00367766-MA5600T Configuration Guide - (V800R005C06 - 02)

SmartAX MA5600T Multi-service Access Module V800R005C06 Configuration Guide
Issue Date Part Number
02 2008-04-25 00367766
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China http://www.huawei.com support@huawei.com
Website: Email:
Copyright Huawei Technologies Co., Ltd. 2008. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are the property of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but the statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
SmartAX MA5600T Multi-service Access Module
Contents
Contents
About This Document.....................................................................................................................1 1 Maintenance Terminal Configuration...................................................................................1-1
1.1 Overview.........................................................................................................................................................1-2 1.2 Configuring the Terminal Through the Local Serial Port...............................................................................1-3 1.3 Configuring the Terminal Through the Remote Serial Port............................................................................1-7 1.4 Configuring the Terminal Through the Outband Management Channel .....................................................1-12 1.5 Configuring the Terminal Through the Inband Management Channel.........................................................1-16 1.6 Configuring the Terminal Through SSH.......................................................................................................1-20
2 Getting Started With CLI..........................................................................................................2-1

2.1 Overview.........................................................................................................................................................2-2 2.2 CLI Characteristics..........................................................................................................................................2-2 2.2.1 Command Modes...................................................................................................................................2-3 2.2.2 Intelligent Matching...............................................................................................................................2-5 2.2.3 Edit Characteristics................................................................................................................................2-6 2.2.4 Interaction Function...............................................................................................................................2-7 2.2.5 Parameter Prompt...................................................................................................................................2-7 2.2.6 Display Characteristics...........................................................................................................................2-8 2.2.7 Saving and Querying History Commands..............................................................................................2-9 2.2.8 CLI Error Prompts................................................................................................................................2-10 2.3 Basic Operations Through CLI.....................................................................................................................2-10 2.3.1 Obtaining the Online Help Information...............................................................................................2-11 2.3.2 Enabling the Interactive Command Execution Mode..........................................................................2-13 2.3.3 Enabling the CLI Trap Reporting.........................................................................................................2-14 2.3.4 Searching for a Keyword......................................................................................................................2-15 2.3.5 Switching the Terminal Language.......................................................................................................2-15 2.3.6 Setting the System Time......................................................................................................................2-16 2.3.7 Setting the System Name.....................................................................................................................2-17 2.3.8 Setting the Terminal Type....................................................................................................................2-17 2.3.9 Setting the Timeout Exit Time.............................................................................................................2-18 2.3.10 Locking the Terminal.........................................................................................................................2-18 2.3.11 Clearing the Terminal Screen.............................................................................................................2-19 2.3.12 Querying the Version.........................................................................................................................2-19 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd i
Contents
SmartAX MA5600T Multi-service Access Module 2.3.13 Querying the CPU Usage...................................................................................................................2-20 2.3.14 Querying the Memory Usage.............................................................................................................2-21 2.3.15 Testing the Network State..................................................................................................................2-21
3 Network Management Configuration....................................................................................3-1

3.1 Overview.........................................................................................................................................................3-3 3.2 Basic Concepts................................................................................................................................................3-3 3.3 Configuration Example of an Outband NMS..................................................................................................3-4 3.4 Configuration Example of an Inband NMS....................................................................................................3-7 3.5 SNMP Agent Configuration..........................................................................................................................3-10 3.5.1 Setting the SNMP Version...................................................................................................................3-11 3.5.2 Adding a Community Name and Setting Its Read/Write Authorities..................................................3-12 3.5.3 Enabling the Trap Sending...................................................................................................................3-13 3.5.4 Setting the IP address of a Destination Host for Receiving Traps.......................................................3-13 3.5.5 Setting the Source Interface for Sending Traps....................................................................................3-14 3.5.6 Setting the System Contact Information..............................................................................................3-15 3.5.7 Setting the System Location Information.............................................................................................3-16 3.5.8 Configuring an SNMP V3 User...........................................................................................................3-16 3.5.9 Configuring an SNMP V3 Group.........................................................................................................3-17 3.5.10 Configuring an SNMP MIB View.....................................................................................................3-18 3.5.11 Configuring the Local SNMP Engine ID...........................................................................................3-19 3.5.12 Enabling the Timely Handshake Function between the MA5600T and the N2000..........................3-20 3.5.13 Setting the Handshake Interval..........................................................................................................3-21 3.6 Configuring the IP Address of the Outband NMS Interface.........................................................................3-22 3.7 Configuring an NMS Route..........................................................................................................................3-23 3.8 Configuring the IP Address of the Inband NMS Interface............................................................................3-24
4 Log Host Configuration............................................................................................................4-1

4.1 Overview.........................................................................................................................................................4-2 4.2 Configuration Example of a Log Host............................................................................................................4-2 4.3 Configuring a Log Host...................................................................................................................................4-4 4.4 Deleting a Log Host........................................................................................................................................4-5 4.5 Deactivating a Log Host..................................................................................................................................4-6 4.6 Querying Logs.................................................................................................................................................4-7
5 User Management...................................................................................................................... 5-1

5.1 Overview.........................................................................................................................................................5-2 5.2 Adding a User Profile......................................................................................................................................5-2 5.3 Adding a User..................................................................................................................................................5-5 5.4 Modifying the User Attributes........................................................................................................................5-7 5.4.1 Modifying the Profile Bound with a User..............................................................................................5-7 5.4.2 Modifying the User Login Mode...........................................................................................................5-8 5.4.3 Modifying a User Level.......................................................................................................................5-10 5.4.4 Changing a User Password...................................................................................................................5-11 ii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
Contents
5.4.5 Modifying the Permitted Number of Reenters.....................................................................................5-12 5.4.6 Modifying the Appended Information.................................................................................................5-13 5.5 Disconnecting an Online User.......................................................................................................................5-14 5.6 Deleting a User..............................................................................................................................................5-14
6 Device Management..................................................................................................................6-1
6.1 Overview.........................................................................................................................................................6-2 6.2 Setting the Description of a Shelf...................................................................................................................6-3 6.3 Resetting the Control Boards..........................................................................................................................6-3 6.4 Adding a Service Board Offline......................................................................................................................6-5 6.5 Confirming a Service Board............................................................................................................................6-6 6.6 Deleting a Service Board.................................................................................................................................6-6 6.7 Resetting a Service Board...............................................................................................................................6-7 6.8 Prohibiting a Service Board............................................................................................................................6-8
7 Remote User Authentication Configuration.........................................................................7-1

7.1 Overview.........................................................................................................................................................7-3 7.2 Related Concepts.............................................................................................................................................7-3 7.2.1 Introduction to AAA..............................................................................................................................7-3 7.2.2 Introduction to RADIUS........................................................................................................................7-4 7.2.3 Introduction to SSH................................................................................................................................7-4 7.2.4 Introduction to 802.1x............................................................................................................................7-5 7.3 Configuration Example of Remote User Authentication................................................................................7-6 7.4 Configuring the RADIUS..............................................................................................................................7-10 7.4.1 Overview..............................................................................................................................................7-11 7.4.2 Creating a RADIUS Server Template..................................................................................................7-11 7.4.3 Setting the IP Address and Port Number of a RADIUS Server...........................................................7-12 7.4.4 Setting the Shared Key of the RADIUS Server...................................................................................7-14 7.4.5 Setting the Response Timeout Interval of a RADIUS Server..............................................................7-14 7.4.6 Setting the Maximum Number of Transmissions for the RADIUS Request Packets..........................7-16 7.4.7 Setting the Format of the User Name Sent to a RADIUS Server........................................................7-17 7.5 Configuring 802.1x.......................................................................................................................................7-18 7.5.1 Configuring an 802.1x Template.........................................................................................................7-19 7.5.2 Enabling the 802.1x Authentication on a Port.....................................................................................7-21 7.5.3 Configuring the Control Mode of a Port..............................................................................................7-22 7.5.4 Enabling the 802.1x Authentication Globally......................................................................................7-23 7.5.5 Enabling the DHCP-Triggered Authentication....................................................................................7-24 7.6 Configuring AAA..........................................................................................................................................7-25 7.6.1 Configuring an Authentication Scheme...............................................................................................7-26 7.6.2 Configuring an Accounting Scheme....................................................................................................7-27 7.6.3 Configure an Accounting Mode...........................................................................................................7-28 7.6.4 Configuring the Interval for the Real-time Accounting.......................................................................7-29 7.6.5 Creating a Domain...............................................................................................................................7-31 7.6.6 Binding a RADIUS Server Template...................................................................................................7-32 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd iii
Contents
SmartAX MA5600T Multi-service Access Module 7.6.7 Specifying an Authentication Scheme.................................................................................................7-33 7.6.8 Specifying an Accounting Scheme......................................................................................................7-34 7.6.9 Referencing an 802.1x Template..........................................................................................................7-35
7.7 Configuring SSH...........................................................................................................................................7-36 7.7.1 Creating the Local RSA Key Pair........................................................................................................7-36 7.7.2 Configuring the SSH User Public Key.................................................................................................7-37 7.7.3 Configuring an SSH User.....................................................................................................................7-39
8 VLAN Configuration.................................................................................................................8-1
8.1 Overview.........................................................................................................................................................8-3 8.2 Configuration Example of a VLAN................................................................................................................8-5 8.3 Configuration Example of a MUX VLAN......................................................................................................8-7 8.4 Creating a VLAN..........................................................................................................................................8-10 8.5 Configuring the VLAN Attribute..................................................................................................................8-12 8.6 Setting the Inner and Outer Ethernet Protocols Type of a VLAN Stacking.................................................8-13 8.7 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN..................................................8-14 8.8 Adding an Upstream Port to a VLAN...........................................................................................................8-14 8.9 Adding a Service Port to a VLANAdding Service Port(s) to a VLAN.........................................................8-15 8.10 Adding Service Ports in Batches.................................................................................................................8-17 8.11 Configuring the Description of a Service Port............................................................................................8-18
9 DHCP Relay Configuration.....................................................................................................9-1

9.1 Overview.........................................................................................................................................................9-4 9.2 Configuration Example of DHCP Standard Mode..........................................................................................9-5 9.3 Configuration Example of DHCP Option60 Mode.........................................................................................9-8 9.4 Configuration Example of DHCP MAC Address Segment Mode................................................................9-11 9.5 Enabling the DHCP Proxy Function.............................................................................................................9-14 9.6 Creating a DHCP Server Group....................................................................................................................9-15 9.7 Setting the Working Mode of a DHCP Server..............................................................................................9-16 9.8 Setting the DHCP Relay Mode.....................................................................................................................9-17 9.9 Binding a DHCP Server Group with a VLAN Interface...............................................................................9-18 9.10 Creating an Option60 Domain....................................................................................................................9-19 9.11 Binding a DHCP Server Group with a DHCP Option60 Domain..............................................................9-20 9.12 Configuring the Gateway of a DHCP Option60 Domain...........................................................................9-21 9.13 Creating a DHCP MAC Address Segment.................................................................................................9-22 9.14 Setting the Range of a DHCP MAC Address Segment..............................................................................9-23 9.15 Binding a DHCP Server Group with a DHCP MAC Address Segment.....................................................9-24 9.16 Configuring the Gateway of a DHCP MAC Address Segment..................................................................9-25 9.17 Setting the DHCP Proxy Lease-Time.........................................................................................................9-26 9.18 Kicking Off a DHCP User..........................................................................................................................9-27
10 ARP & ARP Proxy Configuration.......................................................................................10-1

10.1 Overview.....................................................................................................................................................10-2 10.2 ARP Proxy Configuration Example............................................................................................................10-2 iv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
Contents
10.3 Adding a Static ARP Entry.........................................................................................................................10-5 10.4 Enabling the ARP Proxy.............................................................................................................................10-6
11 RIP Routing Protocol Configuration..................................................................................11-1

11.1 Overview.....................................................................................................................................................11-3 11.2 Configuration Example of the Static Route................................................................................................11-3 11.3 Configuration Example of RIP....................................................................................................................11-6 11.4 Configuration Example of a Routing Policy...............................................................................................11-9 11.5 Adding a Static Route...............................................................................................................................11-12 11.6 Configuring RIP........................................................................................................................................11-14 11.6.1 Enabling the RIP Process.................................................................................................................11-14 11.6.2 Setting the RIP Version....................................................................................................................11-15 11.6.3 Enabling an Interface to Receive/Transmit RIP Packets..................................................................11-16 11.7 Controlling the RIP Routing Information.................................................................................................11-17 11.7.1 Setting the Cost of the Default Route...............................................................................................11-18 11.7.2 Specifying the Default Routing Metric............................................................................................11-19 11.7.3 Setting the Additional Metric of a Route.........................................................................................11-20 11.7.4 Enabling the Route Summarization..................................................................................................11-20 11.7.5 Configuring a Summary Route IP Address......................................................................................11-21 11.7.6 Disabling Receiving Host Routes....................................................................................................11-22 11.7.7 Configuring the RIP Preference.......................................................................................................11-23 11.7.8 Importing the Routes of Other Protocols.........................................................................................11-24 11.7.9 Configuring the Route Filtering Policy............................................................................................11-25 11.7.10 Verifying the Source IP Address of a RIP Route Update..............................................................11-26 11.8 Adjusting and Optimizing RIP..................................................................................................................11-27 11.8.1 Configuring the RIP Timer..............................................................................................................11-27 11.8.2 Configuring the Zero Field Check for RIP-I Packets.......................................................................11-28 11.8.3 Configuring the RIP-2 Authentication Mode...................................................................................11-30 11.8.4 Enabling the Split Horizon Function................................................................................................11-30 11.8.5 Enabling the Poison Reverse Function.............................................................................................11-31 11.9 Configuring a Routing Policy...................................................................................................................11-32 11.9.1 Defining a Routing Policy................................................................................................................11-32 11.9.2 Defining the If-match Clause of a Route Policy..............................................................................11-34 11.9.3 Defining the Apply Clause of a Route Policy..................................................................................11-34 11.10 Enabling the Transparent Transmission function of the RIP Packet Based on the VLAN.....................11-36
12 OSPF Routing Protocol Configuration..............................................................................12-1

12.1 Overview.....................................................................................................................................................12-2 12.2 Configuration Example of OSPF................................................................................................................12-2 12.3 Configuring OSPF.......................................................................................................................................12-6 12.3.1 Enabling the OSPF Process................................................................................................................12-7 12.3.2 Configuring the DR Priority...............................................................................................................12-8 12.3.3 Setting an OSPF Router ID................................................................................................................12-8 12.3.4 Disabling the OSPF Packet Transmission on an Interface.................................................................12-9 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd v
Contents
SmartAX MA5600T Multi-service Access Module 12.3.5 Entering OSPF Area Config Mode..................................................................................................12-10 12.3.6 Configuring the Subnets for an Area................................................................................................12-11 12.3.7 Configuring the OSPF Stub Area.....................................................................................................12-11 12.3.8 Configuring an NBMA Adjacent Router.........................................................................................12-12 12.3.9 Enabling the OSPF Logging Function.............................................................................................12-13 12.3.10 Configuring the Network Type on an OSPF Interface...................................................................12-13 12.3.11 Configuring the MTU of the DD Packet........................................................................................12-15
12.4 Controlling the OSPF Routing Information..............................................................................................12-15 12.4.1 Setting the OSPF Preference............................................................................................................12-16 12.4.2 Configuring the Maximum OSPF Route Count...............................................................................12-17 12.4.3 Configuring the OSPF Packet Authentication.................................................................................12-18 12.4.4 Configuring the OSPF Cost..............................................................................................................12-18 12.4.5 Configuring the Route Summarization Between Areas...................................................................12-19 12.4.6 Configuring the Aggregation of Routes Imported by OSPF............................................................12-20 12.4.7 Importing Routes from Other Protocols into OSPF.........................................................................12-21 12.4.8 Setting the Default Parameters of OSPF Imported Routes..............................................................12-21 12.5 Adjusting and Optimizing OSPF...............................................................................................................12-22 12.5.1 Setting the Interval for Sending the Hello Packets..........................................................................12-23 12.5.2 Setting the Dead Time Between Adjacent Routers..........................................................................12-24 12.5.3 Setting the Hello Packet Poll Interval..............................................................................................12-24 12.5.4 Setting the LSA Transmit Delay......................................................................................................12-25 12.5.5 Setting the LSA Retransmit Interval between Adjacent Routers.....................................................12-26 12.5.6 Setting the SPF Calculation Interval for OSPF................................................................................12-27
13 IS-IS Routing Protocol Configuration...............................................................................13-1

