview
Operation users here refer to the users who operate the MA5300 through the command line terminal. The MA5300 verifies the operation users strictly in light of their user names and passwords, to allow or deny their login. The MA5300 also controls the operation users management and maintenance on the MA5300 in light of their authorities. Each user has its own attributes. The attributes of a user involve: 1) Account
An account, also called a user name, consists of 131 characters. All the user names are unique, case insensitive and free of any space or @. 2) Password
A password consists of 115 characters. A common user can only modify his own password, while an administrator can modify the passwords of other users. The password is case sensitive. A user needs to enter their valid user names and passwords to log in before he/she can maintain the MA5300 through the command line terminal. 3) Reentry count
Whether a user name can be used to log in to the MA5300 from multiple terminals at the same time depends on the reentry count. The count is in the range of 04. If the count is set to 0, the user cannot log in to the MA5300. It is recommended that you set the reentry count to 1. When you log in to the MA5300, the system will check whether your user name matches your password, and whether your user name is being used at the moment. It depends on the reentry count whether you are allowed to log in, if your user name is in use. 4) Authority
In terms of authority, operation users are divided into: Common users, who can only perform some simple query operations and run some system commands. Operators, who are allowed to configure the MA5300, such as setting system time. Administrators: who are of the highest level. They can configure, manage, and maintain user accounts and authorities.
The users with higher authority can run lower level commands, but the users with lower authority cannot run higher level commands. After passing the login authentication, all users first enter user EXEC mode, and then other modes, depending on their authorities. Even in the same command mode, users with different authorities are entitled to perform different operations. 5) Appending information
Appending information is optional, which can be the users phone number or address. It is a string of up to 35 characters. 6) Callback attributes
Callback attributes are used in the callback of remote Modem dialup. The user management involves: Adding/Deleting a User Modifying User Attributes Viewing User Information Table 3-1 lists the commands for user management. Table 3-1 Commands for user management To Add/Delete a user Modify the user level Modify a user password Modify the permitted reentry count Modify the appending information Modify the user callback attributes View the information on a user Use (no) terminal user name terminal user level terminal user password terminal user reenter terminal user apdinfo terminal user callback show terminal user In Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode User EXEC mode
3.2 Adding/Deleting a User

3.2.1 Adding a User
The MA5300 has one default administrator, whose user name is "root" and password is "admin".
To add an authorized user, you can run the command terminal user name. When adding a user, you need to enter the following: User name Password User level Reentry count Appending information Callback attributes
Note: Only the administrator can add a new user. All user names are unique and free of @domain. Multiple users can be added at a time, and up to 126 users can be added.
This example shows how to add a common user Huawei. The reentry count is 2, and the appending information is 8008302118 (namely the users telephone number).
MA5300#terminal user name User Name( <32 chars):huawei User Password(<=16 chars): Confirm Password(<=16 chars): User's Level(1--3). 1. Common User(1) 2. Operator(10) 3. Administrator(15):2
Permitted Reenter Number(0--4):3 User's Appended Info(<=50 chars):8008302118 User's call-back dialstring(<=32 chars): Callback-verify?[Y|N]n This user has been added Repeat this operation? [Y|N]n
3.2.2 Deleting a User

To delete an operation user, you can run the command no terminal user name, provided that you are an administrator.
Note: Users cannot delete themselves. The user root cannot be deleted. A user who is logging in cannot be deleted. To delete this user, disconnect it first. Multiple users can be deleted at a time.
This example shows how to delete a user.

MA5300#no terminal user name huawei This user has been deleted Repeat this operation? (y/n)[n]:n
3.3 Modifying User Attributes

The MA5300 supports the modification of user attributes, including: User level Password Number of permitted re-entries Appending information Callback attributes
I. Modifying the user level

To modify the user level, you can run the command terminal user level, provided that you are an administrator. This example shows how to change the level of the common user huawei to the level of an operator.
MA5300#terminal user level User Name(<=32 chars):huawei 1. Common User(1) User's Level(13).2 Confirm Level(13): 2 Information will take effect when this user logs on next time Repeat this operation? [Y|N]n 2. Operator(10) 3. Administrator(15):
II. Modifying the user password

To modify the user password, you can run the command terminal user password. The administrator can modify the passwords of all users (including themselves). To do this, he does not need to enter the old passwords.
However, common users and operators can only modify their own passwords. To do this, they need to enter the old passwords.
III. Modifying the reentry count

To modify the reentry count, you can run the command terminal user reenter, provided that you are an administrator.
IV. Modifying the appending information

To modify the appending information, you can run the command terminal user apdinfo. The administrator can modify such information of all users. Common users and operators can only modify their own appending information.
V. Modifying the user callback attributes

To modify the callback attributes of a user, you can run the command terminal user callback. The administrator can modify such attributes of all users. Common users and operators can only modify their own callback attributes.
MA5300#terminal user callback User Name(<=32 chars):huawei User's call-back dialstring(<=32 chars):26530880 Callback-verify?[Y|N]n The user's attribute is set successfully! Repeat this operation? [Y|N]n
3.4 Viewing User Information

To view the information on all operation users or a specific user, you can run the command show terminal user. To view the information on online users, you can run the command show terminal user online.
Note: You can use this command to display the information on a user with a level equal or lower than yours only.
This example shows how to view the information on all users.

MA5300#show terminal user all -------------------------------------------------------------------User name Level Line Idle Time Location
-------------------------------------------------------------------root huawei Admin Operator 0 AUX 0 0 0
This example shows how to view the information on online users.

MA5300#show terminal user online -----------------------------------------------------------------User name Level Line Idle Time Location
------------------------------------------------------------------root Admin 0 AUX 0 0
Chapter 4 Line Configuration

4.1 Overview
I. Line introduction
Line configuration is a new configuration mode parallel to the interface configuration. It is provided by the MA5300 to configure and manage the configuration data of physical interfaces and logical interfaces in asynchronous and interactive mode. In this way, the MA5300 can manage all types of users in a unified manner. The MA5300 supports two types of line: Auxiliary line (AUX) The auxiliary port is a line device. Each device has only one console port. This port provides an RS-232 interface so that you can configure and manage the MA5300 through the Console port locally. Virtual line (VTY) The virtual port is a logical line allowing you to access the device in Telnet mode. It is often abbreviated as VTY.
Note: On the MA5300, the AUX port and the Console port refer to the same port. Therefore, only two types of lines are available: AUX line and VTY line.
II. Line numbering

There are two modes for the line numbering: the absolute numbering mode and the relative numbering mode. 1) Rules for the absolute numbering mode are as follows: AUX line number is placed at the first digit, such as line0. The virtual line number follows. That means the absolute line number of the first virtual line (hereafter referred to as line) is line2, the second is line3, and so forth. 2) Relative line numbering mode is: line type + serial number. The numbering rules are as follows: Number of the AUX line: aux0.
The numbering of virtual line: The first virtual line is vty0, the second one is vty1, and so forth.
III. Line management

The Line management involves: Entering Line Configuration Mode Configuring the Attributes of an Asynchronous Interface Defining HyperTerminal Attributes Viewing Line Information Table 4-1 lists all commands for Line management. Table 4-1 Commands for Line management To Enter mode line configuration line Use Global mode Line mode Line mode Line mode Line mode Line mode Line mode Global mode Line mode Line mode Line mode Line mode In configuration
Set the transmission rate Set the flow control mode Set parity bits Set stop bits Set data bits Enable/Disable terminal service EXEC
(no) speed (no) flowcontrol (no) parity (no) stopbits (no) databits (no) exec lockable lock (no) length (no) history size show line
configuration configuration configuration configuration configuration configuration configuration configuration configuration configuration configuration
Set the terminal line to be lockable Lock a terminal line Set the terminal screen length Set the size of history command buffer View Line information
4.2 Entering Line Configuration Mode

You can run the command line to enter line configuration mode. Then you can configure the attributes of the asynchronous interface. You can either enter single line configuration mode to configure a single line, or enter multiple-line configuration mode to configure multiple lines at one time. 1) To enter the AUX port mode under a line, do as follows.
MA5300(config)#line aux 0 MA5300(config-line-aux0)#
Or perform the following configuration:

MA5300(config)#line 0 MA5300(config-line0)#
2)
To enter the VTY mode under a line, do as follows.
MA5300(config)#line vty 0 3 MA5300(config-line-vty0-3)#
Or perform the following configuration:

MA5300(config)#line 1 4 MA5300(config-line1-4)#
4.3 Configuring the Attributes of an Asynchronous Interface

You can configure the attributes of an asynchronous interface only in line configuration mode. However, the commands apply only when the serial ports work in the asynchronous interactive mode.
Note: When logging in to the system through the serial port, make sure that the line parameter settings are the same as those of the terminal. Any change of the line parameters, such as bit rate and flow control mode, will lead to system breakdown.
I. Setting the transmission rate of the serial port

To set the transmission rate of the serial port, you can run the command speed. To restore the default value, you can run the command no speed. The available rates include: 300 bit/s, 600 bit/s, 1200 bit/s, 4800 bit/s, 9600 bit/s, 19200 bit/s, 38400 bit/s, 57600 bit/s and 115200 bit/s
By default, it is 9600 bit/s.

MA5300(config-line-aux0)#speed 9600
II. Setting the flow control mode

To set the flow control, you can run the command flowcontrol. To restore the default setting, you can run the command no flowcontrol. By default, the flow control function is disabled. Flow control on the serial port may be hardware flow control and software flow control. The MA5300 does not support hardware flow control.
MA5300(config-line-aux0)#flowcontrol none
III. Setting the parity bit of the line

To set the parity bit of the line, you can run the command parity. To restore the default value, you can run the command no parity. By default, the parity bit is none, namely, not to enable parity check.
MA5300(config-line-aux0)#parity none
IV. Setting the stop bit of the line

To set the stop bit of the line, you can run the command stopbits. To restore the default value, you can run the command no stopbits. By default, the stop-bit is 1.
MA5300(config-line-aux0)#stopbits 1
V. Setting the data bit of the line

To set the data bit of the line, you can run the command databits. To restore the default value, you can run the command no databits. By default, the data bit is 8.
MA5300(config-line-aux0)#databits 8
4.4 Defining HyperTerminal Attributes

I. Enabling/Disabling the EXEC terminal service
To enable EXEC terminal service, you can run the command exec. Then the user will be able to log in to the system through the serial port or Telnet session.
By default, the EXEC terminal service is enabled on all lines. To disable EXEC terminal service, you can run the command no exec. However, since the AUX port itself is the console port, the AUX port does not support the command no exec for the sake of safety. It is supported on other lines apart from the AUX port. This example shows how to run the command no exec on line 1.
MA5300(config-line1)#no exec
Once this command is executed, Telnet will be disabled, and the system will prompt:
%Connection refused by remote host!
II. Enabling/Disabling the line locking

To enable line locking, you can run the command lockable in line configuration mode. Then you can run the global command lock to lock the line. To unlock the line, password input is required. This can effectively prevent random modification on the equipment by an illegal user. By default, line locking is disabled. This example shows how to lock the serial port line, do as follows.
MA5300(config)#line aux 0 MA5300(config-line-aux0)#lockable MA5300(config-line-aux0)#exit MA5300(config)#lock Password: Again:
Press any key to unlock the line.

Locked ! Password: MA5300(config)#
III. Enabling/Disabling the timeout exit

To enable timeout exit, you can run the command exec-timeout. When no operation is made on the terminal for a certain period of time, the terminal will be disconnected. By default, timeout exit is enabled whenever you log in. If you do not need this function, you can run the command no exec-timeout to disable it. However, to prevent any user from occupying the system without making any operations for too long, the system will disconnect a terminal user if no input from that terminal is received for 120 minutes.
MA5300(config-line0)# exec-timeout 5 0
IV. Setting the screen-length of the terminal screen

You can set the length of a terminal screen as required. The length of the terminal screen is 24 lines by default. The command no length is used to restore the default setting, while the command length 0 is used to disable the split-screen function.
MA5300(config-line0)#length 12
V. Setting the size of history command buffer

To set the number of commands that can be stored in the history buffer, you can run the command story size. By default, 10 commands can be stored.
MA5300(config-line0)#history size 5
4.5 Viewing Line Information

To view the information on the physical attributes and related configuration of the line(s), you can run the command show line. 1) View information on all lines.
Tty Typ I 0 1 2 3 4 AUX 0 VTY 0 VTY 1 VTY 2 VTY 3 Tx/Rx 9600 0 0 0 0 0 A Modem Roty AccO AccI Uses Noise Overruns
MA5300(config)#show line
2)
View information on line 0.

Tty Typ Tx/Rx 9600 0 A Modem Roty AccO AccI Uses Noise Overruns
MA5300(config)#show line 0
I 0
AUX 0
Chapter 5 Board Management

5.1 Overview
I. Board types
The MA5300/MA5303 offers multiple boards. For details, refer to Table 5-1. Table 5-1 MA5300/MA5303 boards Device Board type Main board MA5300 ISU board Service board Main board control control Board name ESMA, ESME, ESMB ISUA, ISUE EVDA, EADA, EADB, ESHA ESMA, ESME, ESMB EVDA, EADA, EADB, ESHA Slots available 7, 8 14, 15 06, 915 7 16
MA5303
Service board
II. Board maintenance & management

Board maintenance and management involves: Viewing a Board Adding a Board Confirming a Board Deleting a Board Resetting a Board Replacing a Board Table 5-2 lists the commands for board management. Table 5-2 Commands for board management To View a board Add a board Confirm a board Use show board board add board confirm
In User EXEC mode Global configuration mode Global configuration mode
To Delete a board Reset a board Replace a board Reset the system
Use board delete board reset board replace reboot
In Global configuration mode Global configuration mode Global configuration mode Global configuration mode
5.2 Viewing a Board

To view the information on a board, you can run the command show board. When only the frame number is entered, you can obtain the overall information on such a frame, including board names, board status and subboard types. By entering the frame number/slot number of a board, you can obtain more detailed information on that board, such as its board category, status and port-related information. This example shows how to view boards in frame 0.
MA5300#show board 0 --------------------------------------------------------------SlotID BoardName Status SubType1 SubType2
--------------------------------------------------------------0 1 2 3 4 5 6 7 ESMA Normal E4FE E4FE EADA Auto_find EVDA EVDA EVDA Auto_find Auto_find Auto_find
---------------------------------------------------------------
Depending on the user operations and running conditions, boards can be in different status. Table 5-3 lists all board status. Table 5-3 Board status Status Comm Fail Comm OK Remark Service board. It indicates the physical link communication fails. Service board. It indicates the physical link communication is normal.
Status Normal Failed Active -Normal Standby-Normal Configuring Auto_find
Remark Service board. It indicates the board is registered successfully, and is running normally. Service board. The board is in fault status. ESM board ESM board Service board. The board is being configured. Service board. It refers to the status displayed by the system when a board is just inserted, but not confirmed yet.
Table 5-4 shows the subboards attached to the ESMA/ESME and ISUA/ISUE boards. Table 5-4 The subboards attached to the MA5300 boards Subboard type E4FA E4FB O1FAB O1FAF O2FAB O2FAF O4FAB O4FAF O4FBB O4FBF O2GAA O2GAE O1GAA O1GAE O2GAX O4FS Description 4xFE electrical port subboard 4xFE electrical port subboard 1xFE multi-mode optical port subboard 1xFE single-mode optical port subboard 2xFE multi-mode optical port subboard 2xFE single-mode optical port subboard 4xFE multi-mode optical port subboard 4xFE single-mode optical port subboard 4xFE multi-mode optical port subboard 4xFE single-mode optical port subboard 2xGE multi-mode optical port subboard 2xGE single-mode optical port subboard 1xGE multi-mode optical port subboard 1xGE single-mode optical port subboard 2xGE single-mode/multi-mode optical port subboard 4xFE optical port swappable module subboard, SFP Applicable board ESMA/ESME ISUA/ISUE ESMA/ESME/ESMB ESMA/ESME/ESMB ESMA/ESME/ESMB ESMA/ESME/ESMB ESMA/ESME/ESMB ESMA/ESME/ESMB ISUA/ISUE ISUA/ISUE ESMA/ESME/ESMB, ISUA/ISUE ESMA/ESME/ESMB, ISUA/ISUE ESMA/ESME/ESMB, ISUA/ISUE ESMA/ESME/ESMB, ISUA/ISUE ESMA/ESME ESMB
Subboard type O2FS O4GS O2GS E2GA
Description 2xFE optical port swappable module 4xGE optical port swappable module 2xGE optical port swappable module subboard, subboard, subboard, SFP SFP SFP
Applicable board ESMB ESMB ESMB ESMB/ISUA/ISUE
2xGE electrical port subboard
5.3 Adding a Board

The MA5300 can auto detect boards in a frame. To configure a board off line (namely performing data configuration when the board slot is idle) so that the equipment can enter the running status soon after the board is inserted, you can first run the command board add to add the desired board to an idle slot, and then perform data configuration. Service boards can be added in idle slots only. Service boards can only reside in slots 06 and 915. At the moment, the board is in Failed status. It will restore to normal status after the slot is inserted with a board of the same type. This example shows how to add an EVDA board in slot 4.
MA5300(config)#board add 0/4 evda ! 1[2002-12-18 05:50:54]:ALM-3-AlarmInfo: Frame 0 slot 4 board add successfully
Note that even after a board is added successfully off line, the system will still prompt you that the communication with the ESM board fails.
Note: ESPA board is a passive board that can work normally without any connection with the backplane. Therefore, no operation on this board is required. (ESP is short for Ethernet Splitter board). When a service board other than ESPA is inserted into an idle slot, the system will make registration automatically and identify the board type. Auto registration is not available for the ESPA board. The ESPA board should be used in combination with the EVDA and EADA boards in the proportion of 1:2 (for ESPA and EVDA) and 1:1 (for ESPA and EADA).
5.4 Confirming a Board

I. Confirming a board
The MA5300 can detect a board automatically. After a board is inserted into an idle slot, the system can identify the board name and subboard type. To confirm a board identified automatically by the system, you can run the command board confirm. The configuration for a board will begin only after that board is confirmed to be normal. This example shows how to enter the frame number to confirm all boards:
MA5300(config)#board confirm 0 0 frame 0 slot board confirm successfully 0 frame 2 slot board confirm successfully
This example shows how to enter the frame and slot number to confirm the specified board.
MA5300(config)#board confirm 0/12 0 frame 12 slot board confirm successfully
II. Confirm the consistency of host versions

The MA5300 supports the consistency check for the version of the ESM and service boards. In the case that their versions are not consistent, the MA5300 will generate an alarm when you run the command board confirm to confirm a board. When you run the command show board to view the information of a board, it will display "Version_error" if no such service board is configured. This example shows how to confirm the board residing in slot 1.
MA5300(config)#board confirm 0/1 Note: The software version of Board 3 is not compatible with main board! Main : V100R005B02D063
Board 1: V100R003B02D063 (DISABLED). Please update to correct version. 0 frame 1 slot board confirm successfully
This example shows how to view the board information.

MA5300(config)#show board 0 --------------------------------------------------------------SlotID BoardName Status SubType1 SubType2
--------------------------------------------------------------0 1 EVDA EADA Normal Version_error
5.5 Deleting a Board

To delete a board, you can run the command board delete. A deleted board is not recoverable, and all of its data will be cleared.
Note: The ESM board cannot be deleted. When the ISU boards residing in slot 14/15 are enabled through the backplane, they cannot be deleted by running the command board delete. To delete the ISU boards, you can run the command no inner-isu. You can also delete other boards working in normal status. Such command should be used with due care, as board deletion operation cannot be undone, and it will clear all data of the board.
5.6 Resetting a Board

I. Resetting a service board
When a service board is working abnormally, you can run the command board reset to reset it. Resetting a board may result in a fault alarm and a recovery alarm. After the command board reset is run, the ESM board will generate reset failure alarm if it does not receive any response from the service board after a long time. When a board is reset successfully, the registration will be output to the ESM board. The ESM board then performs data configuration for the board to restore the services.
MA5300(config)#board reset 0/1 Are you sure to reset board? (y/n)[n]:y 0 frame 1 slot reset board message sent successfully... MA5300(config)#board reset 0/7

Are you sure to reset board? (y/n)[n]:y Fail to reset board
II. Resetting the system or main control board

To reset the whole system, you can run the command reboot system. To reset the active ESM board, you can run the command reboot active. To reset the standby ESM board, you can run the command reboot standby. The command board reset cannot be used to reset an ESM board. When the system is equipped with only one ESM board, reset of the ESM board will reset all service boards. When the system is equipped with dual ESM boards, reset of the active ESM board will promote the standby board to the status of active ESM board without affecting the service boards.
MA5300(config)#reboot active Standby board fails or does not exist, reboot active will cause system reboot. Please assure the data is saved, are you sure to reboot active board? (y/n)[n]:y
Note: Resetting the system will result in loss of unsaved data. It is recommended that you run the command write to save the system data before the reset operation. To avoid affecting the service, make due consideration before you reset the system. In general, the system should be reset after new application or data is loaded.
5.7 Replacing a Board

To upgrade the compatible boards of a same series, you can run the command board replace. In this case, a replaced board inherits the interface configuration of the original one automatically without re-configuration. The MA5300 will convert host configuration data from one board to another board directly. The MA5300 supports the following board replacements: Replacing the EADA with the EADB. Replacing the EADL with the EBDL.
Note: You can perform this operation no matter whether the board is in normal or faulty status. If an old-type board is in normal status, it will be reset after this command is run, because its type is not consistent with the type of the board configured. Then, you can remove the old-type board and insert the new-type board.
This example shows how to replace the EADA board in slot 6 with the EADB board.
MA5300(config)#board replace 0/6 eadb Are you sure to replace this board? (y/n)[n]:y Frame 0 slot 6 board replace successfully
Chapter 6 Network Management Configuration

6.1 Overview
The MA5300 supports both inband and outband network management system (NMS). Inband NMS refers to the network management mode realized through the service channel provided by the managed devices. Inband network features flexible networking and requires no additional devices. But it has a shortcoming. The traffic generated in maintenance occupies the service channel, making it impossible to maintain the managed device when it is faulty. Outband NMS refers to the NM mode realized through the special Integrated Services Digital Network (ISDN) line, Digital Data Network (DDN) line or E1 line. An NMS can connect to the managed device through LAN, or WAN, including DDN. Compared with the inband network, the outband network provides reliable channels for device management. In an outband network, the NMS can timely locate the fault incurred to a managed device, and monitor the managed device in real time. Outband network requires extra devices to form a network, providing a maintenance channel that is independent of the service channel.
6.2 Configuring SNMP

6.2.1 Overview
SNMP is the most widely used NM protocol in the present computer network. The SNMP architecture comprises NMS and Agent. NMS: refers to the workstation running the client program. Sun NetManager and IBM NetView are two commonly applied NM platforms. Agent: refers to the server software running on the network device. After receiving a request from NMS, the Agent reads or writes the management variables based on the message type. It then generates a Response and returns it to the NMS. On the other hand, Agent sends Trap to report any abnormality that occurs in the cold/warm start of the device. To uniquely identify the management variables in the SNMP packet, SNMP identifies the management objects in a hierarchical naming scenario. It resembles a tree, where the nodes of the tree represent management objects, as shown in Figure 6-1. An unequivocal path starting from the root of the tree can identify a managed object.
1 1 1 1 5 A
Figure 6-1 MIB tree structure As shown in the above figure, the managed object B can be uniquely identified with a string of numbers {1.2.1.1}. This number string is the object identifier of B. The function of the Management Information Base (MIB) is to describe the hierarchical structure of a tree. It is a set defined by the standard variables of the monitored network device. SNMP allows you to set the community name, add users/groups, add views, and configure an ACL, offering very high security. With the ACL modules access list, the system can screen a specific IP address so that users with the IP address cannot access the Agent. There are two versions of SNMP: V1/2C and V3. The configuration of SNMP V1/2C involves: Enabling/Disabling SNMP V1/2C Adding Community names Enabling/Disabling sending trap The configuration of SNMP V3 involves: Enabling/Disabling SNMP Adding a user Adding a group Adding a view Enabling/Disabling sending trap The first running of the command snmp-server will enable all SNMP versions. You can run the command no snmp-server to disable all SNMP versions. Table 6-1 lists the commands for SNMP management.
2 2 2
B 6
Table 6-1 Commands for SNMP management To Add/Delete names community Use (no) snmp-server community (no) snmp-server enable traps (no) snmp-server trap-source (no) snmp-server trap-source (no) snmp-server contact (no) snmp-server location (no) snmp-server packetsize (no) snmp-server engineid (no) group snmp-server Global mode Global mode Global mode Global mode Global mode Global mode Global mode Global mode Global mode Global mode Global mode In configuration configuration configuration configuration configuration configuration configuration configuration configuration configuration configuration
Set the Trap sending Set the address Trap destination
Set the Trap source address Set the sysContact Set the sysLocation Set the SNMP packet size Set the SNMP server engine ID Add/Delete an SNMP group Add/Delete an SNMP group user Create/Update information on view View the information community names View the information sysContact View the sysLocation View the statistics View the engine ID SNMP SNMP packet server on on the on on
(no) snmp-server user (no) view snmp-server snmp
show community
All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
show snmp contact show snmp location show snmp show snmp engineid show snmp group show snmp user show snmp view
View the information SNMP groups View the information SNMP users
View the information on views
Note: The operation of setting a community name is only applicable to SNMP V1/V2C. The operations of setting a local/remote devices name, SNMP group, user, and view are only applicable to SNMP V3. Though the V1/V2C option is available to the setting of user and group, any such a setting is invalid. Other settings are applicable to both versions.
6.2.2 Setting the Community Name

SNMP V1 adopts the community name authentication solution. SNMP packets not conforming to the community name recognized by the device will be discarded. An SNMP community is identified with a character string called community name. A community may have the read-only access authority or the read-write access authority. Communities with read-only authority can merely view the device information while those with read-write authority can configure the device. To set the name for a community with read-only authority or read-write authority, you can run the command snmp-server community. To cancel the setting, you can run the command no snmp-server community. This example shows how to add a community name of public with read-only authority using ACL 5.
MA5300(config)#snmp-server community pubic ro acl 5
To view the community names after completing the setting, you can run the command show snmp community.
6.2.3 Setting the Trap Sending

Trap is the unsolicited information sent automatically to NMS by the managed device to report some urgent events. The related configuration involves: Enabling/Disabling the sending Trap Setting the Trap destination address Setting the Trap source address (if you want to trace a specific event using the Trap address) 1) Enable/Disable the sending Trap. To enable the sending Trap, you can run the command snmp-server enable traps. To disable this function, you can run the command no snmp-server enable traps.
MA5300(config)#snmp-server enable traps
2)
Set the Trap destination address.
To enable sending Trap, you need to set the Trap destination address by running the command snmp-server host. To cancel the setting, you can run the command no snmp-server host. The only difference between configuring SNMP V1 and SNMP V2C lies in the version selection. This example shows how to set the IP address of the destination host for sending Trap as 10.71.53.108 and SNMP version as 1 using the community name of private.
MA5300(config)#snmp-server host 10.71.53.108 version 1 private
3)
Set the Trap source address.
To set Trap source address, you can run the command snmp-server trap-source. To cancel the setting, you can run the command no snmp-server trap-source. This example shows how to set the source address for sending Trap as vlan-interface 1000.
MA5300(config)#snmp-server trap-source vlan-interface 1000
6.2.4 Setting Management Attributes

I. Setting sysContact
SysContact is a management variable in the system group of MIB II. Its content includes the ID of device administrator and contact method. To set the sysContact, you can run the command snmp-server contact. To restore the default setting, you can run the command no snmp-server contact. The default setting is HuaWei BeiJing China. After the configuration completes, you can view information on the ID of device administrator and contact method by running the command show snmp contact.
MA5300(config)#snmp-server contact mary-075512345678 MA5300(config)#show snmp contact The contact person for this managed node: mary-075512345678
II. Setting sysLocation

SysLocation, a management variable in the "system" group of MIB, is used to indicate the location of the managed device. To set the location of the MA5300, you can run the command snmp-server location. To restore the default setting, you can run the command no snmp-server location.
By default, sysLocation is BeiJing China. After the configuration completes, you can run the command show snmp location to view the information on the device location.
MA5300(config)#snmp-server location Shenzhen China MA5300(config)#show snmp location The physical location of this node: Shenzhen China
6.2.5 Setting the SNMP Packet Size

To set the size of the SNMP packet that can be received or sent by the Agent, you can run the command nmp-server packetsize. To restore the default setting, you can run the command no snmp-server packetsize. The packet size is in the range of 48417940 (unit: byte), and the default value is 1500. After the configuration completes, you can run the command show snmp to view the statistics on the SNMP packets.
MA5300(config)#snmp-server packetsize 1500
6.2.6 Setting the Name of Local or Remote Device

This operation is only allowed for SNMP V3. Since an engine ID is associated with the user information, you have to set the engine ID before adding an SNMP user. Any changes of the engine ID will delete all the user information. Therefore, it is recommended that you perform this operation with caution. To set the engine ID for a device, you can run the command snmp-server engineid. To restore the default setting, you can run the command no snmp-server engineid. By default, the engine ID is composed of enterprise ID and device information. The latter may be a device IP address, MAC address or other self-defined text. After completing the configuration, you can run the command show snmp engineid to view the device engine ID.
MA5300(config)#snmp-server engineid 800007DB00E0FC1119C26877 MA5300(config)#show snmp engineid Local SNMP engineID: 800007DB00E0FC1119C26877
6.2.7 Setting an SNMP V3 Group

This operation involves two passwords: Authentication protocol password Privacy protocol password
To add an SNMP group, you can run the command snmp-server group. To delete an SNMP group, you can run the command no snmp-server group. After the configuration completes, you can run the command show snmp group to view the information on the SNMP group. Table 6-2 Parameter specification Parameter auth Description Indicates to authenticate only the first-level password, namely the authentication protocol password. Indicates to authenticate the passwords of both levels, namely the authentication protocol password and privacy protocol password. Indicates that no authentication is required. Indicates to define the read, write and notify attributes of a node in a view. Indicates to apply the ACL to prevent illegal access to the Agent.
priv noauth read, write and notify acl acl_no
This example shows how to add an SNMP group 5300, and authenticate the firstlevel password only. The attributes of nodes 5300a, 5300b, and 5300c are read, write and notify respectively.
MA5300(config)#snmp-server group 5300 v3 auth read 5300a write 5300b notify 5300c MA5300(config)#show snmp group Group name: 5300 Readview: 5300a Notifyview :5300c Storage-type: nonVolatile Security model: v3 auth Writeview: 5300b
6.2.8 Adding/Deleting a User to/from an SNMP Group

SNMP V3 implements user-oriented SNMP packet sending. The SNMP user is a remote user using the SNMP management commands. To connect to the Agent module of the MA5300, An SNMP user is required to pass the user authentication (namely the user name and password must be set). The user should belong to an SNMP group. The user's authority must be lower than that of the group to which he/she belongs. To add a user to an SNMP group, you can run the command snmp-server user.
To delete a user from an SNMP group, you can run the command no snmp-server user. After the configuration completes, you can run the command show snmp user to view the information on the SNMP user. This example shows how to add the user huawei to an SNMP group, which belongs to group 5300. Authenticate the authentication protocol password only. The password is of hello.
MA5300(config)#snmp-server user huawei 5300 v3 auth md5 hello MA5300(config)#show snmp user User name: huawei Engine ID: 800007DB00E0FC1119C26877 active
6.2.9 Creating/Modifying/Deleting/Viewing the View Information

This operation is only allowed for SNMP V3. By setting a view, you can define the accessibility attributes of a node in the view, thus limiting the access to the data. To create/modify the view information, you can run the command snmp-server view. To delete the view information, you can run the command no snmp-server view. To query the view information, you can run the command show snmp view. This example shows how to create a view mib2, which includes MIB subtree 1.3.6.1.
MA5300(config)#snmp-server view mib2 1.3.6.1 included MA5300(config)#show snmp view View name:mib2 MIB Subtree:internet -included active MIB Subtree:internet -included active MIB Subtree:snmpUsmMIB -excluded active MIB Subtree:snmpVacmMIB -excluded active MIB Subtree:snmpModules.18 -excluded active
Storage-type: nonVolatile View name:ViewDefault Storage-type: nonVolatile View name:ViewDefault Storage-type: nonVolatile View name:ViewDefault Storage-type: nonVolatile View name:ViewDefault Storage-type: nonVolatile
6.3 Configuring the Outband NMS

The MA5300 sets up the outband NMS through its ETH port and serial port. For information on how to maintain outband NMS through serial port, refer to Chapter 1 Maintenance Terminal Configuration. This section will focus on maintaining the NMS through the maintenance interfaces, involving:
Setting the IP Address of an Outband Port Setting Outband NMS Routes Outband NMS Configuration Example
Note: For details on SNMP configuration, refer to 6.2 Configuring SNMP.
6.3.1 Setting the IP Address of an Outband Port

The maintenance port configuration consists of the IP address configuration and IP address query of the maintenance port. The MA5300 uses the ETH port on the ESM board as the default Ethernet maintenance port. By default, the port's IP address is 10.11.18.1/255.255.0.0. To view the configuration of the maintenance port, you can run the command show ip interface. To view the IP address and mask of the maintenance port, you can run the command ip address in MEth interface configuration mode. Make sure that the maintenance port, the configuration terminal, and the gateway are located in the same subnet. This example shows how to set the IP address and mask of the maintenance port as 10.71.53.2 and 255.255.255.0 respectively.
MA5300(config)#interface m-ethernet7/0/1 MA5300(config-if-M-Ethernet7/0/1)#ip address 10.71.53.2 255.255.255.0
6.3.2 Setting Outband NMS Routes

The MA5300 and the NMS usually locate in different subnets. Therefore, an outband NMS route shall be configured for forwarding IP packets. To add a route to the gateway, you can run the command ip route. You can configure up to 200 static routes in the MA5300. However, useless routes may affect the working efficiency of the system, and shall be deleted. To delete a route, you can run the command no ip route. To view the configuration information on the current route, you can run the command show ip route.
This example shows how to create a route destined to 10.71.8.0 subnet so that IP packets from the MA5300 are to be forwarded through the gateway 10.71.53.1
MA5300(config)#ip route 10.71.8.0 255.255.255.0 10.71.53.1
6.3.3 Outband NMS Configuration Example

I. Networking description
Uplink
MA5300
E E V A D D A A
ETH
MA5200
S M B
ESM
HRB
Figure 6-2 Outband NMS networking 1) The outband port (namely the ETH port) on the ESM board of the MA5300 is connected to port 7 on the MA5200s HRB board through a crossover network cable. 2) 3) 4) 5) The IP address of the MA5300 outband NMS is: 10.10.20.1 255.255.255.0. Only the IP addresses within 10.10.21.1/24 can Telnet to the MA5300. The IP address of port 7 of the HARB board on the MA5200 is: 10.10.20.254/24. The IP address of port 0 on the MA5200s HRB board is: 10.10.40.1/30.
Note: The function of ACL for Telnet is applicable to outband/inband NMS. This chapter only describes its application to outband NMS, which is almost the same as its application to inband NMS.
II. Configuration procedure

1) Set the IP address of the outband port.
MA5300(config)#interface m-ethernet7/0/1 MA5300(config-if-M-Ethernet7/0/1)#ip address 10.10.20.1 255.255.255.0
2)
Set the list of IP addresses that can Telnet to the MA5300.

MA5300(config)#access-list 1 permit 10.10.21.1 0 MA5300(config)#access-list 1 deny any MA5300(config)#line vty 0 3 MA5300(config-line-vty0-3)#access-class 1 in
3) 4)
Add an NM route. Set the community name and the access authority.
MA5300(config)# snmp-server community public ro MA5300(config)# snmp-server community private rw
5) 6) 7) 8)
Enable Trap sending. Set Trap destination address. Specify IP address of the outband NMS as the Trap destination address. Save the Data.
MA5300(config)# snmp-server enable traps
MA5300(config)# snmp-server host 10.10.21.1 private
MA5300(config)#snmp-server trap-source m-ethernet 7/0/1
MA5300(config)#write
6.4 Configuring the Inband NMS

Outband NMS requires an NM LAN, which is not feasible for devices which are far away from each other. In such a case, inband NMS shall be provided. The MA5300 implements inband NMS through the FE/GE ports on its ESM board. The configuration of inband NMS mainly involves: Setting the IP Address of Inband NMS Setting Inband NMS Routes Adding an ACL Inband NMS Configuration Example
Note: For details on SNMP configuration, refer to 6.2 Configuring SNMP.
6.4.1 Setting the IP Address of Inband NMS

The following part involves: Creating an NM VLAN Setting the IP address of the VLAN interface Viewing the IP address of the VLAN interface
Setting an unlink port to transparently transmits NM VLAN
I. Creating an NM VLAN
To create an NM VLAN, you can run the command vlan.
MA5300(config)#vlan 1000
II. Setting the IP address of the VLAN interface

To set the IP address and mask of MA5300s VLAN interface, you can run the command ip address.
MA5300(config)#interface vlan 1000 MA5300(config-if-Vlan-interface1000)#ip address 10.71.53.2 255.255.255.0
III. Viewing the IP address of the VLAN interface

To view the IP address of current VLAN interface, you can run the command show ip interface. To view the IP addresses of VLAN interfaces, you can run the command show vlan.
IV. Setting an unlink port to transparently transmits NM VLAN

Specify an unlink port as a trunk interface, which can transparently transmit several VLANs, including NM VLAN.
MA5300(config-if-Ethernet7/2/0)#switchport mode trunk MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 1000 Please wait... Done.
6.4.2 Setting Inband NMS Routes

The route configuration involves: Defining IP access list Adding/Deleting system routes Viewing the IP route configuration For the details, refer to6.3.2 Setting Outband NMS Routes.
6.4.3 Adding an ACL

By default, the MA5300 is accessible for all users. However, for the sake of security, you can configure the system to only allow users within a certain network segment to access the MA5300 while denying other illegal network segments. By setting VLAN-based ACL on the MA5300, you can deny the access of illegal users. The ACL rules should be specified on the basis of the L3 source IP address to process
data packets, namely the standard ACL, which consists of the data-based ACL and name-based ACL.
I. Defining an ACL
Two match orders of the sub-rules of an ACL are available: config Indicates to follow the user defined configuration order when formulating the matching rule. auto Indicates to allow the system to sort automatically (in depth-first order) when formulating the matching rule. The default setting is config.
Note: When creating an ACL, you must use the inverse mask if a whole segment needs to be added into the ACL. When the access of only one host is allowed, the parameter 0 needs to be input at the end of the IP address.
This example shows how to define ACL 1, which permits the access of the users within the segment 10.72.53.0/24 of VLAN 1000.
MA5300(config)#access-list 200 deny ingress 1000 egress any MA5300(config)#access-list 1 permit 10.72.53.0 0.0.0.255 MA5300(config)#access-list 201 permit ingress 1000 egress any
II. Activating an ACL

Before using an ACL, you need to activate it first. This example shows how to activate the ACL on port Ethernet 7/2/0.
MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#access-group link-group 200 in
MA5300(config-if-Ethernet7/2/0)#access-group ip-group 1 link-group 201 in.
6.4.4 Inband NMS Configuration Example

Uplink
MA5300
E E V A D D A A
E7/2/0
MA5200
S M B
ESM
HAB
HRB
Figure 6-3 Inband NMS networking 1) 2) 3) 4) 5) Port Ethernet 0/7/0 on the MA5300s ESM board is connected to port 0 on the MA5200s HAB board. The service VLAN ID is 4000. The IP address of the MA5300 inband NMS is 10.10.20.1/24. The NM VLAN ID is 1000. The IP address of the NMS is 10.10.21.1/24 (not included in this Figure). The IP address of the MA5200s VT interface is 10.10.20.254/24. The IP address of port 0 of the MA5200 HRB board is 10.10.40.1/30.

1) Set the IP address of the inband NMS (create an NM VLAN and set the IP address of the VLAN interface).
MA5300(config)#vlan 1000 MA5300(config-vlan1000)#exit MA5300(config)#interface vlan-interface 1000 MA5300(config-if-Vlan-interface1000)#ip address 10.10.20.1 255.255.255.0
2)
Set the IP access list.
MA5300(config)#access-list extended telnet_limit MA5300(config-ext-nacl-telnet_limit)#deny ip any 10.10.20.1 0 MA5300(config-ext-nacl-telnet_limit)#permit 10.10.20.1 0 ip 10.10.21.1 0.0.0.255
3)
Activate an ACL.
MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#access-group ip-group telnet_limit in
4) 5)
Add an NM route. Set a service VLAN.

You can set a service VLAN in various ways. In this example, assume that the service VLAN (whose ID is 4000) is a Smart VLAN. Create a VLAN whose ID is 4000, and set it as a Smart VLAN.
MA5300(config)#vlan 4000 MA5300(config-vlan4000)#vlan-type smart
Add an upstream port (Ethernet 7/2/0) to the VLAN.

MA5300(config-vlan4000)#vlan-upport ethernet 7/2/0 MA5300(config-vlan4000)#exit
Set the port Ethernet 7/2/0 as the trunk port which transparently transmits NM VLAN (whose ID is 1000).
MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#switchport mode trunk MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 1000 Please wait... Done.
6)
Set the community name and the access authority.
MA5300(config)# snmp-server community public ro MA5300(config)# snmp-server community private rw
7) 8) 9)
Enable the Trap sending. Set the Trap destination address. Set the IP address of the inband NMS as the Trap source address.
MA5300(config)# snmp-server enable traps
MA5300(config)# snmp-server host 10.10.21.1 private
MA5300(config)#snmp-server trap-source vlan-interface 1000
10) Save the Data.

Chapter 7 RMON Configuration

7.1 Overview
Remote Network Monitoring (RMON) is a type of IETF-defined MIB. It is the most important enhancement to MIB II. RMON is used to monitor the data traffic on a segment or on a whole network. It is one of the widely used network management standards by far. RMON is SNMP based. It is compatible with the existing SNMP framework and requires no changes to the protocol. RMON includes the NMS and the Agent running on the network devices. On the network monitor or detector, RMON Agent tracks and accounts different traffic information on the segment connected to its port, such as the total number of packets on a segment in a certain period of time or that of the correct packets sent to a host. RMON helps SNMP monitor the remote network device actively and effectively. It can reduce the traffic between the NMS and the agent, allowing effective management over large scale interconnected networks. RMON allows multiple monitors. It collects data in two ways: Collecting data with a special RMON probe The NMS directly obtains the management information from the RMON probe and controls the network resources. In this way, it can obtain all the information on RMON MIB. Implanting the RMON Agent directly into the network devices (such as routers, switches and HUBs) In this way, the devices provide RMON probe function. The RMON NMS uses the basic SNMP commands to exchange data with the SNMP Agent and collect network management information. However, due to limitations of device resources, you may not be able to obtain all the data of RMON MIB with this method. In most cases, only four groups of information can be collected, including: Trap Event History Statistics
The MA5300 performs RMON using the second method. With the RMON-supportive SNMP Agent running on the network monitor, the NMS can obtain such information as: Overall traffic of the segment connected to the managed network device port Error statistics and performance statistics With the information, the NMS is able to mange the network remotely.
7.2 Configuring RMON

The configuration of RMON involves: Adding/Deleting an Entry to/from the Alarm Table Adding/Deleting an Entry to/from the Event Table Adding/Deleting an Entry to/from the History Control Table Adding/Deleting an Entry to/from the Statistics Table Table 7-1 lists the commands for configuring RMON. Table 7-1 Commands for configuring RMON To Add/Delete an entry to/from the alarm table Add/Delete an entry to/from the event table Add/Delete an entry to/from the history control table Add/Delete an entry to/from the statistics table Use (no) rmon alarm (no) rmon event (no) rmon history (no) rmon statistics In Global configuration mode Global configuration mode Global configuration mode Global configuration mode
7.2.1 Adding/Deleting an Entry to/from the Alarm Table

RMON alarm management can monitor such specified alarm variables as the statistics on a port. When a value of the monitored data exceeds the defined threshold, an alarm event will be generated. In general, the event will be recorded in the device log table and a Trap message will be sent to the NMS. The event is defined in the event management. The alarm management function enables you to browse, add and delete alarm entries. To add an entry to the alarm table, you can run this command: rmon alarm entry-number alarm-name sampling-time { delta | absolute } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text-string ] To delete an entry from the alarm table, you can run the command no rmon alarm.
Figure 7-1 Parameter description Parameter delta absolute rising-threshold falling-threshold owner Description The sampling type is of delta value. The sampling type is of absolute value. Upper limit of threshold value Lower limit of threshold value Creator of the entry
This example shows how to delete entry 15 in the alarm table.

MA5300(config)# no rmon alarm 15
7.2.2 Adding/Deleting an Entry to/from the Event Table

RMON event management defines the ID and handling of an event by keeping logs, sending Trap messages to the NMS, or performing the both at the same time. To add an entry to the event table, you can run this command: rmon event event-entry [ description string ] { log | trap trap-community | log-and-trap log-trapcommunity } [ owner rmon-station ] To delete an entry from the alarm table, you can run the command no rmon event. This example shows how to add entry 10 to the event table and label it as a log.
MA5300(config)# rmon event 10 log
7.2.3 Adding/Deleting an Entry to/from the History Control Table

The history data management helps you to set: History data collection Periodical data collection Storage of the specified ports The sampling information includes: Utilization ratio Error counts Total number of packets To add an entry to the history control table, you can run this command: rmon history entry-number { interface-type interface-number | interface-name } buckets number interval sampling-interval [ owner text-string ] To delete an entry from the history control table, you can run the command no rmon history.
Table 7-2 Parameter description Parameter buckets interval owner Description This control line corresponds to the history control table capacity, which is in the range from 1 to 10. Sampling time, in the range from 5s to 3600s. Creator of the entry
This example shows how to delete entry 15 from the history control table.
MA5300(config)# no rmon history 15
7.2.4 Adding/Deleting an Entry to/from the Statistics Table

The RMON statistics management involves the port usage monitoring and error statistics. The statistics include Collision CRC and queuing Undersize packets or oversize packets Timeout transmission Fragments Broadcast Multicast and unicast messages Bandwidth usage To add an entry to the statistics table, you can run this command: rmon statistics entry-number { interface-type interface-number | interface-name } [ owner text-string ] To delete an entry from the statistics table, you can run the command no rmon statistics. This example shows how to add entry 20 in the statistics table of port Ethernet 7/1/1.
MA5300(config)# rmon statistic 20 ethernet 7/1/1 % 1[2004-07-10 18:16:48]:RMON-1-ADDINFO:EtherStats table is added a valid row with index [ULONG] by null
7.2.5 Viewing RMON Information

Table 7-3 lists the commands for viewing RMON information.
Table 7-3 Commands for viewing RMON information To View RMON statistics Use show rmon statistics In All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
View the history information on RMON View the alarm information on RMON
show rmon history
show rmon alarm
View the RMON event
show rmon event
View the event log of RMON
show rmon eventlog
7.3 RMON Configuration Example

MA5300
CON ETH MON
Internet PC
PC
ESM
Figure 7-2 RMON configuration networking Requirement: Add an entry to the RMON statistics table for the Ethernet port performance. This will ease network administrators query.

1) 2) Configure RMON. View the RMON configuration.
MA5300(config)# rmon statistic 1 ethernet 7/1/1 owner huawei_rmon
MA5300# show rmon statistic ethernet 7/1/1 Interface Ethernet7/1/1, with ethernet statistics table index 1, is VALID,

and owned by huawei_rmon. It has Received 82770931 octets, 55288 packets, 35867 broadcast and 13550 multicast packets, 0 undersized and 0 oversized packets, 0 fragments and 1 jabbers, 0 CRC alignment errors and 64 collisions.
Dropped packet events (due to lack of resources): 0. Packets received of length (in octets): 64: 62300, 65-127: 42709, 128-255: 17515, 256-511: 8016, 512-1023: 9013, 1024-1518: 41030.
HUAWEI
Part 2 Basic Configuration
Operation Manual Basic Configuration SmartAX MA5300/5303 Broadband Access System
Table of Contents
Table of Contents
Chapter 8 MAC Address Management ........................................................................................ 8-1 8.1 Overview ............................................................................................................................ 8-1 8.2 Configuring MAC Address Table ....................................................................................... 8-2 8.2.1 Adding/Modifying/Deleting Address Items .............................................................. 8-2 8.2.2 Enabling/Disabling the Address Learning ............................................................... 8-3 8.2.3 Setting the MAC Address Learning for a Port......................................................... 8-3 8.2.4 Setting the System MAC Address Aging ................................................................ 8-4 8.2.5 Restoring the Default MAC Address of Main Control Boards ................................. 8-5 8.3 Viewing the MAC Address Table ....................................................................................... 8-5 Chapter 9 DHCP Relay Configuration ......................................................................................... 9-1 9.1 Overview ............................................................................................................................ 9-1 9.2 Configuring a DHCP Server............................................................................................... 9-2 9.2.1 Setting a DHCP Server ........................................................................................... 9-3 9.2.2 Setting the DHCP Relay Standard Mode (VLAN Interface).................................... 9-5 9.2.3 Setting DHCP Option60 .......................................................................................... 9-6 9.2.4 Setting the MAC Address Segment ........................................................................ 9-7 9.3 Enabling the Switching Between DHCP L2/L3 Relay........................................................ 9-9 9.4 Configuring the DHCP Relay Agent Information Option.................................................. 9-10 9.4.1 Enabling/Disabling DHCP Option82 ..................................................................... 9-11 9.4.2 Setting Whether a DHCP packet Includes a Sub-option....................................... 9-12 9.4.3 Setting the Maximum Length of DHCP Packets ................................................... 9-13 9.4.4 Viewing the Information on DHCP Option82 Configuration .................................. 9-13 9.5 Configuration Example .................................................................................................... 9-14 9.6 DHCP Relay Troubleshooting.......................................................................................... 9-15 Chapter 10 ARP Configuration................................................................................................... 10-1 10.1 Overview ........................................................................................................................ 10-1 10.2 Configuring the Static ARP ............................................................................................ 10-2 Chapter 11 STP Configuration ................................................................................................... 11-1 11.1 Overview ........................................................................................................................ 11-1 11.1.1 Introduction to STP ............................................................................................. 11-1 11.1.2 Specific Calculation Process of STP Algorithm .................................................. 11-1 11.1.3 Setting the BPDU Forwarding Mechanism in STP.............................................. 11-6 11.2 Configuring RSTP.......................................................................................................... 11-7 11.2.1 Enabling/Disabling RSTP.................................................................................... 11-8 11.2.2 Setting/Switching the Operating Mode of RSTP ................................................. 11-9 11.2.3 Setting the Network Diameter ........................................................................... 11-10
Table of Contents
11.2.4 Setting the Parameters of a Specified Bridge ................................................... 11-10 11.2.5 Setting the Parameters of a Specified Port....................................................... 11-12 11.2.6 Viewing RSTP Information ................................................................................ 11-14 Chapter 12 Cluster Management Configuration....................................................................... 12-1 12.1 Overview ........................................................................................................................ 12-1 12.1.1 Brief Introduction to Cluster Management .......................................................... 12-1 12.1.1 Cluster Roles....................................................................................................... 12-2 12.1.2 Brief Introduction to HGMP ................................................................................. 12-3 12.2 Configuring HDP ............................................................................................................ 12-5 12.2.1 Setting HDP......................................................................................................... 12-6 12.2.2 Viewing HDP Information .................................................................................... 12-7 12.3 Configuring HTP ............................................................................................................ 12-8 12.3.1 Introduction to HTP ............................................................................................. 12-8 12.3.2 Setting HTP ......................................................................................................... 12-9 12.3.3 Viewing HTP Information .................................................................................. 12-12 12.4 Configuring a Cluster ................................................................................................... 12-12 12.4.1 Enabling/Disabling the Cluster Function ........................................................... 12-14 12.4.2 Setting the Cluster IP Address Pool.................................................................. 12-14 12.4.3 Specify the Command Device........................................................................... 12-15 12.4.4 Adding/Deleting a Cluster Member ................................................................... 12-15 12.4.5 Setting the Cluster Parameters ......................................................................... 12-17 12.4.6 Setting the Member Accessing ......................................................................... 12-20 12.4.7 Viewing Cluster Information .............................................................................. 12-22 12.5 Cluster Management Configuration Example.............................................................. 12-23 Chapter 13 AAA and RADIUS Configuration ............................................................................ 13-1 13.1 Overview ........................................................................................................................ 13-1 13.1.1 Introduction to AAA ............................................................................................. 13-1 13.1.2 Introduction to RADIUS....................................................................................... 13-2 13.1.3 Implementing AAA/RADIUS on the MA5300 ...................................................... 13-2 13.2 Configuring AAA ............................................................................................................ 13-3 13.2.1 Setting an Authentication/Authorization Scheme................................................ 13-5 13.2.2 Setting an Accounting Scheme ........................................................................... 13-6 13.2.3 Creating/Deleting an ISP Domain ....................................................................... 13-6 13.2.4 Configuring a User ............................................................................................ 13-10 13.2.5 Viewing AAA Information .................................................................................. 13-11 13.3 Configuring RADIUS.................................................................................................... 13-11 13.3.1 Creating/Deleting a RADIUS Server Group ...................................................... 13-14 13.3.2 Setting the IP Address and Port Number of RADIUS Server ........................... 13-14 13.3.3 Setting the Encryption Key of RADIUS Packet ................................................. 13-15 13.3.4 Setting the Response Timeout Timer of RADIUS Server ................................. 13-16 13.3.5 Setting the Retransmit Times of RADIUS Request Packet .............................. 13-16 13.3.6 Setting the Realtime Accounting Interval .......................................................... 13-16
Table of Contents
13.3.7 Setting the Maximum Failure Count of Realtime Accounting Request ............. 13-17 13.3.8 Setting the Maximum Times for Resending Account-Stop Request................. 13-18 13.3.9 Setting the RADIUS Server Type...................................................................... 13-18 13.3.10 Setting the RADIUS Server State ................................................................... 13-18 13.3.11 Setting the Format of Username Sent to RADIUS Server .............................. 13-19 13.4 Viewing RADIUS Information....................................................................................... 13-19 13.5 AAA and RADIUS Configuration Example .................................................................. 13-20 13.6 Fault Diagnosis and Troubleshooting .......................................................................... 13-20 Chapter 14 802.1x Configuration ............................................................................................... 14-1 14.1 Overview ........................................................................................................................ 14-1 14.1.1 Introduction to 802.1x.......................................................................................... 14-1 14.1.2 802.1x System Architecture ................................................................................ 14-1 14.1.3 802.1x Authentication Process............................................................................ 14-3 14.1.4 Implementing 802.1x on MA5300 ....................................................................... 14-4 14.2 Configuring 802.1x......................................................................................................... 14-4 14.2.1 Enabling/Disabling 802.1x................................................................................... 14-5 14.2.2 Setting the Port Access Control Mode ................................................................ 14-6 14.2.3 Setting the Port Access Control Method ............................................................. 14-6 14.2.4 Setting the Number of Users Per Port ................................................................ 14-7 14.2.5 Enabling/Disabling the DHCP Trigger Authentication......................................... 14-7 14.2.6 Setting the Authenticator-to-Supplicant Frame-Retry Times .............................. 14-7 14.2.7 Configuring the Timer Parameters ...................................................................... 14-7 14.2.8 Viewing 802.1x Information................................................................................. 14-8 14.3 802.1x Configuration Example....................................................................................... 14-8 14.3.1 802.1x Access (Local Authentication)................................................................. 14-9 14.3.2 802.1x Access (Remote Authentication)........................................................... 14-11 Chapter 15 ACL Configuration................................................................................................... 15-1 15.1 Introduction to ACL ........................................................................................................ 15-1 15.1.1 Overview ............................................................................................................. 15-1 15.1.2 Setting the Match Order ...................................................................................... 15-1 15.1.3 ACLs Supported by the MA5300......................................................................... 15-2 15.2 Configuring an ACL ....................................................................................................... 15-3 15.2.1 Setting the Time Range ...................................................................................... 15-3 15.2.2 Defining an ACL .................................................................................................. 15-4 15.2.3 Activating an ACL................................................................................................ 15-9 15.2.4 Viewing ACL Information................................................................................... 15-11 15.3 ACL Configuration Example ........................................................................................ 15-12 Chapter 16 QoS Configuration................................................................................................... 16-1 16.1 Overview ........................................................................................................................ 16-1 16.2 Configuring QoS ............................................................................................................ 16-5 16.2.1 Setting the Traffic Policing .................................................................................. 16-6
Table of Contents
16.2.2 Setting the Port Rate Limit .................................................................................. 16-7 16.2.3 Setting the Packet Redirection............................................................................ 16-7 16.2.4 Setting the Priority Tag........................................................................................ 16-7 16.2.5 Setting the Queue Scheduling ............................................................................ 16-9 16.2.6 Setting the Traffic Mirroring................................................................................. 16-9 16.2.7 Setting Traffic Statistics..................................................................................... 16-10 16.2.8 Viewing QoS Information .................................................................................. 16-11 16.3 QoS Configuration Example ........................................................................................ 16-12 Chapter 17 IP Performance Configuration................................................................................ 17-1 17.1 Configuring the TCP Attributes ...................................................................................... 17-1 17.2 Viewing and Debugging the IP Performance................................................................. 17-2 17.3 IP Performance Troubleshooting ................................................................................... 17-2 Chapter 18 Overview of IP Routing Protocol............................................................................ 18-1 18.1 IP Routing and Routing Table........................................................................................ 18-1 18.1.1 Route and Route Segment.................................................................................. 18-1 18.1.2 Route Selection through the Routing Table ........................................................ 18-2 18.2 Route Management Policy............................................................................................. 18-4 18.2.1 Routing Protocols and Routing Priority ............................................................... 18-4 18.2.2 Load Sharing and Route Backup ........................................................................ 18-5 18.3 Configuring a Static Route............................................................................................. 18-5 18.3.1 Overview ............................................................................................................. 18-5 18.3.2 Setting a Static Route ......................................................................................... 18-6 18.3.3 Viewing a Static Route ........................................................................................ 18-8 18.3.4 Static Route Configuration Example ................................................................... 18-9 18.3.5 Static Route Troubleshooting............................................................................ 18-10 18.4 Configuring OSPF........................................................................................................ 18-10 18.4.1 Overview ........................................................................................................... 18-10 18.4.2 Setting OSPF .................................................................................................... 18-15 18.4.3 Viewing OSPF Information................................................................................ 18-34 18.4.4 OSPF Configuration Example (Setting DR Election by OSPF Preference)...... 18-35 18.4.5 OSPF Configuration Example (Setting OSPF Virtual Links)............................. 18-38 18.4.6 OSPF Troubleshooting...................................................................................... 18-39
Operation Manual - Basic Configuration SmartAX MA5300/5303 Broadband Access System
Chapter 8 MAC Address Management

8.1 Overview
The MA5300 maintains an address table in its ESM board and service board respectively for packet forwarding. The table contains the MA5300 port numbers, and the MAC addresses of other devices connected to the MA5300. For the packet with destination address included in the address table, the MA5300 will use hardware to forward it. For the packet with destination address excluded from the address table, the MA5300 will broadcast the L2 packet. The MA5300 is capable of learning new addresses. If the source address of a received packet is not available in the address table, the MA5300 can add the source address and the port ID of the received packet to the address table as a new item. The administrator can configure the address table as required. The added or modified item can be either a static one or a dynamic one. The MA5300 also features address aging function. The MA5300 will delete the related address items of the equipment which has not sent any packet for a certain period of time. The address table can contain multiple same MAC addresses, as long as they belong to different VLANs. The configuration of address table involves: Adding/Modifying/Deleting Address Items Enabling/Disabling the Address Learning Setting the MAC Address Learning for a Port Setting the System MAC Address Aging Restoring the Default MAC Address of Main Control Boards Viewing the MAC Address Table Table 8-1 lists the commands for MAC address management. Table 8-1 Commands for MAC address management To Add/Modify/Delete the MAC address table Enable/Disable MAC address learning globally Use (no) mac-address-table { static | permenant | blackhole | dynamic } (no) mac-address-table mac-learning_global disable In Global configuration mode Global configuration mode
To Set the limit of MAC address learning for a port Configure system address aging MAC
Use mac-address-table max-mac-count no-limit slot (no) mac-address-table aging-time restore default-switch-mac-addr (no) mac-address-table mac-learning disable
In Global configuration mode Global configuration mode Global configuration mode Port configuration mode Global configuration mode/Port configuration mode All modes except the user EXEC mode
Restore the default MAC address of main control boards Enable/Disable the port MAC address learning
Set the maximum MAC address count for a port
mac-address-table max-mac-count
View the MAC address table
show mac-address-table
8.2 Configuring MAC Address Table

8.2.1 Adding/Modifying/Deleting Address Items
Caution: The MA5300 does not support the parameters blackhole and permanent, the use of which will result in failure in adding addresses.
If necessary, the administrator is entitled to add, modify or delete items contained in the address table. To delete the unicast address items associated with a port, the administrator can run this command: mac-address-table { static | permanent | blackhole | dynamic } To delete the address items of a certain type, such as dynamic address items, static address items, permanent address items and blackhole address items, the administrator can run this command:
no mac-address-table { static | permanent | blackhole | dynamic } If an entered address already exits in the address table, you should modify the corresponding item by setting the port associated with the address as input port, and the property of the address item as input. The address item involves: Dynamic item Static item Permanent item Blackhole item This example shows how to add the static address 0800.4e35.dc71 to port Ethernet 7/2/1.
MA5300(config)#mac-address-table static 0800.4e35.dc71 interface e7/2/1 vlan 1
8.2.2 Enabling/Disabling the Address Learning

The address learning function enables the MA5300 to learn new addresses. When the MA5300 receives a data packet with destination address the same as that it has learned, it no longer broadcasts the packet. For the sake of security, this function is usually disabled. For example, someone may send frames of different source addresses to the MA5300 to exhaust the resources of address table. Disabling this function can effectively avoid this case. The switch for enabling/disabling MAC address learning consists of the global switch and port switch. If the port switch is enabled later than the global switch, the port switch is valid. On the other hand, if the global switch is enabled later than the port switch, the global switch is valid. That means the switch command that runs latest is valid. To disable the address learning function on an MA5300 or a port, you can run the command mac-address-table mac-learning disable. To enable the function, you can run the command no mac-address-table mac-learning disable. By default, the address learning function is enabled.
8.2.3 Setting the MAC Address Learning for a Port

The configuration of MAC address learning for a port involves: Enabling/Disabling the MAC address learning for a port Setting the limit of MAC address learning Setting the maximum MAC address count
I. Enabling/Disabling the MAC address learning for a port

To enable the MAC address learning for Ethernet ports and xDSL service ports, you can run the command no mac-address-table mac-learning disable. To disable the function, you can run the command mac-address-table mac-learning disable.
II. Setting the limit of MAC address learning

For xDSL service ports and the Ethernet ports on the ETH boards, you can set the limit of MAC address learning for them or not. However, the MAC address learning function of the Ethernet ports on the main control board has no limit. To limit the MAC address learning of all ports on a specified board, you can run the command no mac-address-table max-mac-count no-limit. To cancel the limit of MAC address learning of all ports on a specified board, you can run the command mac-address-table max-mac-count no-limit.
III. Setting the maximum MAC address count

After setting the limit of MAC address learning for a port, you can run the command mac-address-table max-mac-count to set the maximum number of addresses that can be learned by the port. To restore the default value, you can run the command no mac-address-table max-mac-count. The default value is 16. This example shows how to set the MAC address count to 16 for port vdsl 4/0/0-vdsl 4/0/6 in global configuration mode.
MA5300(config)#mac-address-table max-mac-count 16 vdsl4/0/0 to vdsl4/0/6
8.2.4 Setting the System MAC Address Aging

To effectively implement the function of address aging, the aging time should be configured properly. As long as a device has not sent any packet during the period specified by the aging time, the associated address item will be deleted. If the aging time is set too short, the address item will be deleted very soon. As a result, the data packet associated with the address item will be broadcasted due to the failure in finding the destination address, thus affecting the running efficiency of the equipment.
On the other hand, if the aging time is set too long, the idle address item will remain in the address table for too long. This will exhaust the resources of the address table, and make the MA5300 unable to update the address table in accordance with the networking change. As a result, a large number of packets will be broadcasted due to the failure in finding the destination addresses. Therefore, proper setting of the aging time is the prerequisite for putting the address aging function into full play. To properly configure address aging time, you can run this command: mac-address-table { aging-time age | table-full } To restore the default value of the address aging time, you can run the command no mac-address-table aging-time. The default value of address aging time is 300s.
8.2.5 Restoring the Default MAC Address of Main Control Boards

To restore the default MAC address of main control boards, you can run the command restore default-switch-mac-addr. The default MAC address is 00e0.fc00.0000.
8.3 Viewing the MAC Address Table

To view the address table for fault diagnosis, you can run the command show mac-address-table. 1) View the enabling/disabling status of the address learning function.
MA5300(config)#show mac-address-table mac-learning mac-address learning status of the switch: enable PortName Vdsl4/0/0 Vdsl4/0/1 Learning Status disable enable
2)
View the setting of the aging time.

MA5300(config)#show mac-address-table aging-time mac-address-table aging-time: 300s
3)
View the MAC address table.
You can view an MAC address table in light of the VLAN, port, and static/dynamic MAC address. View the MAC address by VLAN.
MA5300(config)#show mac-address-table vlan 1 MAC ADDR TIME 0020.ed2b.8c27 1 Learned Ethernet7/2/0 N/A VLAN ID STATE PORT INDEX AGING

0800.4e35.dc71 --1

Config static --Ethernet7/2/1 NOAGED
2 mac address(es) found
View the static MAC address.

MA5300(config)#show mac-address-table static This may take several minutes, please wait... MAC ADDR TIME 0800.4e35.dc71 --1 Config static --Ethernet7/2/1 NOAGED VLAN ID STATE PORT INDEX AGING
1 mac address(es) found
Chapter 9 DHCP Relay Configuration

9.1 Overview
Dynamic Host Configuration Protocol (DHCP) is a protocol used to ease the shortage of IP addresses. DHCP works in client-server mode. The DHCP client can dynamically request configuration information and the DHCP server can configure the information for the client conveniently. In the early days, DHCP was only adoptable in the case when the DHCP client and server are located on the same subnet and they could not work across subnets. If the early DHCP is used to dynamically configure the host, each subnet should be equipped with a DHCP server. That is obviously uneconomical. The introduction of DHCP Relay solves this difficulty. The DHCP Relay serves as a relay between the DHCP client and the server located on different subnets. The DHCP packets can be relayed to the destination DHCP server (or client) across subnets. In this way, the DHCP clients on different networks can use the same DHCP server. This is economical and convenient for centralized management. Figure 9-1 shows the principle of DHCP Relay.
Ethernet Ethernet
DHCP client Intranet DHCP client MA5300 DHCP client
DHCP client
DHCP server
Figure 9-1 DHCP Relay schematic diagram When the DHCP client starts up and performs DHCP initialization, it will broadcast the request packet on the local subnet. If there is a DHCP server on the local subnet (such as the Ethernet on the right side of the figure), the DHCP configuration is carried out directly without DHCP Relay. If there is no DHCP server on the local subnet (such as the Ethernet on the left side of the figure), the DHCP Relay network device (such as the MA5300 in the figure)
connected to the local subnet will process the received broadcast packets and forward them to a DHCP server on some other subnets. The DHCP server will then make associated configuration based on the information provided by the client and transmit the configuration information to the clients through the DHCP Relay. That completes the dynamic configuration for the clients.
9.2 Configuring a DHCP Server

The configuration of DHCP server involves: Setting a DHCP Server Setting the DHCP Relay Standard Mode (VLAN Interface) Setting DHCP Option60 Setting the MAC Address Segment Table 9-1 lists the commands for configuring a DHCP server. Table 9-1 Commands for configuring a DHCP server To Set the IP address of the DHCP server Set the DHCP selection mode Server Use (no) dhcp-server ip In Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode VLAN interface configuration mode
dhcp-server select-mode
Add/Delete a client address table entry to/from the DHCP server group Create/Delete domain a DHCP
(no) dhcp-client
(no) dhcp domain
Create/Delete an address segment
MAC
dhcp mac-range
View the information on a DHCP domain View the information on an MAC address segment Bind/Unbind a VLAN interface with/from a DHCP server group
show dhcp domain
show mac-range
(no) dhcp-server
To Enable/Disable the DHCP security features on a VLAN Set the corresponding gateway IP address of a DHCP domain Set the corresponding gateway IP address of an MAC address Bind/unbind a DHCP server group with/from a DHCP domain Set the range of an MAC address segment
Use enable/disable address-check dhcp domain domain-name gateway
In VLAN interface configuration mode VLAN interface configuration mode VLAN interface configuration mode DHCP domain configuration mode MAC address segment configuration mode MAC address segment configuration mode All modes except the user EXEC mode All modes except the user EXEC mode
dhcp mac-range
(no) dhcp-server
start end
Bind/Unbind the DHCP server group with/from an MAC address segment View the DHCP selection mode Server
(no) dhcp-server
show dhcp configuration
View the information on a DHCP server group View the information on the information of DHCP Server group bound with a VLAN interface View the information on a client address table entry of a DHCP server group
show dhcp-server
show dhcp-server interface vlan-interface
All modes except the user EXEC mode
show dhcp-client
9.2.1 Setting a DHCP Server

I. Setting the DHCP servers IP address
To improve the reliability, you can specify a primary DHCP server and a secondary one in one subnet. The two DHCP servers form a DHCP server group. The maximum number of DHCP server groups that can be configured is 20 (019).
Note that the secondary servers IP address cannot be configured independently. Instead, it must be configured together with the primary servers IP address. By default, the IP address of the DHCP server is not configured. To specify the IP address of the primary/secondary DHCP server, you can run this command: dhcp-server groupNo ip ipaddress1 [ ipaddress2 ] To delete the IP address, you can run the command no dhcp-server groupNo. This example shows how to set the IP addresses of primary and secondary DHCP servers in DHCP Server group 1 as 1.1.1.1 and 2.2.2.2 respectively.
MA5300(config)# dhcp-server 1 ip 1.1.1.1 2.2.2.2
II. Setting the DHCP Server selection mode

The MA5300 provides three modes for selecting a DHCP server: standard DHCP Relay mode, DHCP Option60 mode and MAC address segment configuration mode. To configure the DHCP Server selection mode, you can run this command: dhcp-server select-mode { standard | option-60 | mac-section } Parameter description: Parameter standard Description Means to select the DHCP server according to the interface receiving DHCP. It is the default mode. Means to select the DHCP server according to the Option60 field included in a DHCP packet. Means to select the DHCP server according to the source MAC address included in a DHCP packet.
option-60
mac-section
This example shows how to set Option60 as the DHCP Server selection mode.
MA5300(config)# dhcp-server select-mode option-60
After the setting, you can run the command show dhcp configuration to view the DHCP Server selection mode.
III. Viewing the DHCP server information

1) View the DHCP server group information.
To view the information on a DHCP server group, you can run the command show dhcp-server. 2) View the DHCP Server selection mode.
To view the DHCP server selection mode, you can run the command show dhcp configuration.
MA5300(config)#show dhcp configuration DHCP relay mode: layer-3 DHCP server select mode: Option-60
9.2.2 Setting the DHCP Relay Standard Mode (VLAN Interface)

I. Binding/Unbinding a VLAN interface with/from a DHCP server group
To bind a VLAN interface with a DHCP server group, you can run the command dhcp-server groupNo. By default, a VLAN interface is not bound with any DHCP server. To unbind a VLAN interface from a DHCP server group, you can run the command no dhcp-server. This example shows how to bind VLAN interface 1 with DHCP server group 1.
MA5300(config-VLAN-Interface1)# dhcp-server 1
II. Setting an address table entry

To pass the address check on users who have valid and fixed IP addresses in the VLAN (with DHCP enabled), it is necessary to add an entry in the static address table. The entry shows the binding between the IP address and the MAC address. If an illegal user has the same static IP address with the fixed address of a legal user, the MA5300 supporting DHCP Relay is able to recognize the illegal user and deny the illegal users IP-to-MAC address binding request. To add an address entry, you can run this command: dhcp-client ip_address mac_address { dynamic | static } To delete an address entry, you can run the command no dhcp-client. This example shows how to set an address entry with the IP address of 1.1.1.1 and MAC address of 0005.5D02.F2B3.
MA5300(config)# dhcp-client 1.1.1.1 0005.5D02.F2B3 dynamic
III. Enabling DHCP security features

Enabling DHCP security features will start address check on a VLAN interface; whereas disabling DHCP security features will cancel the address check. To enable/disable DHCP security features, you can run this command: {enable| disable} address-check This example shows how to enable DHCP security features on VLAN interface 2.
MA5300(config-VLAN-Interface2)# enable address-check
IV. Viewing the DHCP Relay information

To view the DHCP server group information on a VLAN interface, you can run this command: show dhcp-server interface vlan-interface To view the client address table entries, you can run the command show dhcp-client. This example shows how to view the DHCP server group information on VLAN interface 2.
MA5300# show dhcp-server interface vlan-interface 2 The DHCP server group of this interface is 0
This example shows how to view the client address table entries.
MA5300#show dhcp-client IP Address 2.2.2.2 3.3.3.3 MAC Address 0005.5d02.f2b2 0005.5d02.f2b3 Type Static Dynamic
9.2.3 Setting DHCP Option60

I. Creating/Deleting a DHCP Option60 domain
You can run the command dhcp domain to create a DHCP domain, and enter the DHCP domain mode. If the domain exists, the command will enable you to enter the DHCP configuration mode directly. The system supports up to 128 DHCP domains. To delete a DHCP domain, you can run the command no dhcp domain. This example shows how to create DHCP domain "123, and enter the domains configuration mode.
MA5300(config)# dhcp domain 123 MA5300(dhcp-domain-123)#
II. Binding/unbinding a DHCP server group with/from a DHCP domain

A DHCP domain can only be configured with one DHCP server group. To bind/unbind a DHCP server group with/from a DHCP domain, you can run the command (no) dhcp-server group-number. This example shows how to bind DHCP domain 123 with DHCP server group 3.
MA5300(dhcp-domain-123)# dhcp-server 3
III. Setting the gateway IP address of a DHCP domain

For a VLAN interface, a DHCP domain can only have one gateway address. To configure the gateway IP address of a DHCP domain, you can run this command: dhcp domain domain-name gateway ip-address Set the gateway of DHCP domain 123 as 202.12.56.79.
MA5300(config-vlan-interface20)# dhcp domain 123 gateway 202.12.56.79
IV. Viewing the information on a DHCP domain

To view the information on existing DHCP domains in the system, you can run the command show dhcp domain. If no DHCP domain name is specified, the command will display information on all DHCP domains. Otherwise, the command will only display information on the specified DHCP domain.
MA5300(config)# show dhcp domain Index Name DHCP-server-group gateway
------------------------------------------------------------------1 2 guwang huawei 0 1 10.11.111.1 20.0.0.1
9.2.4 Setting the MAC Address Segment

I. Creating/Deleting an MAC address segment
In MAC address segment configuration mode, the system correlates the source MAC address of a user to the associated MAC address segment, and then forward DHCP packets according to the DHCP server bound with the MAC address segment. The system supports up to 128 MAC address segments. You can run the command dhcp mac-range to create an MAC address segment and enter the MAC address segment configuration mode. If the MAC address segment exists already, the command will enable you to enter the MAC address segment configuration mode directly.
To delete an MAC address segment, you can run the command no dhcp mac-range. This example shows how to create an MAC address segment, and name it as abc.
MA5300(config)# dhcp mac-range abc MA5300(mac-range-abc)#
II. Setting the range of an MAC address segment

An MAC address segment is a consecutive MAC address array specified by a start MAC address and an end MAC address. To configure the range of an MAC address segment, you can run this command: start mac-address-start end mac-address-end This example shows how to configure the range for MAC address segment abc.
MA5300(mac-range-abc)# start 00:12:f5:67:01:ab end 00:12:f5:67:01:ff
III. Binding/Unbinding the DHCP server group with/from an MAC address segment
When the MAC address segment configuration mode is adopted for selecting DHCP server, DHCP packets destined to an MAC address segment will be forwarded to the DHCP server bound with the MAC address segment. An MAC address segment can only be bound with one DHCP server group. To bind a DHCP server group with an MAC address segment, you can run the command (no) dhcp-server group-number. This example shows how to bind MAC address segment abc with server group 3.
MA5300(mac-range-abc)# dhcp-server 3
IV. Setting the gateway IP address of an MAC address segment

For a VLAN interface, an MAC address segment can only have one gateway IP address. To configure the gateway IP address of an MAC address segment, you can run this command: dhcp mac-range range-name gateway ip-address This example shows how to set the gateway of MAC address segment 123 as 202.13.76.90.
MA5300(config-vlan-interface20)# dhcp mac-range 123 gateway 202.13.76.90
V. Viewing the information on existing MAC address segments

To view the information on existing MAC address segments in the system, you can run the command show dhcp mac-range. If the parameter range-name is not specified, the command will display information on all existing MAC address segments. If it is specified, the command will display the information on the specified MAC address segment.
MA5300(config)# show Index Name dhcp mac-range Mac-end DHCP-server-group gateway
Mac-start
------------------------------------------------------------------1 2 guwang 0-01-02-03-04-06 huawei 0-01-02-03-04-06 0-01-02-03-04-ef 0-01-02-03-04-ab 0 1 10.11.111.1 20.0.0.1
9.3 Enabling the Switching Between DHCP L2/L3 Relay

Table 9-2 lists the commands for enabling the switching between DHCP L2/L3 Relay. Table 9-2 Commands for enabling the switching between DHCP L2/L3 Relay To Select a DHCP relay mode Use dhcp relay-mode { layer-2 | layer-3 } (no) dhcp allowed uplink-port In Global configuration mode Global configuration mode All modes except the user EXEC mode
Configure the uplink port for the DHCP L2 Relay View the configuration of DHCP L2/L3
show dhcp configuration
I. Selecting the DHCP Relay mode

The MA5300s DHCP Relay supports both L2 and L3 forwarding. When working in DHCP L2 mode, the MA5300 adds/extracts port information to/from DHCP packets through its DHCP Relay module, and forwards the DHCP packets. When working in DHCP L3 mode, the MA5300 adds/extracts port information to/from DHCP packets through its DHCP Relay module, and forwards DHCP packets to the DHCP Server. To select a DHCP relay mode, you can run this command: dhcp relay-mode { layer-2 | layer-3 }
This example shows how to set the DHCP Relay mode as L3.
MA5300(config)# dhcp relay-mode layer-3
II. Setting the uplink port for the DHCP L2 Relay

In DHCP L2 mode, the uplink ports can be the FE and GE ports on the main control board only. To configure the uplink port of DHCP L2 Relay, you can run this command in global configuration mode: dhcp uplink-port allowed interface-list To cancel the configuration, you can run the command no dhcp uplink-port allowed. This example shows how to set port Ethernet 7/1/0 as the uplink port of DHCP L2 Relay.
MA5300(config)# dhcp uplink-port allowed ethernet7/1/0
III. Viewing the DHCP L2/L3 configuration

To view the configuration of the DHCP L2/L3 relay, you can run the command show dhcp configuration.
MA5300(config)#show dhcp configuration DHCP relay mode: layer-2 The uplink-port allowed: Ethernet7/1/0 Ethernet7/1/3 Ethernet7/1/1 GigabitEthernet7/1/4 Ethernet7/1/2 GigabitEthernet7/1/5
9.4 Configuring the DHCP Relay Agent Information Option

The DHCP function that is widely applied at present, especially the independent DHCP server, does not have authentication and security mechanism. As a result, compared with the PPP function, the DHCP function is more likely subject to problems such as: Excessive DHCP broadcast packets DHCP IP exhaustion attack IP address spoofing MAC address spoofing Subscriber ID spoofing Whats more, the conventional DHCP function is unable to provide centralized DHCP client management. To address these problems, the MA5300 supports DHCP relay agent information option, namely DHCP Option82. The configuration of DHCP Option82 involves:
Enabling/Disabling DHCP Option82 Setting Whether a DHCP packet Includes a Sub-option Setting the Maximum Length of DHCP Packets Viewing the Information on DHCP Option82 Configuration Table 9-3 lists the commands for configuring DHCP Option82. Table 9-3 Commands for configuring DHCP Option82 To Use In Global configuration mode/Port configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode
Enable/Disable DHCP Option82
dhcp option82
Select mode
the DHCP
Relay
dhcp relay-mode { layer-2 | layer-3 }
Configure the uplink port of DHCP L2 Relay Specify whether the sub-option is included in DHCP packets Set the maximum length of DHCP packets View the information on DHCP Option82 View the DHCP Option82 statistics Clear the DHCP Option82 statistics
(no) dhcp uplink-port allowed
dhcp option82 sub-option
dhcp option82 max-length
show dhcp option82 configuration
show dhcp option82 statistics
clear dhcp option82 statistics
9.4.1 Enabling/Disabling DHCP Option82

You can enable or disable the DHCP Option82 function of the system globally or on the basis of port (or on the basis of PVC in the case of ADSL port). To enable the DHCP Option82 function of a port and the associated PVC, you need to enable the function globally and then enable the function for the port or its associated PVC. By default, the DHCP Option82 function is disabled globally and for every port/PVC.
To enable or disable the DHCP Option82 function, you can run a command in global configuration mode without entering any parameter. To enable or disable the DHCP Option82 function for a specific port or the associated PVC, you can run a command in either global configuration mode or Ethernet/VDSL/ADSL/SHDSL port configuration mode. Ports of ESM boards do not support the DHCP Option82 function. When setting the DHCP Option82 function for an ADSL port, note the follows: PVC parameters shall be input. The specified PVC is available. Selecting the parameter all will enable/disable the DHCP Option82 function for all PVCs of the ADSL port. Deleting a PVC will delete the DHCP Option82 configuration of the PVC. To enable the systems DHCP Option82 function, you can run the command dhcp option82 in global configuration mode. To disable the systems DHCP Option82, you can run the command no dhcp option82.
I. Enabling DHCP Option82 globally

MA5300(config)#dhcp option82
II. Enabling DHCP Option82 for a port/PVC

This example shows how to enable DHCP Option82 for the PVC associated with port adsl 1/0/0 in global configuration mode.
MA5300(config)# dhcp option82 adsl1/0/0 pvc vpi 8 vci 35
In ADSL port configuration mode, enable DHCP Option82 for PVC.

MA5300(config-if-Adsl1/0/0)# dhcp option82 pvc vpi 8 vci 35
9.4.2 Setting Whether a DHCP packet Includes a Sub-option

According to RFC3046, the DHCP Option82 contains two sub-options, namely Circuit ID Sub-option (CID) and Remote ID Sub-option (RID). DHCP server can verify the DHCP packets added with CID and RID information. Only those with legal CID and RID information can pass the DHCP servers verification. That can strengthen the DHCP security, provided that the DHCP server supports Option82. Parameter description: CID: Local identifier of the agent circuit. The field might contain: Router port No. Switched Hub Port No. Remote access server port No.
Frame relay DLCI ATM virtual Circuit No. Virtual circuit No. of cable data RID: Terminal circuit identifier, which is unique in the global. If the two options are excluded from DHCP packets, it means the DHCP Option82 function is disabled. By default, the two sub-options are included in DHCP packets. To include/exclude Circuit ID or Remote ID into DHCP packets, you can run the following command: dhcp option82 sub-option { circuit-id | remote-id } { enable | disable } This example shows how to set the Circuit ID sub-option included in DHCP packets, and set the Remote ID sub-option excluded from DHCP packets.
MA5300(config)# dhcp option82 sub-option MA5300(config)# dhcp option82 sub-option circuit-id remote-id enable disable
9.4.3 Setting the Maximum Length of DHCP Packets

According to RFC3046, you can configure a maximum length for DHCP packets added with DHCP Relay agent option message. If such a maximum length is not configured, the system will use the length of Maximum Transmission Unit (MTU) as the maximum length of DHCP packets. To set the maximum length of DHCP packets added with DHCP Relay agent option message, you can run the command dhcp option82 max-length value. To restore the maximum length to the default value (1500), you can run the command no dhcp option82 max-length. This example shows how to specify 1300 bytes as the maximum length for DHCP packets added with DHCP relay agent option message.
MA5300(config)# dhcp option82 max-length 1300
9.4.4 Viewing the Information on DHCP Option82 Configuration

I. Viewing the information on DHCP Option82 configuration
To view the configuration of DHCP Option82, you can run the command show dhcp option82 configuration. The following are the displayed results and their meaning upon running the command: With no parameter specified, the command displays the configuration of all ports and PVCs.
With the port specified but no PVC parameter input, the command displays the global configuration and configuration of the specified port (or the configuration of all PVCs under the port if it is an ADSL port). With both port and PVC parameters specified, the command displays the global configuration and configuration of the specified port (or the configuration of the specified PVC if it is an ADSL port).
II. Viewing and clearing the DHCP Option82 statistics

To view the DHCP option82 statistics, you can run the command show dhcp statistics. To clear the DHCP option82 statistics, you can run the command clear dhcp statistics.
9.5 Configuration Example

I. Networking requirement
Before using the DHCP Relay function, you need to configure a VLAN interface and the associated DHCP Server.
II. Networking description
1.99.255.36
VLAN 2 VLAN 4000 IP network VLAN 3001 MA5300 VLAN 3
DHCP Server Group 1

1.99.255.35
1.88.255.36
DHCP Server Group 2

1.88.255.35
Figure 9-2 The networking of a DHCP Relay application
III. Configuration procedure

Configure the IP address of DHCP server group 1.
Bind VLAN interface 2 with DHCP server group 1.
Configure the IP address of DHCP Server group 2.

Bind VLAN interface 3 with DHCP server 2.

Configure VLAN2s interface and gateway address.

MA5300(config)# vlan 2 MA5300(config-vlan2)# switchport vdsl2/0/2 MA5300(config)# interface vlan 2 MA5300(config-VLAN-Interface2)# ip address 1.1.2.1 255.255.0.0
Configure VLAN3s interface and gateway address.