13.1 Overview.....................................................................................................................................................13-2 13.2 Configuration Example of IS-IS.................................................................................................................13-3 13.3 Configuring IS-IS........................................................................................................................................13-6 13.3.1 Enabling the IS-IS Process.................................................................................................................13-6 13.3.2 Configuring the Network Entity Title................................................................................................13-7 13.3.3 Configuring the Router Level............................................................................................................13-9 13.3.4 Enabling the IS-IS Function on an Interface....................................................................................13-10 13.4 Controlling the IS-IS Routing Information...............................................................................................13-11 13.4.1 Configuring the IS-IS Priority..........................................................................................................13-12 13.4.2 Configuring the Cost of an IS-IS Interface......................................................................................13-13 13.4.3 Configuring IS-IS Route Aggregation.............................................................................................13-16 13.4.4 Generating IS-IS Default Routes......................................................................................................13-16 13.4.5 Configuring IS-IS to Filter the Received or Advertised Routing Information.................................13-17 13.4.6 Setting the State of IS-IS Interface to Suppressed...........................................................................13-18 13.4.7 Configuring IS-IS to Import External Routes..................................................................................13-19 13.4.8 Configuring the IS-IS Route Leaking..............................................................................................13-20 13.5 Adjusting and Optimizing IS-IS................................................................................................................13-21 13.5.1 Configuring Network Type of an IS-IS Interface............................................................................13-22 vi Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
Contents
13.5.2 Configuring the Level of an IS-IS Interface.....................................................................................13-22 13.5.3 Configuring DIS Priority of an IS-IS Interface................................................................................13-23 13.5.4 Configuring IS-IS for Not Checking IP Addresses of Received Hello Packets...............................13-24 13.5.5 Configuring the IS-IS Packet Timer.................................................................................................13-25 13.5.6 Configuring LSP Parameters............................................................................................................13-27 13.5.7 Enabling LSP Fast Flooding............................................................................................................13-30 13.5.8 Configuring SPF Parameters............................................................................................................13-30 13.5.9 Configuring IS-IS Host Name Mapping..........................................................................................13-31 13.5.10 Configuring IS-IS Authentication..................................................................................................13-33 13.5.11 Configuring LSDB Overload Flag Bit...........................................................................................13-35 13.5.12 Enabling Output of the Adjacency State........................................................................................13-35
14 BGP Routing Protocol Configuration................................................................................14-1

14.1 Overview ....................................................................................................................................................14-2 14.2 Configuration Example of BGP..................................................................................................................14-2 14.3 Configuring Basic BGP Functions..............................................................................................................14-6 14.3.1 Configuring BGP Basic Description..................................................................................................14-6 14.3.2 Configuring BGP to Advertise the Local Routes...............................................................................14-7 14.3.3 Configuring the Local Interface Used for a BGP Connection...........................................................14-8 14.3.4 Configuring the Maximum Number of Hops in an EBGP Connection...........................................14-10 14.4 Configuring BGP Route Attributes...........................................................................................................14-11 14.4.1 Configuring the BGP Route Preference...........................................................................................14-11 14.4.2 Configuring the Default Local_Pref Attribute.................................................................................14-12 14.4.3 Configuring the MED Attribute.......................................................................................................14-12 14.4.4 Configuring the Next_Hop Attribute...............................................................................................14-13 14.4.5 Configuring the AS-Path Attribute..................................................................................................14-14 14.5 Controlling the BGP Routing Information................................................................................................14-15 14.5.1 Configuring BGP to Import Routes.................................................................................................14-16 14.5.2 Filtering the Routes Imported by BGP.............................................................................................14-17 14.5.3 Configuring BGP Route Aggregation..............................................................................................14-17 14.5.4 Configuring a Router to Advertise the Default Route to Its Peer....................................................14-18 14.5.5 Configuring BGP Access List..........................................................................................................14-19 14.5.6 Configuring a BGP Routing Policy..................................................................................................14-20 14.5.7 Configuring the Policy for Advertising the BGP Routing Information...........................................14-22 14.5.8 Configuring the Policy for Receiving the BGP Routing Information..............................................14-24 14.6 Adjusting and Optimizing BGP................................................................................................................14-26 14.6.1 Configuring the BGP Timers...........................................................................................................14-27 14.6.2 Configuring the Interval for Sending the Update Messages............................................................14-28 14.6.3 Configuring BGP Soft Reset............................................................................................................14-29 14.6.4 Enabling Quick Reset of an EBGP Connection...............................................................................14-30 14.6.5 Configuring MD5 Authentication....................................................................................................14-31 14.6.6 Configuring the Maximum Number of Equal-Cost Routes.............................................................14-32 14.6.7 Configuring EBGP Neighbor Split Horizon....................................................................................14-33 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd vii
Contents
15 MSTP Configuration.............................................................................................................15-1
15.1 Overview.....................................................................................................................................................15-3 15.2 Enabling the MSTP Function......................................................................................................................15-3 15.3 Setting the Working Mode of MSTP..........................................................................................................15-5 15.4 Setting the MST Region Parameters...........................................................................................................15-6 15.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region............15-7 15.4.2 Configuring the MST Region Name..................................................................................................15-8 15.4.3 Mapping the Specified VLAN to the Specified MSTP Instance........................................................15-9 15.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic............................................15-10 15.4.5 Setting the MSTP Revision Level....................................................................................................15-12 15.4.6 Restoring the Default Settings for All Parameters of the MST Region...........................................15-13 15.5 Activating the Configuration of the MST Region.....................................................................................15-13 15.6 Specifying the Device as a Root Bridge or a Backup Root Bridge...........................................................15-14 15.7 Setting the Priority of the Device in the Specified Spanning Tree Instance.............................................15-16 15.8 Setting the Maximum Number of Hops of the MST Region....................................................................15-17 15.9 Setting the Diameter of the Switching Fabric...........................................................................................15-18 15.10 Setting the Calculation Standard for the Path Cost.................................................................................15-19 15.11 Setting the Time Parameters of the Specified Network Bridge..............................................................15-20 15.11.1 Setting the Forward Delay of the Specified Network Bridge........................................................15-21 15.11.2 Setting the Hello Time of the Specified Network Bridge..............................................................15-22 15.11.3 Setting the Max Age of the Specified Network Bridge.................................................................. 15-23 15.11.4 Setting the Timeout Time Factor of the Specified Network Bridge..............................................15-25 15.12 Setting the Parameters of the Specified Port...........................................................................................15-26 15.12.1 Setting the Maximum Transmission Rate of the Specified Port....................................................15-26 15.12.2 Setting the Specified Port as an Edge Port.....................................................................................15-28 15.12.3 Setting the Path Cost of a Specified Port.......................................................................................15-29 15.12.4 Setting the Priority of the Specified Port.......................................................................................15-30 15.12.5 Setting the Point-to-Point Link Connection of the Specified Port.................................................15-31 15.13 Setting the mCheck Variable...................................................................................................................15-32 15.14 Configuring the Device Protection Function..........................................................................................15-33 15.14.1 Enabling the BPDU Protection Function of the Device.................................................................15-33 15.14.2 Enabling the Loop Protection Function of the Device...................................................................15-34 15.14.3 Enabling the Root Protection Function of the Device....................................................................15-36 15.15 Clear the MSTP Protocol Statistics.........................................................................................................15-37
16 NTP Configuration................................................................................................................16-1
16.1 Overview.....................................................................................................................................................16-3 16.2 Configuration Example of NTP Broadcast Mode.......................................................................................16-3 16.3 Configuration Example of NTP Multicast Mode........................................................................................16-7 16.4 Configuration Example of NTP Server/Client Mode................................................................................16-10 16.5 Configuration Example of NTP Peer Mode..............................................................................................16-13 16.6 Configuring the NTP ID Authentication...................................................................................................16-17 16.7 Configuring the NTP Master Clock..........................................................................................................16-19 viii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
Contents
16.8 Configuring the NTP Broadcast Mode......................................................................................................16-20 16.8.1 Configuring the NTP Broadcast Server Mode.................................................................................16-20 16.8.2 Configuring the NTP Broadcast Client Mode..................................................................................16-21 16.9 Configuring the NTP Multicast Mode......................................................................................................16-22 16.10 Configuring the NTP Server/Client Mode..............................................................................................16-24 16.11 Configuring the NTP Peer Mode............................................................................................................16-25 16.12 Configuring the Authority of Access to an NTP Service of a Local Device..........................................16-26 16.13 Configuring an Interface for Transmitting/Receiving NTP Packets.......................................................16-27
17 System Clock Configuration................................................................................................17-1

17.1 Overview.....................................................................................................................................................17-2 17.2 Configuration Example of the System Clock..............................................................................................17-3 17.3 Configuring a Clock Source........................................................................................................................17-5 17.4 Setting the Priority of a Clock Source.........................................................................................................17-6
18 MAC Address Management.................................................................................................18-1

18.1 Overview.....................................................................................................................................................18-2 18.2 Adding a Static MAC Address....................................................................................................................18-2 18.3 Setting the Maximum MAC Address Number Learned by a Service Port.................................................18-3 18.4 Configuring the Aging Time of a Dynamic MAC Address........................................................................18-4 18.5 Binding the MAC Address..........................................................................................................................18-5 18.6 Configuring the MAC Address Filtering....................................................................................................18-6 18.7 Configuring the MAC Address Pool...........................................................................................................18-7
19 TCP/IP Connection Configuration......................................................................................19-1

19.1 Overview.....................................................................................................................................................19-2 19.2 Basic Concepts............................................................................................................................................19-2 19.3 Configuring the Synwait Timer...................................................................................................................19-2 19.4 Configuring the Finwait Timer...................................................................................................................19-3 19.5 Configuring the Socket Buffer....................................................................................................................19-4 19.6 Enabling the TCP Debugging.....................................................................................................................19-4 19.7 Enabling the IP Packets Debugging............................................................................................................19-5
20 ACL Configuration................................................................................................................20-1
20.1 Overview.....................................................................................................................................................20-3 20.2 Configuring the Basic ACL.........................................................................................................................20-5 20.3 Configuring the Advanced ACL.................................................................................................................20-7 20.4 Configuring the L2 ACL.............................................................................................................................20-8 20.5 Configuration Example of the User-Defined ACL...................................................................................20-11 20.6 Creating an ACL.......................................................................................................................................20-12 20.7 Configuring a Time Range........................................................................................................................20-14 20.8 Setting the Step..........................................................................................................................................20-15 20.9 Creating a Basic ACL Rule.......................................................................................................................20-15 20.10 Creating an Advanced ACL Rule............................................................................................................20-16 20.11 Creating an L2 ACL Rule.......................................................................................................................20-17 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd ix
Contents
20.12 Creating a Customized ACL Rule...........................................................................................................20-18 20.13 Activating an ACL..................................................................................................................................20-20
21 QoS Configuration.................................................................................................................21-1
21.1 Overview.....................................................................................................................................................21-3 21.2 Configuration Example of Queue Scheduling............................................................................................21-3 21.3 Configuration Example of Traffic Management Based on service streams................................................21-6 21.4 Configuration Example of Traffic Management Based on ACL rules.......................................................21-9 21.5 Configuring the Traffic Management Based on service streams..............................................................21-11 21.5.1 Configure the IP Traffic Profile.......................................................................................................21-12 21.5.2 Configure the ATM Traffic Profile..................................................................................................21-14 21.6 Configuring the Traffic Management Based on Port + CoS.....................................................................21-17 21.7 Configuring Queue Scheduling ................................................................................................................21-18 21.7.1 Configuring the Queue Scheduling Mode........................................................................................21-19 21.7.2 Mapping the 802.1p Priority to Queues...........................................................................................21-21 21.7.3 Configuring the Queue Buffer of a Service Board...........................................................................21-22 21.8 Configuring Traffic Management Based on ACL rules............................................................................21-24 21.8.1 Enabling Traffic Limit.....................................................................................................................21-24 21.8.2 Adding a Priority Tag to Packets.....................................................................................................21-25 21.8.3 Enabling the Traffic Statistics..........................................................................................................21-26 21.8.4 Enabling the Traffic Mirroring.........................................................................................................21-27 21.8.5 Enabling the Traffic Redirection......................................................................................................21-28 21.9 Enabling the Line Rate Limit on an Upstream Port..................................................................................21-29
22 User Security Configuration................................................................................................22-1

22.1 Overview.....................................................................................................................................................22-3 22.2 Enabling PITP.............................................................................................................................................22-3 22.3 Setting the RAIO Working Mode...............................................................................................................22-4 22.4 Setting the Ethernet Encapsulation Type....................................................................................................22-5 22.5 Enabling the DHCP Option82 Function......................................................................................................22-6 22.6 Setting the Maximum Length of DHCP Packets........................................................................................22-7 22.7 Binding the IP Address...............................................................................................................................22-8 22.8 Binding the MAC Address..........................................................................................................................22-9 22.9 Enabling the Anti MAC Spoofing.............................................................................................................22-10 22.10 Enabling the Anti IP Spoofing................................................................................................................22-11
23 System Security Configuration...........................................................................................23-1

23.1 Overview.....................................................................................................................................................23-3 23.2 Enabling the Anti DoS Attack.....................................................................................................................23-3 23.3 Enabling the Anti IP Attack........................................................................................................................23-4 23.4 Enabling Anti ICMP Attack........................................................................................................................23-5 23.5 Enabling the Source Route Filtering...........................................................................................................23-5 23.6 Configuring the MAC Address Filtering....................................................................................................23-6 23.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE Users..............................................23-7 x Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
Contents
23.8 Configuring the Black List..........................................................................................................................23-8 23.9 Configuring the Firewall Function..............................................................................................................23-9 23.10 Configuring an Accessible Address Segment.........................................................................................23-11 23.11 Configuring the Inaccessible Address Segment......................................................................................23-12
24 P2P Fiber Access Service Configuration............................................................................24-1

24.1 Overview.....................................................................................................................................................24-2 24.2 Configuration Example of Fiber Access Service-Single Port for Single Service.......................................24-2 24.3 Configuration Example of Fiber Access Service-Single Port for Multi-service.........................................24-4 24.4 Setting the Port Auto-negotiation Mode...................................................................................................24-10 24.5 Setting the Port Duplex Mode...................................................................................................................24-10 24.6 Setting the Port Rate..................................................................................................................................24-11
25 GPON Service Configuration..............................................................................................25-1

25.1 Overview.....................................................................................................................................................25-3 25.2 Configuration Example of the GPON Service............................................................................................25-3 25.3 Adding a DBA Profile.................................................................................................................................25-8 25.4 Binding a DBA Profile..............................................................................................................................25-10 25.5 Adding an Alarm Profile...........................................................................................................................25-11 25.6 Adding a GEM Port...................................................................................................................................25-13 25.7 Configuring a GPON Port.........................................................................................................................25-14 25.7.1 Enabling the FEC Function on a PON Port......................................................................................25-14 25.7.2 Disabling the Laser on a PON Port..................................................................................................25-15 25.8 Configuring a GPON ONT.......................................................................................................................25-16 25.8.1 Adding a GPON ONT......................................................................................................................25-16 25.8.2 Activating a GPON ONT.................................................................................................................25-17 25.8.3 Enabling the ONT Auto-find Function of a GPON Port..................................................................25-18 25.8.4 Setting the Aging Time of the ONT Auto-find Function.................................................................25-19 25.8.5 Confirming an Automatically Found ONT......................................................................................25-20 25.8.6 Setting the Minimum and Maximum Logical Reach.......................................................................25-22
26 Protection Configuration for Upstream Link...................................................................26-1