MA5300(config)# vlan 3 MA5300(config-vlan3)# switchport vdsl2/0/3 MA5300(config)# interface vlan 3 MA5300(config-VLAN-Interface3)# ip address 1.2.2.1 255.255.0.0
Configure the VLAN for the DHCP Server. The DHCP Server needs to be added to a VLAN. In this example, the DHCP Server and client are added to different VLANs: DHCP Server group 1 to VLAN 4000, DHCP Server group 2 to VLAN 3001
MA5300(config)# vlan 4000 MA5300(config-vlan4000)# switchport ethernet 7/1/0 MA5300(config)# interface vlan 4000 MA5300(config-VLAN-Interface4000)# ip address 1.99.255.1 255.255.0.0 MA5300(config)# vlan 3001 MA5300(config-vlan3001)# switchport ethernet 7/1/1 MA5300(config)# interface vlan 3001 MA5300(config-VLAN-Interface3001)# ip address 1.88.255.1 255.255.0.0.
This example shows how to view the configuration of a DHCP Server group in privileged mode.
MA5300# show dhcp-server 1
This example shows how to view the number of the DHCP Server group corresponding to the VLAN interface in privileged mode.
MA5300# show dhcp-server interface vlan-interface 2 MA5300# show dhcp-server interface vlan-interface 3
9.6 DHCP Relay Troubleshooting

I. Fault
The user cannot apply for an IP address dynamically.
II. Troubleshooting
Perform the following procedure: 1) 2) Run the command show dhcp-server groupNo to check if the IP address of the corresponding DHCP server has been configured. Run the command show dhcp configuration to view the DHCP Server selection mode. If it is Option60 or MAC-Range mode, view whether the gateway is configured for the VLAN of the associated domain. 3) 4) 5) Run the commands show vlan and show ip to check if the VLAN and the corresponding interface IP address have been configured. Ping the configured DHCP server to ensure that the link is connected. Ping the IP address of the MA5300s VLAN interface which DHCP user belongs to. This is to make sure that the DHCP server can correctly find the route of the subnet the user is on. If the ping fails, check if the default gateway of the DHCP server has been configured as the address of the VLAN interface that it belongs to. If no problem is found in the above checks, you can run the command show dhcp-server groupNo to view what packets have been received. If there are only Discover packets and no Response packet, it means the DHCP server has not sent the message to the MA5300. In this case, you shall check if the DHCP server has been configured properly. If the numbers of request and response packets are normal in the above check, you can enable the debug dhcp-relay in privileged mode, and then run the command terminal debug to output the debugging information to the console. In this way, you can view the details about all DHCP packets on the console during applying for the IP address, which is helpful for locating the problem.
Chapter 10 ARP Configuration

10.1 Overview
Address Resolution Protocol (ARP) is used to translate the IP address into the MAC address.
I. Necessity of ARP address translation

The IP address cannot be used for direct communication as network equipment can only identify the MAC address. The IP address represents the address of a host in the network layer. The hosts physical address should be made available if data in the network layer are to be transmitted to that destination host. This is why the IP address should be translated into the MAC address.
II. Implementation of ARP address translation

Before two hosts in the Ethernet can communicate with each other, they should be able to know each others MAC address. Every host should have an ARP mapping list for translating IP address into MAC address. The ARP address table contains a series of IP addresses and the associated MAC addresses. When the host is activated, the ARP mapping list is empty. If an ARP mapping item remains idle for a long period, the host will delete it so as to save memory and the time needed for searching ARP mapping list. Two PCs are located in the same subnet Assume two PCs are available in an Ethernet: host A and host B. The IP address for host A and host B is respectively IP_A and IP_B. The process for host A to send packet to host B is as follows: Host A first checks its ARP mapping list to determine whether it contains the ARP mapping item of IP_B. If host A can find the associated MAC address, it will encapsulate the IP data packets according to that MAC address and send them to host B. On the other hand, if host A fails to find such address, it will put the data packet in the ARP waiting queue, then initiate an ARP request, and broadcast it in the Ethernet. The ARP request contains the IP address of host B, and the IP address and the MAC address of host A. As the ARP request is broadcasted, all hosts in Ethernet can receive that request. However, only the host that is requested (namely host B) will respond to that request.
1) 2) 3)
First, host B stores the IP address and MAC address of the request initiator (namely host A) contained in the request to its own ARP mapping list. Next, host B returns host A the ARP response containing the MAC address of host B. Such response will be sent directly to host A rather than broadcasted. After receiving the response, host A extracts the IP address and the MAC address of host B, and adds them to its own ARP mapping list. Then it will transmit all data packets in the waiting queue destined for host B. Two PCs are located in different subnets (Proxy ARP)
ARP Proxy refers to the process where the ARP request sent from a host in a network to a host in another network is answered by the router of the two networks. For the host initiating the request, the router which deals with the request is the destination host. The router serves as the Proxy of the destination host by forwarding the packets to it. The involved ARP address translation is the same as last step. In general, ARP is implemented dynamically. The translation of IP address into MAC address can proceed without intervention from the Administrator. The following only introduces the configuration of static ARP.
10.2 Configuring the Static ARP

ARP mapping list can be maintained either dynamically or manually. The manually configured mapping between IP address and MAC address is usually known as static ARP. The static ARP item remains effective when the MA5300 runs normally, while a dynamic ARP item is only effective for 20 minutes. The configuration of static ARP involves: Adding/Deleting a static ARP mapping item manually Viewing ARP information Table 10-1 lists the commands for setting static ARP. Table 10-1 Commands for setting static ARP To Add/delete a static ARP mapping item View ARP information (no) arp show arp Use Global mode In configuration
I. Adding/Deleting a static ARP mapping item manually

Administrators are allowed to maintain an ARP mapping list manually. They can use the command arp to add/delete static ARP mapping items.
This example shows how to add a static ARP item to establish the mapping between the IP address of 129.102.0.1 and the MAC address of 00e0.fc01.0000, and pass port Ethernet 7/1/1 of VLAN 1.
MA5300(config)#arp 129.102.0.1 00e0.fc01.0000 1 ethernet7/1/1
II. Viewing ARP information

You can run the command show arp to view the ARP mapping list to learn about the running of ARP and diagnose existing problems. 1) View all ARP items.
MA5300(config)#show arp IP Address 10.71.53.11 10.71.53.108 MAC Address 0800.4e35.dc71 0020.ed2b.8c27 VLAN ID 1 1 Port Name Ethernet7/2/1 Ethernet7/2/0 Type Static Dynamic
2)
View static ARP items.

MA5300(config)#show arp static IP Address 10.71.53.11 MAC Address 0800.4e35.dc71 VLAN ID 1 Port Name Ethernet7/2/1 Type Static
3)
View dynamic ARP items.

MA5300(config)#show arp dynamic IP Address 10.71.53.108 MAC Address 0020.ed2b.8c27 VLAN ID 1 Port Name Ethernet7/2/0 Type Dynamic
4)
View ARP item information according to IP address.

MA5300(config)#show arp 10.71.53.108 IP Address 10.71.53.108 MAC Address 0020.ed2b.8c27 VLAN ID 1 Port Name Ethernet7/2/0 Type Dynamic
Chapter 11 STP Configuration

11.1 Overview
11.1.1 Introduction to STP
Spanning Tree Protocol (STP) is applied in loop network to block some undesired redundant paths through certain algorithms and prune the network into a loop-free tree. This helps to avoid the proliferation and infinite cycling of packets in the loop network. The basic theory of STP is that the switches exchange a kind of special protocol packet to decide the network topology. The special protocol packet is configuration Bridge Protocol Data Units, or BPDU in IEEE 802.1D. The configuration BPDU contains sufficient information to ensure the switches to compute the spanning tree. The configuration BPDU mainly contains such information as: Root ID. It consists of root priority and MAC address. Cost of the shortest path to the root. ID of the designated device. It consists of device priority and MAC address. ID of the designated port. It consists of port priority and port number. Age of the configuration BPDU: MessageAge. Maximum age of the configuration BPDU: MaxAge. Configuration BPDU interval: HelloTime. Forward delay of the port: ForwardDelay. Description of the designated port and device: For a single device, the designated device is the device that directly connects to and forwards packets to the local device through a port called the designated port. For a LAN, the designated device is the device in charge of forwarding packets to the network segment through a port called the designated port.
11.1.2 Specific Calculation Process of STP Algorithm

The following describes the calculation process of STP. Figure 11-1 shows the network topology.
MA5300 A vdsl 3/0/1 vdsl 3/0/7 MA5300 B vdsl 3/0/4 4 vdsl 3/0/1 vdsl 3/0/5 5 10 vdsl 3/0/2
MA5300 C
Figure 11-1 MA5300 network topology To simplify the descriptions, this example only describes the first four items of the configuration BPDU: Root ID (expressed with device priority) Path cost to the root Designated switch ID (expressed with device priority) Designated port ID (expressed with port number) As shown in Figure 11-1, the priority levels of MA5300 A, B and C are 0, 1 and 2 respectively, and the path costs of their links are 5, 10 and 4 respectively.
I. Initial state
When initialized, every port of a device will generate the configuration BPDU, in which the device itself serves as the root; root path cost is 0; the ID of the device is the ID of the designated device; and the local port is the designated port. See Table 11-1. Table 11-1 The configuration BPDU of each port Equipment Configuration item Configuration BPDU of vdsl 3/0/1 MA5300 A Configuration BPDU of vdsl 3/0/2 Configuration BPDU of vdsl 3/0/7 MA5300 B Configuration BPDU of vdsl 3/0/4 Configuration BPDU of vdsl 3/0/1 MA5300 C Configuration BPDU of vdsl 3/0/5 {2, 0, 2, vdsl 3/0/5} {1, 0, 1, vdsl 3/0/4} {2, 0, 2, vdsl 3/0/1} {0, 0, 0, vdsl 3/0/2} {1, 0, 1, vdsl 3/0/7} Data {0, 0, 0, vdsl 3/0/1}
II. Selecting the optimum configuration BPDU

Every switch transmits its configuration BPDU to others. When a port receives a configuration BPDU with a priority lower than that of its own, it will discard the message while keep the local BPDU unchanged. When a port receives a configuration BPDU with a priority higher that that of its own, it will update the local configuration BPDU with the received one. That means it will replace the contents of the local ports configuration BPDU with those of the received one. Next, it will select the optimum configuration BPDU by comparing the configuration BPDUs of all other ports. The comparison rules are: The configuration BPDU with a smaller root ID has a higher priority. If the root IDs are the same, perform the comparison based on root path cost. The root path cost recorded in the configuration BPDU plus the corresponding path cost of the local port is expressed with S. The configuration BPDU with a smaller S has a higher priority. If the root path costs are still the same, compare in sequence the ID of designated switch, the ID of designated port and the ID of the port which receives the configuration BPDU. For the convenience of description, assume in the example that the optimum BPDU can be selected through root ID comparison.
III. Specifying the root port, block the redundant links and update the configuration BPDU of the designated port
1) 2) If a port receives the optimum configuration BPDU, the port will be the root port. Its configuration BPDU will remain the same. Other ports with configuration BPDU updated in step 2 will be blocked and not allowed to forward any data. In addition, these ports will only receive configuration BPDU, and their configuration BPDU will remain the same. 3) The port whose configuration BPDU is not updated in step 2 will be the designated port. Its configuration BPDU will be modified as follows: Replace the root ID with the root ID in the configuration BPDU of the root port. Replace the root path cost with the root path cost in the configuration BPDU of the root port plus the path cost corresponding to the root port. Replace the designated device ID with the local device ID. Replace the designated port ID with the local port ID. The comparison process of each switch is as follows: MA5300 A:
Port vdsl 3/0/1 receives the configuration BPDU from MA5300 B and finds out that the local configuration BPDU priority is higher than that of the received one, so it discards the received configuration BPDU. That is similar for port vdsl 3/0/2. Then MA5300 A finds itself to be both the root and the designated device in the configuration BPDU of every port; so MA5300 A regards itself as the root, and retains the configuration BPDU of each port. After that it will transmit configuration BPDU to others regularly. By now, the configuration BPDUs of the two ports are as follows: Configuration BPDU of port vdsl 3/0/1: {0, 0, 0, vdsl 3/0/1}. Configuration BPDU of port vdsl 3/0/2: {0, 0, 0, vdsl 3/0/2}. MA5300 B: Port vdsl 3/0/7 receives the configuration BPDU from MA5300 A and finds that the received BPDU has a higher priority than that of the local one, so it updates its configuration BPDU. Port vdsl 3/0/4 receives the configuration BPDU from MA5300 C and finds that priority of the local BPDU is higher than that of the received one, so it discards the received BPDU. At this moment, the configuration BPDUs of each port are as follows: Configuration BPDU of vdsl 3/0/7: {0, 0, 0, vdsl 3/0/1} Configuration BPDU of vdsl 3/0/4: {1, 0, 1, vdsl 3/0/4} MA5300 B compares the configuration BPDUs of the ports and selects port vdsl 3/0/7 BPDU as the optimum one. Therefore, vdsl 3/0/7 is elected as the root port, and the configuration BPDUs of MA5300 B ports are updated as follows. The configuration BPDU of the root port vdsl 3/0/7 retains as {0, 0, 0, vdsl 3/0/1}. Port vdsl 3/0/4 updates root ID with that in the optimum configuration BPDU, the path cost to root with 5, sets the designated device as the local device ID and the designated port ID as the local port ID. Thus the configuration BPDU becomes {0, 5, 1, vdsl 3/0/4}. After that, all the designated ports of MA5300 B transmit the configuration BPDUs regularly. MA5300 C: Port vdsl 3/0/1 receives from port vdsl 3/0/4 of MA5300 B the configuration BPDU {1, 0, 1, vdsl 3/0/4} that has not been updated. This triggers the update. As a result, the configuration BPDU is updated to {1, 0, 1, vdsl 3/0/4}.
Port vdsl 3/0/5 receives the configuration BPDU {0, 0, 0, vdsl 3/0/2} from MA5300 A. This triggers the update. As a result the configuration BPDU is updated to {0, 0, 0, vdsl 3/0/2}. After the above comparison process, configuration BPDU of port vdsl 3/0/5 is elected as the optimum one, and port vdsl 3/0/5 is thus designated as the root port. Its configuration BPDU will remain unchanged then. However, vdsl 3/0/1 will be blocked, but its BPDU also remains same. It will not receive the data (excluding the STP packet) forwarded from MA5300 B before spanning tree calculation is triggered again by some new events. For example, the link from MA5300 B to MA5300C is down, or the port receives a better configuration BPDU. Then port vdsl 3/0/1 will receive the updated configuration BPDU, {0, 5, 1, vdsl 3/0/4}, from MA5300 B. Since this configuration BPDU is better then the old one, the old BPDU will be updated to {0, 5, 1, vdsl 3/0/4}. Meanwhile, port vdsl 3/0/5 receives the configuration BPDU from MA5300 A, but its configuration BPDU will not be updated and remain {0, 0, 0, vdsl 3/0/2}. By comparison: The configuration BPDU of vdsl 3/0/1 is elected as the optimum one, and port vdsl 3/0/1 is elected as the root port, whose BPDU will not change. While port vdsl 3/0/5 will be blocked and retain its BPDU, but it will not receive the data forwarded from MA5300 A until spanning tree calculation is triggered again by some changes. For example, the link from MA5300 B to MA5300 C is down. By now, the spanning tree becomes stable. Figure 11-2 shows the tree in which MA5300 A is the root.
MA5300 A vdsl 3/0/1 vdsl 3/0/7 MA5300 B vdsl 3/0/4 4 vdsl 3/0/1 vdsl 3/0/5 5 vdsl 3/0/2
MA5300 C
Figure 11-2 Stable spanning tree Many things are simplified in this example for the ease of description. For example, the root ID and the designated device ID in actual calculation should comprise both device priority and device MAC address. Designated port ID should comprise port priority and
port MAC address. In the update process of a configuration BPDU, other configuration BPDUs besides the first four items will make modifications in light of certain rules. However, the process of calculations is basically the same as this.
11.1.3 Setting the BPDU Forwarding Mechanism in STP

Upon the initialization of the network, all the devices regard themselves as the roots. The designated ports send the configuration BPDUs of local ports at a regular interval of HelloTime. If a path has any change, recalculation of the spanning tree will be initiated to generate a new path. However, the recalculated new configuration BPDU will not be propagated throughout the network right away. In this case, the old root ports and designated ports that have not detected the topology change will still forward the data through the old path. If the new root port and designated port begin to forward data soon after they are elected, a temporary loop may be caused. To avoid that, in RSTP, a transitional state mechanism is used to ensure the new configuration BPDU has been propagated throughout the network before the root port and designated port begin to send data again. That is, the root port and designated port should undergo a transitional state for a period of Forward Delay before they enter the forwarding state. The MA5300 supports the Rapid Spanning Tree Protocol (RSTP), which is an enhancement of STP. RSTP complies with IEEE 802.1D. The Forward Delay for the root ports and designated ports to enter forwarding state is greatly reduced in certain conditions, thereby shortening the period for the network topology to get stable. To achieve the rapid transition of the root port state, the following requirement should be met: the old root port on this switch has stopped data forwarding and the designated port in the upstream has begun forwarding data. The conditions for rapid state transition of the designated port are: The port is an edge port. Edge port means a port that does not connect with any switch directly or indirectly. If the designated port is an edge port, it can enter the forwarding state directly. The port is connected with the point-to-point link. That is, it is the master port in aggregation ports or full duplex port. You can also set it as a point-to-point connection manually. If the designated port connects to the point-to-point link, it can enter the forwarding state right after handshaking with the downstream switch and receiving the response. The system that uses RSTP is compatible with the one using STP. Both protocol packets can be identified by the switch running RSTP and used in spanning tree calculation.
11.2 Configuring RSTP

The configuration of RSTP involves: Enabling/Disabling RSTP Setting/Switching the Operating Mode of RSTP Setting the Network Diameter Setting the Parameters of a Specified Bridge Setting the Parameters of a Specified Port Table 11-2 lists the commands for configuring RSTP. Table 11-2 Commands for configuring RSTP To Use In Global configuration mode/Ethernet port configuration mode/VDSL port configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Ethernet port configuration mode/VDSL port configuration mode
Enable/Disable SPT
spanning-tree disable ]
enable
Set the operating mode of RSTP
(no) spanning-tree mode
Set the network diameter
(no) spanning-tree bridge-diameter
Set the priority of a specified bridge Set the Forward Delay of a specified bridge Set the Hello Time of a specified bridge Set the Max Age specified bridge of a
(no) spanning-tree priority
(no) forward-time
spanning-tree
(no) spanning-tree hello-time
(no) spanning-tree max-age
Run mCheck
spanning-tree mcheck
To Set the maximum transmission speed of a specified bridge
Use
In Ethernet port configuration mode/VDSL port configuration mode Ethernet port configuration mode/VDSL port configuration mode Ethernet port configuration mode/VDSL port configuration mode Ethernet port configuration mode/VDSL port configuration mode Ethernet port configuration mode/VDSL port configuration mode All modes except the user EXEC mode Privileged mode
(no) transit-limit
spanning-tree
Set a specified port to be an Edge port
(no) spanning-tree portfast
Set the Path Cost of a specified port
(no) spanning-tree cost
Set the priority of a specified port
(no) port-priority
spanning-tree
Set the point-to-point link on a specified port
(no) spanning-tree point-to-point
View RSTP information Clear the RSTP information
show spanning-tree clear spanning-tree
11.2.1 Enabling/Disabling RSTP

I. Enabling/Disabling the device RSTP
To validate the configuration of RSTP, you have to start RSTP first. Before starting RSTP, you can set the associated parameters for the device and ports. The parameters you have configured are still preserved even after RSTP is disabled. When RSTP is enabled next time, the parameters will take effect again. Note that some network resources will be occupied after RSTP is enabled. If the network size is small and the link is clear, it is suggested that RSTP be disabled. By default, RSTP is disabled. In global configuration mode, you can run the command spanning-tree enable to enable RSTP for a device.
To disable RSTP for a device, you can run the command spanning-tree disable. To restore the default value, you can run the command no spanning-tree.
II. Enabling/Disabling the port RSTP

RSTP will be enabled on all ports after it is enabled on the device. To flexibly control the RSTP operations, after RSTP is enabled on Ethernet ports and VDSL ports, you can disable it again to forbid the ports to participate in the spanning tree calculation. By default, RSTP is disabled on ports. Note that ADSL ports do not support STP/RSTP and that redundancy routes may be generated after RSTP is disabled on Ethernet ports and VDSL ports. In Ethernet port/VDSL port configuration mode, you can run the command spanning-tree { enable | disable } to enable/disable RSTP on specified ports. To restore the default setting of RSTP on specified ports, you can run the command no spanning-tree.
11.2.2 Setting/Switching the Operating Mode of RSTP

I. Setting the operating mode of RSTP
RSTP can interwork with STP. If the switching network contains bridges that run STP, RSTP can transfer automatically to STP compatible mode. You can also set the current RSTP to run in STP-compatible mode by commands. In general, manual configuration is not necessary. To set the operating mode of RSTP as STP compatible mode or RSTP mode, you can run the command spanning-tree mode. To restore the operating mode to the default setting, you can run the command no spanning-tree mode.
II. Switching the operating mode to RSTP mode

In the case that the network is stable, though the bridges that run STP in a network segment are taken away, the associated ports still work in STP compatible mode. At this moment, you can force them to work in RSTP mode by commands. You can make the switch only when a bridge runs RSTP. If the operating mode of the bridge is set as STP compatible mode by commands, the switch is invalid. To switch the operating mode to RSTP mode, you can run the command spnning-tree mcheck.
11.2.3 Setting the Network Diameter

Any two hosts in the switching network can be connected to each other through a series of bridges. Network diameter refers to the path with the most bridges among these paths. It is expressed by the number of bridges on the path. You can set this parameter in light of the actual networking. In general, the diameter of the switching network does not exceed 7 (recommended). By default, the parameter value is 7. To set the network diameter, you can run the command spanning-tree bridge-diameter. To restore the default value, you can run the command no spanning-tree bridge-diameter.
11.2.4 Setting the Parameters of a Specified Bridge

I. Setting the priority of a specified bridge
Whether a bridge can be selected as the root of the spanning tree depends on its priority. The bridge with a lower priority can be selected as the root of the spanning tree. Note that if the priority levels of all the bridges in the switching network are the same, the bridge with the smallest MAC address will be selected as the root. When RSTP is enabled, configuring priority for a bridge will lead to the recalculation of the spanning tree. By default, the priority of a bridge is 32768. To set the priority of a specified bridge, you can run the command spanning-tree priority. To restore the default value, you can run the command no spanning-tree priority.
II. Setting the Forward Delay of a specified bridge

Link failure will cause recalculation of the spanning tree and its structure. However, the newly calculated configuration BPDU cannot be propagated throughout the network immediately. If the newly selected root port and designated port begin to forward data frame right away, it can cause temporary loop. Accordingly, the protocol adopts the state transition mechanism. That is, the root port and the designated port must undergo a transition state for a certain period (Forward Delay) before they switch to the forwarding state and resume data frame forwarding. This delay ensures that the new configuration BPDU
has been propagated throughout the network before the data frame forwarding is resumed. The bridge Forward Delay is related to network diameter. So in general, you should set the Forward Delay to a larger value for a larger network diameter. If the Forward Delay is set too short, temporary redundant paths redundancy may be generated. If the Forward Delay is set too long, the recovery of network connection may take a long time. It is recommended that you use the default setting, which is 15 seconds. To set the value of Forward Delay, you can run the command spanning-tree forward-time. To restore the default value, you can run the command no spanning-tree forward-time.
III. Setting the Hello Time of a specified bridge

A proper value of Hello Time ensures timely detection of line failure without occupying too much network resources. Too long Hello Time will result in the spanning tree recalculation, because the bridge mistakes the frame loss of the link for link failure. Too short Hello Time will force the bridge to frequently send configuration BPDUs. This can increase the burden of the switch and wasting network resource. It is recommended that you use the default value, which is 2 seconds. To set Hell Time of a specified bridge, you can run the command spanning-tree hello-time. To restore the default value, you can run the command no spanning-tree hello-time.
IV. Setting the Max. Age of a specified bridge

Max. Age is a parameter to judge whether the configuration BPDU is outdated. You can set it in light of the actual network situation. Too long Max. Age may make the bridge unable to find link failure in time, weakening the network auto-sensing ability. Too short Max. Age will result in frequent calculation of spanning tree and mistaking network congestion for link fault. It is recommended that you use the default setting, which is 20 seconds. To set Max Age of a specified bridge, you can run the command spanning-tree max-age.
To restore the default value, you can run the command no spanning-tree max-age.
11.2.5 Setting the Parameters of a Specified Port

I. Setting the maximum transmission speed of a specified port
The maximum transmission speed of the Ethernet port and VDSL port is related to its physical state and network structure. You can set it in light of the actual network situation. If the max transmission speed on a port is set too high, excessive network resources may be occupied. It is recommended that you use the default setting, which is 3 (a counter value without unit) on all the Ethernet ports and VDSL ports of the bridge. To set the maximum transmission speed of a specified port, you can run the command spanning-tree transit-limit. To restore the default value, you can run the command no spanning-tree transit-limit.
II. Setting a specified port as an edge port

If an Ethernet port or a VDSL port is not connected to the Ethernet or VDSL port of another bridge, you can set the port as an Edge port, as the Edge port can switch to the forwarding state directly, consequently reducing the unnecessary transition time. If the Ethernet port or VDSL port is set as Edge port while it is connected to the port of another bridge, RSTP will auto detect it and reconfigure it as a non-Edge port. When an Ethernet port or VDSL port switches from non-Edge port to Edge port, you are recommended to set it as Edge port manually because RSTP cannot detect this kind of transition. By default, all the Ethernet ports are configured as non-Edge ports. To set a specified port as an edge port/non-edge port, you can run the command spanning-tree portfast { enable | disable }. To restore the default value, you can run the command no spanning-tree portfast.
III. Setting the Path Cost of a specified port

The path cost of an Ethernet port or a VDSL port is related to the speed of a link connected to the port. The larger the link speed, the smaller the path cost. RSTP can detect link speed and convert it into associated path cost.
Note that configuring path cost for the Ethernet port or VDSL port will cause recalculation of spanning tree. It is recommended to use the default value and let RSTP calculate the path cost on the current Ethernet port. By default, the bridge gets the path cost of a port in light of the link speed directly. To set the path cost of specified port, you can run the command spanning-tree cost. To restore the default value, you can run the command no spanning-tree cost.
IV. Setting the Priority of a specified port

By setting the priority of an Ethernet port or a VDSL port, you can enable the specified Ethernet port or VDSL port to be included in the final spanning tree. In general, the lower the set value is, the higher priority the port has, and the more likely the Ethernet port/VDSL port will be included in the spanning tree. If all the Ethernet ports or VDSL ports of the bridge adopt the same priority, then the priority of those ports will be decided by the port index number. By default, the priority for all the Ethernet ports or VDSL ports is 128. Note that any change of priority for an Ethernet port or VDSL port will cause recalculation of the spanning tree. To set the priority of a specified port, you can run the command spanning-tree port-priority. To restore the default value, you can run the command no spanning-tree port-priority.
V. Enabling/Disabling the point-to-point link on a specified port

Two ports that are point-to-point connected can enter the forwarding state rapidly by transmitting synchronous packets. As a result, the unnecessary forwarding delay can be reduced. If this parameter is configured with auto, RSTP can auto detect whether the point-to-point link is enabled on the current Ethernet port or VDSL port. Note that the operations mentioned above are only valid to aggregated Ethernet (or VDSL) ports or those working in full duplex mode. You can enable or disable point-to-point link on the current Ethernet ports or VDSL ports manually. However, the auto mode is recommended. By default, auto mode is selected. To enable or disable point-to-point link on a specified port, or to set the mode as auto, you can run the command spanning-tree point-to-point.
To restore the default value, you can run the command no spanning-tree point-to-point.
11.2.6 Viewing RSTP Information

I. Viewing the device and port RSTP information
To view device and port RSTP information, you can run the command show spanning-tree. This example shows how to view the device RSTP information.
MA5300(config)#show spanning-tree Spanning tree protocol is disabled The bridge has priority 32768, MAC address: 00e0.fc11.19c2 Configured Hello Time 2 second(s), Max Age 20 second(s), Forward Delay 15 second(s)
This example shows how to view the port RSTP information.

MA5300(config)#show spanning-tree interface ethernet 7/2/0 Spanning tree protocol is disabled The bridge has priority 32768, MAC address: 00e0.fc11.19c2 Configured Hello Time 2 second(s), Max Age 20 second(s), Forward Delay 15 second(s)
II. Clearing RSTP information

To clear the RSTP information of the device or port, you can run the command clear spanning-tree. This example shows how to clear RSTP information of the MA5300.
MA5300(config)#clear spanning-tree
This example shows how to clear port RSTP information.

MA5300(config)#clear spanning-tree interface ethernet 7/2/0
Chapter 12 Cluster Management Configuration

12.1 Overview
12.1.1 Brief Introduction to Cluster Management
HGMP V2 aims to allow a network administrator to manage multiple devices through a managing device with a public IP address. The managing device is called command device and the managed devices are called member devices. In general, member devices are not allocated with public IP addresses. The management and maintenance over the member devices are performed through redirection of the command device. A cluster consists of a command device and several member devices. Figure 12-1 shows a typical application of the cluster.
Network management device Network 69.110.1.100 Command device
69.110.1.1
Member device
Member device
Member device
Candidate device
Figure 12-1 Networking diagram of a cluster The advantages of a cluster are as follows: Simplifies the configuration management tasks.
To configure and manage multiple devices, you only need to implement operations on the command device. Provides topology discovery and collection function. Not limited by network topology structure. Saves IP address. Only one public network IP address is configured on the command device.
12.1.1 Cluster Roles

The devices in a cluster have different status and functions and play different roles. You can specify the role of a specified device. The devices can also change their roles based on preset rules. The roles that a device can play in a cluster include: Command device It refers to the device configured with a public network IP address and used to providing management interface for all devices in the cluster. The management commands are sent to the command device first, which will process these commands. If the command is destined to be a member device, the command device will forward it to the member device. The command device performs these functions: Discovering adjacency information Collecting the topology of the whole network Managing the cluster, maintaining the cluster status Supporting different agents Member device It refers to the member of a cluster. Member devices are managed by means of command device redirection. In general, you do not have to assign a public network IP addresses for the member devices. The member device performs these functions: Discovering the adjacent information Executing the commands delivered by the proxy Reporting failures and logs. A member device is managed by the command device. Candidate device
It refers to the device that is not a member of any cluster yet, but is well qualified to be a member device of a cluster. Figure 12-2 illustrates the rules for role switchover.
Candidate device
as e ted evic a ign dd es man D m co
r ter ste lus clu ac oa m dt ro de df Ad ve mo Re
Command device
Re mo v clu ed f ste rom r a
Member device
Figure 12-2 Rules of changing roles Each cluster shall have one, but only one command device. The command device will identify and discover the candidate device by collecting Huawei Discovery Protocol / Huawei Topology Protocol (HDP/HTP) information. You can specify a candidate device as a member device of the cluster. A candidate device becomes a member device after it is added to a cluster. If a member device is removed from the cluster, it becomes a candidate device again. When setting the cluster functions, you shall configure the following in the command device: Enabling the HDP on the devices and ports Setting HDP parameters Enabling the HTP on the devices and ports Setting HTP parameters Enabling cluster functions Setting cluster parameters In addition, you shall configure the following for member devices and candidate devices: Enabling the HDP on the devices and ports Enabling cluster functions
12.1.2 Brief Introduction to HGMP

Cluster management is performed through HUAWEI Group Management Protocol (HGMP). HGMP consists of the following protocols: HUAWEI Discover Protocol (HDP)
HUAWEI Topology Protocol (HTP) Cluster Management Protocol The functions of HGMP are as follows.
I. HDP
HDP is used for discovering the information on the directly connected neighbors, including device type, software/hardware version, and connected ports. It can also provide the information on device ID, port address, device capability and hardware platform. The device that supports HDP transmits HDP packets to all ports. Meanwhile, it also receives HDP packets sent by neighboring devices and maintain the HDP information table in light of those packets. Features of HDP: HDP is only used for discovering the information on the directly connected neighbors. The device that supports HDP will not forward HDP packets after receiving them. HDP is not limited by STP. HDP packets can pass the ports blocked by STP.
II. HTP
HTP is used for collecting network topology information, providing the information on devices that can join a cluster. A topology collection device (such as a command switch) transmits topology a request packet to all devices in the network. The device that receives the request will send a response packet to the topology collection device, and copy the request packet to all its adjacent devices. The response packet consists of HDP information of the device and connection information of all its adjacent devices. Based on the analysis of these topology information, the topology collection device can learn the network topology structure. A command switch in a cluster can enable HTP to collect topology information periodically. The collection of topology information can also be performed manually aiming at the change of member devices, to ensure the switch can obtain the latest network topology information in time.
III. Cluster management protocol

Cluster management protocol is used for the maintenance and management upon a cluster, including creation of a cluster, adding/deletion of cluster members, configuration of cluster IP addresses, and start of cluster function.
12.2 Configuring HDP

HDP is the proprietary protocol of Huawei Technologies Co., Ltd. used for discovering related information on adjacent points. Running on the data link layer, HDP supports systems of different network layer protocols. The configuration of HDP mainly involves: Enabling/Disabling global HDP Enabling/Disabling HDP on a port Setting the HDP holdtime Setting the HDP timer Viewing HDP Information
Note: For the command device, you shall enable HDP on the device and the port, and set the HDP parameters. While for member devices and candidate devices, you only need to enable HDP on the devices and relevant ports. When HDP runs, they will use the HDP parameters sent by the command device.
Table 12-1 lists the commands for configuring HDP. Table 12-1 Commands for configuring HDP To Enable/Disable global HDP Use (no) hdp run In Global configuration mode Port configuration mode Global configuration mode Global configuration mode All modes except the user EXEC mode Privileged mode
Enable/Disable HDP on a port
(no) hdp enable
Set the HDP Holdtime
(no) hdp holdtime
Set the HDP timer
(no) hdp timer
View HDP information Clear the HDP statistics
show hdp clear hdp counters
12.2.1 Setting HDP

I. Enabling/Disabling global HDP
To collect HDP information on the adjacent device of any port, enable HDP globally first. By default, global HDP is enabled. With global HDP enabled, the system collects HDP information periodically and supports user query. With global HDP disabled, all the HDP information on the device will be cleared and the system will no longer process any HDP packets. To enable global HDP, you can run the command hdp run. To disable global HDP, you can run the command no hdp run.
II. Enabling/Disabling HDP on a port

You can enable/disable HDP on a port to determine whether to collect information on the adjacent node of the port. By default, HDP on a port is enabled. After HDP has been enabled both globally and on the port, the system will collect the HDP information on the node adjacent to the port regularly. If HDP on a port is disabled, this port will not collect and transmit the HDP information. To enable HDP on a port, you can run the command hdp enable. To disable HDP on a port, you can run the command no hdp enable.
III. Setting the HDP holdtime

The HDP holdtime specifies how long the adjacent node can keep the local node information. The adjacent device obtains the holdtime contained in the received HDP packet and will discard the packet when it expires. Note that HDP holdtime is supposed to be longer than the HDP timer. Otherwise, the HDP information table will be unstable. By default, the HDP information is held for up to 180 seconds. To set HDP holdtime, you can run the command hdp holdtime. To restore the default value, you can run the command no hdp holdtime.
IV. Setting the HDP timer

The HDP information on the adjacent nodes shall be updated frequently to ensure the timely update for local information.
In general, HDP timer is supposed to be shorter than the HDP holdtime. Otherwise, HDP information table will be unstable. By default, HDP is transmitted every 60 seconds. To set HDP timer, you can run the command hdp timer. To restore the default value, you can run the command no hdp timer.
12.2.2 Viewing HDP Information

After completing the above configuration, you can run the command show to view the operation status of the configured HDP or check whether the configuration is correct.
I. Viewing HDP configuration

MA5300(config)#show hdp Global HDP information: Sending HDP packets every 60 seconds Sending a holdtime value of 180 seconds
II. Viewing HDP neighboring devices

To view the brief information on all neighbors, you can run the command show hdp neighbors. To view the detailed information, you can use the [detail] parameter.
MA5300(config)#show hdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device-Mac Local-Interface Hdtm Capab Platform 123 TS Port-ID
00e0.fc00.0020 Ethernet7/2/1
Quidway S2016 Ethernet0/14
III. Viewing the HDP informaton on a specified MAC address

To view the detailed HDP information on a specified MAC address, you can run the command show hdp entry. To view the version information only, you can use the version parameter.
MA5300# show hdp entry 00e0.fc23.0010 Device ID: 0000000000e0fc230010 Host Name: huawei_0.Quidway Platform: SmartAX MA5300, Interface: Ethernet7/1/1, Holdtime: 166 sec Capabilities: Trans-Bridge Switch Port ID (outgoing port): Ethernet7/1/2
Version:
huawei Versatile Routing Platform Software VRP (tm) Lanswitch Platform Software Version V100R002B09D004 SmartAX MA5300 Software Version V100R002B02D002, RELEASE SOFTWARE Copyright (c) 2000-2002 By HUAWEI TECH CO., LTD. Compiled Jul 30 2002 18:14:59
Duplex Mode: Full Management Vlan: 1
IV. Viewing the HDP traffic

To view the HDP traffic statistics, you can run the command show hdp traffic. To clear HDP statistics, you can run the command clear hdp counters.
MA5300(config)# show hdp traffic HDP counters : Packets output: 17939, Input: 18474 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 11, Fragmented: 0
12.3 Configuring HTP

12.3.1 Introduction to HTP
HTP is a proprietary protocol of Huawei Technologies Co., Ltd. for network topology collection. HTP provides the information on available devices to join a cluster and collects the devices within the specified hops for the cluster management. When the HDP on the member device finds changes of neighbor, it will advertise the changes to the command device by handshake message. The command device can run HTP to collect the specified topology and show the network topology changes in time. The configuration of HTP involves: Enabling/Disabling global HTP Enabling/Disabling HTP on a port Setting the topology collection range Setting the delay for a device to forward collection request Setting the delay for a port to forward collection request Setting the topology collection interval Starting the topology collection Viewing HTP Information
Note: For the command device, you shall enable HTP on the device and port and set the HTP parameters. While for the member device and candidate device, you only need to enable HTP on the device and relevant ports and then they will use the HTP parameters sent by the command device during the protocol operation.
Table 12-2 lists the commands for configuring HTP. Table 12-2 Commands for configuring HTP To Enable/Disable global HTP (no) htp run Use In Global configuration mode Port configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Privileged mode All modes except the user EXEC mode
Enable/Disable HTP on a port
(no) htp enable
Set the topology collection range Set the delay for collected device to forward topology collection request Set the delay for collected port to forward topology collection request Set the topology collection interval Start the topology collection View HTP information
(no) htp hop
(no) htp hop-delay
(no) htp port-delay
(no) htp timer htp start show htp
12.3.2 Setting HTP

I. Enabling/Disabling global HTP
To enable the system to process HTP packets, you should enable the global HTP first. If global HTP is disabled, all the HTP information on the device will be cleared, and the device will discard all the HTP packets and stop transmitting HTP requests.
By default, the global HTP is enabled. To enable global HTP, you can run the command htp run. To disable global HTP, you can run the command no htp run.
II. Enabling/Disabling HTP on a port

You can use the following commands to enable/disable HTP on a specified port to decide to transmit/receive and forward HTP packets through which port. By default, HTP is enabled on a port. After the global HTP and port HTP have been enabled, the HTP packets can be transmitted, received and forwarded through the port. After the HTP is disabled on the port, the port will not process HTP packets. If you enable HTP on a port not supporting HDP and HTP cannot be run. On some occasions, it only needs collecting the topology connected to the Downlink ports, without caring about the topology connected to the Uplink. In this case, HTP is supposed to be disabled on the Uplink ports. To enable HTP on a port, you can run the command htp enable. To disable HTP on a port, you can run the command no htp enable.
III. Setting the topology collection range

You can set a limit to the hops for topology collection, so that only the topology information on the devices within the specified hops will be collected and infinite collection can be avoided. You can set a hop limit for discovery. For example, if you set a limit of 2 on the hop count, only the devices that are two hops away from the first device transmitting the topology collection request will be collected. Note that the setting is only valid on the device transmitting the topology collection request. The broader the collection range is, the more memory of the topology-collecting device is required. By default, the topology information on the devices 3 hops away from the collecting device is collected. To set the topology collection range, you can run the command htp hop. To restore the default value, you can run the command no htp hop.
IV. Setting the delay for a device to forward collection request

After a topology request packet is advertised in the network, many devices will get it at the same time and respond at the same time. This may result in network congestion and busy state of topology collection the device. To solve the problem, you can configure each device to delay response for a certain period after receiving the topology request. The first port will forward the topology request packet when the delay timer times out. By default, the device to be collected forwards the topology request after delaying for 200ms. To set the delay for a device to forward topology collection request, you can run the command htp hop-delay. To restore the default value, you can run the command hop-delay.
V. Setting the delay for a port to forward collection request

After a topology request packet is advertised in the network, many devices will get it at the same time and respond at the same time. This may result in network congestion and busy state of topology collection the device. To solve the problem, you can set every port of the device to delay response for a certain period after receiving the topology request, before the next port forwards the topology request packet. The ports transmit packets in turn, consistent with the sequencing of the devices in the topology response. By default, the port forwards the topology collection request after a delay of 20ms. To set the delay for a port to forward topology collection request, you can run the command htp port-delay. To restore the default value, you can run the command no htp port-delay.
VI. Setting the topology collection interval

After the cluster function is started, once the command device detects any change in member devices, it will inform HTP to perform partial topology collection. Such partial collection cannot reflect the global change in topology. In order to learn the topology changes in time, it is necessary to periodically collect the topology information on all devices within the specified scope. By default, the value of topology collection is 0, which indicates the periodical topology collection will not be performed. To set topology collection interval, you can run the command htp timer.
To restore the default value, you can run the command no htp timer.
VII. Starting the topology collection

After the topology collection interval is defined, HTP will automatically collect the topology information within the entire range based on the interval. HTP also provides commands for manual topology collection, which allow users to collect network topology information at any time for performing device management and monitoring. To start topology collection, you can run the command htp start.
12.3.3 Viewing HTP Information

After the above configuration completes, you can run the command show htp to view the HTP configuration and to check whether the configuration is correct.
MA5300(config)#show htp HTP is running. Hops Timer : 3 : 0 min
Hop Delay : 200 ms Port Delay: 20 ms Last collection total time: 0ms
This example shows how to view the devices list collected by HTP.
MA5300(config)#show htp device-list Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater MAC 00e0.fc00.0020 00e0.fc11.19c2 HOP 1 0 PLATFORM Quidway S2016 SmartAX MA5300 IP CAPABILITY TS RTS
12.4 Configuring a Cluster

Each cluster shall have one unique command device. The designated command device manages and monitors the device by learning the network topology through HDP and HTP information collection. The configuration of cluster involves: Enabling/Disabling the Cluster Function Setting the Cluster IP Address Pool Specify the Command Device Adding/Deleting a Cluster Member
Setting the Cluster Parameters Setting the Member Accessing Viewing Cluster Information
Note: For the command device, you shall enable the cluster function and set cluster parameters. For member devices and candidate devices, you only need to enable the cluster function. In this case, the command device can manage them.
Table 12-3 lists the commands for cluster management. Table 12-3 Commands for cluster management To Enable/Disable function cluster Use (no) cluster run (no) cluster ip-pool (no) cluster enable (no) cluster member cluster setup (no) cluster holdtime In Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Privileged mode Global configuration mode Global configuration mode
Set cluster IP address pool Specify the command device Add/Delete a cluster member manually Set up a cluster automatically Set cluster holdtime Set cluster timer to specify the handshaking message interval Add VLAN tag to cluster packets on the Trunk port Set the VLAN to which the command devices uplink ports belong Reset a member device Set/Cancel cluster security check Set the cluster FTP server
(no) cluster timer (no) cluster tagged trunk-port cluster uplink vlan-interface cluster reset member (no) cluster security cluster ftp server
To Set the cluster TFTP server Set the cluster NMS host Set the cluster log host Switch from the command device to a member device View cluster information
Use cluster tftp server cluster snmp host cluster logging host rcommand show cluster
In Global configuration mode Global configuration mode Global configuration mode Privileged mode All modes except the user EXEC mode
12.4.1 Enabling/Disabling the Cluster Function

You have to enable the cluster function before carrying out other cluster functions. By default, the cluster function is enabled. After the command no cluster run is run on the command device, the cluster and all its members will be deleted, the command device function and cluster function of the device will be disabled, and the device cannot be a candidate device of any other cluster. After the command no cluster run is run on a member device, the device will exit the cluster and the cluster function of the device will be disabled, and the device cannot be a candidate device. After the command no cluster run is run on a switch not belonging to any cluster, the cluster function will be disabled, and the device cannot be a candidate device.
12.4.2 Setting the Cluster IP Address Pool

Before setting up a cluster, you need to set a private IP address pool first. Then when a candidate device is added to the cluster, the command device will dynamically assign it with a private IP address that can be used for communication inside the cluster. By doing so, you can use the command device to manage and maintain the member devices. By default, the IP address of the command device is at 172.16.0.1 and the mask is 255.255.240.0. That means the length of the mask is 20.
Note that you can only perform the above configuration before creating a cluster. If the cluster has already been created, then the IP address pool of the existing cluster cannot be modified. To set the cluster IP address pool, you can run the command cluster ip-pool. To restore the default value, you can run the command no cluster ip-pool.
MA5300(config)#cluster ip-pool 10.11.116.8 24
12.4.3 Specify the Command Device

Every cluster has one unique command device. The command device is the entrance-exit for accessing cluster members. Hence, when creating a cluster, you need to specify one command device first. To set the cluster name for specifying the command device, you can run the command cluster enable. To delete all members in the cluster and set the command device to be a candidate device, you can run the command no cluster enable. The command cluster enable can only be used on a device to be designated as the command device, rather than a device of any other cluster. For a device that is the command device of another cluster, you can run this command to rename that cluster. This example shows how to create a cluster with the name of huawei, and specify the MA5300 as the command device.
MA5300(config)#cluster enable huawei % 1[2003-07-29 17:39:32]:CLST-1-LOG: ip addr 10.11.116.8 255.255.255.0 se, set by cluster % 1[2003-07-29 17:39:32]:CLST-1-LOG: community string public@cm0, set by cluster % 1[2003-07-29 17:39:32]:CLST-1-LOG: community string private@cm0, set by cluster % 1[2003-07-29 17:39:32]:CLST-1-LOG: hostname huawei_0.MA5300, set by cluster
12.4.4 Adding/Deleting a Cluster Member

I. Adding/Deleting a cluster member device manually
To specify the candidate devices to be added into a cluster manually, you can run the command cluster member.
To delete specified member devices in a cluster, you can run the command no cluster member. This example shows how to add a cluster member: the number is 2, the MAC address is 00E0.fc00.2222 and the password to enter privileged mode is grandkey.
huawei_0. MA5300(config)# cluster member 2 mac-address 00E0.fc00.2222
password grandkey
Note: Adding/deleting a cluster member must be performed on a command device. Number assignation is not necessary for the newly added member device, since the command device will automatically assign a number for the member device. When a device is added into a cluster, the system will also automatically set the privileged user password of the new member device the same as that of the command device.
II. Enabling cluster auto-setup

Besides manual adding members into a cluster, the cluster auto-setup function is also provided. You can run the command cluster setup to set up a cluster. During cluster setup, the system will prompt you to enter a cluster name. Then a list of all the candidate devices discovered within the specified hops will be provided. You can confirm whether to add these devices into the cluster. After your make a confirmation, all the listed candidates can be added to the new cluster. During the process, you can press <Ctrl+C> to cancel the current operation. However, such action will only stop adding new members, but the devices already added will remain in the cluster.
huawei_0.MA5300(config)#cluster setup Collecting candidate list, please wait... Candidate list: Name Quidway Add all Candidates?(Y/N)y % 1[2003-07-29 17:41:13]:CLST-1-LOG: Member 00e0.fc00.0020 is joined in cluster huawei. Cluster setup Finish! 1 member(s) added successfully. Hops 1 MAC Address 00e0.fc00.0020 Device Quidway S2016
12.4.5 Setting the Cluster Parameters

I. Setting the cluster holdtime
After setting up a cluster, communication may fail due to network problems or switch reset. If the failure exceeds three times of the handshaking message interval + the effective holdtime specified by the device, then the member device becomes down. When the communication recovers, the corresponding member device will be added to the cluster again automatically. If the failure is removed within the holdtime, the status of member device will remain normal and there is no need for system to add the member device automatically. Note that the above command can only run on the command device, which will advertise the holdtime value to other member devices. holdtime is usually set to be several times of the handshaking message interval. It indicates for how many times after no handshaking message from the member device is received will the device be considered faulty. By default, the cluster holdtime is 80 seconds. To set the cluster holdtime, you can run the command cluster holdtime. To restore the default value, you can run the command no cluster holdtime.
II. Setting the handshaking message interval

Inside a cluster, the member devices and command device communicate with each other through sending handshaking messages. Regular handshaking can help monitoring member status and link status. After joining a cluster, the member device begins transmitting handshaking messages actively and regularly to the command device. When receiving regular handshaking, both the command device and member device will consider current communication normal. If the member device fails to receive responses from the command device for 3 consecutive times, it will consider there is communication failure. Similarly, if the command device fails to receive handshaking requests from the member device for 3 consecutive times, it will also consider there is communication failure. In addition, when a member device learns any change of the topology, it will report the topology change to the command device for handling with a handshaking message. To set the handshaking message interval, you can run the command cluster timer. To restore the default value, you can run the command no cluster timer. The default value is 8s.
III. Adding the VLAN tag to cluster packets on the Trunk port
In cluster management, the HDP and part of the HTP and Cluster packets sent by the cluster device have no VLAN header of 802.1Q. However, in practice, when the MA5300s Trunk port connects with some devices (such as MA5100 and MA5105) for cluster management application, the opposite devices can only accept the packets with VLAN headers, or else the packets with no VLAN headers will be discarded, and cluster management cannot work normally. To forcedly add VLAN headers of 802.1Q to all cluster management packets sent by the Trunk port of the MA5300, you can run the command cluster tagged trunk-port. The VLAN added is 1, which is the managed VLAN of the cluster. To cancel the function, you can run the command no cluster tagged trunk-port. By default, the function is disabled. When the MA5300 connects with the MA5100 or the MA5105 through the Trunk port, and cluster management is required, this function must be enabled.
IV. Setting the VLAN to which the command devices uplink ports belong
In cluster management, an NMS can access a member device only through a managed IP address of the command device, while the IP address must belong to interface VLAN 1. If it belongs to other interface VLANs, the command device cannot implement NAT conversion correctly. However, when the MA5300 is used as an L3 forwarding device, its managed IP address is not necessarily configured in VLAN 1. Sometimes it is configured in other VLANs to which uplink ports belong. In this case, an NMS cannot access member devices when it uses the managed IP address of other VLANs. Hence, for the IP address that the MA5300 accesses currently, you must specify which VLAN it belongs to manually. If the managed IP address exists in VLAN 1 already, no setting is required. For example, the MA5300s uplink port Ethernet 7/2/3 belongs to VLAN 3. The IP address of interface-vlan 3 is 10.11.50.1, which is the IP address that the NMS accesses. The uplink port of the cluster device belongs to VLAN 3.
V. Setting the remote control over member devices

Communication between the command device and the member devices may fail due to some mis-operation on the member devices. Then you can control the member devices remotely on the command device.
For example, you can delete the booting configuration file on the member device and reset it. This helps to recover the normal communication between command device and member devices. In general, messages within a cluster can only be forwarded in VLAN 1. If the user has performed any wrong configuration on a member device, such as setting the port (on the member devices) connected with the command device as a VLAN 2 port, communication between the command device and member device will fail. To solve the problem, the user can configure the VLAN checking function on a command device. Then messages sent by the command device to the member devices within the cluster will carry such information. When a member device receives the messages, it will automatically add a port into VLAN 1 if it finds that the port of received messages does not belong to VLAN 1. This helps to ensure normal communication with the command device. When running the command cluster reset member, you can decide whether to delete the configuration file with the eraseflash parameter. To perform VLAN security check in cluster internal communication, you can run the command cluster security. To cancel VLAN security check, you can run the command no cluster security.
VI. Setting FTP/TFTP server, SNMP and log hosts for a cluster
After setting up a cluster, you can configure the FTP/TFTP server, SNMP and log hosts for the cluster on a command device. Member devices can then access the configured server through the command device, and output trap and log messages to SNMP and the configured log host respectively. To configure the FTP server, you can run the command cluster ftp server. To configure the TFTP server, you can run the command cluster tftp server. To configure the SNMP host, you can run the command cluster snmp host. To configure the log host, you can run the command cluster logging host. This example shows how to configure the FTP server for the cluster.
MA5300(config)#cluster ftp server 164.23.1.100
12.4.6 Setting the Member Accessing

I. Switching to a member device
After configuring HDP, HTP and cluster correctly, you can switch to member devices for management by running the command rcommand on the command device. To switch back to the command device, you can run the command exit.
Authorization is required when you switch from the command device to a member device. You can perform the switchover after you pass the authorization. However, if the privileged user password of the member device is different from that of the command device, the switchover will be rejected. The user level will be inherited from the command device after you switch to the member device. For example, the privileged user will retain as a privileged user after you switch from the command device to a member device. Authorization is also required when you switch from a member device to the command device. After passing the authorization, the system will enter user EXEC mode automatically. This example shows how to switch to the member device from the command device.
huawei_0.MA5300(config)#rcommand 1 Press CTRL_] to quit telnet mode. Trying ... ...
Connected to
huawei_1.Quidway#
This example shows how to switch back to the command device from the member device.
huawei_1.Quidway#exit The connection was closed by the remote host! huawei_0.MA5300(config)#
II. Operating a member device

You can perform these operations upon a member device through the command device: Upgrading a board Backing up the configuration file Downloading files This example shows how to upgrade the file "Bootrom" of a member device's EADA board.
huawei_0.MA5300(config)#rcommand 1 Press CTRL_] to quit telnet mode. Trying ... ...
Connected to
huawei_1.MA5300(config)#load bootrom tftp cluster 0/9 Whether to load other boards of same type ? (y/n):[n]n Board name[EADA]: File name [eadaboot.app]: Whether to start loading? (y/n)[n]:y
Load(backup,duplicate,...) begins,please wait and notice the rate of progress. Any operation such as reboot or switchover will cause failure and unpredictable result. huawei_1.MA5300(config)#
INFO
MAJOR
2004-11-16 15:26:02
ALARM NAME
: Load start
PARAS INFO
: FrameID: 0, SlotID: 9, Load type: Bootrom file
This example shows how to back up the configuration file of a member device through TFTP.
huawei_1.MA5300(config)#tftp put vrpcfg.txt //cluster/vrpcfg.txt .. Uploading succeeds! huawei_1.MA5300_B(config)#
This example shows how to download files for a member device through FTP.
huawei_1.MA5300(config)#ftp cluster Trying ... Connected. 220-Serv-U FTP-Server v2.5f for WinSock ready... 220 This FTP server is an unregistered 45 day try-out version of Serv-U User(none):aaa 331 User name okay, need password. Password: 230 User logged in, proceed.
ftp>get SERV-U.ini serv-u.ini 200 PORT Command successful. 150 Opening ASCII mode data connection for SERV-U.ini (815 bytes). 226 Transfer complete. FTP: 815 byte(s) received in 0.270 second(s) 3.01Kbyte(s)/sec. ftp>bye 220 This FTP server is an unregistered 45 day try-out version of Serv-U
huawei_1.MA5300(config)#dir { <cr>|/all<K>|flash: }: Directory of flash:/ 0 * 1 * 2 3 -rw-rw-rw-rw5324224 11966048 4290 815 Nov 08 2004 11:00:54 Nov 08 2004 11:25:37 Nov 16 2004 16:07:51 Nov 16 2004 16:13:07 ma53esmar005b02d061.bin ma53io.bin vrpcfg.txt serv-u.ini
29780992 bytes total (12471296 bytes free)
12.4.7 Viewing Cluster Information

After the above configuration completes, you can run the command show to view operation of the newly added cluster or check whether the configuration is correct. This example shows how to view the cluster status and statistics.
huawei_0.MA5300(config)#show cluster Command device for cluster "huawei". Total members:2 Member state: 0 members are unreachable
Heartbeat interval:8 Heartbeat hold-time:80 IP-Pool:10.11.116.8/24 No logging host configured. No SNMP host configured. No FTP server configured. No TFTP server configured.
This example shows how to view the member device information.

huawei_0.MA5300(config)#show cluster members SN 0 1 Device SmartAX MA5300 Quidway S2016 MAC Address 00e0.fc11.19c2 00e0.fc00.0020 Status Name Cmdr Up huawei_0.MA5300 huawei_1.Quidway
This example shows how to view the candidate device information.

huawei_0.huawei# show cluster candidates Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater MAC 00e0.fc23.0010 00e0.fc00.0110 HOP 1 2 PLATFORM SmartAX MA5300 SmartAX MA5300 IP 10.11.110.1/24 CAPABILITY TS TS
12.5 Cluster Management Configuration Example

I. Configuration procedure
1) Set the member devices (Take one member device as an example).
! Enable HDP and HTP on the device and on a port. ! Enable the cluster function. 2) Set the command device.
! Enable HDP and HTP on the device and on a port. ! Enable the cluster function.
! Set the IP address pool within the cluster. ! Set up the cluster (by specifying the command device). ! Start the topology information collection process (optional). ! Add/delete cluster members (manual or auto). ! Configure the FTP server, TFTP server, log host and SNMP host within the cluster.
SNMP host /logging host 63.172.55.4 FTP server/ TFTP server 63.172.55.1 Network
Cluster
Command device
Member device
Member device
Figure 12-3 Networking diagram of cluster management Assume that three MA5300s form a cluster and the command device manages two member devices. The command device is connected to the two member devices through ports Ethernet 7/1/1 and Ethernet 7/1/2. It is connected to the external network through port Ethernet 7/1/0, which belongs to VLAN 2. The IP address of VLAN 2 is 163.172.55.1. The IP address pool used by cluster members: 172.16.0.1, 255.255.255.248 For the FTP/TFTP server The same FTP server and TFTP server are used within the entire cluster. The IP address of the FTP/TFTP server: 63.172.55.1 The IP address of NM server and log host: 69.172.55.4
III. Configuration procedure

1) Set the member devices. (Take one member device as an example.)
! Enable HDP on the device and HDP on port Ethernet 7/1/1.

MA5300(config)#hdp run MA5300(config)#interface ethernet7/1/1 MA5300(config-if-Ethernet7/1/1)#hdp enable
! Enable HTP on the device and HTP on port Ethernet 7/1/1.

MA5300(config)#htp run MA5300(config)#interface ethernet7/1/1 MA5300(config-if-Ethernet7/1/1)# htp enable
! Enable the cluster function.

MA5300(config)#cluster run
2)
Set the command device.
! Enable HDP on the device and HDP on ports Ethernet 7/1/1 and Ethernet 7/1/2.
MA5300(config)#hdp run MA5300(config)#interface ethernet7/1/1 MA5300(config-if-Ethernet7/1/1)#hdp enable MA5300(config-if-Ethernet7/1/1)#exit MA5300(config)#interface ethernet7/1/2 MA5300(config-if-Ethernet7/1/2)#hdp enable
! Enable HTP on the device and HTP on ports Ethernet 7/1/1 and Ethernet 7/1/2.
MA5300(config)#htp run MA5300(config)#interface ethernet7/1/1 MA5300(config-if-Ethernet7/1/1)# htp enable MA5300(config-if-Ethernet7/1/1)#exit MA5300(config)#interface ethernet7/1/2 MA5300(config-if-Ethernet7/1/2)# htp enable
! Enable the cluster function.

MA5300(config)#cluster run
! Set the IP address pool within the cluster, with the start address 172.16.0.1. There are eight addresses in total.
MA5300(config)#cluster ip-pool 172.16.0.1 255.255.255.248
! Set the cluster name and set up the cluster.

MA5300(config)#cluster enable huawei huawei_0.MA5300(config)#
! Start the topology information collection process.

huawei_0.MA5300(config)#htp start
! Add a cluster member manually.

huawei_0.MA5300(config)# cluster member 1 mac-address 00e0-fc01-0011 huawei_0.MA5300(config)# cluster member 2 mac-address 00e0-fc01-0012
! Configure the FTP server, TFTP server, log host and SNMP host within the cluster.
huawei_0.MA5300(config)#cluster ftp server 63.172.55.1 huawei_0.MA5300(config)#cluster tftp server 63.172.55.1 huawei_0.MA5300(config)#cluster snmp host 69.172.55.4 huawei_0.MA5300(config)#cluster logging host 69.172.55.4
IV. Verification
With the above steps, member devices are added successfully.
Chapter 13 AAA and RADIUS Configuration

13.1 Overview
13.1.1 Introduction to AAA
I. What is AAA
Authentication, Authorization and Accounting (AAA) provide a uniform framework used for configuring these three security functions to implement the network security management. The network security mentioned here refers to access control and includes: Which user can access the network server? Which service can the authorized user enjoy? How to charge the user who is using network resource? Accordingly, AAA shall provide the following services: Authentication It indicates to authenticate if the user has the right to access the network sever. Authorization It indicates to authorize the user with specified services. Accounting It indicates to trace the network resources consumed by the user.
II. Advantages of AAA

In general, AAA framework uses the Client/Server architecture, in which the clients run as managed sources and the servers centralize and store user information. AAA framework has these advantages: Excellent scalability Support of standard authentication schemes Easy control and centralized management of user information Multiple-level backup system to enhance the security of the whole framework
13.1.2 Introduction to RADIUS

As mentioned above, AAA is a management framework, so it can be realized by some protocols. Among these protocols, RADIUS is a widely used one.
Remote Authentication Dial-In User Service (RADIUS), is a kind of distributed information switching protocol in Client/Server architecture. It is often used for managing a large number of scattered dial-in users. RADIUS server performs AAA through a simple user database, and adjusts the information on a users services in light of the users service type and authority. A Network Access Server (NAS) serves as a client of RADIUS. Through the NAS, a user can send its AAA request to a designated RADIUS server. To access other networks or gain the authority for using some network resources, a user needs to connect to a NAS through one certain network. In this case, the NAS will forward the users AAA information to the RADIUS server. The RADIUS protocol regulates how to transmit the user information and accounting information between the NAS and the RADIUS server. The RADIUS server is responsible for the following: Receiving user connection requests Authenticating users Returning all configuration information necessary for the client to the NAS The authentication information is transmitted between the NAS and RADIUS using the cipher keys. A user's password can be transmitted on the network only when it is encrypted. This is to prevent the information from being intercepted or stolen. The RADIUS configuration only defines some parameters between the NAS and the RADIUS server. To validate those parameters, a RADIUS solution needs to be configured in domain configuration mode. Besides, the RADIUS authentication and accounting are specified.
13.1.3 Implementing AAA on the MA5300

In an AAA framework, the MA5300, serving as the user access device or NAS, is the client of the RADIUS server. Figure 13-1 shows the networking for the MA5300 to implement AAA.
PC1 PC2 PC3 PC4
MA5300 ISP1 L2
Authentication server Accounting server
Internet ISP2 L2 MA5300 Authentication server Accounting server
Figure 13-1 Networking for the MA5300 to implement AAA
13.2 Configuring AAA

The configuration of AAA involves: Setting an Authentication/Authorization Scheme Setting an Accounting Scheme Creating/Deleting an ISP Domain Configuring a User Table 13-1 lists the commands for configuring AAA. Table 13-1 Commands for configuring AAA To Set the authentication/authorization scheme Set the accounting scheme Create/Delete an ISP domain Set the authentication/authorization scheme used by the ISP domain Set the accounting scheme used by the ISP domain Set the RADIUS server group used by the ISP domain Use (no) aaa authentication In Global configuration mode Global configuration mode Global configuration mode ISP domain configuration mode ISP domain configuration mode ISP domain configuration mode
(no) aaa authentication (no) domain
authen-scheme
acct-scheme radius-scheme
To Set the ISP domain state Set the number of access users allowed in the ISP domain Set the idle-cut attribute Set the attributes Specify domain user the template ISP
Use state active/block
In ISP domain configuration mode ISP domain configuration mode ISP domain configuration mode ISP domain configuration mode Global configuration mode Global configuration mode Global configuration mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode / display All modes except the user EXEC mode All modes except the user EXEC mode
access-limit
idle-cut data user-template global setting domain-default (no) user set user AAA
default
Add/Delete a local user Modify a local user View the information View the information relevant
show aaa
AAA
statistic
show aaa statistic
View the relevant information on the authentication/authorization scheme table View the relevant information on the accounting scheme table View the information connection
show aaa accounting
show aaa authentication
show connect
View the relevant information on the ISP domain View the relevant information on a local user
show domain domain
show user
13.2.1 Setting an Authentication/Authorization Scheme

An authentication/authorization scheme defines policies used by the system to authenticate/authorize the access user who requests to log in to the MA5300. You can use any or a combination of the following three methods. radius Indicates to use RADIUS server to perform authentication/authorization. local Indicates perform local authentication/authorization through access the MA5300. simple Indicates that the user can obtain services without any authentication/authorization. The system has a default authentication/authorization scheme named default. Its first authentication/authorization method is radius, and its second authentication/authorization method is local. In global configuration mode, you can run the command aaa authentication to set an authentication/authorization scheme. To delete such a scheme, you can run the command no aaa authentication. This example shows how to add an authentication/authorization scheme named auth. Its first authentication/authorization method is radius, and its second authentication/authorization method is local.
MA5300(config)#aaa authentication auth radius next local
After one authentication/authorization scheme is added, the scheme is effective only when it is explicitly used in a certain user field (specifying a user category). When the system quotes the radius authentication/authorization scheme, you need to configure the RADIUS server. For details, refer to 13.3 Configuring RADIUS. The remote RADIUS server shall have been configured with relevant user information. When the system quotes the local authentication/authorization scheme, you need to add local users to the system and set the attributes of the users. When the system quotes the simple authentication/authorization scheme, once there exists a local user using that scheme, that user only needs to input its user name to enjoy the network service.
Note: The second authentication/authorization method is a policy used for a second authentication/authorization when there is no result from the first authentication/authorization, (for example, when the remote RADIUS server has generated no response). The second-time authentication/authorization method is optional. It is not configured by default. If the first-time authentication/authorization gives a clear result, such as a rejection response from the RADIUS server), there is no need to perform the second authentication/authorization. The local and simple authentication/authorization methods are similar. They cannot be used as the first and second authentication/authorization methods at the same time.
13.2.2 Setting an Accounting Scheme

The accounting can be performed only through the RADIUS protocol. You can select a RADIUS server group configured in RADIUS mode to perform accounting or not. By default, the system has an accounting scheme named default, which keeps accounting on the users and disconnects them with the network if the accounting fails. To set an accounting scheme, you can run the command aaa accounting. To delete such a scheme, you can run the command no aaa authentication. This example shows how to add an accounting scheme named charge, which keeps accounting on the users and disconnects them with the network if the accounting fails.
MA5300(config)#aaa accounting charge enable offline
Where, enable indicates to enable accounting on the user. offline indicates to disconnect the user when the accounting fails.
13.2.3 Creating/Deleting an ISP Domain

An Internet Service Provider (ISP) domain is a group of users belonging to the same ISP. In general, for a username in the format of userid@isp-name, such as huawei20010608@huawei163.net, the isp-name (such as, 163.net) following the @ is the ISP domain name. When the MA5300 controls user access, as for an ISP user whose username is in userid@isp-name format, the MA5300 will take the userid part as the username for identification and take isp-name part as the domain name.
Since users from different ISPs may have different attributes (like the composition of user name and password, service type/authority and accounting modes), the MA5300 supports multiple ISP domains application. For example, an MA5300 may be used to connect users from both an ISP 163 and users from another ISP 169 at the same time. In ISP domain configuration mode of the MA5300, you can configure a complete set of exclusive ISP domain attributes for each ISP domain, including the AAA policy (authentication/authorization method, accounting method, and the RADIUS server group used). For the MA5300, each access user belongs to one ISP domain. If a user does not report its ISP domain name, the system will put it into the default domain.
I. Creating/Deleting an ISP domain

To create an ISP domain and enter its configuration mode, you can run the command domain. To delete an ISP domain, you can run the command no domain. By default, there is no ISP domain in the system.
MA5300(config)#domain huawei163.net
II. Setting the authentication/authorization scheme used by the ISP domain

To quote an authentication/authorization scheme in the ISP domain, you need to configure it first. You can run the command authen-scheme to specify the
authentication/authorization scheme to be used. Then this scheme will be applied to all users under this ISP domain. This example shows how to specify the authentication/authorization scheme named auth to be used by the domain huawei163.net.
MA5300(config-isp-huawei163.net)#authen-scheme auth
III. Setting the accounting scheme used by the ISP domain

To quote an accounting scheme in the ISP domain, you need to configure it first. You can run the command acct-scheme to set the accounting scheme used by the ISP domain. Then this scheme will be applied to all users under this ISP. This example shows how to specify the accounting scheme named charge to be used by the domain huawei163.net.
MA5300(config-isp-huawei163.net)#acct-scheme charge
IV. Specifying the RADIUS server group used by the ISP domain
To quote an accounting scheme in the ISP domain, you need to configure it first. For details on the RADIUS server group configuration, refer to 13.3 Configuring RADIUS. If the RADIUS authentication or accounting is required, you can run the command radius-scheme to specify the RADIUS server group used by the ISP domain. By default, the default RADIUS server group is used. This example shows how to specify the server group radius1 to be used by the domain huawei163.net for authentication and accounting.
MA5300(config-isp-huawei163.net)# radius-scheme radius1
V. Setting the ISP domain state

An ISP is in block state when it is created. That is, no user in the domain is allowed to request for network service. If an ISP domain is in active state, its users can request for network service. Whereas in block state, its users cannot request for any network service; yet this will not affect the online users. To activate the ISP domain, you can run the command state active. To block the ISP domain, you can run the command state block.
VI. Setting the number of access users allowed in the ISP domain
By default, there is no limit on the number of access users for any ISP domain. However, since the MA5300 supports up to 1024 access users at the same time, there is a limit on the number of access users in an ISP domain. To set the maximum number of users allowed in the ISP, you can run the command access-limit.
MA5300(config-isp-huawei163.net)#access-limit enable 30
VII. Setting the idle-cut attribute

Idle-cut attribute is also called aging attribute. In a certain continuous period, if the traffic (including some handshaking packets) between a user in the ISP domain and the network is less than the predefined volume, the system will regard the connection as idle. It will then drop this connection. Whether to enable this function is based on the configuration on the user side and on the RADIUS side.
By default, the maximum idle time is 30 minutes and the minimum traffic is 3000 bytes. To set the idle-cut period and the traffic limit, you can run the command idle-cut.
MA5300(config-isp-huawei163.net)#idle-cut data 20 2000
VIII. Setting the user template attributes

A user template refers to a set of default user attributes. If a user requesting for the network service does not have a required attribute, the corresponding attribute in the template will be adopted as the default one. At present, the user template only provides the user idle-cut attribute. After a user is authenticated, if neither the user nor the RADIUS server has specified whether to enable or disable the idle-cut, the idle-cut setting of the user will be set the same as that in the template. Because a user template only works in one ISP domain, you need to configure different user template attributes for users from different ISP domains. To set the idle-cut switch in the template, you can run the command user-template. By default, idle-cut is disabled.
MA5300(config-isp-huawei163.net)#user-template idle-cut enable
IX. Specifying the default ISP domain

In general, a user reports its username and ISP domain name in the userid@isp-name format. If a user does not report its ISP domain name while logging in, the system will assign the user to the default ISP domain. To specify an existing ISP domain as the default one, you can run the command global setting domain-default. By default, the system does not have a default ISP domain.
MA5300(config)#global setting domain-default enable huawei163.net yes
Where, enable indicates to set the default ISP domain. yes indicates that, for a user not reporting its ISP domain name, the system will put it to the default domain and add that name to the user name. Note: If the system is not configured with a default ISP domain, the access users who have not reported the domain name are not allowed to obtain any network service.
13.2.4 Configuring a User

I. Adding/Deleting a local user
Local users are a group of users set on the MA5300. The username is the unique identifier of a user in the group. Before a user requesting network service is authenticated locally, the user shall be added to, and the attributes of the user shall be set on the MA5300. To add/delete a local user and set relevant attributes, you can run the command (no) user. By default, there is no local user in the system. This example shows how to add a local user localuser@huawei163.net with its password of localpass and user type of 8021x.
MA5300(config)#user service-type 8021x localuser@huawei163.net password 0 localpass
II. Modifying a local user

The attributes of a local 802.1x user include access-limit, idle-cut, password and state. In global configuration mode, you can run the command set user to set these attributes. access-limit Several users can use one local user account to enjoy network service at the same time. The number of access users is determined by the access limit attribute. To set the access limit, you can run the command set user username service-type 8021x access-limit. idle-cut This enables/disables the idle-cut function for local users. The specific data of idle-cut is determined by user configuration in ISP domain. To set the idle-cut, you can run the command set user username service-type 8021x idle-cut. password It is the password used during the local authentication. To modify the password, you can run the command set user username password. state
A local user can be in active or block state. If the user is in block state, the user is not allowed to request for any network service. To modify the state, you can run the command set user username state.
III. Disconnecting a user forcefully

By default, the system does not disconnect online users by force. To disconnect a user by force, you can run the command cut connect.
13.2.5 Viewing AAA Information

Table 13-2 lists the commands for viewing AAA information. Table 13-2 Commands for viewing AAA information To View AAA information relevant show aaa Use In All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
View AAA statistic information View the authentication/authorization scheme table View the account scheme table
show aaa statistics
show aaa accounting
show aaa authentication
View connection information
show connect
View relevant information on the ISP domain View relevant information on a local user
show domain:
show user
13.3 Configuring RADIUS

For the MA5300, the RADIUS is configured on each RADIUS server group. In real networking environment, a RADIUS server group can be an RADIUS server or a pair
of primary/secondary RADIUS servers with the same configuration but two different IP addresses. So, the attributes of each RADIUS server group include IP addresses of the primary and secondary servers, shared key and RADIUS server type. In fact, RADIUS configuration only defines some necessary parameters using for information switching between the NAS and RADIUS Server. To validate these parameters, you need to configure, in the configuration mode, an ISP domain to use the RADIUS server group and specify it to use RADIUS AAA schemes. For more about the configuration commands, refer to 13.2 Configuring AAA. The configuration of RADIUS involves: Creating/Deleting a RADIUS Server Group Setting the IP Address and Port Number of RADIUS Server Setting the Encryption Key of RADIUS Packet Setting the Response Timeout Timer of RADIUS Server Setting the Retransmit Times of RADIUS Request Packet Setting the Realtime Accounting Interval Setting the Maximum Failure Count of Realtime Accounting Request Setting the Maximum Times for Resending Account-Stop Request Setting the RADIUS Server Type Setting the RADIUS Server State Setting the Format of Username Sent to RADIUS Server Viewing RADIUS Information Table 13-3 lists the commands for configuring RADIUS. Table 13-3 Commands for configuring RADIUS To Create/Delete server group a RADIUS Use (no) radius-server host In Global configuration mode RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode
Set the IP address and port number of RADIUS server Set the IP address and port number of primary/secondary accounting servers Set the encryption key of authentication/authorization packets Set the encryption key of accounting packets
primary auth/second auth
primary acct/second acct
key auth
key acct
To Set the response timeout timer of RADIUS server Set the retransmit times of RADIUS request packets Set the realtime accounting interval Set the maximum failure count of realtime accounting request Set the retransmit times of account-stop request packet timeout
Use
In RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode RADIUS server group configuration mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode Privileged mode
retransmit
realtime-acct-timeout
permit-failed-count
resend-acctstop-pkt
Set the RADIUS server type
server-type
Set the RADIUS server state
state
Set the format of username sent to RADIUS server
username-format
View the RADIUS information
info
View the statistic information on RADIUS packets View the relevant parameters and states of RADIUS server groups View the stop accounting request packets that have not received response Clear the statistic information on RADIUS packet Delete the account-stop request packets that have not received response
show radius-sum
show radius-setting
show noresponse-acctstop-pkt clear radius-sum delete noresponse-acctstop-pkt
Privileged mode
13.3.1 Creating/Deleting a RADIUS Server Group

Before configuring RADIUS, you need to create a RADIUS server group and enter its configuration mode first. One RADIUS server group can be used by several ISP domains at the same time. The system has a RADIUS server group named default, whose attributes are all default values. To create a RADIUS server group and enter its configuration mode, you can run the command radius-server host. To delete a RADIUS server group, you can run the command no radius-server host. This example shows how to create RADIUS server group radius1.
MA5300(config)#radius-server host radius1 MA5300 (config-radius-radius1)#
13.3.2 Setting the IP Address and Port Number of RADIUS Server

After creating a RADIUS server group, you need to set IP addresses and UDP port numbers for the authentication/authorization servers and accounting servers. Each type of the said servers can consist of the roles of primary and secondary servers. So you can configure up to four groups of IP addresses and UDP port numbers. At least you have to set one group of IP address and UDP port number for each pair of primary/secondary servers to ensure the normal AAA operation. By default, the IP addresses of primary/secondary authentication, authorization and accounting (AAA for short) servers are all 0.0.0.0, and their authentication/authorization port is 1812 and accounting service UDP port is 1813.
MA5300(config-radius-radius1)# primary auth 10.11.1.1 MA5300(config-radius-radius1)# primary acct 10.11.1.2 MA5300 (config-radius-radius1)# second auth 10.11.1.2 MA5300 (config-radius-radius1)# second acct 10.11.1.1
Table 13-4 Parameter description Parameter primary auth Description Used to set the IP address and port number of the primary RADIUS authentication/authorization server. Used to set the IP address and port number of the primary RADIUS accounting server.
primary acct
Parameter second auth
Description Used to set the IP address and port number of the secondary RADIUS authentication/authorization server. Used to set the IP address and port number of the secondary RADIUS accounting server.
second acct
In a real application, you need to set the above parameters based on the actual requirements. For example, you may Specify four groups of different data to map four RADIUS servers. Specify two servers as the primary and secondary authentication/authorization/account servers to each other. You can specify "A" as the primary authentication/authorization server and the secondary accounting server, while specifying "B" as the secondary authentication/authorization server and the primary accounting server. Set four groups of same data so that each server functions as both the primary and secondary server. To guarantee the normal interaction between the MA5300 and RADIUS server, you need to ensure the normal routes between the RADIUS server and the MA5300 before setting the IP address and UDP port of the RADIUS server. In addition, because RADIUS protocol uses different UDP ports to receive or transmit authentication/authorization and accounting packets, you need to set the number of an authentication/authorization port different from that of an accounting port. Suggested by RFC2138/2139, the authentication/authorization port number is 1812 and the accounting port number is 1813. However, you may use values other than the suggested ones. (Especially for some earlier RADIUS Servers, the authentication/authorization port number is often set to 1645 and the accounting port number is 1646.) Make sure that settings of the RADIUS service port on the MA5300 are consistent with those on RADIUS server.
13.3.3 Setting the Encryption Key of RADIUS Packet

The RADIUS client (or the MA5300) and the RADIUS server use the MD5 algorithm to encrypt the exchanged packets. The two ends verify the packet through setting the encryption key. Only when the keys are identical can both ends accept the packets from each other end and give response.
By default, the keys are all huawei. To set the RADIUS authentication/authorization packet key, you can run the command key auth. To set the RADIUS accounting packet key, you can run the command key acct.
MA5300(config-radius-radius1)# key auth money MA5300(config-radius-radius1)# key acct money
13.3.4 Setting the Response Timeout Timer of RADIUS Server

After RADIUS (authentication/authorization or accounting) request packet has been transmitted for a period of time, if the MA5300 has not received the response from the RADIUS server, it has to retransmit the request to ensure RADIUS service for the user. By default, timeout timer of RADIUS server is 3 seconds. To set the timeout timer of RADIUS server, you can run the command timeout.
MA5300(config-radius-radius1)#timeout 3
13.3.5 Setting the Retransmit Times of RADIUS Request Packet

If the MA5300 transmits the packet for more than the given retransmit times (retry-time), but receive no response from the RADIUS server, the MA5300 will regard the communication with the current RADIUS server has been disconnected. The MA5300 will then transmit the request packet to other RADIUS servers. The default setting is 3 times. To set the retransmit times of RADIUS request packet, you can run the command retransmit.
MA5300(config-radius-radius1)#retransmit 3
13.3.6 Setting the Realtime Accounting Interval

To enable real time accounting on the user, you need to set the realtime accounting interval. After the setting, the MA5300 will transmit the accounting information on online users to the RADIUS server regularly. The configured realtime accounting interval will not be effective to authenticated on-line users at once. When the user logs in and connects again and there is no such specified attribute in messages returned from the RADIUS server, the system will then update the value. By default, this value is set to 12 minutes. The realtime accounting interval is related to the performance of the NAS and RADIUS server. The smaller the value is, the higher the performances of the NAS and
RADIUS are required. When there are a large number of users (equal to or more than 1000), we suggest a larger value. Table 13-5 lists the recommended ratios of the realtime accounting interval to the number of users. Table 13-5 Recommended ratio of realtime accounting interval to number of users Number of users 1 to 99 100 to 499 500 to 999 1000 Realtime accounting interval (minute) 3 6 12 15
To
set
the
realtime
accounting
interval,
you
can
run
the
command
realtime-acct-timeout.
MA5300(config-radius-radius1)#realtime-acct-timeout 12
13.3.7 Setting the Maximum Failure Count of Realtime Accounting Request

The RADIUS server usually checks whether a user is online by way of timeout timer. If the RADIUS server has not received the realtime accounting packet from the MA5300 for a certain period of time, it will regard that there is line or device failure and stop accounting. Accordingly, it is necessary to disconnect the user at the MA5300 end and on the RADIUS server synchronously when some unpredictable failure exists. In the MA5300, you can set the maximum failure count of in receiving response to the realtime accounting request. Then, the MA5300 will disconnect the user if it has not received realtime accounting response from the RADIUS server for the specified times. Suppose that the RADIUS server connection will timeout in T and the realtime accounting interval of the MA5300 is t, then the integer part of the result from dividing T by t is the value of count. Therefore, when applied, T is suggested the numbers which can be divided exactly by it. By default, it is allowed that the realtime accounting request fails to be responded for no more than 5 times. To set the maximum failure count of realtime accounting request, you can run the command permit-failed-count.
MA5300(config-radius-radius1)#permit-failed-count 5
13.3.8 Setting the Maximum Times for Resending Account-Stop Request

Account-stop request is of vital importance to user and ISP, since it involves bill settlement and affects the amount of charging. So the MA5300 shall try its best to send the message to the RADIUS accounting server. Accordingly, if the RADIUS accounting server does not respond to the request from the MA5300, the MA5300 will save the request in its local buffer and retransmit it to obtain the response from the RADIUS server. But it will discard the request after the resending times exceed the specified value. You can run the command resend-acctstop-pkt to set whether to allow a buffer for the account-stop request; and if buffer is allowed, the maximum times for resending the account-stop request. By default, the account-stop request is saved in the buffer and the request can be retransmitted up to 500 times. This example shows how to set the times of account-stop request to be 10.
MA5300(config-radius-radius1)#resend-acctstop-pkt enable 10
13.3.9 Setting the RADIUS Server Type

The MA5300 supports both the standard RADIUS protocol and the extended RADIUS service platforms independently developed by Huawei, such as IP Hotel, 201+ and Portal. To specify the RADIUS server type, you can run the command server-type. At present, valid RADIUS server types are huawei and standard. The default type is standard.
13.3.10 Setting the RADIUS Server State

For the primary and secondary servers (regardless whether it is an
authentication/authorization server or an accounting server), if the primary is disconnected from the MA5300 due to a fault, the MA5300 will automatically turn to exchange packets with the secondary server. However, after the primary one recovers, the MA5300 will not resume the communication with it at once. Instead, it continues communicating with the secondary one. The MA5300 will turn to the primary one again only when the secondary one also fails. You can run the command state to set the primary server state to up. In such a case, the communication between the NAS and the primary server can recover right after a fault is removed.
By default, the state of each server in a RADIUS server group is down. After configuring the IP address of each server, its state will become up. When the primary and secondary servers are both up or down at the same time, the MA5300 will send the packets to the primary server only.
13.3.11 Setting the Format of Username Sent to RADIUS Server

Since the access users are generally named in userid@isp-name format. The part following @ is the ISP domain name. The MA5300 will assign users into different ISP domains based on their domain names. However, some earlier RADIUS servers reject the username including ISP domain name. In this case, you have to remove the domain name before sending the username to the RADIUS server. To specify whether the username to be sent to the RADIUS server carries the ISP domain name, you can run the command username-format. By default, the username sent to it the RADIUS server group carries the ISP domain name.
MA5300(config-radius-radius1)#username-format with-domain
Note: If it is specified that a RADIUS server group does not allow usernames carrying ISP domain names, the RADIUS server group shall not be at the same time used in more than one domain. Otherwise, the RADIUS server will mistake the two users in different domains as the same user since they have the same username.
13.4 Viewing RADIUS Information

After the above configuration completes, you can run the command show to view the operations of the configured RADIUS and check whether the configuration is correct. info Displays information on the current RADIUS server (RADIUS server mode). show radius-sum Displays statistics about RADIUS packet. clear radius-sum Clears statistics about RADIUS packet.
show radius-setting Displays related parameters and state of a RADIUS server group. show noresponse-acctstop-pkt Displays the stop accounting request packets that have not received response. delete noresponse-acctstop-pkt Deletes the stop accounting request packets that have not received response.
13.5 AAA and RADIUS Configuration Example

Since AAA/RADIUS commands are generally used together with 802.1x commands, refer to the configuration examples in the chapter 14.3 Example. 802.1x Configuration
13.6 Fault Diagnosis and Troubleshooting

RADIUS protocol of TCP/IP protocol suite is located on the application layer. It mainly specifies how to exchange user information between the MA5300 and RADIUS server of ISP. So it is most likely to be invalid.
I. Fault 1: User authentication/authorization always fails.

Troubleshooting: 1) ISP domain of the MA5300 may be configured improperly, which will make authentication/authorization method not found. To avoid this, check ISP domain configuration carefully including the adopted authentication/authorization scheme and accounting scheme and RADIUS server group. 2) The username may not be in the userid@isp-name format or the MA5300 has not been configured with a default ISP domain. To avoid this, use the usernames in proper format or configure the default ISP domain on MA5300. 3) The user may have not been configured in the RADIUS server database. To avoid this, check the database and make sure that the configuration information on the user does exist in the database. 4) The user may have input a wrong password. To avoid this, make sure that the access user inputs the correct password. 5) The encryption keys of the RADIUS server and MA5300 may be different. To avoid this, check carefully and make sure that they are identical.
6)
There might be some communication fault between the MA5300 and RADIUS server, which can be discovered through running ping RADIUS command server on MA5300. To avoid this, make sure that the communication between the MA5300 and RADIUS is normal.
II. Fault 2: RADIUS packet cannot be sent to the RADIUS server.