26.1 Overview.....................................................................................................................................................26-2 26.2 Configuration Example of the Upstream Link Protection...........................................................................26-2 26.3 Configuring a Protection Group..................................................................................................................26-5
27 Device Subtending Configuration......................................................................................27-1

27.1 Overview.....................................................................................................................................................27-3 27.2 Configuration Example of a Subtended Network Through the ETHA Board............................................27-4 27.3 Configuring the Physical Attributes of an Ethernet Port.............................................................................27-6 27.3.1 Setting the Auto-negotiation Mode of an Ethernet Port.....................................................................27-6 27.3.2 Setting the Duplex Mode of an Ethernet Port....................................................................................27-7 27.3.3 Setting the Rate of an Ethernet Port...................................................................................................27-8 27.3.4 Setting the Network Cable Type of an Ethernet Port.........................................................................27-8 27.4 Enabling the Flow Control on an Ethernet Port..........................................................................................27-9 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xi
Contents
27.5 Enabling the Traffic Suppression..............................................................................................................27-10 27.6 Enabling the Ethernet Port Aggregation...................................................................................................27-13 27.7 Mirroring an Ethernet Port........................................................................................................................27-14 27.8 Adding an Ethernet Port to a VLAN.........................................................................................................27-14 27.9 Setting the Native VLAN for an Ethernet Port.........................................................................................27-15
28 VLAN Stacking Wholesale Service Configuration......................................................... 28-1

28.1 Overview.....................................................................................................................................................28-2 28.2 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access ................................................28-2
29 QinQ VLAN Private Line Service Configuration............................................................29-1

29.1 Overview.....................................................................................................................................................29-2 29.2 Configuration Example of the QinQ VLAN...............................................................................................29-2 29.3 Configuration Example of the QinQ VLAN Private Line Service.............................................................29-5 29.4 Enabling the Transparent Transmission of BPDUs....................................................................................29-8
30 Multicast Service Configuration.........................................................................................30-1

30.1 Overview.....................................................................................................................................................30-3 30.2 Configuration Example of the IGMP Proxy Multicast Service..................................................................30-3 30.3 Configuration Example of the IGMP Snooping Multicast Service.............................................................30-8 30.4 Configuration Example of the IGMP Snooping Multicast Service ..........................................................30-11 30.5 Configuration Example of the Multicast Service in Subtending Mode....................................................30-16 30.6 Configuring the Multicast Service in MSTP Networking.........................................................................30-21 30.7 Configuration Example of the Multicast Service Through the PIM-SSM Protocol.................................30-28 30.8 Setting the IGMP Mode............................................................................................................................30-33 30.9 Configuring the IGMP Upstream Port......................................................................................................30-33 30.10 Setting the Multicast Mode of an Upstream Port....................................................................................30-35 30.11 Enabling the Multicast Routing Function...............................................................................................30-36 30.12 Specifying a Subtending Port..................................................................................................................30-36 30.13 Configuring a Program for a Static Subtending Port..............................................................................30-37 30.14 Configuring IGMP Global Parameters....................................................................................................30-38 30.14.1 Enabling the IGMP Proxy Authorization.......................................................................................30-39 30.14.2 Setting the Robustness Variable.....................................................................................................30-40 30.14.3 Setting the General Query Interval.................................................................................................30-41 30.14.4 Setting the Maximum Response Time to the General Query.........................................................30-42 30.14.5 Setting the Number of Specific Queries.........................................................................................30-44 30.14.6 Setting the Group-Specific Query Interval.....................................................................................30-45 30.14.7 Setting the Maximum Response Time to the Group-Specific Query.............................................30-46 30.14.8 Setting the TTL for a V2 Router....................................................................................................30-47 30.14.9 Setting the Preview Recognition Time...........................................................................................30-48 30.14.10 Enabling the User Action Report Function..................................................................................30-49 30.14.11 Set the Permitted Encapsulation Mode of IGMP Packets............................................................30-51 30.14.12 Enabling the IGMP Echo Function..............................................................................................30-51 30.15 Configuring the IGMP VLAN Parameters..............................................................................................30-52 xii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
Contents
30.15.1 Setting the IGMP Mode.................................................................................................................30-53 30.15.2 Configuring the IGMP Version......................................................................................................30-54 30.15.3 Configuring the Multicast Program................................................................................................30-55 30.15.4 Setting the Unsolicited Report Interval .........................................................................................30-58 30.15.5 Enabling the Proxy of the IGMP Leave Packet.............................................................................30-59 30.15.6 Enabling the Proxy of the IGMP Report Packet............................................................................30-60 30.15.7 Enabling the Function of Sending the Global-leave Packet...........................................................30-61 30.15.8 Setting the Priority of the IGMP Packet.........................................................................................30-62 30.15.9 Configuring the Multicast VLAN Member....................................................................................30-63 30.15.10 Enabling the Logging Function ...................................................................................................30-64 30.15.11 Setting the IP Address Range of the Multicast VLAN to Generate the Program Group Dynamically .....................................................................................................................................................................30-65 30.15.12 Enabling the Program Matching Mode of the Multicast VLAN .................................................30-66 30.15.13 Configuring the Virtual Upstream Port........................................................................................30-67 30.16 Configuring the PIM-SSM Protocol Parameters.....................................................................................30-69 30.16.1 Enabling the PIM-SSM Function...................................................................................................30-69 30.16.2 Setting the DR Priority of a PIM Router........................................................................................30-70 30.16.3 Setting the Interval for a PIM Router to Send Hello Messages.....................................................30-73 30.16.4 Setting the Holdtime for Receiving the Hello Messages...............................................................30-75 30.16.5 Setting the Longest Delay for Triggering the Transmission of the Hello Message.......................30-77 30.16.6 Setting the Specifications of the Join/Prune Messages..................................................................30-79 30.16.7 Setting the Interval for Sending the Join/Prune Messages.............................................................30-80 30.16.8 Setting the Delay for a PIM Router to Perform Pruning................................................................30-82 30.16.9 Setting the Interval for a PIM Router to Override Pruning............................................................30-84 30.16.10 Setting the Holdtime for a PIM Router to Maintain the Join Status of a Downstream Interface .....................................................................................................................................................................30-87 30.16.11 Setting the Range of the PIM-SSM Multicast Addresses............................................................30-89 30.17 Managing Multicast Bandwidth..............................................................................................................30-90 30.17.1 Enabling the Bandwidth Management Function............................................................................30-91 30.17.2 Setting the Program Bandwidth.....................................................................................................30-92 30.18 Configuring an Authority Profile............................................................................................................30-92 30.18.1 Modifying an Authority Profile......................................................................................................30-92 30.18.2 Renaming an Authority Profile......................................................................................................30-93 30.19 Configuring Multicast Users...................................................................................................................30-94 30.19.1 Adding a BTV User........................................................................................................................30-94 30.19.2 Modifying the Attributes of a User................................................................................................30-96 30.19.3 Blocking a BTV User.....................................................................................................................30-97 30.19.4 Binding a User with an Authority Profile......................................................................................30-98 30.19.5 Enabling the Switch of Monitoring the BTV User........................................................................30-99 30.20 Configuring the Preview Function........................................................................................................30-100 30.20.1 Configuring the Preview Profile .................................................................................................30-100 30.20.2 Enabling the Preview Function....................................................................................................30-101 30.20.3 Setting the Preview Auto Reset Time..........................................................................................30-102 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xiii
Contents
SmartAX MA5600T Multi-service Access Module 30.20.4 Clearing the Preview Records Manually......................................................................................30-103
30.21 Configuring the Logging Function........................................................................................................30-104 30.21.1 Enabling the Logging Function on the Multicast VLAN.............................................................30-105 30.21.2 Setting the Logging Interval.........................................................................................................30-106 30.21.3 Configuring the Log Reporting....................................................................................................30-107 30.21.4 Collecting the Log Statistics........................................................................................................30-108 30.22 Setting the Automatic CDR Reporting..................................................................................................30-108
31 Triple Play Service Configuration......................................................................................31-1

31.1 Overview.....................................................................................................................................................31-3 31.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services..........................................31-4 31.3 Configuration Example of Triple Play - .....................................................................................................31-9 31.4 Configuration Example of Triple Play - Based on 802.1p........................................................................31-14 31.5 Configuration Example of Triple Play - Based on the Service Encapsulation Type................................31-19 31.6 Configuration Example of Triple Play......................................................................................................31-24
32 ONT Management.................................................................................................................32-1
32.1 Overview.....................................................................................................................................................32-3 32.2 Configuration Example of the GPON ONT................................................................................................32-3 32.3 Configuring an GPON ONT Capability Set Profile....................................................................................32-7 32.4 Configuring the Attributes of a GPON ONT Port.....................................................................................32-11 32.5 Binding an ONT T-CONT with GEM Ports.............................................................................................32-12 32.6 Configuring the Mapping Between ONT Services and GEM Ports.........................................................32-13 32.7 Configuring a VLAN for a GPON ONT Port...........................................................................................32-14 32.8 Managing the IP Address of a GPON ONT..............................................................................................32-15
33 Ethernet OAM Configuration..............................................................................................33-1

33.1 Overview.....................................................................................................................................................33-3 33.2 Configuration Example of Ethernet OAM..................................................................................................33-3 33.3 Creating an MD...........................................................................................................................................33-6 33.4 Creating an MA...........................................................................................................................................33-7 33.5 Creating an MEP.........................................................................................................................................33-8 33.6 Creating an RMEP...................................................................................................................................... 33-9 33.7 Enabling the CFM Globally......................................................................................................................33-10 33.8 Enabling the CFM Alarm Globally...........................................................................................................33-11 33.9 Enabling the Administration Function of an MEP....................................................................................33-12 33.10 Enabling the CC Transmission of an MEP.............................................................................................33-13 33.11 Enabling the Global Detection Function of an RMEP............................................................................33-14 33.12 Enabling the RMEP Detection Function.................................................................................................33-15 33.13 Configuring Priorities for Transmitting CCMs/LTMs ...........................................................................33-16 33.14 Configuring the Interval for an MA to Transmit a CC...........................................................................33-17 33.15 Configuring the Base Address of Multicast Destination MAC Addresses of CCMs/LTMs..................33-18 33.16 Configuring the Loop Detection Function..............................................................................................33-19 33.17 Configuring the Link Trace Function......................................................................................................33-20 xiv Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
Contents
34 Environment Monitoring Configuration ..........................................................................34-1