Troubleshooting: 1) The lines (on physical layer or link layer) connecting the MA5300 and RADIUS server may not work well. To avoid this, make sure the lines work well. 2) The IP address of the corresponding RADIUS server may not have been set on MA5300. To avoid this, set a proper IP address for the RADIUS server. 3) UDP ports of authentication/authorization/account services may not be set properly. To avoid this, make sure they are consistent with the ports provided by the RADIUS server.
III. Fault 3: User cannot send charging bill to the RADIUS server after being authenticated and authorized.
Troubleshooting: 1) If the ISP domain including the user has not adopted the accounting scheme and the system is configured not to keep accounting by default, the users bill will not be sent to the RADIUS server. In this case, make sure that the ISP domain including the user explicitly adopts RADIUS server for accounting. 2) The accounting port number may be set improperly. To avoid this, set a proper number. 3) The accounting service and authentication/authorization service are provided on different servers, but the NAS requires the services to be provided on one server (by specifying the same IP address). To avoid this, make sure the settings of servers are based on the actual conditions. 4) Local accounting and disabling RADIUS accounting may have been configured in the AAA accounting scheme.
So if accounting by RADIUS server is adopted, you need to enable RADIUS accounting in AAA accounting scheme explicitly.
Chapter 14 802.1x Configuration

14.1 Overview
14.1.1 Introduction to 802.1x
IEEE 802.1x (802.1x) is a port based network access control protocol. IEEE issued it in 2001 and suggested the related manufacturers should use the protocol as the standard protocol for LAN user access authentication. The 802.1x originated from the IEEE 802.11 standard, which is the standard for wireless LAN user access. The initial purpose of 802.1x was to implement the wireless LAN user access authentication. Since its principle is commonly applicable to all the LANs complying with the IEEE 802 standards, the protocol finds wide application in wired LANs. In the LANs complying with the IEEE 802 standards, the user can access the devices and share the resources in the LAN through connecting the LAN access control device like the MA5300. However, in telecom access, commercial LAN (a typical example is the LAN in the office building) or mobile office, the LAN providers generally hope to control the users access. In these cases, the requirement on the above-mentioned Port Based Network Access Control originates. As the name implies, Port Based Network Access Control means to authenticate and control all the accessed devices on the port of LAN access control device. If the users device connected to the port can pass the authentication, the user can access the resources in the LAN. Otherwise, the user cannot access the resources in the LAN. In other words, the user is physically disconnected. 802.1x defines port based network access control protocol and only defines the point-to-point connection between the access device and the access port. The port can be either physical or logical. The typical application environment is as follows: Each physical port of the LAN Switch only connects to one user workstation (based on the physical port) and the wireless LAN access environment defined by the IEEE 802.11 standard (based on the logical port).
14.1.2 802.1x System Architecture

The system using 802.1x is of the typical C/S (Client/Server) system architecture. It contains three entities, which are illustrated in the following figure: Supplicant System, Authenticator System and Authentication Sever System.
The LAN access control device needs to provide the Authenticator System of 802.1x. The devices at the user side such as the computers need to be installed with the 802.1x client Supplicant software, for example, the 802.1x client provided by Huawei. (or by Microsoft Windows XP). The 802.1x Authentication Sever system normally stays in the carriers AAA center. Authenticator and Authentication Sever exchange information through EAP frames. The Supplicant and the Authenticator exchange information through the EAPoL frame defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which is to be encapsulated in the packets of other AAA upper layer protocols (namely RADIUS) so as to go through the complicated network to reach the Authentication Server. Such procedure is called EAP Relay. (EAP and EAPoL are short for Extensible Authentication Protocol and Extensible Authentication Protocol over LANs respectively). There are two types of ports for the Authenticator. One is the Uncontrolled Port, and the other is the Controlled Port. The Uncontrolled Port is always in bi-directional connection state. The user can access and share the network resources any time through the ports. The Controlled Port will be in connecting state only after the user passes the authentication. Then the user is allowed to access the network resources. Figure 14-1 shows the 802.1x system architecture.
Supplicant System Supplicant
Authenticator System Services offered by Authenticators System

Port unauthorized Controlled Port
Authentication Server System Authenticatio n Server

EAP protocol exchanges carried in higher layer protocol
Authenticator PAE
Uncontrolled Port
EAPoL LAN
Figure 14-1 802.1x system architecture
14.1.3 802.1x Authentication Process

802.1x configures EAP frame to carry the authentication information. The Standard defines the following types of EAP frames: EAP-Packet Authentication information frame, used to carry the authentication information. EAPoL-Start Authentication originating frame, actively originated by the Supplicant. EAPoL-Logoff Logoff request frame, actively terminating the authenticated state. EAPoL-Key Key information frame, supporting to encrypt the EAP packets. EAPoL-Encapsulated-ASF-Alert Supports the Alerting message of Alert Standard Forum (ASF). Where, The EAPoL-Start, EAPoL-Logoff and EAPoL-Key only exist between the Supplicant and the Authenticator. The EAP-Packet information is re-encapsulated by the Authenticator System and then Sent to the Authentication Server System. The EAPoL-Encapsulated-ASF-Alert is related to the network management information and terminated by the Authenticator. Figure 14-2 shows the exchanging of the above frames.
MA5300 RADIUS &DHCP Server PC Access Blocked EAPoL

EAPoL_Start EAP_Request/Identity EAP_Response/Identity EAP_Request EAP_Response(cretentials) EAP_Success RADIUS_Access_Request RADIUS_Access_Challenge RADIUS_Access_Request RADIUS_Access_Accept
RADIUS
Access Allowed
Figure 14-2 802.1x authentication process From the above introduction, we can see that 802.1x provides a solution to authentication based on user ID. However, 802.1x itself is not enough to implement the plan. The administrator of the access device should configure the AAA scheme by selecting RADIUS or local authentication so as to assist 802.1x to implement the authentication based on user ID. For detailed description of AAA, refer to 13.2 Configuring AAA.
14.1.4 Implementing 802.1x on MA5300

The MA5300 supports the port access authentication scheme regulated by 802.1x. In addition, it also extends and optimizes the scheme by: Connecting several End Stations in the downstream through a physical port. Supporting either port-based or MAC-based access control (or the user authentication scheme).
14.2 Configuring 802.1x

The configuration of 802.1x involves: Enabling/Disabling 802.1x Setting the Port Access Control Mode Setting the Port Access Control Method Setting the Number of Users Per Port
Enabling/Disabling the DHCP Trigger Authentication Setting the Authenticator-to-Supplicant Frame-Retry Times Configuring the Timer Parameters Viewing 802.1x Information Table 14-1 lists the commands for configuring 802.1x. Table 14-1 Commands for configuring 802.1x To Enable/Disable 802.1x Use (no) dot1x Global mode/Port mode Global mode/Port mode Global mode/Port mode Global mode/Port mode dot1x Global mode Global mode Global mode In configuration configuration configuration configuration configuration configuration configuration configuration configuration
Set the port access control mode Set the port access control method Set the maximum number of users per port Enable the DHCP trigger authentication Set the Authenticator-to-Supplicant frame-retransmit times Set the timer parameter View the 802.1x information
dot1x port-control
dot1x port-method
dot1x max-user (no) dhcp-launch dot1x max-req
configuration
dot1x timeout show dot1x
configuration
14.2.1 Enabling/Disabling 802.1x

In global or port configuration mode, you can run the command (no) dot1x to enable/disable 802.1x globally or on a specified port. By default, 802.1x is disabled both globally and on any port.
Note: You can configure 802.1x on a single port, but it will take effect only right after 802.1x is enabled globally. Do not enable 802.1x and RSTP at the same time. Otherwise the normal operation of MA5300 may not be guaranteed.
14.2.2 Setting the Port Access Control Mode

You can set the port access control mode to any of the following based on actual requirements: auto: Automatic identification mode. In this mode, the initial state of the port is unauthorized. The user is only allowed to receive or transmit EAPoL packets but not to access the network resources. If the user passes the authentication flow, the port will switch over to the authorized state and then the user is allowed to access the network resources. This is the most common case and the default setting. force-authorized: Forced authorized mode. In this mode, the port always stays in authorized state and the user is allowed to access the network resources without authentication/authorization (authentication/authorization for short). force-unauthorized: Forced unauthorized mode. In this mode, the port always stays in non-authorized mode and the user is not allowed to access the network resources. In global or port configuration mode, you can run the command dot1x port-control to set the 802.1x access control mode on a specified port; or run the command no dot1xport-control to restore the default setting.
14.2.3 Setting the Port Access Control Method

802.1x can implement authentication based on MAC or based on port. By default, macbase is adopted, namely, MAC-based authentication. To set the access control method on a specified port, you can run the command dot1x port-method To restore the default setting, you can run the command no dot1x port-method. This example shows how to enable MAC-based authentication on all ports.
MA5300(config)#dot1x port-method macbased
14.2.4 Setting the Number of Users Per Port

The MA5300 can access up to 1024 users. By default, each port is allowed to access up to 256 users. To set the number of access users allowed on a specified port, you can run the command dot1x max-user. To restore the default setting, you can run the command no dot1x max-user. This example shows how to set the number of access users allowed to 256 on all ports.
MA5300(config)#dot1x max-user 256
14.2.5 Enabling/Disabling the DHCP Trigger Authentication

To be compatible with some devices that cannot forward EAPoL messages, you can enable DHCP trigger authentication. Also, if Windows XP client is used, the DHCP trigger authentication must be enabled. By default, DHCP trigger authentication is disabled. You can run the command dot1x dhcp-launch to, in 802.1x, enable the MA5300 to trigger user ID authentication when the user runs DHCP and applies for dynamic IP addresses. The no form of this command is used to disable the DHCP trigger authentication.
14.2.6 Setting the Authenticator-to-Supplicant Frame-Retry Times

To set the frame-retry times from Authenticator to Supplicant, you can run the command dot1x max-req. By default, 3 retry times are allowed.
14.2.7 Configuring the Timer Parameters

In the operation, 802.1x will start many timers in order to control the interworking among Supplicant, Authenticator and Authenticator Server. To change some of the timer values to adjust the interworking process, you can run the command dot1x timeout. This can be necessary under special or worse network conditions. Generally, take the default values of the timers. To restore the default setting, you can run the command no dot1x timeout.
Default values of these timers are: quiet-period-value: 60s. tx-period-value: 30s. supp-timeout-value: 30s. server-timeout-value: 100s.
14.2.8 Viewing 802.1x Information

You can run the command show dot1x to view the relevant information on 802.1x, including configuration information, running state (conversation connection information) and relevant statistic information.
14.3 802.1x Configuration Example

The configuration procedure is as follows: 1) 2) 3) 4) 5) Create a common or Smart VLAN, and then add a port to the VLAN. Activate the port. Enable 802.1x globally and on the port, and set it as MAC-based authentication. Add authentication/accounting schemes. Add authentication/accounting servers, and set the IP addresses of primary/secondary servers, as well as the encryption key (for remote authentication). 6) 7) Add a domain, and then bind it with the authentication/accounting schemes. Activate the domain. Add 802.1x users.
14.3.1 802.1x Access (Local Authentication)

E V
E A FE71/0
D D A A
ESM
MA5300
RTU
RTU
PC1
PC2
Figure 14-3 802.1x access network (local authentication) 1) PC1 connects to port 0/0/0 on the EVDA board of the MA5300. PC2 connects to port 1/0/0 on the EADA board of the MA5300. PC1 and PC2 are installed with 802.1x client software. 2) 3) 4) 5) The IP address of the DHCP server is 10.1.3.1/24, and its gateway is 10.1.3.254. ADSL/VDSL ports are activated through the default profiles. The ADSL RTU works in 1483B mode, and its VPI/VCI is 0/35. Local authentication is adopted for 802.1x users, and no accounting is performed.
II. Data configuration

1) Add VLAN100 as a Smart VLAN, and add the upstream/downstream ports.
MA5300(config)#no smart MA5300(config)#vlan 100 MA5300(config-vlan100)#vlan-type smart MA5300(config-vlan100)#svlan-upport gigabitEthernet 7/1/0 MA5300(config-vlan100)#svlan-downport vdsl 0/0/0 MA5300(config-vlan100)#svlan-downport adsl 1/0/0 MA5300(config-vlan100)#exit
2)
Activate the VDSL/ADSL ports.
MA5300(config)#vdsl activate vdsl 0/0/0 1 MA5300(config)#adsl activate adsl 1/0/0 1
3)
Enable 802.1x globally (dot1x).


MA5300(config)#dot1x 802.1x is enabled globally
4)
Enable 802.1x for VDSL/ADSL ports.
MA5300(config)#dot1x interface vdsl 0/0/0 MA5300(config)#dot1x interface adsl 1/0/0
5) 6)
Set the MAC address control. Add an accounting scheme and an authentication scheme.
MA5300(config)#aaa accounting test disable New acct scheme. MA5300(config)#aaa authentication test local New authen scheme.
7)
Add a domain, and bind it with the authentication and accounting schemes.
MA5300(config)#domain huawei New Domain added. MA5300(config-isp-huawei)#acct-scheme test MA5300(config-isp-huawei)#authen-scheme test MA5300(config-isp-huawei)#state active MA5300(config-isp-huawei)#exit
8)
Add an 802.1x user.
MA5300(config)#user hw@huawei password 0 hw service-type 8021x
III. Viewing the relevant information

1) 2) View the configuration and running status of dot1x. View the configuration of the domain.
MA5300(config)#show dot1x interface vdsl 0/0/0
MA5300(config)#show domain huawei
IV. Verification
With the above steps, the dialup from PC1 and PC2 respectively succeeds. After dialup succeeds, both PC1 and PC2 can ping the Server.
14.3.2 802.1x Access (Remote Authentication)

E E V A D D A A GE7/1/0 M P U FE2/0/15 GE1/0/0 N E T
ESM
MA5300
LPU LPU
S8016
RTU
RTU
Server PC1 PC2
Figure 14-4 802.1x access network (remote authentication) 1) PC1 connects to port 0/0/0 on the EVDA board of the MA5300. PC2 connects to port 1/0/0 on the EADA board of the MA5300. PC1 and PC2 are installed with 802.1x client software. 2) 3) 4) 5) The IP address of the DHCP server is 10.1.3.1/24, and its gateway is 10.1.3.254. ADSL/VDSL ports are activated through the default profiles. The ADSL RTU works in 1483B mode, and its VPI/VCI is 0/35. The S8016 is configured with VLAN 100 and VLAN 200. VLAN 100 corresponds to the L3 interface of 10.1.1.254/24; VLAN 200 corresponds to the L3 interface of 10.1.3.254/24. The DHCP relay is enabled on the S8016.

1) Add VLAN100 as a Smart VLAN, and add the upstream/downstream ports.
MA5300(config)#no smart MA5300(config)#vlan 100 MA5300(config-vlan100)#vlan-type smart MA5300(config-vlan100)#svlan-upport gigabitEthernet 7/1/0 MA5300(config-vlan100)#svlan-downport vdsl 0/0/0 MA5300(config-vlan100)#svlan-downport adsl 1/0/0 MA5300(config-vlan100)#exit
2)
3)
Enable 802.1x globally (dot1x).
MA5300(config)#dot1x 802.1x is enabled globally
4)
Enable 802.1x for VDSL/ADSL ports.
MA5300(config)#dot1x interface vdsl 0/0/0 MA5300(config)#dot1x interface adsl 1/0/0
5) 6)
Set the MAC address control. Add an accounting scheme and an authentication scheme, and set the Radius server.
MA5300(config)#aaa accounting test enable offline New acct scheme. MA5300(config)#aaa authentication test radius next local MA5300(config)#radius-server host test MA5300(config-radius-test)#primary auth 10.10.1.1 MA5300(config-radius-test)#primary acct 10.10.1.2 MA5300(config-radius-test)#second auth 10.10.1.2 MA5300(config-radius-test)#second acct 10.10.1.1 MA5300(config-radius-test)#key auth huawei MA5300(config-radius-test)#key acct huawei MA5300(config-radius-test)#exit New authen scheme.
7)
Add a domain, and bind it with the authentication and accounting schemes.
MA5300(config)#domain huawei New Domain added. MA5300(config-isp-huawei)#acct-scheme test MA5300(config-isp-huawei)#authen-scheme test MA5300(config-isp-huawei)#radius-scheme test MA5300(config-isp-huawei)#state active MA5300(config-isp-huawei)#exit
8)
Add an 802.1x user
MA5300(config)#user hw@huawei password 0 hw service-type 8021x
III. Viewing the relevant information

1) 2) View the configuration and running status of dot1x. View the configuration of the domain.
MA5300(config)#show dot1x interface vdsl 0/0/0
MA5300(config)#show domain huawei
IV. Verification
With the above steps, the dialup from PC1 and PC2 respectively succeeds. After dialup succeeds, both PC1 and PC2 can ping the server.
Chapter 15 ACL Configuration

15.1 Introduction to ACL
15.1.1 Overview
To filter data packets, network equipment needs to configure a series of match rules to identify the objects to be filtered. Only when the specific objects have been identified can the data packets be allowed or prohibited to pass in light of preset policies. Access control list (ACL) is used to provide such functions. An ACL classifies data packets through various match rules, which can be source address, destination address, or port number of the data packets. When an ACL is applied to the MA5300 ports, the MA5300 can determine whether to forward or discard certain data packets in light of specified rules in the ACL. The match rules defined by an ACL can also be quoted in other cases concerning traffic classification, such as the definition of traffic classification rules in QoS.
15.1.2 Setting the Match Order

An ACL rule may comprise several sub-rules, the statements of which specify different ranges of packets. When matching a data packet with the ACL rule, you will meet with the issue of match order. There are two match orders for ACL sub-rules: config: Indicates to follow the user defined configuration order when formulating the match rule. auto Indicates to allow the system to sort automatically (in depth-first order) when formulating the match rule. The default setting is config. In this order, once a user specifies the match order of an ACL rule, he/she cannot modify it, unless he/she deletes all the contents of the rule and specifies the match order again. The depth-first principle of auto is to put the statement specifying the smallest range of packets on the top of the list. This can be realized by comparing the wildcards of the addresses. The smaller the wildcard is, the fewer hosts it can specify.
For example, 129.102.1.1 0.0.0.0 specifies a host, 129.102.1.1, while 129.102.1.1 0.0.255.255 specifies a network segment, 129.102.0.1129.102.255.255. Obviously, the former listed ahead of the latter in the ACL. The specific standard is as follows: For a standard ACL, the source address wildcards are compared directly. If the wildcards are the same, follow the configuration sequence. For an extended ACL, the source address wildcards are compared first. If the wildcards are the same, the destination address wildcards are then compared. If the destination address wildcards are again the same, the ranges of port numbers will be compared, and the port number with smaller range will be listed ahead. If the port numbers are still in the same range, follow the configuration sequence.
15.1.3 ACLs Supported by the MA5300

In the MA5300, ACLs are divided into the following categories: Numbered standard ACL Numbered extended ACL Numbered L2 ACL Numbered user defined ACL Named standard ACL Named extended ACL Named L2 ACL Numbered user defined ACL In the MA5300, the limits on the number of ACLs are as shown in Table 15-1. Table 15-1 Limits on the number of various ACLs Item Numbered standard ACL Numbered extended ACL Numbered L2 ACL Numbered user defined ACL Named standard ACL Named extended ACL Named L2 ACL Named user defined ACL Sub-rules that can be defined by one ACL No. range 199 100199 200299 300399 0127 99 100 100 100 1000 1000 1000 1000 128 Max. No.
Item Sub-rules that can be defined by one equipment Number of absolute time range Number of periodic time range
No. range 3000 12 32
Max. No.
15.2 Configuring an ACL

It is recommended that you follow the three steps below to configure an ACL: 1) 2) 3) Setting the Time Range Defining an ACL Activating an ACL
15.2.1 Setting the Time Range

Table 15-2 lists the commands for configuring the time range of an ACL. Table 15-2 Commands for configuring the time range of an ACL To Create/Delete range the time Use (no) time-range (no) absolute (no) periodic show time-range In Global configuration mode Time range configuration mode Time range configuration mode All modes except the user EXEC mode
Create/Delete the absolute time range Create/Delete the periodic time range View the information time range
I. Entering time range configuration mode

To create a time range, you can run the command time-range. If the time range exists already, then you can enter time range configuration mode directly to set the time range. This example shows how to create a time range wend2 and enter time range configuration mode.
MA5300(config)# time-range wend2 MA5300 (config-timerange-wend2)#
There are two kinds of time ranges, absolute and periodic time ranges.
The absolute time range is in the form of year/month/day/hour/minute. The periodic time range is in the form of the week/hour/minute.
II. Setting the absolute time range

The absolute time range specifies a broader valid period and also limits the periodic time range. You can set up to 12 absolute time ranges. To create/delete an absolute time range, you can run this command: (no) absolute [ start HH:MM MM-DD-YYYY ] [ end HH:MM MM-DD-YYYY ] When the start time is not configured, there is no limit on the start time. If the end time is not configured, it will be the maximum time that can be displayed by the system. The end time shall be later than the start time. This example shows how to set a time range to be valid starting from 0:0, Jan 1st, 2000.
MA5300 (config-timerange-wend2)# absolute start 0:0 1-1-2000
This example shows how to set a time range to be valid when it is configured until 22:00, Dec 10th, 2000.
MA5300 (config-timerange-wend2)# absolute end 22:00 12-10-2000
III. Setting the periodic time range

The periodic time range expires in a week. You can set up to 32 periodic time ranges. To create/delete a periodic time range, you can run this command: (no) periodic days-of-the-week hh:mm to [ day-of-the-week ] hh:mm This example shows how to set a periodic time range. In this example, the range is valid between 2 pm and 4 pm at weekends, starting from 20:00, Dec 31st, 1999, until 20:00, Dec 10th, 2000.
MA5300(config)# time-range wend2 MA5300 (config-timerange-wend2)# absolute start 20:00 12-31-1999 end 20:00 12-10-2000 MA5300 (config-timerange-wend2)# periodic weekend 14:00 to 16:00
15.2.2 Defining an ACL

The MA5300 supports several types of ACLs. The following introduces how to define these ACLs.
I. Defining a standard ACL

1) Define a numbered standard ACL.
Table 15-3 lists the commands for defining the numbered standard ACL. Table 15-3 Commands for defining the numbered standard ACL To Define a numbered standard ACL Use access-list access-list-number1 { deny | permit | } { source-addr source-wildcard | any } [ fragments ] [ time-range time-range-name ] access-list access-list-number2 { permit | deny } [ protocol ] [ established ] { source-addr source-wildcard | any } [ operator port1 [ port2 ] ] { dest-addr dest-wildcard | any } [ operator port1 [ port2 ] ] [ icmp-type [ icmp-code ] ] [ fragments ] { [ precedence precedence ] [ tos tos ] | [ dscp dscp ] } [ time-range time-range-name ] access-list access-list-number3 { permit | deny } [ protocol ] [ cos vlan-pri ] ingress { { [ source-vlan-id ] [ source-mac-addr source-mac-wildcard ] } | any } egress { { dest-mac-addr dest-mac-wildcard } | any } [ time-range time-range-name ] access-list access-list-number4 { permit | deny } { rule-string rule-mask offset }&<1-20> [ time-range time-range-name ] access-list access-list-number match-order { config | auto } no access-list { all | { access-list-number | access-list-name } [subitem ] } Global mode In configuration
Define a numbered extended ACL
Global mode
configuration
Define an L2 ACL
Global mode
configuration
Define a user-defined ACL Define the match order of ACL Delete ACLs or sub-rules
Global mode
configuration
Global mode Global mode
configuration
configuration
When defining the ACL, you can run the command access-list for times to define multiple rules for an ACL. 2) Define a named standard ACL.
Table 15-4 lists the commands for defining the named standard ACL. Perform these configurations in corresponding mode.
Table 15-4 Commands for defining the named standard ACL To Create/Enter the named standard ACL mode (global configuration mode) Define a standard ACL (named standard ACL mode) Create/Enter the named extended ACL mode (global configuration mode) Use access-list standard name [ match order { config | auto } ] { permit | deny } { source-addr source-wildcard | any } [ fragments ] [ time-range time-range-name ] access-list extended [ match-order { config | auto } ] name
Define an extended extended ACL mode)
ACL
(named
{ permit | deny } [ protocol ] [ established ] { source-addr source-wildcard | any } [ operator port1 [ port2 ] ] { dest-addr dest-wildcard | any } [ operator port1 [ port2 ] ] [ icmp-type [ icmp-code ] ] { [ precedence precedence ] [ tos tos ] | [ dscp dscp ] } [ fragments ] [ time-range time-range-name ] access-list link name [ match-order { config | auto } ] { permit | deny } [ protocol ] [ cos vlan-pri ] ingress { { [ source-vlan-id ] [ source-mac-addr source-mac-wildcard ] } | any } egress { { dest-mac-addr dest-mac-wildcard } | any } [ time-range time-range-name ] access-list user name [ match-order { config | auto } ] { permit | deny } { rule-string rule-mask offset }&<1-20> [ time-range time-range-name ]
Enter L2 ACL configuration mode
Define an L2 ACL
Enter user-defined ACL configuration mode Define a user-defined ACL
Delete ACLs or sub-rules configuration mode)
(global
no access-list { all | { access-list-number | access-list-name } [subitem ] }
When defining an ACL, you can run the command { permit | deny } for times to define multiple rules for the ACL. Besides, once the user specifies the match order of an ACL, he/she cannot modify it later.
Table 15-5 Parameter description Parameter permit deny time-range fragment Description Allows the pass-through of the desired packets. Denies the pass-through of the desired packets. Indicates that the ACL is effective within the time range. Indicates that the ACL is effective only to fragmented packets. Indicates that the ACL is effective only to the first SYN packet after the establishment of TCP. Specifies the IP priority. Classifies the data packets based on DSCP values which range 063. Classifies the data packets based on ToS values which range 015. Specifies an 802.1p priority level, in the range of 07. Specifies the source information of data packets. Specifies the destination information of data packets.
established precedence dscp tos cos ingress egress
3)
Example
This example shows how to set a rule for ACL 1 to deny the packets sent by host 202.110.10.10.
MA5300(config)# access-list 1 deny 202.110.10.10 0
This example shows how to set a rule for standard ACL example to deny the packets sent by host 202.110.10.10.
MA5300 (config)# access-list standard example MA5300 (config-std-nacl-example)# deny 202.110.10.10 0
This example shows how to create an L2 ACL named example and specify its match order as auto.
MA5300 (config)# access-list link example match-order auto
II. Defining an ACL

These are principles for defining an ACL:
The standard ACL is defined on the basis of L3 source IP address, and processes the data packets. The classification rules are defined on the basis of packet attributes such as the source IP, destination IP, TCP or UDP port number in use and the packet priority. The extended ACL is able to analyze three kinds of packet priorities, including 802.1p priority, IP priority and DSCP priority. The rules of L2 ACL are defined on the basis of the L2 information such as source MAC address, source VLAN ID, L2 protocol type, L2 ports receiving and forwarding the packet and destination MAC address to process the data packets. The user defined ACL matches any of the first 80 bytes in L2 data frames and processes them accordingly.
III. Defining a user defined ACL

To use the user defined ACL in a proper way, you need to understand the composition of L2 data frames very well. The figure below is the schematic diagram of the first 64 bytes of the L2 data frames. Every letter represents one hexadecimal, and every two letters represent one byte.
Figure 15-1 Schematic diagram of the first 64 bytes of data frames The description and offset values of each letter in the above figure are shown in Table 15-6. Table 15-6 Description of each letter and their offset values Letter A Meaning Destination address Source address MAC Offset 0 Letter O Meaning TTL field Protocol number (6 refers to TCP and 17 refers to UDP) IP checksum Source IP address Destination address IP Offset 34
MAC
35
C D E
Length field of data frame VLAN tag field DSAP (Destination Service Access Point) field SSAP (Source Service Access Point) field
12 14 18
Q R S
36 38 42
19
TCP source port
46
Letter G H I J K L M N
Meaning Ctrl field org code field Encapsulated data type IP version number ToS field IP packet length ID number Flags field
Offset 20 21 24 26 27 28 30 32
Letter U V W XY Z a b TCP port
Meaning destination
Offset 48 50 54 58 59 60 62
Serial number Acknowledgement field IP header length and reserved bit Reserved bit and flags bit Window Size field Others
In Table 15-6, the offset of each field is their offset in the 802.3 data frame of SNAP + tag. For the user defined ACL, user can use the rule mask and offset parameters to extract any byte from the first 80 bytes of data frame, and then compare the extracted byte with user defined rules to filter matched data frames for processing. User defined rules can be some certain attributes of the data. To filter all TCP messages, you can define the rule as 06, rule mask as FF and offset as 35. Then the rule mask and offset will work together to extract the contents in the TCP protocol number field of the received data frame to compare with the rules, and then find all the matched TCP messages.
Note: At present, user defined ACL is only applicable for filtering snap+tagged data frames, which are compliant with 802.3 standards. Table 15-6 only lists the statistics of the ESMA/ESME board. For the ESMB board, it does not have the letters E, F, G, and H. Starting from letter I, each offset value is 8 less than the corresponding value of the ESMA/ESME board.
15.2.3 Activating an ACL

Before using an ACL, you need to activate it first.
To activate the L2 and L3 ACLs at the same time, make sure that the actions of the combination items are consistent. If the actions conflict (one is permit and the other is deny), they cannot be activated. The MA5300 activates L2 and L3 ACLs by the following means: the sub-rule 1 of the L2 ACL group combines with the sub-rule 1 of the L3 ACL group, and the sub-rule 2 of the L2 ACL group combines with the sub-rule 2 of the L3 ACL group, and so on. If the sub-rules of the two ACL groups are not identical, then the unmatched sub-rules will be activated respectively. To activate/deactivate an ACL, you can run the following command in global configuration mode: (no) access-group { user-group { access-list-number | access-list-name } [ subitem subitem ] { in | out } | { [ ip-group { access-list-number | access-list-name } [ subitem subitem ] { in | out } ] [ link-group { access-list-number | access-list-name } [ subitem subitem ] { in | out } ] } } Table 15-7 Parameter description Parameter in out user-group ip-group link-group Input direction Output direction Indicates user defined ACLs. Indicates standard or extended ACLs. Indicates L2 ACLs. Indicates which sub-item in an ACL to be activated, in the range from 0 to 127. With this parameter not specified, it indicates all sub-items in an ACL will be activated. Description
subitem
This example shows how to activate ACL 1 and ACL 200 of port vdsl 2/0/0.
MA5300(config-if-Vdsl2/0/0)# access-group ip-group 1 link-group 200 in
Note: The ACL configured for an ADSL port or SHDSL port is only applicable to IP packets. If an ACL is configured for an ADSL or SHDSL port, the ACL is also applicable to other ports on the same board.
15.2.4 Viewing ACL Information

After performing the above configuration, you can run the command show to view the information on configured ACLs or to authenticate whether the configuration is correct. Table 15-8 lists the commands for viewing the information on an ACL. Table 15-8 Commands for viewing ACL information To View the status of time range Use In All modes except show time-range the User EXEC mode All modes except View the detailed ACL information show access-lists config the User EXEC mode View the runtime information on all ACLs All modes except show access-lists runtime the User EXEC mode
I. Viewing the information on a time range

To view the information on a time range, you can run the command display time-range. This example shows how to display all time ranges.
MA5300# show time-range all absolute start 11:00 12-30-2002 end 16:00 9-15-2003 Time-range : tm1 ( Inactive ) periodic Mon 10:00 to Fri 18:00
This example shows how to display the time range tm1.

MA5300# show time-range tm1 Current time is 13:47:31 10-13-2002 Sunday Time-range : tm1 ( Inactive ) periodic Mon 10:00 to Fri 18:00
II. Viewing the configuration of an ACL

This example shows how to display the configuration of all ACLs.
MA5300# show access-lists config all Standard IP Access List 10, 1 rule,

0 : permit 10.0.0.1 0 (0 times matched) 20, 1 rule,
Standard IP Access List 0 :
permit 20.0.0.1 0 (0 times matched)
III. Viewing information on the utilization of ACL items

This example shows how to display information on the utilization of all ACL items.
MA5300# show access-lists runtime all access-list std1 subitem 0 access-list std1 subitem 1 running running
15.3 ACL Configuration Example

1) 2) 3) Set the time range Define an ACL Activate an ACL

Office of President 129.111.1.2 Payment query server 129.110.1.2
MA5300
Financial Dept.
Management Dept.
Figure 15-2 Access control configuration example Different departments on a company network are interconnected through the ports vdsl 2/0/0vdsl 2/0/2 of the MA5300. The payment query server of the Financial Dept. is connected to the MA5300 through Ethernet 7/1/0 (at 129.110.1.2). It is required to properly set the ACL and prohibit the departments other than the Office of President to access the payment query server between 8:00 am and
12:00 am. The Office of President (at 129.111.1.2) can access the server at any time without limitation.
III. Data configuration
Note: Only the commands related to ACL configuration are listed below.
1)
Define the work time range as time-on-duty.
MA5300(config)# time-range time-on-duty MA5300(config-timerange- time-on-duty)# periodic daily 8:00 to 12:00
2)
Define the ACL to access the payment server.
! Enter the named extended ACL, named as traffic-to-payserver.

MA5300(config)# access-list extended traffic-to-payserver
! Define the rules for other department to access the payment server.
MA5300(config-ext-nacl-traffic-to-payserver)# 0.0.0.0 time-range time-on-duty deny ip any 129.110.1.2
! Define the rules for the Office of President to access the payment server.
MA5300(config-ext-nacl-traffic-to-payserver)# permit ip 129.111.1.2 0.0.0.0 129.110.1.2 0.0.0.0
3)
Activate the ACL.
! Apply the ACL traffic-to-payserver to the corresponding MA5300 ports.

MA5300(config-if-Vdsl2/0/0)# access-group ip-group traffic-to-payserver in MA5300(config-if-Vdsl2/0/1)# access-group ip-group traffic-to-payserver in MA5300(config-if-Vdsl2/0/2)# access-group ip-group traffic-to-payserver in
Chapter 16 QoS Configuration

16.1 Overview
In a traditional IP network, all the packets are treated equally. Every switch or router handles all packets in light of the First In First Out (FIFO)policy. That means it makes best effort to transmit the packets to the destination, but with no commitment to the transmission liability, jitter or other performances. The network is being used to deliver more and more traffic of voice, image and important data, which are sensitive to the bandwidth, delay and jitter. On the one hand, this enriches the network sources. But on the other hand, the network congestion occurs more and more frequently. As a result, people require higher quality of service (QoS) for the transmission over the network. Ethernet is becoming one of the major ways for common users to access the Internet. To offer the end-to-end QoS solutions on the whole network, how to guarantee the Ethernet QoS service has to be taken into consideration. In this case, Ethernet switches are required to apply the Ethernet QoS technology to provide customized QoS for different types of service traffic, especially for those having higher-requirements on the time delay and jitter.
I. Traffic
Traffic refers to all packets passing through an MA5300.
II. Traffic classification

Traffic classification means identifying the packets with certain type of characteristics using the match rule. The rule is called classification rule, set by the configuration administrator based on actual requirements. The rule can be very simple. For example, the traffic with different priorities can be identified in light of the ToS field in IP packet header. There are also some complex rules. For example, the information over the integrated link layer (L2), network layer (L3) and transport layer (L4), such as MAC address, IP protocol, source IP address, destination IP address and the port number of application, can be used for traffic classification. In general, traffic is classified based on the header of encapsulated packets. The packet content is seldom used as the traffic classification standard.
III. Packet filtering

Packet filtering aims to filter the traffic. For example, the operation deny discards the traffic matching the traffic classification rule, while allowing other traffic to pass through. With the complex traffic classification rules, the MA5300 can filter the information carried in L2 traffic and discards useless, unreliable or doubtful traffic, and thus enhance the network security. These are the two key steps to filter the packets: Step 1: Classify the ingress traffic in light of the classification rule. Step 2: Filter the identified traffic, namely performing the deny operation (the default access control operation).
IV. Traffic policing

In order to deliver better service with the limited network resources, QoS regulates the traffic of the specified user at the input port, so that it can make a better use of the assigned resource.
V. Port rate limit

The port rate limit is the limit imposed on the rate of a port to limit the general speed of output packets passing through the port.
VI. Redirection
You can specify a new port to forward the packets on the QoS policy on demand.
VII. Priority tag

The MA5300 can deliver priority tag service for certain packets. These tags include ToS, DSCP and 802.1p, which can be used and defined in different QoS modules respectively. RFC2474 has redefined the ToS domain of an IP packet header as a DS domain. The first 6 bits (05) of the domain represent DSCP priority, in the range of 063. The later 2 bits (67) are reserved bits. For the definition of the ToS domain in the header of an IP packet, you can refer to RFC791. 802.1p priority is located in the header of a L2 packet. It is used in cases where analysis of L3 header is not required while QoS on L2 must be guaranteed.
VIII. Selecting egress queue for the packets

MA5300 can select matched egress queues for certain packets.
IX. Queue scheduling

When multiple packets compete for the limited resources, congestion may occur. To solve the problem, make such packet queue. The following will introduce three queue scheduling algorithms: Strict Priority Queue (PQ) Weighted Round Robin (WRR) Delay-bounded WRR. 1) PQ
Queue High Medium Classify Packets to be sent via this interface Normal Low Packets left the interface Dequeue
Figure 16-1 Priority queue diagram The PQ is specially designed for the key services application. A significant feature of the key service is the demand for service priority to reduce the response delay when congestion occurs. The PQ divides all packets into up to four kinds: High-priority queue Medium-priority queue Normal-priority queue Low-priority queues These four queues are indicated as the Queue 3, 2, 1 and 0 in turn, whose priorities descend one by one. The queue scheduling strictly obeys the descend priority order. The PQ gives preference to and forwards the packets in the higher-priority queue first. When the higher-priority queue is empty, it will send the packets in the lower-priority group. In this way, the key service packets are put in the higher-priority queue and the non-key service packets, like E-mail, are put in the lower-priority queue. This ensures that the key service packets are transmitted first, while the non-key service packets are transmitted during the idle gaps of key service traffic processing. The PQ has a drawback. When congestion occurs, if there are many packets queuing in the higher-priority queue, which will take a long time to transmit, the packets in the lower-priority queue will be starved without service.
2)
WRR
WRR defines 4 or 8 egress queues for each port. The round scheduling ensures every queue gets some time of service. For example, you can set the weight value of the WRR algorithm for 100M port as 50, 30, 10 and 10 (corresponding to the w3, w2, w1 and w0 respectively). Thus the low-priority queue can be guaranteed to get the minimum bandwidth of 10 Mbit/s, avoiding the case in PQ scheduling that the messages in the lower-priority queues may not get any service for a long time. Another advantage of WRR is that the service time is assigned to each queue flexibly, although it is the round multiple queue scheduling. When a queue is empty, it will switch to the next queue at once, making good use of the bandwidth resource. 3) Delay bounded WRR
Compared with common WRR, the Delay bounded WRR is special in that it guarantees packets in the highest-priority queue to be forwarded before the specified delay times out.
X. Traffic mirroring
This function is to copy the specified data packets to the monitor port for network diagnosis and troubleshooting.
XI. Port mirroring

This function is to copy data packets of specified ports to the monitor port for network diagnosis and troubleshooting.
XII. Traffic statistics

With the flow traffic statistics, you can count and analyze the packets at your requirements. The MA5300 uses an ACL to carry out these QoS services: Traffic policing Port line rate Packet redirection Priority tag Queue scheduling Traffic mirroring Traffic statistics
16.2 Configuring QoS

Before configuring QoS, you have to define the corresponding ACL. The configuration of QoS involves: Setting the Traffic Policing Setting the Port Rate Limit Setting the Packet Redirection Setting the Priority Tag Setting the Queue Scheduling Setting the Traffic Mirroring Setting Traffic Statistics Viewing QoS Information Table 16-1 lists the commands for configuring and managing QoS. Table 16-1 Commands for configuring QoS To Set the queue scheduling Set/Cancel the traffic-based rate limit Set/Cancel the priority tag Set/Cancel traffic statistics Use (no) queue-scheduler (no) rate-limit input (no) traffic-priority (no) traffic-statistic In Global configuration mode Port configuration mode Port configuration mode Port configuration mode Ethernet port configuration mode/VDSL port configuration mode Ethernet port configuration mode/VDSL port configuration mode Ethernet port configuration mode/VDSL port configuration mode
Set/Cancel the port-based rate limit
(no) line-rate
Set/Cancel redirection
the
packet
(no) traffic-redirect
Set/Cancel the traffic mirroring
(no) mirrored-to
16.2.1 Setting the Traffic Policing

Traffic policing is the flow rate restriction. Once the traffic flow exceeds the specified rate, corresponding actions will be taken, such as discarding the packets or lowering the priority. The purpose of this task is to carry out traffic policing over the data traffic matching the ACL. The traffic beyond the limit will be dealt with in other way, such as being discarded. To set the traffic policing, you can run the following command: rate-limit input { user-group { access-list-number | access-list-name } [ subitem subitem ] | { [ ip-group { access-list-number | access-list-name } [ subitem subitem ] ] [ link-group { access-list-number | access-list-name } [ subitem subitem ] ] } } target-rate [ exceed-action action ] Table 16-2 Parameter description Parameter input user-group Description Indicates traffic restriction is restricted on the packets received by a port. Indicates user defined ACLs. Indicates the sub-item in an ACL to be activated, in the range from 0 to 127. When it is not specified, it indicates all sub-items in an ACL will be activated. Indicates standard or extended ACLs. Indicates L2 ACLs. Actions adopted for the packets whose traffic exceeds that specified, such as: exceed-action drop: Discards the packets. set-dscp-value: Sets new DSCP values.
subitem
ip-group link-group
This example shows how to set traffic restriction on those packets received by port vdsl 2/0/0. The packets match rule permit in ACL1. The normal traffic flow is set as 50 Mbps. The packets that exceed the flow will be discarded.
MA5300(config-if-Vdsl2/0/0)# rate-limit input ip-group 1 50 exceed-action drop
16.2.2 Setting the Port Rate Limit

The port rate limit is the port-based line rate used for limiting the general speed of packet output on the port. You can set the rate limit for a single port of the MA5300. To set the rate limit for a port, you can run the command line-rate. To cancel the setting, you can run the command no line-rate.
16.2.3 Setting the Packet Redirection

Packet redirection is to redirect the packets to the CPU or a specified output port. Note that the redirection only takes effects on the rules with action permit. After the packets are redirected to the CPU, they will not be forwarded any longer. To set the packet redirection, you can run this command: traffic-redirect { input | ouput } { user-group { access-list-number | access-list-name } [ subitem subitem ] | { [ ip-group { access-list-number | access-list-name } [ subitem subitem ] ] [ link-group { access-list-number | access-list-name } [ subitem subitem ] ] } } { cpu | { interface interface-name | interface-type interface-num } }
Note: The parameter description is same as that of traffic policing.
This example shows how to redirect the packets matching the rule permit of ACL 1 at port vdsl 2/0/0 to port vdsl 2/0/1,
MA5300(config-if-Vdsl2/0/0)# traffic-redirect ip-group 1 interface vdsl2/0/1
16.2.4 Setting the Priority Tag

The priority tag configuration is a policy to tag the priority for the packets matching the ACL. The new priority is filled in the priority field of the packet header. Note that packet priority tag function only takes effects on the rules with action permit. To set the priority tag, you can run this command: traffic-priority { input | ouput } { user-group { access-list-number | access-list-name } [ subitem subitem ] | { [ ip-group { access-list-number | access-list-name } [ subitem
subitem ] ] [ link-group { access-list-number | access-list-name } [ subitem subitem ] ] } } { [ dscp dscp-value ] [ ip-precedence { pre-value | from-cos } ] [ cos { pre-value | from-ipprec } ] [ local-precedence pre-value ] } Table 16-3 Parameter description Parameter dscp ip-precedence from-cos cos from-ipprec local-precedence Description Classifies the data packets based on DSCP values which range 063. Specifies the IP priority which range 07. Specifies the IP priority the same as 802.1p priority. Specifies an 802.1p priority level, in the range of 07. Specifies 802.1p priority the same as IP priority. Specifies local priority, in the range of 07.
Note: The description of other parameters is the same as that of traffic policing.
This example shows how to tag the packets matching the rule permit of ACL 1 at port vdsl 2/0/0, and set the local preference to 0.
MA5300(config-if-Vdsl2/0/0)# local-precedence 0 traffic-priority input ip-group 1
The MA5300 supports to tag the packets with the following: IP precedence (specified by ip-precedence in the command traffic-priority) DSCP (specified by dscp in the command traffic-priority) 802.1p preference (specified by cos in the command traffic-priority) You can tag the packets with different priority levels at requirements on QoS policy. The MA5300 puts the packets into corresponding egress queues in light of the 802.1p preference or the local preference (specified by local-precedence in the command traffic-priority). If both the 802.1p preference and local preference have been specified in the command traffic-priority, the MA5300 will put the packets into corresponding queues in light of the 802.1p preference first.
16.2.5 Setting the Queue Scheduling

When multiple packets compete for the limited resources, congestion may occur. To settle the problem, they are queued in general. The MA5300 supports three queue scheduling algorithms: PQ, WRR and delay-bound WRR. By default, the MA5300 adopts PQ. To set the queue scheduler, you can run the command queue-scheduler. To restore the default queue scheduler, you can run the command no queue-scheduler.
Note: When WRR algorithm or delay bound WRR algorithm is adopted, the queue weight of all queues totals 100. The ESMA board supports up to 4 queues, and adopts an 8- bit weight for every queue. The bandwidth allocated to a queue is in direct proportion to the weight of the queue. The ESMB board supports up to 8 queues, and uses a 4-bit weight (15 is the maximum) for every queue. Therefore, the bandwidth allocated to a queue shall be calculated by the maximum weight of 15.
This example shows how to set the queue for the ESMA board as WRR, the weight of four queues is 20, 20, 30, 30 respectively.
MA5300(config)# queue-scheduler wrr 20 20 30 30
This example shows how to set the queue for the ESMB board as WRR, and the weights of eight queues are 10, 10, 10, 10, 10, 10, 20, and 20 respectively.
MA5300(config)#queue-scheduler wrr 10 10 10 10 10 10 20 20
After the setting, the actual weights of the eight queues are 10, 10, 10, 10, 10, 10, 15, and 15 respectively.
16.2.6 Setting the Traffic Mirroring

The function of traffic mirroring is to copy the traffic matching ACL to a monitor port for analyzing and monitoring the packets. To set the traffic mirroring, you can run this command:
mirrored-to { input | output } { user-group { access-list-number | access-list-name } [ subitem subitem ] | { [ ip-group { access-list-number | access-list-name } [ subitem subitem ] ] [ link-group { access-list-number | access-list-name } [subitem subitem ] ] } } [ interface interface-name | interface-type interface-num ]
Note: The parameter description is the same as that of traffic policing.
This example shows how to mirror the packets which are received by port Ethernet 7/1/0 and matching the rule permit of ACL1 to port Ethernet 7/1/1.
MA5300(config-if-Ethernet7/1/0)# e7/1/1 mirrored-to input ip-group 1 interface
16.2.7 Setting Traffic Statistics

The traffic statistics function is used for counting the data packets of the specified traffic. Note that the traffic statistics function only takes effects on the rules with action permit. To set traffic statistics, you can run the following command: traffic-statistic { input | output } { user-group { access-list-number |
access-list-name } [ subitem subitem ] | access-list-name } [ subitem subitem ] ] } }
{ [ ip-group { access-list-number |
access-list-name } [ subitem subitem ] ] [ link-group { access-list-number |
Note: The parameter description is the same as that of traffic policing.
This example shows how to perform traffic statistics on the packets received by port vdsl 2/0/0 and matching the rule permit of ACL1.
MA5300(config-if-Vdsl2/0/0)# traffic-statistic input ip-group 1
16.2.8 Viewing QoS Information

After the above configuration, you can run the command show to view the information on configured QoS or verify whether the configuration is correct. Table 16-4 lists the commands for viewing QoS information. Table 16-4 Commands for viewing QoS information To View the parameter setting of traffic mirroring View the queue scheduling mode and parameters View the QoS setting of all ports View the parameter setting of traffic limit View the parameter setting of port rate limit View the parameter setting of priority tag View the parameter setting of redirection View the parameter setting of traffic statistics Use show qos-interface mirrored-to In All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
show queue-scheduler
show qos-interface all
show qos-interface rate-limit
show qos-interface line-rate
show qos-interface traffic-priority show qos-interface traffic-redirect show qos-interface traffic-statistic
This example shows how to display the parameter setting of traffic limit.
MA5300# show qos-interface rate-limit Ethernet7/1/1: rate-limit Input: Matches: access-list 1 subitem 0 Target rate: 10 Mbps Ethernet7/1/2: rate-limit Input: Matches: access-list 10 subitem 0 running running

Target rate: 100 Mbps Conform action: set-local-precedence-value 6 Exceed action: set-dscp-value 2
This example shows how to display the queue scheduling mode and parameters.
MA5300#show queue-scheduler Queue scheduling mode: strict-priority
16.3 QoS Configuration Example

Office of President 129.111.1.2 Payment query server 129.110.1.2
MA5300
Financial Dept.
Management Dept.
Figure 16-2 QoS configuration example Different departments on a company network are interconnected through ports vdsl 2/0/0vdsl 2/0/of the MA5300. The payment query server of the Financial Dept. is connected to the MA5300 through port Ethernet 7/1/0 (at 129.110.1.2). It is required to limit the traffic from other department to the server to 20 M at most. Set the DSCP preference of those not matching the rule to 1.

Note that in the following configuration, only the commands related to QoS/ACL configuration are listed. 1) Define the traffic accessing the payment query server.
! Enter the named extended ACL, identified as traffic-to-payserver.

MA5300(config)# access-list extended traffic-to-payserver

MA5300(config-ext-nacl-traffic-to-payserver)# 0.0.0.0

permit ip any 129.110.1.2
2)
Define the limit to the traffic-to-payserver.
! Set the average rate of the traffic-to-payserver to 20 M, and the DSCP of the packets exceeding average rate to 1.
MA5300(config-if-Vdsl2/0/0)# rate-limit input ip-group traffic-to-payserver 20 exceed-action set-dscp-value 1 MA5300(config-if-Vdsl2/0/1)# rate-limit input ip-group traffic-to-payserver 20 exceed-action set-dscp-value 1 MA5300(config-if-Vdsl2/0/2)# rate-limit input ip-group traffic-to-payserver 20 exceed-action set-dscp-value 1
Chapter 17 IP Performance Configuration

17.1 Configuring the TCP Attributes
You can set these TCP attributes: Synwait timer When the synchronization (SYN) packet is sent, TCP enables the synwait timer. If no acknowledgement (ACK) packet is received before the synwait timer expires, TCP connection will be dropped. The value of synwait timer is in the range of 2600s. The default value is 75s. Finwait timer When the TCP connection status changes from FIN_WAIT_1 to FIN_WAIT_2, the finwait timer is enabled. If no FIN packet is received before the finwait timer expires, the TCP connection will be dropped. The value of finwait timer is in the range of 76 3600s. The default value is 675s. Size of the receive/send buffer for the connection-oriented Socket It is in the range of 1 to 32 kbytes. The default value is 4 kbytes. Table 17-1 lists the commands for configuring TCP attributes. Table 17-1 Commands for configuring TCP attributes To Set the time synwait timer of TCP Use tcp synwait-time time-value no tcp synwait-time tcp finwait-time time-value no tcp finwait-time In Global configuration mode Global configuration mode Global configuration mode
Restore the default setting of TCP synwait timer Set the time of FIN_WAIT_2 timer TCP
Restore the default setting for the time of TCP FIN_WAIT_2 timer Set the size of the TCP Socket receive & transmit buffer Restore the default setting for the size of the TCP Socket receive & transmit buffer
Global configuration mode
tcp window-size window-size
no tcp window-size
17.2 Viewing and Debugging the IP Performance

After the above configuration, you can run the command show to display the IP performance information or verify the configuration. You can run the command debug to debug the IP performance. Table 17-2 Commands for viewing and debugging IP performance To View the TCP connection status Use show tcp brief In All modes except the user EXEC mode All modes except the user EXEC mode Privileged mode Privileged mode Privileged mode Privileged mode
View the IP VLAN interface list Enable/Disable the IP debugging switch Enable/Disable debugging switch the TCP
show ip interface
debug ip packet debug tcp packet debug tcp transaction debug udp
Enable the output of TCP session debugging switch Enable the output debugging switch of UDP
17.3 IP Performance Troubleshooting

Fault: IP operation is normal, but TCP and UDP cannot work normally. Troubleshooting: When such a fault occurs, you can enable the corresponding debugging switches to view the debugging information. To enable output of the debugging information, you can run the command terminal debug. To enable output of the UDP debugging information, you can run the command debug udp. This helps you to trace the UDP packet. Then the TCP packet received or sent can be checked in real time. In this case, problems can be found in light of the contents of TCP packets. To enable output of the TCP debugging information, you can run the command debug tcp packet or debug tcp transact. This helps you to debug and trace the receiving/transmitting of all the TCP packets that take the MA5300 as the end.
Chapter 18 Overview of IP Routing Protocol

18.1 IP Routing and Routing Table
: Note When the MA5300 runs a routing protocol, it functions as a router.
18.1.1 Route and Route Segment

Routers are used for routing packets in the Internet. A router selects a suitable path (through a network) according to the destination address contained in a received packet, and sends the packet to the next router. The last router on the path will send the packet to the destination host. The router logically takes the path (from the network ingress to the network egress) covered by a packet in a certain network as a route unit, which is called one Hop. For example, as shown in Figure 18-1, three networks and two routers are traversed from Host A to Host C and the hop count is three. If one node is connected to another through a network, there is a segment between them, and they are adjacent in an interconnected network. Similarly, adjacent routers mean the two routers are connected to the same network. The hop count from a router to a host in the local network should be taken as zero. Figure 18-1 uses the bold arrow to indicate these route segments. However, the router is not concerned about which physical links comprise a segment.
A
Segment
R R R
Figure 18-1 Concept of route segment As the network may vary greatly in size, the actual length of each route segment is quite different. Hence, the path length in different networks can be measured with the number of route segments multiplied by a weighted coefficient. Suppose that a router is a node in the networks, and a route segment is a link in the interconnected networks, the routing in the interconnected networks is similar to that in a simple network. A route with a minimum of hops may not be the optimal selection. For example, the route passing three routing hops of LANs may be much faster than that passing two route segments of WANs.
18.1.2 Route Selection through the Routing Table

The routing table is the key for a router to forward packets. Each router keeps a routing table. Each route entry in the table shows through which physical interface of the router a packet can be forwarded to a specific subnet or a host so as to reach the next router along this path; or the route entry can show that the packet can be sent to the destination host in an interconnected network without passing other routers. The routing table includes the following key items: Destination address It is used to label the destination IP address or destination network of an IP packet. Network mask If the mask consists of consecutive 1s, it can be written in dotted decimal format, or the count of consecutive 1s. It is used to identify the network segment address of the destination host or router together with the destination address. The network segment address of the destination host or router can be acquired by performing AND operation on the destination address and the network mask. Suppose there is a host or a router (with the destination address of 129.102.8.10 and with the mask of 255.255.0.0) is located in a segment with the address 129.102.0.0.
Output interface It indicates from which interface of the router an IP packet will be forwarded. Next hop IP address It indicates the next router that an IP packet will pass. Routing protocol type It includes local direct, OSPF, RIP, static. Route priority It refers to the priority of a route in the IP routing table. For the same destination, there may be several routes with different next hops. These routes may be discovered by different routing protocols, or static routes configured manually. The route with the highest priority (smallest value) will be the optimal one. Multiple routes with different priorities to the same destination can be configured, and only one route is selected for IP packet forwarding according to the priority. Based on the destination of a route, the routes can be classified as: Subnetwork route, whose destination is a subnetwork. Host route, whose destination is a host. Based on the connection mode between the destination and the router, it can be classified as: Direct routing Network of the destination is directly connected to the router. Indirect routing Network of the destination is not directly connected to the router. To avoid too large a routing table, a default route can be defined. Once a packet fails to find a route in the routing table, the default route will be selected for forwarding. For complex interconnected networks as in Figure 18-2, the digit in each network is the network address. Router 8 is connected with three networks. It has three IP addresses and three physical ports. Its routing table is as shown in the diagram.
16.0.0.2 15.0.0.2 15.0.0.0 15.0.0.1 R2 14.0.0.2 13.0.0.1 14.0.0.0 R1 14.0.0.1 12.0.0.3 12.0.0.2 12.0.0.0 R3 13.0.0.2 13.0.0.0 13.0.0.4 16.0.0.0 R6 16.0.0.2
16.0.0.3 R7 10.0.0.2 10.0.0.0 2 10.0.0.1 3 R8 1 11.0.0.1 11.0.0.0
Routing table of Router8 Network of the destination host 10.0.0.0 11.0.0.0 12.0.0.0 13.0.0.0 14.0.0.0 15.0.0.0 16.0.0.0 Forward from which router Directly Directly 11.0.0.2 Directly 13.0.0.2 10.0.0.2 10.0.0.2 Via which port 2 1 1 3 3 2 2
R5 13.0.0.3
11.0.0.2 R4 12.0.0.1
Figure 18-2 Routing table
18.2 Route Management Policy

The MA5300 supports both static routes and dynamic routing protocols such as RIP and OSPF. The MA5300 manages the user-configured static routes and the dynamic routes discovered by routing protocols in an integrated manner. The static routes and the routes discovered or configured by various routing protocols can be shared.
18.2.1 Routing Protocols and Routing Priority

Different routing protocols (including static routes) may find different routes to the same destination, while not all the routes are the optimal ones. In fact, the current route to a specific destination at a specific moment can be determined by one routing protocol only. Each routing protocol (as well as the static route) is allocated a priority. When multiple route information sources exist, the route discovered by the routing protocol with higher priority will become the current route. Table 18-1 lists various routing protocols and their default priorities for route discovering. The smaller the value, the higher the priority. Table 18-1 Routing protocols and their default routing priorities Routing protocol or type DIRECT OSPF INTERNAL EIGRP STATIC RIP OSPF ASE Routing priority 0 10 50 60 100 150
Routing protocol or type EXTERNAL EIGRP IBGP EBGP UNKNOWN
Routing priority 160 256 256 255
In this table, "0" indicates the direct route, and "255" indicates any route from an unknown source. Except for the direct route (DIRECT) and the BGP (IBGP, EBGP), the priority of each dynamic routing protocol can be defined as required. Additionally, the priority of each static route can be different.
18.2.2 Load Sharing and Route Backup

Different routing protocols can find different routes as they use different algorithms. So how to share the discovered results among various routing protocols becomes a problem. The MA5300 is capable of redistributing the route discovered by one routing protocol into another routing protocol. Each routing protocol has a corresponding route redistributing mechanism. For details, refer to the relevant description on route redistribution of each routing protocol.
18.3 Configuring a Static Route

18.3.1 Overview
I. Attributes and function of static route
The static route is a special route. It is configured manually by the administrator. Configuring static routes helps build up an interconnected network. However, when a network fault occurs, the static route will not change automatically; which means it needs to be adjusted by the administrator. In a simple network, the router runs well as long as the static routes are configured. Careful configuration and use of static routes will improve the network performance and assure bandwidth for important applications. All the following routes are static routes: Reachable route A normal route is of this type. That is, the IP packet is sent to the next hop by way of the route marked by the destination. It is a common type of static routes. Unreachable route
When a static route to a destination has the "reject" attribute, all the IP packets to this destination will be discarded, and the source host will be informed that the destination is unreachable. Blackhole route When a static route to a destination is of the "blackhole" attribute, all the IP packets to this destination will be discarded, and the source host will not be informed. The attributes "reject" and "blackhole" are usually used to control the range of reachable destinations of a router and help to troubleshoot the network faults.
II. Default route

A default route is also a static route. To put it simple, the default route is the route used when no matched routing table ingress entry is found. In a routing table, the default route is indicated as the route to network 0.0.0.0 (mask 0.0.0.0). You can run the command show ip route to view whether it has been configured. If the destination address of a packet does not match any entry in the routing table, the packet will select the default route. If no default route is found and the destination address of the packet is not in the routing table, the packet will be discarded. In addition, the router will return an Internet Control Message Protocol (ICMP) packet to the source, indicating that this destination address or network is unreachable. The default route is very useful in a network. In a typical network with hundreds of routers, the dynamic routing protocol may consume large bandwidth. Using default routes, a link with proper bandwidth can be used to replace a high bandwidth link where there are a great number of users.
18.3.2 Setting a Static Route

Table 18-2 lists the commands for setting a static route. Table 18-2 Commands for setting a static route To Use ip route ip-address { mask | mask-length } { interface-type interface -number | gateway-address } [ preference preference-value ] [ reject | blackhole ] In
Add a static route
Global mode
configuration
To
Use no ip route ip-address { mask | mask-length } [ interface-type interface number | gateway-address ] [ preference value ] ip route 0.0.0.0 { 0.0.0.0 | 0 } { interface-type interface -number | gateway-address } [ preference value ] [ reject | blackhole ] no ip route 0.0.0.0 { 0.0.0.0 | 0 } [ interface-type interface -number | gateway-address ] [ preference value ]
In
Delete a static route
Global mode
configuration
Set the default route
Global mode
configuration
Delete the default route
Global mode
configuration
Parameter description: 1) IP address and mask
The ip-address is in dotted decimal notation. Since 1s in 32-bit mask must be consecutive, the mask can be indicated either in the dotted decimal format or in mask length. (Mask length refers to the number of 1s in a mask). 2) Sending interface or next hop address
In defining a static route, you can specify the sending interface (interface-type interface number), or the next hop address (gateway-address). Whether to specify the sending interface or the next hop address depends on the actual conditions. In the following cases, the sending interface can be specified: For an interface supporting resolution from the network address to the link layer address (such as the Ethernet interface that supports ARP), when ip-address and mask (or mask-length) together specify a host address, and this destination address is in the directly connected network, the sending interface can be specified. For a point-to-point interface, the address of the peer interface connected to this one is that of the next hop of the route. So you can specify the sending interface by just designating the next hop address. In fact, all route entries shall specify the next hop address. When sending IP packets, the router first finds the route included in the routing table according to the destination address of the packets. Once the next hop IP address is specified, the router can find the corresponding link layer address, and forward IP packets to the address. 3) Priority
For configuring preference-value, you can apply the routing management policy flexibly.
In one command, the preference value can be input multi-times, but only the latest one is valid. 4) Other parameters
The attributes reject and blackhole respectively indicates the unreachable route and the blackhole route. This example shows how to set t the next hop for the default route to 129.102.0.2.
MA5300(config)# ip route 0.0.0.0 0.0.0.0 129.102.0.2
18.3.3 Viewing a Static Route

The MA5300 supports multiple methods to display the routing table information. This is helpful for monitoring and maintaining the routing table. After the above configuration, you can run the command show to display the static route configuration and verify the configuration. Table 18-3 Viewing a static route To View the summary of a routing table View the details on the routing table View the information on a specified route View the information on the radix routing table Use show ip route In All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
show ip route detail
show ip route ip-address
show ip route radix
View the static routing table
show ip route static
18.3.4 Static Route Configuration Example

HostA 1.1.5.1/24 1.1.5.2/24 1.1.2.2/24 1.1.2.1/24 1.1.1.2/24 MA5300 A HostC 1.1.1.1/24 MA5300 B HostB 1.1.4.1/24
1.1.3.1/24 1.1.3.2/24
MA5300 C
1.1.4.2/24
Figure 18-3 Networking diagram of the static route configuration example As shown in Figure 18-3, the mask of all the IP addresses in the figure is 255.255.255.0. It is required that all the hosts or MA5300s be interconnected in pairs through static routes.

! Set the static route for MA5300 A.
MA5300 A(config)# ip route 1.1.3.0 255.255.255.0 1.1.2.2 MA5300 A(config)# ip route 1.1.4.0 255.255.255.0 1.1.2.2 MA5300 A(config)# ip route 1.1.5.0 255.255.255.0 1.1.2.2
! Set the static route for MA5300 B.

MA5300 B(config)# ip route 1.1.2.0 255.255.255.0 1.1.3.1 MA5300 B(config)# ip route 1.1.5.0 255.255.255.0 1.1.3.1 MA5300 B(config)# ip route 1.1.1.0 255.255.255.0 1.1.3.1
! Set the static route for MA5300 C.

MA5300 C(config)# ip route 1.1.1.0 255.255.255.0 1.1.2.1 MA5300 C(config)# ip route 1.1.4.0 255.255.255.0 1.1.3.2
! Set the default gateway of the Host A to be 1.1.5.2 ! Set the default gateway of the Host B to be 1.1.4.2 ! Set the default gateway of the Host C to be 1.1.1.2 By now, all the hosts or MA5300s in the figure can be interconnected in pairs.
18.3.5 Static Route Troubleshooting

Fault: The router is not configured with any dynamic routing protocol. Both the physical status of the interface and the link layer protocol status are in UP state. However, the IP packet cannot be forwarded normally. Troubleshooting: Run the command show ip route static to view whether the corresponding route is correctly configured. Run the command show ip route to view whether the static route is valid.
18.4 Configuring OSPF

18.4.1 Overview
Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF. At present, OSPF version 2 (RFC2328) is used. It has the following features: Application scope It supports network of various scales and hundreds of routers. Fast convergence It enables sending an update packet immediately after the network topology is changed, so that the change can be synchronized in the Autonomous System (AS). Loop-free As OSPF calculates the route with the shortest path tree algorithm through the collected link state, no loop routes will be generated from the algorithm itself. Area division The network of the AS is divided into areas. The routing information between the areas becomes more abstract, reducing the bandwidth occupation in the network. Equal route It supports multiple equal routes to the same destination address. Routing hierarchy Four types of routes are used in the order of preference: intra-area routes, inter-area routes, external routes of type 1 and external routes of type 2. Authentication It supports interface-based packet authentication to ensure the security of route calculation.
Multicast Packets can be broadcasted on the link layer using the multicast address. The whole network can be regarded as consisting of multiple ASs. Information synchronization of the ASs can be realized through dynamical discovery and transmission of the AS link status. Each AS can also be further divided into several areas. If the interfaces of a router are allocated to multiple areas, this router is called an Area Border Router (ABR). An ABR is located at the area boundary and is connected to multiple areas. All ABRs and the routers between the ABRs comprise a backbone area. (The backbone area is identified with area 0) As all areas shall be connected with the backbone area, the concept of virtual link is introduced to ensure that logical connectivity remains between in the physically divided areas. The router that exchanges routing information with other ASs is called Autonomous System Boundary Router (ASBR), which advertises AS external routes in the whole autonomous system.
I. Process of OSPF route calculation

The calculating process for the OSPF route can be briefed as follows: Each OSPF-enabled router maintains a Link-State DataBase (LSDB) that describes the topological structure of the whole AS. Each router generates a Link-State Advertisement (LSA) based on the topological structure of the surrounding network and sends LSA to the neighbors in the network. In this way, each router receives the LSAs from others and stores these LSAs in the LSDB. As LSA describes the topological structure of the surrounding network of a router, LSDB describes the topological structure of the whole network. It is easy for the router to translate LSDB into a weighted, directed graph. This graph shows exactly the topological structure of the whole network. All routers in the same area get the same graph. Each router calculates a shortest path tree with the root being itself using the OSPF algorithm. This tree gives the routes to all the nodes in the AS. External routing information is the leaf node. An external route can be tagged by the router that broadcasts it to record additional information of the AS. Each router gets a different routing table. In addition, multiple adjacency relations should be set up so that each router can broadcast the local status information (such as available interface information, reachable neighbor information) to the whole system. As a result, the route change of any router may be transmitted many times, which is unnecessary and wastes the precious bandwidth resources. To address the above problem, OSPF adopts the concept of Designated Router (DR). All routers only send information to the DR. The DR will broadcast the network link
state. Then the number of adjacency relations between the routers on a multi-access network is greatly reduced. In OSPF, interface-based packet authentication is used to ensure the security of route calculation; and packets can be transmitted and received in the IP multicast mode.
II. OSPF packets

OSPF uses five types of packets: Hello Packet It is the most common packet which is periodically sent by a router to its peer. It contains DR, Backup Designated Router (BDR), the known peer and the values of some timers. Database Description (DD) Packet When two routers synchronize their databases, they use the DD packets to describe their own LSDBs, including the digest of each LSA. (The digest refers to the HEAD of an LSA, which is used to uniquely identify the LSA). This can reduce the traffic between the routers, since the HEAD of a LSA only occupies a small portion of the overall LSA traffic. With the HEAD, the peer router can judge whether it has had the LSA. Link State Request (LSR) Packet After exchanging the DD packets, the two routers know which LSAs of the peer routers do not exist in the local LSDBs. In this case, they will send LSR packets to the peers to request for the needed LSAs. The packets contain the digests of the needed LSAs. Link State Update (LSU) Packet The packet is used to transmit the needed LSAs to the peer router. It contains a set of multiple LSAs (complete contents). Link State Acknowledgment (LSAck) Packet The packet is used for acknowledging the received LSU packets. It contains the HEAD(s) of LSA(s) requiring acknowledgement. (One packet can acknowledge multiple LSAs).
III. Related Concepts

The following introduces some concepts associated with OSPF. 1) Router ID
To run OSPF, a router must have a router ID. If no ID is configured, the system will automatically select an IP address from the current interface IP addresses as the Router ID. 2) DR and BDR DR
Suppose there is a broadcast network where the routers are directly connected without other in-between routing devices. To enable the individual routers to broadcast the information of their local statuses to the whole AS, all routers in the environment should set up adjacency. In this case, a route change of any router will result in many information deliveries, which are both unnecessary and a waste of bandwidth. In order to solve the problem, OSPF defines the DR. All the routers only need to transmit information to the DR for broadcasting the network link states. Which router can be the DR in its segment is not specified manually. Rather, DR is elected by all the routers in the segment. BDR If the DR fails due to some fault, a new DR must be elected by and synchronized with the other routers on the segment. In this process, which will take a relatively long time, the route calculation is incorrect. To shorten this process, BDR is defined in OSPF. BDR is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are also set up between the BDR and all the routers on the segment, and routing information is exchanged between them. If the DR in use fails, the BDR will become a DR immediately. 3) Area
As the growing of network size and increasing of routers, a great deal of OSFP packets will be generated and transmitted in the network. This will lower the network bandwidth utility. In addition, each change will cause all the routes in the network to compute the route again. To solve the above problems, OSPF divides an AS into different areas. Areas logically group the routers. The borders of areas are some routers. A router connects the backbone area and a non-backbone area is called ABR. An ABR can connect to the backbone area either physically or logically. 4) Backbone area and virtual link Backbone area Not all OSPF areas are equal. One area is different from all other areas. Its area ID is 0 and it is usually called the backbone area. Virtual link Since all OSPF areas should be connected logically, virtual link is adopted so that the physically separated areas can still maintain the logic connectivity. 5) Route summary
AS is divided into different areas which are interconnected through OSPF ABRs. The routing information between areas can be reduced through route summary. This help to reduce the size of routing table and improve the calculation speed of the router.
After finding an intra-area route of an area, the ABR will look up the routing table and encapsulate each OSPF route into an LSA and send it outside the area.
IV. OSPF features of the MA5300

The OSPF software implemented on the MA5300 complies with Internet RFC2328. It has the following features: Stub area Stub area is defined in order to save the overhead on receiving ASE (Autonomous System External) routes by local routers. NSSA (short for Not-So-Stubby Area) NSSA has been defined as a solution to the limit of the Stub area in terms of topologies. Routing information sharing with other dynamic routing protocols In OSPF, dynamic routing protocols and static routes can be redistributed to the AS as the external routes of OSPF. Conversely, the routing information discovered by OSPF can be distributed to other routing protocols. Authentication OSPF supports two authentication means for adjacent routers in the same area: plaintext string authentication and MD5 authentication. Flexible configuration of interface parameters of a router On the interfaces of a router, parameters which can be configured with OSPF include: Output cost Hello packet transmit interval Retransmit interval Interface transmit delay Routing preference "Dead" time of adjacent routers Packet authentication mode Authentication key Virtual link Virtual link can be set up for OSPF on the MA5300. Abundant debugging information OSPF on the MA5300 provides abundant debugging information to help fault diagnosis.
18.4.2 Setting OSPF

The configuration of OSPF requires coordination among respective routers, including intra-area routers, ABRs and Autonomous System Boundary Routers (ASBRs). If no configuration is made, the default parameters will be used for the routers. In this case, no authentication is required for transmitting and receiving packets. When default parameters are changed, make sure that the configuration among respective routers is consistent. You must first enable OSPF and specify the interface and area number before configuring other features. However, the interface-related features of configuration are not restricted regardless of the enabling/disabling of OSPF. Note that the original interface parameters would become invalid after OSPF is disabled. Table 18-4 lists the commands for configuring OSPF. Table 18-4 Commands for configuring OSPF To Enable/Disable OSPF Set/Cancel the interface and area ID Set the network type on the OSPF interface Set the cost for interface transmit packets Set the transmit interval of the Hello packet Set the transmit interval of the poll packet Set the dead interval between adjacent routers Set the OSPF transmit delay Set the LSA transmit interval Specify the interface and area ID Set the neighbor Set the OSFP Stub area Use (no) router ospf (no) router id (no) ip ospf network (no) ip ospf cost (no) ip ospf timer hello (no) ip ospf poll-interval (no) ip ospf dead-interval (no) ip ospf transmit-delay (no) ip ospf retransmit-interval (no) network (no) neighbor (no) area stub In Global configuration mode Global configuration mode VLAN interface configuration mode VLAN interface configuration mode VLAN interface configuration mode VLAN interface configuration mode VLAN interface configuration mode VLAN interface configuration mode VLAN interface configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode
To Set OSPF NSSA Set the route summarization between OSPF areas Set/Cancel OSPF virtual links Set the area authentication Set plaintext authentication Set MD5 authentication Redistribute routes of other protocols Set the parameters for OSPF to redistribute external routes Redistribute default routes into the OSPF routing table Set route preference Set the OSPF route filtering Set the MTU filling for an interface transmitting DD packets Disable/Enable an interface to send OSPF packets
Use (no) area nssa (no) area range (no) area virtual-link (no)area authentication (no) ip ospf authentication-key (no) ip ospf message-digest-key (no) redistribute (no) default redistribute (no) default-information originate (no) preference (no) distribute-list
In OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode
(no) ip ospf mtu-enable
(no) passive-interface
I. Enabling/Disabling OSPF
To enable OSPF and enter OSPF configuration mode, you can run the command router ospf. To disable OSPF, you can run the command no router ospf. By default, OSPF is disabled.
II. Setting the router ID

The router ID is a 32-bit unsigned integer, which uniquely identifies a router in the AS. So the router ID must be configured. In manual router ID configuration, make sure that there are no routers having the same ID within the AS. Usually, the router ID is set the same as the IP address of one of the routers interface.
To set/cancel the router ID, you can run the command (no) router-id. This example shows how to set the MA5300s ID as 10.1.1.3.
MA5300 (config)# router id 10.1.1.3
III. Specifying the interface and area ID

The OSPF protocol divides the AS into different areas. That is, the router is divided into groups logically. One router may belong to different areas (such a router is also called ABR), whereas a network segment can be in one area only. In other words, each interface running OSPF must be specified to a specific area. The area is identified with an area ID. ABR transmits routing information between areas. In addition, all routers in the same area should comply with the parameter configuration of this area. Therefore, during the configuration of routers in the same area, most configuration data should be taken into consideration based on this area. Wrong configuration will make it impossible for adjacent routers to forward information to each other, or may even lead to blocking or loop of routing information. After the OSPF is enabled, you need to specify the interface running OSPF and the area where the interface is located. To specify/cancel the interface and area ID, you can run the command (no)network. By default, no area is specified for an interface. This example shows how to set the segment 131.108.20.0 to run OSPF and specify the area ID as 2.
MA5300 (config-router-ospf)# network 131.108.20.0 0.0.0.255 area 2
Note: Enabling OSPF is related to a segment. wildcard-mask is similar to the reverse mask of IP address. Where, 1 indicates the corresponding bit in an IP address is ignored, while 0 indicates the bit is reserved. For 10.121101.1/16, the wildcard mask should be 0.0.255.255. area-id is the ID of an area where a router locates. To assure OSPF works normally, the area ID of all routers belonging to a specific area must be the same.
IV. Setting the network type on the OSPF interface

OSPF calculates the route based on the topological structure of the neighboring network of this router. Each router describes the topology of its neighboring network and advertises it to all other routers. OSPF divides networks into four types by link layer protocol:
Broadcast: If Ethernet or FDDI is adopted, the default network type of OSPF is broadcast. Non-Broadcast Multi-access (NBMA) If ATM is adopted as a link layer protocol, the default network type of OSPFis NBMA. Point-to-Multipoint (p2mp) No link layer protocol is regarded to be p2mp by default. A p2mp network must be compulsorily changed from other network types. The common practice is to change a non fully matched NBMA into a p2mp network. Point-to-point (p2p) When the link layer protocol is PPP, LAPB or POS, the default network type of OSPF is p2p. NBMA refers to Non Broadcast MultiAccess networks. ATM network is a typical NBMA network. You can specify the transmit interval for the Hello packet between adjacent routers before the adjacency is set up. The following configuration is recommended: The interface can be configured as the non-broadcast mode on the broadcast network without multi-access capability. If direct access is not available to all routers in the NBMA network, the interface type can be configured as point-to-multipoint. If router has only one opposite end in the NBMA network, interface type can be changed to point-to-point. The following describes the differences between NBMA and point-to-multipoint: In OSPF, NBMA refers fully connected, nonbroadcast and multi-access networks. In comparison, a point-to-multipoint network does not necessarily require the network to be fully connected. Both DR and BDR should be elected on NBMA. However, there is no DR or BDR in the point-to-multipoint network. NBMA is a default network type. For example, if the link layer protocol is ATM, OSPF regards the network type is NBMA by default (no matter whether the network is fully connected or not). However, point-to-multipoint network is not the default network type. You have to manually change another network type to point-to-multipoint. (The most common practice is to change a non-fully connected NBMA into a point-to-multipoint network.) In the NBMA network, packet is unicast. The neighbors must be configured manually. However, in the point-to-multipoint network, the packet is broadcast. Since the link layer of the MA5300 is Ethernet, OSPF takes the network type as broadcast. Usually, do not change the network type. After the interface has been configured with a new network type, the original network type of the interface is removed automatically.
To set the network type for an interface, you can run the command ip ospf network. To restore the default setting, you can run the command no ip ospf network. This example shows how to set the network type for interface VLAN-Interface1 to NBMA.
MA5300(config)# interface vlan-interface 1 MA5300(config-Vlan-Interface1)# ip ospf network non-broadcast
V. Setting cost for interface transmit packets

You can set the cost for interface transmit packets. Or, OSPF will automatically calculate the cost according to the baudrate of the current interface. By default, the system calculates the cost automatically based on the interface baudrate: When the baudrate is smaller than 2,000 bit/s, the default cost for the transmit packet is: 100,000,000/64,000 = 1562. When the baudrate is larger than 100,000,000 bit/s, the default cost for the transmit packet is: 100,000,000/100,000,000 = 1. In other circumstances, the default cost for the transmit packet is: 100,000,000/Interface baudrate. To set the cost for interface transmit packets, you can run the command ip ospf cost. To restore the default setting, you can run the command no ip ospf cost. This example shows how to set the cost for interface VLAN1 running OSPF to 65.
MA5300(config)# interface vlan-interface 1 MA5300(config-Vlan-Interface1)# ip ospf cost 65
VI. Setting interface priority in DR election

The priority of router interface determines the qualification of the interface in DR election. The interface with higher priority would be considered first when conflict arises in terms of voting right. DR is not manually designated. It is elected by all routers in the local network segment. The routers whose priority is greater than 0 in the local network segment can be used as the "candidates". The router with the highest priority will be selected among all routers that claim to be the DR. If two routers have the same priority, the one with greater Router ID is selected. The ballot is a Hello packet. Each router writes its DR into the Hello packet and sends it to all other routers in the network segment. When two routers in the same network segment claim to be the DR, the one with higher priority is selected. If the priorities are the same, the one with greater router ID is selected. If the priority of a router is 0, it will not be elected as DR or BDR.
If the DR is unavailable due to some fault, a new DR should be elected and be synchronized. This may be time consuming, and route calculation is incorrect during the process. To shorten the process, OSPF puts forward the concept of BDR. BDR is actually a backup of DR and is elected together with DR. BDR also creates adjacency with all routers in the local network segment and exchanges routing information with them. When DR fails, BDR will become DR immediately without re-election. With the adjacency already created, this takeover process is instant. Of course, a new BDR needs to be elected again. It may take a long time, but this will not affect the route calculation. The following shall be noted: DR in the network segment is not necessarily the router with the highest priority. Similarly, BDR is not necessarily the router with the second highest priority. For example, if a new router is added after the DR and BDR are elected, this new router will not become the DR of the network segment even it has the highest priority. DR is a concept adopted in a specific network segment, and defined in regard to the interface of the router. A router may be the DR on one interface or BDR/DR Other on another interface. DR will be elected only on a broadcast interface or an NBMA interface. It is unnecessary for DR election on a point-to-point interface or a point-to-multipoint interface. By default, the priority of the Interface is 1 in the DR election. The value can be taken from 0 to 255. To set the interface priority in DR election, you can run the command ip ospf priority. To restore the default setting, you can run the command no ip ospf priority. This example shows how to set the priority of interface VLAN-Interface 1 in DR election to 8.
MA5300(config)# interface vlan-interface 1 MA5300(config-Vlan-Interface1)# ip ospf priority 8
VII. Setting the neighbor

For an NBMA network, some special configurations are required. Since an NBMA interface on the network cannot discover the adjacent router through broadcasting the Hello packets, you need to specify an IP address for the adjacent router, and whether the adjacent router is eligible for election. By default, the preference for the neighbor of NBMA interface is 1. To set the neighbor, you can run the command neighbor ip-address. With priority_num not specified, the adjacent router will be regarded as ineligible. This example shows how to set the neighbor of NBMA interface, with IP address as 131.108.3.4, and the priority as 1.
MA5300(config-router-ospf)#neighbor 131.108.3.4 priority 1
This example shows how to cancel the neighbor of NBMA interface.

MA5300(config-router-ospf)#no neighbor 131.108.3.4
VIII. Setting the transmit interval of the Hello packet

Hello packet is the most common packet. It is sent to the adjacent routers periodically to find and maintain adjacency, as well as elect the DR and BDR. You can set the value of Hello interval (namely the interval for sending the Hello packet). The smaller the hello interval is, the sooner the network change will be discovered, but the more network resources will be consumed. The Hello interval of routers in the same network segment must be the same. By default, Hello interval of point-to-point and broadcast interfaces is 10 s and that of point-to-multipoint and nonbroadcast interfaces is 30s. To set the transmit interval of the Hello packet, you can run the command ip ospf timer hello.
IX. Setting the transmit interval of the poll packet

When a router is enabled, it sends Hello packets only to adjacent nodes whose preference is larger than 0. After the DR and BDR in the network segment are elected, the DR and BDR will then send Hello packets to all neighbors to set up adjacency. If an adjacent router fails, the router will periodically send Hello packets based on the poll interval defined in the command ospf timer poll, until the adjacent router is available again. The poll interval should at least triple the hello interval. By default, the time interval for polling the Hello packet is 120s. To set the transmit interval for the poll packet, you can run the command ip ospf poll-interval.
X. Setting the dead interval between adjacent routers

Dead interval between adjacent routers refers to the period during which the router fails to receive Hello packet from a neighboring router and then considers the neighboring router as unavailable. You can set the value of dead interval, namely the interval upon which the remote router becomes invalid. The dead interval should be at least four times that of Hello interval, while dead interval of all routers in the same network segment should be the same. By default, the value of dead interval between adjacent routers on point-to-point and broadcast interfaces is 40s and that on point-to-multipoint and NBMA (non-broadcast) interfaces is 120s.
Note that after the network type is modified, hello interval and dead interval are both restored to the default values. To set the dead interval between adjacent routers, you can run the command ip ospf dead-interval. To restore the default setting, you can run the command no ip ospf dead-interval. For example, set the dead interval for the neighbors on interface VLAN-Interface 1 to 60s.
XI. Setting the LSA transmit interval

An LSA expires in the LSDB of the local router (1 is added per second), but not in the process of network transmission. Therefore, it is necessary to add transmit delay (namely the LSA transmit interval) to the expiration time before the transmission. This configuration is very important for low-speed networks. By default, the interval for sending link-state update packet is 1 second. To set the LSA tranmit interval, you can run the command ip ospf transmit-delay. To restore the default setting, you can run the command no ip ospf transmit-delay.
XII. Setting the LSA retransmit interval between adjacent routers

When a router sends an LSA to its neighbor, it should wait for an ACK from them. If no ACK is received from the neighbor within the retransmit interval, this LSA should be retransmitted. You can set the value of retransmit interval. Note that do not set the value of retransmit interval too small, or unnecessary retransmission will occur. The value should be greater than the period when a packet is transmitted between two routers for a round. By default, LSA retransmit interval between adjacent routers is 5 seconds. To set the LSA retransmit interval, you can run the command ip ospf retransmit-interval. To restore the default value, you can run the command no ip ospf retransmit-interval. This example shows how to set the LSA retransmit interval to 8s.
MA5300(config)# interface vlan-interface 1 MA5300(config-Vlan-Interface1)# ip ospf retransmit-interval 8
XIII. Setting the OSPF stub area

Stub area refers to the type of LSA areas that do not broadcast the received external routes. In the Stub area, the size of routing table and amount of routing information transmitted will be greatly reduced.
Stub area is an optional attribute, but not all areas comply with the configuration condition. Usually, a Stub area is located at the boundary of the autonomous system, namely a non-backbone area where there is only one ABR. To ensure that the route outside the area is still reachable, ABR of this area generates a default route (0.0.0.0) and advertises it to other non-ABR routers in the area. In Stub area configuration, pay attention to the following points: The backbone area cannot be set as a Stub area and virtual link cannot go through a Stub area. To set an area as a Stub area, all routers in this area must be configured with this attribute. There should be no ASBRs in Stub area. That is, the external routes of AS cannot be redistributed to the interior of the area. By default, Stub area is not configured. The cost for sending the route to the Stub area is 1. To set an area as a Stub area, or to cancel the setting, you can run the command area area-id stub [ no-summary ]. To set the cost of the default route sent to Stub area, you can run the command area area-id default-cost. To restore the default setting, you can run the command no area area-id default-cost. Parameter description: no-summary: Forbids the ABR to send Type 3 LSAs to Stub area, to reduce LSAs sent to the Stub area This example shows how to set OSPF area 1 as a Stub area, and forbid ABR to send Summary LSAs to the Stub area.
MA5300(config-router-ospf)# area 1 stub no-summary
XIV. Setting the OSPF NSSA

In RFC1587, a new area is added NSSA Area; and a new LSA is added NSSA LSA (also called Type-7 LSA). NSSA area is actually a deformation of Stub area. It is similar in Stub area in many ways. Neither of them generates or imports AS-External-LSA (namely Type-5 LSA), and both of them can generate and import Type-7 LSA. Type-7 LSA is generated by ASBR of NSSA area, which can only advertise in NSSA area. When Type-7 LSA reaches ABR of NSSA, ABR will select whether to transform Type-7 LSA into AS-External-LSA so as to advertise to other areas. For example, in the networking in Figure 18-4, the AS running OSPF comprises three areas: Area 1, Area 2 and Area 0. Among them, Area 0 is the backbone area.
Also, there are other two ASs respectively running RIP. Area 1 is defined as an NSSA. After RIP routes of the Area 1 are propagated to the NSSA ASBR, the NSSA ASBR will generate Type-7 LSAs which will be propagated in Area 1. When the Type-7 LSAs reach the NSSA ABR, the NSSA ABR will transform it into Type-5 LSA, which will be propagated to Area 0 and Area 2. On the other hand, RIP routes of the AS running RIP will be transformed into Type-5 LSAs that will be propagated in the OSPF AS. However, Type-5 LSAs will not reach Area 1 because Area 1 is an NSSA. NSSAs and Stub areas have the same approach in this aspect. Similar to a Stub area, the NSSA cannot be configured with virtual links.
RIP NSSA ABR area1 NSSA NSSA ASBR
area2
area0
RIP
Figure 18-4 NSSA area All the routers connected to the NSSA should run the command nssa to set the area with the NSSA attribute. To set an area as an NSSA area or to cancel the setting, you can run this command: (no) area area-id nssa [ default-information-originate ] [ no-redistribute ] [ no-summary ] To set the default cost value of the route to the NSSA, you can run the command area area-id default-cost. To restore the default setting, you can run the command no area area-id default-cost. Table 18-5 Parameter description Parameter Description Used to generate the default Type-7 LSAs. The default Type-7 LSA route will be generated on an ABR, even though no default route 0.0.0.0 is in the routing table. On an ASBR, however, the default Type-7 LSA route can be generated only if the default route 0.0.0.0 is in the routing table.
default-information-originate
Parameter
Description Used on the ASBR to prevent the external routes that OSPF imported through the command import-route from advertising to the NSSA. Generally, if an NSSA router is both the ASBR and ABR, this keyword will be used. Disables ABRs sending of summary_net LSAs (Type-3 LSA) to the NSSA. This is to reduce the number of LSAs sent to the NSSA.
no-redistribute
no-summary
Note: Before running the command, you need to run the command network to specify the area range first. Or the system prompts that the area is not configured. By default, no Stub area is configured. The cost of the default route to the Stub area is 1.
This example shows how to set area 1 to be an NSSA area.