34.1 Overview.....................................................................................................................................................34-3 34.2 Configuration Example of the H801ESC....................................................................................................34-6 34.3 Configuration Example of FAN..................................................................................................................34-9 34.4 Adding an EMU........................................................................................................................................34-11 34.5 Configuring a POWER4845 EMU............................................................................................................34-12 34.6 Configuring the H801ESC Analog Parameters.........................................................................................34-15 34.7 Configuring H801ESC Digital Parameters...............................................................................................34-17 34.8 Configuring the FAN Alarm Report ........................................................................................................34-19 34.9 Setting the FAN Speed Adjustment Mode................................................................................................34-20 34.10 Configuring the FAN Speed Level..........................................................................................................34-21
35 Acronyms and Abbreviations..............................................................................................35-1
Issue 02 (2008-04-25)
xv
Figures
Figures
Figure 1-1 Example network for configuring the MA5600T through the local serial port..................................1-3 Figure 1-2 Flowchart for configuring the MA5600T through the local serial port..............................................1-4 Figure 1-3 Setting parameters of the terminal......................................................................................................1-5 Figure 1-4 Setting the terminal emulation type....................................................................................................1-6 Figure 1-5 Setting ASCII Code............................................................................................................................1-7 Figure 1-6 Example network for configuring the MA5600T through the remote serial port..............................1-8 Figure 1-7 Flowchart for configuring the MA5600T through the remote serial port..........................................1-9 Figure 1-8 Setting the parameters of the HyperTerminal...................................................................................1-11 Figure 1-9 Example network for configuring the outband management in a LAN by Telnet...........................1-13 Figure 1-10 Example network for configuring the outband management in a WAN by Telnet........................1-14 Figure 1-11 Flowchart for configuring the outband management in a WAN by Telnet....................................1-15 Figure 1-12 Running the telnet application........................................................................................................1-16 Figure 1-13 Example network for maintenance through the GE port in a LAN................................................1-17 Figure 1-14 Example network for maintenance through the GE port in a WAN...............................................1-17 Figure 1-15 Flowchart for configuring the MA5600T through the inband management channel.....................1-18 Figure 1-16 Running the telnet application........................................................................................................1-19 Figure 1-17 Setting up the SSH configuration environment in the LAN outband mode...................................1-20 Figure 1-18 Setting up the SSH configuration environment in the WAN outband mode..................................1-21 Figure 1-19 Setting up the SSH configuration environment in the LAN inband mode.....................................1-22 Figure 1-20 Setting up the SSH configuration environment in the WAN inband mode....................................1-23 Figure 1-21 Flowchart for configuring in the SSH mode..................................................................................1-24 Figure 1-22 Interface of the key generator.........................................................................................................1-26 Figure 1-23 Generating the client key................................................................................................................1-27 Figure 1-24 Interface of converting the client public key into the RSA public key..........................................1-28 Figure 1-25 Interface of the SSH client software...............................................................................................1-29 Figure 1-26 Interface for connecting to the system............................................................................................1-30 Figure 1-27 Interface for logging in to the SSH client.......................................................................................1-30 Figure 2-1 Switching between the command modes............................................................................................2-4 Figure 3-1 Example network for configuring the outband NMS.........................................................................3-5 Figure 3-2 Flowchart for configuring the outband NMS.....................................................................................3-6 Figure 3-3 Example network for configuring the inband NMS...........................................................................3-7 Figure 3-4 Flowchart for configuring the inband NMS.......................................................................................3-9 Figure 4-1 Example network for configuring a log host......................................................................................4-2 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xvii
Figures
Figure 4-2 Flowchart for configuring a log host..................................................................................................4-3 Figure 7-1 Example network for configuring the remote user authentication ....................................................7-7 Figure 7-2 Flowchart for configuring the remote user authentication.................................................................7-9 Figure 7-3 Flowchart for configuring the SSH user public key.........................................................................7-38 Figure 8-1 Example network for configuring a MUX VLAN.............................................................................8-6 Figure 8-2 Flowchart for configuring a MUX VLAN.........................................................................................8-7 Figure 8-3 Example network for configuring a MUX VLAN.............................................................................8-8 Figure 8-4 Flowchart for configuring a MUX VLAN.........................................................................................8-9 Figure 9-1 MA5600T DHCP relay.......................................................................................................................9-4 Figure 9-2 Example network for configuring DHCP standard mode...................................................................9-5 Figure 9-3 Flowchart for configuring DHCP standard mode...............................................................................9-7 Figure 9-4 Example network for configuring DHCP option60 mode..................................................................9-8 Figure 9-5 Flowchart for configuring DHCP option60 mode............................................................................9-10 Figure 9-6 Example network for configuring MAC address segment mode.....................................................9-12 Figure 9-7 Flowchart for configuring MAC address segment mode.................................................................9-13 Figure 10-1 Example network for configuring the ARP proxy..........................................................................10-3 Figure 10-2 Flowchart for configuring the ARP proxy......................................................................................10-4 Figure 11-1 Example network for configuring the static route..........................................................................11-3 Figure 11-2 Flowchart for configuring the static route......................................................................................11-5 Figure 11-3 Example network for configuring RIP...........................................................................................11-6 Figure 11-4 Flowchart for configuring RIP.......................................................................................................11-8 Figure 11-5 Example network for configuring the routing policy...................................................................11-10 Figure 11-6 Flowchart for configuring the routing policy...............................................................................11-11 Figure 12-1 Example network for configuring OSPF........................................................................................12-2 Figure 12-2 Flowchart for configuring OSPF....................................................................................................12-4 Figure 13-1 IS-IS network topology..................................................................................................................13-2 Figure 13-2 Example network for configuring IS-IS.........................................................................................13-3 Figure 13-3 Flowchart for configuring IS-IS.....................................................................................................13-5 Figure 13-4 IS-IS network topology..................................................................................................................13-7 Figure 14-1 Example network for configuring the BGP....................................................................................14-2 Figure 14-2 Flowchart for configuring the BGP................................................................................................14-4 Figure 16-1 Example network for configuring the NTP broadcast mode..........................................................16-4 Figure 16-2 Flowchart for configuring the NTP broadcast mode......................................................................16-5 Figure 16-3 Example network for configuring the NTP multicast mode...........................................................16-7 Figure 16-4 Flowchart for configuring the NTP multicast mode.......................................................................16-8 Figure 16-5 Example network for configuring NTP server/client mode ........................................................16-10 Figure 16-6 Flowchart for configuring the NTP server/client mode................................................................16-11 Figure 16-7 Example network for configuring the NTP peer mode................................................................16-13 Figure 16-8 Flowchart for configuring the NTP peer mode.............................................................................16-15 Figure 16-9 Flowchart for configuring the NTP server/client mode with ID authentication...........................16-17 Figure 17-1 Example network for configuring the system clock.......................................................................17-3 Figure 17-2 Flowchart for configuring the system clock...................................................................................17-4 xviii Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
Figures
Figure 20-1 Flowchart for configuring a basic ACL..........................................................................................20-6 Figure 20-2 Flowchart for configuring an advanced ACL.................................................................................20-8 Figure 20-3 Flowchart for configuring an L2 ACL.........................................................................................20-10 Figure 20-4 Flowchart for configuring a user-defined ACL............................................................................20-12 Figure 20-5 First 64 bytes of an IP frame........................................................................................................20-19 Figure 21-1 Example network for configuring queue scheduling......................................................................21-4 Figure 21-2 Flowchart for configuring queue scheduling..................................................................................21-5 Figure 21-3 Example network for configuring the traffic management based on service streams....................21-7 Figure 21-4 Flowchart for configuring the traffic management based on service streams................................21-8 Figure 21-5 Example network for configuring the traffic management based on ACL rules..........................21-10 Figure 21-6 Flowchart for configuring the traffic management based on ACL rules......................................21-11 Figure 23-1 Flowchart for configuring the firewall function...........................................................................23-10 Figure 24-1 Example network for the fiber access service-single port for single service................................. 24-3 Figure 24-2 Flowchart for configuring the fiber access service-single port for single service..........................24-4 Figure 24-3 Example network for the fiber access service-single port for multi-service..................................24-5 Figure 24-4 Flowchart for configuring the fiber access service-single port for multi-service...........................24-7 Figure 25-1 Example network for configuring the GPON service.....................................................................25-5 Figure 25-2 Flowchart for configuring the GPON service.................................................................................25-6 Figure 26-1 Example network for configuring the upstream link protection.....................................................26-3 Figure 26-2 Flowchart for configuring the upstream link protection.................................................................26-4 Figure 27-1 Example network for configuring a subtended network through the ETH board.......................... 27-4 Figure 27-2 Flowchart for configuring a subtended network through the ETH board...................................... 27-5 Figure 28-1 Example network for configuring the VLAN stacking multi-ISP wholesale access......................28-3 Figure 28-2 Flowchart for configuring the VLAN stacking multi-ISP wholesale access..................................28-5 Figure 29-1 Example network for configuring the private line service............................................................. 29-3 Figure 29-2 Flowchart for configuring the private line service......................................................................... 29-4 Figure 29-3 Example network of the QinQ VLAN private line service............................................................ 29-6 Figure 29-4 Flowchart for configuring the private line service......................................................................... 29-7 Figure 30-1 Example network for configuring the IGMP proxy multicast service........................................... 30-4 Figure 30-2 Flowchart for configuring the IGMP proxy multicast service........................................................30-6 Figure 30-3 Example network for configuring the IGMP snooping multicast service......................................30-9 Figure 30-4 Flowchart for configuring the IGMP snooping multicast service................................................30-10 Figure 30-5 Example network for configuring the IGMP snooping multicast service....................................30-12 Figure 30-6 Flowchart for configuring the IGMP snooping multicast service................................................30-14 Figure 30-7 Example network for configuring the subtended multicast service..............................................30-17 Figure 30-8 Flowchart for configuring the multicast service in subtending mode (MA5600T_A).................30-19 Figure 30-9 Flowchart for configuring the multicast service in subtending mode (MA5600T_B).................30-19 Figure 30-10 Example network of the multicast service in MSTP networking...............................................30-22 Figure 30-11 Flowchart for configuring the multicast service in MSTP networking on MA5600T_A, MA5600T_B and MA5600T_C........................................................................................................................30-24 Figure 30-12 Flowchart for configuring the multicast service in MSTP networking on MA5600T_D..........30-25 Figure 30-13 Example network for configuring the multicast service through the PIM-SSM protocol..........30-29 Figure 30-14 Flowchart for configuring the multicast service through the PIM-SSM protocol......................30-31 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xix
Figures
Figure 31-1 Example network for configuring the triple play service - multiple PVCs for multiple services .............................................................................................................................................................................31-5 Figure 31-2 Flowchart for configuring the triple play service-multiple PVCs for multiple services................31-7 Figure 31-3 Example network for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN).........................................................................................................................................31-10 Figure 31-4 Flowchart for configuring the triple play service - single PVC for multiple services (based on the userside VLAN).......................................................................................................................................................31-12 Figure 31-5 Example network for configuring the triple play service - single PVC for multiple services (based on 802.1p)...............................................................................................................................................................31-15 Figure 31-6 Flowchart for configuring the triple play service - single PVC for multiple services (based on 802.1p) ...........................................................................................................................................................................31-17 Figure 31-7 Example network for configuring the triple play service - single PVC for multiple services (based on service encapsulation type) ..............................................................................................................................31-20 Figure 31-8 Flowchart for configuring the triple play service - single PVC for multiple services (based on service encapsulation type) ...........................................................................................................................................31-22 Figure 31-9 Example network for configuring the triple play service.............................................................31-25 Figure 31-10 Flowchart for configuring the triple play service.......................................................................31-28 Figure 32-1 ONT management architecture.......................................................................................................32-3 Figure 32-2 Example network for configuring an ONT.....................................................................................32-4 Figure 32-3 Flowchart for configuring an ONT.................................................................................................32-5 Figure 33-1 Example network for configuring Ethernet OAM..........................................................................33-4 Figure 33-2 Flowchart for configuring Ethernet OAM......................................................................................33-5 Figure 34-1 Connection between the H801ESC and the shelf...........................................................................34-4 Figure 34-2 Connection between the POWER4845 and the shelf.....................................................................34-6 Figure 34-3 Flowchart for configuring the H801ESC........................................................................................34-8 Figure 34-4 Flowchart for configuring a FAN.................................................................................................34-10
xx
Issue 02 (2008-04-25)
Tables
Tables
Table 1-1 Features of the maintenance modes.....................................................................................................1-2 Table 1-2 Data plan for configuring the outband management in a LAN by Telnet..........................................1-13 Table 1-3 Data plan for configuring the outband management in a WAN by Telnet........................................1-14 Table 1-4 Data plan for the network...................................................................................................................1-17 Table 1-5 Data plan for the network...................................................................................................................1-18 Table 1-6 Data plan for the network...................................................................................................................1-21 Table 1-7 Data plan for the network...................................................................................................................1-21 Table 1-8 Data plan for the network...................................................................................................................1-22 Table 1-9 Data plan for the network ..................................................................................................................1-23 Table 2-1 Features of the interface config modes................................................................................................2-4 Table 2-2 Edit functions.......................................................................................................................................2-6 Table 2-3 Meaning of the CLI characters supported by the MA5600T...............................................................2-8 Table 2-4 Options for viewing the information displayed on multiple screens...................................................2-9 Table 2-5 Common CLI error prompts...............................................................................................................2-10 Table 2-6 Related operation for obtaining the online help information.............................................................2-13 Table 2-7 Related operation for enabling or disabling the interactive command execution mode....................2-14 Table 2-8 Related operation for enabling or disabling the CLI trap reporting...................................................2-15 Table 2-9 Related operation for switching the terminal language......................................................................2-16 Table 2-10 Related operation for setting the timeout exit time..........................................................................2-18 Table 2-11 Related operation for locking the terminal.......................................................................................2-19 Table 3-1 Data plan for configuring the outband NMS........................................................................................3-5 Table 3-2 Data plan for configuring the inband NMS..........................................................................................3-8 Table 3-3 Related operation for setting the SNMP version................................................................................3-12 Table 3-4 Related operation for adding a community and setting its read/write authorities..............................3-12 Table 3-5 Related operation for enabling the traps sending...............................................................................3-13 Table 3-6 Related operation for setting the IP address of a destination host for receiving traps.......................3-14 Table 3-7 Related operation for setting the source interface for sending traps..................................................3-15 Table 3-8 Related operation for setting the system contact information............................................................3-15 Table 3-9 Related operation for setting the system location information.......................................................... 3-16 Table 3-10 Related operation for configuring an SNMP V3 user......................................................................3-17 Table 3-11 Related operation for configuring an SNMP V3 group...................................................................3-18 Table 3-12 Related operation for configuring an SNMP MIB view..................................................................3-19 Table 3-13 Related operations for configuring the local SNMP engine ID.......................................................3-20 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xxi
Tables
SmartAX MA5600T Multi-service Access Module Table 3-14 Related operations for enabling the timely handshake function between the MA5600T and the N2000 .............................................................................................................................................................................3-21 Table 3-15 Related operation for setting the handshake interval.......................................................................3-22 Table 3-16 Related operation for configuring the IP address of the outband NMS interface............................3-23 Table 3-17 Related operation for configuring an NMS route.............................................................................3-24 Table 3-18 Related operation for configuring the IP address of the inband NMS interface..............................3-25 Table 4-1 Data plan for configuring a log host....................................................................................................4-3 Table 4-2 Related operations for configuring a log host......................................................................................4-5 Table 4-3 Related operations for deleting a log host............................................................................................4-6 Table 4-4 Related operations for deactivating a log host.....................................................................................4-6 Table 5-1 User authorities....................................................................................................................................5-2 Table 5-2 Parameters of a user profile..................................................................................................................5-3 Table 5-3 Related operations for adding a user profile........................................................................................5-5 Table 5-4 User attributes......................................................................................................................................5-5 Table 5-5 Related operations for adding a user....................................................................................................5-7 Table 5-6 Related operations for modifying the profile bound with a user..........................................................5-8 Table 5-7 Related operations for modifying the user login mode........................................................................5-9 Table 5-8 Related operations for modifying a user level...................................................................................5-10 Table 5-9 Related operations for changing a user password..............................................................................5-11 Table 5-10 Related operations for modifying the permitted number of reenters...............................................5-12 Table 5-11 Related operations for modifying the appended information...........................................................5-13 Table 5-12 Related operation for disconnection an online user.........................................................................5-14 Table 5-13 Related operations for deleting a user..............................................................................................5-15 Table 6-1 Service board status..............................................................................................................................6-2 Table 6-2 Related operation for setting the description of a shelf........................................................................6-3 Table 6-3 Related operations for resetting the control boards..............................................................................6-4 Table 6-4 Related operation for adding a service board offline...........................................................................6-6 Table 6-5 Related operation for confirming a service board................................................................................6-6 Table 6-6 Related operation for deleting a service board.....................................................................................6-7 Table 6-7 Related operation for prohibiting a service board................................................................................6-8 Table 7-1 Data plan for configuring the remote user authentication ...................................................................7-7 Table 7-2 Related operation for creating a RADIUS server template................................................................7-12 Table 7-3 Related operation for setting the IP address and port number of a RADIUS server..........................7-14 Table 7-4 Related operation for setting the response timeout interval of a RADIUS server.............................7-15 Table 7-5 Related operation for setting the maximum number of transmissions for the RADIUS request packets .............................................................................................................................................................................7-17 Table 7-6 Related operations for configuring an 802.1x template ....................................................................7-20 Table 7-7 Related operations for enabling the 802.1x authentication on a port. ...............................................7-22 Table 7-8 Related operations for configuring the control mode of a port..........................................................7-23 Table 7-9 Related operations for enabling the 802.1x authentication globally .................................................7-24 Table 7-10 Related operations for enabling the DHCP-triggered 802.1x authentication...................................7-25 Table 7-11 Related operations for configuring an authentication scheme.........................................................7-27 Table 7-12 Related operations for configuring an accounting scheme..............................................................7-28
xxii
Issue 02 (2008-04-25)
Tables
Table 7-13 Related operations for configuring an accounting mode.................................................................7-29 Table 7-14 Related operations for configuring the interval for the real-time accounting. ................................7-30 Table 7-15 Related operations for creating a domain.........................................................................................7-31 Table 7-16 Related operation for binding the RADIUS server template...........................................................7-33 Table 7-17 Related operations for specifying the authentication scheme..........................................................7-34 Table 7-18 Related operations for specifying an accounting scheme................................................................7-35 Table 7-19 Related operation for referencing an 802.1x template.....................................................................7-36 Table 7-20 Related operation for creating a local RSA key pair........................................................................7-37 Table 7-21 Related operations for configuring an SSH user..............................................................................7-40 Table 8-1 VLAN types and applications..............................................................................................................8-3 Table 8-2 VLAN attributes...................................................................................................................................8-5 Table 8-3 Data plan for configuring a MUX VLAN............................................................................................8-6 Table 8-4 Data plan for configuring a MUX VLAN............................................................................................8-8 Table 8-5 Related operations for creating a VLAN............................................................................................8-12 Table 8-6 Related operation for configuring the VLAN attribute......................................................................8-13 Table 8-7 Related operation for adding an upstream port to a VLAN...............................................................8-15 Table 8-8 Related operations for adding a service port to a VLAN...................................................................8-17 Table 8-9 Related operations for adding service ports in batches......................................................................8-18 Table 8-10 Related operation for configuring the description of a service port.................................................8-19 Table 9-1 Data plan for configuring DHCP standard mode.................................................................................9-5 Table 9-2 Data plan for configuring DHCP option60 mode................................................................................9-9 Table 9-3 Data plan for configuring MAC address segment mode....................................................................9-12 Table 9-4 Related operation for enabling the DHCP proxy function.................................................................9-15 Table 9-5 Related operation for creating a DHCP server group........................................................................9-16 Table 9-6 Related operations for setting the working mode of a DHCP server.................................................9-17 Table 9-7 Related operations for binding a DHCP server group with a VLAN interface..................................9-19 Table 9-8 Related operation for creating a DHCP option60 domain.................................................................9-20 Table 9-9 Related operations for binding a DHCP server group with a DHCP option60 domain.....................9-21 Table 9-10 Related operation for configuring the gateway of a DHCP option60 domain.................................9-22 Table 9-11 Related operation for creating a DHCP MAC address segment......................................................9-23 Table 9-12 Related operation for setting the range of a DHCP MAC address segment....................................9-24 Table 9-13 Related operation for binding a DHCP server group with a DHCP MAC address segment...........9-25 Table 9-14 Related operations for configuring the gateway of a DHCP MAC address segment......................9-26 Table 9-15 Related operation for setting the DHCP proxy lease-time...............................................................9-27 Table 10-1 Data plan for configuring the ARP proxy........................................................................................10-3 Table 10-2 Related operations for adding a static ARP entry............................................................................10-6 Table 10-3 Data plan of the ARP proxy.............................................................................................................10-7 Table 10-4 Related operation for enabling the ARP proxy................................................................................10-8 Table 11-1 Data plan for configuring the static route on the user side...............................................................11-4 Table 11-2 Data plan for configuring RIP..........................................................................................................11-7 Table 11-3 Data plan for configuring the routing policy..................................................................................11-10 Table 11-4 Related operation for adding a static route.....................................................................................11-13 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xxiii
Tables
SmartAX MA5600T Multi-service Access Module Table 11-5 Related operation for enabling the RIP process.............................................................................11-15 Table 11-6 Related operation for setting the RIP version................................................................................11-16 Table 11-7 Related operations for enabling an interface to receive and transmit RIP packets........................11-17 Table 11-8 Related operation for setting the cost of the default route............................................................. 11-18 Table 11-9 Related operation for specifying the default routing metric.......................................................... 11-19 Table 11-10 Related operations for setting the additional metric of a route....................................................11-20 Table 11-11 Related operation for enabling the route summarization.............................................................11-21 Table 11-12 Related operation for configuring a summary route IP address...................................................11-22 Table 11-13 Related operation for disabling receiving host routes..................................................................11-23 Table 11-14 Related operation for configuring the RIP preference.................................................................11-24 Table 11-15 Related operation for importing the routes of other protocols.....................................................11-25 Table 11-16 Related operation for configuring the route filtering policy........................................................11-26 Table 11-17 Related operation for verifying the source IP address of a RIP route update..............................11-27 Table 11-18 Related operation for configuring the RIP timer..........................................................................11-28 Table 11-19 Related operation for configuring the zero field check for RIP-1 packets...................................11-29 Table 11-20 Related operation for configuring the RIP-2 authentication mode..............................................11-30 Table 11-21 Related operation for enabling the split horizon function............................................................11-31 Table 11-22 Related operation for enabling the poison reverse function.........................................................11-32 Table 11-23 Parameters for defining a routing policy......................................................................................11-33 Table 11-24 Related operation for configuring a routing policy......................................................................11-33 Table 11-25 Related operation for defining the route policy matching rule.................................................... 11-34 Table 11-26 Related operation for modifying the attributes of the filtered route............................................ 11-35 Table 12-1 Data plan for configuring OSPF......................................................................................................12-3 Table 12-2 Related operation for enabling the OSPF process............................................................................12-7 Table 12-3 Related operation for setting an OSPF router ID.............................................................................12-9 Table 12-4 Related operation for prohibiting an interface from transmitting OSPF packets...........................12-10 Table 12-5 Related operation for entering OSPF area config mode................................................................ 12-11 Table 12-6 Related operation for configuring the subnets for an area.............................................................12-11 Table 12-7 Related operations for configuring a Stub area..............................................................................12-12 Table 12-8 Related operation for configuring an NBMA adjacent router........................................................12-13 Table 12-9 Related operation for enabling the OSPF logging function...........................................................12-13 Table 12-10 Description of the network types................................................................................................. 12-14 Table 12-11 Related operation for configuring the network type on an OSPF interface.................................12-14 Table 12-12 Related operation for configuring the MTU of the DD packet....................................................12-15 Table 12-13 Related operation for setting the OSPF preference......................................................................12-17 Table 12-14 Related operation for configuring the maximum OSPF route count........................................... 12-17 Table 12-15 Related operation for configuring the OSPF packet authentication.............................................12-18 Table 12-16 Related operation for configuring the OSPF cost........................................................................12-19 Table 12-17 Related operation for configuring the route summarization between areas.................................12-20 Table 12-18 Related operation for configuring the aggregation of routes imported by OSPF........................ 12-20 Table 12-19 Related operation for importing routes from other protocols into OSPF.....................................12-21 Table 12-20 Related operations for setting parameters for OSPF to import external routes........................... 12-22