MA5300(config)# router ospf MA5300(config-router-ospf)# network 36.0.0.0 0.255.255.255 area 1 MA5300(config-router-ospf)# network 20.0.0.0 0.255.255.255 area 0 MA5300(config-router-ospf)# area 1 nssa
XV. Setting the route summarization between areas

Route summarization means that the ABR summarizes all route information with the same prefix to one route and then sends it to other areas. One area can be configured with multiple summarized segments so that OSPF can summarize multiple network segments. When the ABR sends routing information to other areas, Sum_net_Lsa (Type 3 LSA) will be generated in the unit of network segment. If an area contains a continuous range of network segments, they can be summarized into one segment through the command area range. Then the ABR only sends one summarized LSA, and all LSAs within the summarized segment specified by the command will not be sent out separately. This process downsizes the LSDBs in other areas. For example, there are two network segments in an area as follows: 202.38.160.0 202.38.180.0 255.255.255.0 255.255.255.0
They are to be summarized into one network segment: 202.38.0.0 255.255.0.0 Once the summarized network segment of a specific network is added to an area, the internal routes within this summarized segment of the area will not be broadcasted separately to other areas. Instead, only the route summary of the entire summarized network segment will be broadcasted. If the network segment range is defined with the key word notadvertise, the route summary of the network segment will not be broadcasted. This network segment is described with the IP address/mask. Receiving the summarized network segment and defining the network segment can reduce the volume of the routing information exchanged between areas. Note that route summarization is only effective when configured on an ABR. By default, routes are not summarized between areas. To set/cancel OSPF route summarization between areas, you can run this command: (no) area area-id range address mask [advertise | notadvertise] Table 18-6 Parameter description Parameter advertise Description Broadcasts the routes that reach the network segment to other areas. Indicates the routes that reach the network segment will not be broadcasted, for shielding of some network segments which external areas cannot access.
notadvertise
This example shows how to summarize the two network segments 36.42.10.0 and 36.42.110.0 of OSPF area 1 into one summarized route 36.42.0.0, and send it to other areas.
MA5300(config-router-ospf)# network 36.42.10.0 MA5300(config-router-ospf)# network 36.42.110.0 0.255.255.255 area 1 0.0.0.255 area 1
MA5300(config-router-ospf)# area 1 range 36.42.0.0 255.255.0.0
XVI. Setting a virtual link

After OSPF area division, not all areas are equal. There is a special area called the backbone area, whose area ID is 0.0.0.0. OSPF route update between non-backbone areas is carried out through the backbone area. OSPF stipulates that all non-backbone areas must be connected with the backbone area. That is, at least one interface on ABR should be in the area 0.0.0.0. If there is no physical connection between a non-backbone area and a backbone area, a virtual link must be set up.
If physical connectivity cannot be ensured due to the limitation of the network topological structure, setting up a virtual link can address this requirement. A virtual link is a logic connection created in the internal route area of a non-backbone area between two ABRs. At both ends of the virtual link are two ABRs. Virtual link configuration will be effective only when it is configured at both ends simultaneously. The virtual link is identified by the peer router ID. The area providing the internal route in a non-backbone area is called a Transit Area. Its area ID should also be specified in virtual link configuration. The virtual link will be activated after the route passing through the Transit Area has been calculated. This is like a point-to-point connection between two end points. On this virtual, various interface parameters (such as the transmit interval of the Hello packet) can be configured, just as the same case on a physical interface. "Logic Channel" means that multiple routers running OSPF between two ABRs only function to forward packets (since destination addresses of the protocol packets are not the routers, the packets are transparent to the routers and are transmitted as ordinary IP packets.); whereas routing information are transmitted directly between two ABRs. The synchronization mode of routers in this Transit Area is not changed. Note that if the AS is divided into more than one area, the following conditions must be met: One of them must be the backbone area. Other areas must be connected with the backbone area directly or logically. The backbone area itself should be connected. Perform these operations in OSPF configuration mode. Table 18-7 Creating and setting virtual link To Use area area-id virtual-link router-id [ hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [ authentication-key password | message-digest-key keyid md5 key ] no area area-id virtual-link router-id In
Create and set a virtual link
OSPF configuration mode
Cancel the virtual link
created
OSPF configuration mode
By default, area-id and router-id have no default values. The default value of other parameters: hello-interval: 10s. retransmit-interval: 5s
transmit-delay: 1s dead-interval: 40s. This example shows how to create a virtual link from 36.0.0.0 to 36.3.4.5, and adopts MD5 authentication.
MA5300(config-router-ospf)# area 36.0.0.0 virtual-link 36.3.4.5 MA5300(config-router-ospf)# message-digest-key 3 md5 345 area 36.0.0.0 virtual-link 36.3.4.5
XVII. Setting the packet authentication between OSPF areas

Authentication types of all routers in one area must be consistent. The authentication types can be any of these: Not supporting authentication Supporting plaintext authentication Supporting MD5 authentication Authentication passwords of all routers in one segment must be consistent. To set the plaintext authentication password in this area, you can run the commands area area-id authentication-key. To set the MD5 authentication password in this area, you can run the command area area-id message-digest-key. By default, the area does not support packet authentication. To set the authentication mode in an area, you can run the command area area-id authentication [message-digest], With no parameter specified, the plaintext authentication is adopted. With the parameter message-digest, the MD5 authentication is adopted. This example shows how to set area 1 to use plaintext authentication.
MA5300(config-router-ospf)#area 1 authentication
This example shows how to set area 10.12.10.1 to use MA5 authentication.
MA5300(config-router-ospf)#area 10.12.10.1 authentication message-digest
XVIII. Setting the packet authentication mode

OSPF supports plaintext authentication or MD5 authentication between adjacent routers. By default, the interface is not configured with any plaintext authentication or MD5 authentication.
Table 18-8 Configuring packet authentication mode To Set the plaintext authentication for packets on the interface Cancel the use of plaintext authentication for packets on the interface Set the use of MD5 authentication for packets on the interface Cancel the use of MD5 authentication for packets on the interface Use ip ospf authentication-key password no ip ospf authentication-key ip ospf message-digest-key key-id md5 key no ip ospf message-digest-key In VLAN interface configuration mode VLAN interface configuration mode VLAN interface configuration mode VLAN interface configuration mode
Note: The plaintext authentication password is valid only when plaintext authentication is configured. The MD5 authentication password is valid only when MD5 authentication is configured.
This example shows how to set plaintext authentication for interface VLAN1 to authenticate OSPF packets, and the password is abcdefgh.
MA5300(config)# interface vlan-interface 1 MA5300(config-Vlan-Interface1)# ip ospf authentication-key abcdefgh
XIX. Redistributing the routes of other protocols

Dynamic routing protocols on the routers can share the routing information. Due to OSPF features, the routes that discovered by other routing protocols are always regarded as the routes outside the AS in processing. In receiving commands, such parameters as the cost type of the route, cost and tag can be specified to overwrite default routing parameters. OSPF uses four different types of routes, as listed below in the order of their preferences: Intra-area route Inter-area route External route Type 1 External route Type 2
The Intra-area route and inter-area route describe the network structure inside the AS. The external route describes how to select the route to a destination outside the AS. External route Type 1: Indicates that IGP routes are received (such as RIP, STATIC). Since this type of routes is more credible, the calculated cost of the external route and the cost of the route inside the AS are in the same numeric level and it is comparable with the cost of the OSPF route. That is, Cost of Type 1 external route = Cost from the local router to the corresponding ASBR = Cost from the ASBR to the destination address of the route. External route Type 2: Indicates that EGP routes are received. Since this type of route is less credible, OSPF protocol considers that the cost from the ASBR to the outside of the AS is much greater than that from inside the AS to the ASBR. Only the former cost is taken into consideration when calculating the routing cost. That is, Cost to external route Type 2 = Cost from ASBR to the route destination address. If the values are equal, then also consider the cost from the local router to the corresponding ASBR. To redistribute/cancel route information of other protocols, you can run this command: (no) redistribute protocol [ metric metric ] [ tag tag-value ] [ type 1 | 2 ] [ route-map map-name ] protocol specifies the source routing protocols that can be redistributed. At present, they are connected, static, rip, is-is and BGP. By default, OSPF does not redistribute routing information of other protocols. This example shows how to specify the redistributed RIP route as Type 2, with route tag as 33 and route cost as 50.
MA5300 (config-router-ospf)# redistribute ospfase rip type 2 tag 33 metric 50
For detailed description of redistributing routes, refer to Setting Route Policy
XX. Setting the parameters for OSPF to redistribute external routes

When OSPF redistributes routes discovered by other routing protocols as the external routing information of its own AS, certain parameters are needed, including the default cost and default tag of the route. Route tag is used to identify protocol-related information. For example, it is used to differentiate the AS number when OSPF receives BGP routing information. By default: Neither cost nor tag value is available when the external routes are being received. Type 2 routes are redistributed. The interval for redistributing route is 1 second. Up to 1000 routes can be redistributed every time.
Table 18-9 Setting parameters for OSPF to redistribute external routes To Set the interval when OSPF to redistribute external routes Restore the default interval when OSPF redistributes external routes Set the upper limit for the routes that OSPF redistributes each time Restore the default upper limit for the external routes that can be imported at a time Set the cost for the OSPF to redistribute external routes Restore the default cost for the OSPF to redistribute external routes Set the tag for the OSPF to redistribute external routes Restore the default tag for the OSPF to redistribute external routes Set the type of external routes that OSPF will redistribute Restore the default type of the external routes redistributed by OSPF default seconds Use redistribute interval In OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode
no default redistribute interval
default redistribute limit routes
no default redistribute limit
default redistribute metric metric
no default redistribute metric
default redistribute tag tag
no default redistribute tag
default redistribute type { 1 | 2 }
no default redistribute type
This example shows how to set the default interval when OSPF redistributes external routes to 10s.
MA5300(config-router-ospf)# default redistribute interval 10
This example shows how to specify the default type of the route redistributed by OSPF as Type 1 route.
MA5300 (config-router-ospf)# default redistribute type 1
XXI. Redistributing the default routes into the OSPF routing table
Default routes cannot be redistributed through the command redistribute. To redistribute default routes into the routing table, you can run this command: default-information originate [ always ] [ metric metric-value ] [ type type-value ] [ route-map map-name ] By default, OSPF does not redistribute any default route. If the host has the default route, ase lsa of the default route will be generated. If not, it will not be generated.
MA5300(config-router-ospf)# default-information originate
Even the host has no default route, ase lsa of the default route will still be generated and broadcasted to OSPF route area.
MA5300(config-router-ospf)# default-information originate always
XXII. Setting the route preference

As multiple dynamic routing protocols may run on the router at the same time, the problem of information sharing and selection between the routing protocols occurs. The system sets a preference for every routing protocol. When several protocols find the same route, the protocol with higher preference will prevail. By default, OSPF preference is 10, and the preference of the redistributed external routing protocol is 150. To set the OSPF protocol preference between routing protocols, you can run the command preference [ ase ] preference. To restore the default value, you can run the command no preference [ ase ]. This example shows how to specify the preference of AS external route redistributed by OSPF as 160.
MA5300 (config-router-ospf)# preference ase 160
XXIII. Setting the OSPF route filtering

The configuration of OSPF route filtering involves: Setting the filtering of routes redistributed by OSPF Setting the filtering of routes advertised by OSPF By default, OSPF does not filter the redistributed or advertised routing information.
Table 18-10 Setting the OSPF filtering the distributed route To Set the OSPF filtering of the redistributed route Use distribute-list {access-list-number | prefix-list prefix-list-name [gateway prefix-list-name ] }in no distribute-list {access-list-number | prefix-list prefix-list-name [gateway prefix-list-name ] }in distribute-list { access-list-number | prefix prefix-list-name } out [ routingprocess ] no distribute-list { access-list-number | prefix prefix-list-name } out [ routingprocess ] In OSPF configuration mode OSPF configuration mode OSPF configuration mode OSPF configuration mode
Cancel the OSPF filtering of the redistributed route
Set the OSPF filtering of the advertised route
Cancel the OSPF filtering of the advertised route
This example shows how to filter the routes redistributed in light of the rules specified in ACL2.
MA5300(config)# access-list 2 permit 20.0.0.0 MA5300(config)# access-list 2 deny any MA5300(config-router-ospf)# distribute-list 2 in 0.255.255.255
For detailed description, refer to part Setting Route Filtering in Route Policy.
XXIV. Setting the MTU filling for an interface transmitting DD packets

OSPF-enabled routers use the Database Description (DD) packets to describe their own LSDBs when synchronizing the databases. You can manually specify an interface to fill in the Maximum Transmission Unit (MTU) field in a DD packet when it transmits the packet. The MTU should be set to the real MTU on the interface. By default, the interface does not fill in the MTU field when transmitting DD packets. That is, MTU in the DD packets is 0. To enable/disable an interface to fill in the MTU field when it transmits DD packets, you can run the command (no) ip ospf mtu-enable. This example shows how to specify interface VLAN-Interface 3 to fill in the MTU field when it transmits DD packets.
MA5300(config)# interface vlan-interface 3 MA5300(config-Vlan-Interface3)# ip ospf mtu-enable
XXV. Setting the sending of OSPF packets on an interface

To prevent OSPF routing information from being obtained by the routers on a certain network, you can run the command passive-interface to disable the interface to transmit OSPF packets. To enable the interface to transmit OSPF packets, you can run the command no passive-interface. By default, all the interfaces are allowed to transmit and receive OSPF packets. After an OSPF-enabled interface is set to be in Silent status, the interface can still advertise its direct route. However, the OSPF Hello packets of the interface will be blocked, and adjacency cannot be set up on the interface. This configuration is to enhance OSPFs adaptability to the network and reduce consumption of system resources.
18.4.3 Viewing OSPF Information

After the above configuration, you can run the command show to display the OSPF configuration and verify the configuration. Table 18-11 Commands for viewing OSPF information To View general information of OSPF routing show ip ospf Use In All modes except the user EXEC mode All modes except the user EXEC mode
View OSPF statistics
show ip ospf cumulative show ip ospf database [ adv-router ip-address ] [ asbr-summary | database-summary |external | network | router | self-originate | summary ] [ ip-address ][ adv-router ] [ self-originate ] show ip ospf neighbor
View OSPF LSDB information
View OSPF neighbor information View OSPF next hop information View OSPF routing table information
All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
show ip ospf nexthop
show ip ospf routing
To View OSPF virtual link information
Use show ip ospf virtual-links
In All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
View OSPF request-lists
show ip ospf request-list
View OSPF retransmission-lists View OSPF ABR and ASBR information View OSPF interface information View OSPF error information
show ip ospf retrans-list
show ip ospf border-routers
show ip ospf interface
show ip ospf error
18.4.4 OSPF Configuration Example (Setting DR Election by OSPF Preference)

MA5300 A 1.1.1.1 DR 192.1.1.1/24 192.1.1.2/24 192.1.1.4/24 192.1.1.3/24 BDR MA5300 B 2.2.2.2 MA5300 C 3.3.3.3 MA5300 D 4.4.4.4
Figure 18-5 Configure DR election by OSPF preference Four MA5300s (MA5300 A, MA5300 B, MA5300 C and MA5300 D), which can perform the router functions and run OSPF, are located on the same segment, as shown in the Figure 18-5. Requirements: Preference of MA5300 A is 100, the highest on the network, so MA5300 A is elected as the DR. MA5300 C has the second highest preference, so it is elected as the BDR.
Preference of MA5300 B is 0, which means that it cannot be a DR. MA5300 D has no preference, so its default preference is 1.

1) Configure MA5300 A.
MA5300 A(config)# interface vlan-interface 1 MA5300 A(config-Vlan-Interface1)# ip address 192.1.1.1 255.255.255.0 MA5300 A(config-Vlan-Interface1)# ip ospf priority 100 MA5300 A(config)# router id 1.1.1.1 MA5300 A(config)# router ospf MA5300 A(config-router-ospf)# network 192.1.1.0 0.0.0.255 area 0
2)
Configure MA5300 B.
MA5300 B(config)# interface vlan-interface 1 MA5300 B(config-Vlan-Interface1)# ip address 192.1.1.2 255.255.255.0 MA5300 B(config-Vlan-Interface1)# ip ospf priority 0 MA5300 B(config)# router id 2.2.2.2 MA5300 B(config)# router ospf MA5300 B(config-router-ospf)# network 192.1.1.0 0.0.0.255 area 0
3)
Configure MA5300 C.
MA5300 C(config)# interface vlan-interface 1 MA5300 C(config-Vlan-Interface1)# ip address 192.1.1.3 255.255.255.0 MA5300 C(config-Vlan-Interface1)# ip ospf priority 2 MA5300 C(config)# router id 3.3.3.3 MA5300 C(config)# router ospf MA5300 C(config-router-ospf)# network 192.1.1.0 0.0.0.255 area 0
4)
Configure MA5300 D.
MA5300 D(config)# interface vlan-interface 1 MA5300 D(config-Vlan-Interface1)# ip address 192.1.1.4 255.255.255.0 MA5300 D(config)# router id 4.4.4.4 MA5300 D(config)# router ospf MA5300 D(config-router-ospf)# network 192.1.1.0 0.0.0.255 area 0
You can run the command show ip ospf neighbor on MA5300 A to show OSPF neighbor. Note that MA5300 A has three neighbors.
MA5300 A(config)# show ip ospf neighbor Neighbor 4.4.4.4 3.3.3.3 2.2.2.2 pri 1 2 0 State full/DRother full/BDR full/DRother Address 192.1.1.4 192.1.1.3 192.1.1.2 Interface Vlan-Interface1 Vlan-Interface1 Vlan-Interface1
The status of every neighbor is FULL, which means that MA5300 A has created adjacency with all neighbors. Only DR and BDR have created adjacency with all routers on the network. MA5300 A is DR and MA5300 C is BDR on the network. All other neighbors are DRother, which means that they are neither DR nor BDR.
5)
Change the preference of MA5300 B to 200.
MA5300 B(config-Vlan-Interface2000)# ip ospf priority 200
You can run show ip ospf neighbor on MA5300 A to show OSPF neighbors. Note that preference of MA5300 B has been changed to 200, but it is not DR.
MA5300 A(config)# show ip ospf neighbor Neighbor 4.4.4.4 3.3.3.3 2.2.2.2 pri 1 2 200 State full/DRother full/BDR full/DRother Address 192.1.1.4 192.1.1.3 192.1.1.2 Interface Vlan-Interface1 Vlan-Interface1 Vlan-Interface1
Only when the existing DR does not exist on the network, will DR be changed. Shut down MA5300 A and run show ip ospf neighbor on MA5300 D to show neighbors. Note that MA5300 C, which used to be BDR, now becomes DR; and MA5300 B now becomes BDR.
MA5300 D(config)# show ip ospf neighbor Neighbor 3.3.3.3 2.2.2.2 pri 2 200 State full/DR full/BDR Address 192.1.1.3 192.1.1.2 Interface Vlan-Interface1 Vlan-Interface1
If all routers are moved from the network and then added into the network again, MA5300 B will be chosen as DR (whose preference is 200) and MA5300 A will become BDR (whose preference is 100). Shut down all MA5300s and reboot them. This operation will bring about a new election of DR/BDR.
MA5300 D(config)# show ip ospf neighbor Neighbor 1.1.1.1 3.3.3.3 2.2.2.2 pri 100 2 200 State full/BDR Deadtime 00:00:33 Address Interface Vlan-Interface1 Vlan-Interface1 Vlan-Interface1
192.1.1.1 192.1.1.3 192.1.1.2
2way/DRother 00:00:33 full/DR 0:00:30
18.4.5 OSPF Configuration Example (Setting OSPF Virtual Links)

Area 0
MA5300 A 1.1.1.1 192.1.1.1/24
192.1.1.2/24 MA5300 B 2.2.2.2
193.1.1.2/24 Area 1
Virtual Link 193.1.1.1/24 MA5300 C 3.3.3.3 152.1.1.1/24 Area 2
Figure 18-6 Configure OSPF virtual link Area 2 is not directly connected with Area 0 in Figure 18-6. Area 1 serves as the Transit Area to connect Area 2 and Area 0. A virtual link is configured between MA5300 B and MA5300 C in Area 1.

1) Configure MA5300 A.
MA5300 A(config)# interface vlan-interface 1 MA5300 A(config-Vlan-Interface1)# ip address 192.1.1.1 255.255.255.0 MA5300 A(config)# router id 1.1.1.1 MA5300 A(config)# router ospf MA5300 A(config-router-ospf)# network 192.1.1.0 0.0.0.255 area 0
2)
Configure MA5300 B.
MA5300 B(config)# interface vlan-interface 7 MA5300 B(config-Vlan-Interface7)# ip address 192.1.1.2 255.255.255.0 MA5300 B(config)# interface vlan-interface 8 MA5300 B(config-Vlan-Interface8)# ip address 193.1.1.2 255.255.255.0 MA5300 B(config)# router id 2.2.2.2 MA5300 B(config)# router ospf MA5300 B(config-router-ospf)# network 192.1.1.0 0.0.0.255 area 0 MA5300 B(config-router-ospf)# network 193.1.1.0 0.0.0.255 area 1 MA5300 B(config-router-ospf)# area 1 virtual-link 3.3.3.3
3)
Configure MA5300 C.
MA5300 C(config)# interface vlan-interface 1
MA5300 C(config-Vlan-Interface1)# ip address 152.1.1.1 255.255.255.0 MA5300 C(config)# interface vlan-interface 2 MA5300 C(config-Vlan-Interface2)# ip address 193.1.1.1 255.255.255.0 MA5300 C(config)# router id 3.3.3.3 MA5300 C(config)# router ospf MA5300 C(config-router-ospf)# network 193.1.1.0 0.0.0.255 area 1 MA5300 C (config-router-ospf)# network 152.1.1.0 0.0.0.255 area 2 MA5300 C(config-router-ospf)# area 1 virtual-link 2.2.2.2
18.4.6 OSPF Troubleshooting

Fault: The OSPF is configured according to the above procedures, but the router OSPF cannot operate normally. To remove the fault, make the following checkups.
I. Local fault removal

Firstly, check whether the protocol between two directly connected routers is in normal operation. The normal sign is the neighbor status machine between the two routers IS in FULL state. (Note that in the Broadcast and NBMA network, the neighbor status machine between two DROther routers cannot achieve the FULL state. Rather, it is in 2 way state. But Full State is achieved between the DR, BDR and all the other routers). Run the command show ip ospf neighbor to view the information on OSPF neighbors. Run the command show ip ospf interface to view the OSPF information in the interface. Check whether the physical connections and the lower level protocols operate normally. You can run command ping to test the network connectivity. If the local router cannot reach the remote router, it indicates that the physical connection and the lower level protocols cannot operate normally. If the physical connection and the lower level protocols are normal, then check the OSPF parameters configured on the interface. Ensure the consistency of parameters (such as the hello interval, dead interval and authentication mode) on its adjacent router. The area IDs should be the same, and the network segments and the masks should also be consistent (but segments and masks of point-to-point network and virtual linked network can be different). Make sure the value of the dead-interval in the same interface is at least four times the value of the hello-interval. If the network type is NBMA, you must manually specify the neighbor by running the command neighbor ip-address. If the network type is Broadcast or NBMA, the priority of at least one interface should be larger than 0.
If an Area is set as the Stub area, then the area must be set as a Stub area in all the routers connected to this area. The interface types of two adjacent routers should be consistent. If more than two areas are configured, then at least one area should be configured as the backbone area. That is the area ID is 0. Ensure the backbone area is connected with all the other areas. The virtual links cannot pass through the Stub area.
II. Global fault removal

If the above procedures are correct, but the OSPF still cannot find the remote routes, check the following configuration. If a router is configured with more than two areas, then at least one area should be configured as the backbone area. As is shown in the following figure, only an area is configured in RTA and RTD, but two areas are configured in RTB (area 0, area 1) and RTC (area 1, area 2) respectively. In which, RTB has an area with the ID of 0, so it meets the requirement. But the two areas in RTC are not 0, so a virtual link should be set up between RTC and RTB so as to guarantee the connection of area 2 and area 0 (the backbone area).
RTA
area0
RTB
area1
RTC
area2
RTD
Figure 18-7 Schematic diagram of OSPF areas The virtual link cannot pass through the Stub area, and the backbone area (area 0) cannot be configured as the Stub area, i.e. if a virtual link is set up between RTB and RTC, then area 1 cannot be configured as the Stub area and area 0 cannot be configured as the Stub area either. In the above figure, only area 2 can be configured as the Stub area. The router in the Stub area cannot receive external routes. Make sure in the backbone area the connections between various nodes are normal.
HUAWEI
Part 3 Service Configuration
Operation Manual Service Configuration SmartAX MA5300/5303 Broadband Access System
Table of Contents
Table of Contents
Chapter 19 Ethernet Port Configuration ................................................................................... 19-1 19.1 Overview ........................................................................................................................ 19-1 19.2 Configuring an Ethernet Port ......................................................................................... 19-4 19.2.1 Setting Port Physical Properties.......................................................................... 19-4 19.2.2 Setting the Port Flow Control .............................................................................. 19-4 19.2.3 Setting the Port Broadcast Storm Suppression .................................................. 19-5 19.2.4 Setting the Port Priority Level.............................................................................. 19-5 19.2.5 Setting the Maximum Multicast Group Counts.................................................... 19-5 19.2.6 Enabling/Disabling the Long Frames on an Ethernet Port.................................. 19-6 19.2.7 Setting the MAC Address Learning for an Ethernet Port .................................... 19-6 19.2.8 Setting the Port Aggregation ............................................................................... 19-7 19.2.9 Adding an Ethernet Port to a VLAN .................................................................... 19-8 19.2.10 Setting the Ethernet Port Working Mode .......................................................... 19-8 19.2.11 Enabling/Disabling an Ethernet Port ................................................................. 19-8 19.3 Viewing/Clearing Ethernet Port Information .................................................................. 19-9 19.3.1 Viewing Ethernet Port Information ...................................................................... 19-9 19.3.2 Clearing the Ethernet Port Information ............................................................... 19-9 Chapter 20 xDSL Port Configuration......................................................................................... 20-1 20.1 Overview ........................................................................................................................ 20-1 20.2 Configuring an xDSL port .............................................................................................. 20-4 20.2.1 Setting the Parameters of an xDSL Port............................................................. 20-4 20.2.2 Description of xDSL Port Status.......................................................................... 20-8 20.2.3 Blocking/Unblocking an xDSL Port ..................................................................... 20-8 20.2.4 Activating/Deactivating an xDSL Port ................................................................. 20-8 20.3 Configuring an xDSL Line Profile................................................................................. 20-10 20.3.1 Adding a VDSL line profile ................................................................................ 20-10 20.3.2 Adding an ADSL/ADSL2+ Line profile .............................................................. 20-13 20.3.3 Adding an SHDSL Line Profile .......................................................................... 20-21 20.3.4 Deleting an xDSL Line Profile ........................................................................... 20-24 20.3.5 Modifying an xDSL Line Profile ......................................................................... 20-24 20.3.6 Viewing an xDSL Line Profile............................................................................ 20-25 20.4 Configuring an xDSL Alarm Profile .............................................................................. 20-26 20.4.1 Adding a VDSL Alarm Profile ............................................................................ 20-26 20.4.2 Adding an ADSL/ADSL2+ Alarm Profile ........................................................... 20-29 20.4.3 Adding an SHDSL Alarm Profile ....................................................................... 20-33 20.4.4 Deleting an xDSL Alarm Profile......................................................................... 20-35 20.4.5 Modifying an xDSL Alarm Profile ...................................................................... 20-36
Table of Contents
20.4.6 Viewing the Configurations of an xDSL Alarm Profile....................................... 20-36 20.4.7 Binding/Unbinding an xDSL Alarm Profile ........................................................ 20-37 20.5 Viewing the Information of an xDSL Port..................................................................... 20-37 20.6 Maintaining an xDSL Port ............................................................................................ 20-39 20.6.1 Resetting an xDSL Port and Chipset ................................................................ 20-39 20.6.2 Setting xDSL Port Loopback ............................................................................. 20-39 20.6.3 Testing the ATM Link Connectivity of an ADSL Port ........................................ 20-40 20.6.4 Single-ended Test of an ADSL2+ Port.............................................................. 20-41 20.6.5 Viewing the Bit Allocation of an ADSL2+ Port .................................................. 20-42 20.6.6 Viewing the Power State of an ADSL Port........................................................ 20-42 20.7 VDSL CPE Management ............................................................................................. 20-43 20.7.1 Enabling/Disabling VDSL CPE Binding ............................................................ 20-43 20.7.2 Enabling/Disabling the Automatic Upgrade of VDSL CPE ............................... 20-44 20.8 VDSL Configuration Example ...................................................................................... 20-45 20.8.1 Configuration Procedure ................................................................................... 20-45 20.8.2 Networking Description ..................................................................................... 20-45 20.8.3 Data Configuration ............................................................................................ 20-46 20.8.4 Verification......................................................................................................... 20-47 20.9 ADSL/ADSL2+ Configuration Example ....................................................................... 20-47 20.9.1 Configuration Procedure ................................................................................... 20-47 20.9.2 Networking Description ..................................................................................... 20-48 20.9.3 Data Configuration ............................................................................................ 20-48 20.9.4 Verification......................................................................................................... 20-50 20.10 SHDSL Configuration Example ................................................................................. 20-50 20.10.1 Configuration Procedure ................................................................................. 20-50 20.10.2 Networking Description ................................................................................... 20-50 20.10.3 Data Configuration .......................................................................................... 20-51 20.10.4 Verification....................................................................................................... 20-52 Chapter 21 PVC and Access Configuration.............................................................................. 21-1 21.1 Configuring a Single PVC .............................................................................................. 21-1 21.1.1 Setting the VPI and VCI ...................................................................................... 21-2 21.1.2 Setting the Connection Type of a Single PVC .................................................... 21-3 21.1.3 Enabling/Disabling the Single-PVC Multi-service Dispatch ................................ 21-3 21.1.4 Viewing the Single-PVC Configuration ............................................................... 21-5 21.2 Configuring Multiple PVCs............................................................................................. 21-6 21.2.1 Enabling/Disabling the Multi-PVC Function ........................................................ 21-7 21.2.2 Adding PVCs to a Port ........................................................................................ 21-8 21.2.3 Deleting a PVC from a Port................................................................................. 21-8 21.2.4 Modifying the PVC Configurations of a Port ....................................................... 21-8 21.2.5 Viewing the Configuration of Multi-PVC.............................................................. 21-9 21.3 Configuring IPoA.......................................................................................................... 21-10 21.3.1 Overview ........................................................................................................... 21-10
Table of Contents
21.3.2 Setting an IPoA Connection (Single-PVC)........................................................ 21-12 21.3.3 Setting an IPoA Connection (Multi-PVC) .......................................................... 21-13 21.3.4 Setting the Source MAC Address ..................................................................... 21-14 21.3.5 Setting the Default IP Address of the Upper Layer Gateway............................ 21-15 21.3.6 Setting the Mode of Obtaining Peer End IP Address........................................ 21-16 21.3.7 Viewing IPoA information .................................................................................. 21-17 21.3.8 L2 IPoA Access Configuration Example ........................................................... 21-19 21.3.9 L3 IPoA Access Configuration Example ........................................................... 21-22 21.4 Configuring PPPoA...................................................................................................... 21-24 21.4.1 Overview ........................................................................................................... 21-24 21.4.2 Setting Up a PPPoA Connection (Single PVC)................................................. 21-26 21.4.3 Setting Up a PPPoA Connection (Multi-PVC)................................................... 21-27 21.4.4 Setting the PPPoA Source MAC Address......................................................... 21-28 21.4.5 Setting the PPPoA Destination MAC Address .................................................. 21-28 21.4.6 Setting the PPPoA Session ID Area ................................................................. 21-28 21.4.7 Viewing PPPoA Information .............................................................................. 21-30 21.4.8 PPPoA Access Configuration Example-Static Mode ........................................ 21-30 21.4.9 PPPoA Access Configuration Example-Dynamic Mode ................................... 21-33 21.5 Configuring PITP.......................................................................................................... 21-35 21.5.1 Overview ........................................................................................................... 21-35 21.5.2 Setting PITP V Mode......................................................................................... 21-36 21.5.3 Setting the PITP P Mode................................................................................... 21-37 21.6 PPPoE Plus Configuration Example............................................................................ 21-40 Chapter 22 VLAN Configuration ................................................................................................ 22-1 22.1 Overview ........................................................................................................................ 22-1 22.2 Configuring a Common VLAN ....................................................................................... 22-1 22.2.1 Configuring a Common VLAN............................................................................. 22-2 22.2.2 Configuring VLANs in Batches............................................................................ 22-4 22.2.3 Configuring the VLAN Trunk ............................................................................... 22-5 22.2.4 Configuring a VLAN Interface ............................................................................. 22-6 22.2.5 VLAN Configuration Example (Configuring LAN Interconnection)...................... 22-7 22.2.6 VLAN Configuration Example (Configuring VLAN Trunk Interconnection) ....... 22-11 22.3 Configuring a Smart VLAN .......................................................................................... 22-14 22.3.1 Setting/Canceling a VLAN as a Smart VLAN.................................................... 22-14 22.3.2 Adding/Deleting an Upstream Port to/from a Smart VLAN ............................... 22-15 22.3.3 Adding/Deleting an Downstream Port to/from a Smart VLAN .......................... 22-15 22.3.4 Viewing Smart VLAN Information...................................................................... 22-16 22.3.5 Smart VLAN Configuration Example (Access Mode)........................................ 22-17 22.3.6 Smart VLAN Configuration Example (Trunk Mode) .......................................... 22-18 22.3.7 Smart VLAN Configuration Example-Comprehensive Application ................... 22-20 22.4 Configuring a MUX VLAN ............................................................................................ 22-24 22.4.1 Enabling/Disabling a MUX VLAN ...................................................................... 22-26
Table of Contents
22.4.2 Configuring the MUX VLAN Configuration Profile............................................. 22-26 22.4.3 Specifying the Upstream Port and Range of Local MUX VLANs...................... 22-27 22.4.4 Specifying the Cascading Port and Range of Cascaded MUX VLANs............. 22-28 22.4.5 Setting the MUX VLANs for a Specified Service Board.................................... 22-28 22.4.6 Setting the MUX VLAN for a Specified Port...................................................... 22-29 22.4.7 Viewing MUX VLAN information ....................................................................... 22-29 22.4.8 Basic Application of MUX VLAN ....................................................................... 22-30 22.4.9 MUX VLAN Cascading Application ................................................................... 22-34 22.4.10 Comprehensive MUX VLAN Application......................................................... 22-39 22.4.11 Notes for Using MUX VLAN ............................................................................ 22-44 22.5 Configuring a QinQ VLAN............................................................................................ 22-45 22.5.1 Overview ........................................................................................................... 22-45 22.5.2 Setting a Common VLAN as a QinQ VLAN ...................................................... 22-46 22.5.3 Adding/Deleting an Upstream Port to/from a QinQ VLAN ................................ 22-46 22.5.4 Adding/Deleting a Downstream Port to/from a QinQ VLAN.............................. 22-47 22.5.5 Configuring a QinQ VLAN PVC......................................................................... 22-48 22.5.6 Viewing the Configuration of a QinQ VLAN ...................................................... 22-49 22.5.7 QinQ VLAN Configuration Example .................................................................. 22-49 22.6 Configuring VLAN Stacking ......................................................................................... 22-51 22.6.1 Overview ........................................................................................................... 22-51 22.6.2 Configuring a Common VLAN as a VLAN Stacking.......................................... 22-53 22.6.3 Adding/Deleting an Upstream Port to/from a VLAN Stacking........................... 22-53 22.6.4 Adding/Deleting a Downstream Port to/from a VLAN Stacking ........................ 22-54 22.6.5 Configuring the Inner VLAN Tag for a VLAN Stacking Port/PVC ..................... 22-55 22.6.6 Configuring a Port/PVCs Inner Priority............................................................. 22-55 22.6.7 Configuring a VLAN Stacking PVC ................................................................... 22-56 22.6.8 Viewing the Configuration of a VLAN Stacking................................................. 22-56 22.6.9 VLAN Stacking Configuration Example ............................................................ 22-57 Chapter 23 IGMP Snooping Configuration ............................................................................... 23-1 23.1 Overview ........................................................................................................................ 23-1 23.1.1 IGMP Snooping Principle .................................................................................... 23-1 23.1.2 Implementation of IGMP Snooping ..................................................................... 23-2 23.2 Configuring IGMP Snooping .......................................................................................... 23-5 23.2.1 Enabling/Disabling IGMP Snooping Globally...................................................... 23-6 23.2.2 Setting the Aging Time of Multicast Group Member Port ................................... 23-6 23.2.3 Setting the Aging Time of the Router Port .......................................................... 23-6 23.2.4 Setting the Maximum Response Time ................................................................ 23-6 23.2.5 Enabling a User to Leave a Multicast Group Fast .............................................. 23-7 23.2.6 Setting a Router Port........................................................................................... 23-7 23.2.7 Viewing IGMP Snooping Information .................................................................. 23-7 23.3 Configuring Multicast VLAN........................................................................................... 23-8 23.3.1 Setting the Upstream Port of a Multicast VLAN .................................................. 23-9
Table of Contents
23.3.2 Setting the Downstream Port of a Multicast VLAN ........................................... 23-10 23.3.3 Viewing the Multicast VLAN .............................................................................. 23-10 23.3.4 Multicast VLAN Configuration Example ............................................................ 23-11 23.4 Troubleshooting IGMP Snooping................................................................................. 23-14 Chapter 24 IGMP Proxy Configuration ...................................................................................... 24-1 24.1 Overview ........................................................................................................................ 24-1 24.2 Configuring Basic IGMP Proxy ...................................................................................... 24-2 24.2.1 Enabling/Disabling IGMP Proxy .......................................................................... 24-2 24.2.2 Setting the Master Upstream Port....................................................................... 24-3 24.2.3 Setting the Parameters for a Multicast Router .................................................... 24-3 24.2.4 Setting the Static Multicast Members of an IGMP Proxy Group ......................... 24-5 24.3 Configuring the Program Library and Authority Profile .................................................. 24-6 24.3.1 Maintaining a Program Library ............................................................................ 24-8 24.3.2 Setting the Authority Profile............................................................................... 24-10 24.3.3 Setting the User Authority ................................................................................. 24-13 24.4 Viewing IGMP Proxy Information................................................................................. 24-16 Chapter 25 ISU Configuration .................................................................................................... 25-1 25.1 Overview ........................................................................................................................ 25-1 25.2 Configuring an ISU Board.............................................................................................. 25-2
Huawei Technologies Proprietary v
Operation Manual - Service Configuration SmartAX MA5300/5303 Broadband Access System
Chapter 19 Ethernet Port Configuration

19.1 Overview
The MA5300 provides Ethernet ports through its ESM, ISU boards subboards and ETH boards. Table 19-1 lists various types of Ethernet ports available in the MA5300. Table 19-1 Ethernet ports of the MA5300 Ethernet port type Interface Working mode Half duplex, full 100Base-TX FE electrical interface duplex, auto-negotiation FE 100Base-FX single-mode/multi-mode optical interface 1000Base-SX GE multi-mode optical interface GE single-mode optical interface Full duplex, auto-negotiation Full duplex, auto-negotiation 1000 Mbit/s Full duplex 100 Mbit/s Bit rate 10 Mbit/s 100 Mbit/s
1000Base-LX
1000 Mbit/s
The MA5300 Ethernet port adopts the format of slot number /sub-slot number /port number: FE Ethernet port: The slot number is 7 or 8. The sub-slot number is 1 or 2. The FE port number is in the range of 03. GE Ethernet port: The slot number is 7 or 8. The sub-slot number is 1. The GE port number is in the range of 05.
Note: The GE subboard can be attached to subslot 1 only. The port number is related to the subboard position. When it is attached to subslot 1, port 0 or 1, the port number is in the range of 01. When it is attached to subslot, port 2 or 3, the port number is in the range of 23. When subslot 1 is attached with 4FE subboard, the GE port number is 45, which are virtual GE port used for connecting with ISU or EIU through the backplane. The slot number of the MA5303s Ethernet port is 7. Other numbers are the same as those of the MA5300.
The configuration of Ethernet port involves: Setting Port Physical Properties Setting the Port Flow Control Setting the Port Broadcast Storm Suppression Setting the Port Priority Level Setting the Maximum Multicast Group Counts Enabling/Disabling the Long Frames on an Ethernet Port Setting the MAC Address Learning for an Ethernet Port Setting the Port Aggregation Adding an Ethernet Port to a VLAN Setting the Ethernet Port Working Mode Enabling/Disabling an Ethernet Port Viewing/Clearing Ethernet Port Information Table 19-2 lists the commands for configuring an Ethernet port. Table 19-2 Commands for configuring an Ethernet port To Enter fast Ethernet port configuration mode Enter gigabit Ethernet port configuration mode Set the duplex mode of an Ethernet port Set an Ethernet ports bit rate Set an Ethernet ports network cable type Use Interface ethernet Interface gigabitethernet (no) duplex (no) speed (no) mdi In Global configuration mode Global configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode
To Enable/Disable a ports flow control Enable/disable traffic suppression Set the priority level of an Ethernet port Set the maximum multicast group counts of a port Enable/Disable long frames on an Ethernet port Set MAC address learning for an Ethernet port Set the number of MAC addresses that can be learned by a port Add an Ethernet port to a VLAN Set the working mode of an Ethernet port Set the VLANs that can pass Trunk port Set the default VLAN of Trunk port Enable/Disable Ethernet port an
Use (no) flow-control (no) switchport broadcast-suppression (no) priority
In Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Ethernet port configuration mode Global configuration mode Global configuration mode All modes except the user EXEC mode All modes except the user EXEC mode Privileged mode
multicast max-group-count
(no) jumboframe
(no) mac-address-table mac-learning (no) mac-address-table max-mac-count (no) switchport access vlan switchport mode (no) switchport trunk allowed vlan (no) switchport trunk native vlan (no) shutdown (no) mac-address-table max-mac-count no-limit (no) link-aggregation
Set the limit of MAC address learning for an Ethernet port Set Ethernet aggregation port
View the aggregation information of an Ethernet port View the information of a port Clear the statistics of an Ethernet port
show link-aggregation
show interface
clear interface
19.2 Configuring an Ethernet Port

19.2.1 Setting Port Physical Properties
I. Setting the duplex mode of an Ethernet port
The available duplex modes of an Ethernet port include: full duplex, half-duplex and auto negotiation. When setting two interconnected devices, make sure that the setting for one of them should be consistent with that of the other. Connecting a port supporting auto-negotiation with one not supporting auto-negotiation may cause faults. To set the duplex mode of a port, you can run the command duplex. The default duplex mode is auto. The working mode of the 100Base-FX multi-mode/single mode optical port is set by the system as full duplex. It is not allowed to modify these settings. The 1000Base-SX/LX kilomega optical port works in full duplex mode. You can set the working mode as full or auto.
MA5300(config-if-Ethernet7/2/0)#duplex full
II. Setting the Ethernet port rate

The FE multimode/single mode optical port only supports 100 Mbit/s. While the GE optical port only supports 1000 Mbit/s. Both of them are not allowed to be set. The FE electrical port supports 10Mbit/s and 100 Mbit/s. The default rate setting of the port is auto. The rate of 100 Mbit/s is recommended.
MA5300(config-if-Ethernet7/2/0)#speed 100
III. Setting the Ethernet port network cable type

The FE electrical port adopts straight through network cable and cross-over network cable. You can run the command mdi to set the cable type. The default network cable type is auto (auto-adaptive). Such setting only works for the FE electrical port.
MA5300(config-if-Ethernet7/2/0)#mdi auto
19.2.2 Setting the Port Flow Control

When the traffic exceeds a certain level, the MA5300 will send frames to inform the remote PC to reduce the traffic so as to reduce the packet loss rate. The process involved is called flow control. To enable flow control function requires the supports from both the MA5300 and the remote PC. If both of them support flow control, it will be enabled. If the remote PC fails to support the flow control, it is disabled. By default, the port flow control is disabled. To enable port flow control, you can run the command flow-control. To disable it, you can run the command no flow-control.
MA5300(config-if-Ethernet7/2/0)#flow-control
19.2.3 Setting the Port Broadcast Storm Suppression

When the broadcast traffic exceeds a preset threshold, the system will discard some broadcast packets until the broadcast traffic falls into the acceptable range. This is to ensure the normal network services. The process involved is called broadcast storm suppression. We use the maximum percentage of linear broadcast rate at the port as the reference parameter. The smaller the percentage is, the less broadcast traffic is allowed to pass through a port. The broadcast storm suppression is disabled when the percentage reaches 100%. It is recommended that you enable/disable the broadcast storm suppression based on specific network conditions. To set broadcast storm suppression, you can run the command switchport broadcast-suppression. To restore the default setting, you can run the no form of the command.
MA5300(config-if-Ethernet7/2/0)#switchport broadcast-suppression 100
19.2.4 Setting the Port Priority Level

The Ethernet port supports eight priority levels (07) and four forwarding queues. The system sends packets to the associated queues based on their priority levels: The port priority level ascends from 0 to 7. By default, the level is 0. To set the priority level of a port, you can run the command priority. To restore the default setting, you can run the command no priority.
MA5300(config-if-Ethernet7/2/0)#priority 0
19.2.5 Setting the Maximum Multicast Group Counts

The MA5300 supports 255 multicast groups. By controlling the number of multicast groups allowed to be added to a port, the system can effectively avoid any malicious attack. By default, up to two multicast groups are supported. To set the maximum number of multicast groups for a port, you can run the command multicast max-group-count. To restore the default setting, you can run the command no multicast max-group-count. To view the settings, you can run the command show interface.
MA5300(config-if-Ethernet7/2/0)#multicast max-group-count 2 Set max-group number of Ethernet7/2/0 to:2 successfully
19.2.6 Enabling/Disabling the Long Frames on an Ethernet Port

If the long frame is enabled, the Ethernet port can receive a frame within 1600 bytes. If the long frame is disabled, the Ethernet port can receive a frame within 1522 bytes. By default, the long frame is enabled. To disable long frames on an Ethernet port, you can run the command jumboframe disable This example shows how to enable long frames.
MA5300(config-if-Ethernet7/2/0)#no jumboframe disable
19.2.7 Setting the MAC Address Learning for an Ethernet Port

The Ethernet ports on the ESM board serve as upstream ports. You can enable or disable MAC address learning for an Ethernet port through commands. However, the ESMs Ethernet ports have no limit in MAC address learning, the settings upon MAC address learning limit and learnable MAC address counts are not supported. These two settings are designed for Ethernet ports of the ETH board. In global configuration mode, you can set the MAC address learning for ports in batches. Or you can set it for specific ports in port configuration mode. To verify the configuration, you can run the command show interface.
I. Enabling/Disabling the MAC address learning for an Ethernet port

For the sake security, you can run the command mac-address-table mac-learning disable to disable MAC address learning for a port.
MA5300(config-if-Ethernet7/1/0)#mac-address-table mac-learning disable
II. Setting the MAC address learning limit

You can enable/disable MAC address learning limit for an Ethernet port as required. By default, MAC address learning limit is enabled. To set MAC address learning limit for an Ethernet port, you can run this command: no mac-address-table max-mac-count no-limit
MA5300(config)#no mac-address-table max-mac-count no-limit slot 1
III. Setting the learnable MAC address counts

When the MAC address learning limit is enabled, you can run the command mac-address-table max-mac-count to set the number of MAC addresses that can be learned, To restore the default setting, you can run the command no mac-address-table max-mac-count. The default value is 2.
MA5300(config-if-Ethernet7/2/0)#mac-address-table max-mac-count 3
19.2.8 Setting the Port Aggregation

Several Ethernet ports can be aggregated so that the input/output load can be distributed among them. The MA5300 supports up to six aggregated groups, one of which can have up to eight Ethernet ports at the same rate. Member ports must be numbered successively and the start port number must be smaller than the ending port number. The port with smaller number is the master port, upon which operations are implemented after the aggregation. Aggregation of ports at different slots is not supported.
I. Setting the parameters of aggregated ports

Ports to be aggregated should have the same rate settings, and work simultaneously in duplex mode.
MA5300(config-if-Ethernet7/2/0)#duplex MA5300(config-if-Ethernet7/2/0)#speed MA5300(config-if-Ethernet7/2/1)#duplex MA5300(config-if-Ethernet7/2/1)#speed full 100 full 100
II. Enabling/disabling the port aggregation

To enable Ethernet port aggregation, you can run the command link-aggregation.
To
disable
Ethernet
port
aggregation,
you
can
run
the
command
no
link-aggregation.
MA5300(config)#link-aggregation ingress-egress Ethernet7/2/0 to Ethernet7/2/1
III. Viewing information on port aggregation

To view information on port aggregation, you can run the command show link-aggregation. The information includes the master port name, other member port names, and the working mode.
MA5300(config)#show link-aggregation Ethernet7/2/0 Master port: Ethernet7/2/0 Other sub-ports: Ethernet7/2/1 Mode: ingress-egress
19.2.9 Adding an Ethernet Port to a VLAN

To add an Ethernet port to a VLAN, you can run the command switchport access vlan. To delete an Ethernet port from a VLAN, you can run the command no switchport access vlan. In VLAN configuration mode, you can also run the command switchport interface to add an Ethernet port to a VLAN. The two commands differ in format, but have the same function. This example shows how to add port Ethernet 7/1/0 to VLAN 2.
MA5300(config-if-Ethernet7/1/0)#switchport access vlan 2
19.2.10 Setting the Ethernet Port Working Mode

The working modes of an Ethernet port consist of Access and Trunk. If the working mode is set as Trunk, multiple VLANs can pass the port, which means the port implements the carrying of multiple VLANs. You can refer to Chapter 24 VLAN Trunk Configuration for detailed description about the use of these commands: switchport mode, (no) switchport trunk allowed vlan (no) switchport trunk native vlan
19.2.11 Enabling/Disabling an Ethernet Port

After setting related parameters and protocols for an Ethernet port, you can run the command no shutdown to enable the port. Or when any fault occurs at a port, you can run the command shutdown to disable the port first, and then enable it, in which case the port might be normal again. By default, an Ethernet port is enabled.
MA5300(config-if-Ethernet7/2/0)#no shutdown
19.3 Viewing/Clearing Ethernet Port Information

19.3.1 Viewing Ethernet Port Information
You can run the command show interface to view the information on a port. The information includes the port type, port status, duplex state, port rate, flow control, broadcast storm suppression ratio, and port aggregation state.
MA5300(config)#show interface e7/2/0 Ethernet7/2/0 is down Hardware is Fast Ethernet, Hardware address is 00e0.fc00.0009 Auto-duplex, 100M, 100_ISUE_TX Flow control is disabled Broadcast max-ratio is 15% PVID is 3 Priority is 0 Mdi type: auto Max multicast group count: 2 Port mode: access Tagged VLAN ID: none
Untagged VLAN ID: 3 160 packets output, 0 packets/sec, 0 bytes/sec 57648 bytes, 136 multicasts, 4 broadcasts, 0 pauses 118 packets input, 0 packets/sec, 0 bytes/sec 8984 bytes, 0 multicasts, 94 broadcasts, 0 pauses 0 CRC errors 0 long frames
19.3.2 Clearing the Ethernet Port Information

You can run the command clear interface to clear port information. If neither port type nor port ID is specified, it will clear the information on all ports in the equipment; if both
the port type and port ID are specified, it only clears the information on the specified port. This example shows how to clear the statistics of Ethernet 7/2/0.
MA5300(config)#clear interface e7/2/0
Chapter 20 xDSL Port Configuration

20.1 Overview
Note: The contents marked for xDSL port configuration in this chapter are the common attributes of VDSL, ADSL and SHDSL. The contents specifically marked for either VDSL, or ADSL or SHDSL port configuration are the particular attributes of each type of port. The configuration of the ADSL board is similar to that of the ADSL2+ board. With no special explanation, the contents described in this chapter are applicable to both the ADSL and ADSL2+ boards.
The MA5300 supports such xDSL as VDSL, ADSL and SHDSL. Each frame can be equipped with up to 14 xDSL service boards, which can reside in any slot in the frame. Table 20-1 Specifications of subscriber lines provided by xDSL boards Service VDSL ADSL ADSL2+ SHDSL Board EVDA EADA EADB ESHA Port quantity of each board 24 48 24 Line quantity of frame 336 672 336
The xDSL port is numbered in the format of slot number/subslot number/port number. Table 20-2 lists the range of xDSL port number.
Table 20-2 Range of xDSL port number Service VDSL ADSL/ADSL2+ SHDSL 06, 915 0 Slot number Subslot number Port 023 047 023
The configuration of xDSL involves: Setting the Parameters of an xDSL Port Blocking/Unblocking an xDSL Port Configuring an xDSL Line Profile Activating/Deactivating an xDSL Port Configuring an xDSL Alarm Profile Binding/Unbinding an xDSL Alarm Profile Viewing the Information of an xDSL Port Table 20-3 lists the commands for configuring xDSL boards Table 20-3 Commands for configuring xDSL boards To Enter VDSL port configuration mode Enter ADSL port configuration mode Enter SHDSL port configuration mode Enter VDSL board configuration mode Enter ADSL board configuration mode Enter SHDSL board configuration mode Add an xDSL line profile Delete an xDSL line profile Modify an xDSL line profile View the information on xDSL line profiles Use interface vdsl interface adsl interface shdsl board-vdsl board-adsl board-shdsl vdsl/adsl/shdsl line-profile add vdsl/adsl/shdsl line-profile delete vdsl/adsl/shdsl line-profile modify show vdsl/adsl/shdsl line-profile In Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode
To Activate an xDSL port Deactivate an xDSL port Add an xDSL alarm profile Delete an xDSL alarm profile Modify an xDSL alarm profile View the information on xDSL alarm profiles Bind an xDSL alarm profile View the information on xDSL port configuration View the line configuration View the information on an activated line View the office-end/RTU's version information View the performance statistics of a port Block/Unblock xDSL ports Activate/Deactivate xDSL ports Reset an xDSL port Reset an xDSL chipset Loop back an xDSL port View port Ethernet statistics View the configuration of a port Bind/Unbind remote equipment
Use vdsl/adsl/shdsl activate vdsl/adsl/shdsl deactivate vdsl/adsl/shdsl alarm-profile add vdsl/adsl/shdsl alarm-profile delete vdsl/adsl/shdsl alarm-profile modify show vdsl/adsl/shdsl alarm-profile alarm-config show (vdsl/adsl/shdsl) port state show line-config show (vdsl/adsl/shdsl) line state show port version
In Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode xDSL board configuration mode VDSL board configuration mode All modes except the user EXEC mode VDSL port configuration mode
show statistics performance (no)block activate/ deactivate port reset chipset reset (no) loopback show statistics frame show interface (no) vdsl bind cpe
To Auto-upgrade parameters of VDSL remote equipment Auto-upgrade the patch of VDSL remote equipment Check the connectivity of ADSL ports ATM link Set single-end test for an ADSL port View the bit-allocation diagram of an ADSL port View the power status of an ADSL port View single-end test results of an ADSL port
Use vdsl auto-upgrade remote-parameter vdsl auto-upgrade remote-patch atm-ping adsl test selt
In Global configuration mode/VDSL port configuration mode Global configuration mode/VDSL port configuration mode ADSL board configuration mode ADSL board configuration mode ADSL board configuration mode ADSL board configuration mode All modes except the user EXEC mode
show line bit-allocation
show line power-state show adsl test selt
Note: You can enter xDSL port configuration mode to set one single xDSL port. You can enter xDSL board configuration mode to set all ports of an xDSL board.
20.2 Configuring an xDSL port

20.2.1 Setting the Parameters of an xDSL Port
Table 20-4 lists the commands for setting parameters of an xDSL port. The use of most commands is similar to that of the commands for Ethernet port configuration. For detailed description, refer to 19.2 Configuring an Ethernet Port. The following describes the particular commands of ADSL and SHDSL in details.
Table 20-4 Commands for configuring parameters of an xDSL port To Set the duplex mode of a VDSL port (no) duplex Use In VDSL port configuration mode VDSL port configuration mode VDSL port configuration mode VDSL port configuration mode xDSL port configuration mode xDSL port configuration mode xDSL port configuration mode xDSL port configuration mode xDSL port configuration mode xDSL port configuration mode xDSL port configuration mode xDSL port configuration mode xDSL port configuration mode Global configuration mode
Set the rate of a VDSL port
(no) speed
Enable/Disable a ports flow control
VDSL
(no) flow-control
Enable/Disable the traffic suppression Set the priority level of an Ethernet port Set the maximum multicast group counts of a port Set MAC address learning of a port Set the MAC learning limit address
(no) switchport broadcast-suppression
(no) priority
(no) multicast max-group-count (no) mac-address-table mac-learning (no) mac-address-table max-mac-count no-limit (no) mac-address-table max-mac-count
Set the number of learnable MAC addresses that can be learned by a port Add an xDSL port to a VLAN Set the working mode of an xDSL port Set the VLANs that can pass Trunk port Set the default VLAN of Trunk port
(no) switchport access vlan
switchport mode
(no) switchport trunk allowed vlan (no) switchport trunk native vlan
Set VDSL port aggregation
(no) link-aggregation
To View the aggregation information of a VDSL port Set the upstream/downstream rate of an ADSL port Set the upstream/downstream rate of an SHDSL port Bind the IP address of an ADSL/SHDSL port Set MAC address filtering for an ADSL port
Use show link-aggregation
In All modes except the user EXEC mode ADSL/SHDSL port configuration mode ADSL/SHDSL port configuration mode ADSL/SHDSL port configuration mode Global configuration mode
(no) adsl car
(no) shdsl car
(no) static-user
(no) adsl smac-filter
Note: The available duplex modes of a VDSL port include: full duplex, half-duplex and auto negotiation. The rates supported by a VDSL port include: 10 Mbit/s, 100 Mbit/s and auto-negotiation. The EVDA board supports up to 6 VDSL port aggregation groups, one of which can have up to 8 VDSL ports.
I. Setting the ADSL/SHDSL port CAR

The Committed Access Rate (CAR) is designed for limiting the rate for transmitting data by the EADA/EADB/ESHA side. The upstream/downstream CAR range of various ports: ADSL: 0255 ADSL2+: 0450 SHDSL: 336 The rate of a port equals the specified CAR value multiplied by the granularity value (which is 64 kbit/s). If an ADSL ports upstream CAR value is set as 100, the upstream rate allowed by the port equals 100 x 64 kbit/s, which is 6400 kbit/s. By default, the upstream/downstream rate of an ADSL port is limited to 255 x 64 kbit/s, and that of SHDSL is limited to 36 x 64 kbit/s.
To set ADSL port upstream/downstream rate limit, you can run the command adsl car. To restore the default setting, you can run the command no adsl car.
MA5300(config-if-Adsl11/0/0)#adsl car ds-band 255 us-band 255
To set SHDSL port upstream/downstream rate limit, you can run the command shdsl car. To restore the default setting, you can run the command no shdsl car.
MA5300(config-if-Shdsl15/0/0)#shdsl car ds-band 36 us-band 36
II. Binding the ADSL/SHDSL Port and IP address

IP address binding means to bind an IP address with a port, in which case only user with this IP address is allowed to log in. This helps to avoid illegal use of the port, thus strengthen the security of the equipment. To enable the IP address binding of a port, you can run the command static-user in ADSL port configuration mode. To disable the IP address binding of the port, you can run the command no static-user in ADSL port configuration mode or global configuration mode. The IP address binding is based on the PVC of a port. Up to 8 IP addresses can be bound with a PVC. This example shows how to bind 10.71.53.2 with port adsl 1/0/0.
MA5300(config-if-Adsl1/0/0)#static-user 10.71.53.2
To view the IP address binding information on a port, you can run the command show static-user.
MA5300#show static-user adsl 1/0/0 The static user info: Adsl1/0/0 : 10.71.53.2
III. Enabling/Disabling the MAC address filtering for an ADSL port

If the MAC address filtering function is enabled for an ADSL port, the user with the involved MAC address cannot access the ADSL port. To enable the MAC address filtering, you can run the command adsl smac-filter. To disable the MAC address filtering, you can run the command no adsl smac-filter. Up to 2 MAC addresses can be added to the filtering table.
MA5300(config)#adsl smac-filter 1111.1234.2322
After the operation, you can run the command show adsl smac-filter-table to view the MAC addresses included in the filtering table.

MA5300(config)#show adsl smac-filter-table MAC ADDR 1111.1234.2322
20.2.2 Description of xDSL Port Status

An xDSL port may work in blocked, activating, activated, deactivating, or deactivated status. The activating and deactivating statuses are transitional status. To view the current status of an xDSL port, you can run the command show interface or show port state. Figure 20-1 shows the inter-conversion between the states.
no block
blocked deactivated
activate
activated
block block
deactivate
Figure 20-1 Inter-conversion among xDSL port status
20.2.3 Blocking/Unblocking an xDSL Port

When a port is blocked, it cannot transmit data. Moreover, it is not allowed to be operated. If a port is blocked, you need to unblock it first before activating it. To block a port, you can run the command block. To unblock it, you can run the command no block. This example shows how to unblock all ports on the VDSL board in slot 4.
MA5300(config-board-Vdsl4)#no block all
This example shows how to block port 0 on the ADSL board in slot 1.
MA5300(config-board-Adsl1)#block 0
20.2.4 Activating/Deactivating an xDSL Port

An xDSL port should be activated to perform data transmitting. Activation refers to the training between the office-end and the Remote Test Unit (RTU). During the training process, the line distance and line status will be checked based on parameters
included in the line profile, such as the upstream and downstream line rates, noise margin. The office-end negotiates with the RTU to confirm whether the MA5300 can work normally under the aforementioned conditions. If the training succeeds, the office-end can communicate with the RTU and get ready for transmission. It is in port activation status now. For an online Customer Premises Equipment (CPE), the activation process ends upon the completion of the training. When the CPE gets offline, the communication terminates, and the office-end is in listening state. Once the CPE gets online, the training process begins automatically. When the training succeeds, the port is activated. When a port is activated, it binds with a line profile. If no line profile number is entered, the system will activate the port using the profile which is bound with the port last time. If a port is activated for the first time, it binds with the default line profile. In board configuration mode, you can run the command activate to activate an xDSL port, or the command deactivate to deactivate an xDSL port. In global configuration mode, you can run the command vdsl/adsl/shdsl activate to activate an xDSL port in a specified board, or the command vdsl/adsl/shdsl deactivate to deactivate an xDSL port. This example shows how to activate all ports of the VDSL board in slot 4 by using line profile 1 in board configuration mode.
MA5300(config-board-Vdsl4)#activate all 1
This example shows how to activate all ports of the VDSL board in slot 4 by using line profile 1 in global configuration mode.
MA5300(config)#vdsl activate all 1
This example shows how to deactivate ports adsl 1/0/0-adsl 1/0/12 in global configuration mode.
MA5300(config)#adsl deactivate adsl 1/0/0 to adsl 1/0/12
Note: When an ADSL port is deactivated, the communication between ATU-R and ATU-C terminates. To enable service transmission, you should re-activate the port first.
20.3 Configuring an xDSL Line Profile

The parameters of an xDSL line profile include upstream/downstream line rate, upstream/downstream interleave depth, and SNR margin. When a port is activated, the office-end negotiates with RTU based on the line profile parameters specified, to determine whether the port can work normally under the above conditions. Once the line profile is made available, it can be used to activate a port directly. Table 20-5 Default line profiles of VDSL/ADSL/SHDSL boards Service Profile index 1 VDSL 2 LINE-PROFILE-2 Profile name Description VDSL line profile. By default, it supports 2BAND VDSL line profile. It is a line profile reserved for a VDSL port, and it supports 4BAND ADSL line profile used in fast channel mode ADSL line profile used in interleave channel mode ADSL2+ line profile Cannot be deleted, but can be modified Cannot be modified or deleted Modify/Delete attributes
LINE-PROFILE-1
Cannot be deleted or modified
1 ADSL 2
LINE-PROFILE-1
LINE-PROFILE-2 LINE-PROFILE-10 0
ADSL2+
100
SHDSL
LINE-PROFILE-1
SHDSL2+ line profile
20.3.1 Adding a VDSL line profile

To add a VDSL line profile, you can run the command vdsl line-profile add. To configure a VDSL profile, you can follow the procedure as shown in Figure 20-2.
Configure a VDSL line profile
Set the profile index
Set VDSL line training mode
Set max downstream bit rate
Set max upstream bit rate
Set max downstream interleave depth
Set max upstream interleave depth
Set max. downstream SNR margin
Set max. upstream SNR margin
Set downstream PSDmask
Set upstream PSDmask
Add a line profile successfully
Figure 20-2 Procedure for configuring VDSL profile This example shows how to add VDSL line profile 3.
MA5300(config)#vdsl line-profile add 3 Start profile 3 adding.
During input,press 'CTRL+C' to quit,then settings at this time are neglected. > Line config profile > VDSL link auto train bandplan 1-plan998 2-10base-s (1~2)[2]: 1-enable 2-disable (1~2)[1]:
> Target bit rate in downstream (780~25000 kbps) [12500]: > Target bit rate in upstream (780~25000 kbps) [12500]: > Target downstream interleaved depth 0,1,2,8,16 (0~16) [1]: > Target upstream interleaved depth 0,1,2,8,16 (0~16) [1]: > Signal to noise ratio margin in downstream:precision 0.1dB(0.0~31.0 dB) [6.0]: > Signal to noise ratio margin in upstream:precision 0.1dB(0.0~31.0 dB) [6.0]: > Will you set downstream PSDMask?(y/n)[n]:y > PSDMask for band of 30m 1810-2000kHz. 1-enable 2-disable (1~2)[2]: > Will you set upstream PSDMask?(y/n)[n]: Add profile 3 successfully
Table 20-6 Parameters of a VDSL line profile Parameter Profile index Description You can enter a profile index or press <Enter> to enable the system to allocate a profile index. The profile index is unique. When the auto training is enabled, the link will try to operate at the set rate while maintaining the SNR margin. The training may lead to the link rate being lower than or equal to the expected rate. If the link working at the lowest rate is still not able to meet the expected SNR requirement, it will be disconnected. When the auto training is disabled, the link will turn the set rate into the expected rate. If the link fails to reach the expected rate, it will be disconnected, regardless of the SNR. You are recommended to enable the auto training. In the process of setting up VDSL connection, if the line is in good conditions, and the calculated downstream rate of a VDSL line is higher than the maximum value set, the bit rate will be limited to the set value. Meanwhile, the downstream noise margin will increase. If the line is in poor condition, and the calculated downstream bit rate is lower than the set maximum bit rate, the system will set up the VDSL connection at the calculated bit rate, while maintaining the target downstream noise margin. The interleave depth is closely related to the stability of VDSL connection and transmission delay. It can change the low-resistance impulse noise spectrum in the link, thus affecting the equipments error correction capability. The larger the interleave depth, the more powerful the link error correction capability, and the longer the link transmission delay. It is recommended that you set the interleave depth to 1.
VDSL link auto train
Target bit rate in downstream/ upstream
Target downstream/upstream interleaved depth
Parameter
Description The target SNR margin refers to the SNR margin preserved to maintain the normal data communication at the time of the line noise deteriorating. The larger the target SNR margin, the lower the chance of error occurrence in data transmission, and the more secure the system will be. Conversely, the larger the SNR margin, the smaller the achievable maximum rate. In practice, the expected upstream/downstream SNR margin should be adjusted based on the line conditions. To avoid affecting other equipment, the transmit power of a device in each frequency is usually required to be equal to or lower than the specified value. If a VDSL device is likely to interfere with other equipment, its transmit power in some frequencies should be reduced.
Signal to noise ratio margin in downstream/ upstream
Downstream/Upstream PSDMask
The radio wave band filtering function is used to reduce the performance of the equipment. This can avoid interfering with other equipment. As the use of radio wave band filtering may diminish the usable VDSL frequencies and greatly reduce the VDSL transmission performance, you are recommended to disable the radio wave filtering function.
20.3.2 Adding an ADSL/ADSL2+ Line profile

To add an ADSL/ADSL2+ line profile, you can run the command adsl line-profile add. The configuration procedure of ADSL differs from that of ADSL2+. Figure 20-3 describes the procedure for configuring an ADSL line profile. Figure 20-4 describes the procedure for configuring an ADSL2+ line profile.
Note: When configuring an ADSL2+ line profile, you have three options for the parameter of transmit rate adaptation in downstream/upstream: 1-fixed, 2-adaptAtStartup and 3-adaptAtRuntime. When selecting 1-fixed or 2-adaptAtStartup, skip the configuration procedure included in the imaginary boxes 1 and 2. When selecting 3-adaptAtRuntime for the downstream, you need to follow the procedure included in the imaginary box 1. When selecting 3-adaptAtRuntime for the upstream, you need to follow the procedure included in the imaginary box 2.

Configure an ADSL line profile
Set the profile index
Select profile-ADSL
Whether to configure the Modem? YES Set ADSL working mode
NO
Set trellis coding
Enable upstream channel bit swap Enable downstream channel bit swap
Whether to set the channel mdoe? YES
NO
Fast Select a channel mode Interleave NO Whether to set interleave delay mode? YES Set max. downstream interleave delay
Set max. upstream interleave delay
Whether to set Modem noise margin? YES Set min. downstream noise margin Set max. downstream noise margin Set downstream target noise margin
NO
Whether to set line rate? YES Set min. downstream rate
NO
Set max. downstream rate
Set min. upstream noise margin Set min. upstream rate Set max. upstream noise margin Set max. downstream rate Set upstream target noise margin
Add a line profile successfully
Figure 20-3 Procedure for adding an ADSL line profile


Configure an ADSL2+ line profile Set the profile index Select an ADSL2+ profile NO

A Set SNR margin for rate downshift in downshift Set SNR margin for rate upshift in downstream
Wether to configure the Modem? YES Set ADSL2+ transmission mode Set Trellis coding Set upstream channel bit swap
Set minimum upshift time in dwonstream
Set minimum downshift time in downstream 1 Set min. upstream noise margin
Set downstream channel bit swap Set max. upstream noise margin NO Wether to set the channal mode? YES Select a channel mode Interleave NO Wether to set the interleaved delay? YES Set downstream interleaved delay Set min. upshift time in upstream Set upstream interleaved delay Whether to set the adapt mode? YES Set downstream adapt mode Set upstream adapt mode NO NO Set min. downshift time in upstream 2 B Whether to set bit rate parameters? YES Whether to set the Modem's noise margin? YES Set min. downstream noise margin Set max. downstream noise margin Set downstream target noise margin A Set min. bit rate in downstream B Set max. bit rate in downstream Set min. bit rate in upstream Set maximum bit rate in upstream Add a line profile successfully NO Fast Set SNR margin for rate downshift in upstream Set SNR margin for rate upshift in upstream Set max. upstram target noise margin
Figure 20-4 Procedure for configuring an ADSL2+ line profile
This example shows how to add ADSL line profile 3.

MA5300(config)#adsl line-profile add { <cr>|INTEGER<3,99> }:3 Start profile 3 adding. During input,press CTRL+C to quit,then settings at this time are neglected. please choose the type of template 0-ADSL 1-ADSL2+ (0~1)[0]: 0 Will you set basic configuration for modem? (y/n)[n]:y ADSL operating mode: 0: All(G992.1, G992.2, T1.413) 1: Full rate(G992.1 or T1.413) 2: G992.2(g.lite) (EADI can not support) 3: T1.413 (EADI can not support) 4: G992.1(g.dmt) 5: g.hs(G992.1 and G992.2, G992.1 is prior) Please select (0~5) [0]:
Trellis coding 1-enable 2-disable (1~2) [1]: Upstream channel bit swap 1-enable 2-disable (1~2) [2]: Downstream channel bit swap 1-enable 2-disable (1~2) [2]: Will you set channel mode? (y/n)[n]:y Please select channel mode 0-interleaved 1-fast (0~1) [1]: 0 Will you set interleave delay? (y/n)[n]:y Maximum downstream interleaved delay (0~255) [64] Maximum uptream interleaved delay (0~255) [64] Will you set noise margin for modem? (y/n)[n]:y Minimum noise margin in downstream (0~15 dB) [0]: Maximal noise margin in downstream (0~31 dB) [31]: Target noise margin in downstream(0~15 dB) [12]: Minimum noise margin in upstream (0~15 dB) [0]: Maximal noise margin in upstream (0~31 dB) [31]: Target noise margin in upstream (0~15 dB) [12]: Will you set parameters for rate? (y/n)[n]:y If you want the fixed rate, set the Minimum value equal to Maximum value. Minimum bit rate in downstream (32~8160 Kbps) [32]: Maximum bit rate in downstream (32~8160 Kbps) [6144]: Minimum bit rate in upstream (32~896 Kbps) [32]: Maximum bit rate in upstream (32~896 Kbps) [640]: Add profile 3 successfully
Add ADSL2+ line profile 5.

MA5300(config)#adsl line-profile add 5 Start profile 5 adding.
During input,press CTRL+C to quit,then settings at this time are neglected. please choose the type of template 0-ADSL 1-ADSL2+ (0~1)[0]: 1 Will you set basic configuration for modem? (y/n)[n]:y ADSL operating mode: 0: All(G992.1,G992.2,G992.3,G992.4,G992.5,T1.413) 1: Full rate(G992.1,G992.3,G992.5 or T1.413) 2: G992.2(g.lite) G992.4(g.lite.bis) 3: T1.413 4: G992.1(g.dmt) G992.3(g.dmt.bis) G992.5 5: g.hs(G992.5,G992.3,G992.1,G992.4,G992.2,G992.5 is prior) 6: G992.1 7: G992.2 8: G992.3 9: G992.4 10: G992.5 Please select (0~10) [0]:
Trellis coding 1-enable 2-disable (1~2) [1]: Upstream channel bit swap 1-enable 2-disable (1~2) [2]: 1 Downstream channel bit swap 1-enable 2-disable (1~2) [2]: 1 Will you set channel mode? (y/n)[n]:y Please select channel mode 0-interleaved 1-fast 2-fastOrInterleaved (0~2) [0]: 1 Will you set rate adapt mode ? (y/n)[n]:y Adapt mode in downstream 1-fixed 2-adaptAtStartup 3-adaptAtRuntime(1~3)[2]: Adapt mode in upstream 1-fixed 2-adaptAtStartup 3-adaptAtRuntime (1~3)[2]: Will you set noise margin for modem? (y/n)[n]:y Minimum noise margin in downstream (0~15 dB) [0]: Maximal noise margin in downstream (0~31 dB) [31]: Target noise margin in downstream(0~15 dB) [6]: Minimum noise margin in upstream (0~15 dB) [0]: Maximal noise margin in upstream (0~31 dB) [31]: Target noise margin in upstream (0~15 dB) [6]: Will you set parameters for rate? (y/n)[n]:y Minimum bit rate in downstream (32~28800 Kbps) [32]: Maximum bit rate in downstream (32~28800 Kbps) [24544]: Minimum bit rate in upstream (32~1560 Kbps) [32]: Maximum bit rate in upstream (32~1560 Kbps) [1024]: Add profile 5 successfully
Table 20-7 lists the parameters of an ADSL line profile.
Table 20-7 Paramters of an ADSL line profile Parameter Profile index Description You can enter a profile index, or press <Enter> to enable the system to allocate a profile index. The profile index is unique. Currently, there are three ADSL working modes: G992.1 mode, G992.2 mode and T1.413 mode. The G992.2 adopts rather narrow frequency spectrum and low upstream/downstream bit rate. Its frequency spectrum is only half of that of G992.1 mode or T1.413 mode, and its upstream and downstream bit rates are 512 Kbps and 1536 Kbps respectively. The G992.1 and the T1.413 adopt similar bit rate: 6144 Kbps in downstream, and 640Kbps in upstream. The trellis coding algorithm is used to boost SNR and enhance line stability. It is usually enabled. When the conditions of an ADSL line get worse, the SNR of some sub-carriers may deteriorate, resulting in failures in bearing the allocated bits. With the bit swap function, the system can swap the allocated bits from one sub-carrier to another to avoid possible disconnection due to the variation in characteristics. To enable the bit swap, make sure that the ATU-Cs EADA board and the ATU-R support the function. There are two channel modes: the interleave mode and the fast working mode. Compared with the fast working mode, the interleave mode features stable line connection, but longer transmission delay. For common Internet access service, the interleave mode is recommended. For services which are delay sensitive, such as Voice On Demand (VOD), the fast mode is recommended. The interleave delay is deeply related to the stability of ADSL connection and transmission delay: the larger the interleave delay, the higher the ADSL connection stability, and the longer the transmission delay. There are three adapt modes: 1-fixed, 2-adaptAtStartup, 3-adaptAtRuntime. The noise margin refers to the additional tolerable noise which does not lead to the deterioration of current line rate. The Modems noise margin is proportional to the ADSL connection stability. The larger the Modem noise margin, the higher the connection stability. In the process of ADSL connection establishment, if the calculated noise margin is lower than the preset one, the port activation will fail.
ADSL working mode
Trellis coding
Upstream/ Downstream channel bit swap
Channel mode
Maximum downstream/upstream interleaved depth Adapt mode in downstream/upstream
Noise margin for modem
Minimum noise margin in downstream/upstream
Parameter
Description In the process of ADSL connection establishment, if the calculated target noise margin of an ADSL line is higher than the set maximum noise margin, the system will limit the downstream maximum noise margin to the set value. The target noise margin is the preserved noise margin to ensure normal communication in the case of line noise deterioration. The larger the target noise margin, the higher the chance of occurrence of the line error, and the more secure the system may be. Conversely, the larger the target nose margin, the smaller the traffic, and the lower the data transmission rate. Therefore, the target noise margin shall be adjusted based on the actual line conditions.
Maximal noise margin in downstream/upstream
Target noise margin downstream/upstream
in
adslAtucConfDownshiftSnr Mgn adslAtucConfUpshiftSnrMg n adslAtucConfMinUpshiftTi me
When the noise margin reaches this value, the system starts to adjust the bit rate downwards. When the noise margin reaches this value, the system starts to adjust the bit rate upwards. When the noise margin reaches SNR margin for rate upshift, the system will keep the current bit rate for a certain period before adjusting the bit rate upwards. When the noise margin reaches SNR margin for rate downshift, the system will keep the current bit rate for a certain period before adjusting the bit rate downwards. In the process of ADSL connection establishment, if the calculated upward/downward bit rate is lower than this value, the port activation will fail. In the process of setting up ADSL connection, if the line is in good condition, and the calculated downstream/upstream bit rate of an ADSL line is higher than the set maximum value, the system will limit the bit rate to the set value while increasing the noise margin. If the line is in poor condition, and the calculated downstream/upstream bit rate is lower than the set maximum bit rate, the system will set up the ADSL connection at the calculated bit rate, while maintaining the target noise margin.
adslAtucConfMinDownshift Time
Minimum bit rate downstream/upstream
in
Maximum bit rate downstream/upstream
in
Note: When a line is in good condition, its SNR is very high. In this case, the chipset decreases the transmit power to reduce its SNR margin. The power decrease is under a certain limit: 12 dBm for ADSL or 40 dBm for ADSL2+. Therefore, the system is considered normal when the SNR exceeds the maximum value.
20.3.3 Adding an SHDSL Line Profile

To add an SHDSL line profile, you can run the command shdsl line-profile add. Figure 20-5 shows the procedure for adding an SHDSL line profile.
Configure an SHDSL line profile Set the profile index
Whether to use the parameters of the default profle to create a new one?
NO
YES
Set min. line rate Set max. line rate Set PSD mode Set the transmission mode Set remote enable
NO
Whether to set target SNR margin? YES
Set upstream target SNR margin Set downstream worst case target SNR margin Set downstream target SNR margin Set upstream worst case target SNR margin Add a line profile successfully
Figure 20-5 Procedure for adding an SHDSL line profile To add an SHDSL line profile, you can run the command shdsl line-profile. This example shows how to add SHDSL line profile 3.
MA5300(config)#shdsl line-profile add 3 Start profile 3 adding.
During input,press 'CTRL+C' to quit,then settings at this time are neglected. >Do you use the default data to create a line profile?(y/n)[y]:n >G.SHDSL minimum line rate:(192~2304 kbps)[2048]: >G.SHDSL maximum line rate:(192~2304 kbps)[2048]: >Power Spectral Density mode (1--symmetric 2--asymmetric)[1]: >Transmission mode (1--G.991.2 Annex A 2--G.991.2 Annex B 3--support Annex A&B)[2]: >Remote enable (1--enabled 2--disabled)[1]: >Do you config the target SNR margin?(y/n)[n]:y >Downstream current target SNR margin(0~10 dB)[0]: Do you want to use it?(y/n)[y]: >Downstream worst case target SNR margin(0~10 dB)[0]: Do you want to use it?(y/n)[n]:y >Upstream current target SNR margin(0~10 dB)[0]: Do you want to use it?(y/n)[n]:y >Upstream worst case target SNR margin(0~10 dB)[0]: Do you want to use it?(y/n)[n]:y Add profile 3 successfully.
Table 20-8 lists the parameters of an SHDSL line profile. Table 20-8 Parameters of an SHDSL line profile Parameters Profile index G.SHDSL minimum rate line Description You can enter a profile index or press <Enter> to enable the system to allocate a profile index. The profile index is unique. Set the minimum bit rate of a line. In the process of setting up an SHDSL connection, if the calculated downstream/upstream bit rate of an SHDSL line is higher than the set maximum value, the system will limit the bit rate to the set value while increasing the noise margin. If the calculated downstream/upstream bit rate is lower than the set maximum bit rate, the system will set up the SHDSL connection at the calculated bit rate, while maintaining the target noise margin. There are two types of PSD: the asymmetrical PSD and symmetrical PSD. There are two types of SHDSL transmission modes: ITU-T G.991.2 Annex A and ITU-T G.991.2 Annex B.
G.SHDSL maximum line rate
Power Spectral (PSD) mode
Density
Transmission mode
Parameters Remote enable
Description This parameter specifies whether to manage the STU-R. The target noise margin is the preserved noise margin to ensure normal communication in the case of line noise deterioration. The larger the target noise margin, the higher the chance of occurrence of the line error, and the more secure the system may be. Conversely, the larger the target nose margin, the smaller the traffic, and the lower the data transmission rate. Therefore, the target noise margin shall be adjusted based on the actual line conditions.
Downstream/Upstream current target SNR margin
Downstream/Upstream worst case target SNR margin
This parameter specifies the SNR threshold at the worst case.
20.3.4 Deleting an xDSL Line Profile

If an xDSL line profile is bound with a port, the profile can be deleted only when the binding is canceled. To delete a specified VDSL line profile, you can run the command vdsl line-profile delete. To delete a specified ADSL line profile, you can run the command adsl line-profile delete. To delete a specified SHDSL line profile, you can run the command shdsl line-profile delete. This example shows how to delete VDSL line profile 3.
MA5300(config)#vdsl line-profile delete 3 The vdsl line config profile will be deleted . Are you sure?[Y/N]y The vdsl line config profile 3 has be removed successfully.
20.3.5 Modifying an xDSL Line Profile

The procedure for modifying an xDSL line profile is the same as the adding procedure. To modify a specified VDSL line profile, you can run the command vdsl line-profile modify. To modify a specified ADSL line profile, you can run the command adsl line-profile modify.
To modify a specified SHDSL line profile, you can run the command shdsl line-profile modify.
Note: In an ADSL line profile, the rate of channel mode Interleave is independent of that of Fast. After the channel mode of a profile is modified, the new modes rate will be used.
After the profile is modified, the system will prompt you whether to validate the profile configuration at once. If yes, the system will disconnect all xDSL ports using this profile for several seconds; if not, you can validate it by deactivating the ports first and then activating them. Board resetting can also validate a modified profile.
20.3.6 Viewing an xDSL Line Profile

To view the detailed information of a single xDSL line profile, you can run the command show. With parameter all, you can view the brief information displayed in list of all profiles. To view a specified VDSL line profile, you can run the command show vdsl line-profile. To view a specified ADSL line profile, you can run the command show adsl line-profile. To view a specified SHDSL line profile, you can run the command show shdsl line-profile. This example shows how to view the default VDSL line profile (index as 1).
MA5300(config)#show vdsl line-profile 1 Following are all items of the VDSL template 1 : template name planned down-stream rate(Kbps) planned up-stream rate(Kbps) SNR margin in downstream(dB) SNR margin in upstream(dB) planned down-stream interleave depth planned up-stream interleave depth auto train mode setting of down-stream PSDMask setting of up-stream PSDMask : LINE-PROFILE-1 : 12500 : 12500 : 6.0 : 6.0 : 1 : 1 : enable : None : None
This example shows how to view all VDSL line profiles.