xxiv
Issue 02 (2008-04-25)
Tables
Table 12-21 Related operation for setting the interval for sending Hello packets...........................................12-24 Table 12-22 Related operation for setting the dead time between adjacent routers.........................................12-24 Table 12-23 Related operation for setting the Hello packet poll interval.........................................................12-25 Table 12-24 Related operation for setting the LSA transmit delay..................................................................12-26 Table 12-25 Related operation for setting LSA retransmit interval between adjacent routers........................12-27 Table 12-26 Related operation for setting the SPF calculation interval for OSPF...........................................12-27 Table 13-1 Data plan for configuring IS-IS........................................................................................................13-3 Table 13-2 Related operation for enabling the IS-IS process.............................................................................13-7 Table 13-3 Related operation for configuring an NET.......................................................................................13-9 Table 13-4 Related operation for configuring the router level.........................................................................13-10 Table 13-5 Related operations for enabling the IS-IS function on an interface...............................................13-11 Table 13-6 Related operations for configuring the IS-IS priority....................................................................13-13 Table 13-7 Relationship between the interface cost and the bandwidth..........................................................13-14 Table 13-8 Related operations for configuring the IS-IS interface cost...........................................................13-15 Table 13-9 Related operations for configuring the IS-IS route aggregation....................................................13-16 Table 13-10 Related operations for configuring the IS-IS to generate default routes......................................13-17 Table 13-11 Related operations for filtering the received or advertised routing information..........................13-18 Table 13-12 Related operations for configuring the suppression function.......................................................13-19 Table 13-13 Related operations for configuring the IS-IS to import external routes.......................................13-20 Table 13-14 Related operations for configuring the IS-IS route leaking.........................................................13-21 Table 13-15 Related operation for configuring the network type of an IS-IS interface...................................13-22 Table 13-16 Related operations for configuring the IS-IS interface level........................................................13-23 Table 13-17 Related operations for configuring the DIS priority of an IS-IS interface...................................13-24 Table 13-18 Related operations for configuring the IS-IS for not checking the IP addresses of the received Hello packets...............................................................................................................................................................13-25 Table 13-19 Related operations for configuring the IS-IS packet timer..........................................................13-27 Table 13-20 Related operations for configuring the LSP parameters..............................................................13-29 Table 13-21 Related operation for configuring the LSP fast flooding.............................................................13-30 Table 13-22 Related operations for configuring the SPF parameters...............................................................13-31 Table 13-23 Related operations for configuring host name mapping..............................................................13-32 Table 13-24 Related operations for configuring the IS-IS authentication........................................................13-34 Table 13-25 Related operation for configuring the LSDB overload flag bit....................................................13-35 Table 13-26 Related operation for enabling the output of the adjacency state................................................13-36 Table 14-1 Data plan for configuring the BGP..................................................................................................14-3 Table 14-2 Related operation for configuring the BGP basic description..........................................................14-7 Table 14-3 Related operations for advertising the BGP local routes.................................................................14-8 Table 14-4 Related operation for configuring the local interface used for a BGP connection........................14-10 Table 14-5 Related operation for configuring the maximum number of hops in an EBGP connection..........14-11 Table 14-6 Related operation for configuring the Next_Hop attribute............................................................14-14 Table 14-7 Related operation for configuring the AS_Path attribute...............................................................14-15 Table 14-8 Related operations for configuring the BGP to import routes.......................................................14-16 Table 14-9 Related operation for filtering the routes imported by BGP..........................................................14-17 Table 14-10 Related operations for configuring the BGP route aggregation...................................................14-18 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xxv
Tables
SmartAX MA5600T Multi-service Access Module Table 14-11 Related operations for configuring the MA5600T to advertise the default routes to its peer......14-19 Table 14-12 Related operations for configuring the BGP access list...............................................................14-20 Table 14-13 Parameters for configuring a routing policy................................................................................ 14-21 Table 14-14 Related operations for configuring a routing policy.................................................................... 14-21 Table 14-15 Related operations for configuring the policy for advertising the BGP routing information......14-24 Table 14-16 Related operations for configuring the policy for receiving the BGP routing information.........14-26 Table 14-17 Related operations for configuring the BGP timer...................................................................... 14-28 Table 14-18 Related operations for configuring the interval for sending the update messages.......................14-29 Table 14-19 Related operations for configuring the BGP soft reset................................................................ 14-30 Table 14-20 Related operation for enabling the quick reset function of the EBGP connection...................... 14-31 Table 14-21 Related operation for configuring the MD5 authentication.........................................................14-32 Table 14-22 Related operation for configuring the maximum number of equal-cost routes........................... 14-33 Table 14-23 Related operations for configuring the split horizon function among the EBGP neighbors........14-34 Table 15-1 Related operations for enabling the MSTP function........................................................................15-4 Table 15-2 Related operation for setting the working mode of MSTP..............................................................15-6 Table 15-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm configured on the MST region...................................................................................................................................................................15-8 Table 15-4 Related operations for configuring the MST region name...............................................................15-9 Table 15-5 Related operations for mapping the specified VLAN to the specified MSTP instance.................15-10 Table 15-6 Related operations for mapping all VLANs to the MSTP instances............................................. 15-11 Table 15-7 Related operations for setting the MSTP revision level of the device...........................................15-13 Table 15-8 Related operation for activating the configuration of the MST region..........................................15-14 Table 15-9 Related operation for specifying the device as a root bridge or a backup root bridge...................15-15 Table 15-10 Related operations for setting the priority of the device in the specified spanning tree instance ...........................................................................................................................................................................15-17 Table 15-11 Related operation for setting the maximum number of hops of the MST region........................ 15-18 Table 15-12 Related operation for setting the diameter of the switching fabric..............................................15-19 Table 15-13 Related operation for setting the calculation standard for the path cost...................................... 15-20 Table 15-14 Related operations for setting the Forward Delay of the specified network bridge.....................15-22 Table 15-15 Related operations for setting the Hello Time of the specified network bridge.......................... 15-23 Table 15-16 Related operations for setting the Max Age of the specified network bridge..............................15-25 Table 15-17 Related operation for setting the timeout time factor of the specified network bridge................15-26 Table 15-18 Related operation for setting the maximum transmission rate of the specified port....................15-27 Table 15-19 Related operation for setting the specified port as an edge port.................................................. 15-29 Table 15-20 Related operation for setting the path cost of a specified port.....................................................15-30 Table 15-21 Related operation for setting the priority of the specified port....................................................15-31 Table 15-22 Related operation for setting the point-to-point link connection of the specified port................15-32 Table 15-23 Related operation for enabling the BPDU protection function of the device.............................. 15-34 Table 15-24 Related operations for enabling the loop protection function of the device................................ 15-35 Table 15-25 Related operations for enabling the root protection function of the device.................................15-37 Table 16-1 Data plan for configuring the NTP broadcast mode........................................................................16-4 Table 16-2 Data plan for configuring the NTP multicast mode.........................................................................16-7 Table 16-3 Data plan for configuring NTP server/client mode........................................................................16-11
xxvi
Issue 02 (2008-04-25)
Tables
Table 16-4 Data plan for configuring the NTP peer mode...............................................................................16-14 Table 16-5 Related operations for configuring the NTP ID authentication.....................................................16-18 Table 16-6 Related operation for configuring the NTP master clock..............................................................16-20 Table 16-7 Related operations for configuring the NTP broadcast server mode.............................................16-21 Table 16-8 Related operations for configuring the NTP broadcast client mode..............................................16-22 Table 16-9 Related operations for configuring the NTP multicast mode.........................................................16-23 Table 16-10 Related operations for configuring the NTP server/client mode..................................................16-24 Table 16-11 Related operation for configuring the NTP peer mode................................................................16-25 Table 16-12 Related operations for configuring the authority of access to an NTP service of a local device ...........................................................................................................................................................................16-27 Table 16-13 Related operations for configuring an interface for transmitting or receiving NTP packets.......16-28 Table 17-1 Clock synchronization description...................................................................................................17-2 Table 17-2 Data plan for configuring the system clock.....................................................................................17-4 Table 17-3 Related operations for configuring the system clock.......................................................................17-6 Table 17-4 Related operations for setting the priority of a clock source............................................................17-7 Table 18-1 Related operation for adding a static MAC address.........................................................................18-3 Table 18-2 Related operation for configuring the MAC address filtering.........................................................18-7 Table 19-1 Related operation for configuring the synwait timer.......................................................................19-3 Table 19-2 Related operation for configuring the finwait timer.........................................................................19-4 Table 19-3 Related operation for configuring the socket buffer........................................................................19-4 Table 19-4 Related operations for enabling the IP packets debugging..............................................................19-5 Table 19-5 Related operations for enabling the IP packets debugging..............................................................19-6 Table 20-1 ACL types........................................................................................................................................20-3 Table 20-2 Data plan for configuring the basic ACL.........................................................................................20-6 Table 20-3 Data plan for configuring the advanced ACL..................................................................................20-7 Table 20-4 Data plan for configuring the L2 ACL.............................................................................................20-9 Table 20-5 Data plan for configuring the user-defined ACL...........................................................................20-11 Table 20-6 ACL number range.........................................................................................................................20-13 Table 20-7 Related operations for creating an ACL.........................................................................................20-13 Table 20-8 Related operation for setting the step.............................................................................................20-15 Table 20-9 Related operation for creating a basic ACL rule............................................................................20-16 Table 20-10 Related operation for creating an advanced ACL rule.................................................................20-17 Table 20-11 Related operation for creating an L2 ACL rule............................................................................20-18 Table 20-12 Description of letters and their offset values................................................................................20-19 Table 20-13 Related operation for creating a used defined ACL rule..............................................................20-20 Table 20-14 Related operation for activating the ACL of a port......................................................................20-21 Table 21-1 Data plan for configuring queue scheduling....................................................................................21-4 Table 21-2 Data plan for configuring the traffic management based on service streams..................................21-7 Table 21-3 Data plan for configuring the traffic management based on ACL rules........................................21-10 Table 21-4 Traffic parameters defined in the IP traffic profile........................................................................21-12 Table 21-5 Related operations for configuring the traffic entry ......................................................................21-14 Table 21-6 Relations between the service type, traffic description, and traffic parameters. ...........................21-14 Table 21-7 Application scenario of the ATM services ....................................................................................21-15 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xxvii
Tables
SmartAX MA5600T Multi-service Access Module Table 21-8 Related operation for configuring the traffic entry .......................................................................21-17 Table 21-9 Mapping between the queue weight and the actual queue.............................................................21-19 Table 21-10 Related operations for configuring the queue scheduling mode..................................................21-20 Table 21-11 Mapping between the 802.1p priority and queue.........................................................................21-21 Table 21-12 Related operations for mapping the 802.1p priority to the queue of a service board..................21-22 Table 21-13 Default buffer size........................................................................................................................21-22 Table 21-14 Related operations for configuring the queue buffer of a service board .....................................21-23 Table 21-15 Related operation for enabling traffic limit of packets matching an ACL on a specified port ...........................................................................................................................................................................21-25 Table 21-16 Related operation for adding a priority tag to packets matching an ACL on a specified port ...........................................................................................................................................................................21-26 Table 21-17 Related operations for enabling the traffic statistics for packets matching an ACL on a port ...........................................................................................................................................................................21-27 Table 21-18 Related operation for enabling the traffic mirroring of packets matching an ACL rule on a specified port....................................................................................................................................................................21-28 Table 21-19 Related operation for redirecting traffic matching an ACL on a port..........................................21-29 Table 21-20 Related operation for enabling the line rate limit on an upstream port........................................21-30 Table 22-1 Related operation for setting the Ethernet encapsulation type.........................................................22-6 Table 22-2 Related operations for enabling the DHCP option82.......................................................................22-7 Table 22-3 Related operation for binding the IP address...................................................................................22-9 Table 22-4 Related operations for enabling the anti MAC spoofing function.................................................22-11 Table 22-5 Related operations for enabling the anti MAC spoofing function.................................................22-12 Table 23-1 Related operations for enabling the anti DoS attack........................................................................23-4 Table 23-2 Related operation for enabling the anti IP attack function...............................................................23-4 Table 23-3 Related operation for enabling the anti ICMP attack function.........................................................23-5 Table 23-4 Related operation for enabling the function of source route filtering..............................................23-6 Table 23-5 Related operation for configuring the MAC address filtering.........................................................23-7 Table 23-6 Related operations for configuring the firewall black list function.................................................23-9 Table 23-7 Related operation for configuring the firewall function.................................................................23-11 Table 23-8 Related operations for configuring an accessible address segment...............................................23-11 Table 23-9 Related operations for configuring the inaccessible address segment...........................................23-12 Table 24-1 Data plan for configuring the fiber access service-single port for single service............................24-3 Table 24-2 Data plan for configuring the fiber access service-single port for multi-service.............................24-6 Table 25-1 Configurations of the GPON service in different application scenarios..........................................25-4 Table 25-2 Data plan for configuring the GPON service...................................................................................25-6 Table 25-3 Related operations for adding a DBA profile...................................................................................25-9 Table 25-4 Related operation for binding a DBA profile.................................................................................25-11 Table 25-5 Related operations for adding an alarm profile..............................................................................25-12 Table 25-6 Related operations for adding a GEM port....................................................................................25-14 Table 25-7 Related operations for adding a GPON ONT................................................................................25-17 Table 25-8 Related operation for activating a GPON ONT.............................................................................25-18 Table 25-9 Related operations for enabling the ONT auto-find function of a GPON port..............................25-19 Table 25-10 Related operations for setting the aging time of the ONT auto-find function.............................25-20
xxviii
Issue 02 (2008-04-25)
Tables
Table 25-11 Related operations for confirming an automatically found ONT................................................25-21 Table 26-1 Data plan for configuring the upstream link protection...................................................................26-4 Table 26-2 Related operations for configuring the protection group.................................................................26-6 Table 27-1 Ethernet ports of the MA5600T.......................................................................................................27-3 Table 27-2 Related operation for enabling the flow control of an Ethernet port............................................. 27-10 Table 27-3 Related operations for enabling traffic suppression.......................................................................27-12 Table 27-4 Related operation for enabling the Ethernet port aggregation....................................................... 27-13 Table 27-5 Related operation for mirroring an Ethernet port...........................................................................27-14 Table 27-6 Related operation for adding an Ethernet Port to a VLAN............................................................27-15 Table 28-1 Data plan for configuring the VLAN stacking multi-ISP wholesale access....................................28-4 Table 29-1 Data plan for configuring the private line service............................................................................29-3 Table 29-2 Data plan for the QinQ VLAN private line service.........................................................................29-6 Table 29-3 Related operation for enabling the transparent transmission of BPDUs..........................................29-9 Table 30-1 Data plan for configuring the IGMP proxy multicast service..........................................................30-5 Table 30-2 Data plan for configuring the IGMP snooping multicast service.....................................................30-9 Table 30-3 Data plan for configuring the IGMP snooping multicast service...................................................30-13 Table 30-4 Data plan for configuring the subtended multicast service............................................................30-17 Table 30-5 Data plan for the example network of the multicast service in MSTP networking.......................30-23 Table 30-6 Data plan for configuring the multicast service through the PIM-SSM protocol..........................30-30 Table 30-7 Related operation for configuring the IGMP upstream port..........................................................30-34 Table 30-8 Related operations for setting the multicast mode of the upstream port........................................30-35 Table 30-9 Related operations for enabling the multicast routing function.....................................................30-36 Table 30-10 Related operations for configuring a subtending port..................................................................30-37 Table 30-11 Related operation for configuring a program for a static subtending port...................................30-38 Table 30-12 Related operation for enabling the IGMP proxy authorization....................................................30-40 Table 30-13 Related operation for setting the robustness variable...................................................................30-41 Table 30-14 Related operation for setting the general query interval..............................................................30-42 Table 30-15 Related operation for setting the maximum response time to the general query.........................30-44 Table 30-16 Related operation for setting the number of specific queries.......................................................30-45 Table 30-17 Related operation for setting the group-specific query interval...................................................30-46 Table 30-18 Related operation for setting the maximum response time for the group-specific query............30-47 Table 30-19 Related operations for setting the TTL for a V2 router................................................................30-48 Table 30-20 Related operation for setting the preview recognition time.........................................................30-49 Table 30-21 Related operation for enabling the user action report function....................................................30-50 Table 30-22 Related operation for configuring the IGMP mode..................................................................... 30-54 Table 30-23 Related operation for configuring the IGMP version...................................................................30-55 Table 30-24 Related operations for configuring the multicast program...........................................................30-57 Table 30-25 Related operations for setting the unsolicited report interval...................................................... 30-59 Table 30-26 Related operations for Enabling the proxy of the IGMP leave packet.........................................30-60 Table 30-27 Related operations for enabling the proxy of the IGMP report packet........................................30-61 Table 30-28 Related operations for enabling the function of sending the global-leave packet....................... 30-62 Table 30-29 Related operation for setting the priority of the IGMP packet.....................................................30-63 Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd xxix
Tables
SmartAX MA5600T Multi-service Access Module Table 30-30 Related operations for configuring the multicast VLAN member...............................................30-64 Table 30-31 Related operation for enabling the logging function....................................................................30-65 Table 30-32 Related operations for setting the IP address range of the multicast VLAN to generate the program group dynamically.............................................................................................................................................30-66 Table 30-33 Related operation for enabling the program matching mode of the multicast VLAN.................30-67 Table 30-34 Related operations for configuring the virtual upstream port......................................................30-68 Table 30-35 Related operation for enabling the PIM-SSM function...............................................................30-70 Table 30-36 Related operations for setting the DR priority of a PIM router...................................................30-72 Table 30-37 Related operations for setting the interval for a PIM router to send Hello messages..................30-75 Table 30-38 Related operations for setting the holdtime for receiving the Hello messages............................30-77 Table 30-39 Related operation for setting the longest delay for triggering the transmission of the Hello message ...........................................................................................................................................................................30-78 Table 30-40 Related operations for setting the specifications of the Join/Prune messages.............................30-80 Table 30-41 Related operations for setting the interval for sending the Join/Prune messages........................30-82 Table 30-42 Related operations for setting the delay for a PIM router to perform pruning.............................30-84 Table 30-43 Related operations for setting the delay for a PIM router to override pruning............................30-87 Table 30-44 Related operations for setting the holdtime for a PIM router to maintain the join status of a downstream interface.............................................................................................................................................................30-89 Table 30-45 Related operation for setting the range of the PIM-SSM multicast addresses.............................30-90 Table 30-46 Related operation for enabling the bandwidth management function..........................................30-92 Table 30-47 Related operation for modifying an authority profile..................................................................30-93 Table 30-48 Related operations for adding a BTV user...................................................................................30-95 Table 30-49 Related operations for modifying the attributes of a user............................................................30-97 Table 30-50 Related operation for blocking a BTV user.................................................................................30-98 Table 30-51 Related operation for binding a user with an authority profile....................................................30-99 Table 30-52 Related operation for enabling the switch of monitoring BTV users........................................30-100 Table 30-53 Related operation for configuring the preview profile...............................................................30-101 Table 30-54 Related operation for enabling the preview function.................................................................30-102 Table 30-55 Related operations for setting the preview auto reset time........................................................30-103 Table 30-56 Related operation for resetting the preview record....................................................................30-104 Table 30-57 Related operations for enabling the logging function on the multicast VLAN.........................30-106 Table 30-58 Related operation for setting the logging interval......................................................................30-107 Table 30-59 Related operations for configuring the log reporting.................................................................30-107 Table 30-60 Related operations for setting the automatic CDR reporting.....................................................30-110 Table 31-1 Modes to provide the triple play service..........................................................................................31-3 Table 31-2 Data plan for configuring the triple play service..............................................................................31-5 Table 31-3 Data plan for configuring the triple play service - single PVC for multiple services (based on the userside VLAN).......................................................................................................................................................31-10 Table 31-4 Data plan for configuring the triple play service - single PVC for multiple services (based on 802.1p) ...........................................................................................................................................................................31-15 Table 31-5 Data plan for configuring the triple play service - single PVC for multiple services (based on service encapsulation type) ...........................................................................................................................................31-20 Table 31-6 Data plan for configuring the triple play service............................................................................31-25 Table 32-1 Data plan for configuring an ONT...................................................................................................32-4
xxx
Issue 02 (2008-04-25)
Tables
Table 32-2 Attributes of an ONT capability set profile......................................................................................32-8 Table 32-3 Related operations for configuring an ONT capability set profile.................................................32-11 Table 32-4 Related operations for binding an ONT T-CONT with GEM ports.............................................. 32-13 Table 32-5 Related operations for configuring the mapping between ONT services and GEM ports ............32-14 Table 32-6 Related operation for configuring a VLAN on a GPON ONT port...............................................32-15 Table 33-1 Data plan for configuring Ethernet OAM........................................................................................33-4 Table 33-2 Related operation for creating an MD..............................................................................................33-7 Table 33-3 Related operations for creating an MA............................................................................................33-8 Table 33-4 Related operation for creating an MEP............................................................................................33-9 Table 33-5 Related operation for creating an RMEP.......................................................................................33-10 Table 33-6 Related operation for enabling the CFM globally..........................................................................33-11 Table 33-7 Related operation for enabling CFM alarm globally..................................................................... 33-12 Table 33-8 Related operation for enabling the administration function of an MEP........................................ 33-13 Table 33-9 Related operation for enabling the CC transmission of an MEP...................................................33-14 Table 33-10 Related operation for enabling the global detection function of an RMEP.................................33-15 Table 33-11 Related operation for enabling the detection function of the RMEP...........................................33-16 Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of an MEP........33-17 Table 33-13 Related operation for configuring the interval for an MA to transmit a CC................................33-18 Table 33-14 Related operations for configuring the loop detection function...................................................33-20 Table 33-15 Related operations for configuring the Link trace function.........................................................33-21 Table 34-1 Correspondence between the H801ESC DIP switch and the slave node number............................34-4 Table 34-2 Correspondence between the FAN DIP switch and the slave node number....................................34-5 Table 34-3 Correspondence between the POWER4845 and the slave node number.........................................34-6 Table 34-4 Data plan for configuring the H801ESC..........................................................................................34-7 Table 34-5 Data plan for configuring the FAN..................................................................................................34-9 Table 34-6 Related operation for adding an EMU...........................................................................................34-12 Table 34-7 Commands for configuring a POWER4845 EMU.........................................................................34-12 Table 34-8 Related operations for configuring a POWER4845 EMU.............................................................34-15 Table 34-9 Related operations for configuring H801ESC analog parameters.................................................34-17 Table 34-10 Related operations for configuring H801ESC digital parameters................................................34-19 Table 34-11 Related operations for configuring the FAN alarm report...........................................................34-20 Table 34-12 Related operations for setting the fan speed adjustment mode....................................................34-21 Table 34-13 Related operations for setting the FAN speed level.....................................................................34-22
Issue 02 (2008-04-25)
xxxi
About This Document
About This Document