MA5300(config)#show vdsl line-profile all The 10BASE-S line-profile: Index Profile Name DownStream UpStream
DownSnr
UpSnr
AutoTrain
Rate(Kbps) Rate(Kbps) Margin(dB) Margin(dB) -------------------------------------------------------------------1 LINE-PROFILE-1 12500 12500 6.0 6.0 enable
The Plan998 line-profile: Index Profile Name DownStream DownStream UpStream UpStream RateAdaptMode
RateAdaptMode MaxRate(Kbps)
MaxRate(Kbps)
-------------------------------------------------------------------2 LINE-PROFILE-2 adaptatinit 70000 adaptatinit 70000
20.4 Configuring an xDSL Alarm Profile

An xDSL alarm profile is used to set alarm thresholds, count and supervise the performances of an active xDSL line. Upon the occurrence of threshold crossing, it will inform the equipment of the event, and send alarms to the log host and the NMS. However, if all parameters of an alarm profile are set as 0, it will not generate any threshold alarm. After configuring an xDSL alarm profile successfully, you can run the command alarm-config to the profile with a port.
Note: The MA5300 is designed with a default xDSL alarm profile. It is named as ALARM-PROFILE-1, and numbered 1 The default alarm profile of VDSL and SHDSL cannot be modified or deleted. The default alarm profile of ADSL cannot be deleted, but it can be modified.
20.4.1 Adding a VDSL Alarm Profile

To add a VDSL alarm profile, you can run the command vdsl alarm-profile add. Figure 20-6 lists the procedure for adding a VDSL alarm profile.
Configure a VDSL alarm profile Set the profile index
Whether to set the ATU-C's alarm threshold parameters? YES Set the number of Loss of Frame Seconds Set the number of Loss of Signal Seconds Set the number of Loss of Power Seconds
NO
Set the number of Errored Seconds
Set the number of Loss of Link Seconds
Set thenumber of severely errored seconds
Set thenumber of unavailable seconds
Whether to report the initial failure at ATU-R
Whether to set the ATU-R's alarm threshold parameters? YES Set the number of Loss of Frame Seconds
NO
Set thenumber of Loss of Signal Seconds Set the number of Loss of Power Seconds Set the number of Errored Seconds Set the number of Loss of Link Seconds
Set thenumber of severely errored seconds
Set thenumber of unavailable seconds Whether to report the initial failure at ATU-R? Add an alarm profile successfully
Figure 20-6 Procedure for adding a VDSL alarm profile

This example shows how to add VDSL alarm profile 2.

MA5300(config)#vdsl alarm-profile add 2 During input,press 'CTRL+C' to quit,then settings at this time are neglected. > Will you set threshold for modem at near end of line? (y/n)[n]:y > [vtuc thresh-15-min-lofs]The number of loss of frame seconds within any given 15-minute performance data collection period (0~900) [0]: > [vtuc thresh-15-min-loss]The number of loss of signal seconds within any given 15-minute performance data collection period (0~900) [0]: > [vtuc thresh-15-min-lprs]The number of loss of power seconds within any given 15-minute performance data collection period (0~900) [0]: > [vtuc thresh-15-min-ess]The number of loss of errored seconds within any given 15-minute performance data collection period (0~900) [0]: > [vtuc thresh-15-min-lols]The number of loss of link seconds within any given 1 5-minute performance data collection period (0~900) [0]: > [vtuc thresh-15-min-sess]The number of loss of within any given 15-minute performance data collection period (0~900) [0]: > [vtuc thresh-15-min-uass]The number of loss of unavailable seconds within any given 15-minute performance data collection period (0~900) [0]: > [vtuc init failure trap]Enables and disables the InitFailureTrap 1-enable 2-di sable (1~2) [2]: 1 > Will you set threshold for modem at remote end of line? (y/n)[n]: Add profile 2 successfully serious errored seconds
Table 20-9 lists the parameters of a VDSL alarm profile. Table 20-9 Paramters of a VDSL alarm profile Parameters Profile index Description You can enter a profile index or press <Enter> to enable the system to allocate a profile index. The index is unique. Within any given 15-minute period, if the number of downstream lost frame seconds exceeds the preset value, an alarm will be generated. Currently, the parameter is invalid.
atuc/atur thresh-15-min-lofs
Parameters atuc/atur thresh-15-min-loss
Description Within any given 15-minute period, if the number of lost signal seconds exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the number of lost power seconds exceeds the preset value, an alarm will be generated. Currently, the parameter is invalid.
atuc/atur thresh-15-min-lprs
atuc/atur thresh-15-min-ess atuc/atur thresh-15-min-lols atuc/atur thresh-15-min-sess atuc/atur thresh-15-min-uass atuc/atur init failure trap
Within any given 15-minute period, if the number of errored seconds exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the number of lost link seconds exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the number of severely errored seconds exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the number of unavailable seconds exceeds the preset value, an alarm will be generated. If it is enable, an alarm will be generated when initialization fails.
20.4.2 Adding an ADSL/ADSL2+ Alarm Profile

To add an ADSL alarm profile, you can run the command adsl alarm-profile add. The alarm profile of ADSL is the same as that of ADSL2+. Figure 20-7 lists the procedure for adding an ADSL/ADSL2+ alarm profile

Configuring an ADSL/ADSL2+ alarm profile Set the profile index NO
Whether to set the ATU-C's alarm threshold parameters?
YES Set the number of Loss of Frame Seconds Set the number of Loss of Signal Seconds Set the number of Loss of Link Seconds Set the number of Loss of Power Seconds Set the number of Errored Seconds
Whether to set the ATU-R's alarm threshold parameters?
NO
YES Set the number of Loss of Frame Seconds Set thenumber of Loss of Signal Seconds Set the number of Loss of Power Seconds Set the number of Errored Seconds
Set the number of failed fast retrain seconds Set thenumber of severely errored seconds
Set thenumber of severely errored seconds Set thenumber of unavailable seconds
Set thenumber of unavailable seconds

Set thethreshold of positive difference between the current and the past transmit rate in fast mode Set theThreshold of negative difference between the current and the past transmit rate in fast mode
Set theThreshold of positive difference between the current and the past transmit rate in interleaved mode Threshold of negative difference between the current and the past transmit rate in interleaved mode
Set thethreshold of positive difference between the current and the past transmit rate in fast mode Set theThreshold of negative difference between the current and the past transmit rate in fast mode
Set theThreshold of positive difference between the current and the past transmit rate in interleaved mode
Threshold of negative difference between the current and the past transmit rate in interleaved mode Add an alarm profile successfullly
Whether to report the initial failure at ATU-R
Figure 20-7 Procedure for adding an ADSL/ADSL2+ alarm profile This example shows how to add ADSL2+ alarm profile 2.
MA5300(config)#adsl alarm-fprofile add { <cr>|INTEGER<2,16> }:2 Start profile 2 adding. During input,press 'CTRL+C' to quit,then settings at this time are neglected. > Will you set threshold for modem at near end of line? (y/n)[n]:y > [atuc thresh-15-min-lofs]The number of loss of frame seconds within any given 15-minute performance data collection period (0~900) [0]:
> [atuc thresh-15-min-loss]The number of loss of signal seconds within any given 15-minute performance data collection period (0~900) [0]: > [atuc thresh-15-min-lols]The number of loss of link seconds within any given 15-minute performance data collection period (0~900) [0]: > [atuc thresh-15-min-lprs]The number of loss of power seconds within any given 15-minute performance data collection period (0~900) [0]: > [atuc thresh-15-min-ess]The number of loss of errored seconds within any given 15-minute performance data collection period (0~900) [0]: > [atuc thresh-15-min-failedfastr]The number of fast retrain failed seconds within any given 15-minute performance data collection period (0~900) [0]: > [atuc thresh-15-min-sesl]The number of severe errored seconds within any given 15-minute performance data collection period (0~900) [0]: > [atuc thresh-15-min-uasl]The number of unavailable seconds within any given 15-minute performance data collection period (0~900) [0]: > [atuc thresh-fast-rate-up]The threshold for fast channels, if the
difference between the current Tx rate and the previous Tx rate larger than it (0~28800 Kbps) [0]: > [atuc thresh-fast-rate-down]The threshold for fast channels, if the difference between the current Tx rate and the previous Tx rate less than it (0~28800 Kbps) [0]: > [atuc thresh-interleave-rate-up]The threshold for interleave channels, if the difference between the current Tx rate and the previous Tx rate larger than it (0~28800 Kbps) [0]: > [atuc thresh-interleave-rate-down]The threshold for interleave channels, if the difference between the current Tx rate and the previous Tx rate less than it (0~28800 Kbps) [0]: > [atuc init failure trap]Enables and disables the InitFailureTrap 1-enable 2-disable (1~2) [2]: > Will you set threshold for modem at remote end of line? (y/n)[n]:y > [atur thresh-15-min-lofs]The number of loss of frame seconds within any given 15-minute performance data collection period (0~900) [0]: > [atur thresh-15-min-loss]The number of loss of signal seconds within any given 15-minute performance data collection period (0~900) [0]: > [atur thresh-15-min-lprs]The number of loss of power seconds within any given 15-minute performance data collection period (0~900) [0]: > [atur thresh-15-min-ess]The number of loss of errored seconds within any given 15-minute performance data collection period (0~900) [0]: > [atur thresh-15-min-sesl]The number of severe errored seconds within any given 15-minute performance data collection period (0~900) [0]: > [atur thresh-15-min-uasl]The number of unavailable seconds within any given 15-minute performance data collection period (0~900) [0]:

> [atur thresh-fast-rate-up]The threshold

for fast channels, if the
difference between the current Tx rate and the previous Tx rate larger than it (0~1536 Kbps) [0]: > [atur thresh-fast-rate-down]The threshold for fast channels, if the difference between the current Tx rate and the previous Tx rate less than it (0~1536 Kbps) [0]: > [atur thresh-interleave-rate-up]The threshold for interleave channels, if the difference between the current Tx rate and the previous Tx rate larger than it (0~1536 Kbps) [0]: > [atur thresh-interleave-rate-down]The threshold for interleave channels, if the difference between the current Tx rate and the previous Tx rate less than it (0~1536 Kbps) [0]: Add profile 2 successfully
Table 20-10 lists the parameters of an ADSL/ADSL2+ alarm profile. Table 20-10 Parameters of an ADSL/ADSL2+ alarm profile Parameter Profile index Description You can enter a profile index or press <Enter> to enable the system to designate an index for it. The profile index is unique. Within any given 15-minute period, if the number of downstream lost frame seconds exceeds the preset value, an alarm will be generated. Currently, the parameter is invalid. Within any given 15-minute period, if the number of lost signal seconds exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the number of lost link seconds exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the number of lost power seconds exceeds the preset value, an alarm will be generated. Currently, the parameter is invalid. Within any given 15-minute period, if the number of errored seconds exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the number of failed retrain events exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the number of severely errored seconds exceeds the preset value, an alarm will be generated.
atuc/atur thresh-15-min-lofs
atuc/atur thresh-15-min-loss
atuc/atur thresh-15-min-lols
atuc/atur thresh-15-min-lprs
atuc/atur thresh-15-min-ess
atuc/atur thresh-15-min-failedfastr
atuc/atur thresh-15-min-sesl
Parameter atuc/atur thresh-15-min-uasl
Description Within any given 15-minute period, if the number of unavailable seconds exceeds the preset value, an alarm will be generated. Within any given 15-minute period, if the positive difference between the current and the past transmit bit rates in fast mode exceeds the preset value, an alarm will be generated. Currently, the parameter is invalid. Within any given 15-minute period, if the negative difference between the current and the past transmit bit rates in fast mode exceeds the preset value, an alarm will be generated. Currently, the parameter is invalid. Within any given 15-minute period, if the positive difference between the current and the past transmit bit rates in fast mode exceeds the preset value, an alarm will be generated. Currently, the parameter is invalid. Within any given 15-minute period, if the negative difference between the current and the past transmit bit rates in fast mode exceeds the preset value, an alarm will be generated. Currently, the parameter is invalid.
atuc/atur thresh-fast-rate-up
atuc/atur thresh-fast-rate-down
atuc/atur thresh-interleave-rate-up
atuc/atur thresh-interleave-rate-down
20.4.3 Adding an SHDSL Alarm Profile

To add an SHDSL alarm profile, you can run the command shdsl alarm-profile add.

Configure an SHDSL alarm profile Set the profile index
Whether to use the parameters of the default profle to create a new one? NO Set loop attenuation threshold Set SNR threshold Set ES threshold Set SES threshold Set CRC abnomalies threshold Set LOSW threshold Set UAS threshold Add an alarm profiel successfully
YES
Figure 20-8 Procedure for adding an SHDSL alarm profile. This example shows how to add SHDSL alarm profile 3.
MA5300(config)#shdsl line-profile add 3 Start profile 3 adding. During input,press 'CTRL+C' to quit,then settings at this time are neglected. >Do you use the default data to create a line profile?(y/n)[y]:n >G.SHDSL minimum line rate:(192~2304 kbps)[2048]: >G.SHDSL maximum line rate:(192~2304 kbps)[2048]: >Power Spectral Density mode (1--symmetric 2--asymmetric)[1]: >Transmission mode (1--G.991.2 Annex A 2--G.991.2 Annex B 3--support Annex A&B)[2]: >Remote enable (1--enabled 2--disabled)[1]: >Do you config the target SNR margin?(y/n)[n]:y >Downstream current target SNR margin(0~10 dB)[0]: Do you want to use it?(y/n)[y]:
>Downstream worst case target SNR margin(0~10 dB)[0]: Do you want to use it?(y/n)[n]:y >Upstream current target SNR margin(0~10 dB)[0]: Do you want to use it?(y/n)[n]:y >Upstream worst case target SNR margin(0~10 dB)[0]: Do you want to use it?(y/n)[n]:y Add profile 3 successfully.
Table 20-11 lists the parameters of an SHDSL alarm profile. Table 20-11 Parameters of an SHDSL alarm profile Parameter Profile index Description You can enter a profile number or press <Enter> to enable the system to designate a number for it. The profile index is unique, in the range of 216. attenuation The system collects performance data generated within any 15-minute period. If the loop attenuation exceeds the threshold, the system will issue an alarm. The system collects SNR related performance data generated within any 15-minute period. If the SNR margin exceeds the threshold, the system will issue an alarm. The system collects ES related performance data generated within any 15-minute period. If the accumulative ES exceeds the threshold, the system will issue an alarm. The system collects SES related performance data generated within any 15-minute period. If the accumulative SES exceeds the threshold, the system will issue an alarm. The system collects CRC related performance data generated within any 15-minute period. If the accumulative CRC exceeds the threshold, the system will issue an alarm. The system collects LOSW related performance data generated within any 15-minute period. If the LOSW exceeds the threshold, the system will issue an alarm. The system collects UAS related performance data generated within any 15-minute period. If the UAS exceeds the threshold, the system will issue an alarm.
Loop threshold
SNR margin threshold
Errored Second threshold
(ES)
Severely Errored Seconds (SES) threshold
CRC anomalies number threshold
Loss of SYNC Failure (LOSW) threshold Unavailable Seconds (UAS) threshold
20.4.4 Deleting an xDSL Alarm Profile

To delete a specified VDSL alarm profile, you can run the command vdsl alarm-profile delete.
To delete a specified ADSL alarm profile, you can run the command adsl alarm-profile delete. To delete a specified SHDSL alarm profile, you can run the command shdsl alarm-profile delete. This example shows how to delete VDSL alarm profile 2.
MA5300(config)#vdsl alarm-profile delete 2 The vdsl line alarm profile will be deleted . Are you sure?[Y/N]y
20.4.5 Modifying an xDSL Alarm Profile

The procedure for modifying an xDSL alarm profile is identical with that for configuring an xDSL alarm profile. To modify a specified VDSL alarm profile, you can run the command vdsl alarm-profile modify. To modify a specified ADSL alarm profile, you can run the command adsl alarm-profile modify. To modify a specified SHDSL alarm profile, you can run the command shdsl alarm-profile modify. An alarm profile takes effect soon after it is modified.
20.4.6 Viewing the Configurations of an xDSL Alarm Profile

To view the detailed information of a single xDSL line profile, you can run the command show. With parameter all, you can view the brief information displayed in list of all profiles. To view a specified VDSL alarm profile, you can run the command show vdsl alarm-profile. To view a specified ADSL alarm profile, you can run the command show adsl alarm-profile. To view a specified SHDSL alarm profile, you can run the command show shdsl alarm-profile. This example shows how to view the default VDSL alarm profile 1 (index as 1).
MA5300(config)#show vdsl alarm-profile 1 Following are all items of the VDSL Alarm-Profile 1 : Alarm-Profile name VTU-C thresh-15-min-lofs(s) VTU-C thresh-15-min-loss(s) VTU-C thresh-15-min-lprs(s) VTU-C thresh-15-min-ess(s) VTU-C thresh-15-min-lols(s) : ALARM-PROFILE-1 : 0 : 0 : 0 : 0 : 0

VTU-C thresh-15-min-sess(s) VTU-C thresh-15-min-uass(s) VTU-C init failure trap VTU-R thresh-15-min-lofs(s) VTU-R thresh-15-min-loss(s) VTU-R thresh-15-min-lprs(s) VTU-R thresh-15-min-ess(s) VTU-R thresh-15-min-lols(s) VTU-R thresh-15-min-sess(s) VTU-R thresh-15-min-uass(s) VTU-R init failure trap : 0 : 0
: DISABLE : 0 : 0 : 0 : 0 : 0 : 0 : 0 : DISABLE
20.4.7 Binding/Unbinding an xDSL Alarm Profile

After adding an xDSL alarm profile, you need to bind the alarm profile with an xDSL port, so that the system can report an alarm in case of abnormality. You can bind an xDSL alarm profile with a port before and after activating the port. By default, the system uses the alarm profile bound with the port last time, or alarm profile 1 if the port is to be bound for the first time. In board configuration mode, you can run the command alarm-config to bind an alarm profile with an xDSL port. To cancel the binding, you can run the command no alarm-config. In global configuration mode, you can run the command vdsl/adsl/shdsl alarm-config to bind an alarm profile with an xDSL port. To cancel the binding, you can run the command no vdsl/adsl/shdsl alarm-config. This example shows how to bind alarm profile 1 with all ports of the VDSL board residing in slot 4.
MA5300(config-board-Vdsl4)#alarm-config all 1
This example shows how to cancel the binding.

MA5300(config-board-Vdsl4)#no alarm-config 0
20.5 Viewing the Information of an xDSL Port

To view the configuration of a port, you can run the commands show interface, show port state or show vdsl/adsl/shdsl port state. To view the line profile information of a port, runt the command show line config or show vdsl/adsl/shdsl line config. To view the information of an activated port, you can run the command show line state or show vdsl/adsl/shdsl line state. The information consists of the port state, upstream/downstream rate, upstream/downstream interleave depth,
office-end/remote-end transmit power, upstream/downstream SNR margin, office-end/ remote-end mean square deviation, office-end/remote-end bit error count, and deactivation count. To view the version of a VDSL office-end/remote-end Modem, including the hardware version, software version and patch version, you can run the command show port version. To view the Ethernet statistics of a VDSL port, you can run the command show statistics frame. To view the performance statistics of a VDSL port, including performance statistics for last 15 minutes and last 24 hours, and all performance statistics currently available, you can run the command show statistics performance. 1) This example shows how to view the line profile information of port vdsl 4/0/23.
MA5300(config-board-vdsl4)#show line config 23 Interface AutoTrain Rate(Kbps) Margin(dB) Vdsl4/0/23 LINE-PROFILE-1 12500 12500 6.0 6.0 enable Rate(Kbps) Margin(dB) Profile Name DownStream UpStream DownSnr UpSnr
2)
This example shows how to view the information of an activated port vdsl 14/0/23.
MA5300(config-board-vdsl14)#show line state 23 Vdsl14/0/23 vdsl link status The actual down-stream rate(Kbps) The actual up-stream rate(Kbps) : active : 12500 : 12500
The down-stream interleave delay(ms): 1 The up-stream interleave delay(ms) Remote tx-power(dBm/Hz) Local tx-power(dBm/Hz) Remote SNR(dB) Local SNR(dB) Remote SNR Margin(dB) Local SNR Margin(dB) Remote MSE(dB) Local MSE(dB) Remote RS count Local RS count DownTimes : 1 : -89.720 : -66.770 : 38.240 : 27.220 : 13.1 : 8.0 : 21.800 : 17.160 : 0 : 0 : 1
3)
This example shows how to view the version of office-end/remote-end Modem of port vdsl 4/0/23.
MA5300(config-board-vdsl4)#show port version 23
-----------Local--------------------Remote---------Interface Vdsl4/0/23 Hw 0x81 Sw 0x2 Patch 0x0 Hw 0x32 Sw 0xb4 Patch 0x50
20.6 Maintaining an xDSL Port

20.6.1 Resetting an xDSL Port and Chipset
I. Resetting an xDSL port
Upon the occurrence of fault on an xDSL port, you can run the command port reset to reset SHDSL chipset. This example shows how to reset port vdsl 4/0/23.
MA5300(config-board-vdsl4)#port reset 23
II. Resetting an xDSL chipset

A VDSL/SHDSL board contains 3 chipsets (numbered 13), with each chipset controlling 8 VDSL/SHDSL ports, for example, chipset 1 for ports 07, chipset 2 for ports 815, and so on. An ADSL board contains 6 chipsets (numbered 16), with each chipset controlling 8 ADSL ports. When an xDSL port becomes faulty, you can run the command chipset reset to reset the associated chipset. This example shows how to reset chipset 1 of the VDSL board residing in slot 4.
MA5300(config-board-vdsl4)#chipset reset 1
20.6.2 Setting xDSL Port Loopback

When a port is set with loopback, the Ethernet frames sent from the port will be sent back. By comparing the transmitted frames with the received ones, the system can determine whether the link is normal. The MA5300 supports setting office-end/remote-end loopback for an xDSL port. In office-end loopback, you only need to test the switch chips and the office-end VDSL, without setting up any VDSL link. However, the office-end loopback be set only when the link is deactivated.
To set office-end/remote-end loopback for an xDSL port, you can run the command loopback. After a port is set with loopback, it is no longer able to forward data packets correctly. If not properly isolated, it may cause broadcast storm. Therefore, upon the completion of test, you should disable the loopback immediately running the command no loopback. By default, port loopback is disabled. This example shows how to enable loopback for port vdsl 4/0/0.
MA5300(config-if-Vdsl4/0/0)#loopback remote
The command loopback is just used to set loopback for a port. CPU alone cannot send test frames. To enable the CPU to send test frames, it should be assisted with the ports of auxiliary equipment. To perform port loopback test: Select a test port and connect it with the auxiliary equipment. Set a VLAN containing the testing port and the port to be tested (xDSL port) to protect the normal service. Set the xDSL port with loopback by using the command loopback. Cancel the port settings that might affect the port, such as STP (system test plan), and clear port statistics. For VDSL remote loopback, it is suggested that the working mode of a VDSL port be set as full duplex mode, and the rate be set as non-auto-negotiation. Send a certain number of data packets at a rate lower than 10Mbits/s using the auxiliary equipment; Stop sending data packets and verify the number of received data packets. If the number of the received packets equals that of the transmitted packets, the link is in normal state. To disable the port loopback setting, you can run the command no loopback.
20.6.3 Testing the ATM Link Connectivity of an ADSL Port

The ATM network is designed with Operation, Administration & Maintenance (OAM) functions. In upstream, an IP DSLAM device does not involve ATM OAM functions. In downstream, the CPE and CO serve as two ends. For the ease of fault locating and test, the MA5300 is designed with OAM F5 Loopback function, allowing you to test the connectivity of the ATM link between the CO and the CPE. The OAM F5 Loopback function is similar to the ping function for an IP network. To test the connectivity of the ATM link between an ADSL port and a RTU, you can run this command: atm-ping [ -c count ] [-t timeout ] portid vpi vci This example shows how to test the connectivity of the PVC (VPI/VCI=0/35) between port adsl 1/0/0 and the RTU.

MA5300(config-board-adsl1)#atm-ping 0 0 35
ATM-PING adsl1/0/0 0/35, press CTRL_C to break atm-ping successfully. Sequence=0 atm-ping successfully. Sequence=1 atm-ping successfully. Sequence=2 atm-ping successfully. Sequence=3 atm-ping successfully. Sequence=4 --- Atm-ping adsl1/0/0 0/35 statistics --5 oam f5 loopback cells transmitted 5 oam f5 loopback cells received 0.00% cell loss
20.6.4 Single-ended Test of an ADSL2+ Port

Single-ended test of an ADSL 2+ port is the test of the length of physical lines, SNR, and maximum rate. The test is only applicable to an activated ADSL2+ port.
I. Commands for single-ended test

To perform single-ended test, you can run the command adsl test selt. To cancel the test, you can run the command no adsl test selt.
MA5300(config-if-Adsl3/0/1)#adsl test selt Testing now! ALARM 4929 INFO MAJOR 0xf1000002 ----- 2003-12-04 14:35:54 ALARM NAME PARAS INFO : ADSL port status changed : ADSL4/0/0 status changed to testing!
DESCRIPTION : ADSL port status changed REASON ADVICE : Don't care! : Needn't repair!
II. Viewing test results

After the test, you can run the command show adsl test selt or show test selt to view the test results, including port number, test time, length of physical line, connected with modem or not, wire gauge, SNR margin and upstream/downstream maximum rate.
MA5300(config)#show adsl test selt Interface : adsl4/0/0 Test Time: 2003/12/24 Length: 100 feet Termination Status: open Wire Guage: 26awg 9:35 adsl4/0/0

SNR Margin 0 3 6 9 12 UpStreamRate 1200kbps 1150 kbps 1100 kbps 900 kbps 700 kbps

DownStreamRate 24400 kbps 23000kbps 22000kbps 21000kbps 19000kbps
20.6.5 Viewing the Bit Allocation of an ADSL2+ Port

Through the bit allocation information, you can get to know the number of bits carried by every ADSL2+ tone (totally 512 tones), and analyze the performance of the line. The command is only applicable to an activated ADSL2+ port. To view the bit allocation information on an activated line, you can run the command display line bit-allocation.
MA5300(config-board-adsl3)#show line bit-allocation 0 Adsl3/0/0 line bit allocation : UpStream bit allocation graph: 0 1 2 3 4 5 6 7 8 9 10 11 0 | 0 | 0 | 0 | 0 | 0 | 6 |****************** 8 |************************ 10 |****************************** 11 |********************************* 12 |************************************ 13 |***************************************
20.6.6 Viewing the Power State of an ADSL Port

To view the power state of the current port, you can run the command show line power-state. The power states consist of normal, battery saving and dormant.
MA5300(config-board-adsl3)#show line power-state 0 Interface Adsl4/0/0 power-state Full On
20.7 VDSL CPE Management

The MA5300 also features the management of VDSL CPE. The management includes VDSL CPE binding, automatic upgrade of VDSL CPE parameters, automatic upgrade of VDSL CPE patch.
20.7.1 Enabling/Disabling VDSL CPE Binding

I. Enabling/Disabling the VDSL CPE binding
To enable the binding with the VDSL remote equipment, the system may assign IDs to the MA5300 and the CPE respectively. As a result, the port can only work with the bound CPE. Replacement of the remote VDSL Modem, or mismatch of IDs between the MA5300 and the remote VDSL Modem will result in failure in port activation. You can run the command vdsl bind cpe to enable the binding of the MA5300 with the CPE (VDSL Modem), or the command no vdsl bind cpe to disable the binding. By default, no binding exists between the port and the CPE. When running the command vdsl bind cpe with no parameter specified, you should enter the randomly designated binding IDs in the MA5300 and the CPE. When running the command vdsl bind cpe bind-id, you should enter the designated binding IDs in the MA5300 and the remote user terminal simultaneously to bind them. This example shows how to bind port vdsl 4/0/0 with the CPE, using binding ID 12.
MA5300(config-if-Vdsl4/0/0)#vdsl bind cpe 12
Note: When you run commands to enable a binding, the associated port should be activated (with exception of the command vdsl bind cpe bind-id local).
II. Viewing the port binding information

Run the commands show interface, show port state, and show port cpe-info to see whether the CPE is bound and view the binding ID.
MA5300(config-board-vdsl0)#show port cpe-info { all<K>|INTEGER<0,23> }:0

Vdsl0/0/0: Bind CPE ID :1103500927
CPE information :none
20.7.2 Enabling/Disabling the Automatic Upgrade of VDSL CPE

The MA5300 supports automatic upgrade of parameters and patch version of VDSL CPE. After the automatic upgrade is enabled, programs can automatically monitor the patch version and parameters of the VDSL remote Modem. If the patch version is inconsistent with the version of the MA5300 or the parameters are not the latest, the system will upgrade them. If the upgrade succeeds, the system will offer the success message. Otherwise, it will offer the failure message. If using the remote VDSL Modem certified by the MA5300, you do not have to upgrade the parameters and patch version of the remote VDSL Modem. If using other remote VDSL Modems not certified by the MA5300, you have to upgrade them. By default, the automatic upgrade of the parameters and patch version of the CPE is disabled.
I. Automatic upgrade of VDSL remote equipment parameters

To enable the automatic upgrade of the parameters of a CPE, you can run the command vdsl auto-upgrade remote-parameter. To disable it, you can run the command no vdsl auto-upgrade remote-parameter. In global configuration mode, you can upgrade the parameters of the CPE connected to multiple ports:
MA5300(config)#vdsl auto-upgrade remote-parameter vdsl4/0/0 to vdsl4/0/23
In port configuration mode, you can upgrade the parameters of the CPE connected to a port:
MA5300(config-if-Vdsl4/0/0)#vdsl auto-upgrade remote-parameter
II. Automatic upgrade of VDSL CPE patches

To enable the automatic upgrade of the patches of the CPE, you can run the command vdsl auto-upgrade remote-patch. To disable it, you can run the command no vdsl auto-upgrade remote-patch. In global configuration mode, you can upgrade the patches of the CPE connected to multiple ports.
MA5300(config)#vdsl auto-upgrade remote-patch vdsl4/0/0 to vdsl4/0/23
In port configuration mode, you can upgrade the patches of the CPE connected to a port.
MA5300(config-if-Vdsl4/0/0)#vdsl auto-upgrade remote-patch
20.8 VDSL Configuration Example

20.8.1 Configuration Procedure
The configuration procedure involves: 1) 2) 3) 4) 5) 6) 7) 8) Add an EADA board and confirm it. Create a VLAN, and add ports to the VLAN. Configure a VDSL line profile (optional). Activate a VDSL port. Configure a VDSL alarm profile (optional). Bind a VDSL alarm profile with a VDSL port (optional). View the line parameters of an activated port. Save the data.
20.8.2 Networking Description
Internet
E V D A
CON ETH MON
FE7/2/0
ESM MODEM
MA5300
PC
Figure 20-9 Networking diagram of the VDSL service application Networking description: 1) The PC is connected to port 0 of the VDSL service board EVDA (assume it resides in slot 2) through VDSL modem. The upstream/downstream bandwidth should be 2 M. Other parameters adopt the default values.
2) 3)
The EVDAs ports belong to VLAN 2. The upstream ports working mode is set as Trunk, through which VLAN can pass. Service data is uplinked through the ESMs port FE7/2/0.
20.8.3 Data Configuration

I. Adding/Confirming an EVDA board
Insert an EVDA board in the MA5300 frame. The MA5300 will detect and confirm the board automatically. If the board is in auto-discovered state, you can run this command to confirm it.
MA5300(config)#board confirm 0/2
II. Creating VLAN 2, and adding port vdsl 2/0/0

MA5300(config)#vlan 2 MA5300(config-vlan2)#switchport vdsl 2/0/0 MA5300(config-vlan2)#exit
III. Setting the upstream port as Trunk, allowing VLAN 2 to pass through
MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 2 Please wait... Done. MA5300(config-if-Ethernet7/2/0)#exit
IV. Configuring a VDSL line profile

MA5300(config)#vdsl line-profile add 3 Start profile 3 adding. During input,press 'CTRL+C' to quit,then settings at this time are neglected. > Line config profile > VDSL link auto train bandplan 1-plan998 2-10base-s (1~2)[2]: 1-enable 2-disable (1~2)[1]:
> Target bit rate in downstream (780~25000 kbps) [12500]: 20000 > Target bit rate in upstream (780~25000 kbps) [12500]: 20000 > Target downstream interleaved depth 0,1,2,8,16 (0~16) [1]: > Target upstream interleaved depth 0,1,2,8,16 (0~16) [1]: > Signal to noise ratio margin in downstream:precision 0.1dB(0.0~31.0 dB) [6.0]: > Signal to noise ratio margin in upstream:precision 0.1dB(0.0~31.0 dB) [6.0]: > Will you set downstream PSDMask?(y/n)[n]: > Will you set upstream PSDMask?(y/n)[n]:

Add profile 3 successfully
V. Activating port vdsl 2/0/0 and binding it with line profile 3

MA5300(config)#vdsl activate vdsl 2/0/0 3
VI. Binding port vdsl 2/0/0 with the default alarm profile
MA5300(config))#vdsl alarm-config vdsl2/0/0 1
VII. Viewing the configuration

1) 2) To view the line parameters of an activated port, you can run the command show line state. To view the information of port vdsl 2/0/0, you can run the command show vdsl port state.
VIII. Saving the data

20.8.4 Verification
With the above steps, you can access the Internet through your PC.
20.9 ADSL/ADSL2+ Configuration Example

The configuration procedure involves: 1) 2) 3) 4) 5) 6) 7) 8) Add an EADA/EADB board and confirm it. Create a VLAN, and allocate ports to it. Configure an ADSL/ADSL2+ line profile (optional). Activate an ADSL/ADSL2+ port. Configure an ADSL/ADSL2+ alarm profile (optional). Bind an ADSL/ADSL2+ alarm profile with an ADSL/ADSL2+ port (optional). View the line parameters of an activated port. Save the data.
Note: The service configuration of ADSL2+ differ from those of ADSL only in the configuration of the board, line profile and alarm profile. Other procedures for ADSL2+ and ADSL are the same.

Figure 20-10 shows the networking of the ADSL service application.
Internet
E A D A
CON ETH MON
FE7/2/0
ESM MODEM
MA5300
PC
Figure 20-10 Networking of an ADSL2+ service application Networking description: 1) The PC is connected to port 0 of the ADSL service board EADA (assume it resides in slot 1) through ADSL modem. The upstream/downstream bandwidth should be 6 M. Other parameters adopt the default values. 2) 3) The EADAs ports belong to VLAN 10. The upstream ports working mode is set as Trunk, through which VLAN 10 can pass. Service data is uplinked through the ESMs port FE7/2/0.

I. Adding/Confirming an EADA board
Insert an EADA board into the MA5300 frame. The MA5300 can detect and confirm the board automatically. If the board is in auto-discovered state, you can run this command to confirm it.
II. Creating VLAN 10 and allocating port adsl 1/0/0 to it

MA5300(config)#vlan 10 MA5300(config-vlan10)#switchport adsl1/0/0

MA5300(config-vlan10)#exit
IV. Configuring an ADSL line profile

MA5300(config)#adsl line-profile add 3 Start profile 3 adding. During input,press 'CTRL+C' to quit,then settings at this time are neglected. > please choose the type of template 0-ADSL 1-ADSL2+ (0~1)[0]:
> Will you set basic configuration for modem? (y/n)[n]: > Will you set channel mode? (y/n)[n]: > Will you set noise margin for modem? (y/n)[n]: > Will you set parameters for rate? (y/n)[n]:y > If you want the fixed rate, set the Minimum value equal to Maximum value. > Minimum bit rate in downstream (32~8160 Kbps) [32]: 6144 > Maximum bit rate in downstream (32~8160 Kbps) [6144]: 6144 > Minimum bit rate in upstream (32~896 Kbps) [32]: > Maximum bit rate in upstream (32~896 Kbps) [640]:32 Add profile 3 successfully
V. Activating port adsl 1/0/0 with line profile 3

MA5300(config)#adsl activate adsl1/0/0 3
VI. Binding port adsl 1/0/0 with the default alarm profile
MA5300(config))#adsl alarm-config adsl 1/0/0 1
VII. Viewing the configuration

1) 2) To view the line parameters of port adsl 1/0/0 after activating it, you can run the command show adsl line state. To view the information of port vdsl 2/0/0, you can run the command show interface or show port state.

20.9.4 Verification
20.10 SHDSL Configuration Example

The configuration procedure involves: 1) 2) 3) 4) 5) 6) 7) 8) Add an ESHA board and confirm it. Create a VLAN, and allocate ports to it. Configure an SHDSL line profile (optional). Activate an SHDSL port. Configure an SHDSL alarm profile (optional). Bind an SHDSL alarm profile with an SHDSL port (optional). View the line parameters of an activated port. Save the data.

Figure 20-11 shows the networking of the ADSL service application.
Internet
E S H A
CON ETH MON
FE7/2/0
ESM MODEM
MA5300
PC
Figure 20-11 Networking of an SHDSL service application Networking description:
1)
The PC is connected to port 0 of the SHDSL service board ESHA (assume it resides in slot 4) through SHDSL modem. The upstream/downstream bandwidth should be 2 M. Other parameters adopt the default values.
2) 3)
The ESHAs ports belong to VLAN 20. The upstream ports working mode is set as Trunk, through which VLAN 20 can pass. Service data is uplinked through the ESMs port FE7/2/0.

I. Adding/Confirming an ESHA board
Insert an EADA board into the MA5300 frame. The MA5300 can detect and confirm the board automatically. If the board is in auto-discovered state, you can run this command to confirm it.
II. Creating VLAN 20 and allocating port shdsl 4/0/0 to it

MA5300(config)#vlan 20 MA5300(config-vlan20)#switchport shdsl4/0/0 MA5300(config-vlan20)#exit
IV. Configuring an SHDSL line profile

MA5300(config)#shdsl line-profile add 2 Start profile 2 adding. During input,press 'CTRL+C' to quit,then settings at this time are neglected. >Do you use the default data to create a line profile?(y/n)[y]:n >G.SHDSL minimum line rate:(192~2304 kbps)[2048]: >G.SHDSL maximum line rate:(192~2304 kbps)[2048]: >Power Spectral Density mode (1--symmetric 2--asymmetric)[1]: >Transmission mode (1--G.991.2 Annex A 2--G.991.2 Annex B 3--support Annex A&B)[2]: >Remote enable (1--enabled 2--disabled)[1]: >Do you config the target SNR margin?(y/n)[n]:

Add profile 2 successfully.
V. Activating port shdsl 4/0/0 with line profile 2

MA5300(config)#shdsl activate shdsl4/0/0 2
VI. Binding port adsl 4/0/0 with the default alarm profile
MA5300(config)#shdsl alarm-config shdsl4/0/0 1
VII. Viewing line paramters

MA5300(config)#show shdsl line state shdsl4/0/0

20.10.4 Verification
Chapter 21 PVC and Access Configuration

The MA5300s ADSL, ADSL2+, and SHDSL ports can be configured with a single PVC or multiple PVCs to offer various access services. By setting PVC connection modes, you can access the Internet in the way of 1483B, IPoA or PPPoA. This chapter involves: Configuring a Single PVC Configuring Multiple PVCs Configuring IPoA Configuring PPPoA Configuring PITP
21.1 Configuring a Single PVC

The configuration of a single PVC involves: Setting the VPI and VCI Setting the Connection Type of a Single PVC Table 21-1 lists the commands for configuring a single PVC. Table 21-1 Commands for configuring a single PVC To... Use... In... Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode
Set a single PVC
(no) pvc
adsl/shdsl
View the VPI/VCI of a single PVC
show adsl config
line
View the VPI/VCI of a single PVC
show line config
To...
Use...
In... Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode Global configuration mode/ADSL port configuration mode Global configuration mode/ADSL port configuration mode
Set the connection type of a port
connect-type
Enable/Disable the auto-sensing of a single PVC
pvc auto-sensing { enable | disable } show multipvc
Enable multi-PVCs of a port
View the configuration of multi-service in single-PVC mode
show interface
21.1.1 Setting the VPI and VCI

In single-PVC mode, each ADSL/SHDSL port has a fixed PVC. By default, the VPI/VCI is 0/35. To set the VPI and VCI of a PVC, you can run the command adsl/shdsl pvc. To restore the default setting, you can run the command no adsl/shdsl pvc.
Note: The ADSL/SHDSL ports fixed PVC must be consistent with the PVC of the remote Modem in terms of VPI and VCI settings. Otherwise, the connection from the port to the Modem will fail.
This example shows how to set the PVC of port adsl 1/0/0 as 0/35.
MA5300(config-if-Adsl1/0/0)#adsl pvc vpi 0 vci 35
To view the settings, you can run the command show adsl line config or show line config.
MA5300(config)#show adsl line config adsl1/0/0 interface LineProfile AlarmProfile ---Pvc--- -----Car----- CodingType LineType vpi vci dsBand usBand
-------------------------------------------------------------------Adsl1/0/0 1 1 0 35 255 255 DMT FAST
21.1.2 Setting the Connection Type of a Single PVC

To set the connection type of a single PVC of an ADSL/SHDSL port, you can run this command: connect-type {1483b | pppoa-llc | pppoa-vcmux | ipoa-llc | auto} For details on PPPoA and IPoA configuration, refer to the ensuing chapters. This example shows how to set port adsl 10/0/0s connection type as PPPoA llc.
MA5300(config)#connect-type pppoa-llc adsl10/0/0
21.1.3 Enabling/Disabling the Single-PVC Multi-service Dispatch

With the single-PVC multi-service dispatch function, the MA5300 can transmit multiple services over one PVC, and isolate them to different networks. The single-PVC multiple services include PPP, IAD and STB services. The MA5300 uses MUX VLAN (or common VLAN in the case of ESMB board) to access PPP service, a VLAN for a user. The MA5300 forwards PPP packets to the BRAS in L2 working mode. The MA5300 uses Smart VLAN (or common VLAN if L2 user isolation is not to be considered) to access IAD/STB services through DHCP. It transmits these services to their respective networks in L3 working mode. When accessing IAD/STB services, the MA5300 works in L3. It is configured with three L3 interfaces: One is at user side for forwarding IAD/STB packets downstream, the other interfaces are for IAD and STB services. Therefore, the three interfaces shall be allocated to different VLANs.
Note: An ADSL port with single PVC function enabled can be added to up to three VLANs only.
I. Enabling/Disabling the single-PVC multi-service dispatch function

To enable single-PVC multi-service dispatch function, you can run the command multi-service dispatch enable. To disable single-PVC multi-service dispatch function, you can run the command multi-service dispatch disable. By default, ADSL ports do not support single-PVC multi-service dispatch function.
An ADSL port can belong to an MUX VLAN and a Smart VLAN at the same time. That is because the port accesses PPPoE service through a common VLAN (or MUX VLAN), while IAD/STB service through a Smart VLAN. When an ADSL ports single-PVC multi-service function is enabled, the port will become a Trunk port automatically. A ports single-PVC multi-service function and multi-PVC function cannot coexist. If the ports multi-PVC function is enabled, you cannot enable its single-PVC function. This example shows how to enable the single-PVC multi-service dispatch function of port adsl 1/0/0.
MA5300(config)#multi-service dispatch enable adsl1/0/0
II. Enabling/Disabling the single-PVC PPP and IAD/STB services

After an ADSL ports single-PVC multi-service function is enabled, you need to enable the PPP and IAD/STB services, which are disabled by default. To enable an ADSL ports single-PVC multi-service function, you can run the command multi-service forward. 1) Enable the PPP service.
To enable the PPP service, and specify the VLAN and priority for PPP packet forwarding, you can run this command: multi-service forward ppp enable [vlan vlan-id ] [priority priority ] To disable PPP service, you can run the command multi-service forward ppp disable. This example shows how to enable port adsl 1/0/0s PPP service, and forward PPP packets through VLAN 10 at the priority of 7 in global configuration mode.
MA5300(config)#multi-service forward ppp enable vlan 10 priority 7 adsl1/0/0
This example shows how to disable PPP service for port adsl 1/0/0.
MA5300(config)#multi-service forward ppp disable adsl1/0/0
This example shows how to set PPP service priority of port adsl 1/0/0 as 4.
MA5300(config)#multi-service forward ppp priority 4 adsl1/0/0
2)
Enable the IAD/STB service.
To enable IAD/STB service and specify the VLAN and priority for forwarding IAD/STB packets, or to modify relevant parameters, you can run this command: multi-service forward iad-stb [ vlan vlan-id ] [ priority priority ] In global configuration mode, enable port adsl 1/0/0s IAD/STB service, in which the packets are forwarded through VLAN 20 and with the priority of 0.
MA5300(config)#multi-service forward iad-stb vlan 20 priority 0 adsl1/0/0
This example shows how to set the priority of port adsl 1/0/0s PPP service as 4.
MA5300(config)#multi-service forward ppp priority 4 adsl1/0/0
Note: Before configuring the VLAN for PPP and IAD/STB services, you need to add the port to the VLAN. For a Smart VLAN, you can do this by adding the port to the Smart VLAN as an upstream or downstream port, rather than running the command switchport. PPP and IAD/STB services cannot belong to the same VLAN. The priority of PPP service is usually lower than that of IAD/STB service. (0 is for the lowest priority, and 7 is for the highest priority).
III. Enabling/Disabling three-degree-priority of an ADSL port

An ADSL port supports three kinds of services: PPP, IAD and STB. The priority range of those services is 07. To set the services with different priority, you can run the command adsl three-degree-priority enable. Priority levels 01 belong to the lowest degree, 23 belong to the medium degree, while 47 belong to the highest degree. To disable three-degree-priority function, you can run the command adsl three-degree-priority disable. By default, the function is disabled. This example shows how to enable three-degree-priority function on port adsl 3/0/0.
MA5300(config)#adsl three-degree-priority enable adsl3/0/0
21.1.4 Viewing the Single-PVC Configuration

To view the single-PVC configuration, you can run the command show interface. This example shows how to view the single-PVC configuration of port adsl 1/0/0.
MA5300(config)#show interface adsl 1/0/0 Adsl1/0/0 is down The ADSL link is activating Bind line-profile No.1 LINE-PROFILE-1 Bind alarm-profile No.1 ALARM-PROFILE-1 Hardware is Ethernet over ATM over ADSL, Hardware address is 00e0.fc12.e3f2 EOC State HDLC Last UP time : 0000-00-00 00:00:00.0

Last DOWN time : 0000-00-00 Encapsulation type is 1483B Line coding type is DMT

00:00:00.0
Local-Tx-Rate 0 Kbps, Remote-Tx-Rate 0 Kbps, _ADSL_TX three-degree-priority mode: disable PVC: vpi is 0, vci is 35 CAR: ds-band is 255, us-band is 255 PVID is 1 Max mac-address learning count: 16 Max multicast group count: 2 Multi-service dispatch: enable PPP: VLAN 10 Priority: 4, IAD-STB: VLAN 20 Priority: 0 Multi-Pvc mode: disable TwoTagMode : common Port mode: trunk Vlan passing : 1(default vlan), 10, 20 Vlan allowed : 1(default vlan), 10, 20 Output: 0 bytes PPP: 0 bytes, VOIP: 0 bytes, multicast: 0 bytes Input : 0 bytes PPP: 0 bytes, VOIP: 0 bytes To CPU : 0 packets Discard: 0 packets
21.2 Configuring Multiple PVCs

You can create multiple PVCs on an ADSL/SHDSL port and configure PVCs to deliver priority based traffics. This is to enable traffic classification and packet prioritization on the port. Up to 8 PVCs can be created on an ADSL/SHDSL port. The 8 PVCs can support packets of various types, including PPPoEoA, IPoEoA, IPoA and PPPoA.
Note: You can set a PVC in either global configuration mode (requiring specific port number input) or port configuration mode.
Table 21-2 lists the commands for configuring a PVC. Table 21-2 Commands for configuring a PVC To Enable/Disable multi-PVC function on a port Use multipvc enable/disable In Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode All modes except the user EXEC mode All modes except the user EXEC mode
Add a PVC in multi-PVC mode
multipvc add
Delete a PVC multi-PVC mode
in
multipvc delete
Modify a PVC multi-PVC mode
in
multipvc modify
View the multi-PVC information of a port View the single-PVC multi-service information of a port
show multipvc
show interface
21.2.1 Enabling/Disabling the Multi-PVC Function

By default, a port can only be configured with a single PVC. To enable a port to support multiple PVCs, you can run the command multipvc enable. To disable the multi-PVC function, you can run the command multipvc disable. After the multi-PVC function is enabled for a port, PVC 1 adopting the original single PVC configuration is the default one. It cannot be added and deleted, but can be modified. When the multi-PVC function is disabled, the single PVC configuration adopts the attributes of PVC 1 in the original multi-PVC. This example shows how to enable multi-PVC on port adsl 3/0/0.
MA5300(config)#multipvc disable adsl 3/0/0
After the above step, you can run the command show multipvc to view the multi-PVC configuration.
MA5300(config)#show multipvc Enabled multi-pvc function port(s) : Adsl3/0/0 Adsl3/0/1 Adsl3/0/2 Shdsl4/0/0 Shdsl4/0/1
21.2.2 Adding PVCs to a Port

Every ADSL/SHDSL port supports up to 8 PVCs. To add a PVC to a port, you can run the command multipvc add. For details on the command, refer to SmartAX MA5300/5303 Broadband Access System Command Help. When adding a PVC, note the following: The multi-PVC function shall be enabled already. Since each ADSL port supports up to 8 PVCs, and each ADSL board supports up to 128 PVCs, the total number of PVCs on all ports cannot exceed 128. The VPI and VCI settings shall be consistent with those of the remote Modem. Each PVC on an ADSL port shall belong to a different VLAN. In other words, multiple PVCs must not belong to the same VLAN. To create PVCs whose connection type is AUTO, PPPoA or IPoA, you have to set the source and destination MAC addresses of the PPPoA and IPoA, as well as the Session ID of the associated slot. Otherwise, the system prompts the failure. For details, refer to 21.4 Configuring PPPoA. This example shows how to add a PVC (VPI: 1, VCI: 25, connection type: 1483b) which belongs to VLAN 2.
MA5300(config-if-Adsl3/0/0)#multipvc add pvcindex 2 vpi 1 vci 25 connect-type 1483b vlan 2
21.2.3 Deleting a PVC from a Port

To delete a PVC from an ADSL port, you can run the command multipvc delete. PVC 1 cannot be deleted. This example shows how to delete PVC 2 from port adsl 3/0/0.
MA5300(config-if-Adsl3/0/0)#multipvc delete pvcindex 2
21.2.4 Modifying the PVC Configurations of a Port

I. Modifying the parameters of a PVC
To modify the parameters of a port, you can run the command multipvc modify. This example shows how to modify the VPI/VCI settings of PVC 2 on port adsl 3/0/0.
MA5300(config)#multipvc modify pvcindex 2 vpi 5 vci 55
II. Enabling/Disabling the multicast function on a PVC

To enable a PVC of an ADSL/SHDS port to support multicast function, you can run the command multipvc modify. On an ADSL/SHDSL port, only one PVC is allowed to support multicast in downstream and transmission of IGMP packets. This example shows how to enable PVC 2 to support multicast.
MA5300(config-if-Adsl3/0/0)#multipvc modify pvcindex 2 support-down-mcast-stream
21.2.5 Viewing the Configuration of Multi-PVC

To view the configuration of multi-PVC, you can run the command show multipvc config.
MA5300(config)#show multipvc config adsl 3/0/0 Adsl3/0/0: Multi-Pvc mode: enable PVC 1 : enable PVC connect type : 1483B PVC CAR PVID Priority : vpi is 0, vci is 35 : ds-band is 255, us-band is 255 : 1 : 0
Support Down MultiCast Stream : enable Support IGMP packet Output Input To CPU PVC 2 : disable PVC 3 : disable PVC 4 : disable PVC 5 : disable PVC 6 : disable PVC 7 : disable PVC 8 : disable : 0 packets, 0 cells : 0 packets, 0 cells : 0 packets : enable
21.3 Configuring IPoA

21.3.1 Overview
IP over ATM (IPoA) refers to the transmission of IP packets over ATM networks. The MA5300 performs the following on IPoA packets: 1) 2) 3) Encapsulating IPoA packets through its ADSL/SHDSL service boards. Converting IPoA packets into IP over Ethernet (IPoE) packets. Sending them to the IP network finally.
In IPoA encapsulation mode, the user PC is configured with private network address. The RTU needs to be configured with both private and public network addresses. The private network address and the user PC are located in the same segment. With the IPoA function, the RTU can obtain its public IP address through both static configuration and dynamic allocation. The PC is configured with a private IP address. To access the public network, the RTU converts the private IP address into a public one through NAT. When offering IPoA function, the MA5300 works in L2 static mode or L3 dynamic mode. It terminates IPoA packets, and converts them into IPoE packets. In these two modes, the MA5300 adopts different configurations and mechanisms.
I. L2 mechanism
In this mode, the PVCs of the MA5300 shall contain the IP address of the upper layer gateway. With the IP address, the MA5300 can automatically obtain the MAC address of the upper layer gateway to set up an upstream route. At the same time, the MA5300 can also obtain the IP address of the RTU through the Reverse Address Resolution Protocol (RARP). When you create an IPoA PVC, the MA5300 can allocate a source MAC address for the PVC through its source MAC address pool. Using the source MAC address and destination IP address of the PVC, the MA5300 can form an ARP entry and an upstream route. It also informs the upper layer router to refresh the ARP table.
II. L3 mechanism
When the MA5300 works in this mode, you need to set the IP address of the VLAN used for packet forwarding as that of IPoA gateway. The MA5300 can obtain the IP address of the RTU. This IP address, together with the allocated source MAC address, forms the ARP entry of the downstream route. In this mode, the MA5300 first terminates IPoA packets, and then performs L3 routing and forwarding locally, regardless of the configuration on the L3 device.
The IPoA configuration involves: Setting an IPoA Connection (Single-PVC) Setting an IPoA Connection (Multi-PVC) Setting the Source MAC Address Setting the Default IP Address of the Upper Layer Gateway Setting the Mode of Obtaining Peer End IP Address Viewing IPoA information Table 21-3 lists the commands for configuring IPoA. Table 21-3 Commands for configuring IPoA To... Use... In... Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode Global configuration mode ADSL port configuration mode/SHDSL port configuration mode ADSL port configuration mode/SHDSL port configuration mode
Set the IPoA connection (single PVC)
connect-type ipoa-llc
Add an IPoA PVC
multipvc add
Modify an IPoA PVC
multipvc modify
Delete an IPoA PVC
multipvc delete
Set the source MAC address Set the default IP address of the upper layer gateway Set the mode of obtaining peer end IP address
(no) atm-terminated source-mac (no) atm-terminated ipoa dest-ip ip
(no) atm ipoa pvc
Clear packet statistics
clear atm ipoa pvc
To... View the configuration and packet statistics of an IPoA PVC
Use... show atm ipoa pvc
In... All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
View the global configuration
show atm ipoa config show atm ipoa config atm-terminated source-mac show atm ipoa config atm-terminated dest-address show atm atm-terminated source-mac ipoa
View the information on the source MAC address pool View the information on the default gateway addresses View the information on the use state of source MAC addresses
Note: It only describes the PVC associated with IPoA here. For other types of PVCs, refer to related chapters. A PVC can be configured in port configuration mode or global configuration mode. The following only describes how to configure a PVC in global configuration mode. To configure a PVC in port configuration mode, the input of port parameters is not required.
21.3.2 Setting an IPoA Connection (Single-PVC)

To set an IPoA connection for an ADSL/SHDSL port working in single PVC mode, you can run this command in global configuration mode: connect-type ipoa-llc { all | slot_no | port_list } [ { dest-static { default-ip | ip ipaddress } | dest-dynamic } ] To set the PVC connection type as IPoA, you need to set the source MAC address pool first. Table 21-4 Parameters of IPoA connection Parameter dest-static Meaning The MA5300 works in L2 mode. Description Remark By default, the system works
Parameter
Meaning
Description You need to set the IP address for the VLAN to which the ADSL port belongs. The IP address is used as the address of the upper layer gateway. Run the command atm-terminated ipoa dest-ip ip to set the default IP address first. -
Remark in L2 mode.
dest-dynamic
The MA5300 works in L3 mode.
default-ip
The MA5300 adopts the default IP address of the upper layer gateway. The MA5300 adopts the IP address specified for upper layer gateway.
ip address
Through the IP address, the system can obtain the destination MAC address from the IPoE packets.
This example shows how to set an IPoA connection for port adsl 1/0/1. Assume that the MA5300 works in L3 mode, port adsl 1/0/1 belongs to VLAN 10, and VLAN 10 is configured with an IP address.
MA5300(config)#connect-type ipoa-llc adsl 1/0/1 dest-dynamic
This example shows how to set an IPoA connection for port adsl 1/0/2. Assume that the MA5300 works in L2 mode, and uses the IP address of the upper layer gateway.
MA5300(config)#connect-type ipoa-llc adsl 1/0/2 dest-static default-ip
21.3.3 Setting an IPoA Connection (Multi-PVC)

I. Adding an IPoA PVC
After enabling the multi-PVC function by running the command multipvc enable, you can add an IPoA PVC running this command in global configuration mode: multipvc add { all | slot_no | port_list } pvcindex index vpi vpi vci vci connect_type ipoa-llc vlan vlanid [ { dest-static { default-ip | ip ipaddress } | dest-dynamic } ]
Note: For details on the description of parameters, refer to 21.3.2 Setting an IPoA Connection (Single-PVC). By default, the system works in L2 mode, and uses the IP address of the upper layer gateway. PVCs configured for an ADSL port must not belong to the same VLAN. The VLAN to which these PVCs belong shall already exist. If the system works in L3 mode, you need to set the IP address for the VLAN.
This example shows how to add an IPoA PVC to port adsl 1/0/0. Assume that the PVC belongs to VLAN10, and the MA5300 works in L2 mode.
MA5300(config)#multipvc add adsl1/0/0 pvcindex 2 vpi 50 vci 50 connect-type ipoa-llc vlan 10
II. Modifying the settings of an IPoA PVC

To modify the settings of an IPoA PVC, you can run this command in global configuration mode: multipvc modify { all | slot_no | port_list } pvcindex index { vpi vpi vci vci | connect_type connecttype | vlan vlanid } This example shows how to change the connection type of a PVC into 1483B. Assume that the PVC is numbered as 1, and belongs to port adsl 1/0/0.
MA5300(config)#multipvc modify adsl 1/0/0 pvcindex 1 connect-type 1483b
III. Deleting an IPoA PVC

To delete an IPoA PVC, you can run the command multipvc delete pvcindex index. This example shows how to delete PVC 2 which belongs to port adsl 1/0/0.
MA5300(config)#multipvc delete adsl1/0/0 pvcindex 2
21.3.4 Setting the Source MAC Address

When offering IPoA access, the MA5300, as an IP DSLAM device, needs to convert the IPoA packets into IPoE packets. To realize the conversion, the MA5300 needs to know the MAC address of IPoA user, namely the source MAC address. Due to the inability in obtaining source MAC address through protocols and the limitations of IPoA applications, an MAC address table shall be configured to realize MAC address distribution and save MAC addresses.
The management of MAC address pool is based on demands. When a PVC is created, it is also allocated with an MAC address. When a PVC is deleted, the MAC address of the PVC is also released. To set or modify a source MAC address pool manually, you can run this command: atm-terminated source-mac H.H.H [ scope scope-value ] To delete a source MAC address pool, you can run the command no atm-terminated source-mac. By default, an MAC address pool supports 1792 MAC addresses. The MA5300 is configured with a default MAC address segment, which ranges from 00e0.fc20.3bb9 to 00e0.fc20.4bb8, totally 4096 addresses. The segment is divided into 4 sections, one section for every frame, and 1024 MAC addresses per section. Therefore, the MA5300 can be subtended with up to 4 frames. 00e0.fc20.3bb900e0.fc20.3fb8 00e0.fc20.3fb900e0.fc20.43b8 00e0.fc20.43b900e0.fc20.47b8 00e0.fc20.47b900e0.fc20.4bb8 Description of the source MAC address: If you have configured an MAC address pool manually for the system, the MAC address range in this address pool overrides the default one. If no MAC address pool is configured manually in the system, the default one will be used. The section number is the frame number plus 1. You can run the command frameid set to specify the number of a frame. When modifying an MAC address pool configured manually, you cannot modify an MAC address already distributed. For a system configured with an MAC address pool, you need to delete the configured one and reset the system before the default one can be used. You cannot delete an MAC address pool in use. You can configure only one MAC address pool in the MA5300. This example shows how to set an MAC address pool: its start source MAC address is 00e0.fc01.0203, and its capacity is 256.
MA5300(config)#atm-terminated source-mac 00e0.fc01.0203 scope 256
21.3.5 Setting the Default IP Address of the Upper Layer Gateway

The purpose of setting the IP address of the upper layer gateway is to obtain the destination MAC address of IPoE packets. Through the ARP function, the system can obtain the MAC address corresponding to the IP address. This configuration is needed only when the MA5300 works in L2 mode.
To set the IP address of the upper layer gateway, you can specify it when setting an IPoA PVC, or run the command atm-terminated ipoa dest-ip ip. To delete the default IP address, you can run the command no atm-terminated ipoa dest-ip ip. If the IP address of the upper layer gateway is in use, you cannot delete it. This example shows how to set the IP address of the upper layer gateway as 20.1.1.1.
MA5300(config)#atm-terminated ipoa dest-ip ip 20.1.1.1
21.3.6 Setting the Mode of Obtaining Peer End IP Address

When the system maintains the upper layer ARP forwarding table or converts IPoA packets into IPoE packets, it needs to obtain the IP address of the peer end RTU. To set the mode in which the system obtains the peer end IP address of an IPoA PVC, you can run the command atm ipoa pvc. To cancel the setting, you can run the command no atm ipoa pvc. The command format is: atm ipoa pvc { pvcindex index | vpi vpi vci vci } protocol ip { ip-address ipaddress | inarp minutes minutes | arp minutes minutes } Table 21-5 Parameter description Parameter Meaning Description If the system cannot obtain the peer end IP address dynamically, you can use the parameter to specify the IP address.
ip-address ipaddress
Bind the port with the peer end IP address of the PVC
inarp minutes minutes
The system will obtain the peer end IP address through dynamic protocol. minute minutes determines the interval at which the system sends InATMARP packets. The default value is 15 minutes. The system will obtain the MAC address of the upper layer gateway through dynamic protocol. minute minutes determines the interval at which upper layer MAC address is refreshed. The default value is 3 minutes.
RTU is required to support RFC1577 protocol.
arp minutes minutes
This example shows how to set the peer end IP address as 20.30.40.50 for the IPoA PVC of port adsl 2/0/0.
MA5300(config-if-Adsl2/0/0)#atm ipoa pvc vpi 0 vci 35 protocol ip ip-address 20.30.40.50
This example shows how to set the interval at which port adsl 2/0/0 sends InATMARP packets over IPoA PVC [0/35] as 20 minutes.
MA5300(config-if-Adsl2/0/0)#atm ipoa pvc vpi 0 vci 35 protocol ip inarp minute 20
21.3.7 Viewing IPoA information

I. Viewing the IPoA global configuration
To view the IPoA global configuration, you can run this command: show atm ipoa config [atm-terminated { source-mac | dest-address} ] With no parameter specified, you can view the global static configuration. With source-mac, you can view the information on the use state of source MAC addresses. With dest-address, you can view the information on the default gateway addresses. This example shows how to view the IPoA global configuration.
MA5300(config)#show atm ipoa config ATM IPOA config information: -----------------------------------------------------------Source_MAC_begin Scope Destination_IP Destination_MAC
-----------------------------------------------------------00e0.fc01.0203 256 20.1.1.1 0000.0000.0000
------------------------------------------------------------
This example shows how to view the information on the source MAC address pool.
MA5300(config)#show atm ipoa config atm-terminated source-mac Source MAC pool information: -----------------------------------------------------------Source_MAC_begin Scope Used_num Remained_num
-----------------------------------------------------------00e0.fc01.0203 256 3 253
------------------------------------------------------------
This example shows how to view the information on the default gateway address.
A5300(config)#show atm ipoa config atm-terminated dest-address Default destination gateway address information: ---------------------------------------------------

Destination_IP Destination_MAC

Referenced_NUM
--------------------------------------------------20.1.1.1 0000.0000.0000 2
---------------------------------------------------
II. Viewing the information on the use state of source MAC addresses
To view the information on the use state of source MAC addresses, you can run the command show atm ipoa atm-terminated source-mac. This example shows how to view the information on all source MAC addresses being used.
MA5300(config)#show atm ipoa atm-terminated source-mac all Source MAC mapped with PVC information: -------------------------------------------------------Source_MAC PVC[Interface VPI/VCI]
-------------------------------------------------------00e0.fc01.0204 00e0.fc01.0208 00e0.fc01.0209 Adsl1/0/1 0/35 Adsl1/0/0 50/50 Adsl1/0/3 0/35
---------------------------------------------------------
III. Viewing the configuration of a PVC

To view the configuration of an IPoA PVC and the packet statistics, you can run this command: show atm ipoa pvc { all | slot_no | port_list } [ pvcindex index | vpi vpi vci vci ] [statistic] With pvcindex or vpi/ vci, you can specify a PVC. With statistic, you can view the packet statistics of a PVC. This example shows how to view the configuration of PVC 2 which belongs to port adsl 1/0/0.
MA5300(config)#show atm ipoa pvc adsl 1/0/0 pvcindex 2 Adsl1/0/0: PVC 2: Enable PVC connect type : PVC Map VLAN : : IPOA-LLC VPI is 30,VCI is 100 10
Source MAC address : 00e0.fc01.020a Source protocol address : NULL Destination MAC address : 00e0.fc12.e3f3 Destination gateway IP The InATMARP interval : 10.1.1.2(Local route interface) : 15(minute)

The ARP interval

: 3(minute)
This example shows how to view the packet statistics of PVC 2 which belongs to port adsl 1/0/0.
MA5300(config)#show atm ipoa pvc adsl 1/0/0 pvcindex 2 statistic -----------------------------------------------------------PVC[Adsl1/0/0 30/100] ATM packet statistics -----------------------------------------------------------The number of ATM packet received : 0 The number of error ATM packet received: 0 The number of ATM packet sent: 8 The number of error ATM packet sent: 1 The number of InATMARP requests received: 0 The number of InATMARP requests sent: 9 The number of InATMARP replies received: 0 The number of InATMARP replies sent: 0 The number of invalid InATMARP requests received: 0 The number of times that not receive an InATMARP reply: 1 The number of times that InATMARP reply expired: 8 ------------------------------------------------------------
IV. Clearing packet statistics

To clear the packet statistics on a PVC of an ADSL/SHDSL port, you can run this command: clear atm ipoa pvc vpi vpi vci vci statistics This example shows how to clear the packet statistics on the PVC (50/50) of port adsl 1/0/0.
MA5300(config-if-Adsl1/0/0)#clear atm ipoa pvc vpi 50 vci 50 statistic
21.3.8 L2 IPoA Access Configuration Example

Through the IPoA access function, the user Modem can connect to the MA5300 to access the Internet.
To configure L2 IPoA access, do as follows: 1) 2) 3) 4) 5) Set the Modem encapsulation type as IPoA. Set the source MAC address pool. Set the IP address for the default upper layer gateway. Set the access mode of a port as IPoA. (Optional.) Set the IP address acquiring mode for the peer end of a PVC.
6) 7)
Activate the port. View the configuration.

ETH1:10.1.1.254/24
Internet
E A D A
CON ETH MON
FE7/2/0
ESM MODEM
MA5300
PC
Figure 21-1 Networking for L2 IPoA application Networking description: The MA5300 connects to the ADSL Modem through port adsl 1/0/1 on the EADA board, and connects to the upstream device through port Ethernet 7/2/0. The ADSL port belongs to VLAN 100. The MA5300 uses the default source MAC address pool. Configurations of the ADSL Modem: It works in IPoA (encapsulation type is RFC 1577) access mode NAT and DHCP Server are enabled The PVCs VPI/VCI is 0/35 The user subnet address is 192.168.1.1/24 The IPoA address is 10.1.1.1 The remote end IP address is 10.1.1.254 The router connects to the MA5300s port FE 7/2/0 through ETH 1, whose IP address is 10.1.1.254/24.

1) Create VLAN 100, add port adsl 1/0/1 to the VLAN and set the upstream port as a Trunk port.
MA5300(config)#vlan 100 MA5300(config-vlan100)#switchport adsl 1/0/1 MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 100 Please wait... Done. MA5300(config-if-Ethernet7/2/0)#exit
2) 3)
Set the default upper layer address. Set the access mode of port adsl 1/0/1as IPoA, and specify the default gateway address.
MA5300(config)#atm-terminated ipoa dest-ip ip 10.1.1.254
MA5300(config)#connect-type ipoa-llc adsl1/0/1 dest-static default-ip
4)
Set the peer end IP address of a PVC.
MA5300(config-if-Adsl1/0/1)#atm ipoa pvc pvcindex 1 protocol ip ip-address 20.0.0.2
5) 6)
Activate port adsl 1/0/1 using the default profile. View the configuration.
MA5300(config)#adsl activate ad11/0/1
This example shows how to view the global IPoA configuration.

MA5300(config)#show atm ipoa config { <cr>|atm-terminated<K> }: ATM IPOA config information: -----------------------------------------------------------Source_MAC_begin Scope Destination_IP Destination_MAC
-----------------------------------------------------------00e0.fc20.3bb9 1024 10.1.1.254 00e0.fc11.1111
------------------------------------------------------------
This example shows how to view the configuration of port adsl 1/0/1.
MA5300(config)#show atm ipoa pvc adsl 1/0/0 { <cr>|to<K>|Adsl<K>|statistic<K>|pvcindex<K>|vpi<K> }: Adsl1/0/0: PVC 1 PVC connect type PVC Map VLAN Source MAC address : Enable : IPOA-LLC : VPI is 0,VCI is 35 : 100 : 00e0.fc20.3bb9
Source protocol address : 10.1.1.1(Static) Destination MAC address : 00e0.fc11.1111

Destination gateway IP The ARP interval

: 10.1.1.254(Default gateway) : 3(minute)
IV. Verification
With the above steps, the user can access the Internet through dialup.
21.3.9 L3 IPoA Access Configuration Example

To configure L3 IPoA access, do as follows: 1) 2) 3) 4) 5) 6) 7) Set the Modem encapsulation type as IPoA. (Optional.) Set the source MAC address pool. Set the L3 IP address of a VLAN interface. Set the access mode of a port as IPoA. (Optional.) Set the IP address acquiring mode for the peer end of a PVC. Activate the port. View the configuration.

ETH1:20.1.1.1/24 ETH1:10.1.1.253/24 Internet
E A D A
CON ETH MON
FE7/2/0
ESM MODEM
MA5300
PC
Figure 21-2 Networking for the L3 IPoA application The networking description:
The MA5300 connects to the ADSL Modem through port adsl 1/0/1 on the EADA board, and connects to the upstream device through port Ethernet 7/2/0. Port ADSL1/0/1 belongs to VLAN 100, and the VLAN interfaces IP address is 10.1.1.254/24. The MA5300 uses the default source MAC address pool. Configurations of the ADSL Modem: It works in IPoA (encapsulation type is RFC 1577) access mode NAT and DHCP Server are enabled The PVCs VPI/VCI is 0/35 The user subnet address is 192.168.1.1/24 The IPoA address is 10.1.1.1 The remote end IP address is 10.1.1.254 The router connects to the MA5300s FE 7/2/0 through ETH 1. The IP address of the routers ETH 1 is 10.1.1.254/24, and that of ETH 2 is 20.1.1/30.

MA5300(config)#vlan 100 MA5300(config-vlan100)#switchport adsl 1/0/1 MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 100 Please wait... Done. MA5300(config-if-Ethernet7/2/0)#exit
2)
Set the IP address of VLAN 100s interface as 10.1.1.254.
MA5300(config)#interface vlan-interface 100 MA5300(config-if-Vlan-interface100)#ip address 10.1.1.254 255.255.255.0 MA5300(config-if-Vlan-interface100)#exit
3) 4)
Set the access mode of port adsl 1/0/1 as IPoA. Set the peer end IP address of a PVC.
MA5300(config)#connect-type ipoa-llc ads1/0/1 dest-dynamic
MA5300(config-if-Adsl1/0/1)#atm ipoa pvc pvcindex 1 protocol ip ip-address 10.1.1.1
5) 6)
Activate port adsl 1/0/1 using the default profile. Add the default route connecting to upper layer equipment.
7)
View the configuration.
This example shows how to view the detailed information of an IPoA PVC.
MA5300(config)#show atm ipoa pvc adsl 1/0/0 { <cr>|to<K>|Adsl<K>|statistic<K>|pvcindex<K>|vpi<K> }: Adsl1/0/1: PVC 1 PVC connect type PVC Map VLAN Source MAC address : Enable : IPOA-LLC : VPI is 0,VCI is 35 : 100 : 00e0.fc20.3bb9
Source protocol address : 10.1.1.1(Dynamic) Destination MAC address : 00e0.fc15.173c Destination gateway IP The InATMARP interval The ARP interval : 10.1.1.254(Local route interface) : 15(minute) : 3(minute)
This example shows how to view the configuration of VLAN 100s interface.
MA5300(config)#show interface vlan-interface 100 Vlan-interface100 is up, line protocol is up
Description : HUAWEI, Quidway Series, Vlan-interface100 Interface The Maximum Transmit Unit is 1500 Internet Address is 10.1.1.254/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0.fc12.e3f3
IV. Verification
21.4 Configuring PPPoA

21.4.1 Overview
PPP over ATM (PPPoA), is a kind of point-to-point protocol over the ATM network. The MA5300s ADSL/SHDSL boards support PPPoA encapsulation. After the PPPoA-to-PPPoE packet conversion, the MA5300 transmits the packets to the PPPoE Server upstream. The MA5300 functions as follows in the conversion process As for the BRAS, the MA5300 serves as several PPPoE clients. As for the user, the MA5300 converts PPPoA packets to PPPoE packets upstream, and PPPoE packets to the PPPoA packets downstream. The configuration of PPPoA involves:
Setting Up a PPPoA Connection (Single PVC) Setting Up a PPPoA Connection (Multi-PVC) Setting the PPPoA Source MAC Address Setting the PPPoA Destination MAC Address Setting the PPPoA Session ID Area Viewing PPPoA Information Table 21-6 lists the commands for configuring PPPoA. Table 21-6 Commands for configuring PPPoA To Use In Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode/ADSL port configuration mode/SHDSL port configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode All modes except the user EXEC mode All modes except the user EXEC mode
Set the PPPoA (single-PVC)
connection
connect-type
Add a PPPoA PVC
multipvc add
Modify a PPPoA PVC
multipvc modify
Delete a PPPoA PVC
multipvc delete
Set the PPPoA source MAC address pool Set the PPPoA destination MAC address Set the PPPoA Session ID area Modify the Session ID area of a slot View the PPPoA connection
(no) atm-terminated source-mac atm-terminated dest-mac atm-terminated start-session-id atm-terminated session-id show pppoa connection
View the PPPoA destination MAC address
show atm-terminated dest-mac
To View the Session ID configuration of
Use show atm-terminated session-id
In All modes except the user EXEC mode
Note: It only describes the PVC associated with IPoA here. For other types of PVCs, refer to related chapters.
21.4.2 Setting Up a PPPoA Connection (Single PVC)

To set up a PPPoA connection for an ADSL/SHDSL port working in single-PVC mode, you can run this command in global configuration mode: connect-type {pppoa-llc | pppoa-vcmux | auto pppoa-mode} [ static | dynamic ] { all | slot_no | port_list } To set the PVC connection type as IPoA, you must configure the source MAC address pool first. Table 21-7 Parameters of PPPoA connection Parameter Meaning Description You need to configure the source MAC address, destination MAC address and Session ID manually. For this mode, you need to use the ISU specified by Huawei as the PPPoE Server. You need to configure the source MAC address manually. dynamic Dynamic mode is used. The system obtains the destination MAC address and Session ID dynamically through protocols. For this mode, you can use any PPPoE Server complies with the standards. auto pppoa-mode When this mode is used, for PPPoA access, you can set whether to use static or dynamic mode here.
static
Static mode (the default mode) is used.
This example shows how to set a PPPoA-LLC connection for port adsl 1/0/0.
MA5300(config)#connect-type pppoa-llc static adsl1/0/0
21.4.3 Setting Up a PPPoA Connection (Multi-PVC)

I. Adding a PPPoA PVC
After enabling the multi-PVC function by running the command multipvc enable, you can add a PPPoA PVC running this command in global configuration mode: multipvc add { all | slot_no | port_list } pvcindex index vpi vpi vci vci connect_type {pppoa-llc | pppoa-vcmux | auto pppoa-mode} [ static | dynamic ] vlan vlanid
Note: For details on the description of parameters, refer to 21.4.2 Setting Up a PPPoA Connection (Single PVC).
Note that: By default, static mode is adopted. PVCs configured for an ADSL/SHDSL port must not belong to the same VLAN. One ADSL/SHDSL port can allow up to one PVC adopting dynamic mode. This example shows how to add a PPPoA PVC to port adsl 1/0/5. Assume that the PVC belongs to VLAN10, and static mode is adopted.
MA5300(config)#multipvc add adsl1/0/5 pvcindex 2 vpi 10 vci 100 connect-type pppoa-llc static vlan 10
II. Modifying the settings of a PPPoA PVC

To modify the settings of a PPPoA PVC, you can run the command multipvc modify. In global configuration mode, the command format is: multipvc modify { all | slot_no | port_list } pvcindex index { vpi vpi vci vci | connect_type connecttype | vlan vlanid } This example shows how to change the connection type of a PVC into 1483B. Assume that the PVC is numbered as 1, and belongs to port adsl 1/0/5.
MA5300(config)#multipvc modify adsl1/0/5 pvcindex 2 connect-type 1483b
III. Deleting a PPPoA PVC

To delete a PPPoA PVC, you can run the command multipvc delete pvcindex index.
This example shows how to delete PVC 2 which belongs to port adsl 1/0/0.
MA5300(config)#multipvc delete adsl1/0/0 pvcindex 2
21.4.4 Setting the PPPoA Source MAC Address

For PPPoA access, the MA5300 needs to convert PPPoA packets into PPPoE packets. The PPPoE packet header contains the source MAC address. By setting the source MAC address in the MA5300, you can save MAC addresses, and also manage users effectively. PPPoA access shares one source MAC address pool with IPoA access. For related details, refer to "21.3.4 Setting the Source MAC Address".
21.4.5 Setting the PPPoA Destination MAC Address

In PPPoA access, the destination MAC address is required only when static mode is adopted. The MA5300 can obtain the address through protocols when dynamic mode is adopted. To configure the destination MAC address of PPPoA packets, you can run the command atm-terminated dest-mac. This example shows how to set PPPoA destination MAC address to 00e0.aa12.1122.
MA5300(config)#atm-terminated dest-mac pppoa 00e0.aa12.1122
21.4.6 Setting the PPPoA Session ID Area

A Session ID is required in PPPoA-to-PPPoE conversion. It is obtained in these ways: If dynamic mode is used in PPPoA access, the upper layer PPPoE Server will allocate a Session ID for the MA5300. If static mode is used, you need to configure a Session ID in the MA5300. The Session ID must be identical with that of the ISU. To set the start and range of Session ID area, you can run the command atm-terminated start-session-id. The default setting is 2049 2720. Note that: Each slot is allocated 48 Session IDs always. If no range is specified, Session IDs will be allocated for a full frame. The minimum number must be of full-frame configuration. In other words, one frame has 14 slots for service boards, and each slot is allocated 48 Session IDs. That means the minimum number is 14 x 48 =672. After specifying the Session ID area start number and range, you can run the command atm-terminated session-id to assign a new Session ID area for every slot.
The specified Session ID must be in the range specified by running the command atm-terminated start-session-id. This example shows how to set the start number and range of Session ID area to 1 and 2016 respectively.
MA5300(config)#atm-terminated start-session-id 1 scope 2016
This example shows how to view the Session IDs configured.

MA5300(config)#show atm-terminated session-id slot area start session-id end session-id
-------------------------------------------------------0 1 2 3 4 5 6 9 10 11 12 13 14 15 1 2 3 4 5 6 7 8 9 10 11 12 13 14 1 49 97 145 193 241 289 337 385 433 481 529 577 625 48 96 144 192 240 288 336 384 432 480 528 576 624 672
-------------------------------------------------------Free session-id area: 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
This example shows how to set the Session ID of the board in slot 2 to use area 1, and change the area with the one used by slot 0.
MA5300(config)#atm-terminated session-id 2 1 swap
This example shows how to view the Session IDs modified.

A5300(config)#show atm-terminated session-id slot area start session-id end session-id
-------------------------------------------------------0 1 2 3 3 2 1 4 97 49 1 145 144 96 48 192
21.4.7 Viewing PPPoA Information

1) View the information on PPPoA connection.
To view the information on PPPoA connection, you can run the command show pppoa connection.
MA5300(config)#show pppoa connection all interface pvcindex source-mac dest-mac session-id mode
------------------------------------------------------------------Adsl1/0/0 1 00e0.fc01.0203 00e0.aa12.1122 49 llc-static
2)
View the static configuration of PPPoA access. To view the information on destination MAC address, you can run the command show atm-terminated dest-mac. To view the configuration of Session ID, you can run the command show atm-terminated session-id.
This example shows how to view PPPoA destination MAC address.

A5300(config)#show atm-terminated dest-mac Destination MAC Address for PPPOA : 00e0.aa12.1122
21.4.8 PPPoA Access Configuration Example-Static Mode

Through the PPPoA dialup, the user Modem can connect to the MA5300 to access the Internet.
To configure PPPoA Access in static mode, do as follows: 1) 2) 3) 4) 5) 6) 7) Set the Modems encapsulation type as PPPoA. Set the source MAC address pool. Set the destination MAC address. Set PPPoA Session ID. Set the access mode of a port as PPPoA. Activate the port. View the configuration.

MA5300
E A D A
CON ETH MON
ESM MODEM
ISU
PC
Figure 21-3 Networking for the PPPoA application (static mode) Networking description: 1) 2) 3) 4) The MA5300 connects to the ADSL Modem through port adsl 1/0/2 on the EADA board. The ESM connects to the ISU through the backplanes GE interface. The PPPoA access adopts static mode. Configurations of the ADSL Modem: It works in PPPoA access mode NAT and DHCP Server are enabled The PVCs VPI/VCI is 0/35 The user subnet address is 192.168.1.1/24 5) The ISU board is configured with built-in DHCP Server function. The user subnet address is 10.1.1.110.1.1.10. The gateway is 10.1.1.254/24 The ISU adopts local authentication/non-accounting mode for PPPoE users (the account is test@isp/test).

MA5300(config)#vlan 100 MA5300(config-vlan100)#switchport adsl 1/0/2

MA5300(config)#inner-isu 15
GigabitEthernet7/1/1 will be connected to inner-isu, continue?[Y/N]y Inner-isu in slot 15 is enabled. GigabitEthernet7/1/1 has been connected to inner-isu. MA5300(config)#interface gigabitEthernet 7/1/1 MA5300(config-if-GigabitEthernet7/1/1)#switchport mode trunk Please wait... Done. MA5300(config-if-Ethernet7/1/1)#switchport trunk allowed vlan 100 Please wait... Done. MA5300(config-if-Ethernet7/1/1)#exit
2)
Set a source MAC address pool. This step is not required if the address pool has been configured during the IPoA configuration.
MA5300(config)#atm-terminated source-mac 0001.0203.0000 scope 1000
3) 4) 5) 6) 7)
Set the PPPoA destination MAC address using the ISUs MAC address.
MA5300(config)#atm-terminated dest-mac pppoa 0002.0003.0000
Set the PPPoA Session ID, and make sure that it is identical with that of the ISU.
MA5300(config)#atm-terminated start-session-id 2049 scope 1000
Set the access mode of port adsl 1/0/2 as static PPPoA.

MA5300(config)#connect-type pppoa-llc static adsl1/0/2
Activate port adsl 1/0/2 using the default profile.