Purpose
This document describes the configuration of various services supported by the MA5600T. The description covers the following topics:
l l l l l l l l
Purpose Networking Data plan Prerequisite(s) Note Configuration flowchart Operation procedure Result
This document helps users to know the configuration of various services on the MA5600T.
Related Versions
The following table lists the product versions related to this document. Product Name MA5600T N2000 BMS Version V800R005 V200R011
Intended Audience
The intended audience of this document is:
l l l
Installation and commissioning engineers System maintenance engineers Data configuration engineers
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd 1
Issue 02 (2008-04-25)
About This Document
Organization
This document describes the configuration on the MA5600T. Each chapter gives an overview to the configuration first, then describes the configuration flow and the configuration example (some chapters not) and finally describes the basic operations in detail. For the readers that know the product well, it is recommended to read the configuration example (s) directly; For the readers that do not know the product well, it is recommended to read the basic operations first. This document consists of the following chapters and is organized as follows. Chapter 1 Maintenance Terminal Configuration 2 Getting Started With CLI 3 Network Management Configuration 4 Log Host Configuration 5 User Management 6 Device Management 7 Remote User Authentication Configuration 8 VLAN Configuration 9 DHCP Relay Configuration 10 ARP & ARP Proxy Configuration 11 RIP Routing Protocol Configuration 12 OSPF Routing Protocol Configuration 13 IS-IS Routing Protocol Configuration 14 BGP Routing Protocol Configuration 15 MSTP Configuration 16 NTP Configuration Describes How to configure the maintenance terminal The basic CLI operations on the MA5600T How to configure the network management system on the MA5600T How to configure the log host User levels and user management operations How to manage the shelf and boards of the MA5600T How to configure the remote users authentication
How to configure various VLANs, including standard VLAN, smart VLAN, MUX VLAN and super VLAN How to configure DHCP relay to obtain IP addresses dynamically How to configure ARP and ARP proxy How to configure the RIP routing protocols supported by the MA5600T How to configure the OSPF routing protocols supported by the MA5600T How to configure the IS-IS routing protocols supported by the MA5600T How to configure the BGP routing protocols supported by the MA5600T How to configure MSTP How to configure the four NTP modes
Issue 02 (2008-04-25)
About This Document
Chapter 17 System Clock Configuration 18 MAC Address Management 19 TCP/IP Connection Configuration 20 ACL Configuration 21 QoS Configuration 22 User Security Configuration 23 System Security Configuration SHDSL Service Configuration VDSL2 Service Configuration 25 GPON Service Configuration 26 Protection Configuration for Upstream Link 27 Device Subtending Configuration ATM-DSLAM Access Configuration 28 VLAN Stacking Wholesale Service Configuration 29 QinQ VLAN Private Line Service Configuration 30 Multicast Service Configuration 31 Triple Play Service Configuration CPE Management 32 ONT Management
Describes How to configure the system clock on the MA5600T How to configure MAC addresses and the MAC address pool How to configure TCP and IP connections ACL and the method of configuring ACL on the MA5600T QoS and the method of configuring QoS on the MA5600T How to configure user security on the MA5600T How to configure system security on the MA5600T The SHDSL technology and the method of configuring the SHDSL service on the MA5600T The VDSL2 technology and the method of configuring the VDSL2 service on the MA5600T The GPON technology and the method of configuring the GPON service on the MA5600T The service protection on the upstream port of the MA5600T The Ethernet technology and how to subtend MA5600T devices How to configure the ATM-DSLAM access service on the MA5600T How to configure the wholesale service on the MA5600T
How to configure the private line service on the MA5600T How to configure the multicast service on the MA5600T How to configure the triple play service on the MA5600T How to log on and configure the CPE terminal through the MA5600T How to configure the ONT on the MA5600T side
Issue 02 (2008-04-25)
About This Document
Chapter 33 Ethernet OAM Configuration 34 Environment Monitoring Configuration RSTP Networking Example Subtending Networking Example 35 Acronyms and Abbreviations
Describes Applications of Ethernet OAM to the MA5600T The EMUs supported by the MA5600T and the method of configuring them The configuration example of MSTP networking The configuration example of subtending networking Acronyms and abbreviations used in the document
Differences Between the ETSI Service Shelf and the 19-inch Service Shelf
The MA5600T supports both the ETSI service shelf and the 19-inch service shelf. The following table lists the differences between the two shelves. Shelf Type Slots Slots for the Control Board 9, 10 7, 8 Slots for Service Boards 1-8, 11-18 1-6, 9-16 Slots for Upstream Interface Boards 19, 20 17, 18
ETSI shelf 19-inch shelf
20 18
This document uses the ETSI service shelf as an example because the two shelves support the same software functions, although their hardware are different.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description
DANGER
Indicates a hazard with a high level of risk which, if not avoided, could result in death or serious injury. Indicates a hazard with a medium or low level of risk which, if not avoided, could result in minor or moderate injury.
WARNING
Issue 02 (2008-04-25)
About This Document
Symbol
Description
CAUTION
TIP
Indicates a potentially hazardous situation that, if not avoided, could cause equipment damage, data loss, and performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.
NOTE
General Conventions
Convention Times New Roman Boldface Italic Courier New Description Normal paragraphs are in Times New Roman. Names of files, directories, folders, and users are in boldface. For example, log in as user root. Book titles are in italics. Terminal display is in Courier New.
Command Conventions
Convention Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... } * Description The keywords of a command line are in boldface. Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces and separated by vertical bars. One is selected. Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected. Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected. Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.
[ x | y | ... ] *
Issue 02 (2008-04-25)
About This Document
GUI Conventions
Convention Boldface > Description Buttons, menus, parameters, tabs, window, and dialog titles are in Boldface. For example, click OK. Multi-level menus are in boldface and separated by the > signs. For example, choose File > Create > Folder.
Keyboard Operation
Format Key Key 1+Key 2 Key 1, Key 2 Description Press the key. For example, press Enter and press Tab. Press the keys concurrently. For example, pressing Ctrl+Alt +A means the three keys should be pressed concurrently. Press the keys in turn. For example, pressing Alt, A means the two keys should be pressed in turn.
Mouse Operation
Action Click Double-click Drag Description Select and release the primary mouse button without moving the pointer. Press the primary mouse button twice continuously and quickly without moving the pointer. Press and hold the primary mouse button and move the pointer to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions.
Updates in Issue 02 (2008-04-25)

This release has updated the following sections:
l
Sections "Overview", "Configuration Example of the User-Defined ACL", "Creating a Customized ACL Rule" of the chapter "ACL Configuration" Section "Adding a Static ARP Entry" of the chapter "ARP & ARP Proxy Configuration"
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
About This Document
Updates in Issue 01 (2007-10-30)

This is the first release.
Issue 02 (2008-04-25)
1 Maintenance Terminal Configuration
Maintenance Terminal Configuration
About This Chapter

This topic describes the different maintenance modes of theMA5600T through the maintenance terminal. 1.1 Overview This topic describes the different maintenance modes of the MA5600T through the maintenance terminal and describes the features of the maintenance modes. 1.2 Configuring the Terminal Through the Local Serial Port This topic describes how to log in to the MA5600T and configure the MA5600T by using the HyperTerminal of the Windows operating system. 1.3 Configuring the Terminal Through the Remote Serial Port This topic describes how to log in to the MA5600T and configure the MA5600T through the remote serial port. 1.4 Configuring the Terminal Through the Outband Management Channel This topic describes how to connect the maintenance terminal to the MA5600T over a local area network (LAN) or a wide area network (WAN), and configure the MA5600T through the outband management channel. 1.5 Configuring the Terminal Through the Inband Management Channel This topic describes how to configure the MA5600T through the inband management channel. 1.6 Configuring the Terminal Through SSH This topic describes how to connect the maintenance terminal to the MA5600T through SSH. Then, you can log in to the MA5600T through SSH for maintenance. This helps to protect the MA5600T from network attacks.
Issue 02 (2008-04-25)
1-1
1.1 Overview
This topic describes the different maintenance modes of the MA5600T through the maintenance terminal and describes the features of the maintenance modes. You can maintain the SmartAX MA5600T Multi-service Access Module Optical Access Equipment (the MA5600T for short) through a maintenance terminal in the command line interface (CLI) mode. The configuration of a maintenance terminal involves the following:
l l l l l
1.2 Configuring the Terminal Through the Local Serial Port 1.3 Configuring the Terminal Through the Remote Serial Port 1.4 Configuring the Terminal Through the Outband Management Channel 1.5 Configuring the Terminal Through the Inband Management Channel 1.6 Configuring the Terminal Through SSH
Table 1-1 lists the features of the maintenance modes. Table 1-1 Features of the maintenance modes Maintenance mode Local serial port Description Uses the HyperTerminal of the operating system for configuration. Uses the HyperTerminal of the operating system for configuration. Uses the service channel of the MA5600T to manage the network device. Feature No network management software is required. It connects modems on the MA5600T side and the maintenance terminal side.
l
Remote serial port
Inband management channel
Advantages: It adopts flexible networking, and does not require additional networking device, thus saving networking cost. Disadvantages: The maintenance work cannot be performed if the service channel fails. Advantages: It provides reliable device management channel. The fault can be located in time even if the managed device fails. Disadvantage: An additional network device is required for setting up a maintenance channel that is unrelated to the service channel.
Outband management channel
Uses the maintenance network port (ETH) of the control board (SCU) of the MA5600T to manage the system.
1-2
Issue 02 (2008-04-25)
Maintenance mode SSH mode
Description Uses the service channel of the MA5600T, or the maintenance network port of the SCU board to manage the system.
Feature Secure Shell (SSH) ensures network security through the authentication, encryption, and identification functions. When a user telnets to the MA5600T from an insecure network, SSH protects the MA5600T from malicious attacks such as IP address spoofing and clear text password interception.
1.2 Configuring the Terminal Through the Local Serial Port

This topic describes how to log in to the MA5600T and configure the MA5600T by using the HyperTerminal of the Windows operating system.
Networking
Figure 1-1 shows an example network for configuring the MA5600T through the local serial port. Figure 1-1 Example network for configuring the MA5600T through the local serial port
RS-232 serial port cable
CON ETH ESC
Serial port PC
SCU
MA5600T
Configuration Flowchart
Figure 1-2 shows the flowchart for configuring the MA5600T through the local serial port.
Issue 02 (2008-04-25)
1-3
Figure 1-2 Flowchart for configuring the MA5600T through the local serial port
Start
Connect the serial port cable
Run the HyperTerminal
Set the parameters of the terminal
Define the terminal emulation type
Set ASCII code
Log in to the system
End
Procedure
Step 1 Connect the serial port cable. Use a RS-232 serial port cable to connect the serial port of the PC to the CON port of the SCU board, as shown in Figure 1-1. Step 2 Start the HyperTerminal. 1. Set up a connection. Choose Start > Programs > Accessories > Communication > HyperTerminal to start the HyperTerminal and set up a serial port connection. Enter the connection name, and click OK. 2. Configure the serial port. Select the standard character terminal or the PC terminal serial port that is connected to the MA5600T. (Assume that the serial port is serial COM2.) Click OK. Step 3 Set the parameters of the terminal. In step 2, click OK. Then, set the serial port parameters in the dialog box as shown in Figure 1-3. The parameters are set as follows:
l l l
Bits per second: 9600 Data bits: 8 Parity: None

1-4

l l
Stop bits: 1 Flow control: None

NOTE
l l
When setting the baud rate, make sure that the baud rate of the HyperTerminal is consistent with the baud rate of the serial port in the MA5600T. By default, the baud rate of the serial port is 9600 bit/s. There may be illegible characters in the input information after you log in to the system. This is because the baud rate between the HyperTerminal and the MA5600T is inconsistent. In such cases, use a different baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/ s, 38400 bit/s, 57600 bit/s, and 115200 bit/s.
Figure 1-3 Setting parameters of the terminal
Click OK. Step 4 Define the terminal emulation type. Choose File > Properties on the HyperTerminal interface. Click the Settings tab. Select VT100 or Auto Detection as the type of terminal emulation, as shown in Figure 1-4.
Issue 02 (2008-04-25)
1-5
Figure 1-4 Setting the terminal emulation type
Step 5 Set ASCII code. Click ASCII Setup. Set the line delay and the character delay as 200 ms, as shown in Figure 1-5.
NOTE
When you paste text to the HyperTerminal, character delay controls the character transmit speed, and the line delay controls the interval of sending every line. If a delay is very short, it leads to loss of characters. When the pasted text is displayed abnormally, modify the setting.
1-6
Issue 02 (2008-04-25)
Figure 1-5 Setting ASCII Code
----End
Result
In the HyperTerminal interface, press Enter. The system displays a message requesting you to enter the user name. Enter the user name and password for user registration (by default, the super user name is root and the password is admin), and wait until the command line prompt (MA5600T) appears. If the login fails, click the Hang-up icon first, and then click the Dial icon. If you still cannot log in, return to step 1 to check the parameter settings and the physical connections, and then try again.
1.3 Configuring the Terminal Through the Remote Serial Port

This topic describes how to log in to the MA5600T and configure the MA5600T through the remote serial port.
Prerequisite
Connect a PSTN modem on the MA5600T side and PC side before using a serial port for remote maintenance. In this way, you can set up a remote connection between the PC and the MA5600T through modem dialup. The PSTN modem on the MA5600T side is referred to as the called PSTN modem. The PSTN modem on the PC side is referred to as the calling PSTN modem. The PSTN modems must meet the following requirements:
l
Both the calling and called PSTN modems must be the standard modems, and must support the AT command set.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd 1-7
Issue 02 (2008-04-25)

l l
The called PSTN modem must be an external modem. The calling PSTN modem can be either a built-in modem or an external modem. For better compatibility and to facilitate monitoring of status, it is recommended that you use the calling and called PSTN modems made by the same vendor. The following configuration is based on one type of modem. In actual applications, you can configure the modem by referring to the related AT command set.
Networking
Figure 1-6 shows an example network for configuring the MA5600T through the remote serial port. Figure 1-6 Example network for configuring the MA5600T through the remote serial port
Telephone line
Serial port cable Modem
CON ETH ESC
Telephone line
Serial port cable Modem PC
SCU
MA5600T
Figure 1-7 shows the flowchart for configuring the MA5600T through the remote serial port.
1-8
Issue 02 (2008-04-25)
Figure 1-7 Flowchart for configuring the MA5600T through the remote serial port
Start
Set the called modem parameters
Set the calling modem parameters
Set up the configuration environment
Start the HyperTerminal
Set the HyperTerminal parameter
Dial up on the HyperTerminal
End
Procedure
Step 1 Set the called modem parameters. Only three signal lines, namely SD, RD, and SG, are used for connecting the MA5600T and the modem. Therefore, before connecting the modem to the MA5600T, shield the handshake signals and the flow control signals of the modem. The configuration of a modem requires an intelligent terminal. The following modem configuration is based on the HyperTerminal operating in Windows. 1. Connect the serial port of the modem to the serial port of the maintenance terminal by using the dedicated cable for the modem, and then power on the system. You need not install a driver during this operation. Assume that the modem is connected to COM2 port. Start the HyperTerminal, and select Direct to COM2 in the Connect using column in the dialog box that appears. Set the serial port parameters as follows: 9600 bit/s for baud rate, 8 for data bits, 1 for stop bits, None for parity, and None for data traffic control.
NOTE
2.
After the connection, the terminal may not display anything. This is because the display function of the modem was disabled at the previous configuration operation. To enable the terminal to display the input information and the output information, run the AT&F command to restore the default settings and press Enter.
3.
Check the modem. In the HyperTerminal, enter the AT&F command to restore the default settings of the modem. Check whether the screen displays "OK". If it displays "OK", the modem is normal. If it does not display "OK", the modem is faulty and it must be replaced with a new modem.
4.
Issue 02 (2008-04-25)
In the HyperTerminal, run the following commands:

ATS0=1 //Enable the auto replay function (ringing sound). AT&D //Ignore DTR signals. AT&K0 //Disable the flow control function. AT&R1 //Ignore the RTS signals. AT&S0 //Set DSR as high level. ATEQ1&W //Disable the modems response to the command while executing the command and saving the configurations.
NOTE
After the last command is executed, running the AT command disables the echo function of the terminal and prevents the display of the execution results.
l l
Due to the limitation of the bit rate of the modem, you can run the baudrate command to modify the baud rate of the serial port of the MA5600T to 9600 bit/s or 19200 bit/s. To prevent an extremely high bit rate on the line between the two modems, you can set AT $MB=9600 (or another value) before running the ATEQ1&W command.
Step 2 Set the calling modem parameters. After the power-on, the calling modem can function in the normal state without any configuration. However, if you connect the maintenance terminal to the modem by using a standard cable, shield the handshake signals and the flow control signals of the modem before the connection. For more information on the shield operation, refer to the settings of the called modem parameters. Step 3 Set up the configuration environment. Figure 1-6 shows the configuration environment. 1. Connect the called modem. Plug the telephone line into the LINE port of the called modem. Connect the serial port of the called modem to the maintenance port CON of SCU board on the MA5600T by using the dedicated serial port cable for the MA5600T, and then power on the modem. 2. Connect the calling modem. For an external modem, plug the telephone line into the LINE port of the calling modem, connect the serial port of the calling modem to the serial port of the maintenance terminal by using the dedicated cable for the modem, and then power on the modem. For a built-in modem, you only need to plug the telephone line into the LINE port of the calling modem. Step 4 Start the HyperTerminal. 1. Set up a new connection. Choose Start > Programs > Accessories > Communication > HyperTerminal to start the HyperTerminal and enter the name. Click OK. 2. Configure the serial port. Select the standard character terminal or the PC terminal serial port that is connected to the MA5600T. (Assume that the serial port is serial COM2.) Click OK. Step 5 Set the parameters of the HyperTerminal. In the preceding substep 2, click OK. Then, set the serial port parameters in the dialog box as shown in Figure 1-8. The parameters are set as follows:
1-10 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)

l l l l l
Baud rate: 9600 bit/s Data bits: 8 Parity: None Stop bits: 1 Flow control: None
NOTE
l l
When setting the baud rate, make sure that the baud rate of the HyperTerminal is consistent with the baud rate of the serial port. By default, the baud rate of the serial port is 9600 bit/s. There may be illegible characters in the input information after you log in to the system. This is because the baud rate between the HyperTerminal and the system is inconsistent. In such cases, use another baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400 bit/s, 57600 bit/s, and 115200 bit/s.
Figure 1-8 Setting the parameters of the HyperTerminal
Click OK and the HyperTerminal interface appears. Step 6 Dial up on the HyperTerminal. 1. In the case of an external modem, perform the following operations: In the case of an external modem, select a serial port instead of a modem from the Connect using drop-down list in the HyperTerminal to set up the connection to the modem. In the HyperTerminal interface, you can enter the AT command such as ATDTXXXXXXXX for dialup. XXXXXXXX indicates the telephone number used by the line of the remote modem connected to the host. For details of the dialup commands, refer to the AT command set. ATDT0 W 020XXXXXXXX indicates that you should dial "0" for connection by using the external
Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd 1-11
line. Wait for the dialing tone from the switch, and then dial the telephone number 020XXXXXXXX. 2. In the case of a built-in modem, perform the following operations: Run the HyperTerminal. Set the called number. Select the modem from the Connect using drop-down list. Click Configure in the properties setting interface to set the modem properties. Select Bring up terminal window after dialing in the Options tab of the properties setting interface. Click OK to confirm the setting. Click Dial to continue the dialing. You need not use any ATDT commands for dialing. ----End
Result
After the dialup, the "OH" and "RI" LEDs on the modem that connects to the PC turn on. The modem generates a sound, which indicates that the connection is in-progress. After the connection is set up, the two modem CD LEDs (for carrier detection) turn on, and the HyperTerminal interface displays "CONNECT9600 (or 19200)". This indicates that the intermodem connection is set up successfully. If "NO CARRIER" is displayed, the connection fails. Check the hardware connections and the telephone line. Press Enter until the login interface appears. After configuring the MA5600T, run the hang-up command of the HyperTerminal to break the connection.
WARNING
l
When the modem connection setup is in progress, pressing any key on the keyboard interrupts the ongoing call. After a remote maintenance operation, you need to disconnect the line, instead of directly shutting down the HyperTerminal. Otherwise, modems of certain models may remain online all the time, resulting in failure during the next dialup connection.
1.4 Configuring the Terminal Through the Outband Management Channel

This topic describes how to connect the maintenance terminal to the MA5600T over a local area network (LAN) or a wide area network (WAN), and configure the MA5600T through the outband management channel.
Networking-LAN
Figure 1-9 shows an example network for configuring the outband management in a LAN by Telnet.
1-12
Issue 02 (2008-04-25)
Figure 1-9 Example network for configuring the outband management in a LAN by Telnet
CON ETH ESC
SCU LAN
MA5600T
PC
PC
PC
Use a straight through cable to connect the MA5600T to the LAN. Make sure that the IP address of the maintenance network port of the control board and the IP address of the PC used for maintaining the MA5600T are located in the same subnet.
NOTE
You can also use a crossover cable to connect the network port of the maintenance terminal to the maintenance network port of the control board to maintain the MA5600T.
Data Plan-LAN
Table 1-2 provides the data plan for configuring the outband management in a LAN by Telnet. Table 1-2 Data plan for configuring the outband management in a LAN by Telnet Item Maintenance network port of the MA5600T PC used for maintaining the MA5600T Data IP address: 10.10.20.1/24 IP address: 10.10.20.3/24
Networking-WAN
Figure 1-10 shows an example network for configuring the outband management in a WAN by Telnet.
Issue 02 (2008-04-25)
1-13
Figure 1-10 Example network for configuring the outband management in a WAN by Telnet
PC LAN Router
CON ETH ESC
PC
PC SCU MA5600T
Data Plan-WAN
Table 1-3 provides the data plan for configuring the outband management in a WAN by Telnet. Table 1-3 Data plan for configuring the outband management in a WAN by Telnet Item Maintenance network port of the MA5600T PC used for maintaining the MA5600T Router port connecting to the MA5600T Data IP address: 10.10.20.1/24 IP address: 10.10.21.1/24 IP address: 10.10.20.254/24
Figure 1-11 shows the flowchart for configuring the outband management in a WAN by Telnet.
1-14
Issue 02 (2008-04-25)
Figure 1-11 Flowchart for configuring the outband management in a WAN by Telnet
Start
Set up the configuration environment
Set the IP address of the maintenance network port
WAN environment or not?