MA5300(config)#adsl activate adsl1/0/2
This example shows how to view the configuration of the PPPoA Session ID.
MA5300(config)#show atm-terminated session-id
This example shows how to view the configuration of the PPPoA connection.
-------------------------------------------------------------------Adsl1/0/2 1 0001.0203.0002 0002.0003.0000 2099 llc-static
MA5300(config)#show interface adsl1/0/2
This example shows how to view the configuration of the ISU board.
[ISU]interface Virtual-Template 1 [ISU-Virtual-Template1]ppp authentication-mode chap [ISU-Virtual-Template1]quit [ISU]interface GigabitEthernet 10 [ISU-GigabitEthernet10]pppoe-server bind virtual-template 1 [ISU-GigabitEthernet10]quit [ISU]ip pool huawei local [ISU-ip-pool-huawei]gateway 10.1.1.254 255.255.255.0
[ISU-ip-pool-huawei]section 0 10.1.1.1 10.1.1.10 [ISU-ip-pool-huawei]dns-server 100.1.1.254 [ISU-ip-pool-huawei]dns-server 100.1.1.253 secondary [ISU-ip-pool-huawei]netbios-name-server 200.1.1.254 [ISU-ip-pool-huawei]netbios-name-server 200.1.1.253 secondary [ISU-ip-pool-huawei]quit [ISU]aaa [ISU-aaa]authentication-scheme auth1 [ISU-aaa-authen-auth1]authentication-mode local [ISU-aaa-authen-auth1]quit [ISU-aaa]accounting-scheme acct1 [ISU-aaa-accounting-acct1]accounting-mode local [ISU-aaa-accounting-acct1]quit [ISU-aaa]domain isp [ISU-aaa-domain-isp]authentication-scheme auth1 [ISU-aaa-domain-isp]accounting-scheme acct1 [ISU-aaa-domain-isp]ip-pool huawei [ISU-aaa-domain-isp]quit [ISU-aaa]quit [ISU]local-aaa-server [ISU-local-aaa-server]user test@isp password test [ISU-local-aaa-server]quit [ISU]portvlan gigabitethernet 10 vlan 100 [ISU-gigabitethernet10-10-vlan100-100]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan100-100]default-domain authentication isp [ISU-gigabitethernet10-10-vlan100-100]authentication-method pppoe [ISU-gigabitethernet10-10-vlan100-100]quit
IV. Verification
21.4.9 PPPoA Access Configuration Example-Dynamic Mode

To configure PPPoA Access in dynamic mode, do as follows: 1) 2) 3) 4) 5) Set the Modems encapsulation type as PPPoA. Set the source MAC address pool. Set the access mode of a port as PPPoA. Activate the port. View the configuration.

PPPoE Server Internet
E A D A
CON ETH MON
FE7/2/0
ESM MODEM
MA5300
PC
Figure 21-4 Networking for the PPPoA application (dynamic mode) Networking description: 1) 2) 3) 4) The MA5300 connects to the ADSL Modem through port adsl 1/0/0 on the EADA board. IP address is obtained dynamically for Internet access. The default MAC address pool is used. The MA5300s service is implemented through VLAN 100. Configurations of the ADSL Modem: It works in PPPoA access mode NAT and DHCP Server are enabled The PVCs VPI/VCI is 0/35 The user subnet address is 192.168.1.1/24

1) Create VLAN 100, add ports to the VLAN.
MA5300(config)#vlan 100 MA5300(config-vlan100)#switchport Ethernet 7/2/0 MA5300(config-vlan100)#switchport adsl 1/0/0 MA5300(config-vlan100)#exit
2)
Set the GE port as a Trunk port.
MA5300(config)#interface Ethernet 7/2/0 MA5300(config-if-GigabitEthernet7/1/1)#switchport mode trunk Please wait... Done.
MA5300(config-if-GigabitEthernet7/1/1)#exit
3)
Set the ADSL ports encapsulation type.
The following two modes are feasible:

MA5300(config)#connect-type pppoa-llc dynamic adsl 1/0/0 //Configure PPPoA dynamic mode for port adsl 1/0/0 directly. MA5300(config)#connect-type auto pppoa-mode dynamic adsl 1/0/0 //Configure auto mode for port adsl 1/0/0. If PPPoA mode is learned, PPPoA dynamic mode will be adopted.
4) 5)
Activate port adsl 1/0/0 using the default profile.

MA5300(config)#adsl activate adsl 1/0/0 1
This example shows how to view the configuration of the PPPoA connection.
-------------------------------------------------------------------Adsl1/0/0 1 00e0.fc20.3bb9 00e0.fc11.1111 1 llc-dynamic
This example shows how to view the use state of source MAC address.
MA5300(config)#show atm ipoa Source MAC pool information: -----------------------------------------------------------Source_MAC_begin Scope Used_num Remained_num config atm-terminated source-mac
-----------------------------------------------------------00e0.fc20.3bb9 1024 1 1023
------------------------------------------------------------
MA5300(config)#show interface adsl 1/0/0
IV. Verification
21.5 Configuring PITP

21.5.1 Overview
Policy Information Transfer Protocol (PITP) belongs to Huaweis L2 based HGMP protocol family. Besides PITP, the HGMP protocol family includes HDP and HTP. PITP involves: Port information collection Bandwidth resource acquisition
QoS strategy sending Configuration information sending PITP is designed to offer additional VLAN resources, and enable IPTN QoS and unified maintenance and management. Supporting PITP, the MA5300, together with the ISN8850 or the ESR8825, use the port information included in PPPoE request packets for user labeling and user account and port binding. PITP works in two modes: V mode and P mode, corresponding to the key words of vmode and pmode. When one mode is enabled, the other one is disabled. The default mode is PITP P mode, namely PPPoE Plus mode. Table 21-8 lists the commands for configuring PITP V/P mode. Table 21-8 Commands for configuring PITP V/P mode To... Enable/Disable PITP V mode Set the encapsulation PITP V mode Enable/Disable Plus Ethernet type in PPPoE Use... pitp vmode enable/disable Global mode Global mode Global mode Global mode Global mode Global mode Global mode In... configuration
pitp vmode ethernet-type
configuration
pitp pmode enable/disable (no) pitp pmode uplink-port allowed show pitp configuration pmode
configuration
Enable/Disable an upstream port for PPPoE Plus packets View the PPPoE Plus configuration View PPPoE statistics Clear PPPoE statistics View the V configuration Plus Plus mode
configuration
configuration configuration configuration
show pitp pmode statistics clear pitp pmode statistics show state pitp vmode config
21.5.2 Setting PITP V Mode

I. Enabling/Disabling PITP V mode
To enable PITP V mode, you can run the command pitp vmode enable. To disable PITP V mode, you can run the command pitp vmode disable.

MA5300(config)#pitp vmode enable
To view the configuration of PTIP V mode, you can run the command show pitp vmode config state.
MA5300(config)#show pitp vmode config state PITP is enable.
II. Setting the Ethernet encapsulation type in PITP V mode

When setting the Ethernet encapsulation type, make sure that the PITP V mode is enabled. To set the Ethernet encapsulation type in PITP V mode, you can run the command pitp vmode ethernet-type.
MA5300(config)# pitp vmode ethernet-type 0x8200
To view the configuration, you can run the command show pitp vmode config ethernet-type.
MA5300(config)#show pitp vmode config ethernet-type PITP protocol ethernet-type is: 0x8200.
21.5.3 Setting the PITP P Mode

I. Introduction to PPPoE Plus
It will waste VLAN resources when a MUX VLAN is used for identifying the physical address of a port. If there are more than 4k users under a single port of a BRAS device, using VLAN to identify a user becomes no longer feasible. With PPPoE Plus, you can use the port information included in PPPoE packets for user identification. The following describes the implementation of PPPoE Plus: 1) 2) 3) 4) 5) After PPPoE Plus is enabled, the MA5300 captures PPPoE packets from the upstream, and deprives the port/PVC information from these packets The MA5300 generates PPPoE Plus packets with port information included in the packets. The MA5300 forwards these packets through its upstream ports to the PPPoE Server. In downstream, the MA5300 adopts the reverse process for packet forwarding. In this way, the MA5300 realizes the user and port binding, as well as PPPoE user identification.
Note: PPPoE Plus does not change other fields of a PPPoE packet. PPPoE Plus is compatible with common VLAN, Smart VLAN, MUX VLAN, IGSP and IGMP Proxy. PPPoE Plus can coexist with DHCP Option82 in any PVC of a port.
II. Setting the PPPoE Plus

The configuration of PPPoE Plus involves: Enabling/Disabling PPPoE Plus function Enabling/Disabling an upstream port for PPPoE Plus packets Viewing the PPPoE Plus configuration Viewing/Clearing PPPoE Plus statistics 1) Enable/Disable PPPoE Plus function. To enable PPPoE Plus function for a PVC of a port, you need to enable it in global configuration mode or in PVC mode. For an ADSL port, this function should be enabled or disabled in PVC mode. By default, PPPoE Plus is disabled for every port in both global and PVC mode. To enable/disable PPPoE Plus globally, you can run the command pitp pmode enable. To disable PPPoE Plus globally, you can run the command pitp pmode disable. Command description: To enable/disable PPPoE Plus globally, you can run the command in global configuration mode without any parameter. To enable/disable PPPoE Plus for a PVC of a port, you can run a command in both global configuration mode or in Ethernet/VDSL/ADSL/SHDSL port configuration mode. This operation does not apply to ports of ESM boards. If a ports PPPoE Plus function is disabled, it will transmit PPPoE packets transparently without any processing. When setting PPPoE Plus for an ADSL port, comply with the follows: Enter the PVC parameters. Make sure that the specified PVC has been configured for the port. When selecting the parameter all, make sure that PPPoE Plus is enabled/disabled for all PVCs under the ADSL port If PPPoE Plus is enabled for all PVCs of the ADSL port, the PPPoE Plus will be enabled for any newly created PVCs. This example shows how to enable the PPPoE Plus globally.

MA5300(config)#pitp pmode enable
This example shows how to enable the PPPoE Plus for PVCs of port adsl 1/0/0 in global configuration mode.
MA5300(config)#pitp pmode enable adsl1/0/0 pvc vpi 8 vci 35
2)
Enable/Disable an upstream port for PPPoE Plus packets.
After capturing the port/PVC information included in the PPPoE packets, the MA5300 will forward packets to the ports which are included in the same VLAN and allow the transmission of PPPoE Plus packets upstream. To enable an upstream port for PPPoE Plus packets, you can run the command pitp pmode uplink-port allowed. To disable an upstream port for PPPoE Plus packets, you can run the command no pitp pmode uplink-port allowed. By default, the ESM boards FE/GE ports allow the transmission of PPPoE Plus packets upstream. This example shows how to enable an upstream port for PPPoE Plus packets.
MA5300(config)#no pitp pmode uplink-port allowed ethernet 7/1/0
3)
View the PPPoE Plus configuration.
To view the PPPoE Plus configuration, you can run the command show pitp pmode configuration. The configuration comprises the global switch, PPPoE Plus upstream port, and port/PVC switch. With no parameter specified, the command displays the configuration in both global configuration mode and port/PVC configuration mode. With the port specified only, the command displays the configuration in both global configuration mode and port configuration mode. For an ADSL port, the command displays the configuration of all PVCs of the port. With both the port and PVC specified, the command displays the configuration in both global configuration mode and port configuration mode. For an ADSL port, the command displays the configuration for the specified PVC. For ADSL ports without PVC, the command displays these ports in the last line. This example shows how to view the configuration of all PVCs of port adsl 1/0/0.
MA5300(config)#show pitp pmode configuration adsl 1/0/0 { <cr>|to<K>|pvc<K> }: PITP pmode is disabled globally Port-string writing is enabled The uplink-port allowed: Ethernet7/1/1 GigabitEthernet7/1/4 Ethernet7/1/2 GigabitEthernet7/1/5 Ethernet7/1/3
------------Port/PVC PITP pmode configuration table-----------

Port/Pvc

PITP-state
-------------------------------------------------------------Adsl1/0/0 Pvc(vpi:8 Pvc(vpi:10 vci:35 ) vci:10 ) Enable Disable
4)
View/Clear PPPoE Plus statistics.
To view PPPoE Plus statistics, you can run the command show pitp pmode statistics. To clear PPPoE Plus statistics, you can run the command clear pitp pmode statistics. This example shows how to view the PPPoE Plus statistics.
MA5300(config)#show pitp pmode statistics PITP pmode packet statistics: PITP pmode total received PADI packet: 163 PITP pmode total received PADR packet: 13 PITP pmode total received PADT packet: 2 PITP pmode total received ERR packet: 0 PITP pmode total send fail packet: 0 PITP pmode total received untrust packet: 0
This example shows how to clear the PPPoE Plus packet statistics.
MA5300(config)#clear pitp pmode statistics
21.6 PPPoE Plus Configuration Example

The procedure for PPPoE Plus configuration is as follows: 1) 2) 3) 4) 5) 6) Create a VLAN, and allocate the PPPoE Pluss upstream and downstream ports to the same VLAN. Configure the PPPoE Pluss upstream port, and define the port as a Trunk port. Enable the PPPoE Plus globally. Enable the PPPoE Plus for a port. View the configuration. View PPPoE Plus packet statistics.

ISN8850 (PPPoE Server) Internet
E A D A
CON ETH MON
FE7/2/0
ESM MODEM
MA5300
PC
Figure 21-5 Networking of a PPPoE Plus application Figure 21-5 shows the networking of PPPoE Plus application. The configuration data for the network is as follows: The ESM boards upstream port is connected to the built-in PPPoE Server with accounting and authentication functions. PC1 connects to port 1/0/11 of the MA5300s EVDA board. The ESM boards port 7/1/0 serves as the PPPoE Pluss upstream port. Port vdsl 1/0/11 and port Ethernet 7/1/0 belong to VLAN 2. The ISN8850 is used to offer PPPoE Server function and terminate the PPPoE packets.

1) Create VLAN 2, and allocate port vdsl 1/0/11 and port Ethernet 7/1/0 to it.
MA5300(config)#vlan 2 MA5300(config-vlan2)#switchport ethernet 7/1/0 MA5300(config-vlan2)#switchport vdsl 1/0/11 MA5300(config-vlan2)#exit
2)
Configure port Ethernet 7/1/0 as the PPPoE Pluss upstream port, and define the port as a Trunk port allowing the pass of VLAN 2.
MA5300(config)#pitp pmode uplink-port allowed ethernet 7/1/0 MA5300(config-vlan2)#interface ethernet7/1/0 MA5300(config-if-Ethernet7/1/0)#switchport mode trunk
MA5300(config-if-Ethernet7/1/0)#switchport trunk allowed vlan 2
3) 4) 5)
Enable PPPoE Plus globally. Enable PPPoE Plus for port vdsl 1/0/11. View the configuration.
MA5300(config)#pitp pmode enable
MA5300(config)#pitp pmode enable vdsl1/0/11
MA5300(config)#show pitp pmode configuration vdsl1/0/11 { <cr>|to<K>|pvc<K> }: PITP pmode is enabled globally Port-string writing is enabled The uplink-port allowed: Ethernet7/1/0 Ethernet7/1/3 Ethernet7/1/1 GigabitEthernet7/1/4 Ethernet7/1/2 GigabitEthernet7/1/5
------------Port/PVC PITP pmode configuration table----------Port/Pvc PITP-state
-------------------------------------------------------------Vdsl1/0/11 Enable
IV. Verification
Chapter 22 VLAN Configuration

22.1 Overview
Virtual Local Area Network (VLAN) is a technology used to form virtual workgroups by grouping the devices in a LAN logically. With the VLAN technology, you can allocate PCs with similar requirements logically to the same VLAN. Although similar to a LAN in effect, a VLAN only exists logically. The workstations in a VLAN do not have to belong to the same physical LAN. Ports within the same VLAN can communicate with each other. While ports in different VLANs are isolated from each other, in other words, broadcast and unicast traffic in one VLAN will not be forwarded to other VLANs. A VLAN helps to control network traffic, save the device investment, simplify network management and improve security. Smart VLAN is used to isolate L2 packets of different users. With the Smart VLAN function, multiple downstream ports (VDSL/ADSL users) and one or multiple upstream ports can be grouped into a Smart VLAN. Meanwhile, the system creates internal mapping between the upstream ports and downstream ports, thus isolating L2 packets of different users. MUX VLAN is designed for the system to automatically allocate VLANs to the ports on various interface boards. This eventually helps simplify the data configuration, as well as isolate L2 packets. QinQ VLAN is used to enable the transparent transmission of private VLANs and services. Upon receiving packets with private VLAN tags from lower layer, the MA5300 adds QinQ VLAN tags to these packets. In this way, the MA5300 enables the transparent transmission of private VLANs to the peer end without creating a private VLAN. It only needs to create a QinQ VLAN. VLAN Stacking is used to satisfy the demands in VLAN expansion and wholesale leased line services. The system allocates a customer VLAN tag to every port intended to offer VLAN Stacking service for labeling a user. These ports belong to the same VLAN, namely the outer SP VLAN. In the network, packets are forwarded according to the outer packet tags. After passing through the BRAS device, these packets are deprived of outer VLAN tags, and inner VLAN tags are used for labeling a user.
22.2 Configuring a Common VLAN

The configuration of a common VLAN involves: Creating/Deleting a VLAN Adding/Deleting a port to/from a VLAN
Configuring the VLAN Trunk Configuring a VLAN Interface Table 22-1 lists the commands for configuring a common VLAN. Table 22-1 Commands for configuring a common VLAN To Create/Delete a VLAN Add/Delete interface a VLAN Use (no) vlan (no) interface vlan-interface (no) switchport In Global configuration mode Global configuration mode VLAN configuration mode VLAN interface configuration mode VLAN interface configuration mode Port configuration mode
Add/Delete a port to/from a VLAN Set/Delete the IP address for a VLAN interface Enable/Disable a VLAN interface Specify/Cancel a Trunk port Specify the VLAN(s) to allow its traffic to pass a Trunk port Set the default VLAN ID of the Trunk port View the information View VLAN information VLAN interface
(no) ip address
(no) shutdown (no) switchport mode (no) switchport trunk allowed (no) switchport trunk native show vlan show interface vlan-interface
Port configuration mode
Port configuration mode All modes except the user EXEC mode All modes except the user EXEC mode
22.2.1 Configuring a Common VLAN

I. Creating/Deleting a VLAN
You can create VLANs in batches in the MA5300. If the VLAN to be created already exists, the system enables you to enter VLAN configuration mode directly. Otherwise, the system creates the VLAN first, and then enables you to enter VLAN configuration mode. When creating VLANs in batches, you can only create VLANs, but cannot enter VLAN configuration mode. The ESMA board supports 255 common VLANs. The ESMB board supports 4k VLANs. To create a common VLAN, you can run the command vlan. To delete a common VLAN, you can run the command no vlan. By default, VLAN 1 cannot be deleted.
This example shows how to create VLAN 2 and enter VLAN configuration mode.
MA5300(config)#vlan 2 MA5300(config-vlan2)#
This example shows how to create VLAN 5VLAN 100.

MA5300(config)#vlan 5 to 100 Please wait...Done
II. Adding/Deleting a port to/from a VLAN

Based on the actual networking conditions, you can enable L2 user isolation by allocating different ports to different VLANs, or enable L2 user interconnection by allocating different ports to the same VLAN. By default, the system adds all ports to the default VLAN (namely VLAN 1).
Note: Ports on the same ADSL or SHDSL board cannot communicate with each other even though they are included in the same VLAN. However, ports on different ADSL or SHDSL boards but included in the same VLAN can communicate with each other.
To add a port to a VLAN, you can run the command switchport. To delete a port from a VLAN, you can run the command no switchport.
Note: On a board, the logical number of a GE port is usually larger than that of an FE port, regardless of their actual slot numbers. When you add/delete FE and GE ports to/from a VLAN in batches, the operation is based on logical port numbers. If the end port number is a GE port number, all FE ports between the start and end port numbers will be added to the VLAN.
This example shows how to add all VDSL ports in slot 5 to VLAN 2.
MA5300(config-vlan2)#switchport vdsl 5/0/0 to vdsl 5/0/23
This example shows how to delete all VDSL ports in slot 5 from VLAN 2.
MA5300(config-vlan2)#no switchport vdsl 5/0/0 to vdsl 5/0/23
III. Viewing VLAN information

To view the brief information on a VLAN, you can run the command show vlan.
To view the detailed information on all VLANs, you can run the command show vlan all. To view the detailed information on a specific VLAN, you can run the command show vlan id. This example shows how to view the brief information on a VLAN.
MA5300(config)#show vlan Now, the following vlan exist(s): 1(default), 2
22.2.2 Configuring VLANs in Batches

I. Adding all ports in a slot to their respective VLANs
To add all ports in a slot to their respective VLANs (a VLAN for a port), you can run this command: matchslot { startslotid [ to endslotid ] } vlan startvlanid To delete ports in a slot from their respective VLANs, you can run this command: no matchslot { startslotid [ to endslotid ] } This example shows how to add all ports in slots 0 and 1 to VLANs starting from VLAN 10: port 0/0/0 to VLAN 10, port 0/0/1 to VLAN 11, and so on.
MA5300(config)#matchslot 0 to 1 vlan 10 Please wait...
II. Adding a list of ports to VLANs

To add a list of ports to their respective VLANs (a VLAN for a port), you can run the command matchport portlist vlan startvlanid. To delete a list of ports from their respective VLANs, you can run the command no matchport portlist. This example shows how to add ports vdsl 0/0/10vdsl 0/0/24, and ports adsl 1/0/0adsl 1/0/10 to VLANs starting from VLAN 10.
MA5300(config)#matchport vds0/0/10 to adsl1/0/10 vlan 10 Please wait...
Note: VLAN batch configuration and MUX VLAN are designed to realize the same function, but they are incompatible with each other. If a ports VLAN does not exit, the system will create a VLAN for the port automatically. A VLAN list cannot contain a Smart VLAN. A port list cannot contain a Trunk port.
22.2.3 Configuring the VLAN Trunk

VLAN Trunk refers to the aggregation of multiple VLANs on one port(s) to enable interconnection between various devices. With the VLAN Trunk function, one or multiple VLANs on a device can interconnect with the same VLAN(s) on the peer device. To achieve VLAN interconnection within the whole network, each packet in a VLAN is labeled with an 802.1Q tag to differentiate itself from packets from other VLANs.
I. Specifying/Canceling a Trunk port

An Ethernet port or a VDSL port is in either Access mode or Trunk mode. By default, the port is in Access mode. To set a port as a Trunk port, you can run the command switchport mode trunk. To restore it to an Access port, you can run the command no switchport mode.
MA5300(config-if-Ethernet7/2/0)#switchport mode trunk MA5300(config-if-Ethernet7/2/0)#no switchport mode
II. Specifying the VLAN(s) allowed to pass the Trunk port

By specifying the VLAN(s) whose traffic is allowed to pass the Trunk port, you can enable the interconnection between multiple VLANs on the local device and the same VLANs on the peer device. To specify the VLAN(s) allowed to pass the Trunk port, you can run the command switchport trunk allowed. To prohibit the VLAN(s) from passing the Trunk port, you can run the command no switchport trunk allowed. This example shows how to set the traffic of VLAN 2 and VLAN 10 can pass Ethernet 7/2/0.
MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 2 10
III. Setting the default VLAN ID of the Trunk port

After the Trunk port is configured with the default VLAN ID, it will label the received unlabeled packets, and forward them to the VLAN with the default VLAN ID. To validate this setting, make sure the following conditions are met: The default VLAN of the Trunk port already exists. The traffic of this VLAN is allowed to pass the Trunk port. The default VLAN ID of the local Trunk port is the same as that of the peer Trunk port. By default, the default VLAN ID is 1. To specify the default VLAN ID of the Trunk port, you can run the command switchport trunk native. To restore the default VLAN ID of the Trunk port to 1, you can run the command no switchport trunk native. This example shows how to specify the default VLAN ID of Trunk port Ethernet 7/2/0 to 2.
MA5300(config-if-Ethernet7/2/0)#switchport trunk native vlan 2
22.2.4 Configuring a VLAN Interface

I. Adding/Deleting a VLAN interface
Before adding a VLAN interface, you should create a VLAN. Up to 32 VLAN interfaces can be created in the system. To add a VLAN interface and enter VLAN interface configuration mode, you can run the command interface vlan-interface. To delete a VLAN interface, you can run the command no interface vlan-interface. This example shows how to create VLAN interface 2 and enter VLAN interface configuration mode.
MA5300(config)#interface vlan-interface 2 MA5300(config-if-Vlan-interface2)#
II. Setting/Deleting IP address for a VLAN interface

To initiate the L3 functions on a VLAN interface, you should assign an IP address for it. To set the IP address of an interface, you can run the command ip address. To delete the IP address of an interface, you can run the command no ip address. This example shows how to set the IP address of VLAN interface 2 as 10.71.83.2.
MA5300(config-if-Vlan-interface2)#ip address 10.71.83.2 255.255.255.128
III. Enabling/Disabling a VLAN interface

When a VLAN interface is disabled, it is in DOWN state; when a VLAN interface is enabled, it is in UP state. By default, if all ports under a VLAN interface are in DOWN state, this VLAN interface is in DOWN state; if one or multiple ports under a VLAN interface is in UP state, this VLAN interface is in UP state. Enabling or disabling a VLAN interface does not change the state of the Ethernet ports, VDSL ports and ADSL ports under the VLAN interface, which means the normal services on these ports are not affected. To disable a VLAN interface, you can run the command shutdown. To enable a VLAN interface, you can run the command no shutdown. This example shows how to disable a VLAN interface.
MA5300(config-if-Vlan-interface2)#shutdown % 1[2003-07-04 16:23:19]:L2INF-1-VLANIF LI: Vlan-interface2: change status to DOWN
% 1[2003-07-04 16:23:19]:IFNET-1-UPDOWN: Line protocol on interface Vlan-interface1, changed state to DOWN
IV. Viewing VLAN interface information

To view the state and configuration of a VLAN interface, you can run the command show interface vlan-interface. This example shows how to view the state and configuration of VLAN interface 2.
MA5300(config)#show interface vlan-interface 2 Vlan-interface2 is administratively down, line protocol is down
Description : HUAWEI, Quidway Series, Vlan-interface1 Interface The Maximum Transmit Unit is 1500 Internet Address is 10.71.53.2/25 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0.fc11.19c3
22.2.5 VLAN Configuration Example (Configuring LAN Interconnection)

The MA5300 enables the LAN interconnection of two users by grouping them into one VLAN.
E E V A D D A A FE7/2/0
CON ETH MON
ESM
MA5300
MODEM
MODEM
PC1
PC2
Figure 22-1 Application of LAN Interconnection 1) 2) 3) 4) 5) 6) PC1 is connected to port 0/0/0 on the MA5300s EVDA board. The IP address of PC1 is 10.1.1.1/24. PC2 is connected to port 1/0/0 on the MA5300s EADA board. The IP address of PC2 is 10.1.1.2/24. Both port 0/0/0 and port 1/0/0 belong to VLAN 2. The upstream rate for the VDSL user is 1.5 Mbit/s, and the downstream rate is 4 Mbit/s. The upstream rate for the ADSL user is 0.5 Mbit/s, and the downstream rate is 2 Mbit/s. The working mode is the interleaved mode. The Modem works in 1483B mode with VPI/VCI of 0/35

1) Create a VLAN and add ports vdsl 0/0/0 and adsl 1/0/0 to this VLAN.
MA5300(config)#vlan 2 MA5300(config-vlan2)#switchport vdsl 0/0/0 MA5300(config-vlan2)#switchport adsl 1/0/0 MA5300(config-vlan2)#exit
2)
Add a VDSL line profile.
Add a VDSL line profile with these attributes: Upstream rate: 1.5 Mbit/s Downstream rate: 4 Mbit/s Signal noise ratio: 6 Interleaved depth for both upstream and downstream:1 Auto train: enabled
PSDMask: disabled
MA5300(config)#vdsl line-profile add 2 Start profile 2 adding. During input,press 'CTRL+C' to quit,then settings at this time are neglected. > VDSL link auto train 1-enable 2-disable (1~2)[1]:
> Target bit rate in downstream (780~25000 kbps) [12500]:4000 > Target bit rate in upstream (780~25000 kbps) [12500]:1500 > Target downstream interleaved depth 0,1,2,8,16 (0~16) [1]: > Target upstream interleaved depth 0,1,2,8,16 (0~16) [1]: > Signal to noise ratio margin in downstream:precision 0.1dB(0.0~31.0 dB) [6.0]: > Signal to noise ratio margin in upstream:precision 0.1dB(0.0~31.0 dB) [6.0]: > Will you set downstream PSDMask?(y/n)[n]: > Will you set upstream PSDMask?(y/n)[n]: Add profile 2 successfully
3)
Add an ADSL line profile
To add an ADSL line profile with these attributes: Upstream rate: 0.5M Downstream rate is 2M Working mode: interleave mode
MA5300(config)#adsl line-profile add 3 Start profile 3 adding. During input,press 'CTRL+C' to quit,then settings at this time are neglected. > Will you set basic configuration for modem? (y/n)[n]:y > ADSL operating mode: > > > > > > 0: All(G992.1, G992.2, T1.413) 1: Full rate(G992.1 or T1.413) 2: G992.2(g.lite) 3: T1.413 4: G992.1(g.dmt) 5: g.hs(G992.1 and G992.2, G992.1 is prior) (0~5) [0]:
> Please select
> Trellis coding 1-enable 2-disable (1~2) [1]: > Upstream channel bit swap 1-enable 2-disable (1~2) [2]: > Downstream channel bit swap 1-enable 2-disable (1~2) [2]: > Will you set channel mode? (y/n)[n]:y > Please select channel mode 0-interleaved 1-fast (0~1) [1]: 0 > Will you set interleave depth? (y/n)[n]:y > Maximum downstream interleaved depth 2,4,8,16,32,64,128 DMT (2~128) [64]: > Maximum upstream interleaved depth 2,4,8,16,32,64,128 DMT (2~128) [64]: > Will you set noise margin for modem? (y/n)[n]:y > Minimum noise margin in downstream (0~15 dB) [0]:
> Maximal noise margin in downstream (0~31 dB) [31]: > Target noise margin in downstream(0~15 dB) [12]: > Minimum noise margin in upstream (0~15 dB) [0]: > Maximal noise margin in upstream (0~31 dB) [31]: > Target noise margin in upstream (0~15 dB) [12]: > Will you set parameters for rate? (y/n)[n]:y > If you want the fixed rate, set the Minimum value equal to Maximum value. > Minimum bit rate in downstream (32~8160 Kbps) [32]: > Maximum bit rate in downstream (32~8160 Kbps) [6144]:2048 > Minimum bit rate in upstream (32~896 Kbps) [32]: > Maximum bit rate in upstream (32~896 Kbps) [640]:512 Add profile 3 successfully
4)
Configure PVCs on the ADSL port.
Set a PVC If the ADSL port is connected with one user. Set multiple PVCs if the ADSL port is connected with multiple users. Here only one user is connected to the ADSL port.
MA5300(config)#interface adsl 1/0/0 MA5300(config-if-Adsl1/0/0)#adsl pvc vpi 0 vci 35 MA5300(config-if-Adsl1/0/0)#exit
5)
Activate the port.
This example shows how to activate port vdsl 0/0/0 and bind it with line profile 2.
MA5300(config)#vdsl activate vdsl 0/0/0 2
This example shows how to activate port adsl 1/0/0, and bind it with line profile 3.
MA5300(config)#adsl activate adsl 1/0/0 3
III. Viewing the line profile

1) View the line profiles.
Profile Name DownStream UpStream DownSnr UpSnr AutoTrain
MA5300(config)#show vdsl line-profile all Index
Rate(Kbps) Rate(Kbps) Margin(dB) Margin(dB) -------------------------------------------------------------------1 2 LINE-PROFILE-1 LINE-PROFILE-2 12500 4000 12500 1500 6.0 6.0 6.0 6.0 enable enable
MA5300(config)#show adsl line-profile all Index ProfileName Target SnrMgn (dB) Atuc-Max txRate (Kbps) Atur-Max txRate (Kbps) trans-mode chan-mode
-------------------------------------------------------------------1 2 3 LINE-PROFILE-1 LINE-PROFILE-2 LINE-PROFILE-3 12 12 12 6144 6144 2048 640 640 512 all all all FAST INTERLEAVE INTERLEAVE
2)
View state of an activated line.

: active : 4000 : 1500
MA5300(config)#show vdsl line state vdsl 0/0/0 Vdsl0/0/0 vdsl link status The actual down-stream rate(Kbps) The actual up-stream rate(Kbps)
The down-stream interleave delay(ms): 1 The up-stream interleave delay(ms) Rmote tx-power(dBm/Hz) Local tx-power(dBm/Hz) Remote SNR(dB) Local SNR(dB) Remote SNR Margin(dB) Local SNR Margin(dB) Remote MSE(dB) Local MSE(dB) Remote RS count Local RS count DownTimes : 1 : -89.720 : -66.770 : 38.240 : 27.220 : 13.1 : 8.0 : 21.800 : 17.160 : 0 : 0 : 1
3)
View VLAN information.
MA5300(config)#show vlan 2 Vlan ID: 2 Vlan Type: static Route Interface: not configured Tagged Ports: none
Untagged Ports: Vdsl0/0/0 Adsl1/0/0
IV. Saving the data

V. Verification
Ping PC2 from PC1. If the pinging succeeds, ports vdsl 0/0/0 and adsl 1/0/0 can interconnect with each other.
22.2.6 VLAN Configuration Example (Configuring VLAN Trunk Interconnection)

The MA5300 supports interconnection between multiple VLANs on a local device and the same VLANs on the peer device through one port(s).
ESM
MA5300
LPU LPU
S8016
RTU
RTU
Server PC1 PC2
Figure 22-2 Application of VLAN interconnection 1) 2) 3) 4) PC1 is connected to port 0/0/0 on the MA5300s EVDA board. The IP address of PC1 is 10.1.1.1/24; the IP address of the gateway 10.1.1.254. PC2 is connected to port 1/0/0 on the MA5300s EADA board. The IP address of PC2 is 10.1.1.2/24. The IP address of the Server is 10.1.3.1/24; the IP address of the gateway is 10.1.3.254. Port 0/0/0 belongs to VLAN 10, and port 1/0/0 belongs to VLAN 20. The MA5300 is connected to an S8016 through a GE port (Trunk mode) that allows the pass of the traffic of VLAN 10 and VLAN 20. 5) 6) 7) The ADSL/VDSL ports are activated using the default line profile respectively. The ADSL RTU works in 1483B mode with VPI/VCI of 0/35. VLAN 10, VLAN 20, VLAN 100 and VLAN 200 are configured on the S8016. VLAN 100 is the Super VLAN, which includes two sub VLANs: VLAN 10 and VLAN 20. The IP address of VLAN 100 is 10.1.1.254/24, and the IP address of VLAN 200 is 10.1.3.254/24.

1) Create VLAN 10, to which the VDSL port belongs. Create VLAN 20, to which the ADSL port belongs.
MA5300(config)#vlan 10 MA5300(config-vlan10)#switchport vdsl 0/0/0 MA5300(config-vlan10)#exit MA5300(config)#vlan 20 MA5300(config-vlan20)#switchport adsl1/0/0 MA5300(config-vlan20)#exit
2)
Activate the VDSL/ADSL ports using the default profile.
3)
Set upstream GE port as a Trunk port.
MA5300(config)#interface gigabitethernet 7/1/0 MA5300(config-if-GigabitEthernet7/1/0)#switchport mode trunk MA5300(config-if-GigabitEthernet7/1/0)#switchport trunk allowed vlan 10 20
III. Viewing the configuration

To view the information on a VLAN, a port or a line profile, you can run the command show. This example shows how to view the GE port information.
MA5300(config)#show interface gigabitEthernet 7/1/0 GigabitEthernet7/1/0 is up Hardware is none Last UP time : 2004-02-12 15:06:57.200 00:00:00.0
Last DOWN time : 0000-00-00 Full-duplex, 1000M Flow control is disabled Broadcast max-ratio is 1% Allow jumbo frame to pass PVID is 1 Priority is 0 Max multicast group count: 2 Port mode: trunk
Vlan passing : 1(default vlan), 10, 20 Vlan allowed : 1(default vlan), 10, 20 Trunking encapsulation: dot1q 68 packets output, 0 packets/sec, 0 bytes/sec 5680 bytes, 68 multicasts, 0 broadcasts, 0 pauses 0 packets input, 0 packets/sec, 0 bytes/sec 0 bytes, 0 multicasts, 0 broadcasts, 0 pauses 0 CRC errors
IV. Saving the data

V. Verification
Ping PC2 from PC1. If the pinging succeeds, ports vdsl 0/0/0 and adsl 1/0/0 can interconnect with each other.
22.3 Configuring a Smart VLAN

The Smart VLAN does not hamper the implementation of a common VLAN. You can add some user ports into a Smart VLAN for L2 message isolation while adding other ports of the same device to a common VLAN for L2 message exchange. The MA5300 supports 253 Smart VLANs, and provides an L3 interface for every Smart VLAN. In this way, the NMS and the services can exist in the same Smart VLAN, as required in special networking conditions. The configuration of a Smart VLAN involves: Setting/Canceling a VLAN as a Smart VLAN Adding/Deleting an Upstream Port to/from a Smart VLAN Adding/Deleting an Downstream Port to/from a Smart VLAN Viewing Smart VLAN Information Table 22-2 lists the commands for configuring a Smart VLAN. Table 22-2 Commands for configuring a Smart VLAN To Set/Cancel a VLAN as Smart VLAN Add/Delete an upstream port to/from a Smart VLAN Add/Delete a downstream port to/from a Smart VLAN View Smart VLAN information Use (no) vlan-type smart (no) svlan-upport (no) svlan-downport show vlan smart In VLAN configuration mode VLAN configuration mode VLAN configuration mode All modes except the user EXEC mode
22.3.1 Setting/Canceling a VLAN as a Smart VLAN

The default VLAN, namely VLAN 1, in the system cannot be set as a Smart VLAN. When a common VLAN is set as a Smart VLAN, ports included in the original VLAN serve as the downstream ports of the Smart VLAN. When a Smart VLAN is restored to be a common VLAN, its upstream/downstream ports will not be deleted but become common VLAN ports directly. To set a common VLAN as a Smart VLAN, you can run the command vlan-type smart. To cancel the setting, you can run the command no vlan-type smart. This example shows how to set VLAN 12 as a Smart VLAN.
MA5300(config-vlan12)#vlan-type smart
22.3.2 Adding/Deleting an Upstream Port to/from a Smart VLAN

Description of a Smart VLAN's upstream ports: An upstream port of a Smart VLAN can be an aggregated port, Trunk port or access port. In the case of an aggregated port, you must aggregate the port before adding it to a Smart VLAN. In the case of an access port, it cannot be any access port of other Smart VLANs. The upstream port and the downstream port of a Smart VLAN cannot be the same. The upstream ports must be the FE/GE port on the ESM board rather than the ports on service boards. Multiple upstream ports can be added into one Smart VLAN. To add an upstream port to a Smart VLAN, you can run the command svlan-upport. To cancel the setting, you can run the command no svlan-upport. This example shows how to aggregate ports Ethernet 7/2/0 and Ethernet 7/2/1 and then add the aggregated port into VLAN 12.
MA5300(config)#link-aggregation ethernet 7/2/0 to ethernet 7/2/1 ingress MA5300(config)#vlan 12 MA5300(config-vlan12)#svlan-upport ethernet 7/2/0
If an upstream port of a Smart VLAN is a Trunk port, make sure that the VLANs allowed to pass the port cannot include a Smart VLAN when running the command switchport trunk allowed vlan. Otherwise, the system will prompt error, because the upstream port of a Smart VLAN definitely allows the Smart VLAN to pass it.
MA5300(config-vlan10)#svlan-upport e7/2/0 MA5300(config-vlan10)#exit MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#switchport mode trunk MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan all Please wait... This command is ignored, for there is a smartvlan in vlan-list
22.3.3 Adding/Deleting an Downstream Port to/from a Smart VLAN

Description of a Smart VLAN's downstream ports: The downstream ports of a Smart VLAN can be the GE/FE ports on an ESM board, or the ports on service boards. A downstream port can be a Trunk port, an access port or an aggregated port. In the case of an aggregated port, you must aggregate the port before adding it to a Smart VLAN. In the case of an access port, it cannot be any access port of other Smart VLANs. The upstream/downstream ports of a Smart VLAN cannot be the same. Multiple downstream ports can be added to a Smart VLAN.
To add a downstream port to a Smart VLAN, you can run the command svlan-downport. To delete a downstream port from a Smart VLAN, you can run the command no svlan-downport. This example shows how to add port adsl 1/0/0 to VLAN 12 in VLAN configuration mode.
MA5300(config-vlan12)# svlan-downport adsl 1/0/0
This example shows how to add port Ethernet 7/1/0 to VLAN 12 in VLAN configuration mode.
MA5300(config-if-Ethernet7/1/0)#svlan-downport vlan 12
Note: To add/delete a port to/from a Smart VLAN, you can only run the command (no)svlan-upport or (no) svlan-downport. You cannot run the command (no) switchport, which applies to a common VLAN only.
22.3.4 Viewing Smart VLAN Information

To view the brief information on all Smart VLANs, you can run the command show vlan smart. To view the detailed information on all Smart VLANs, you can run the command show vlan smart all. To view the detailed information on a specified Smart VLAN, you can run the command show vlan vlanid. This example shows how to view the brief information on all Smart VLANs.
MA5300(config)#show vlan smart Now, the following smart vlan exist(s): 2, 3, 5
22.3.5 Smart VLAN Configuration Example (Access Mode)

ESM
MA5300
LPU LPU
S8016
RTU
RTU
Server PC1 PC2
Figure 22-3 Application of Smart VLAN (Access mode) 1) 2) 3) 4) PC1 is connected to port 0/0/0 on the MA5300s EVDA board. The IP address of PC1 is 10.1.1.1/24; the IP address of the gateway 10.1.1.254. PC2 is connected to port 1/0/0 on the MA5300s EADA board. The IP address of PC2 is 10.1.1.2/24; the IP address of the gateway 10.1.1.254. The IP address of the Server is 10.1.3.1/24; the IP address of the gateway is 10.1.3.254. Set VLAN 100 as the Smart VLAN. The upstream port of the Smart VLAN is GigabitEthernet 7/1/0, which is an access port. The downstream ports include vdsl 0/0/0 and adsl 1/0/0. 5) 6) 7) The ADSL/VDS ports are activated using the default line profile respectively. The ADSL RTU works in 1483B mode with VPI/VCI of 0/35. VLAN 100 and VLAN 200 are configured on the S8016. The IP address of VLAN 100 is 10.1.1.254/24. The IP address of VLAN 200 is 10.1.3.254/24.

1) Create VLAN 100. Set it as a Smart VLAN and then add upstream/downstream ports to it.
MA5300(config)#vlan 100 MA5300(config-vlan100)#vlan-type smart MA5300(config-vlan100)#svlan-upport gigabitEthernet 7/1/0 MA5300(config-vlan100)#svlan-downport vdsl 0/0/0 MA5300(config-vlan100)#svlan-downport adsl 1/0/0 MA5300(config-vlan100)#exit
2)
Activate the VDSL/ADSL ports using the default line profile.

1) View the VLAN information.
MA5300(config)#show vlan 100 Vlan ID: 100 Vlan Type: static, smart Route Interface: not configured Tagged Ports: none
Untagged Ports: Vdsl0/0/0 Adsl1/0/0 GigabitEthernet7/1/0
2)
View the GE port information.
MA5300(config)#show interface GigabitEthernet 7/1/0
IV. Verification
With the above steps: 1) 2) Both PC1 and PC2 can ping the Server. PC1 and PC2 cannot ping each other.
22.3.6 Smart VLAN Configuration Example (Trunk Mode)

ESM
MA5300
LPU LPU
S8016
RTU
RTU
Server PC1 PC2
Figure 22-4 Application of Smart VLAN (Trunk mode) 1) PC1 is connected to port 0/0/0 on the MA5300s EVDA board. The IP address of PC1 is 10.1.1.1/24; the IP address of the gateway 10.1.1.254.
2) 3) 4)
PC2 is connected to port 1/0/0 on the MA5300s EADA board. The IP address of PC2 is 10.1.1.2/24; the IP address of the gateway 10.1.1.254. The IP address of the Server is 10.1.3.1/24; the IP address of the gateway is 10.1.3.254. Set VLAN 200 as the Smart VLAN. The upstream port of Smart VLAN is GigabitEthernet 7/1/0, which is a Trunk port. The downstream ports include vdsl 0/0/0 and adsl 1/0/0.
5) 6) 7) 8)
The ADSL/VDSL ports are activated using the default line profile respectively. The ADSL RTU works in 1483B mode with VPI/VCI of 0/35. The MA5300's management VLAN is VLAN 100, ands the management IP address is 10.1.1.100/24. VLAN 100 and VLAN 200 are configured on the S8016. The IP address of VLAN 100 is 10.1.1.254/24, and the IP address of VLAN 200 is 10.1.3.254/24.

1) Create VLAN 200. Set it as a Smart VLAN and then add upstream/downstream ports to it.
MA5300(config)#vlan 200 MA5300(config-vlan200)#vlan-type smart MA5300(config-vlan200)#svlan-upport gigabitEthernet 7/1/0 MA5300(config-vlan200)#svlan-downport vdsl 0/0/0 MA5300(config-vlan200)#svlan-downport adsl 1/0/0 MA5300(config-vlan200)#exit
2)
3)
Add management VLAN 100 and set the management IP address as 10.1.1.100.
MA5300(config)#vlan 100 MA5300(config-vlan100)#exit MA5300(config)#interface vlan-interface 100 MA5300(config-if-Vlan-interface100)#ip address 10.1.1.100 255.255.255.0 MA5300(config-if-Vlan-interface100)#exit
4) 5)
Add a route. Set an upstream port as a Trunk port.
MA5300(config)#interface gigabitEthernet 7/1/0 MA5300(config-if-GigabitEthernet7/1/0)#switchport mode trunk Please wait... Done. MA5300(config-if-GigabitEthernet7/1/0)#switchport trunk allowed vlan 100 Please wait... Done. MA5300(config-if-GigabitEthernet7/1/0)#exit

1) View the VLAN information.
MA5300(config)#show vlan 200 Vlan ID: 200 Vlan Type: static, smart Route Interface: not configured Tagged Ports: GigabitEthernet7/1/0 Untagged Ports: Vdsl0/0/0 Adsl1/0/0
2)
View the GE port information.
MA5300(config)#show interface gigabitEthernet 7/1/0
IV. Verification
With the above steps: 1) 2) 3) Both PC1 and PC2 can ping the Server. PC1 and PC2 cannot ping each other. On the S8016 console, you can ping the MA5300's management IP address.
22.3.7 Smart VLAN Configuration Example-Comprehensive Application

MA5300 B
E E V A D D A A
MA5300 A
E E V A D D A A
ESM
ESM
ISU
RTU
RTU
RTU
RTU
PC1
PC2
PC3
PC4
Figure 22-5 Comprehensive application of Smart VLAN
1)
PC1 and PC3 are connected to port 0/0/0 on the EVDA board of each MA5300 respectively. The IP address of PC1 is 10.1.1.1/24. The IP address of PC3 is 10.1.1.3/24. The IP address of the gateway 10.1.1.254.
2)
PC2 and PC4 are connected to port 1/0/0 on the EADA board of each MA5300 respectively. The IP address of PC2 is 10.1.1.2/24. The IP address of PC4 is 10.1.1.4/24. The IP address of the gateway 10.1.1.254.
3)
The service VLAN of master node (namely MA5300 A) and slave node (namely MA5300 B) is VLAN 200. MA5300 A's FE port 7/2/0 is connected with MA5300 B's FE port 7/2/0.
4)
MA5300 A's management VLAN is VLAN 100, and the management IP address is 10.1.1.100/24. MA5300 B's management VLAN is VLAN 101, and the management IP address is 10.1.1.101/24.
5) 6) 7) 8)
MA5300 A's ESM board is connected with the ISU board through the backplane. The ADSL/VDSL ports are activated using the default line profile respectively. The ADSL RTU works in 1483B mode with VPI/VCI of 0/35. On the ISU board, PC1, PC2, PC3 and PC4 are VLAN-bound access users. The ISU board is configured with built-in DHCP Server function. The IP address of the gateway is 10.1.1.254/24.

1) Configure data for MA5300 B Create VLAN 200. Set it as a Smart VLAN and then add upstream/downstream ports to it.
MA5300B(config)#vlan 200 MA5300 B(config-vlan200)#vlan-type smart MA5300B(config-vlan200)#svlan-upport Ethernet 7/2/0 MA5300B(config-vlan200)#svlan-downport vdsl 0/0/0 MA5300B(config-vlan200)#svlan-downport adsl 1/0/0 MA5300B(config-vlan200)#exit
Activate VDSL/ADSL port.

MA5300B(config)#vdsl activate vdsl 0/0/0 1 MA5300B(config)#adsl activate adsl 1/0/0 1
MA5300B(config)#vlan 101 MA5300B(config-vlan101)#exit MA5300B(config)#interface vlan-interface 101 MA5300B(config-if-Vlan-interface101)#ip address 10.1.1.101 255.255.255.0 MA5300B(config-if-Vlan-interface101)#exit
Add a route.
MA5300B(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.254
Set an upstream port as a Trunk port.

MA5300B(config)#interface Ethernet 7/2/0
MA5300B(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300B(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 101 Please wait... Done. MA5300B(config-if-Ethernet7/1/0)#exit
2)
Configure data for MA5300 A Create VLAN 200. Set it as a Smart VLAN and then add upstream/downstream ports to it.
MA5300A(config)#no smart MA5300A(config)#vlan 200 MA5300A(config-vlan200)#vlan-type smart MA5300A(config-vlan200)#svlan-upport gigabitEthernet 7/1/0 MA5300A(config-vlan200)#svlan-downport Ethernet 7/2/0 MA5300A(config-vlan200)#svlan-downport vdsl 0/0/0 MA5300A(config-vlan200)#svlan-downport adsl 1/0/0 MA5300A(config-vlan200)#exit

MA5300A(config)#vdsl activate vdsl 0/0/0 1 MA5300A(config)#adsl activate adsl 1/0/0 1
Create VLAN 101, which is the management VLAN of MA5300 B.

MA5300A(config)#vlan 101 MA5300A(config-vlan101)#exit
MA5300A(config)#vlan 100 MA5300A(config-vlan100)#exit MA5300A(config)#interface vlan-interface 100 MA5300A(config-if-Vlan-interface100)#ip address 10.1.1.100 255.255.255.0 MA5300A(config-if-Vlan-interface100)#exit
Add a route.
MA5300A(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.254
Enable the GE port used for connecting the ESM board and ISU board. Configure the parameters of the port.
MA5300A(config)#inner-isu 15 GigabitEthernet7/1/5 will be connected to inner-isu, continue?[Y/N]y Inner-isu in slot 15 is enabled. GigabitEthernet7/1/5 has been connected to inner-isu.
Set the downstream port as a Trunk port, so that it allows management VLAN to pass.
MA5300A(config)#interface ethernet 7/2/0 MA5300A(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300A(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 101 Please wait... Done.
Set the working mode of the upstream port, so that it allows VLAN 100 and VLAN 101 to pass.
MA5300A(config)#interface gigabitEthernet 7/1/5 MA5300A(config-if-GigabitEthernet7/1/5)#switchport mode trunk Please wait... Done. MA5300A(config-if-GigabitEthernet7/1/5)#switchport trunk allowed vlan 100 101 Please wait... Done. MA5300A(config-if-GigabitEthernet7/1/5)#exit
3)
Service configuration for the ISU board Configure the address pool.
<ISU>system-view [ISU]ip pool huawei local [ISU-ip-pool-huawei]gateway 10.1.1.254 255.255.255.0 [ISU-ip-pool-huawei]section 0 10.1.1.1 10.1.1.253 [ISU-ip-pool-huawei]excluded-ip-address 10.1.1.1 [ISU-ip-pool-huawei]excluded-ip-address 10.1.1.2 [ISU-ip-pool-huawei]excluded-ip-address 10.1.1.3 [ISU-ip-pool-huawei]excluded-ip-address 10.1.1.4 [ISU-ip-pool-huawei]dns-server 100.1.1.254 [ISU-ip-pool-huawei]dns-server 100.1.1.253 secondary [ISU-ip-pool-huawei]quit
Configure the authentication/accounting scheme.

[ISU-aaa]authentication-scheme auth1 [ISU-aaa-authen-auth1]authentication-mode local [ISU-aaa-authen-auth1]quit [ISU-aaa]accounting-scheme acct1 [ISU-aaa-accounting-acct1]accounting-mode local [ISU-aaa-accounting-acct1]quit
Configure the domain.

[ISU-aaa]domain isp [ISU-aaa-domain-isp]ip-pool huawei [ISU-aaa-domain-isp]authentication-scheme auth1 [ISU-aaa-domain-isp]accounting-scheme acct1 [ISU-aaa-domain-isp]quit [ISU-aaa]quit
Configure the VLAN interface.

[ISU]portvlan gigabitethernet 5 vlan 100 2 [ISU-gigabitethernet10-10-vlan100-101]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan100-101]default-domain authentication isp [ISU-gigabitethernet10-10-vlan100-101]authentication-method bind [ISU-gigabitethernet10-10-vlan100-101]quit [ISU]portvlan gigabitethernet 10 vlan 200 1 [ISU-gigabitethernet10-10-vlan200-200]access-type layer2-subscriber
[ISU-gigabitethernet10-10-vlan200-200]default-domain authentication isp [ISU-gigabitethernet10-10-vlan200-200]authentication-method bind [ISU-gigabitethernet10-10-vlan200-200]static-user 10.1.1.1 detect [ISU-gigabitethernet10-10-vlan200-200]static-user 10.1.1.2 detect [ISU-gigabitethernet10-10-vlan200-200]static-user 10.1.1.3 detect [ISU-gigabitethernet10-10-vlan200-200]static-user 10.1.1.4 detect [ISU-gigabitethernet10-10-vlan200-200]quit
Add the user account.

[ISU]local-aaa-server [ISU-local-aaa-server]batch-user gigabitethernet 10 100 2 domain isp [ISU-local-aaa-server]batch-user gigabitethernet 10 200 1 domain isp [ISU-local-aaa-server]quit
Configure the upstream port and route.

[ISU]portvlan ethernet 5 vlan 0 1 [ISU-ethernet5-5-vlan0-0]access-type interface [ISU-ethernet5-5-vlan0-0]quit [ISU]interface ethernet 5.0 [ISU-Ethernet5.0]ip address 200.100.0.1 255.255.255.0 [ISU-Ethernet5.0]ip route-static 0.0.0.0 0.0.0.0 200.100.0.2
III. Verification
1) 2) 3) 4) Run the command winipcfg on PC1, PC2, PC3 and PC4 respectively to obtain the IP addresses allocated by the DHCP Server. Ping the gateway IP address on the ISU from PC1, PC2, PC3, and PC4 respectively. The pinging succeeds. Any two PCs cannot ping each other successfully. If PC1 and PC2 cannot ping each other, please confirm whether the ARP proxy switch is enabled. If not, you can run the command arp-proxy enable to enable it.
22.4 Configuring a MUX VLAN

MUX VLAN is designed for the system to automatically allocate VLANs to the ports on various interface boards. This eventually helps simplify the data configuration, as well as isolate L2 packets. The MA5300 supports up to 4k VLANs. The configuration of a MUX VLAN involves: Enabling/Disabling a MUX VLAN Configuring the MUX VLAN Configuration Profile Specifying the Upstream Port and Range of Local MUX VLAN Specifying the Cascading Port and Range of Cascaded MUX VLANs Setting the MUX VLANs for a Specified Service Board Setting the MUX VLAN for a Specified Port
Viewing MUX VLAN information Table 22-3 lists the commands for configuring a MUX VLAN. Table 22-3 Commands for configuring a MUX VLAN To Enable/Disable a MUX VLAN Use (no) mux-vlan In Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode All modes except the user EXEC mode
Configure the MUX configuration profile
VLAN
(no) mux-vlan config-profile
Specify the upstream port and the range of local MUX VLAN Specify the cascading port and the range of cascaded MUX VLANs Set the MUX VLAN for a specified service board Set the MUX VLAN for a specified port
mux-vlan uplink-port
mux-vlan cascading-port
mux-vlan slot
mux-vlan interface
View MUX VLAN information
show mux-vlan
22.4.1 Enabling/Disabling a MUX VLAN
Caution: Enabling/Disabling MUX VLAN will cause the reset of the system. When MUX VLAN is enabled, the system will back up the configuration files in common mode. Then at the next startup, the system will use the configuration files in MUX VLAN mode. When MUX VLAN is disabled, the system will back up the configuration files in MUX VLAN mode. Then at the next startup, the system will use the configuration files in common mode. In MUX VLAN mode, you need to configure the MUX VLAN profile first, and then configure related features for the VLAN.
To enable MUX VLAN function, you can run the command mux-vlan. To disable MUX VLAN function, you can run the command no mux-vlan. By default, MUX VLAN is disabled. This example shows how to enable MUX VLAN.
MA5300(config)#mux-vlan System will be restarted. Turn to mux mode?[Y/N]:y
22.4.2 Configuring the MUX VLAN Configuration Profile

The MUX VLAN configuration profile specifies the start MUX VLAN ID, the number of VLANs in a group (or a slot), as well as the maximum number of MUX VLAN groups for the device. This profile sets limits on parameter settings of the upstream port and the cascading port of the MUX VLAN. To configure the MUX VLAN configuration profile, you can run the command mux-vlan config-profile. To restore the default setting of MUX VLAN configuration profile, you can run the command no mux-vlan configure-profile. Table 22-4 lists the parameters of the commands.
Table 22-4 Parameters description Parameter start-vlanid vlan-num-per-group vlan-group-num Description The start MUX VLAN ID, which must be a multiplier of 8. The number of VLANs in each group or slot. The maximum number of MUX VLAN groups that can be configured Range 83976 24, 48 or 64 1166 Default value 128 48 80
Parameter vlan-group-num is optional. With this parameter not specified, the system can calculate the maximum number of MUX VLAN groups that can be configured in light of start-vlanid and vlan-num-per-group input. The calculation formula is INT ((4k start-vlanid) / vlan-num-per-group). INT indicates that it takes an integer value. This example shows how to restore the default settings of the MUX VLAN profile.
MA5300(config)#mux-vlan config-profile 128 48 80
22.4.3 Specifying the Upstream Port and Range of Local MUX VLANs
If the upstream port and the range of local MUX VLAN are specified, the system will automatically allocate VLANs to all ports (including ADSL ports and VDSL ports) on the xDSL interface boards. This helps to simplify the data configuration. The upstream port of MUX VLAN can only be the ESM's FE port or GE port. The calculation formula for local MUX VLAN's start VLAN ID is: Local MUX VLAN's start VLAN ID =Start VLAN ID of the configuration profile + N X the number of VLANs in each group. N is of an integer. For example, if the configuration profile start VLAN ID is 8, and each group has 48 VLANs, the local MUX VLAN's VLAN ID can be 8, 56, or 104. The number of local MUX VLAN groups cannot exceed the number specified in the MUX VLAN configuration profile. The number of VLANs in a group is determined by the configuration profile. To specify the upstream port and the range of local MUX VLAN, you can run the command mux-vlan uplink-port. To cancel the setting, you can run the command no mux-vlan uplink-port. To view the MUX VLAN information, you can run the command show mux-vlan. This example shows how to specify the upstream port of local MUX VLAN as Ethernet 7/2/0. The local MUX VLAN's start VLAN ID is 128. The group number is 14.
MA5300(config)#mux-vlan config-profile 32 48 95 MA5300(config)#mux-vlan uplink-port interface ethernet 7/2/0 local-vlan 128 14

Please wait... Done.
Now, the system will automatically allocate VLANs for the 14 interface boards. The start VLAN ID is 128. Each board, namely one VLAN group, has 48 VLANs. The first board contains VLANs 128175. The second board contains VLANs 176223. The same rule applies to the rest interface boards.
22.4.4 Specifying the Cascading Port and Range of Cascaded MUX VLANs
If multiple MA5300s are cascaded, you can enable the system to automatically allocate VLANs for those MA5300s by specifying the cascading port and the range of cascaded MUX VLANs. The cascading port of a MUX VLAN must be the ESM board's FE port or GE port. The calculation formula for cascaded MUX VLAN's start VLAN ID is: Cascaded MUX VLAN's start VLAN ID = Start VLAN ID of the configuration profile + N x the number of VLANs in each group. N is an integer. The VLAN ID range cannot conflict with the range of the local MUX VLAN's VLAN ID. For example, if the configuration profile start VLAN ID is 8, and each group has 48 VLANs, the local MUX VLAN's VLAN ID can be 8, 56, or 104. The start VLAN ID of the cascaded MUX VLAN can be 680, 728 or 776. The number of cascaded MUX VLAN groups cannot exceed the number specified in the MUX VLAN configuration profile. The number of VLANs in a group is determined by the configuration profile. To specify the cascading port and range of the cascaded MUX VLANs, you can run the command mux-vlan cascading-port. To cancel the setting, you can run the command no mux-vlan cascading-port. To view the MUX VLAN information, you can run the command show mux-vlan. This example shows how to specify port Ethernet 7/2/1 as a cascading port. The start VLAN ID of cascaded MUX VLANs is 800. The group number is 14.
MA5300(config)#mux-vlan cascading-vlan 800 14 Please wait... Done. cascading-port interface ethernet 7/2/1
22.4.5 Setting the MUX VLANs for a Specified Service Board

You can use the default MUX VLAN setting for a service board as required. Modifying the start VLAN ID of a service board will change the MUX VLAN settings of that board. After the modified start VLAN ID is used, the system will automatically delete the previous settings.
I. Setting the MUX VLAN for a specified service board

To set MUX VLAN for a specified service board, you can run the command mux-vlan slot. This example shows how to set the start VLAN ID of the service board in slot 1 to 128.
MA5300(config)#mux-vlan slot 1 start-vlanid 128 Please wait... Done.
II. Canceling the MUX VLAN setting of a specified service board

This example shows how to cancel the MUX VLAN setting of the service board in slot 2.
MA5300(config)#mux-vlan slot 2 idle Please wait... Done.
22.4.6 Setting the MUX VLAN for a Specified Port

You can set the MUX VLAN settings of a port as required. The specified VLAN ID should be within the range of the MUX VLAN group of the board where the port is located. To set the MUX VLAN or modify the existing MUX VLAN configuration for a port, you can run the command mux-vlan vlan-id. To cancel the MUX VLAN setting of a specified port, you can run the command mux-vlan idle. This example shows how to set the VLAN ID of port adsl 1/0/0 to 129.
MA5300(config-if-Adsl1/0/0)#mux-vlan vlan-id 129
This example shows how to cancel the MUX VLAN setting of port adsl 1/0/0.
MA5300(config-if-Adsl1/0/0)#mux-vlan idle
22.4.7 Viewing MUX VLAN information

1) 2) To view the MUX VLAN configuration profile, you can run the command show mux-vlan config-profile. To view MUX VLAN information, you can run the command show mux-vlan. This example shows how to view the MUX VLAN configuration profile.
MA5300(config)#show mux-vlan config-profile The mux-vlan start vlan ID :128
The vlan number in one group:48 The mux-vlan group number :80
22.4.8 Basic Application of MUX VLAN

MA5300
E E V A D D A A
ESM
ISU
RTU
RTU
PC1
PC2
Figure 22-6 Basic application of MUX VLAN 1) 2) 3) 4) 5) 6) 7) 8) PC1 is connected to port 0/0/0 on the MA5300s EVDA board; PC2 is connected to port 1/0/0 on the MA5300s EADA board. Both PC1 and PC2 access the Internet by obtaining IP address dynamically. Each port of the EVDA board or the EADA board belongs to a different VLAN. The VLANs range from 128 to 799. The ESM board is connected with the ISU board through the backplane. The ADSL/VDSL ports are activated using the default profile. The ADSL RTU works in 1483B mode with VPI/VCI of 0/35. The MA5300s management VLAN ID is 100, and the management IP address is 10.1.1.100/24. Both PC1 and PC2 are considered by the ISU as the users of a specific VLAN. The ISU board adopts the built-in DHCP Server function. The IP address of the gateway is 10.1.1.254/24.

1) Enable MUX VLAN.
MA5300(config)#mux-vlan System will be restarted. Turn to mux mode?[Y/N]:y //Log in to the system after the system restarts. Username:root Password:

MA5300>enable 15 MA5300#configure terminal MA5300(config)#board confirm 0
2)
Define the upstream ports of MUX VLAN and the range of the local MUX VLAN.
uplink-port interface gigabitEthernet 7/1/5
MA5300(config)#mux-vlan local-vlan 128 14 Please wait... Done.
3)
Enable the GE port which connects the ESM board with ISU board, and configure the parameters of the GE port.
MA5300(config)#inner-isu 15 GigabitEthernet7/1/5 will be connected to inner-isu, continue?[Y/N]y Inner-isu in slot 15 is enabled. GigabitEthernet7/1/5 has been connected to inner-isu.
4)
5)
Add a management VLAN 100, and set the management IP address.
6) 7)
Add a route. Set the working mode for the upstream port, so that it allows the management VLAN to pass.
MA5300(config)#interface gigabitEthernet 7/1/5 MA5300(config-if-GigabitEthernet7/1/5)#switchport mode trunk Please wait... Done. MA5300(config-if-GigabitEthernet7/1/5)#switchport trunk allowed vlan 100 Please wait... Done. MA5300(config-if-GigabitEthernet7/1/5)#exit
8)
Configure the ISU board. Configure the address pool.
<ISU>system-view [ISU]ip pool huawei local [ISU-ip-pool-huawei]gateway 10.1.1.254 255.255.255.0 [ISU-ip-pool-huawei]section 0 10.1.1.1 10.1.1.253 [ISU-ip-pool-huawei]quit

[ISU-aaa]authentication-scheme auth1 [ISU-aaa-authen-auth1]authentication-mode local [ISU-aaa-authen-auth1]quit

[ISU-aaa]accounting-scheme acct1 [ISU-aaa-accounting-acct1]accounting-mode local [ISU-aaa-accounting-acct1]quit


[ISU]portvlan gigabitethernet 10 vlan 128 672 [ISU-gigabitethernet10-10-vlan128-799]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan128-799]default-domain authentication isp [ISU-gigabitethernet10-10-vlan128-799]authentication-method bind [ISU-gigabitethernet10-10-vlan128-799]quit [ISU]portvlan gigabitethernet 10 vlan 100 1 [ISU-gigabitethernet10-10-vlan100-100]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan100-100]default-domain authentication isp [ISU-gigabitethernet10-10-vlan100-100]authentication-method bind [ISU-gigabitethernet10-10-vlan100-100]quit

Configure the upstream interface and route.


1) View the MUX VLAN configuration profile.
:128
MA5300(config)#show mux-vlan config-profile The mux-vlan start vlan ID
2)
View the MUX VLAN information.
MA5300(config)#show mux-vlan

Mux-vlan is enabled Uplink port: interface GigabitEthernet7/1/5 Local mux-vlan ID: 128~799 Vlan-group(s) number: 14 Mux-vlan(s) number: 672 No cascading port exist 14 I/O board(s) configured Slot: 00 Slot: 01 Slot: 02 Slot: 03 Slot: 04 Slot: 05 Slot: 06 Slot: 09 Slot: 10 Slot: 11 Slot: 12 Slot: 13 Slot: 14 Slot: 15 mux-vlan: 128~175 mux-vlan: 176~223 mux-vlan: 224~271 mux-vlan: 272~319 mux-vlan: 320~367 mux-vlan: 368~415 mux-vlan: 416~463 mux-vlan: 464~511 mux-vlan: 512~559 mux-vlan: 560~607 mux-vlan: 608~655 mux-vlan: 656~703 mux-vlan: 704~751 mux-vlan: 752~799
IV. Verification
1) 2) 3) 4) Run the command winipcfg on PC1 and PC2 to obtain the IP addresses allocated by the DHCP Server. Ping the gateway IP address on the ISU from PC1and PC2 respectively. The pinging succeeds. PC1 and PC2 can ping each other successfully. If PC1 and PC2 cannot ping each other, please confirm whether the ARP proxy switch is enabled. If not, you can run the command arp-proxy enable to enable it.
22.4.9 MUX VLAN Cascading Application

MA5300 B
E E V A D D A A
MA5300 A
E E V A D D A A
ESM
ESM
ISU
RTU
RTU
RTU
RTU
PC1
PC2
PC3
PC4
Figure 22-7 Cascading application of MUX VLAN 1) PC1 and PC3 are connected to port 0/0/0 on the EVDA board of each MA5300 respectively. PC2 and PC4 are connected to port 1/0/0 on the EADA board of each MA5300 respectively. 2) 3) PC1, PC2, PC3 and PC4 access the Internet by obtaining IP address dynamically. Master node (namely MA5300 A) and slave node (namely MA5300 B) adopt MUX VLAN. Each port of the EVDA and EADA boards belongs to a different VLAN. MA5300 As VLANs range 128799; MA5300 Bs VLANs range 8001471. 4) MA5300 A's management VLAN is VLAN 100, and the management IP address is 10.1.1.100/24. MA5300 B's management VLAN is VLAN 101, and the management IP address is 10.1.1.101/24. 5) 6) 7) 8) MA5300 A's ESM board is connected with the ISU board through the backplane's GE port. The ADSL/VDSL ports are activated using the default line profile. The ADSL RTU works in 1483B mode with VPI/VCI of 0/35. On the ISU board, PC1, PC2, PC3 and PC4 are VLAN-bound access users. The ISU board is configured with built-in DHCP Server function. The IP address of the gateway is 10.1.1.254/24.

1) Configure the parameters of MA5300 B. Enable a MUX VLAN.

MA5300B(config)#mux-vlan System will be restarted. Turn to mux mode?[Y/N]:y
Log in to the system after the system resets.

Username:root Password: MA5300B>enable 15 MA5300B#configure terminal MA5300B(config)#board confirm 0
Configure the upstream port of the MUX VLAN and the range of local MUX VLAN. The default MUX VLAN configuration profile (start VLAN ID is 128, each group has 48 VLANs) is used.
MA5300B(config)#mux-vlan uplink-port interface ethernet 7/2/0 local-vlan 800 14 Please wait... Done.

MA5300B(config)#vdsl activate vdsl 0/0/0 1 MA5300B(config)#adsl activate adsl 1/0/0 1
Add management VLAN 101, and set the management IP address as 10.1.1.101.
MA5300B(config)#vlan 101 MA5300B(config-vlan101)#exit MA5300B(config)#interface vlan-interface 101 MA5300B(config-if-Vlan-interface101)#ip address 10.1.1.101 255.255.255.0 MA5300B(config-if-Vlan-interface101)#exit
Add a route.
MA5300B(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.254
Configure the working mode of the upstream port, so that it allows management VLAN 101 to pass.
MA5300B(config)#interface ethernet 7/2/0 MA5300B(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300B(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 101 Please wait... Done. MA5300B(config-if-Ethernet7/2/0)#exit
2)
Configure the parameters of MA5300 A. Enable MUX VLAN.
MA5300A(config)#mux-vlan System will be restarted. Turn to mux mode?[Y/N]:y

Username:root Password: MA5300A>enable 15

MA5300A#configure terminal MA5300A(config)#board confirm 0
Configure the upstream port of the MUX VLAN and the range of local MUX VLAN. The default MUX VLAN configuration profile (start VLAN ID is 128, each group has 48 VLANs) is used.
MA5300A(config)#mux-vlan local-vlan 128 14 Please wait... Done. uplink-port interface gigabitEthernet 7/1/5
Configure the cascading port of MUX VLAN and the range of the cascading MUX VLAN.
MA5300A(config)#mux-vlan cascading-vlan 800 14 Please wait... Done. cascading-port interface Ethernet 7/2/0
Enable the GE port used for connecting the ESM board and ISU board. Configure the parameters of the port.
MA5300A(config)#inner-isu 15 GigabitEthernet7/1/5 will be connected to inner-isu, continue?[Y/N]y Inner-isu in slot 15 is enabled. GigabitEthernet7/1/5 has been connected to inner-isu.
Activate VDSL/ADSL port using the default line profile.

MA5300A(config)#vdsl activate vdsl 0/0/0 1 MA5300A(config)#adsl activate adsl 1/0/0 1
MA5300A(config)#vlan 100 MA5300A(config-vlan100)#exit MA5300A(config)#interface vlan-interface 100 MA5300A(config-if-Vlan-interface100)#ip address 10.1.1.100 255.255.255.0 MA5300A(config-if-Vlan-interface100)#exit
Add a route.
MA5300A(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.254
Add VLAN 101, which is the management VLAN ID for MA5300 B.

MA5300A(config)#vlan 101 MA5300A(config-vlan101)#exit
Configure the working mode of the downstream port, so that it allows management VLAN 101 to pass.
MA5300A(config)#interface ethernet 7/2/0 MA5300A(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300A(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 101 Please wait... Done. MA5300A(config-if-Ethernet7/2/0)#exit
Set the working mode of the upstream port, so that it allows management VLAN 100 and VLAN 101 to pass.
MA5300A(config)#interface gigabitEthernet 7/1/5 MA5300A(config-if-GigabitEthernet7/1/5)#switchport mode trunk Please wait... Done. MA5300A(config-if-GigabitEthernet7/1/5)#switchport trunk allowed vlan 100 to 101 Please wait... Done. MA5300A(config-if-GigabitEthernet7/1/5)#exit
3)
Configure the ISU board. Configure the address pool.
<ISU>system-view [ISU]ip pool huawei local [ISU-ip-pool-huawei]gateway 10.1.1.254 255.255.255.0 [ISU-ip-pool-huawei]section 0 10.1.1.1 10.1.1.253 [ISU-ip-pool-huawei]quit



[ISU]portvlan gigabitethernet 10 vlan 128 1344 [ISU-gigabitethernet10-10-vlan128-1471]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan128-1471]default-domain authentication isp [ISU-gigabitethernet10-10-vlan128-1471]authentication-method bind [ISU-gigabitethernet10-10-vlan128-1471]quit [ISU]portvlan gigabitethernet 10 vlan 100 2 [ISU-gigabitethernet10-10-vlan100-101]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan100-101]default-domain authentication isp [ISU-gigabitethernet10-10-vlan100-101]authentication-method bind [ISU-gigabitethernet10-10-vlan100-101]quit

[ISU]local-aaa-server
[ISU-local-aaa-server]batch-user gigabitethernet 10 128 1344 domain isp [ISU-local-aaa-server]batch-user gigabitethernet 10 100 2 domain isp [ISU-local-aaa-server]quit
Configure the upstream interface and route.


1) View the MUX VLAN configuration profile.
:128
MA5300A(config)#show mux-vlan config-profile The mux-vlan start vlan ID
2)
View the MUX VLAN configuration.
MA5300A(config)#show mux-vlan Mux-vlan is enabled Uplink port: interface GigabitEthernet7/1/5 Local mux-vlan ID: 128~799 Vlan-group(s) number: 14 Mux-vlan(s) number: 672 1 cascading port(s) exist Interface Ethernet7/2/0 Mux-vlan ID: 800~1471 Vlan group(s) number: 14 Mux-Vlan(s) number: 672
14 I/O board(s) configured Slot: 00 Slot: 01 Slot: 02 Slot: 03 Slot: 04 Slot: 05 Slot: 06 Slot: 09 Slot: 10 Slot: 11 Slot: 12 mux-vlan: 128~175 mux-vlan: 176~223 mux-vlan: 224~271 mux-vlan: 272~319 mux-vlan: 320~367 mux-vlan: 368~415 mux-vlan: 416~463 mux-vlan: 464~511 mux-vlan: 512~559 mux-vlan: 560~607 mux-vlan: 608~655

Slot: 13 Slot: 14 Slot: 15 mux-vlan: 656~703 mux-vlan: 704~751 mux-vlan: 752~799
IV. Verification
1) 2) 3) 4) Run the command winipcfg on PC1 and PC2 to obtain the IP addresses allocated by the DHCP Server. Ping the gateway IP address on the ISU from PC1, PC2, PC3 and PC4 respectively. The pinging succeeds. Any two PCs can ping each other successfully. If PC1 and PC2 cannot ping each other, please confirm whether the ARP proxy switch is enabled. If not, you can run the command arp-proxy enable to enable it.
22.4.10 Comprehensive MUX VLAN Application

MA5300 B
E E V A D D A A
MA5300 A
E E V A D D A A
ESM
ESM
ISU
RTU
RTU
RTU
RTU
PC1
PC2
PC3
PC4
Figure 22-8 Comprehensive MUX VLAN application 1) PC1 and PC3 are connected to port 0/0/0 on the EVDA board of each MA5300 respectively. PC2 and PC4 are connected to port 1/0/0 on the EADA board of each MA5300 respectively. 2) 3) PC1 and PC2 access the Internet by obtaining IP address dynamically; PC3 and PC4 access the Internet in PPP dial-up mode. Master node (namely MA5300 A) does not use MUX VLAN, and all of its users belong to VLAN 10; slave node (namely MA5300 B) uses MUX VLAN; all ports of the EVDA board and EADA board belong to a different VLAN; the VLAN ID ranges 128 799.
4)
MA5300 As management VLAN is VLAN 100, and the management IP address is 10.1.1.100/24. The MA5300 Bs management VLAN is VLAN 101, and the management IP is 10.1.1.101/24.
5) 6) 7) 8)
The MA5300 A's ESM board is connected with the ISU board through the backplane. The ADSL/VDSL ports are activated using the default line profile. The ADSL RTU works in 1483B mode with VPI/VCI of 0/35. On the ISU board, PC1, PC2 are VLAN-bound access users. PC3 and PC4 are PPP dial-up users. The ISU board is configured with built-in DHCP Server function. The IP address of the gateway is 10.1.1.254/24.

1) Configure the parameters of MA5300 B. Enable MUX VLAN.
MA5300(config)#mux-vlan System will be restarted. Turn to mux mode?[Y/N]:y

Username:root Password: MA5300>enable 15 MA5300#configure terminal MA5300(config)#board confirm 0
Set the MUX VLAN configuration profile: start number is 128, each group has 64 VLANs.
MA5300(config)#mux-vlan config-profile 128 64
Configure the upstream port of the MUX VLAN and the range of local MUX VLAN.
MA5300(config)#mux-vlan uplink-port interface ethernet 7/2/0 local-vlan 128 14

Add a route

MA5300(config)#interface ethernet 7/2/0
MA5300(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 101 Please wait... Done. MA5300(config-if-Ethernet7/2/0)#exit
2)
Configure the parameters of MA5300 A. Enable the GE port which connects the ESM board with ISU board, and configure parameters of the port.
MA5300(config)#inner-isu 15 GigabitEthernet7/1/5 will be connected to inner-isu, continue?[Y/N]y Inner-isu in slot 15 is enabled. GigabitEthernet7/1/5 has been connected to inner-isu.
Add service VLAN 10, which includes ADSL/VDSL user ports. Activate ADSL/VDSL ports. (These users are PPP dial-up users).
MA5300(config)#vlan 10 MA5300(config-vlan10)#switchport vdsl 0/0/0 MA5300(config-vlan10)#switchport adsl 1/0/0 MA5300(config-vlan10)#exit MA5300(config)#vdsl activate vdsl 0/0/0 1 MA5300(config)#adsl activate adsl 1/0/0 1
Add a route.
Add VLAN 101, which is the management VLAN of MA5300 B.

MA5300(config)#vlan 101 MA5300(config-vlan101)#exit
Configure the working mode of the upstream port as "Trunk", so that it allows management VLAN 100 and VLAN 101 to pass.
MA5300(config)#interface gigabitEthernet 7/1/5
MA5300(config-if-GigabitEthernet7/1/5)#switchport mode trunk Please wait... Done. MA5300(config-if-GigabitEthernet7/1/5)#switchport trunk allowed vlan 10 100 to 101 Please wait... Done. MA5300(config-if-GigabitEthernet7/1/5)#exit
Allow the MA5300 Bs VLAN to pass through MA5300 A.

MA5300(config)#access-list user vlan_relay MA5300(config-user-nacl-vlan_relay)#permit pass through. { WORD<S><1,160> }:0080 { WORD<S><1,160> }:0f80 { <0-78> }:14 //The start VLANID is 128. //128 VLANs are included. //The head of MAC frame, namely DA+SA+802.1Qs //Allow VLANs 128 - 255 to
first two bytes), is invariably 14 bytes long. MA5300(config-user-nacl-vlan_relay)#permit 0100 0f00 14 //Allow VLANs 256 - 511 to pass through. MA5300(config-user-nacl-vlan_relay)#permit 0200 0f00 14 //Allow VLANs 512 - 767 to pass through. MA5300(config-user-nacl-vlan_relay)#permit 0300 0fe0 14 //Allow VLANs 768 - 799 to pass through. MA5300(config-user-nacl-vlan_relay)#exit
Apply the traffic rule to the ingress port and the egress port of MA5300 A.
MA5300(config)#interface gigabitEthernet 7/1/5 MA5300(config-if-GigabitEthernet7/1/5)#traffic-redirect vlan_relay interface ethernet 7/2/0 MA5300(config-if-GigabitEthernet7/1/5)#exit MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#traffic-redirect vlan_relay interface gigabitEthernet 7/1/5 MA5300(config-if-Ethernet7/2/0)#exit input user-group input user-group
3)
Configure the ISU board. Configure the virtual terminal (VT) profile (PPPoE dial-up users).
<ISU>system-view [ISU]interface virtual-template 1 [ISU-Virtual-Template1]ppp authentication-mode chap [ISU-Virtual-Template1]quit [ISU]interface gigabitethernet 10 [ISU-gigabitEthernet10]pppoe-server bind virtual-template 1 [ISU- gigabitEthernet10]quit
Configure the adderss pool.

[ISU]ip pool huawei local [ISU-ip-pool-huawei]gateway 10.1.1.254 255.255.255.0 [ISU-ip-pool-huawei]section 0 10.1.1.1 10.1.1.253

[ISU-ip-pool-huawei]quit



[ISU]portvlan gigabitethernet 10 vlan 128 672 [ISU-gigabitethernet10-10-vlan128-799]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan128-799]default-domain authentication isp [ISU- gigabitethernet10-10-vlan128-799]authentication-method bind [ISU- gigabitethernet10-10-vlan128-799]quit [ISU]portvlan gigabitethernet 10 vlan 100 2 [ISU-gigabitethernet10-10-vlan100-101]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan100-101]default-domain authentication isp [ISU-gigabitethernet10-10-vlan100-101]authentication-method bind [ISU-gigabitethernet10-10-vlan100-101]quit
Configure the VLAN interface (PPPoE dial-up users).

[ISU]portvlan gigabitethernet 10 vlan 10 1 [ISU-gigabitethernet10-10-vlan110-10]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan10-10]default-domain authentication isp [ISU-gigabitethernet10-10-vlan10-10]authentication-method pppoe [ISU-gigabitethernet10-10-vlan10-10]quit

Add the user account (PPPoE dial-up users).

[ISU]local-aaa-server [ISU-local-aaa-server]user bbbaaa@isp password aaa [ISU-local-aaa-server]user bbb@isp password bbb [ISU-local-aaa-server]quit
Add the upstream interface and route.

III. Verification
1) 2) 3) 4) 5) Run the command winipcfg on PC1 and PC2 respectively to obtain the IP addresses allocated by the DHCP Server. Start the dialup software on PC2 and PC4 respectively to obtain the IP addresses allocated by the DHCP server. Ping the gateway IP address on the ISU board from PC1, PC2, PC3 and PC4 respectively. The pinging succeeds. Any two PCs can ping each other successfully. If PC1 and PC2 cannot ping each other, please confirm whether the ARP proxy switch is enabled. If not, you can run the command arp-proxy enable to enable it.
22.4.11 Notes for Using MUX VLAN

1) 2) The range of a MUX VLAN cannot overlap with that of a common VLAN. If the number of VLANs of each group in the MUX VLAN profile is not consistent with the number of ports of the board in each slot, you should configure the VLANs in light of the number of VLANs in the MUX VLAN profile. 3) To modify a MUX VLAN, pay attention to these points: Do not exceed the range of VLANs in a frame when you modify a port in the frame. Do not exceed the range of VLANs in a slot when you modify a port in the slot. 4) In MUX VLAN mode, broadcast storm suppression takes effect only on those packets with the destination MAC being full F. It takes no effect on unknown unicast packets or unknown multicast packets. 5) 6) 7) 8) 9) An upstream port or a cascading port of a MUX VLAN cannot be added into an aggregated port. The PVID of a MUX VLAN's cascading port is 4069 always. The downstream ports of a MUX VLAN do not support aggregation or Trunk. One port cannot belong to a Smart VLAN or a MUX VLAN at the same time. With the upstream port and the range of local MUX VLAN specified, the MA5300 will allocate VLANs to all slots (starting from slot 0), even for an idle slot.
22.5 Configuring a QinQ VLAN

22.5.1 Overview
A QinQ VLAN is used to enable the transparent transmission of private VLAN and services. Upon receiving packets with private VLAN tags from lower layer, the MA5300 adds QinQ VLAN tags to these packets. In this way, the MA5300 enables the transparent transmission of private VLAN to the peer end without creating a private VLAN. It only needs to create a QinQ VLAN. The VLAN for labeling private users is referred to as Customer VLAN. The outer VLAN added by the MA5300 according to the port/PVC is referred to as SP VLAN. The Customer VLAN and the SP VLAN are independent of each other, and the ID ranges 14095. The MA5300 forwards QinQ packets in line with the following procedure: Upstream packet forwarding: Upon receiving a packet with Customer VLAN tag, the MA5300 adds an outer VLAN tag to it according to port/PVC settings, and then transmits it. If the packet is untagged, the MA5300 discards it. Downstream packet forwarding: The MA5300 first specifies the downstream PVC according to the SP VLAN+DMAC/SMAC table. Next, it removes the outer VLAN tag, and then transmits the packet from the QinQ VLAN port. The configuration of a QinQ VLAN involves: Setting a Common VLAN as a QinQ VLAN Adding/Deleting an Upstream Port to/from a QinQ VLAN Configuring a QinQ VLAN PVC Viewing the Configuration of a QinQ VLAN Table 22-5 lists the commands for configuring a QinQ VLAN. Table 22-5 Commands for configuring a QinQ VLAN To Configure a common VLAN as QinQ VLAN Add/Delete an upstream port to/from a QinQ VLAN Add/Delete a downstream port to/from a QinQ VLAN Add/Delete a downstream port to/from a QinQ VLAN Add a QinQ VLAN PVC Use (no) vlan-type q-in-q (no) switchport allowed (no) qvlan-port (no) qvlan-port vlan trunk VLAN mode In configuration
Ethernet port configuration mode QinQ VLAN configuration mode ADSL/SHDSL port configuration mode Global configuration mode/Port configuration mode
multipvc add
To Delete a QinQ VLAN PVC
Use multipvc delete
In Global configuration mode/Port configuration mode Global configuration mode/Port configuration mode All modes except the user EXEC mode
Modify a QinQ VLAN PVCs attributes View the configuration of a QinQ VLAN
multipvc modify
show vlan q-in-q
22.5.2 Setting a Common VLAN as a QinQ VLAN

By default, a created VLAN is a common one. To set a common VLAN as a QinQ VLAN, you can run the command vlan-type q-in-q. To restore a QinQ VLAN to a common VLAN, you can run the command no vlan-type q-in-q. During the configuration, abide by the following: Only a common VLAN can be set as a QinQ VLAN. The default VLAN, namely VLAN 1, cannot be set as a QinQ VLAN. A QinQ VLAN cannot be configured with an L3 IP address. When configuring a common VLAN as a QinQ VLAN, make sure that the common VLAN does not contain a downstream or an upstream port of a multicast VLAN. But it is allowed to contain ADSL/SHDSL ports, PVCs or Trunk ports of the main control board. The connection type of a common VLAN PVC shall be 1483B. This example shows how to create VLAN 2 and set it as a QinQ VLAN.
MA5300(config)# vlan 2 MA5300(config-vlan2)#vlan-type q-in-q
22.5.3 Adding/Deleting an Upstream Port to/from a QinQ VLAN

The upstream port of a QinQ VLAN shall be the Trunk port of the ESM board. Therefore, you can add/delete an upstream port to/from a QinQ VLAN in the same way as adding/deleting a Trunk port to/from a common VLAN. To add a Trunk port to a QinQ VLAN, you can run the command switchport trunk allowed. To delete a Trunk port from a QinQ VLAN, you can run the command no switchport trunk allowed. A QinQ VLAN is allowed to contain multiple upstream ports.
A QinQ VLAN can share an upstream port with other QinQ VLANs, VLAN Stackings, and Smart VLANs. For an upstream port of a QinQ VLAN, its default PVID is 1. You cannot define the default VLAN as a QinQ VLAN or Stacking VLAN. You can run the command switchport trunk native to modify the PVID. The upstream port of a QinQ VLAN can be an aggregated port. You can directly add an aggregated port to the QinQ VLAN, or add a Trunk port to the QinQ VLAN first, and then aggregate it with other ports. This example shows how to set port Ethernet 7/1/0 as a Trunk port, and then add it to QinQ VLAN 10.
A5300(config)#interface ethernet7/1/0 MA5300(config-if-Ethernet7/1/0)#switchport mode trunk MA5300(config-if-Ethernet7/1/0)#switchport trunk allowed vlan 10 { <cr>|INTEGER<2,4000>|to<K> }: Please wait... Done.
22.5.4 Adding/Deleting a Downstream Port to/from a QinQ VLAN

You cannot add/delete a downstream port to/from a QinQ VLAN in the same way as adding/deleting a Trunk port to/from a common VLAN through the command switchport. In QinQ VLAN configuration mode, you can run the command qvlan-port to add a downstream port to a QinQ VLAN, or the command no qvlan-port to delete a downstream port from a QinQ VLAN. In port configuration mode, you can run the command qvlan-port vlan to add a port to a QinQ VLAN, or the command no qvlan-port vlan to delete the port from the QinQ VLAN. Only an ADSL or SHDSL port can be added to a QinQ VLAN as a downstream port. The downstream port of a QinQ VLAN cannot be a Trunk port. The downstream port of a QinQ VLAN can be configured with a single PVC or multiple PVCs. The PVC connection type can only be 1483B. To add a PVC, you can run the command multipvc add. Ports or PVCs of the same board cannot communicate with each other in the same QinQ VLAN. This example shows how to add a downstream port in QinQ VLAN configuration mode
MA5300(config)# vlan 2 MA5300(config-vlan2)#qvlan-port adsl 2/0/1
This example shows how to add a downstream port to a QinQ VLAN in ADSL port configuration mode.

MA5300(config)# interface adsl5/0/0 MA5300(config-if-adsl5/0/0)#qvlan-port vlan 3
22.5.5 Configuring a QinQ VLAN PVC

Commands for adding/deleting/modifying a QinQ VLAN PVC are similar to those for adding/deleting/modifying a common VLAN PVC (multi-PVC).
I. Adding a QinQ VLAN PVC

To add a QinQ VLAN PVC, you can use the parameter q-in-q of the command multipvc add. In global configuration mode: multipvc add { all | slot_no | port_list } pvcindex index vpi vpi vci vci connect-type 1483b vlan vlanid [ q-in-q ] With q-in-q selected, make sure that the selected VLAN is a QinQ VLAN. PVCs of the same port cannot belong to the same QinQ VLAN, but they can work in different VLAN modes. This example shows how to add port adsl 5/0/1s PVC 2 to QinQ VLAN 4.
MA5300(config-adsl5/0/1)#multipvc add pvcindex 2 vpi 0 vci 20 connect-type 1483b vlan 4 q-in-q
II. Modifying a QinQ VLAN PVCs attributes

You can modify a QinQ VLAN PVCs attributes, including VPI/VCI, priority, and the VLAN to which it belongs. To modify the attributes, you can run the command multipvc modify. In global configuration mode: multipvc add { all | slot_no | port_list } pvcindex index [ vpi vpi vci vci | priority value | vlan vlanid [ q-in-q ] ] This example shows how to add PVC 2 of QinQ VLAN 3 to QinQ VLAN 4.
MA5300(config-if-Adsl2/0/0)#multipvc modify pvcindex 2 vlan 4 q-in-q
III. Deleting a QinQ VLAN PVC

To delete a PVC from a QinQ VLAN, you can run the command multipvc delete{ all | slot_no | port_list } pvcindex index. This example shows how to delete port adsl 1/0/5s PVC 2.
MA5300(config)#multipvc delete adsl 1/0/5 pvcindex 2
22.5.6 Viewing the Configuration of a QinQ VLAN

To view the configuration of a QinQ VLAN, you can run the command show vlan q-in-q. To view the brief information on the QinQ VLAN, enter no parameter. To display the details, enter the desired parameters. This example shows how to view the configuration of all QinQ VLANs.
MA5300(config)#show vlan q-in-q all Vlan ID: 10 Vlan Type: static, q-in-q Route Interface: not configured Upstream Ports: Ethernet7/1/0 Downstream Ports: Adsl1/0/0 Vlan ID: 20 Vlan Type: static, q-in-q Route Interface: not configured Upstream Ports: none Downstream Ports: Adsl1/0/1 Adsl1/0/5 Adsl1/0/6
This example shows how to view the brief information on a QinQ VLAN.
MA5300(config)#show vlan q-in-q { <cr>|all<K>|INTEGER<1,4000> }: Now, the following q-in-q vlan exist(s): 10, 20
22.5.7 QinQ VLAN Configuration Example

In the example below, a QinQ VLAN is used to realize the transparent transmission of private VLAN and services for the communication between Company As two subsidiaries which are located far away from each other.
1) 2) 3) 4) 5) Create a common VLAN, and set it as a QinQ VLAN. Add a port to the QinQ VLAN as the upstream port. Add a port to the QinQ VLAN as the downstream port. Set the PVC attributes of the QinQ VLANs downstream port as multi-PVC. View the configuration.
MAN BRAS
E A D A FE7/2/0 E A D A FE7/2/0
BRAS
CON ETH MON
CON ETH MON
MA5300 A LAN Switch
ESM
MA5300 B LAN Switch
ESM
Company A's Office A
Company A's Office B
Figure 22-9 Networking of a QinQ VLAN application Company A's Office A connects to MA5300 A through a LAN Switch, while Office B connects to MA5300 B through a LAN Switch. MA5300 A and MA5300 B share the same the same configuration. Presume that the two companies use one ADSL port. The networking is described as follows: The PCs Modem connects to the MA5300s port adsl 1/0/2, and connects to the upstream through port FE 7/2/0. The multi-PVC function is enabled for port adsl 1/0/2, and the port connects to Company A through PVC 1. VLAN 50 is defined as a QinQ VLAN. The MA5300 A and the MA5300 B share the same configuration.

1) Create VLAN 50, and define it as a QinQ VLAN.
MA5300(config)#vlan 50 MA5300(config-vlan50)#vlan-type q-in-q
2)
Add a port to the QinQ VLAN as the upstream port.
MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/12/0)#switchport mode trunk Please wait... Done. MA5300(config-if-Ethernet7/12/0)#switchport trunk allowed vlan 50 { <cr>|INTEGER<2,4000>|to<K> }: Please wait... Done.
3)
Add a port to the QinQ VLAN as the downstream port, enable the multi-PVC function for the port, and connect the port to the PC through PVC 1. Make sure that the PVCs VPI/VCI is the same as that of the Modem.
MA5300(config)#interface adsl 1/0/2 MA5300(config-if-adsl1/0/2)#multipvc enable MA5300(config-if-adsl1/0/2)#multipvc modify pvcindex 1 vlan 50 q-in-q
4) 5)
Activate the port using the default profile. View the QinQ VLANs configuration.
MA5300(config)#show vlan q-in-q all Vlan ID: 50 Vlan Type: static, q-in-q Route Interface: not configured Upstream Ports: Ethernet7/12/0 Downstream Ports: Adsl1/0/2
6)
View information on port adsl1/0/2.
MA5300(config)#show interface adsl1/0/2
IV. Verification
With the above steps, company A's two offices can communicate with each other.
22.6 Configuring VLAN Stacking

22.6.1 Overview
A VLAN Stacking is used to satisfy the demands on VLAN expansion and wholesale leased line services. For DSLAM devices, the mechanisms used to realize the two applications are similar. To realize VLAN expansion and user labeling, the MA5300 needs to work with a BRAS. To offer wholesale leased line service, the upper layer device needs to work in L2 mode, and forward packets based on VLAN and MAC address. The wholesale leased line service uses the outer VLAN of a VLAN Stacking to identify the users of an Internet Service Provider (ISP) in L2 MAN where multiple ISPs exist, and select the BRAS device. The functioning mechanism of a VLAN Stacking is as follows: The system allocates a customer VLAN tag to every port intended to offer Stacking service for labeling users. These ports belong to the same VLAN, namely the outer SP VLAN. In the network, packets are forwarded according to the outer packet tags. After passing through the BRAS device, these packets are deprived of outer VLAN tags, and use inner VLAN tags for labeling users.
The MA5300 forwards VLAN Stacking packets according to the following procedure: Upstream packet forwarding Upon receiving an untagged packet, the MA5300 adds two VLAN tags (SP VLAN+Customer VLAN) to it according to port/PVC settings, and then forwards it according to the SP VLAN and DMAC/SMAC. If the received packet is tagged, the MA5300 discards it. Downstream packet forwarding The MA5300 first specifies the downstream PVC according to the SP VLAN+DMAC/SMAC table. Next, it removes the SP VLAN and Customer VLAN tags, and then forwards the packet from the VLAN Stacking port. The configuration of a VLAN Stacking involves: Configuring a Common VLAN as a VLAN Stacking Adding/Deleting an Upstream Port to/from a VLAN Stacking Configuring the Inner VLAN Tag for a VLAN Stacking Port/PVC Adding/Deleting a Downstream Port to/from a VLAN Stacking Adding/Deleting a Downstream Port to/from a VLAN Stacking Viewing the Configuration of a VLAN Stacking Table 22-6 lists the commands for configuring a VLAN Stacking. Table 22-6 Commands for configuring a VLAN Stacking To... Set a common VLAN as a VLAN Stacking Add/Delete an Upstream Port to/from a VLAN Stacking Add/Delete a Downstream Port to/from a VLAN Stacking Add/Delete a Downstream Port to/from a VLAN Stacking Configure the Inner VLAN Tag for a VLAN Stacking Port/PVC Configure the inner priority of a VLAN Stacking Add a PVC to a VLAN Stacking Use... (no) vlan-type stacking (no) switchport trunk allowed In VLAN configuration mode Ethernet port configuration mode VLAN Stacking configuration mode ADSL/SHDSL port configuration mode VLAN Stacking configuration mode/ADSL(SHDSL) port configuration mode Global configuration mode /ADSL(SHDSL) port configuration mode Global configuration mode/ADSL(SHDSL) port configuration mode
(no) stack-port
(no) vlan
stack-port
(no) inner-label
(no) inner-priority
multipvc add
To... Delete a PVC to a VLAN Stacking Modify a PVC of a VLAN Stacking View the configuration of a VLAN Stacking
Use... multipvc delete
In Global configuration mode/ADSL(SHDSL) port configuration mode Global configuration mode/ADSL(SHDSL) port configuration mode All modes except the user EXEC mode
multipvc modify show vlan stacking
22.6.2 Configuring a Common VLAN as a VLAN Stacking

By default, a created VLAN is a common one. To set a common VLAN as a VLAN Stacking, you can run the command vlan-type stacking. To restore a VLAN Stacking to a common VLAN, you can run the command no vlan-type stacking. Only a common VLAN can be set as a VLAN Stacking. The default VLAN, namely VLAN 1, cannot be set as a VLAN Stacking. A VLAN Stacking cannot be configured with an L3 IP address. When setting a common VLAN as a VLAN Stacking, make sure that the common VLAN does not contain a downstream or an upstream port of a multicast VLAN. The common VLAN can be empty, or contain ADSL/SHDSL ports, PVCs, or Trunk port of the ESM board. This example shows how to create VLAN 50, and set it as a VLAN Stacking.
MA5300(config)# vlan 50 MA5300(config-vlan50)#vlan-type stacking
22.6.3 Adding/Deleting an Upstream Port to/from a VLAN Stacking

Only the Trunk port of the ESM board can be added to a VLAN Stacking as an upstream port. You can add/delete an upstream port to/from a VLAN Stacking in the same way as adding/deleting a Trunk port to/from a common VLAN. To add a Trunk port to a VLAN Stacking, you can run the command switchport trunk allowed. To delete a Trunk port from a VLAN Stacking, you can run the command no switchport trunk allowed. A VLAN Stacking is allowed to contain multiple upstream ports. A VLAN Stacking can share an upstream port with other VLAN Stackings, QinQ VLANs, and Smart VLANs.
For an upstream port of a VLAN Stacking, its default PVID is 1, and you cannot define its default VLAN as a QinQ VLAN or VLAN Stacking. But you can run the command switchport trunk native to modify the PVID. The upstream port of a VLAN Stacking can be an aggregated port. You can directly add an aggregated port to the VLAN Stacking, or add a Trunk port to the VLAN Stacking first, and then aggregate it with other ports. This example shows how to set port Ethernet 7/1/0 as a Trunk port, and then add it to VLAN Stacking 10.
MA5300(config)#interface ethernet7/1/0 MA5300(config-if-Ethernet7/1/0)#switchport mode trunk MA5300(config-if-Ethernet7/1/0)#switchport trunk allowed vlan 10 { <cr>|INTEGER<2,4000>|to<K> }: Please wait... Done.
22.6.4 Adding/Deleting a Downstream Port to/from a VLAN Stacking

You cannot add/delete a downstream port to/from a VLAN Stacking in the same way as adding/deleting a Trunk port to/from a common VLAN through the command switchport. In VLAN Stacking configuration mode, you can run the command stack-port to add a downstream port to a VLAN Stacking, or the command no stack-port to delete a downstream port from a VLAN Stacking. In ADSL or SHDSL port configuration mode, you can run the command stack-port vlan to add the port to a VLAN Stacking, or the command no stack-port vlan to delete the port from the VLAN Stacking. Only an ADSL or SHDSL port can be added to a VLAN Stacking as a downstream port. A VLAN Stacking's downstream port can be a Trunk port. The downstream port of a VLAN Stacking can be configured with a single PVC or multiple PVCs of any type. To add a PVC, you can run the command multipvc add. Ports or PVCs of the same board cannot communicate with each other in the same QinQ VLAN. This example shows how to add a downstream port to the VLAN Stacking in VLAN Stacking configuration mode.
MA5300(config)# vlan 50 MA5300(config-vlan50)#vlan-type stacking MA5300(config-vlan50)#stack-port adsl1/0/8
This example shows how to add a downstream port to a VLAN Stacking in ADSL port configuration mode.
MA5300(config)# interface adsl5/0/0

MA5300(config-if-adsl5/0/0)#stack-port vlan 3
22.6.5 Configuring the Inner VLAN Tag for a VLAN Stacking Port/PVC
Ports or PVCs of a VLAN Stacking contain two tags: The outer VLAN ID for labeling ISPs, and the inner VLAN tag for labeling users. The outer VLAN ID refers to the ID of the created VLAN Stacking. To set or modify an inner VLAN tag, you can run the command inner-label. To restore the default value of NA, you can run the command no inner-label. You can set the inner VLAN tag of a PVC when adding the PVC to the VLAN Stacking. The tag value ranges 14095. In VLAN Stacking configuration mode: inner-label { port label-id | port-list start-label startlabel-id } In ADSL and SHDSL port configuration mode: inner-label label-id You can configure the inner VLAN tags for ports in batches. Once the first ports tag number is specified, ports following it will increase accordingly. To enable the VLAN Stacking function, you need to set the inner VLAN tag. The inner VLAN tag is independent of the outer VLAN ID. You can adopt the same or different values for them. A ports inner VLAN tag does not occupy any VLAN resources. Before setting the inner VLAN tag for a port, make sure that a VLAN Stacking is created. Deleting a port from a VLAN Stacking also deletes the ports inner VLAN tag. This example shows how to set the inner VLAN tag of port adsl 1/0/7 as 10, and those of ports adsl 1/0/8adsl 1/0/10 as 100102 in VLAN Stacking configuration mode.
MA5300(config-vlan50)#inner-label adsl1/0/7 10 MA5300(config-vlan50)#inner-label adsl1/0/8 to adsl1/0/10 start-label 100
This example shows how to set port adsl 1/0/7s inner VLAN tag as 50 in ADSL port configuration mode.
MA5300(config-if-adsl1/0/7)#innerv-label 50
In VLAN Stacking configuration mode, delete port adsl 1/0/7s inner VLAN tag.
MA5300(config-if-adsl1/0/7)#innerv-label 50
22.6.6 Configuring a Port/PVCs Inner Priority

To set the inner priority of a port in a VLAN Stacking, you can run the command inner-priority. To restore the inner priority to its default value of 0, you can run the command no inner-priority.
To view the configuration, you can run the command show interface. This example shows how to set port adsl 1/0/0s inner priority as 7. Presume that port adsl 1/0/0 is included in a VLAN Stacking.
MA5300(config)#inner-priority adsl1/0/0 7
22.6.7 Configuring a VLAN Stacking PVC

The PVC connection type supported by QinQ VLAN is 1483B only. The PVC connection types supported by VLAN Stacking include 1483B, PPPoA and IPoA. The command used for adding/deleting/modifying a VPC of a VLAN Stacking is basically the same as that used in the case of a QinQ VLAN, except that you need to replace [ q-in-q ] with [ stacking inner-label labelvalue]. For details, refer to 22.5.5 Configuring a QinQ VLAN PVC. To add a VLAN Stacking PVC, you can use the parameter stacking of the command multipvc add. In global configuration mode: multipvc add { all | slot_no | port_list } pvcindex index vpi vpi vci vci connect-type {1483b | pppoa-llc | pppoa-vcmux | ipoa-llc | auto} vlan vlanid [stacking inner-label labelvalue ] With stacking selected, make sure that the selected VLAN is a VLAN Stacking. PVCs of the same port cannot belong to the same VLAN Stacking, but they can work in different VLAN modes. This example show how to add port adsl 5/0/1's PVC 2 to VLAN Stacking 4.
MA5300(config-adsl5/0/1)#multipvc add pvcindex 2 vpi 0 vci 20 connect-type 1483b vlan 4 stacking inner-label 10
22.6.8 Viewing the Configuration of a VLAN Stacking

To view the configuration of a VLAN Stacking, you can run the command show vlan stacking. To display brief information on the VLAN Stacking, enter no parameter. To display the details, enter the desired parameters. This example shows how to view the configuration of all VLAN Stackings
MA5300(config)#show vlan stacking all Vlan ID: 50 Vlan Type: static, stacking Route Interface: not configured Upstream Ports: Ethernet7/1/0 Downstream Ports Customer VlanID Customer Priority

Adsl1/0/7 Adsl1/0/8 1000 100

3 5
This example shows how to view the brief information on VLAN Stackings.
MA5300(config)#show vlan stacking { <cr>|all<K>|INTEGER<1,4000> }: Now, the following stacking vlan exist(s): 50
22.6.9 VLAN Stacking Configuration Example

In this example, it will introduce how to enable a company to get access to the wholesale leased line service of an ISP.
1) 2) 3) 4) Create a VLAN Stacking. Add a port to the VLAN Stacking as the upstream/downstream port. Set the inner tag for a port. View the configuration.
ISP1 BRAS
E A D A FE7/2/0
MAN BRAS
E A D A FE7/2/0
ISP2
CON ETH MON
CON ETH MON
ESM
MA5300 A
ESM
MA5300 B
Company A
Company B
Figure 22-10 The networking of a VLAN Stacking application In this example, the networking can be described as follows: Company A is the wholesale leased line service customer of ISP 1, and company B is that of ISP 2.
Company A connects to MA5300 A, and company B connects to MA5300 B. MA5300 A and MA5300 B have the same configuration. The following configuration is based on one ADSL port. The PCs Modem connects to the MA5300s port adsl 1/0/2, and connects to the upstream through port FE 7/2/0. The outer VLAN is used for labeling the ISP, and the inner VLAN is used for labeling users. In this example, VLAN 50 is for labeling ISP 1, and VLAN 51 is for labeling ISP 2.

The following lists the configuration procedure for MA5300 A. The configuration procedure also applies to MA5300 B. 1) Create a VLAN, and define it as a VLAN Stacking.
MA5300(config)#vlan 50 MA5300(config-vlan50)#vlan-type stacking MA5300(config-vlan50)#exit
2)
Add a port to the VLAN Stacking as the upstream port.
MA5300(config)#interface ethernet 7/2/0 MA5300(config-if-Ethernet7/2/0)#switchport mode trunk Please wait... Done. MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 50 { <cr>|INTEGER<2,4000>|to<K> }: Please wait... Done.
3)
Add a port to the VLAN Stacking as the downstream port.
MA5300(config)#vlan 50 MA5300(config-vlan50)#stack-port adsl1/0/2
4)
Set the port adsl 1/0/2s inner label as 10.
MA5300(config)#interface adsl 1/0/2 MA5300(config-if-Adsl1/0/2)#inner-label 10
5) 6)
Activate port adsl 1/0/2 using the default profile. View the configuration.
MA5300(config)#show vlan stacking 50 { <cr>|to<K> }: Vlan ID: 50 Vlan Type: static, stacking Route Interface: not configured Upstream Ports: Ethernet7/2/0 Downstream Ports Adsl1/0/2 Customer VlanID 10 Customer Priority 0
IV. Verification
With the above steps, company A can connect to ISP 1, and company B can connect to ISP 2.
Chapter 23 IGMP Snooping Configuration

23.1 Overview
23.1.1 IGMP Snooping Principle
The MA5300 can act as a pure L2 device to implement L2 multicast through Internet Group Management Protocol (IGMP) Snooping. IGMP Snooping is the restriction mechanism running on L2 devices. It is used to manage and control multicast groups. IGMP Snooping runs on the link layer. When the MA5300 receives an IGMP message transmitted between the host and the router, IGMP Snooping will analyze the information carried by the IGMP message. When it detects the IGMP host report message sent by the host, the MA5300 adds this host into the corresponding multicast table. When it detects the IGMP leave message sent by the host, the MA5300 deletes the host from the multicast table. Through incessant monitoring of IGMP packets, the MA5300 can set up and maintain a MAC multicast address table at L2. It can forward the multicast messages issued from the router according to the MAC multicast address table. When IGMP Snooping is not running, the multicast messages will be broadcasted in L2, as shown in Figure 23-1.
Video stream Multicast router Internet
Video stream MA5300
VOD Server
Video stream
Video stream
Video stream
Multicast group member
Non-multicast group member
Figure 23-1 Transmission of multicast messages when IGMP Snooping is not running
When IGMP Snooping is running, multicast (rather than broadcast) for messages will be performed in L2. Refer to Figure 23-2.
Video stream Multicast router Internet VOD Server
Video stream MA5300
Video stream
Video stream
Video stream
Multicast group member
Figure 23-2 Transmission of multicast messages when IGMP Snooping is running
23.1.2 Implementation of IGMP Snooping

I. Concepts related to IGMP Snooping
The concepts related to IGMP Snooping involve: Router port The port on the MA5300, which is directly connected to the multicast router. Multicast member port The port on the MA5300, which is connected to the multicast member. Multicast member is the host in a multicast group. MAC multicast group The multicast group that is identified by the MAC multicast address and maintained by the MA5300. Aging time of the router port The time set on the aging timer of the router port. If no IGMP general query message is received before the timer times out, the MA5300 will not regard the port as a router port. Aging time of multicast group member port
When a port is added to the IP multicast group, an aging timer will be started for this port. The aging time is set on the timer. If no IGMP report message is received before the timer times out, the MA5300 will send IGMP query message for a specific group to this port. Maximum time to respond the query When sending the IGMP specific query messages to the multicast members, the MA5300 starts a timer for the response to the query. The maximum time to respond to the query is the time set on the timer. During the set time, if no IGMP report message is received, the MA5300 will delete this port from the ports of multicast members.
II. Realizing L2 multicast through IGMP Snooping

With IGMP Snooping, the MA5300 can detect IGMP messages, and set up the mapping relation between the host (as well as its corresponding ports) and the corresponding multicast address. Figure 23-3 shows the way in which the MA5300 processes IGMP messages.
Internet
Router running IGMP IGMP message MA5300 running IGMP Snooping IGMP message
Figure 23-3 Implementation of IGMP Snooping The following describes how IGMP Snooping processes the received IGMP messages. IGMP general query message This message is sent from the multicast router to the multicast group member, querying which multicast groups have members. Upon receiving IGMP general query messages on the original port connecting the router, the MA5300 resets
the aging-time timer of the router port. Upon receiving IGMP general query messages on a new port, the MA5300 informs the multicast router that a host will join a multicast group and start the aging timer for this router port. IGMP specific group query message This message is sent from the multicast router to the multicast group member, querying whether a member exists in a specific multicast group. Upon receiving IGMP specific group query messages, the MA5300 sends the messages to the queried IP multicast group. IGMP report message This message is sent from the host to the multicast router. It is used to apply for joining a multicast group or respond to an IGMP query message. Upon receiving IGMP report messages, the MA5300 judges the existence of the MAC multicast group which the message will join. If the corresponding MAC multicast group does not exist, and the message only informs the router that a member will join a multicast group. The MA5300 will create a new MAC multicast group. Then it adds the port receiving report messages into the MAC multicast group, and then starts the aging timer of this port. All the router ports existing in the VLAN to which this port belongs will be added into this MAC multicast forwarding table. At the same time, a new IP multicast group will be set up, to which the port receiving the report message will be added. If the MAC multicast group corresponding to the report message exists but the port receiving report message is not in it, the MA5300 will add this port into the MAC multicast group and start the aging timer for it. Then judge whether the IP multicast group corresponding to the message exists. If not, an IP multicast group will be created and the port receiving report message will be added into it. If yes, the port receiving report message will be added into the IP multicast group. If the MAC multicast group corresponding to the message exists, and the port receiving report message exists in the MAC multicast group, the aging timer on the port receiving report message will be reset. IGMP leave message It is the message sent by multicast group member to the multicast router, informing the router that the host has left a multicast group. Upon receiving a leave message of an IP multicast group, the MA5300 sends specific group query messages to the port which receives this leave message, to confirm whether other members of this multicast group exist among the hosts connected with the port. At the same time, a response query timer is started.
If no report message of this multicast group is received before the timer times out, the port will be deleted from the corresponding MAC multicast group. If MAC multicast group has no multicast member ports, the MA5300 will inform the multicast router to delete the branch from the multicast tree.
23.2 Configuring IGMP Snooping

The configuration of IGMP Snooping involves: Enabling/Disabling IGMP Snooping Globally Setting the Aging Time of Multicast Group Member Port Setting the Aging Time of the Router Port Setting the Maximum Response Time Enabling a User to Leave a Multicast Group Fast Setting a Router Port Viewing IGMP Snooping Information Table 23-1 lists the commands for configuring IGMP Snooping. Table 23-1 Commands for configuring IGMP Snooping To Enable/Disable IGMP Snooping globally Set the aging time of multicast group member port Set the aging time of the router port Set the maximum response time to the query Enable a leaves a group fast user to multicast Use igmp-snooping enable/disable (no) igmp-snooping host-aging-time (no) igmp-snooping router-aging-time (no) igmp-snooping max-response-time (no) igmp-snooping quick-leave igmp-snooping router-port allowed show igmp-snooping configuration show igmp-snooping statistics show igmp-snooping group In Global configuration mode
Global configuration mode Global configuration mode/Port configuration mode Global configuration mode/Port configuration mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
Set a router port View IGMP Snooping information View IGMP Snooping statistics View the IP/MAC multicast group of a VLAN
23.2.1 Enabling/Disabling IGMP Snooping Globally

By enabling/disabling IGMP Snooping, you can set whether MAC multicast forwarding table is created and maintained on L2. To enable IGMP Snooping, you can run the command igmp-snooping enable. To disable IGMP Snooping, you can run the command igmp-snooping disable or no igmp-snooping. By default, IGMP Snooping is disabled. This example shows how to enable IGMP Snooping.
MA5300(config)#igmp-snooping enable
23.2.2 Setting the Aging Time of Multicast Group Member Port

To set the aging time of multicast group member port, you can run the command igmp-snooping host-aging-time. If no multicast group report message is received within the set aging time, a query message will be sent to the port. To restore the aging time of a multicast member port to the default value (260 s), you can run the command no igmp-snooping host-aging-time.
MA5300(config)#igmp-snooping host-aging-time 260
23.2.3 Setting the Aging Time of the Router Port

To set the aging time of a router port, you can run the command igmp-snoopiqng router-aging-time. If no general query message is received from the router within this aging time, the router port will be deleted from the MAC multicast group. To restore the aging time of a router port to the default value (260s), you can run the command no igmp-snooping router-aging-time.
MA5300(config)#igmp-snooping router-aging-time 260
23.2.4 Setting the Maximum Response Time

To set the maximum response time of a multicast member port, you can run the command igmp-snooping max-response-time. If no report message is received within this response time, the port will be deleted from the multicast group. To restore the maximum response time to the default value (10s), you can run the command no igmp-snooping max-response-time.
MA5300(config)# igmp-snooping max-response-time 10
23.2.5 Enabling a User to Leave a Multicast Group Fast

In some multicast applications, such as the video on demand (VOD) application, a user needs to switch the program source channel fast. This requires that the MA5300 can fast delete a multicast group soon after it receives the leave request from the user, rather than delete a multicast group only after it gets the confirmation response to the specific query packet. To enable a multicast user under an FE/GE/xDSL port to leave a multicast group that it joins, you can run the command igmp-snooping quick-leave. To restore the default setting, you can run the command no igmp-snooping quick-leave. By default, a multicast user cannot leave a multicast group fast. This example shows how to enable the users under port adsl 2/0/1 to leave a multicast group fast.
MA5300 (config)#igmp-snooping quick-leave adsl 2/0/1
23.2.6 Setting a Router Port

The ports connecting to users and those connecting downstream to the subtending devices cannot be set as router ports, to avoid that a user port becomes a router port by sending IGMP query messages, which will affect the normal multicast service. The ports connecting upstream to the subtending devices can be set as router ports. To set the router port, you can run the command igmp-snooping router-port allowed. To restore the default setting, you can run the command no igmp-snooping router-port allowed. By default, an FE/GE port can serve as a router port, but a VDSL port cannot serve as a router port. However, the command is not applicable ADSL port. This example shows how to set port Ethernet 7/2/1 as a router port.
MA5300(config)# igmp-snooping router-port allowed ethernet 7/2/1
23.2.7 Viewing IGMP Snooping Information

1) View IGMP Snooping configuration information.
To view all configuration information of IGMP Snooping, you can run the command show igmp-snooping configuration.
MA5300(config)#show igmp-snooping configuration Enable IGMP-Snooping. The router port timeout is 260 second(s).
The max response timeout is 10 second(s). The member port timeout is 260 second(s). **********Multicast group number allowed in port list********* All value is set to default:2
2)
View the IGMP Snooping statistics.
To view the IGMP Snooping statistics on the received and sent messages, you can run the command show igmp-snooping statistics. This command is used to diagnose IGMP Snooping when no MAC multicast group is created as expected. 3) View the information on IP/MAC multicast group in a VLAN.
To view the information on IP/MAC multicast groups in a VLAN, you can run the command show igmp-snooping group.
MA5300# show igmp-snooping group ***************Multicast group table*************** Vlan(id):1. Router port(s): Gigabitethernet7/1/0 IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.2.3 Member port(s):vdsl4/0/3 MAC group(s): MAC group address:01-00-5e-01-02-03 Member port(s):vdsl4/0/3
Note: The router port is not displayed together with IP/MAC multicast group members. Instead, it is displayed separately before all multicast groups in the local VLAN.
23.3 Configuring Multicast VLAN

With the multicast VLAN function and IGMP Snooping enabled, the MA5300 can effectively cooperate with various upstream devices in implementing multicast, even when the received messages from the upstream devices do not contain any VLAN tag. Suppose the MA5300 networks with upstream devices. When the MA5300 receives a multicast message without a VLAN tag from an upstream device, the receiving port will send this message to the VLAN to which the port belongs. When the
corresponding multicast port is not found in the multicast address table of that VLAN, the device will discard the response message and the multicast will fail. When a multicast VLAN is realized, if the MA5300 receives a multicast message without a VLAN tag from an upstream device, the receiving port, as the upstream port of a multicast VLAN, will send this message to the multicast VLAN. When the corresponding multicast port is found in the multicast address table of that multicast VLAN, the device will then send the response message to this port. In this way, multicast is successfully realized. A multicast VLAN includes upstream ports and downstream ports. The upstream port refers to the port connected to the upstream device, while the downstream port refers to the port connected to the user. The configuration of a multicast VLAN involves: Setting the Upstream Port of a Multicast VLAN Setting the Downstream Port of a Multicast VLAN Viewing the Multicast VLAN Table 23-2 lists the commands for configuring a multicast VLAN. Table 23-2 Commands for configuring a multicast VLAN To Set the upstream port of a multicast VLAN Set the downstream port of a multicast VLAN View the multicast VLAN Use mvlan-upport interface mvlan-downport interface show multivlan Global mode Global mode In configuration configuration
23.3.1 Setting the Upstream Port of a Multicast VLAN

The upstream port of a multicast VLAN is the port connected with the upstream device. A multicast VLAN can have multiple upstream ports. The upstream ports must be the FE/GE ports on the main control board. A port cannot act as both the upstream port and the downstream port at the same time. To set an upstream port of a multicast VLAN, you can run the command mvlan-upport interface. To delete an upstream port from a multicast VLAN, you can run the command no mvlan-upport interface. By default, a multicast VLAN has no port.
This example shows how to set port GE 7/1/0 as the upstream port.
MA5300(config)#mvlan-upport interface GigabitEthernet 7/1/0
23.3.2 Setting the Downstream Port of a Multicast VLAN

The downstream port of a multicast VLAN is the port connected with the user. A multicast VLAN can have multiple downstream ports. A port cannot act as both the upstream port and the downstream port at the same time. To set a downstream port of a multicast VLAN, you can run the command mvlan-downport interface. To delete a downstream port from a multicast VLAN, you can run the command no mvlan-downport interface. By default, a multicast VLAN has no port. This example shows how to set port vdsl 2/0/0 as the downstream port.
MA5300(config)# mvlan-downport interface vdsl2/0/0
23.3.3 Viewing the Multicast VLAN

After finishing the above configuration, you can run command show multivlan to view the information on the multicast VLAN. This helps to verify whether the configuration is correct. This example shows how to view the multicast VLAN.
MA5300# show multivlan The upstream port(s) of multicast vlan include: GigabitEthernet7/1/0 The downstream port(s) of multicast vlan include: Vdsl2/0/0
23.3.4 Multicast VLAN Configuration Example

MA5300
E E V A D D A A
CON ETH MON
ESM
ISU
RTU
RTU
Server PC1 PC2
Figure 23-4 Networking for configuring multicast VLAN 1) 2) 3) PC1 is connected to port 0/0/0 on the MA5300's EVDA board. PC1 is a VLAN-access user on the ISU board. PC1 accesses VLAN 128. PC2 is connected to port 1/0/0 on the MA5300's EADA board. PC2 is a PPPoE-access user on the ISU board. The IP address of the Server (DHCP Server, multicast server) is 10.0.0.1/24. The gateway IP address is 10.0.0.254. Three programs are added in the Server. Their IP addresses are 224.10.0.1, 224.10.0.2, and 224.10.0.3 respectively. 4) 5) The ADSL/VDSL ports are activated by using their default line profiles. The ADSL RTU works in 1483 mode with VPI/VCI of 0/35.

1) Create a service VLAN, and then add related ports to it.
MA5300(config)#vlan 128 MA5300(config-vlan128)#switchport vdsl 0/0/0 MA5300(config-vlan128)#exit
2)
Enable IGMP Snooping.
MA5300(config)#igmp-snooping enable Enable IGMP-Snooping ok.
3)
Set the upstream/downstream ports of the multicast VLAN.
MA5300(config)#mvlan-upport interface gigabitEthernet 7/1/5 MA5300(config)#mvlan-downport interface vdsl 0/0/0
MA5300(config)#mvlan-downport interface adsl 1/0/0
4)
Enable the GE port connecting the ESM and the ISU, and set related data for the port.
MA5300(config)#inner-isu 15 GigabitEthernet7/1/5 will be connected to inner-isu, continue?[Y/N]y Inner-isu in slot 15 is enabled. GigabitEthernet7/1/5 has been connected to inner-isu. MA5300(config)#interface gigabitEthernet 7/1/5 MA5300(config-if-GigabitEthernet7/1/5)#switchport mode trunk Please wait... Done. MA5300(config-if-GigabitEthernet7/1/5)#switchport trunk allowed vlan all Please wait... Done. MA5300(config-if-GigabitEthernet7/1/5)#exit
5)
6)
Set the ISU board. Set the virtual terminal (VT) profile (PPPoE dial-up users).
<ISU>system-view [ISU]interface virtual-template 1 [ISU-Virtual-Template1]ppp authentication-mode chap [ISU-Virtual-Template1]quit [ISU]interface gigabitethernet 10 [ISU-GigabitEthernet10]pppoe-server bind virtual-template 1 [ISU-GigabitEthernet10]quit
Set the DHCP Server and the multicast server.

[ISU]dhcp-server group remotedhcp [ISU-dhcp-server-group-remotedhcp]dhcp-server 10.0.0.1 [ISU-dhcp-server-group-remotedhcp]quit [ISU]ip pool huaweiremote remote [ISU-ip-pool-huaweiremote]gateway 10.0.0.254 255.255.255.0 [ISU-ip-pool-huaweiremote]dhcp-server group remotedhcp [ISU-ip-pool-huaweiremote]quit [ISU]multicast routing-enable [ISU]multicast free-group 224.10.0.1 224.10.0.3
Set the authentication/accounting scheme.

Set the domain.

Set the VLAN interface (VLAN access users).

[ISU]portvlan gigabitethernet 10 vlan 128 1 [ISU-gigabitethernet10-10-vlan128-128]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan128-128]default-domain authentication isp [ISU-gigabitethernet10-10-vlan128-128]authentication-method bind [ISU-gigabitethernet10-10-vlan128-128]quit
Set the VLAN interface (PPPoE dial-up users).

[ISU]portvlan gigabitethernet 10 vlan 1 [ISU-gigabitethernet10-10-vlan1-1]access-type layer2-subscriber [ISU-gigabitethernet10-10-vlan1-1]default-domain authentication isp [ISU-gigabitethernet10-10-vlan1-1]authentication-method pppoe [ISU-gigabitethernet10-10-vlan1-1]quit
Add the user account (VLAN users).

[ISU]local-aaa-server [ISU-local-aaa-server]batch-user gigabitethernet 10 128 1 domain isp [ISU-local-aaa-server]quit
Add the user account (PPPoE dial-up users).

[ISU]local-aaa-server [ISU-local-aaa-server]user aaa@isp password aaa [ISU-local-aaa-server]quit
Set the upstream port and the route.


1) View the multicast group table.
MA5300(config)#show igmp-snooping group ***************Multicast group table*************** Vlan(id):4067.Total ip group:2,mac group:2. Router port(s):GigabitEthernet7/1/5 IP group(s):the following ip group(s) match to one mac group.

IP group address:224.10.0.2 Member port(s):Vdsl0/0/0 MAC group(s):
MAC group address:01-00-5e-0a-00-02 Member port(s):Vdsl0/0/0 IP group(s):the following ip group(s) match to one mac group. IP group address:224.10.0.1 Member port(s):Vdsl0/0/0 MAC group(s): MAC group address:01-00-5e-0a-00-01 Member port(s):Vdsl0/0/0
2)
View the multicast VLAN information.
MA5300(config)#show multivlan The upstream port(s) of multicast vlan include: GigabitEthernet7/1/5
The downstream port(s) of multicast vlan include: Vdsl0/0/0 Adsl1/0/0
IV. Verification
With the above steps, PC1 and PC2 can access programs successfully after the authentication. If the MA5300 is not configured with a multicast VLAN, PC1 and PC2 can pass the authentication, but they cannot demand any programs.
23.4 Troubleshooting IGMP Snooping

Fault: Multicast function cannot be realized on the device. Diagnosis 1: IGMP Snooping is disabled. Troubleshooting 1: 1) 2) 3) Run the command show igmp-snooping configuration to view IGMP Snooping status. If IGMP Snooping is disabled, run the command igmp-snooping enable in Global configuration mode to enable IGMP Snooping. Proceed with diagnosis 2 if the fault remains when IGMP snooping is enabled. Diagnosis 2: Multicast forwarding table created by IGMP Snooping is wrong. Troubleshooting 2: 1) Run the command show igmp-snooping group to view whether the multicast group is correct.
2) 3)
If the multicast group created by IGMP Snooping is not correct, turn to professional maintenance personnel. Proceed with diagnosis 3 if the multicast group is correct.
Diagnosis 3: Multicast forwarding table created by the bottom layer is wrong. Troubleshooting 3: 1) Enable IGMP Snooping group debugging switch by running the command debug igmp-snooping groups in privileged mode, and then run the command show igmp-snooping group to check whether the MAC multicast forwarding table in the bottom layer is consistent with that created by IGMP Snooping. 2) You can also run the command show mac vlan in privileged mode to check whether the MAC multicast forwarding table created by the bottom layer under VLAN ID is consistent with that created by IGMP Snooping. 3) If they are not consistent, turn to maintenance personnel.
Chapter 24 IGMP Proxy Configuration

24.1 Overview
The MA5300 supports the IGMP proxy function. With the IGMP proxy function, the upstream multicast router, rather than the MA5300, performs the routing. In terms of a multicast user, the MA5300 is the multicast router responsible for realizing the functions of a router as defined in the IGMP. The MA5300 collects and maintains membership information on the downstream ports in two ways: it accepts the downstream users requests for joining or leaving a multicast group, and periodically queries whether there is any member belonging to the multicast group on a downstream port. In terms of a multicast router, the MA5300 is a multicast host, which sends IGMP requests to the multicast router for joining or leaving a designated multicast group. The IGMP proxy function provided by the MA5300 only supports unidirectional delivery of the multicast messages. That is, the multicast router sends data to the multicast user, while the multicast user is not able to send multicast data. The MA5300 can control a multicast group by issuing control rules to the CLI terminal or the NMS. In such a way, the MA5300 forwards the multicast data from the upstream port to the downstream port based on its group membership information. The upstream and the downstream ports may belong to different VLANs. However, the upstream port cannot forward the multicast data received from the downstream port, or forward multicast data to other upstream ports. The configuration of IGMP Proxy involves: Enabling/Disabling IGMP Proxy Setting the Master Upstream Port Setting the Parameters for a Multicast Router Setting the Static Multicast Members of an IGMP Proxy Group Maintaining a Program Library Setting the Authority Profile Setting the User Authority Viewing IGMP Proxy Information
24.2 Configuring Basic IGMP Proxy

Table 24-1 lists the commands for configuring IGMP Proxy. Table 24-1 Commands for configuring IGMP Proxy To Enable/Disable IGMP Proxy Use igmp-proxy enable/disable In Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode
Set the Master Upstream Port Set the robustness variable of the IGMP Proxy router Set the source IP address used in sending IGMP query packets. Set the interval general query
(no) igmp-proxy uplink-port
(no) igmp-proxy router robustness-variable (no) igmp-proxy router querier-ip (no) igmp-proxy router query-interval (no) igmp-proxy router gen-response-time (no) igmp-proxy router quick-leave
Set the maximum response time for general query Set the quick-leave mode for a port Set IGMP Proxy multicast members static
igmp-proxy group
24.2.1 Enabling/Disabling IGMP Proxy

To enable IGMP Proxy, you can run the command igmp-proxy enable. To disable IGMP Proxy, you can run the command igmp-proxy disable. This example shows how to enable IGMP Proxy.
MA5300(config)#igmp-proxy enable Enable IGMP-Proxy ok. MA5300(config)#
Note: The IGMP Proxy feature is not compatible with IGMP Snooping, L3 multicast routing or multicast VLAN. However, the IGMP Proxy function is compatible with such functions as Smart VLAN and MUX VLAN.
24.2.2 Setting the Master Upstream Port

The upstream port determines the ingress of the multicast data traffic, as well as the port and VLAN ID used by the IGMP packets sent by IGMP Proxy to the upstream device. If the multicast data traffic has a VLAN tag, the tagged VLAN ID refers to the VLAN ID for the upstream port. If the multicast data traffic does not have a VLAN tag, the VLAN ID should be the PVID of the upstream port. The MA5300 can have multiple upstream ports, which are identified by "Port + VLAN ID" uniquely. The upstream port can be either a Trunk port or an Access port. However, it must be on the ESM board. The MA5300 supports up to 100 upstream ports. Two concepts about the MA5300 need to be made clearmaster upstream port and slave upstream port. If you have not designated the upstream port for a program to be bound to, the program will be bound to the master upstream port by default. To designate the master upstream port, you can run the command igmp-proxy upstream-port interface vlanid. The port must belong to the designated VLAN. To delete the current master upstream port, you can run the command no igmp-proxy uplink-port interface vlanid. This example shows how to set port Ethernet 7/1/0 as the master upstream port belonging to VLAN 2.
MA5300(config)#igmp-proxy upstream-port ethernet 7/1/0 vlan 2
After setting the upstream port successfully, if you want to modify the VLAN to which the port belongs, you must cancel the upstream port attributes first.
24.2.3 Setting the Parameters for a Multicast Router

For a downstream user, the MA5300 running IGMP Proxy acts as a multicast router. The MA5300 receives Report packets and Leave packets from downstream devices. In addition, it queries the member relationship in a group, and generates and maintains the multicast forwarding table periodically.
The no form of the following commands for setting parameters is used to restore default values.
I. Setting the robustness variable

This parameter aims at strengthening the reliability of the system. It affects the length of aging time and counts of query and packet re-transmission. igmp-proxy router robustness-variable value no igmp-proxy router robustness-variable value is in the range of 110, and the default value is 2. This example shows how to set the robustness variable to 5.
MA5300(config)#igmp-proxy router robustness-variable 5
II. Setting the source IP address used in sending IGMP packets

In sending IGMP packets, IGMP querier uses source IP address in compliance with these rules: By preference, it uses the IP address of the VLAN interface at the transmit end. If the VLAN interface is not configured with an IP address, you can run this command to set a source IP address for the interface. The default one is 1.0.0.1. igmp-proxy router querier-ip no igmp-proxy router querier-ip This example shows how to set the source IP address used in sending IGMP packets to 1.2.1.1.
MA5300(config)#igmp-proxy router querier-ip 1.2.1.1
III. Setting the query-interval of the igmp-proxy router

To set the query-interval of the IGMP Proxy router, you can run these commands: igmp-proxy router query-interval time no igmp-proxy router query-interval time specifies the interval of IGMP Proxy query packet. It is in the range of 1065535s, and the default is 125s. This example shows how to set the query-interval of the igmp-proxy router to 120s.
MA5300(config)#igmp-proxy router query-interval 120
IV. Setting the gen-response-time

To set the gen-response-time, you can run these commands:
igmp-proxy router gen-response-time time no igmp-proxy router gen-response-time time is in the range of 10025500ms. The default is 10000ms. This example shows how to set the gen-response-time to 5000ms.
MA5300(config)#igmp-proxy router gen-response-time 5000
V. Setting the sp-response-time

To set the sp-response-time, you can run these commands: igmp-proxy router sp-response-time time no igmp-proxy router sp-response-time time is in the range of 10025500ms. The default is 10000ms. This example shows how to set the sp-response-time to 3000ms.
MA5300(config)#igmp-proxy router sp-response-time 3000
VI. Enabling the user on a port to leave fast

To enable/disable the user on a port to leave fast, you can run these commands: igmp-proxy router quick-leave interface [ to interface ] no igmp-proxy router quick-leave interface [ to interface ] interface: specifies a port in the form of interface type slot/card/port. By default, the quick leave function is disabled. This example shows how to enable the user on a port to leave fast.
MA5300(config)#igmp-proxy router quick-leave ethernet 7/1/0 to ethernet 7/1/3
24.2.4 Setting the Static Multicast Members of an IGMP Proxy Group

To set the static multicast members of an IGMP Proxy group, you can run the command igmp-proxy group. You can add static members in light of multicast IP address, or specified program name or index. This example shows how to add static member port adsl 1/0/0 into multicast group 224.1.1.1.
MA5300(config)#igmp-proxy group ip 224.1.1.1 adsl 1/0/0
24.3 Configuring the Program Library and Authority Profile

Table 24-2 lists the commands for configuring a program library and an authority profile. Table 24-2 Commands for configuring a program library and an authority profile To Add a multicast program to the program library Delete a multicast program from the program library Use igmp-proxy program add In Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode/Port configuration mode Global configuration mode/Port configuration mode
igmp-proxy program delete
Rename a program
igmp-proxy program rename
Modify the attributes of a program
igmp-proxy program modify
Add an authority profile
igmp-proxy profile add
Delete an authority profile
igmp-proxy profile delete
Rename an authority profile
igmp-proxy profile rename
Add/Delete a program to/from an authority profile Set the authentication mode for IGMP Proxy multicast users
igmp-proxy profile modify
igmp-proxy auth-mode
Bind a multicast user with an authority profile
igmp-proxy user bind
Block/Unblock user
multicast
(no) igmp-proxy user block
To
Use
In Global configuration mode/Port configuration mode Global configuration mode/Port configuration mode Global configuration mode Global configuration mode Global configuration mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
Delete a multicast user
igmp-proxy user delete
Set the maximum number of programs accessible for a multicast user at a time
igmp-proxy max-program-number
user
Set the authority of an IGMP Proxy multicast IP-based user Set the authority of an IGMP Proxy multicast MAC-based user Set the authority of an IGMP Proxy multicast board-based user View the programs program library in a
igmp-proxy user add/modify/delete igmp-proxy user add/modify/delete
ip
mac
igmp-proxy user board
show igmp program
View the configuration of an authority profile View the configuration of user authority View IGMP information PROXY
show igmp-proxy profile
show igmp-proxy user
show igmp-proxy configuration
View the multicast forwarding table
show igmp-proxy group
View the log
show igmp-proxy log
View the statistics
IGMP
Proxy
show igmp-proxy statistics
24.3.1 Maintaining a Program Library

To facilitate maintaining the programs, the MA5300 provides a program library and supports relative maintenance means. You are entitled to make further maintenance operations only after you have added programs to the library. For example, you can add a program to an authority profile to enable program demanding. You can also perform other operations for maintaining the program library, for example, setting a program to be in pre-join state. A program library can have up to 1024 programs, which are numbered 11024 respectively. Five commands are available for maintaining a program library, as described in the following sections.
I. Adding a program to a program library

To add a program to a program library, you can run this command: igmp-proxy program add [ index program-index ] { name program-name | default-name | } ip multicast-ip [ bind { interface { enable | disable } ] [ prejoin { enable | disable } ] This example shows how to add program CCTV to the program library.
MA5300(config)#igmp-proxy program add name CCTV ip 224.1.1.1 bind default host enable prejoin enable
vlanid | default } ]
[ host
II. Deleting a program from a program library

To delete a program from a program library, you can run this command: igmp-proxy program delete { all | name program-name | ip multicast-ip | index indexlist } This example shows how to delete program CCTV from the program library.
MA5300(config)#igmp-proxy program delete name CCTV This will delete Forward Table of program. Continue? [Y/N] y
III. Renaming a program in a program library

To rename a program in a program library, you can run this command: igmp-proxy program rename { name old-name | index index } { default-name | new-name new-name } This example shows how to rename program CCTV in the program library to CCTV-1.
MA5300(config)#igmp-proxy program rename CCTV CCTV-1
IV. Modifying a program in a program library

To modify a program in a program library, you can run this command: igmp-proxy program modify { all | name program-name | ip multicast-ip | index program-index } { bind { interface vlanid | default } | host { enable | disable } | prejoin { enable | disable }* } This example shows how to modify the program CCTV-1 in the program library.
MA5300(config)#igmp-proxy program modify name CCTV-1 bind ethernet 7/1/1 vlan 1 host enable prejoin disable
V. Viewing the programs in a program library

To view the programs in a program library, you can run this command: show igmp program { all | ip multicast-ip | name program-index } [ detail ] This example shows how to view the brief information on a program.
MA5300(config)#show igmp-proxy program all { <cr>|detail<K> }: Total:1 ------------------------------------------------------------------Index Name Ip Upport Host Pre- Profile-index 1 CCTV-1 224.1.1.1 2 User-
program-name | index
join references references No No 0 0
-------------------------------------------------------------------
This example shows how to view the detailed information on a program.

MA5300(config)#show igmp-proxy program all detail Total:1 -----------------------------------------------------------------Index: Program name: IP: Upport: Host function: Prejoin: 1 CCTV-1 224.1.1.1 Ethernet7/1/1 Vlan 3 No No
User references: 0 Profile references list(Total:0): -------------------------------------------------------------------
VI. Parameters of commands for maintaining a program library

Table 24-3 lists the parameters of the commands for maintaining a program library.
Table 24-3 Parameters of commands for maintaining a program library Parameter default-name multicast-ip Name The default name of a program Program IP address Description When the program name is not specified, the system will automatically assign a name for the program. D type IP address only With the parameter default, it indicates to bind a program to the master upstream port. If a port is specified, the program will be bound to the specified slave upstream port. The system sends IGMP packets to the bound upstream port, in which case the IP address used is that of the transmit port. If the transmit port is not configured with IP address, no IGMP packets will be sent. In the case of disable, MA5300 will not send any IGMP packet. With the pre-join function enabled, the MA5300 can apply for multicast traffic in advance towards the upstream device. Once a real user is demanding a program, the MA5300 can implement forwarding when the forwarding table entry is added, which shortens the delay in program demanding.
bind
Bind a program to the upstream port
host
Enable/Disable IGMPs host functions
prejoin
Enable/Disable program pre-join function
24.3.2 Setting the Authority Profile

You need to configure an authority profile so that the user is able to access the programs in the program library. The authority profile defines the program authorities. The system supports up to 128 authority profiles, each of which can be configured with up to 1024 multicast programs. Each port can belong to one authority profile only. After a port is bound with an authority profile, the users under that port are able to access the programs of the specified multicast groups. Request for joining a multicast group that is not allowed by the profile will be denied. After IGMP Proxy is enabled, by default the system does not have any authority profiles, and the port is not bound with any authority profile and has not any multicast authority. The MA5300 does not support distinguishing and control of multicast sources, so the programs of different multicast sources shall have various IP addresses. Assume the
programs of different multicast sources, for example, multicast sources S1 and S2, have the same IP address such as 224.1.1.1. Then if the user is accessing programs from 224.1.1.1, the programs from both S1 and S2 will be sent to the user.
I. Create an authority profile

To add an authority profile, you can run this command: igmp-proxy profile add [ index start-profile-index [ to index end-profile-index ] ] { name profile-name | default-name } This example shows how to create an authority profile named "tvb-profile".
MA5300(config)#igmp-proxy profile add name tvb-profile
II. Delete an authority profile

To delete an authority profile, you can run this command: igmp-proxy profile delete { index start-profile-index [ to index end-profile-index ] | name profile-name } This example shows how to delete the authority profile named "tvb-profile".
MA5300(config)#igmp-proxy profile delete name tvb-profile Are you sure to delete the profile? (y/n)[n]:y
III. Rename an authority profile

To rename an authority profile, you can run this command: igmp-proxy profile rename { index start-profile-index [ to index end-profile-index ] | name old-profile-name } { default-name | new-name new-profile-name } To rename multiple profiles, you can run the command index start-profile-index to index end-profile-index. You can only adopt the name of the default profile for them. This example shows how to rename authority profile 1 as cctv.
MA5300(config)#igmp-proxy profile rename index 1 new-name cctv
This example shows how to rename authority profile 1 with the default name.
MA5300(config)#igmp-proxy profile rename index 1 default-name
IV. Add/Delete a program to/from an authority profile

To add/delete a program to/from an authority profile, you can run this command: igmp-proxy profile modify { index start-profile-index [ to index end-profile-index ] | name profile-name } { join | remove } program { ip multicast-ip | name program-name | index start-program-index [ to index end-program-index ] }
This example shows how to add two programs, CCTV-2 and CCTV-3, to profile 1 (the default name is profile-1).
MA5300(config)#igmp-proxy profile modify index 1 join program name cctv-2 MA5300(config)#igmp-proxy profile modify index 1 join program name cctv-3
This example shows how to delete program CCTV-2 from the profile.
MA5300(config)#igmp-proxy profile modify index 1 remove program name cctv-2 Are you sure to remove the multicast program? (y/n)[n]:y
Note: Before specifying an authority profile, make sure that the profile exists. The programs to be added to a profile must already exist in the library. The system will prompt nothing if the program to be deleted does not exist in the authority profile. The program will be deleted if it exists in the authority profile. If a user is demanding the program which has been deleted, the user will be deleted from the program.
V. Viewing the authority profile configuration

To view the information on an authority profile, you can run this command: show igmp-proxy profile { all | index start-profile-index [ to index end-profile-index ] | name profile-name } [ detail ] This example shows how to view the brief information on an authority profile.
MA5300# show igmp-proxy profile all Total: 2 -------------------------------------------------------------------Index Profile name Program number User references
------------------------------------------------------------------0 1 VIP COMMON 2 1 2 3
-------------------------------------------------------------------
This example shows how to view the detailed information on an authority profile.
MA5300# show igmp-proxy profile all detail Total: 2 -------------------------------------------------------------------Index: 0 Profile name : VIP Programs(Total: 2) : CCTV-1 CCTV-2

User references(Total: 2) : adsl 2/0/0 adsl2/0/1
-------------------------------------------------------------------Index: 1 Profile name : COMMON Programs(Total: 1): SZTV-1 SZTV-2
User references(Total: 3) : adsl 2/0/5 adsl2/0/6 adsl2/0/7
-------------------------------------------------------------------
24.3.3 Setting the User Authority

A user is able to access the programs in an authority profile after the user is bound to the authority profile. One user can be bound to one profile only. The original binding will be canceled when the user is bound to another profile. The configuration of the user authority involves: 1) 2) Setting the authentication mode for IGMP Proxy multicast users Setting the authentication authority for IGMP Proxy multicast users Setting the authentication authority for IGMP Proxy multicast port-based users Setting the authority for IGMP Proxy multicast IP-based users Setting the authority for IGMP Proxy multicast MAC-based users Setting the authority for IGMP Proxy multicast board-based users 3) Viewing the user authority configuration
I. Setting the authentication mode for an IGMP Proxy multicast user

The authentication mode for a multicast user can be port-based, MAC-based, IP-based and board-based, or any combination of the four types. igmp-proxy auth-mode { port | mac | ip | board} This example shows how to set the port-based authentication mode.
MA5300(config)# igmp-proxy auth-mode port
II. Setting the authentication authority for an IGMP Proxy multicast user
The authentication authority can be port-based, MAC-based, IP-based and board-based. 1) Set the port-based authentication authority for an IGMP Proxy multicast user.
To bind a multicast user with an authority profile, you can run this command: igmp-proxy user interface [ to interface ] bind { profile { index profile-index | name profile-name } | noauth } [ max-program-number maxProgramnum ] To block/unblock a user port, you can run this command:
(no) igmp-proxy user interface-list block To cancel the authorization settings for a user port, you can run this command: igmp-proxy user interface [ to interface ] delete To set the maximum number of programs accessible for a multicast user at a time, you can run this command: igmp-proxy user interface-list max-program-number number This example shows how to bind a user with an authority profile in light of the authority index.
MA5300(config)#igmp-proxy max-program-number 6 user adsl 2/0/0 bind profile index 12
This example shows how to authorize a user port with unlimited authorizations.
MA5300(config)#igmp-proxy max-program-number 8 user adsl 2/0/0 to adsl 2/0/10 bind noauth
This example shows how to delete the authorities of a user port.

MA5300(config)#igmp-proxy user adsl 2/0/0 delete
This example shows how to block a user port.

MA5300(config)#igmp-proxy user adsl 2/0/0 block
This example shows how to set the maximum number of programs accessible currently for a user port.
MA5300(config)#igmp-proxy user adsl 2/0/0 max-program-number 4
2)
Set the authority of an IGMP Proxy multicast IP-based user
To Add an IP user, you can run this command: igmp-proxy user ip add IP-address [ to IP-address ] [ bind { noauth | profile { name profile-name | index profile-index } } | block ] To modify the attributes of an IP user, you can run this command: igmp-proxy user ip modify { all | IP-address | index user-index } { bind { noauth | profile { name profile-name | index profile-index } } | block } To delete an IP user, you can run this command: igmp-proxy user ip delete { all | IP-address | index user-index } To block an IP user, you can run this command: no igmp-proxy user ip { all | IP-address | index user-index } block 3) Set the authority of an IGMP Proxy multicast MAC-based user
To add an MAC user, you can run this command:
igmp-proxy user mac add mac-address [ bind { noauth profile-name | index profile-index } } | block ]
| profile { name
To modify the attributes of an MAC user, you can run this command: igmp-proxy user mac modify { all | mac-address | index < user-index } { bind { noauth | profile { name profile-name | index profile-index } } | block } To delete an MAC user, you can run this command: igmp-proxy user mac delete { all | <mac-address> | index < user-index > } To unblock an MAC user, you can run this command: no igmp-proxy user mac { all | <mac-address> | index < user-index > } block 4) Set the authority of an IGMP Proxy multicast board-based user.
The command format is: igmp-proxy user board slotid [ to slotid2] max-program-number Parameter description: Parameter noauth Description Specifies that no authorization is needed for the user. This type of users is entitled to access all programs. Blocks a user port. When a port is blocked, the associated users will be disabled to view the on-going program, and will be no longer allowed to access any program until it is unblocked using no form of the command. Defines the maximum number of programs accessible for the user.
block
max-program-number
III. Viewing the user authority configuration

You can run the four commands below to view the authority configuration of a multicast user based on port, IP address, MAC address and board respectively. show igmp-proxy user interface [ to interface] [ detail ] show igmp-proxy user ip { all | IP-address | index user-index } show igmp-proxy user mac { all | mac-address | index user-index } show igmp-proxy user board all This example shows how to view the detailed configuration of the user authority at port Ethernet 7/1/0.
MA5300(config)#show igmp-proxy user ethernet 7/1/0 detail Total: 1 ------------------------------------------------------------------User: Ethernet7/1/0 Profile: profile-1 (1) Program: cctv-3 Max Program Number: 2 Block: No ------------------------------------------------------------------The number of displayed user(s) is: 1
24.4 Viewing IGMP Proxy Information

To view the IGMP Proxy configuration, you can run the command show igmp-proxy configuration. To view the multicast group information in light of port, multicast IP address, program name, or program index, you can run this command: show igmp-proxy group [ interface interface | ip multicast_ip | name program-name | index program-index ] To view the log information of a specific port or a program multicast IP address, you can run the command igmp-proxy log. The log information can be that within a certain period, at the current time or all the demanding information. To clear the demanding log information, you can run the command clear igmp-proxy log. To view the IGMP Proxy statistics, you can run the command show igmp-proxy statistics. This example shows how to view the IGMP Proxy configuration.
MA5300(config)#show igmp-proxy configuration { <cr>|Ethernet<K>|GigabitEthernet<K> }: ----------------------Up port infomation table---------------------Index 2 Port Ethernet7/1/1 VlanId V1-Router-Present 3 No
------------------------------------------------------------------Robustness-variable: 5 Query-interval: 120 second(s) General-query-response-time: 5000 millisecond(s) Specific-query-response-time: 3000 millisecond(s) Querier-ip: 0.0.0.1
This example shows how to view the multicast information related to port Ethernet 7/1/2.
MA5300(config)#show igmp-proxy group interface ethernet 7/1/2 ********************Multicast group table******************* Port Ethernet7/1/2 have joined 1 group(s): CCTV-1(224.1.1.1) static
------------------------------------------------------------
Chapter 25 ISU Configuration

25.1 Overview
The Intelligent Service Unit (ISU) , serving as a built-in BRAS of the MA5300, can perform the following functions for commercial users: Service management Bandwidth management Security management In this way, the MA5300 offers a commercial user bypass solution. The ISU can separate the traffic of common users from the traffic of commercial users. As a result, the two types of traffic have different routes: The former passes through the main control system, and then goes upstream to the convergence layer L3 or BRAS for authentication, and finally enters the Internet. The later is first processed by the ISU, and then directly enters the metropolitan access network (MAN) through the FE/GE port of the ISU. The ISU consists of the ISU board and related software. It supports the following: PPPoE authentication VLAN binding authentication VLAN + Web (forced Portal, built-in Portal) Accounting based on the traffic volume and service duration. There are two types of ISU boards: the ISUA board and the ISUE board. Each of them provides two subslots, which can be attached with various subboards to offer diverse FE/GE ports. For the ISUA board, subslot 1 can be attached with an FE/GE optical subboard, while subslot 2 can be attached with an FE optical subboard. For the ISUE board, subslot 1 can be attached with an FE/GE optical board, while its subslot 2 can be attached with a 4-port FE subboard. The ISU boards FE ports are numbered as 18. The ISU boards GE ports are numbered as 910. GE port 10 can connect with the MA5300s ESM board through the backplane. The ISU board always resides in slot 14 or 15 (recommended) of the MA5300.
The ISU board provides a serial port and an Ethernet port for ISU configuration and maintenance. For details, refer to Intelligent Service Unit Operation Manual. Table 25-1 lists the commands for configuring the ISU board in the MA5300. Table 25-1 Commands for configuring the ISU board in the MA5300 To Establish/Cancel a connection between the ESM board and the ISU board through the backplane Enable/Disable the dual-ISU function View the information on the connection Use In
(no) inner-isu
Global mode
configuration
(no) support-misu show inner-isu
inner-isu
Global mode
configuration
25.2 Configuring an ISU Board

I. Setting up a connection with the ISU board
The ISU board can connect to the ESM board on the MA5300 through an external FE/GE cable, or the backplane. In the case of the backplane, you can run the command inner-isu to set up such a connection. In this case, the second GE-port on the subboard attached in the ISU's subslot 1 is used for the connection with the ESM board. To delete such a connection, you can run the command no inner-isu. This example shows how to set up a connection between the ISU board in slot 15 and the ESM board through the backplane.
MA5300(config)#inner-isu 15
Pay attention to the rules for numbering a GE port. The numbers for the GE ports succeed those of the FE ports only when the FE subboard resides in subslot 1. For example, when the ports of the 4-port FE subboard are numbered as e7/1/0, e7/1/1, e7/1/2 and e7/1/3, the GE ports are numbered as g7/1/4 and g7/1/5. When the ports of the 2-port FE subboard are numbered as e7/1/0 and e7/1/1, the GE ports are numbered as g7/1/2 and g7/1/3.
In other cases, the GE ports are numbered as g7/1/0 and g7/1/1, regardless of whether the subboard is inserted or not. When residing in slot 14, the ISU board connects to the ESM board through the first GE channel. When residing in slot 15, the ISU board connects to the ESM board through the second GE channel. If the GE channels between the ISU and ESM boards are enabled, the GE port on the ESM board is disabled
II. Enabling/Disabling the dual-ISU function

The dual-ISU function is to realize redundancy backup for the ESM boards and upstream links. To enable dual-ISU function, you can run the command inner-isu support-misu. To disable such function, you can run the command no inner-isu support-misu. This example shows how to enable the dual-ISU function.
MA5300(config)#inner-isu support-misu
III. Viewing the connection information on the ISU board

To view the connection information, you can run the command show inner-isu.
MA5300(config)#show inner-isu Inner-isu is enabled in slot 15.
HUAWEI
Part 4 Maintenance Operations
Operation Manual - Maintenance Operations SmartAX MA5300/5303 Broadband Access System
Table of Contents
Table of Contents
Chapter 26 System Maintenance ............................................................................................... 26-1 26.1 Overview ........................................................................................................................ 26-1 26.2 Configuring the File System........................................................................................... 26-1 26.2.1 Directory Related Operations.............................................................................. 26-1 26.2.2 File-Related Operations ...................................................................................... 26-2 26.2.3 Memory Device Related Operations ................................................................... 26-2 26.3 Configuring FTP and TFTP............................................................................................ 26-3 26.3.1 Overview ............................................................................................................. 26-3 26.3.2 Setting FTP ......................................................................................................... 26-4 26.3.3 Setting TFTP ....................................................................................................... 26-6 26.4 Auto Online Upgrading .................................................................................................. 26-7 26.4.1 Upgrading from a Previous Version to the First Version That Supports Automatic Upgrading....................................................................................................................... 26-7 26.4.2 Upgrading a Previous Version to That Later than the First Version Supporting Auto Online Upgrading ......................................................................................................... 26-11 26.4.3 Upgrading a Version Supporting Auto Online Upgrading or Later Versions..... 26-11 26.5 Loading ........................................................................................................................ 26-11 26.5.1 Loading the Version Supporting Auto Online Upgrading .................................. 26-12 26.5.2 Loading the Version Not Supporting Auto Online Upgrading ........................... 26-12 26.6 Backup ......................................................................................................................... 26-19 26.6.1 Viewing and Saving the System Configuration Files ........................................ 26-19 26.6.2 Backing Up the System Data Using TFTP........................................................ 26-21 26.6.3 Backing Up the System Data Using FTP .......................................................... 26-22 26.7 Patch Management...................................................................................................... 26-23 26.7.1 Overview ........................................................................................................... 26-23 26.7.2 Procedure for Patch Operations........................................................................ 26-25 26.8 Patch Loading Examples ............................................................................................. 26-25 Chapter 27 Logs and Alarms...................................................................................................... 27-1 27.1 Log Management ........................................................................................................... 27-1 27.1.1 Viewing Logs ....................................................................................................... 27-1 27.1.2 Setting the Log Host............................................................................................ 27-2 27.2 Configuring Alarms ........................................................................................................ 27-2 27.2.1 Viewing Alarm Records....................................................................................... 27-4 27.2.2 Viewing the Alarm Configuration......................................................................... 27-6 27.2.3 Setting Alarm Levels ........................................................................................... 27-6 27.2.4 Setting the Alarm Output on a CLI Terminal ....................................................... 27-7 27.2.5 Setting Alarm Statistics ....................................................................................... 27-8
Table of Contents
27.2.6 Setting the Alarm Threshold................................................................................ 27-9 27.2.7 Viewing/Clearing Alarm Statistics ..................................................................... 27-10 27.2.8 Viewing Basic Alarm Information ...................................................................... 27-10 Chapter 28 Active/Standby Switchover..................................................................................... 28-1 28.1 Overview ........................................................................................................................ 28-1 28.1.1 Basic Principles ................................................................................................... 28-1 28.1.2 Active/Standby Switchover Modes...................................................................... 28-2 28.2 Preconditions for Active/Standby Switchover ................................................................ 28-3 28.3 MA5300+Dual-ISU Active/Standby Switchover ............................................................. 28-3 28.4 ESM+EIU Active/Standby Switchover ........................................................................... 28-8 28.4.1 Establishing the Switch-over Environment.......................................................... 28-8 28.4.2 Active/Standby Switchover Configuration Commands........................................ 28-8 28.4.3 Setting the Automatic Switchover ..................................................................... 28-10 28.4.4 Setting the Manual Switchover.......................................................................... 28-10 Chapter 29 Environment Monitoring Management .................................................................. 29-1 29.1 Overview ........................................................................................................................ 29-1 29.2 Configuration Procedure................................................................................................ 29-2 29.3 Configuring an EMU ...................................................................................................... 29-2 29.3.1 Adding/Deleting/Viewing an EMU ....................................................................... 29-3 29.3.2 Entering the EMU Configuration Mode ............................................................... 29-5 29.4 Configuring EMUH303ESC ......................................................................................... 29-6 29.4.1 Setting H303ESC Environment Monitor Parameters .......................................... 29-6 29.4.2 Viewing the H303ESC Environment Information ................................................ 29-7 29.5 Configuring EMUPower 4875/4845 ............................................................................. 29-8 29.5.1 Configuring the 4875/4845 Power Module.......................................................... 29-9 29.5.2 Viewing the Information on POWER4875/4845................................................ 29-10 29.6 Configuring EMUDIS ................................................................................................. 29-11 29.6.1 Setting DIS Parameters .................................................................................... 29-12 29.6.2 Viewing DIS Information.................................................................................... 29-12 29.7 Configuration Example ................................................................................................ 29-13 29.7.1 Setting H303ESC .............................................................................................. 29-13 29.7.2 Setting a DIS ..................................................................................................... 29-16
Chapter 26 System Maintenance

26.1 Overview
This chapter involves: Configuring the File System Configuring FTP and TFTP Loading Backup Patch Management
26.2 Configuring the File System

The file system is designed to manage the memory devices. It can perform the following: Creating a file system Creating/Deleting/Modifying/Renaming files and directories Displaying file content Note that the single-stage directory name or file name can have up to 64 characters.
26.2.1 Directory Related Operations

The file system is used to create and delete a directory. The system can display the working directory and the information on a file or directory. By default, the current directory is flash:, namely the default working path. Table 26-1 lists the commands for directory related operations. Table 26-1 Commands for directory related operations To Create a directory Delete a directory View the working directory View the information directory or file Use mkdir directory rmdir directory pwd dir [ /all ] [ file-url ] cd directory In... Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode
Change the working directory
26.2.2 File-Related Operations

The file system can perform the following file-related operations: Deleting a file Restoring a deleted file Clearing a file in the recycle bin Displaying file content Renaming a file Copying a file Moving a file Displaying the content of a specific file Table 26-2 lists the commands for file-related operations. Table 26-2 Commands for file-related operations To Delete a file Restore a file Clear a file in the recycle bin View the file contents Rename a file Copy a file Move a file View the directory or file information Set file prompt mode Use delete [ / unreserved ] file-url undelete file-url squeeze file-url more file-url rename fileurl-source fileurl-dest copy fileurl-source fileurl-dest move fileurl-source fileurl-dest dir [ /all ] [ file-url ] file prompt { alert | quiet } In... Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode Global configuration mode
26.2.3 Memory Device Related Operations

The file system can format a specific memory device. Table 26-3 lists the command for memory device related operations. Table 26-3 Commands for memory device related operations To Format device a memory Use format filesystem In... Privileged mode
Note: It is recommended that you use the command with the guidance of supporting technicians.
26.3 Configuring FTP and TFTP

26.3.1 Overview
FTP and TFTP are the application protocols for file transfer. Table 26-4 lists the commands for the FTP/TFTP server configuration. Table 26-4 Commands for the FTP/TFTP server configuration To Enable the FTP server. Use ftp server enable In Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode Global configuration mode All modes except the user EXEC mode All modes except the user EXEC mode
Disable the FTP server. Set/Cancel the authentication authorization. FTP and
no ftp server
(no) user
Set the FTP server timeout.
(no) ftp timeout
Set the TFTP file transfer mode
tftp { ascii | binary }
Set the file downloading
tftp get
Set the file uploading
tftp put
View TFP server information
show ftp-server
View TFP user information
show ftp-user
26.3.2 Setting FTP

File Transfer Protocol (FTP) is an application protocol for file transfer between remote hosts. The FTP services available in the MA5300 include: FTP Server: You can run the FTP client to log in to the MA5300. FTP Client: After logging in to the MA5300, you can enter the FTP command to get access to files in FTP server. The configuration of FTP server involves: Enabling/Disabling the FTP server Setting the authentication and authorization of the FTP server Setting the FTP timeout Viewing FTP server information
I. Enabling/Disabling the FTP server

The MA5300 can serve as an FTP server to support logins by multiple users at the same time. FTP users send requests to the MA5300, which will perform the corresponding actions and feed back results. To enable the MA5300 as an FTP server, you can run the command ftp server enable. To disable the function, you can run the command no ftp server. This example shows how to enable the MA5300 as an FTP server:
MA5300(config)#ftp server enable
II. Setting the authentication and authorization of the FTP server

Authorization of the FTP server refers to authorizing FTP users to access the working directory. Only the user that has passed the authentication and got the authority can obtain services from the FTP server (namely the MA5300). To set the name, password of an FTP user and the authorized working directory, you can run the command user. To delete an FTP user, you can run the no user command. In this example, the FTP username is 5300, password is huawei (in plain-text), and the authorized working directory is flash:/ftp/Quidway.
MA5300(config)# user 5300 service-type ftp ftp-directory flash:/5300
password 0 huawei
III. Setting the FTP timeout

To prevent unauthorized user access, connection between an FTP client and the MA5300 will be terminated if no request is received from the FTP user for some time. To set the FTP server timeout, you can run the command ftp timeout. To restore the default value, you can run the command no ftp timeout. By default, the timeout value is 30 minutes. This example shows how to set the FTP server timeout value to 10 minutes:
MA5300(config)#ftp timeout 10
IV. Viewing FTP server information

To view the current configuration of the FTP server, including the maximum number of users supported and the FTP server timeout, you can run the command show ftp-server. To view the detailed information on the online FTP users, you can run the command show ftp-user. This example shows how to view the FTP server configuration.
MA5300# show ftp-server Ftp server is running Max user number User count Timeout(minute) 5 0 30
This example shows how to view the information on an online FTP user.
MA5300# show ftp-user username 5300 password huawei host 10.110.3.5 port 1074 topdir flash:/5300 idle 2
V. FTP client
The FTP client is an application module provided by the MA5300. If an FTP user is connected to the MA5300 as the FTP client, the FTP user can run commands to perform such operations as creating or deleting directories. For details about the commands relevant to FTP client, refer to MA5300/5303 Broadband Access System Command Help.
26.3.3 Setting TFTP

Compared with FTP, TFTP is simple, because it does not require complex interactive access interface and authentication interface. TFTP is applicable when the interaction between the client and server is not too complicated. It is implemented based on User Datagram Protocol (UDP). TFTP is initiated by the client. To download files from the TFTP server, the client sends a read request to the server and receives data from the server. When the downloading completes, the client sends an ACK message to the server. To upload files, the client sends a write request to the server and transmits data to the server. When the uploading completes, the client receives an ACK message from the server. The configuration of TFTP involves: Setting the transfer mode Setting the file downloading Setting the file uploading
I. Setting the transfer mode

TFTP transfers programs in binary mode, and text files in ASCII code mode. By default, TFTP transfers files in binary mode. To set the file transfer mode, you can run the command tftp { ascii | binary }. This example shows how to set the file transfer mode of TFTP to binary mode.
MA5300(config)#tftp binary
II. Setting the file downloading

When the MA5300 needs to download files from the TFTP server, it sends a read request to the server as a client, and receives data from the server. When the downloading completes, the MA5300 sends an ACK message to the server. To download a file from the TFTP server, you can run the command tftp get. This example shows how to download the file text.txt from the TFTP server (10.71.53.108).
MA5300(config)#tftp get //10.71.53.108/test.txt test.txt
III. Setting the file uploading

When the MA5300 needs to upload files, it sends a write request to the server as a client, and transmits data to the TFTP server. When the uploading completes, the MA5300 receives an ACK message from the server.
To upload a file to the TFTP server, you can run the command tftp put. This example shows how to upload a file text.txt to the TFTP server (10.71.53.108).
MA5300(config)#tftp put test.txt //10.71.53.108/test.txt
26.4 Auto Online Upgrading

To enable the auto online upgrading in the MA5300, you need to load application programs of service boards and ESM boards, BOOTROM programs, CPLD programs, and multi-language programs individually. With the auto online upgrading function, you can greatly simplify the operation procedure, and keep program version consistent with ease. The online upgrading function puts all programs in two data packages: one for interface board program (ma53io.bin), and the other for the programs of ESM boards (ma53esma.bin or ma53esmb.bin). To upgrade these programs, you only need to load the two packages to Flash memory of the ESM board, and then reset the system. The system will upgrade the programs automatically.
26.4.1 Upgrading from a Previous Version to the First Version That Supports Automatic Upgrading
The process of auto online upgrading is simple. You only need to load two BIN files. As the previous version varies greatly with that supporting auto online upgrading, the process of upgrading is complicated. The upgrading involves the BOOTROM of service boards, program files, CPLD of ESM boards, and local language files. You need to upgrade them in light of this order: 1) 2) 3) 4) 5) 6) Interface boards (EADA/EVDA) ESM boards BOOTROM of service boards Applications CPLD of ESM boards Local language files
I. Setting the upgrading environment with dual ESM boards

1) 2) 3) Save the current system configuration [write]. Back up the system configuration files (vrpcfg.txt) [tftp put or ftp]. Load BOOTROM files of the ESM boards [esmaboot.app] to Flash memory of the active ESM board [tftp get or FTP].
4) 5) 6) 7) 8) 9)
Copy the BOOTROM files loaded in last step [esmaboot.app] to Flash memory of the standby ESM board [copy....]. Load BOOTROM files of all service boards to Flash memory of the active ESM board [tftp get or FTP]. Load CPLD files of all service boards to Flash memory of the active ESM board [tftp get or FTP]. Load APP files of all service boards to Flash memory of the active ESM board [tftp get or FTP]. Copy the BOOTROM, CPLD and APP files loaded in last step to Flash memory of the standby ESM board [copy...]. Online upgrade BOOTROM files of all service boards [load bootrom flash ...]. flash ...].
10) Online upgrade BOOTROM files of the standby ESM board [load bootrom 11) Online upgrade BOOTROM files of the active ESM board [load bootrom flash ...]. 12) Online upgrade CPLD files of all service boards [load cpld flash ...]. 13) Online upgrade CPLD files of the active and standby ESM boards [load cpld flash ...]. 14) Load BIN files of the ESM boards [ma53esma.bin] to Flash memory of the active ESM board [tftp get or FTP]. 15) Copy the BIN files [ma53esma.bin] loaded in last step to Flash memory of the standby ESM board [copy...]. 16) Reset the system [reboot system]. 17) Check whether the upgrading process is normal, including loading progress, version program status, and board status. 18) Format Flash memory of the standby ESM board to 32M [format slot8#flash: 32M]. 19) Copy the system configuration files (vrpcfg.txt) to the standby ESM board [copy ..]. 20) Copy the BIN files of the active ESM board [ma53esma.bin] to Flash memory of the standby ESM board [copy...]. 21) Copy all BOOTROM, CPLD and APP files just loaded to the active ESM board to Flash memory of the standby ESM board [copy...]. 22) Format Flash memory of the active ESM board to 32M [format flash: 32M]. 23) Copy the system configuration files (vrpcfg.txt) in the standby ESM board to Flash memory of the active ESM board [copy ..]. 24) Copy the BIN files [ma53esma.bin] in the standby ESM board to Flash memory of the active ESM board [copy ..]. 25) Load BIN files [ma53io.bin] of service boards to Flash memory of the active ESM board [tftp get or FTP]. 26) Delete all service boards BOOTROM, CPLD and APP files from Flash memory of the standby ESM board [delete /u]. You do not have to delete these files if
Flash memory of the standby ESM board is sufficient for the service boards BIN files [ma53io.bin]. 27) Copy the BIN files [ma53io.bin] just loaded to the active ESM board to Flash memory of the standby ESM board [copy...]. 28) Check whether the active and standby ESM boards contain ma53esma.bin, ma53io.bin and vrpcfg.txt [dir]. 29) Check whether the startup files are normal [show startup-file information]. 30) Delete all BOOTROM, CPLD and APP files in the active and standby ESM boards [delete]. 31) Set the name of the startup file for the active and standby ESM boards [set bootapp ma53esma.bin].
II. Setting the upgrading environment with single ESM board

1) 2) 3) 4) 5) 6) 7) 8) 9) Save the current system configuration [write]. Back up or download the system configuration files (vrpcfg.txt) [tftp put or ftp]. Load BOOTROM files of the ESM board [esmaboot.app] to Flash memory of the ESM board [tftp get or FTP] Load BOOTROM files of all service boards [esmaboot.app] to Flash memory of the ESM board [tftp get or FTP] Load CPLD files of all service boards to Flash memory of the ESM board [tftp get or FTP]. Load APP files of all service boards to Flash memory of the ESM board [tftp get or FTP]. Online upgrade BOOTROM files of all service boards [load bootrom flash ...]. Online upgrade BOOTROM files of the ESM board [load bootrom flash ...]. Online upgrade CPLD files of all service boards and the ESM board [load cpld flash ...]. 10) Load BIN files of the ESM board [ma53esma.bin] to Flash memory of the ESM board [tftp get or FTP]. 11) Reset the system [reboot system]. 12) Check whether the upgrading process is normal, including loading progress, version program status, and board status. 13) Format Flash memory of the ESM board to 32M [format flash: 32M]. 14) Load the backup system configuration files (vrpcfg.txt) to the ESM board [tftp get or FTP]. 15) Load BIN files of the ESM board [ma53esma.bin] to Flash memory of the ESM board [tftp get or FTP]. 16) Load BIN files [ma53io.bin] of service boards to Flash memory of the active ESM board [tftp get or FTP]. 17) Check whether the ESM board contains ma53esma.bin, ma53io.bin and vrpcfg.txt [dir]. 18) Check whether the startup files are normal [show startup-file information].
19) Set the name of the startup file for the ESM board [set bootapp ma53esma.bin].
III. Rollback in case of upgrading failure

As long as the above upgrading procedure is strictly followed, the chance of upgrading failure is rather slim. However, upgrading failure may occur due to version differences or other reasons. The following lists the rollback procedure for dual-ESM upgrading failure. 1) 2) 3) 4) 5) 6) 7) 8) 9) Load APP files (5300.esm) of the ESM boards to Flash memory of the active ESM board [tftp get or FTP]. Rollback BOOTROM files of all service boards [load bootrom tftp]. Rollback APP files of all service boards [load program tftp]. Rollback BOOTROM files of the standby ESM board [load bootrom tftp]. Format Flash memory of the standby ESM board to 16 M [format slot8#flash: 16 M]. Copy the APP files just loaded to the active ESM board to Flash memory of the standby board [copy...]. Rollback the setting for the name of the startup files of the active ESM board [rollback bootapp slot8#flash:/ma5300.esm]. Copy the system configuration files (vrpcfg.txt) to Flash memory of the standby ESM board [copy...]. Rollback BOOTROM files of the active ESM board [load bootrom tftp]. 10) Format Flash memory of the active ESM board to 16M [format flash: 16M]. 11) Copy APP files (5300.esm) of the ESM boards from Flash memory of the standby ESM board to Flash memory of the active ESM board [copy...]. 12) Rollback the setting for the name of the startup files of the standby ESM board [rollback bootapp ma5300.esm]. 13) Copy the system configuration files (vrpcfg.txt) from Flash memory of the standby ESM board to Flash memory of the active ESM board [copy...]. 14) Reset the system [reboot system]. 15) Check whether the rollback process is normal, including loading progress, version program status, and board status. 16) Rollback CPLD files of all service boards. You do not have to perform this operation if no difference exists between two versions [load cpld tftp]. 17) Rollback CPLD files of the standby ESM board. You do not have to perform this operation if no difference exists between two versions [load cpld tftp]. 18) Rollback CPLD files of the active ESM board. You do not have to perform this operation if no difference exists between two versions [load cpld tftp]. 19) Rollback the language resource files of ESM boards [load language].
26.4.2 Upgrading a Previous Version to That Later than the First Version Supporting Auto Online Upgrading
To upgrade previous versions to those later than the version supporting auto online upgrading, do as follows: Upgrade the version not supporting auto online upgrading to the one supporting auto online upgrading. Upgrade the version supporting auto online upgrading to the later version.
26.4.3 Upgrading a Version Supporting Auto Online Upgrading or Later Versions

1) 2) 3) Save the current system configuration [write]. Back up the system configuration files (vrpcfg.txt) [tftp put or ftp]. Delete all ESM boards BIN files (ma53esma.binbak) in Flash memory of the active ESM board. You do not have to delete these files if Flash memory of the active ESM board is sufficient [delete /u]. 4) 5) 6) 7) 8) 9) Upgrade service boards BIN files (ma53io.bin) [load startup-file tftp or tftp get]. Upgrade ESM boards BIN files (ma53esma.bin) [load startup-file tftp or tftp get]. Check whether the startup files are normal [show startup-file information]. Reset the system [reboot system]. Check whether the upgrading process is normal, including loading progress, version program status, and board status. Upgrading succeeds.
Note: You can run either the command tftp get or load startup-file tftp to load BIN files. To copy files to the standby board, you can run the command load startup-file tftp, instead of tftp get.
26.5 Loading
The MA5300 manages the following program files: host software program files, multi-language resource file and service board program files. The storage media used in the MA5300 includes BOOTROM, SDRAM, SRAM and Flash memory.
BOOTROM stores the BIOS program files which are used to initialize the system. There are two types of BIOS files: basic BIOS and extended BIOS. The basic BIOS refer to the common programs for system boot. The extended BIOS refer to programs for board initialization. SDRAM stores the host software programs. SRAM stores the operation logs and alarm information. Flash memory stores the host software programs, configuration files and multi-language resource files.
26.5.1 Loading the Version Supporting Auto Online Upgrading

The process of loading programs supporting auto online upgrading is simple. You only need to load two program packages, the interface board program packages of ma53io.bin and the ESM board program package of ma53esma.bin or ma53esmb.bin, to the Flash Memory of the ESM board, and then reset the system. The system will perform other operations automatically. To load the BIN files of service boards and ESM boards, you can run the command load startup-file tftp server-ip file-name. To view the loaded BIN files, you can run the command show startup-file information. This command is very time consuming, and has an impact on Flash memory. Do not use it frequently. This example shows how to load ESM programs from the FTFP server at 20.0.7.99.
MA5300(config)#load startup-file tftp 20.0.7.99 ma53esma.bin Are you sure to load host program? (y/n)[n]:y
26.5.2 Loading the Version Not Supporting Auto Online Upgrading

I. Loading the host program files
You can run the command load program to load programs for the ESM board and service boards.
Note: To load the ESM programs and configuration files, make selections in the [Boot] menu. When rebooting the system, press <Ctrl+B> according to the prompt on the serial port maintenance terminal, and then follow the prompt on the screen to load the programs. It is prohibited to load programs and configuration files through the network port of the standby board.
When you are executing the program loading command, the system will prompt you to enter the following information. Specify the protocol used in program loading. The loading can be performed either through the serial port or the maintenance network port. In loading through the serial port, Xmodem is used. In loading through network port, TFTP is used. In loading through the network port, you need to specify the name of the file to be loaded and the IP address of the PC where the file is saved, and activate the TFTP server in the PC. In loading through the serial port, you should use the file sending function of HyperTerminal to send program files. Select Xmodem as the protocol used to send files. Specify the slot number for the board to be loaded. For service boards, you can enter the keyword all to load all boards of the same type. For the ESM board, you cannot load the active ESM and standby ESM at the same time. Specify the board to be loaded.
Note: All service boards of the same type can be loaded simultaneously, except the active/standby ESM boards. The TFTP server and the MA5300 should be set to share the same network segment. Otherwise, additional setting of gateway is required.
Loading files using Xmodem 1) Start HyperTerminal. Connect the serial port of the host with the configuration serial port of the ESM board using serial port cable, and start HyperTerminal. Telnet users are prohibited to load files using Xmodem protocol. 2) Run the command load program.
In global configuration mode, you can run the command load program, and select Xmodem as the desired protocol.
MA5300#load program xmodem 0/7 Current baud rate is 9600bps, and it can be modified via 'baudrate' command. Are you sure to use this baud rate? (y/n)[n]:y Whether to load other boards of same type ? (y/n):[n]n Board name[ESMA]:ESMA Whether to start loading? (y/n)[n]:y Load(backup,duplicate,...) begins,please wait and notice the rate of progress. Any operation such as reboot or switchover will cause failure and unpredictable result. Please select the menu [Transmit\Send File] to begin sending file...
3)
Send files.
In HyperTerminal, select [Send/Send Files], select Xmodem as the desired protocol and select the name of the file to be sent. After that, click <Send>. See Figure 26-1.
Figure 26-1 Send files using the Xmodem protocol

File downloaded to ESMA successfully, please wait... Begin to send data... (Frame:0 Slot:7) Data sent to slave board successfully, please wait... (Frame:0 Slot:7) writing FLASH... (Frame:0 Slot:7) Write FLASH successfully, resetting board... (Frame:0 Slot:7)
Loading files using TFTP 1) Set the IP address of the PCs network port. Connect the serial port of a PC with the configuration serial port of the ESM board, and then log in to the ESM board through the PC. Set the IP address of the PC's network port to make it share the same network segment with the ESMs Ethernet port.
Given that the address of the ESM maintenance network port is 10.11.104.142, and the subnet mask is 255.255.252.0. Therefore, the address of the PC network port can be set to 10.11.104.141, and the subnet mask to 255.255.252.0. Make sure that the host is able to ping the IP address of the ESMs network maintenance port. 2) Run the TFTP application.
Run the TFTP program in the PC, and click <Settings>. In the pop-up dialog box, enter the directory in the Base Directory text box for the program file to be loaded. See Figure 26-2 and Figure 26-3.
Figure 26-2 TFTP application
Figure 26-3 Setting TFTP
3)
Load programs.
In global configuration mode, you can run the command load program to load the host program and select TFTP as the desired protocol.
MA5300#load program tftp 10.11.104.141 0/7 Whether to load other boards of same type ? (y/n):[n]n Board name[ESMA]:ESMA File name [ESMA.bin]: 5300.esm Whether to start loading? (y/n)[n]:Y Load(backup,duplicate) begins, please wait and notice the rate of progress. Any operation such as reboot or switchover will cause failure and unpredictable result. MA5300(config)# ! 1[2003-01-06 04:16:39]:ALM-3-AlarmInfo: ALARM 5334 INFO MAJOR 0x0b200001 ----- 2003-01-06 04:16:39 ALARM NAME : Load start PARAS INFO : FrameID: 0, SlotID: 7, Load type: Host program DESCRIPTION : Load start REASON : Load start ADVICE : Not need to process --- END
4)
View the progress of loading.
To view the loading progress, you can run the command show progress load.
MA5300(config)#show progress load FrameID/SlotID: Board name: Operation type: File type: Operation phase: Rate of process: 0/7 ESMA Load Host program Transfer file from outside to inside 7%
5)
Loading completes.
If everything goes normal, when the loading completes, the system will prompt this:
MA5300# Note: the new database or program will take effect after system is restarted ! 1[2003-01-06 04:19:25]:ALM-3-AlarmInfo: ALARM 5335 INFO MAJOR 0x0b200002 ----- 2003-01-06 04:19:25 ALARM NAME : Load complete PARAS INFO : FrameID: 0, SlotID: 7, Load type: Host program DESCRIPTION : Load complete REASON : Load complete ADVICE : Not need to process --- END
The above display shows that the program has been successfully loaded and saved in Flash memory of the ESM board.
Note: If the loading fails, you should check these items: Whether the address of the TFTP server is correctly entered. Whether the TFTP server can ping the address of the ESM Ethernet port. Whether the TFTP program in the TFTP server is activated. Whether the directory for the TFTP program is correctly set. Whether the name of the file to be loaded is correctly entered.
After the loading completes, you can run the command reboot to reset the system, and then run the newly loaded program if necessary. If the loaded program is new, you should also load the associated multi-language resource file after resetting the system. Next, you can run the command show version to view the version of the system and verify whether the version of the loaded program is correct.
II. Loading the multi-language resource file

The multi-language resource file is used to output the system information in multiple languages. Loading multi-language resource file will allow you to update the language of the system information output.
Note: The multi-language resource file to be loaded should match the version of the in-service system. Otherwise, the loading will fail. If the newly loaded program and configuration file are of a new version, you should restart them before loading the new multi-language resource file. The common language resource file is loaded together with the host programs. So upon completion of loading the host program, you only need to load the local language resource file.
The multi-language resource file can be loaded either through the serial port or the network port. The information to be entered in the loading process is similar to that for loading program file. This example shows how to load the multi-language resource file info_loc.res to the active ESM board through the network port. Assume the IP address of the TFTP server is 10.105.33.44.
MA5300#load language local tftp 10.105.33.44 info_loc.res active
The procedure involved is similar to that for loading the program of the ESM board through the network port. This example shows how to load the multi-language resource file info_loc.res to the active ESM board through a serial port.
MA5300#load language local xmodem active
The procedure involved is similar to that for loading the program of the ESM board through the serial port.
III. Loading the program of service board

You can run the command load program to load program for both the service board and the ESM board. The information to be entered in the loading process is similar to that for loading the host program files. In terms of the internal processing procedure of the host, the loading of the service board differs from that of the ESM board. The difference is shown as follows. The loading process of the ESM board: 1) 2) 1) 2) 3) 4) The file is first loaded from an external PC to the memory of the ESM board through a serial port or a network port. Then it is saved in Flash memory. The loading process of the service board: The file is first loaded from the server to the memory of the ESM board through a serial port or a network port. Then it is sent from the ESM board to the service board. After the program is loaded to the service boards memory, it will be saved in Flash memory. Finally, resets the service board to validate the new program. This completes the service board loading.
Note: When loading service boards, you can enter the keyword all to replace f/s. This command enables you to load all boards of the same type in the system. If the service board has a maintenance serial port or network port, you can use either of them (usually embedded in the board) to load the software of the board. The procedure involved is similar to that of loading the host software. When the board loading completes, the system will automatically reset to run the new board programs. This is different from loading the ESM board.
26.6 Backup
To ensure the usability of the system and the security of configuration files, the MA5300 enables you to save and backup the configuration files. Table 26-5 lists the differences in file saving and file backup. Table 26-5 The comparison between file saving and file backup To Source of configuration file Destination the SDRAM board) Flash board) Save (active/standby (active/standby Backup MA5300 Flash (active board) PC or network terminal Program Object of management Data Data Language
In addition, the MA5300 also allows you to erase the configuration file as desired during the service configuration.
26.6.1 Viewing and Saving the System Configuration Files

The MA5300's configuration files are saved in Flash memory in the form of text file. Make sure these requirements for the format of configuration file are met: The configuration file is saved in the command format. To save space, only the non-default parameters are saved. For the default value of every configuration parameter, refer to the following chapters.
Commands are organized based on command modes. Commands in the same mode are organized together, forming a segment. Two segments are usually separated with a blank line or comment line (beginning with !). The segment is usually arranged in the order of global configuration, physical port configuration and logical port configuration. The configuration file is ended with end.
I. Viewing the current configuration files and initializing configuration files

When powered up, the MA5300 reads the configuration files in Flash memory for initialization. These configuration files in Flash memory are referred to as initializing configuration. If no configuration file is available in Flash memory, the equipment will use the default parameters for initializing. In contrast with the initializing configuration, the configuration files that are serving the MA5300 operation are referred to as the current configuration. To view the initializing configuration, you can run the command show startup-config. To view the current configuration, you can run the command show running-config. To enable the function of adding remark information to buildrun, you can run the command add-rem enable. To disable the function of adding remark information to buildrun, you van run the command add-rem disable. To view the configuration for the function, you can run the command show rem config.
II. Saving the configuration files

The system data are saved in the memory after they have been configured. The system should save the configuration data in Flash memory to avoid loss of the configuration files due to accidental restarting. If the system fails to do so, you can run the command write to save the configuration data.
MA5300#write The switch configuration will be written to flash. Are you sure?[Y/N]y Now writing running configuration to flash memory. Please wait for a while...
Write running configuration to flash memory successfully.
III. Erasing the configuration files

To erase the configuration files in the MA5300s Flash memory, you can the command erase. After a configuration file is erased, the equipment will use the default configuration parameters for initialization at the next startup. In either of the following conditions, you can consider to erase the configuration files in Flash memory: Mismatch between the equipment software and the configuration file resulting probably from the MA5300 software upgrade. Damage to the configuration file in Flash memory resulting probably from loading of a wrong configuration file. This example shows how to erase a configuration file in Flash memory.
MA5300#erase
Note: Run the command erase with caution and under the technicians instructions. Before erasing a configuration file, you should back up the system configuration files to avoid loss of important configuration files.
26.6.2 Backing Up the System Data Using TFTP

This example shows how to back up the configuration files using TFTP. The procedures for backing up program files are the same. Set the IP address of the network port. Connect the serial port of PC with the configuration serial port of the ESM board, and then log on to the ESM board through the PC. Next, set the IP address of the PC network port to enable it to share the same network segment with the maintenance network port or Ethernet network port of the ESM board. Run TFTP application. Start the TFTP application, and then click <Settings> to enter the window shown in Figure 26-4, where you can set the basic attributes of TFTP. For example, you can enter the directory where the backup configuration file is to be placed in the Base Directory text box.
Figure 26-4 Selecting the directory for the configuration file using TFTP Run the command tftp. Run the command tftp in privileged mode, and select TFTP as the desired protocol.
MA5300(config)#tftp put vrpcfg.txt //10.71.53.108/vrpcfg.txt . Uploading succeeds!
At this moment, the TFTP application will display the progress of the backup process. After the backup completes, you can find the backup file of vrpcfg.txt in D:\WINDOWS\Desktop\load.
26.6.3 Backing Up the System Data Using FTP

This example shows how to back up the configuration files using FTP. The procedures for backing up program files are the same. 1) Set the IP address of the network port.
Connect the serial port of the PC with the configuration serial port of the ESM board, and then log on to the ESM board through the PC. Next, set the IP address of the PC network port to enable it to share the same network segment with the maintenance network port or Ethernet network port of the ESM board. 2) Run FTP application.
Start the FTP application, and select [Security/Users/rights] to enter the window shown in Figure 26-5. In the pop-up window, you can set the basic attributes of the FTP. For example, in the Home Directory text box, you can enter the directory for the backup configuration file to be placed, or select New User] to add an FTP user.
Figure 26-5 Setting the configuration file directory and user name using FTP 3) Run the command ftp.
Run the command ftp on the MA5300:

MA5300(config)#ftp 10.71.53.108 Trying ... Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):5300 331 Give me your password, please Password: 230 Logged in successfully
ftp>put vrpcfg.txt 200 PORT command okay 150 "D:\WINDOWS\DESKTOP\LOAD\vrpcfg.txt" file ready to receive in ASCII mode 226 Transfer finished successfully. FTP: 1956 byte(s) sent in 0.440 second(s) 4.44Kbyte(s)/sec.
At this moment, the FTP application will display the progress of the backup process. After the backup completes, you can find the backup file of vrpcfg.txt in D:\WINDOWS\Desktop\load.
26.7 Patch Management

26.7.1 Overview
The MA5300 needs to work for a long time without interruption. When performing troubleshooting for or adding new functions to the host software, you are required to load patches to the host software so as to modify the host software without suspending the services.
For the MA5300, patch files may be in three states. Idle It is the initial status, which indicates that there is no patch. Deactive It means the patch files have been loaded to the host, but not activated yet. That is, the patch code has not been validated. Active The patch code has been validated. You can modify the status of the patch files by using the command run or deactivate. Running The patch files are running. You cannot deactivate but delete the patch files in this status.
Note: The Running status differs from the Active status only in that patch files in the Running status can be restored to the Running status after system rebooting, while patch files in the Active status can be restored to the Deactive status. The Active status can be comprehended as running the patch on trial basis. Through the trial running, you can confirm whether the patch file is up to the expectation in functionality. The patches passing the trial running can then be put into normal operation.
In the MA5300, the patch files in the active ESM and those in the standby ESM are managed separately. You can distinguish them with the commands active and standby. At present, the MA5300 does not support standby ESM patch files. Table 26-6 lists the patch-related commands. Table 26-6 Commands for patch-related operations To Load patch files Activate patch files Deactivate patch files Run patch files formally Delete patch files load patch patch activate patch deactivate patch run patch delete Use In Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode
To View the patch files show patch
Use
In All modes except the user EXEC mode
26.7.2 Procedure for Patch Operations

Run patch files in the following sequence: 1) To load the patch file to the target ESM board, you can run the command load patch. After the loading succeeds, you can run the command show patch to view the patch-related information. 2) 3) After verifying that the patch is correct, you can run the command activate to activate it, and then carry out the patch function test. When the function test completes, you can run the command patch run to run the patch. This will enable the patch to restore to the Running status automatically after the system reboots.
26.8 Patch Loading Examples

The patch source file can be loaded through a serial port or a network interface. The information to be entered during loading is similar to that for loading program files. The following describes the patch file loading procedure: Viewing patch files in the system Loading patch files Activating patch files Running patch files
I. Viewing patch files in the system

This example shows how to view the patch files in the system.
MA5300(config)#show patch all active Host version: Patch version: Patch number: Number of formal patch: Number of temporary patch: Number of run patch: Number of active patch: Number of deactive patch: 0 0 0 0 0 0 MA5300V100R005
II. Loading patch files

This example shows how to load patch files of MA5300V100R005SP01.
MA5300(config)#load patch tftp 10.11.136.183 MA5300V100R005SP01 load(backup,clone) begin, the course may take several minutes and MA5300(config)#show patch all active Host version: Patch version: Patch number: Number of formal patch: Number of temporary patch: Number of run patch: Number of actived patch: Number of deactived patch: MA5300V100R005 MA5300V100R005SP01 1 1 0 0 0 1
III. Activating patch files

This example shows how to activate patch files.
MA5300(config)#patch activate all
patch operation success MA5300(config)#show patch all active Host version: Patch version: Patch number: Number of formal patch: Number of temporary patch: Number of run patch: Number of actived patch: Number of deactived patch: MA5300V100R005 MA5300V100R005SP01 1 1 0 0 1 0
IV. Running patch files

This example shows how to run patch files.
MA5300(config)#patch run all
patch operation success MA5300(config)#show patch all active Host version: Patch version: Patch number: Number of formal patch: Number of temporary patch: Number of run patch: MA5300V100R005 MA5300V100R005SP01 1 1 0 1

Number of actived patch: Number of deactived patch: 0 0
By far, the patch files of SP01 have been loaded successfully. They are in the running status.
Chapter 27 Logs and Alarms

27.1 Log Management
Logs can serve as major references in system maintenance and fault locating. In the MA5300 you can view the executed commands recorded in logs or record important information using the log host. Table 27-1 lists the commands for log management. Table 27-1 Commands for log management To View logs Add a log host Activate the log host View the log host show log loghost add loghost active show loghost list Use In Privileged mode Privileged mode Privileged mode User EXEC mode
27.1.1 Viewing Logs

The MA5300 host can automatically keep logs of the latest 512 operations. A system administrator can view the latest operation commands running the command show log. You can obtain the information on operations performed by different users or performed within different periods of time, by setting the command parameters accordingly. The operation log information includes user name, commands executed, operation time, login mode, and the IP address of the login user. The MA5300 can store up to 512 logs. When there are more than 512 records, the old records will be overwritten automatically. Therefore, you should view the system logs and make records at once in the case of system failure, for fear that the logs that may be helpful for fault locating are overwritten. Meanwhile, to correctly record the operation information, you should make sure that the system time is correct before performing service configuration. This example shows how to view the operation logs of user root (indexes 35).
MA5300(config)#show log root index 3 to 5 --------------------------------------------------------------------

No. 5 Cmd: UserName root line 1 Date&Time 2003-06-18 08:21:48

LogMode AUX IP-Address --
-------------------------------------------------------------------No. 4 Cmd: UserName root exit Date&Time 2003-06-18 08:21:43 LogMode AUX IP-Address --
-------------------------------------------------------------------No. 3 Cmd: UserName root parity none Date&Time 2003-06-18 08:03:53 LogMode AUX IP-Address --
--------------------------------------------------------------------
27.1.2 Setting the Log Host

The MA5300 can record important operation logs in the UNIX host (also referred to as log server) of internal network through the syslog mechanism. The configuration of a log host involves: To add a log host, you can run the command loghost add. To activate a log host, you can run the command loghost active. To view the information on log hosts, you can run the command show loghost list.
27.2 Configuring Alarms

The MA5300 features superior alarm function, enabling you to get informed whenever any abnormal event occurs to the system host or the services. Alarms may come from various modules in the host, or various service boards. By class, alarms can be divided into running alarms, fault alarms and recovery alarms. Each fault alarm corresponds to a recovery alarm. By severity, alarms can be divided into critical alarms, major alarms, minor alarms and warning alarms (in descending order). Upon the occurrence of alarms, the system will, based on the configuration of each terminal, broadcast the information to all terminals (including Network Management System (NMS) workstation users and Command Line Interface (CLI) users). Whether an alarm should be reported to a terminal depends on the associated definition for such an alarm by the alarm control function.
I. Alarm public property description

1) Alarm ID
An alarm ID consists of 4 bytes, and corresponds to only one alarm. It can be queried running the command show alarm list. 2) Alarm serial number
It is an integer. Every alarm is assigned with a different serial number. In general, the serial number is associated with the sequence of alarm occurrence. Therefore, it corresponds to one (and only one) alarm specifically. 3) Alarm levels
Available alarm levels are: critical, major, minor and warning (in descending order). The critical alarm, such as power circuit fault or output clock fault, refers to the global alarm that affects the normal equipment operation and should be eliminated at once. The major alarm, such as broken fiber or physical line fault, refers to the local board or line alarm that may lead to abnormality in services if not handled in time. The minor alarm refers to the general fault alarm or event alarm which describes whether every board or line is normal. For example, such alarms may indicate the occurrence of bit errors in a specific physical line. The warning alarm refers to the change of status or occurrence of events that do not affect the system performance and service running, but may interest the operators. Some of them are the prompt information concerning the recovery of the system to normality. 4) Alarm classes Alarms can be divided into 3 classes, namely running alarms (event), fault alarms (fault) and recovery alarms (restore). 5) Alarm types
Alarms can be divided into 5 types, namely communication alarms, service-quality alarms, process-error alarms, equipment alarms and environmental alarms. 6) Alarm parameters
They are included in a reported alarm to describe the location of the alarm. For example, in the case of board alarm, the parameters mainly include the frame number, slot number and port number. 7) Report alarms to NMS workstations
The system can support up to 32 NMS workstations. Whether an alarm should be sent to NMS workstations or not is decided by the associated switch. 8) Report alarms to CLI terminals
You can run relevant commands to set whether some alarms should be sent to the CLI terminals.
II. Alarm management

The alarm management function is used to record alarms, set alarms and count alarms. It helps to maintain the MA5300, ensuring the equipment run efficiently. Table 27-2 lists the commands for alarm management. Table 27-2 Commands for alarm management To Set the alarm levels Set the alarm output of CLI terminals Enable/Disable alarm statistics collection function Set the alarm threshold Clear alarm statistics View alarm statistics alarm level (no) alarm output (no) alarm statistics alarm threshold clear alarm statistics show alarm statistics Use In Privileged mode Privileged mode Privileged mode Privileged mode Privileged mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
View the alarm records
show alarm history
View the alarm configuration
show alarm configuration
View basic information
alarm
show alarm list
Alarm management involves: Viewing Alarm Records Viewing the Alarm Configuration Setting Alarm Levels Setting the Alarm Output on a CLI Terminal Setting the Alarm Threshold Setting Alarm Statistics Viewing/Clearing Alarm Statistics Viewing Basic Alarm Information
27.2.1 Viewing Alarm Records

Alarms are saved in the host and can be queried at any time.
The information in an alarm record involves: Time of occurrence Serial number Alarm level Alarm class Alarm description Alarm parameters The MA5300 can store up to of 1,000 alarms. When there are more than 1,000 alarms, the new alarms will overwrite the old ones automatically. Therefore, once a system fault occurs, you should view the alarm information and make records at once, for fear that the alarm that may be helpful for fault locating is overwritten. Table 27-3 lists the commands for viewing the latest alarm records. Table 27-3 Commands for viewing alarms To View by alarm serial number Use show alarm history alarmsn sn In All modes except the user EXEC mode id All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode All modes except the user EXEC mode
View by alarm ID
show alarm history [startnum number]
alarmid
View by alarm level
show alarm history alarmlevel level [startnum number] show alarm history alarmtype type_value [startnum number] show alarm history alarmclass class [startnum number] show alarm history alarmtime datebegin timebegin dateend timeend [startnum number] show alarm history all [startnum number]
View by alarm type
View by alarm class
View by time
View alarms generated recently
Note: The system has saved 1000 history alarms in the host. To view even earlier history alarms, you can resort to the databases in the NMS.
27.2.2 Viewing the Alarm Configuration

For the MA5300, the properties of an alarm include: Alarm ID Alarm name Alarm level Default alarm level Alarm class Alarm type Command line output flag Statistics flag Number of parameters 15-minute threshold 24-hour threshold Detailed alarm description To view the configuration of an alarm, you can run the command show alarm configuration alarmid.
27.2.3 Setting Alarm Levels

The alarm levels include: critical, major, minor, and warn (in descending order). To set a new alarm level, you can run the command alarm level alarmid alarmlevel. To restore the alarm level to the default one, you can run the no form of the command. After the setting, you can view the alarm level by running the command show alarm configuration.
Note: Care should be taken whenever you set the alarm level. In usual conditions, the default alarm level is a reasonable one. The system can automatically keep a recovery alarm and the corresponding fault alarm at the same level. It means when you set the alarm level of a fault alarm, the system will set the alarm level of its corresponding recovery alarm to the same level. Similarly, when you set the alarm level of a recovery alarm, the alarm level of the corresponding fault alarm will be the same.
27.2.4 Setting the Alarm Output on a CLI Terminal

By default, any alarm generated in the system will be reported to the CLI terminal. As different users have different concerns, the MA5300 provides the alarm output screening function. To enable the output of alarms to CLI, you can run the command alarm output. To disable the output of alarms to CLI, you can run the command no alarm output. You can enable/disable the output of alarms to CLI by alarm ID, by alarm level, by alarm type or once for all. Table 27-4 Conditions for setting the alarm output Command alarm output alarmid id alarm output alarmlevel level alarm output alarmtype type_value alarm output all Description Sets the alarm output by alarm ID. Sets the alarm output by alarm level. Sets the alarm output by alarm type. Sets the alarm output once for all.
After the settings, you can run the command show alarm configuration to view whether the alarm is output to CLI.
Note: When the output of a specific alarm to the CLI is enabled or disabled, it applies to all of the CLI terminals. The alarm screening function mentioned above is inapplicable for the NM terminal, as the NM terminal will offer more powerful alarm screening function. The alarm output settings have no impact on alarm generation. Alarms generated in the system will still be recorded and can be traced. The modes offered for alarm output setting may affect each other. Whether or not to output an alarm is determined by the latest setting. The system can automatically keep a recovery alarm and the corresponding fault alarm to be of the same output tag. It means when you set the output tag of a fault alarm, the system will set the output tag of its corresponding recovery alarm to be the same. Similarly, when you set the output tag of a recovery alarm, the output tag of the corresponding fault alarm will be the same.
27.2.5 Setting Alarm Statistics

Alarm statistics refer to totalizing and counting the alarms of a specific type generated within a certain period of time. It can inform you the frequency of alarm occurrence, and send you the threshold-crossing alarm based on the alarm threshold. Alarms of a specific class refer to alarms with the same ID. The MA5300 collects alarm statistics every 15 minutes and 24 hours. To enable statistics collection for a certain type of alarm, you can run the command alarm statistics. To disable the statistics collection for a certain type of alarms, you can run the command no alarm statistics. Similar to setting alarm output, you can set alarm statistics flag by alarm ID, by alarm level, by alarm type or once for all. Table 27-5 Conditions for setting alarm statistics Command alarm statistics alarmid id alarm statistics alarmlevel level alarm statistics alarmtype type_value alarm statistics all Description Sets the alarm statistics by alarm ID. Sets the alarm statistics by alarm level. Sets the alarm statistics by alarm type. Enables CLI output by all.
After the setting, you can run the command show alarm configuration alarmed to view the alarm statistics flag.
Note: The modes offered for alarm statistics setting may affect each other. Whether statistics collection for an alarm is enabled is determined by the latest setting. In practice, the statistics flag of a recovery alarm may differ from that of a fault alarm. The concerns for them may also vary. Therefore, the fault alarm and recovery alarm should be set separately. It is prohibited to set statistics flag for a threshold-crossing alarm.
27.2.6 Setting the Alarm Threshold

When you are concerned about the statistics on alarms of a certain category, you can enable the alarm statistics flag to allow the system to collect statistics for these alarms based on various parameters. There are two threshold values for alarms of each type, namely 15-minute threshold and the 24-hour threshold. Set the threshold as 0 if you are not concerned about whether the alarm statistics have exceeded the threshold. Set it as non-0 if you intend the system to generate a threshold alarm whenever the alarm statistics collected within a certain period of time exceed the threshold. The default alarm threshold is 0. To set the alarm threshold, you can run the command alarm threshold alarmid threshold15m threshold24h. The 15-minitue threshold is required to be no more than the 24-hour threshold. After the setting, you can run the command show alarm configuration to view the alarm threshold.
Note: In practice, the statistics of a recovery alarm may differ from that of a fault alarm. The concerns for them may also vary. Therefore, the fault alarm and recovery alarm should be set separately. If you are not concerned about the threshold alarm for a certain type of alarms, set the corresponding threshold as 0 to disable threshold alarm reporting.
27.2.7 Viewing/Clearing Alarm Statistics

You may care about the occurrence frequency of some alarms generated within a certain period of time. These statistics may help you to know the working status of equipment and locate the potential faults. You can make statistics for alarms generated within four periods, namely, current 15 minutes, current 24 hours, last 15 minutes and last 24 hours. In other words, the system can save statistics in two days. To view the statistics, you can run the command show alarm statistics alarmid [startnum number]. If the equipment has been idle for a long time, or the alarm statistics have been damaged, you can clear manually all statistics collected by running the command clear alarm statistics. This command clears all alarm statistics.
Note: The system will automatically clear the associated statistics if alarms of a certain type are not generated for a long time (within two days). Therefore, you do not need to clear such statistics in usual conditions.
27.2.8 Viewing Basic Alarm Information

To view the basic information on alarms in the system, you can run this command: show alarm list { alarmlevel number] The information displayed includes alarm ID, alarm output status, alarm statistics status and alarm name. To view the alarm name corresponding to an alarm ID, you can run the command show alarm list all. level_value | alarmtype type_value| statistics
statistics_flag | alarmclass class_value | all | from alarmid1 to alarmid2 } [startnum
Chapter 28 Active/Standby Switchover

28.1 Overview
The MA5300 features the active/standby switchover, which can enhance excellent operation reliability and fault tolerance, make quick response to any occurrence of fault and minimize the negative impact on the ongoing services.
28.1.1 Basic Principles

The active/standby switchover involves two basic elements: data synchronization and smoothness. They are the preconditions for the realization of active/standby switchover.
I. Data synchronization
The MA5300 performs data synchronization in a centralized manner: The data synchronization module offers a unified synchronization interface, the software modules register the data to be synchronized, and finally the data synchronization module carries out the data synchronization for the active/standby boards. The data that can be synchronized include: Configuration data Basic running data Dynamic service data There are two states of data synchronization. Sufficient data synchronization When all data variations of the active board are completely synchronized with the data of the standby board, such synchronization is called sufficient data synchronization. Insufficient data synchronization When only part of data variations of the active board is synchronized with the data of the standby board, such synchronization is called insufficient data synchronization.
II. Smoothness
The active/standby switchover means the standby board is promoted to be the active one. Before performing active/standby switchover, the MA5300 needs to check the
consistency between the data blocks to be synchronized and generate new data. In general, this process is referred to as smoothness.
28.1.2 Active/Standby Switchover Modes

Based on the active/standby switchover initiating mode, the active/standby switchover can be divided into auto active/standby switchover and manual active/standby switchover. Auto active/standby switchover. When the active board is faulty or the uplink is disconnected, the system automatically carries out active/standby switchover by resetting the active board and promoting the standby board to be the active one. This can ensure the continuity of the ongoing service. Manual active/standby switchover. There are multiple ways to implement manual active/standby switchover: Run the active/standby switchover command. Reset the active board. Reset the active board manually or unplug the active board. Based on the data synchronization mode, the active/standby switchover falls into normal/forces active/standby switchover. Normal active/standby switchover. Normal active/standby switchover refers to the active/standby switchover which is performed on the basis of sufficient data synchronization. It can maintain the continuity of the ongoing service. Forced active/standby switchover. Forced active/standby switchover refers to the active/standby switchover which is performed on the basis of insufficient data synchronization. Insufficient data synchronization involves the synchronization of: Insufficient configuration data Insufficient basic running data Insufficient dynamic service data To perform active/standby switchover in these three circumstances will have different impact on the system. In insufficient configuration data synchronization, the MA5300 prohibits using the active/standby switchover command for forced active/standby switchover. Other forced switching approaches, such as manual active board resetting and unplugging active board, will lead to the loss of basic data. In this case, the system will, instead of
active/standby switchover, perform simple board resetting and enable low-level system recovery function to ensure the normality of the system. In insufficient running data synchronization, the system prohibits using the active/standby switchover command for forced active/standby switchover. Other forced switching approaches will not lead to system reset or affect the configuration files. However, it may lead to service board reset. In insufficient service data synchronization, the system allows using active/standby switchover command for forced active/standby switchover. The active/standby switchover will not affect the original services, alarms, logs and connections.
28.2 Preconditions for Active/Standby Switchover

The requirements for active/standby switchover involve: The active and the standby boards should be of the same version. Both of them are working normally. The software of the active and standby boards should be of the same version. The subboards, if any, of the active and standby boards should be of the same version and type. The clock configuration should be consistent with each other. The active and standby boards should have the same programs, data and multi-language files. The active/standby switchover has no specific requirement on service boards.
28.3 MA5300+Dual-ISU Active/Standby Switchover

MA5300+ dual-ISU active/standby switchover supports built-in ISU backup and dual-uplink. It can implement ISU/ESM and uplink redundant backup. In Figure 28-1, system 1 comprises ESM1 and ISU1; system 2 comprises ESM2 and ISU2. Assume that system 1 (or system 2) is used as the active one, if any uplink interface of the ESM or ISU is faulty, the two systems will exchange their respective active or standby status. The active one turns into the standby one and the standby one turns into the active one. In this way, system reliability is greatly improved.
MA5300 E A D A
G7/1/1
G8/1/1
G9
G9 E6 4.0.1.1/24 E7 4.0.2.2/24
HUB
4.0.1.1/24 E6 4.0.2.1/24 E7
ESM1 ESM2
ISU1 ISU2
PC2 4.0.1.100/16
MT800
PC1
Figure 28-1 Networking of MA5300+ dual-ISU active/standby switchover

1) 2) PC1 is connected to port adsl 1/0/0 through the Modem. Configuration at ISU1
Table 28-1 Data settings of ISU1 Item

Gateway IP pool IP Route-static IP Route-static Preference 4.0.0.1/24 4.0.0.24.0.0.100 0.0.0.0. 0.0.0.0 4.0.1.100 0.0.0.0. 0.0.0.0 4.0.2.2 200
Value
3)
Configuration at ISU2
Table 28-2 Data settings of ISU2 Item

Gateway IP pool IP Route-static IP Route-static Preference 4.0.0.1/24 4.0.0.2-4.0.0.100 0.0.0.0. 0.0.0.0 4.0.1.100 0.0.0.0. 0.0.0.0 4.0.2.1 200
Value

1) Configure ESM1 and ESM2.
Since only one of ESM1 and ESM2 is in active status, you just need to configure the active ESM. The configuration data will be synchronized to the standby ESM automatically. 2) Set port G7/1/1 as Trunk port, allowing the pass-through of all VLANs.
MA5300(config)#interface gigabitEthernet 7/1/1 MA5300(config-if-GigabitEthernet7/1/1)#switchport mode trunk MA5300(config-if-GigabitEthernet7/1/1)#switchport trunk allowed vlan all Please wait........................................... Done. MA5300(config-if-GigabitEthernet7/1/1)#
3)
Create VLAN 2, designate port adsl 1/0/0 to VLAN 2 and activate the port.
MA5300(config)#vlan 2 MA5300(config-vlan2)#switchport adsl1/0/0 MA5300(config-vlan2)#exit MA5300(config)#adsl activate adsl1/0/0
4)
Set PPPoA and IPoA parameters.
As the two ISU boards are designated with different MAC addresses, you can run these commands to set the destination MAC addresses for PPPoA and IPoA:
MA5300(config)#atm-terminated dest-mac pppoa support-misu slot7
00e0.fc26.0830 slot8 00e0.fc00.1122 MA5300(config)#atm-terminated dest-mac ipoa support-misu slot7
00e0.fc26.0830 slot8 00e0.fc00.1122
The first MAC address is the MAC address of ISU1 connected with the ESM board residing in Slot 7; the second MAC address is the MAC address of ISU2 board connected with the ESM board residing in slot 8. 5) 6) Set the connection type of port adsl 1/0/0 as auto. Enable the uplink port of the standby ESM board.
MA5300(config)#adsl connect-type auto adsl1/0/0
MA5300(config)#interface gibabitEthernet 7/1/1 MA5300(config-if-GigabitEthernet7/1/1)#slave-up
By default, the GE and FE ports of the standby ESM board are disabled. You need to enable these ports used for packet transmission manually. 7) Add two ISU boards through the device management function.
MA5300(config)#inner-isu support-misu
If running the command inner-isu, you can only add one ISU board. If using the above command, you can add two ISU boards at the same time. At this moment, you can view two ISU boards running the command show board. 8) Configure MISU.
MA5300(config)#misu uplink-port slot 7 interface GigabitEthernet7/1/1 MA5300(config)#misu uplink-port slot 8 interface GigabitEthernet8/1/1 MA5300(config)#misu enable
These commands are used to specify a port of the two ESM boards for ISU active/standby switchover, and then enable dual-ISU active/standby switchover.
III. Setting ISU1 and ISU2

As ISU1 and ISU2 are two independent devices, you need to configure them one by one manually. 1) Set the access type and account.
This configuration can be performed in the same manner as configuring a single ISU. Designate port Ethernet 6 for PPP and VLAN access, and then add several user accounts. For details, refer to Intelligent Service Unit Processing Unit Operation Manual. 2) Enable PPPoA function.
[ISU] pppoa enable
To offer PPPoA access, you need to enable PPPoA function first. 3) Add a default upstream route and a default route for the communication between two ISUs.
ISU1 configuration:
[ISU]inter eth 6.0 [ISU-Ethernet6.0]ip address 4.0.1.1 255.255.255.0 [ISU-Ethernet6.0]quit [ISU]inter eth 7.0 [ISU-Ethernet7.0]ip address 4.0.2.1 255.255.255.0 [ISU-Ethernet7.0]quit [ISU]portvlan eth 6 vlan 0 [ISU-ethernet6-6-vlan0-0]access-type interface [ISU-ethernet6-6-vlan0-0]quit

[ISU]portvlan eth 7 vlan 0
[ISU-ethernet7-7-vlan0-0]access-type interface [ISU-ethernet7-7-vlan0-0]quit [ISU]ip route-static 0.0.0.0 0.0.0.0 4.0.1.100 [ISU]ip route-static 0.0.0.0 0.0.0.0 4.0.2.2 preference 200
ISU2 configuration:
[ISU]inter eth 6.0 [ISU-Ethernet6.0]ip address 4.0.1.1 255.255.255.0 [ISU-Ethernet6.0]quit [ISU]inter eth 7.0 [ISU-Ethernet7.0]ip address 4.0.2.2 255.255.255.0 [ISU-Ethernet7.0]quit [ISU]portvlan eth 6 vlan 0 [ISU-ethernet6-6-vlan0-0]access-type interface [ISU-ethernet6-6-vlan0-0]quit [ISU]portvlan eth 7 vlan 0 [ISU-ethernet7-7-vlan0-0]access-type interface [ISU-ethernet7-7-vlan0-0]quit [ISU]ip route-static 0.0.0.0 0.0.0.0 4.0.1.100 [ISU]ip route-static 0.0.0.0 0.0.0.0 4.0.2.1 preference 200
To enable NMS devices in the public network to access the two ISU boards at the same time, you need to add a low-priority default route between the ISUs ports Ethernet 7. 4) Enable HRP function.
[ISU]hrp uplink Ethernet6 [ISU]hrp downlink GigabitEthernet9 [ISU]hrp enable
You can run the above commands to configure the uplink/downlink port needed for the dual-ISU active/standby switchover, and enable the HRP packet reception function.
IV. Verification
1) When the system is in normal status, run the command show misu on the ESM board.
MA5300(config)#show misu [MISU information] function status: Enable shakehand timer: 3 (sec) upper-port of ESM board in slot 8: GigabitEthernet7/1/1 ESM board in slot 8 is in master status ISU board status is Normal
upper-port of ISU board is up upper-port of ESM board in slot 7: GigabitEthernet7/1/1 ESM board in slot 7 is in slave status ISU board status is Normal upper-port of ISU board is administratively down
The above shows that the two ISUs are in normal status, the uplink port of the ISU board connected with the active ESM board is enabled, while the uplink port of the ISU board connected with standby ESM board is disabled. When viewing the indicators of the HUB, you can find that one of the two ports connecting the uplink ports of two ISU boards is UP and the other is DOWN. 2) 3) Configure PPPoA access on the MT800 (an ADSL Modem). The system prompts success and allocates an IP address. Disconnect the uplink port of the ISU board (connected with the active ESM) with the HUB. Several seconds later, the system starts to implement ESM active/standby switchover. The original active ESM board prints Master board is ready to reset for bas connection down. The original standby ESM board becomes the active one. 4) 5) Interrupt MT800s PPPoA access, and then redial. The PPPoA access is restored. You can ping PC2 from PC1. Check the HUBs indicators. You can find that the UP one of the two uplink ports connected with ISU turns into DOWN, and the other turns into UP.
28.4 ESM+EIU Active/Standby Switchover

28.4.1 Establishing the Switch-over Environment
Insert two ESM boards in slots 7 and 8, serving as active and standby ESM boards respectively. While in slot 15, insert an EIU board. As an interface board, the EIU board provides two subslots: one for GE subboard, and the other for FE subboard. Similar to the subslot arrangement in the ESM board, the GE subboard is above the FE subboard.
28.4.2 Active/Standby Switchover Configuration Commands

Table 28-3 lists the commands for configuring active/standby switchover.
Table 28-3 Commands for configuring active/standby switchover To

Enable/Disable active/standby data synchronization switch Update data standby board Start manually on the
Use (no) standby backup config (no) standby configure system switch-over update
In
Privileged mode
Privileged mode Privileged mode
active/standby
I. Enabling/Disabling the switch for synchronizing configuration files on active/standby boards

Before starting the write operation on the active ESM board, you can run the command (no) standby backup configure to enable/disable the switch for active/standby board configuration data, for automatic synchronization of the configuration data in the standby board with those in the active board. By default, the data synchronization switch is enabled. 1) Enable the switch for synchronizing the configuration files on active/standby boards.
MA5300#standby backup config Config file automatic backup to standby board switch status: On.
2)
Disable the switch for synchronizing the configuration files on active/standby boards.
MA5300#no standby backup config Config file automatic backup to standby board switch status: Off.
II. Synchronizing the configuration data manually

To maintain the consistency in configuration data between the active board and the standby board, you can run the command standby update configure.
MA5300#standby update configure The configuration file will be written to the flash memory of standby board. Are you sure to continue? (y/n)[n]:y Now synchronizing startup-configure to standby. Please wait for a while(2 minutes in worst case)... Synchronize startup-configure to standby successfully.
III. Switching the ESM board manually

To switch the active and standby ESM boards manually, you can run the command
system switch-over. Use the command with caution.
To perform active/standby switchover between the two ESM boards, follow the steps below strictly: Enable the switch for synchronizing the configuration files on active/standby boards by running the command standby backup configure. Synchronize the configuration data in the standby board with those in the active board by running the command standby update configure. Switch the ESM board manually by running the command system switch-over. This example shows how to perform ESM board switchover manually.
MA5300#standby backup configure Configure file automatic backup to standby board switch status: On MA5300#standby update configure The configuration file will be written to the flash memory of standby board Are you sure to continue? (y/n)[n]:y Now synchronizing startup-configure to standby. Please wait for a while(2 minutes in worst case)... Synchronize startup-configure to standby successfully. MA5300#system switch-over Are you sure to switch over? (y/n)[n]:n
28.4.3 Setting the Automatic Switchover

To enable the switch for synchronizing the configuration files on active/standby boards, you can run the command standby backup configure. By default, the switch is enabled.
MA5300#standby backup configure Configure file automatic backup to standby board switch status: On.
After configuring data in the active ESM board, you can run the command write to save the configuration data. At the same time, the system saves the configuration data in the standby board by synchronizing the active/standby configuration data. When the active ESM board is unplugged or is faulty, the system switches the standby ESM board to an active one, ensuring the normality of ongoing service.
28.4.4 Setting the Manual Switchover

To enable the switch for synchronizing the configuration files on active/standby boards, you can run the command standby backup configure.
MA5300#standby backup configure Configure file automatic backup to standby board switch status: On.
After configuring the data in the active ESM board, you can run the command write to save the data. In the mean time, the system saves the data in the standby board.
When the active ESM board is unplugged, you can run the command system
switch-over to switch over the active/standby board manually. This can change the
standby board into the active one.
MA5300#system switch-over Are you sure to switch over? (y/n)[n]:n
Chapter 29 Environment Monitoring Management

29.1 Overview
The MA5300 can monitor in real time various environment parameters. These parameters show status of power supply, power distribution, fan, temperature, humidity, smoke, water and alarm. It can also generate alarms when faults occur. This can guarantee the normal environment and high reliability for the device. The MA5300 supports various environment monitor units (EMUs), including: H303ESC. It monitors the environment. Other built-in monitor modules. They monitor the associated function modules respectively. Fan frame EMU (FAN). Power frame EMU (power4875 and power 4845). Power distribution frame EMU (DIS).
I. Composition of the EMU system

In terms of hardware, the EMU consists of the environment monitoring board and some outer sensors to perform the data collection and controlling of the environment parameters (inside and outside the cabinet) and some power supply parameters. In terms of software, various environment data is displayed and configured through the command line in the environment monitoring mode and the NMS.
II. Object of the EMU

The object monitored by the EMU includes the distribution frame, access control, temperature (inside and outside the cabinet), humidity, smoke, water, fire alarm, burglary and other environment parameters, as well as the power parameters of power and battery.
III. Functions of the EMU

EMUs have the following functions: Managing and controlling the running and configuration of the monitoring board. Checking the monitor parameters of the power, frame and distribution, and generating the exception alarm. Describing the configuration of environment monitor module and the relevant data.
IV. Main Content

This chapter involves: Configuring an EMU Configuring EMUH303ESC Configuring EMUPower 4875/4845 Configuring EMUDIS Configuration Example When the MA5300 is equipped with the EMU, it is required to set the S1-1 S1-5 of the DIP Switch S1 to ON. The five switches are used to define the subnode address by which the DIS EMU communicates with the MA5300 host. If they are all ON, it means the subnode address is 0, which is the subnode number assigned to the DIS EMU by the MA5300.
29.2 Configuration Procedure

The configuration of EMU involves two major steps: Define the EMU in global configuration mode, including the EMUID, EMU type, physical position, and communication method with the ESM board. Enter EMU configuration mode, set the EMU parameters and view the reported information.
Note:
Up to two EMUs (one FAN and one other EMU) can be configured in one MA5300 cabinet.
29.3 Configuring an EMU

After an EMU has been connected with the monitor serial port, you can add the EMU on the maintenance terminal of the MA5300. Table 29-1 lists the commands for configuring an EMU.
Table 29-1 Commands for configuring an EMU To

Add an EMU Delete an EMU Enter EMU configuration mode Display the EMUs attributes and status.
Use emu add emu del interface emu

Global mode
In
configuration
Global configuration mode Global configuration mode All modes except the user EXEC mode and privileged mode
show emu
29.3.1 Adding/Deleting/Viewing an EMU

I. Adding an EMU
Before configuring the environment monitoring function, first you need to add an EMU by running this command:
emu add emuid emutype frameid subnode com [name]

Where, emuid It is used to add an EMU. The emuid entered should be the one that is not in use. You can run the command show emu to view the emuid and state of all EMUs. emutype EMU type, including FAN, POWER4875, POWER4845, DIS and H303ESC. frameid The frame number of MA5300 connected with the EMU. subnode When the MA5300 and EMU communicate by means of subnode, you need to set the subnode number when configuring the EMU for the cabinet.
Note:
The subnode number for H303ESC is always 30. The default subnode for FAN, POWER4875, POWER4845 and DIS is 0 respectively. You can configure these subnodes, but they must be consistent with the DIP settings on the hardware. No subnode is allowed to conflict with others when the system monitors multiple EMUs at the same time.
com It refers to the method for communication between the EMU and the ESM board, which can be back, fore and random. back means the EMU shall communicate with the ESM board through the serial port on the backplane of the cabinet. fore means the EMU shall communicate with the ESM board through the serial port on the front panel of the ESM board. random means the EMU shall use either the back or fore mode to communicate. It is applicable to the communication between slave frames.
Note:
Pay attention to the following when selecting the communication method: The EMU FAN can only work in back mode. Other EMUs can only work in fore mode.
This example shows how to add an H303ESC.

MA5300(config)#emu add 0 h303esc 0 30 fore { <cr>|name<S><1,19> }: MA5300(config)# ! 1[2003-07-17 17:08:13]:ALM-3-AlarmInfo: ALARM 484 FAULT MAJOR 0x15410000 ENVIRONMENTAL 2003-07-17 17:08:13 ALARM NAME PARAS INFO : Emu abnormal : EMU ID: 0 EMU Type: H303ESC Name:
DESCRIPTION : EMU is faulty or cannot communicate with the host. REASON : (1) EMU fault, (2) Communication serial port damaged or line fault, (3) EMU reset manually ADVICE : (1) Replace the EMU, (2) Check the communication serial port and line.

--- END
II. Deleting an EMU

To delete an EMU, you can run the command emu del emuid.
Note:
The EMU type cannot be changed after the configuration. If you need to change it, first delete the EMU, and then add a new one. If an EMU in the cabinet has been replaced, first delete the original EMU, and then add the new one.
III. Viewing an EMU

To view the attributes and running states of one or all EMUs, you can run the command show emu.
MA5300(config)#show emu 0 EMU ID: 0 -------------------------------------------------------------------EMU name EMU type : mdpower : H303ESC
Used or not : Used EMU state Frame ID Subnode COM Port : Normal : 0 : 30 : Fore
--------------------------------------------------------------------
29.3.2 Entering the EMU Configuration Mode

After an EMU is added successfully, you can run the command interface emu to enter EMU configuration mode to view the state of the monitoring device and set relevant environment parameters. This example shows how to enter EMU configuration mode of the H303ESC, whose EMUID is 0.
MA5300(config)#interface emu 0 MA5300(config-if-h303esc-0)#
29.4 Configuring EMUH303ESC

Table 29-2 lists the commands for configuring EMU-H303ESC.
Table 29-2 Commands for configuring EMU-H303ESC To

Set analog parameters Set digital parameters Set extended parameters serial port module
Use esc analog esc digital esc com esc power esc 4810 show esc system parameter esc power show 4810 esc
In
H303ESC environment monitor mode H303ESC environment monitor mode H303ESC environment monitor mode H303ESC environment monitor mode H303ESC environment monitor mode H303ESC environment monitor mode H303ESC environment monitor mode H303ESC environment monitor mode H303ESC environment monitor mode
Specify the power monitored by H303ESC
Set the 4810 power module parameters View the parameters H303ESC system module
Specify the power monitored by H303ESC
View the 4810 power module information View the environment information
show esc environment info show alarm esc
View the alarm information
29.4.1 Setting H303ESC Environment Monitor Parameters

I. Setting the fan control parameters
You can run the command esc fan to set the status control parameters for the H303ESC fan frame. The status of the fan frame can be opened, closed or auto. The default status control is auto. It means that the temperatures for the fan auto-on and auto-off must be set. The default temperatures for fan auto-on and auto-off are 45C and 30C respectively.
II. Setting the analog parameters

You can run the command esc analog to set the upper and lower thresholds of analog parameters like temperature and humidity.
III. Setting the digital parameters

You can run the command esc digital to set the digital parameters like MDF state, access control state and normal state of the digital parameters.
IV. Setting the extended serial port parameters

You can run the command esc com to set the extended serial port parameters, including the baud rate and data bit
V. Specifying the power module monitored by H303ESC

You need to add a power module running the command esc power before setting the related parameters. The power module supported at present is the 4810 power module.
VI. Setting the 4810 power module parameters

After the power module to be monitored by H303ESC has been added, you can run the command esc 4810 to set the power parameters.
VII. Viewing the H303ESC system parameters

You can run the command show esc system parameter to display the H303ESC system parameters, which include: Fan running mode Analog or digital Extended serial port parameters Power module parameters
29.4.2 Viewing the H303ESC Environment Information

I. Viewing the 4810 power module information
You can run the command show esc 4810 to view the configuration of the 4810 power module, work status and running information.
II. Viewing the environment information

You can run the command show esc environment info to view the setting of environment factors like temperature, humidity, access control and fire sensors.
III. Viewing the alarm information

You can run the command show esc alarm to view the alarm information on the environment.
29.5 Configuring EMUPower 4875/4845

Table 29-3 lists the commands for configuring EMU-POWER 4875/4845.
Table 29-3 Commands for configuring EMU-Power 4875/4845 To

Set the backup analog of the 4875/4845 Set 4875/4845 battery charging parameters Set 4875/4845 battery parameters Set 4875/4845 environment parameters Set the quantity of 4875/4845 power module Set 4875/4845 control on/off
Use power analog-backup power charge power battery power environment
In
POWER4875 monitor mode POWER4875 monitor mode environment environment
POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode
power module-num power module-parameter power off power supply-parameter power digital-backup show power alarm show power environment info show power environment parameter
Set 4875/4845 power-off threshold Set 4875/4845 power supply parameter Set 4875/4845 power backup digital View the 4875/4845 power alarm information View the 4875/4845 power environment information View the 4875/4845 power environment parameters
To
View the 4875/4845 power running information View the 4875/4845 power system parameters Set 4875/4845 power off temperature
Use show power run info
In
POWER4875/POWER4845 environment monitor mode POWER4875/POWER4845 environment monitor mode POWER4845 environment monitor mode
show power system parameter power temperature-off
29.5.1 Configuring the 4875/4845 Power Module

I. Setting the backup analog of 4875 power module
You can run the command power analog-backup to set the backup analog of the 4875 power module.
II. Setting the 4875/4845 battery parameters

You can run the command power battery to set the management and temperature parameters of the battery that connects with the 4875/4845 power modules.
III. Setting the 4875/4845 battery charging parameters

You can run the command power charge to set the charging parameters for the battery that connects with the 4875/4845 power module, including the charging mode and charging voltage.
IV. Setting 4875/4845 environment parameters

You can run the command power environment to set the environment parameters of the 4875/4845 power module, including the temperature and humidity.
V. Setting the quantity of 4875/4845 power module

You can run the command power module-num to set the quantity of 4875/4845 power module.
VI. Setting the 4875/4845 on/off control

You can run the command power module-parameter to set the on/off status control of the 4875/4845 power module. By default, the power module is on, which means the power module is supplying power at present.
VII. Setting the 4875/4845 power-off threshold

The power-off occurs in two cases: loading power-off and battery power-off. You can run the command power off to set the power-off thresholds for the load and the batteries. Note that the 4875 power module does not support the loading power-off function. When the mains supply is cut off, the MA5300 cabinet will be powered by the batteries. If the output voltage of the batteries drops under the loading power-off threshold, the power for the traffic load will be cut off. If the output voltage of the batteries keeps dropping and goes below the battery power-off threshold, the batteries will stop working. Make sure these conditions are met in the configuration: DC overvoltage > battery even charging voltage > battery float charging voltage > DC undervoltage > loading power-off voltage > battery power-off voltage. DC overvoltage > (float charging voltage + 2). Float charging voltage > (DC undervoltage + 2).
VIII. Setting 4875/4845 power supply parameter

You can run the command power supply-parameter to set the power distribution parameters of the 4875/4845 power module, including the overvoltage/undervoltage alarm thresholds for AC and DC power supplies.
IX. Setting the 4875/4845 power backup digital

You can run the command power digital-backup to set the backup digital of the 4875/4845 power module.
X. Setting the 4845 power-off temperature

You can run the command power temperature-off to set the power-off temperature for the 4845 power module.
29.5.2 Viewing the Information on POWER4875/4845

I. Viewing the 4875/4845 power alarm information
You can run the command show power alarm to display the alarm information on the 4875/4845 power module.
II. Viewing the 4875/4845 power environment information

You can run the command show power environment info to display the environment information on the 4875/4845 power module.
III. Viewing the 4875/4845 power environment parameters

You can run the command show power environment parameter to display the environment parameters of the 4875/4845 power module.
IV. Viewing the 4875/4845 power running information

You can run the command show power run info to display the running information on the 4875/4845 power module.
V. Viewing the 4875/4845 power system parameters

You can run the command show power system parameter to display the 4875/4845 power system parameters.
29.6 Configuring EMUDIS

Table 29-4 lists the commands for configuring EMU-DIS.
Table 29-4 Commands for configuring EMU-DIS To

Enable/Suppress parameters Set buzzers for distribution frame DIS the alarm power
Use distribution alarmset distribution buzzers distribution humidity distribution temperature distribution input distribution outside_analog distribution outside_digital distribution lamp
In
DIS environment monitor mode DIS environment monitor mode DIS environment monitor mode DIS environment monitor mode DIS environment monitor mode DIS environment monitor mode DIS environment monitor mode DIS environment monitor mode
Set the humidity alarm threshold Set the threshold temperature alarm
Set the -48V input alarm threshold Set the analog parameters of external sensors of the power distribution frame Set the digital parameters of external sensors of the power distribution frame Set the lamp parameter of the cabinet
To
View the configuration parameter of distribution frame View the environment parameter of distribution frame
Use show distribution system parameter show distribution environment info
In
DIS environment monitor mode DIS environment monitor mode
29.6.1 Setting DIS Parameters

I. Enabling/suppressing the DIS alarm parameters
You can run the command distribution alarmset to enable or suppress the DIS alarm parameters. The DIS alarm parameters include: temperature and humidity of the power distribution frame, -48V input to the frame, internal/external sensors for digital, and sensors for analog.
II. Setting the buzzers for the power distribution frame

You can run the command distribution buzzers to open or close the buzzer on the power distribution frame.
III. Setting the alarm parameters

To set the upper and lower threshold of humidity alarm, you can run the command distribution humidity. To set the upper and lower threshold of temperature alarm, you can run the command distribution temperature. To set the upper and lower threshold of -48V input to the power distribution frame, you can run the command distribution input. To set the parameters of external sensors of the power distribution frame for analog, you can run the command distribution outside_analog. To set the parameters of external sensors of the power distribution frame for digital, you can run the command distribution outside_digital. To set the lamp parameter of the cabinet, you can run the command distribution
lamp.
29.6.2 Viewing DIS Information

I. Viewing the configuration parameter of distribution frame
You can run the command show distribution system parameter to display the configuration parameters of the distribution frame.
II. Viewing the environment parameter of distribution frame

You can run the command show distribution environment info to display the environment parameter of the distribution frame.
29.7 Configuration Example

29.7.1 Setting H303ESC
This example shows how to add an EMU connected to the environment monitoring port of the ESM board in frame 0. The EMU ID is 0 and the EMU type is H303ESC.
MA5300(config)#emu add 0 { DIS<K>|H303ESC<K>|POWER4845<K>|POWER4875<K>|FAN<K> }:h303ESC { frameid<0,63> }:0 { subnode<0,31> }:30 { back<K>|fore<K>|random<K> }:fore { <cr>|name<S><1,19> }: MA5300(config)#emu add 0 h303ESC 0 30 fore MA5300(config)# ! 1[2003-07-17 17:59:01]:ALM-3-AlarmInfo: ALARM 493 FAULT MAJOR 0x15410000 ENVIRONMENTAL 2003-07-17 17:59:01 ALARM NAME PARAS INFO : Emu abnormal : EMU ID: 0 EMU Type: H303ESC Name:
DESCRIPTION : EMU is faulty or cannot communicate with the host. REASON : (1) EMU fault, (2) Communication serial port damaged or line fault, (3) EMU reset manually ADVICE : (1) Replace the EMU, (2) Check the communication serial port and line. --- END
Note:
The subnode number for EMU-H303ESC is always 30.
This example shows how to view the state of H303ESC.

MA5300(config)#show emu 0 EMU ID: 0 ------------------------------------------------------------------EMU name EMU type : : H303ESC

-------------------------------------------------------------------
Note:
If the state of EMU is Fault, check the following: Whether H303ESC works normally. Whether the physical connection is correct. Whether the EMU type, cabinet ID, subnode number and communication serial port are correct.
This example shows how to enter H303ESC mode to check the environment information.
MA5300(config)#interface emu 0 MA5300(config-if-h303esc-0)#show esc environment info MA5300(config-if-h303esc-0)# EMU ID: 0 Fan control mode :Auto H303ESC environment state Fan run state: Open
-----------------Analog Environment Info-------------------------ID Name 0 1 2 3 4 5 6 7 Temperature Humidity State Value 20 80 AlmUpper AlmLower Unit 5 0 -128 -128 -128 -128 -128 -128 C %R.H.
Normal 34.26 Normal 30.98
Normal -128.00 127 Normal -128.00 127 Normal -128.00 127 Normal -128.00 127 Normal -128.00 127 Normal -128.00 127
----------------Digital Environment Info--------------------------ID Name 0 2 4 6 8 Wring Door2 Theft_Alarm Water_Alarm Window_Broken State Value |ID Name |1 |3 |5 |7 |9 Door1 Fire_Alarm Fog Peculiar_Smell State Alarm Value 1
Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1
Normal 1 Normal 1 Normal 1 Normal 1 Normal 1
10 -
|11 -

12 14 16 18 20 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1

|13 |15 |17 |19 |21 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1
--------------------------------------------------------------------
Note:
If there is a temperature alarm and access control alarm when you check the environment state, change the temperature threshold and the level of the access control respectively to eliminate these alarms. Too high a temperature is prompted because the upper threshold for temperature alarm is set to only 20C; while the access control alarm is generated since the door is not closed.
This example shows how to set the temperature alarm, with the upper and lower threshold as 55C and 5C respectively.
MA5300(config-if-h303esc-0)#esc analog { analogid<0,7> }:0 { alarm-upper-limit<S><1,4> }:55 { alarm-lower-limit<S><1,4> }:5 { <cr>|measure-upper-limit<S><1,4> }:
This example shows how to set the effective level of access control to a high level.
MA5300(config-if-h303esc-0)#esc digital { digitalid<0,21> }:1 { low-level<K>|high-level<K> }:high-level { <cr>|name<S><0,19> }:
This example shows how to view the environment information again.

MA5300(config-if-h303esc-0)#show esc environment info MA5300(config-if-h303esc-0)# EMU ID: 0 Fan control mode :Auto H303ESC environment state Fan run state: Open
------------------Analog Environment Info-------------------------ID Name 0 1 2 3 Temperature Humidity State Value 55 80 AlmUpper AlmLower Unit 5 0 -128 -128 C %R.H. -
Normal 34.26 Normal 31.37
Normal -128.00 127 Normal -128.00 127

4 5 6 7 -

Normal -128.00 127 Normal -128.00 127 Normal -128.00 127 Normal -128.00 127 -128 -128 -128 -128 -
---------------Digital Environment Info--------------------------ID Name 0 2 4 6 8 Wring Door2 Theft_Alarm Water_Alarm Window_Broken State Value |ID Name |1 |3 |5 |7 |9 Door1 Fire_Alarm Fog Peculiar_Smell State Value
Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1
Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1 Normal 1
10 12 14 16 18 20 -
|11 |13 |15 |17 |19 |21 -
--------------------------------------------------------------------
Now the states of both temperature and access control are normal.
29.7.2 Setting a DIS

This example shows how to add EMU 1 (type-DIS).
MA5300(config)#emu add 1 dis 0 0 fore { <cr>|name<S><1,19> }: MA5300(config)#
This example shows how to view the DIS state.

MA5300(config)#show emu 1 EMU ID: 1 -------------------------------------------------------------------EMU name EMU type : : DIS
Note:
If the EMU state is Fault, ensure the following: The physical connection is correct. The connection line between distribution frame and MA5300 is correct and functions well. The switches 15 of the DIP switch S1 on the DIS has been set to ON. The EMU type, frame ID, subnode number and communication serial port are configured correctly.
This example shows how to enter DIS environment monitor mode to check the environment information.
MA5300(config-if-dis-1)#show distribution environment info MA5300(config-if-dis-1)# EMU ID: 1 distribution environment info
------------------Analog Environment Info-------------------------ID Name 0 1 2 3 4 5 input -48V 1 input -48V 2 temperature humidity State Value AlmUpper AlmLower Unit 60 60 55 80 42 42 5 0 -128 -128 volt volt C %R.H. -
Normal 52.00 Normal 53.00 Normal 30.00 Normal 36.00
out_analog1(out_analog1) Normal -128.00 127 out_analog2(out_analog2) Normal -128.00 127
----------------Digital Environment Info--------------------------ID Name 0 2 4 6 8 State Value |ID Name |1 |3 |5 |7 |9 State Value
output ctrl digital 1Normal output ctrl digital 3Normal board +12V Normal -
output ctrl digital 2Normal output ctrl digital 4Normal board +24V Normal -
LightningproofBoard1Normal out_digital 1 Normal 0 Normal 0 Normal 0 Normal 0
LightningproofBoard2Normal out_digital 2 Normal 0 Normal 0 Normal 0 Normal 0
10 out_digital 3 12 out_digital 5 14 out_digital 7
|11 out_digital 4 |13 out_digital 6 |15 out_digital 8
--------------------------------------------------------------------
By now you can set various environment parameters of DIS. The configuration procedure for different EMUs is similar. You can refer to the above two examples while configuring other EMUs. For related commands, refer to the previous description in this chapter. Note that the key word of configuration commands in EMU configuration mode is different.
For H303ESC, it is esc For FAN, it is fan For power 4875/4845, it is power For DIS, it is distribution
HUAWEI
Part 5 Appendix
Operation Manual - Appendix SmartAX MA5300/5303 Broadband Access System
Table of Contents
Table of Contents
Appendix A Acronyms and Abbreviations .................................................................................A-1
Appendix A Acronyms and Abbreviations

A AAA ABR ACK ACL ADSL APP ARP AS ASBR B BAS BDR BGP BPDU C CAR CID CLI CO COS D DD DDN DHCP DHCP option82 DIS DR DSLAM D-V Database Description Digital Data Network Dynamic Host Configuration Protocol DHCP relay agent option 82 Dial in-line Package Designated Router Digital Subscriber Line Access Multiplexer Distance Vector Routing Algorithm Committed Access Rate Circuit ID Command Line Interface Central Office Class of Service Broadband Access Server Backup Designated Router Border Gateway Protocol Bridge Protocol Data Units Authentication, Authorization and Accounting Area Border Router Acknowledgement Access Control List Asymmetrical Digital Subscriber Loop Application Program Address Resolution Protocol Autonomous System Autonomous System Boundary Router
Huawei Technologies Proprietary A-1
E ES ESM EAD ESH ESP EVD F FE FIFO FTP G GARP GE GMRP GVRP H HDP HTP HGMP I IAB ICMP IETF IGMP IGP IP ISU IPoA IPoE L LOSW LAN LSDB Loss of SYNC Failure Local Area Network Link-State DataBase
Errored Second Ethernet Switch Main Control board Ethernet ADSL access board Ethernet SHDSL board Ethernet Splitter board Ethernet over VDSL access board
Fast Ethernet First In First Out File Transfer Protocol
Generic Attribute Registration Protocol Gigabit Ethernet GARP Multicast Registration Protocol GARP VLAN Registration Protocol
Huawei Discovery Protocol Huawei Topology Protocol Huawei Group Management Protocol
Internet Architecture Board Internet Control Message Protocol Internet Engineering Task Force Internet Group Management Protocol Interior Gateway Protocol Internet Protocol Intelligent Service Unit Internet Protocol Over ATM IP over Ethernet
LSA LSR LSU LSAck M MAC MIB MTU N NAS NBMA NIC NMS NSSA NVRAM O OSPF P PIM-DM PIM-SM PITP PPPoE PPPoA PQ PVC Q QoS QinQ R RADIUS RARP RID RIP RMON
Link-State Advertisement Link State Request Link State Update Link State Acknowledgment
Medium Access Control Management Information Base Maximum Transmission Unit
Network Access Server Non Broadcast MultiAccess Network Information Center Network Management System Not-So-Stubby Area Nonvolatile Random Access Memory
Open Shortest Path First
Protocol-Independent Multicast-Dense Mode Protocol-Independent Multicast-Sparse Mode Policy Information Transfer Protocol Point-to-Point Protocol Over Ethernet Point-to-Point Protocol Over ATM Priority Queuing Permanent Virtual Channel
Quality of Service 802.1q in 802.1q
Remote Authentication Dial-In User Service Reverse Address Resolution Protocol Remote ID Routing Information Protocol Remote Network Monitoring
RSTP S SES SHDSL SNMP STP SYN T TCP/IP TFTP TOS TTL U UAS UDP V VCI VPI VDSL VLAN VOD VT VTP VTY W WAN WRR X xDSL
Rapid Spanning Tree Protocol
Severely Errored Seconds Single-pair High-speed Digital Subscriber Line Simple Network Management Protocol Spanning Tree Protocol Synchronization
Transmission Control Protocol/ Internet Protocol Trivial File Transfer Protocol Type of Service Time To Live
Unavailable Seconds User Datagram Protocol
Virtual Channel Identifier Virtual Path Identifier Very-high-data-rate Digital Subscriber Line Virtual Local Area Network Video On Demand Virtual Terminal VLAN Trunk Protocol Virtual Type Terminal
Wide Area Network Weighted Round Robin
x Digital Subscriber Line
Index
Index
Numerics
201+, 13-18 4875/4845 power module, 29-9 4875/4845 power-off threshold, 29-10 802.1x authentication process, 14-4 configuration, 14-4 system architecture, 14-2 ADSL line profile, 20-13 ADSL/ADSL2+ alarm profile, 20-29 SHDSL alarm profile, 20-33 SHDSL line profile, 20-21 VDSL alarm profile, 20-26 VDSL line profile, 20-10 aging time multicast group member port, 23-6 router port, 23-6 alarm class, 27-3 alarm ID, 27-2 alarm level, 27-3 alarm management, 27-4 alarm parameter, 27-3 alarm serial number, 27-3 alarm statistics setting, 27-8 viewing/clearing, 27-10 alarm table, 7-2 alarm threshold, 27-9 alarm type, 27-3 ARP, 10-1 ARP address translation implementation, 10-1 necessity, 10-1 ARP Proxy, 10-2 AS, 18-10 ASBR, 18-11 ASCII code, 1-5 authentication/authorization scheme local, 13-5 radius, 13-5 simple, 13-5 auto key word matching, 2-2 auto online upgrading, 26-7 AUX, 4-1
A
AAA, 13-1 ABR, 18-11 accounting scheme, 13-6 account-stop request, 13-18 ACL, 6-13 absolute time range, 15-4 activating, 6-14 data-based, 6-13 defining, 6-13 inband NMS networking, 6-14 name-based, 6-13 periodic time range, 15-4 sub-rule, 6-13 ACL match order auto, 15-1 config, 15-1 ACL module, 1-10 active/standby switchover data synchronization, 28-1 smoothness, 28-1 active/standby switchover mode auto, 28-2 forced, 28-2 manual, 28-2 normal, 28-2 active/standby switchover requirement, 28-3 add
Huawei Technologies Proprietary i-1
Index device name, 6-6 DHCP, 9-1 DHCP L2/L3 relay, 9-9 DHCP Option60, 9-6 DHCP Option82 enabling/disabling, 9-11 DHCP packet CID, 9-12 maximum length, 9-13 RID, 9-12 DHCP Relay application, 9-14 DHCP relay mode L2, 9-9 L3, 9-9 DHCP relay standard mode, 9-5 DHCP Relay troubleshooting, 9-15 DHCP server IP address, 9-3 selection mode, 9-4 DIS parameters, 29-12 display characteristic, 2-3 DR, 18-11 dual-ISU function, 25-3 duplex mode, 19-4
B
backbone area, 18-13 backup, 26-19 basic operation command, 2-1 basic system operation, 2-1 BDR, 18-13 blackhole route, 18-6 board adding, 5-4 confirming, 5-5 deleting, 5-6 replacing, 5-7 viewing, 5-2 board management resetting service board, 5-6 resetting system or ESM board, 5-7
C
CAR, 20-6 CLI, 1-1 command matching, 2-2 command mode, 2-4 command mode characteristics, 2-5 community name read-only, 6-4 read-write, 6-4 configuration environment, 1-8 Controlled Port, 14-2 CPE, 20-9 CPU occupancy ratio, 2-11
E
EAP, 14-2 EAPoL, 14-2 EAPoL-Encapsulated-ASF-Alert, 14-3 EAPoL-Key, 14-3 EAPoL-Logoff, 14-3 EAPoL-Start, 14-3 EAP-Packet, 14-3 edit characteristic, 2-2 edit function, 2-2 EMU configuration adding, 29-3 deleting, 29-5 viewing, 29-5 EMU function, 29-1 EMU-H303ESC, 29-6 encryption key, 13-12, 13-15
D
database description packet, 18-12 DDN, 6-1 default ISP domain, 13-9 Delay bounded WRR, 16-4 delete xDSL alarm profile, 20-35 xDSL line profile, 20-24 destination address, 18-2 destination MAC address PPPoA, 21-28
Operation Manual SmartAX MA5300/5303 Broadband Access System error prompt, 2-4 Ethernet port aggregation, 19-7 MAC address learning, 19-6 event table, 7-3
Index
I
ICMP, 2-12 idle-cut, 13-8 IEEE 802.1x, 14-1 IGMP, 23-1 IGMP leave message, 23-4 IGMP query message general, 23-3 specific group, 23-4 IGMP report message, 23-4 iGMP Snooping router port, 23-2 IGMP Snooping aging time multicast group member port, 23-2 router port, 23-2 enabling/disabling, 23-6 MAC multicast group, 23-2 maximum time to respond, 23-3 multicast member port, 23-2 inband IP address, 6-12 route, 6-12 inband NMS, 6-1 inband port, 1-7 intelligent matching, 2-2 interactive mode, 2-7 inter-exchange, 2-5 IP address binding, 20-7 IP Hotel, 13-18 IPoA, 21-10 IPoA connection multi-PVC, 21-13 single PVC, 21-12 IPoE, 21-10 ISDN line, 6-1 ISP domain, 13-6 ISP domain state, 13-8 ISU, 25-1
F
FE Ethernet port, 19-1 FIFO, 16-1 file system, 26-1 flow control mode, 4-4 FTP, 26-4 FTP client, 26-5 FTP server authentication/authorization, 26-4 enabling/disabling, 26-4 timeout, 26-5
G
GE Ethernet port, 19-1
H
H303ESC environment monitor 4810 power module, 29-7 analog, 29-7 digital, 29-7 extended serial port, 29-7 fan control, 29-6 power module, 29-7 hardware/software version, 2-10 hello packet, 18-12 history commands, 2-11 history control table, 7-3 HyperTerminal EXEC terminal service, 4-5 history buffer, 4-6 line locking, 4-5 terminal screen, 4-6 timeout exit, 4-5 HyperTerminal interface, 1-3
L
L2 mechanism, 21-10 Huawei Technologies Proprietary i-3
Operation Manual SmartAX MA5300/5303 Broadband Access System L3 mechanism, 21-10 LAN, 1-7 line data bit, 4-4 parity bit, 4-4 stop bit, 4-4 line configuration, 4-1 line management asynchronous interface, 4-3 entering line configuration mode, 4-3 line numbering mode absolute, 4-1 relative, 4-1 link state acknowledgement packet, 18-12 request packet, 18-12 update packet, 18-12 loading, 26-11 local maintenance, 1-1 local MUX VLAN upstream port, 22-27 local serial terminal, 1-1 local user adding/deleting, 13-10 connecting, 13-11 modifying, 13-10 log management, 27-1 logic channel, 18-27 LSA, 18-11 LSDB, 18-11 MAC address table, 8-1 MAC source address PPPoA, 21-28 maintenance operation directory-related, 26-1 file-related, 26-2 memory device related, 26-2 master upstream port, 24-3 maximum failure count, 13-12, 13-17 MIB, 6-2 MIB tree structure, 6-2 monitor modules, 29-1 MTU, 9-13 multicase router parameter fast leave, 24-5 gen-response-time, 24-4 query-interval, 24-4 robustness variable, 24-4 source IP address, 24-4 sp-response-time, 24-5 multicast VLAN downstream port, 23-10 upstream port, 23-9 multi-service dispatch, 21-3 MUX VLAN, 22-1 basic application, 22-30 cascading application, 22-34 comprehensive application, 22-39 MUX VLAN configuration, 22-24 MUX VLAN configuration profile, 22-26
Index
M
MAC address aging time, 8-4 restoring, 8-5 viewing, 8-5 MAC address item, 8-2 MAC address learning count, 8-4 enable/disable, 8-4 limit, 8-4 MAC address segment, 9-7
N
named standard ACL, 15-5 NAS, 13-2 NBMA, 18-18 network mask, 18-2 network testing tool ping, 2-11 tracert, 2-11 next hop IP address, 18-3 NSSA, 18-14 numbered standard ACL, 15-4
Index priority tag, 16-7
O
OAM, 20-40 on/off control, 29-9 online help, 2-6 operation user management adding, 3-2 deleting, 3-3 modifying, 3-4 viewing, 3-5 OSPF, 18-10 OSPF packets, 18-12 outband IP address, 6-9 route, 6-10 outband NMS, 6-1 outband NMS networking, 6-10 outband port, 1-7 output interface, 18-3
Q
QinQ packet forwarding downstream, 22-45 upstream, 22-45 QinQ VLAN, 22-1 downstream port, 22-47 upstream port, 22-46 QinQ VLAN application, 22-50 QinQ VLAN PVC adding, 22-48 deleting, 22-48 modifying, 22-48 queue scheduling, 16-3, 16-9
R
RADIUS, 13-2 RADIUS server state, 13-18 RARP, 21-10 reachable route, 18-5 realtime accounting interval, 13-16 remote maintenance, 1-1 remote serial terminal, 1-6 reset xDSL chipset, 20-39 xDSL port, 20-39 retransmit time, 13-12, 13-16 RMON, 7-1 route priority, 18-3 route summary, 18-13 routing protocol, 18-4 routing protocol type, 18-3 routing table, 18-2 RS-232 serial cable, 1-1
P
p2mp, 18-18 p2p, 18-18 packet filtering, 16-2 packet redirection, 16-7 password authentication protocol, 6-7 privacy protocol, 6-7 patch management, 26-23 PITP, 21-35 PITP V mode, 21-36 port access auto, 14-6 force-authorized, 14-6 force-unauthorized, 14-6 port rate limit, 16-7 Portal, 13-18 PPPoA, 21-24 PPPoA connection multi-PVC, 21-27 single PVC, 21-26 PPPoE Plus, 21-37 PQ, 16-3
S
Session ID, 21-28 single PVC configuration, 21-1 single-ended test, 20-41 Smart VLAN, 22-1 downstream port, 22-15 Huawei Technologies Proprietary i-5
Operation Manual SmartAX MA5300/5303 Broadband Access System upstream port, 22-15 Smart VLAN application access mode, 22-17 comprehensive application, 22-20 Trunk mode, 22-18 Smart VLAN configuration, 22-14 SNMP group, 6-8 SNMP packet size, 6-6 SNMP V1/2C, 6-2 SNMP V3, 6-2 SNMP V3 group, 6-7 source MAC address IPoA, 21-14 static ARP, 10-2 static route parameter, 18-7 statistic table, 7-4 stub area, 18-14 synchronization insufficient configuration data, 28-2 insufficient running data, 28-3 insufficient service data, 28-3 SysContact, 6-5 SysLocation, 6-6 system data backup FTP, 26-22 TFTP, 26-21 system name, 2-8 system time, 2-8 terminal type ANSI, 2-9 VT, 2-9 TFTP transfer mode, 26-6 TFTP server file downloading, 26-6 file uploading, 26-6 timeout exit, 2-9 traffic, 16-1 traffic classification, 16-1 traffic mirroring, 16-9 traffic policing, 16-6 traffic statistics, 16-4 transmission rate, 4-3 Trap, 6-4 TTL, 2-11
Index
U
Uncontrolled Port, 14-2 unreachable route, 18-5 user attribute account, 3-1 appending information, 3-2 authority, 3-1 callback attribute, 3-2 password, 3-1 reentry count, 3-1 user management, 3-1 user template, 13-9
T
TCP attribute buffer size, 17-1 finwait timer, 17-1 synwait timer, 17-1 telnet application, 1-9 telnet environment, 1-7 terminal emulation, 1-4 terminal language general language, 2-8 local language, 2-8 terminal screen clearance, 2-10 terminal screen length, 2-9
V
VDSL CPE auto-upgrade, 20-44 VDSL CPE binding, 20-43 virtual link, 18-13 VLAN, 22-1 VLAN Stacking, 22-1 downstream port, 22-54 upstream port, 22-53 VLAN Stacking application, 22-57 VLAN Stacking packet forwarding upstream, 22-52
Operation Manual SmartAX MA5300/5303 Broadband Access System VLAN Trunk, 22-5 VOD, 23-7 VTY, 4-1
Index
X
xDSL port activation, 20-8 loopback, 20-39 status, 20-8
W
WAN, 1-7 WRR, 16-4
i. ii.
Huawei Technologies Proprietary ii-7

EMU Operation Manual (V1.52)

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

EMU Operation Manual (V1.52)

Uploaded by

Copyright:

Available Formats

Part 1 Basic Operations

Part 2 Basic Configuration

Part 3 Service Configuration

Part 4 Maintenance Operations

SmartAX MA5300/5303 Broadband Access System Operation Manual V100R005

Huawei Technologies Proprietary

SmartAX MA5300/5303 Broadband Access System Operation Manual

Huawei Technologies Co., Ltd.

Huawei Technologies Proprietary

Copyright 2005 Huawei Technologies Co., Ltd.

All Rights Reserved

, HUAWEI, C&C08, EAST8000, HONET,

, ViewPoint, INtess, ETS, DMC,

Huawei Technologies Proprietary

About This Manual

Huawei Technologies Proprietary

Difference between the MA5300 and the MA5303

Huawei Technologies Proprietary

II. Command conventions

Huawei Technologies Proprietary

III. GUI conventions

IV. Keyboard operation

Huawei Technologies Proprietary

Huawei Technologies Proprietary

Operation Manual SmartAX MA5300/5303 Broadband Access System

Operation Manual SmartAX MA5300/5303 Broadband Access System

Huawei Technologies Proprietary ii

Operation Manual SmartAX MA5300/5303 Broadband Access System

Huawei Technologies Proprietary iii

Operation Manual SmartAX MA5300/5303 Broadband Access System

Operation Manual SmartAX MA5300/5303 Broadband Access System

Huawei Technologies Proprietary v

Operation Manual SmartAX MA5300/5303 Broadband Access System

Operation Manual SmartAX MA5300/5303 Broadband Access System

Operation Manual SmartAX MA5300/5303 Broadband Access System

Operation Manual SmartAX MA5300/5303 Broadband Access System

Operation Manual SmartAX MA5300/5303 Broadband Access System

Operation Manual SmartAX MA5300/5303 Broadband Access System

Huawei Technologies Proprietary xi

Operation Manual SmartAX MA5300/5303 Broadband Access System

Huawei Technologies Proprietary xii

SmartAX MA5300/5303 Broadband Access system Operation Manual

Part 1 Basic Operations

Operation Manual - Basic Operations SmartAX MA5300/5303 Broadband Access System

Huawei Technologies Proprietary i

Operation Manual - Basic Operations SmartAX MA5300/5303 Broadband Access System

Huawei Technologies Proprietary ii

Operation Manual - Basic Operations SmartAX MA5300/5303 Broadband Access System

Chapter 1 Maintenance Terminal Configuration

Chapter 1 Maintenance Terminal Configuration

1.1 Configuring the Local Serial Terminal

Serial port PC ESM MA5300

Huawei Technologies Proprietary 1-1

Operation Manual - Basic Operations SmartAX MA5300/5303 Broadband Access System

Chapter 1 Maintenance Terminal Configuration

Huawei Technologies Proprietary 1-2

Operation Manual - Basic Operations SmartAX MA5300/5303 Broadband Access System

Chapter 1 Maintenance Terminal Configuration

Huawei Technologies Proprietary 1-3

Operation Manual - Basic Operations SmartAX MA5300/5303 Broadband Access System

Chapter 1 Maintenance Terminal Configuration

Huawei Technologies Proprietary 1-4