Yes
No
Add a route for the NMS
Run the telent application
End
Procedure
Step 1 Set up the configuration environment. Figure 1-9 and Figure 1-10 show the example networks for configuring the MA5600T through the outband management channel. You can set up the environment according to the requirements. Step 2 Set the IP address of the maintenance network port.
huawei(config)#interface meth 0 huawei(config-if-meth0)#ip address 10.10.20.1 24
Step 3 Add a route for the network management system (NMS).

l
If setting up the WAN configuration environment as shown in Figure 1-9, you need not add a route. If setting up the WAN configuration environment as shown in Figure 1-10, you need to add a next hop route to the NMS.
huawei(config-if-meth0)#quit huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Step 4 Run the telnet application. Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the maintenance network port of the MA5600T in the Open field. Click OK to run the telnet application Windows XP OS is considered as an example), as shown in Figure 1-12.
Figure 1-12 Running the telnet application
Step 5 Log in to the system. By default, the super user uses root as the user name and admin as the password.
Huawei Integrated Access Software. Copyright(C) Huawei Technologies Co., Ltd. 1998-2007. All rights reserved. >>User name:root >>User password:
----End
Result
After logging in to the system, you can perform the configuration successfully.
1.5 Configuring the Terminal Through the Inband Management Channel

This topic describes how to configure the MA5600T through the inband management channel.
Networking-LAN
Figure 1-13 shows an example network for maintenance through the GE port in a LAN.
1-16
Issue 02 (2008-04-25)
Figure 1-13 Example network for maintenance through the GE port in a LAN
GE 0/19/0
CON ETH ESC
SCU
MA5600T LAN
PC
PC
PC
Data Plan-LAN
Table 1-4 provides the data plan for the network. Table 1-4 Data plan for the network Item Inband management interface of the MA5600T PC used for maintaining the MA5600T Data IP address: 10.10.20.1/24 IP address: 10.10.20.3/24
Networking-WAN
Figure 1-14 shows an example network for maintenance through the GE port in a WAN. Figure 1-14 Example network for maintenance through the GE port in a WAN
Router
PC
CON ETH ESC
GE 0/19/0
SCU
MA5600T
Issue 02 (2008-04-25)
1-17
Data Plan-WAN
Table 1-5 provides the data plan for the network. Table 1-5 Data plan for the network Item GE port of the MA5600T PC used for maintaining the MA5600T Router port connecting to the MA5600T VLAN ID Upstream port Data IP address: 10.10.20.1/24 IP address: 10.10.21.1/24 IP address: 10.10.20.254/24 30 0
Figure 1-15 shows the flowchart for configuring the MA5600T through the inband management channel. Figure 1-15 Flowchart for configuring the MA5600T through the inband management channel
Start Set up the configuration environment Create an NMS VLAN and add the upstream port to it Set the IP address of the VLAN layer 3 interface
WAN environment or not? Yes Set inband NMS route
No
Run the telnet application
End
1-18
Issue 02 (2008-04-25)
Procedure
Step 1 Set up the configuration environment. Figure 1-13 and Figure 1-14 show the example network for configuring the MA5600T through the inband management channel. You can set up the environment based on the requirements. Step 2 Create an NMS VLAN and add the upstream port to it. 1. Run the vlan command to create an NMS VLAN.
huawei(config)#vlan 30 standard huawei(config)#port vlan 30 0/9 0
2.
Run the native-vlan command to configure the native VLAN of the upstream port.
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 vlan 30
Step 3 Set the IP address of the VLAN L3 interface. Run the ip address command to set the IP address and subnet mask of the MA5600T VLAN L3 interface.
huawei(config-if-scu-0/9)#quit huawei(config)#interface vlanif 30 huawei(config-if-vlanif30)#ip address 10.10.20.1 255.255.255.0
Step 4 Set inband NMS route. If the configuration environment is set up as shown in Figure 1-13, you need not configure a route. If the configuration environment is set up as shown in Figure 1-14, you need to add the route of next hop.
huawei(config-if-vlanif30)#quit huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Step 5 Run the telnet application. Choose Start > Run on the PC. Enter the telnet command, followed by the IP address of the maintenance network port of the SCU board in the Open field. Click OK to run the telnet application as shown in Figure 1-16. Figure 1-16 Running the telnet application
Step 6 Log in to the system. By default, the super user uses root and admin as the user name and password. When you log in, the system prompts the following.
Huawei Integrated Access Software. Copyright(C) Huawei Technologies Co., Ltd. 1998-2007. All rights reserved. >>User name:root >>User password:
----End
Result
After logging in to the system, you can configure the terminal for maintenance.
1.6 Configuring the Terminal Through SSH

This topic describes how to connect the maintenance terminal to the MA5600T through SSH. Then, you can log in to the MA5600T through SSH for maintenance. This helps to protect the MA5600T from network attacks.
Networking-LAN
Figure 1-17 shows the connection for setting up the SSH configuration environment in the LAN outband mode. Figure 1-17 Setting up the SSH configuration environment in the LAN outband mode
CON ETH ESC
SCU LAN
MA5600T
PC
PC
PC
Data Plan-LAN
Table 1-6 provides the data plan for the network.
1-20
Issue 02 (2008-04-25)
Table 1-6 Data plan for the network Item MA5600T Data IP address of the maintenance network port: 10.10.20.2/24 Username: huawei User authentication mode: RSA public key authentication PC used for maintaining the MA5600T IP address: 10.10.20.1/24 Client software: PuTTY Password conversion tools: PuTTY.exe, PuTTYGen.exe, sshkey.exe
Networking-WAN
Figure 1-18 shows the connection for setting up the SSH configuration environment in the WAN outband mode. Figure 1-18 Setting up the SSH configuration environment in the WAN outband mode
PC LAN Router
CON ETH ESC
PC
PC SCU MA5600T
Data Plan-WAN
Table 1-7 provides the data plan for the network. Table 1-7 Data plan for the network Item MA5600T Data IP address of the maintenance network port: 10.10.20.2/24 Username: huawei User authentication mode: RSA public key authentication PC used for maintaining the MA5600T IP address: 10.10.21.1/24 Client software: PuTTY Password conversion tools: PuTTY.exe, PuTTYGen.exe, sshkey.exe
Item Router port connecting to the MA5600T
Data IP address: 10.10.20.254/24
Networking-LAN
Figure 1-19 shows the connection for setting up the SSH configuration environment in the LAN inband mode. Figure 1-19 Setting up the SSH configuration environment in the LAN inband mode
GE 0/19/0
CON ETH ESC
SCU
MA5600T LAN
PC
PC
PC
Data Plan-LAN
Table 1-8 provides the data plan for the network. Table 1-8 Data plan for the network Item MA5600T Data IP address of the VLAN L3 interface: 10.10.20.2/24 Username: huawei User authentication mode: RSA public key authentication PC used for maintaining the MA5600T IP address: 10.10.20.1/24 Client software: PuTTY Password conversion tools: PuTTY.exe, PuTTYGen.exe, sshkey.exe
1-22
Issue 02 (2008-04-25)
Networking-WAN
Figure 1-20 shows the connection for setting up the SSH configuration environment in the WAN inband mode. Figure 1-20 Setting up the SSH configuration environment in the WAN inband mode
Router
PC
CON ETH ESC
GE 0/19/0
SCU
MA5600T
Data Plan-WAN
Table 1-9 provides the data plan for the network. Table 1-9 Data plan for the network Item MA5600T Data IP address of VLAN L3 interface: 10.10.20.2/24 Username: huawei User authentication mode: RSA public key authentication PC used for maintaining the MA5600T IP address: 10.10.21.1/24 Client software: PuTTY Password conversion tools: PuTTY.exe, PuTTYGen.exe, sshkey.exe Router port connecting to the MA5600T IP address: 10.10.20.254/24
Figure 1-21 shows the flowchart for configuring the SSH environment. For details of the configuration, see "7.7 Configuring SSH."
Issue 02 (2008-04-25)
1-23
Figure 1-21 Flowchart for configuring in the SSH mode

Start
Set the IP address of the maintenance network port/VLAN layer 3 interface
WAN environment or not?

Yes Add a route for the NMS
No
Create an SSH user
Create the key pair for the SSH server
Set SSH user authentication mode rsa, all, passwordpublickey Generate the RSA public key
Password
Generate the public key for SSH user
Authorize the public key to the SSH user
End
1-24
Issue 02 (2008-04-25)
Procedure
Step 1 Set up the configuration environment. You can set up the configuration environment as shown in Figure 1-17, Figure 1-18, Figure 1-19, and Figure 1-20. Step 2 Set the IP address of the maintenance network port/VLAN L3 interface.
l
To set the IP address of the maintenance network port, do as follows:

huawei(config)#interface meth 0 huawei(config-if-meth0)#ip address 10.10.20.2 255.255.255.0
To set the IP address of the VLAN L3 interface, do as follows:

huawei(config)#vlan 30 standard huawei(config)#interface vlanif 30 huawei(config-if-vlanif30)#ip address 10.10.20.2 255.255.255.0
Step 3 Add a route for the NMS. To set up a LAN configuration environment based on Figure 1-17 or Figure 1-19, you need not add a route for the NMS. To set up a WAN configuration environment based on Figure 1-18 or Figure 1-20, you must add a route of next hop for the NMS, as follows:
huawei(config-if-vlanif30)#quit huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Step 4 Create a user. To create a user with the following parameters, do as follows:
l l l l l
Bound user profile: root (default) Level: Operator User name: huawei Password: huawei123 Login attempts: 4
huawei(config)#terminal user name User profile name(<=15 chars)[root]: User Name(<=15 chars):huawei User Password(<=15 chars):huawei123 //The password is not displayed on the CLI. Confirm Password(<=15 chars):huawei123 //The password is not displayed on the CLI. User's Level: 1. Common User 2. Operator 3. Administrator:2 Permitted Reenter Number(0--4):4 User's Appended Info(<=30 chars): This user has been added Repeat this operation? (y/n)[n]:n
Step 5 Create the local key pair for the SSH server.
CAUTION
After logging in to the SSH successfully, configure and create the local RSA key pair. Make sure that you complete the "rsa local-key-pair create" operation and create the local key pair before further SSH configurations.
Issue 02 (2008-04-25)
1-25
huawei(config)#rsa local-key-pair create The key name will be: Host The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]: Generating keys... .++++++++++++ ..++++++++++++ ............++++++++ ...............................++++++++
Step 6 Set the authentication mode for the SSH user. Select the RSA authentication mode.
huawei(config)#ssh user huawei authentication-type rsa %Authentication type set, and will be in effect next time.
Step 7 Generate the RSA public key. 1. Run the key generator PUTTYGEN.EXE Open the key generator PUTTYGEN.EXE, as shown in Figure 1-22. Figure 1-22 Interface of the key generator
2.
Generate the client key. Select SSH-2 RSA as the key type under Parameters. Click Generate. Move the cursor over the blank area to generate the client key, as shown in Figure 1-23.
1-26
Issue 02 (2008-04-25)
Figure 1-23 Generating the client key
After generating the client key, save the public key and private key. 3. Generate the RSA public key. To convert the client public key into the RSA public key, run the client software for converting keys, namely the sshkey.exe, as shown in Figure 1-24.
Issue 02 (2008-04-25)
1-27
Figure 1-24 Interface of converting the client public key into the RSA public key
Step 8 Generate the public key for the SSH user. To generate the public key for the SSH user, copy the RSA public key to the server in the configrsa-key-code command line mode.
huawei(config)#rsa peer-public-key key Enter "RSA public key" view, return system view with "peer-public-key end". huawei(config-rsa-public-key)#public-key-code begin Enter "RSA key code" view, return last view with "public-key-code end". huawei(config-rsa-key-code)#30818602 81805A01 625279EF 5E4CD503 916C9DB5 0233CF58 huawei(config-rsa-key-code)#C901D4CA 207C77D3 4EF25B04 9897BD24 997BF61B DFB9A73C huawei(config-rsa-key-code)#F82B6F06 55ACCDB9 F7DC1474 9E6518EE B1A543FF 9147150B huawei(config-rsa-key-code)#111BD11C 683A023B A4295550 DA13F6BE 3190A2A8 3BFCB158 huawei(config-rsa-key-code)#4FBAA365 F6E796A0 B02CB6F9 8491A373 9B4A0876 4B3189B4 huawei(config-rsa-key-code)#BBA2C7BA E1974104 AD165E98 18CF0201 25 huawei(config-rsa-key-code)#public-key-code end huawei(config-rsa-public-key)#peer-public-key end
Step 9 Authorize the public key to the SSH user. In the global config mode, to authorize the public key to the SSH user huawei, do as follows:
huawei(config)#ssh user huawei assign rsa-key key
Step 10 Log in to the system. 1. Run the client software. Run the SSH client software PUTTY.EXE. Click Auth in the directory tree and assign a file for the RSA private key, as shown in Figure 1-25. Click Browse. Select the file for the private key and click OK.
Figure 1-25 Interface of the SSH client software
2.
Log in to the system. Click Session in the directory tree. Type the IP address of the MA5600T in the Host Name (or IP address) text box. Click Open to log in to the system.
Issue 02 (2008-04-25)
1-29
Figure 1-26 Interface for connecting to the system.
Because the user authentication mode is RSA, the system prompts a message, as shown in Figure 1-27. Figure 1-27 Interface for logging in to the SSH client
Enter the correct username to log in to the system according to the prompt. ----End
Result
After logging in to the system, you can perform the configuration successfully.
Issue 02 (2008-04-25)
1-31
2 Getting Started With CLI
2
About This Chapter
Getting Started With CLI
This topic describes the basic CLI operations on the MA5600T. 2.1 Overview This topic describes the CLI operation mode and the method of applying it for maintaining the MA5600T. 2.2 CLI Characteristics This topic describes the CLI characteristics of the MA5600T. 2.3 Basic Operations Through CLI This topic describes how to perform the basic operations on the MA5600T through the CLI.
Issue 02 (2008-04-25)
2-1
2.1 Overview
This topic describes the CLI operation mode and the method of applying it for maintaining the MA5600T.
Service Description
You can maintain the MA5600T through the CLI or the NMS.
l
The NMS provides a graphical user interface (GUI) and the CLI provides the command line interface to facilitate operations. The networking for maintaining the MA5600T through the CLI is simple. You can run the HyperTerminal or the telnet program of the Windows operating system to log in to the MA5600T to maintain it through the CLI.
Service Specification
This topic describes certain basic CLI operations that can help you to perform the basic configurations for the MA5600T through the CLI.
2.2 CLI Characteristics

This topic describes the CLI characteristics of the MA5600T. 2.2.1 Command Modes This topic describes the CLI command mode, the feature, and the switchover between command modes. 2.2.2 Intelligent Matching This topic describes the intelligent matching feature of the CLI. That is, when you type in an incomplete keyword and press the space bar, the matching key words are displayed automatically. 2.2.3 Edit Characteristics This topic describes the edit characteristics of the CLI. That is, the keys that you can use when inputting the command key words and parameters. 2.2.4 Interaction Function This topic describes the interaction function of the CLI. That is, the CLI system prompts certain keywords that can be input and the parameter type of the keyword. 2.2.5 Parameter Prompt This topic describes the parameter prompt function of the CLI. 2.2.6 Display Characteristics This topic describes the display characteristics of the CLI. That is, the CLI system supports the function of pausing the displayed information when there is a lot of information to be displayed. 2.2.7 Saving and Querying History Commands The CLI provides a function, such as Doskey, to save history commands automatically. With this function, you can retrieve the history commands that are saved in the CLI and run them repeatedly. 2.2.8 CLI Error Prompts
This topic describes the CLI error prompts.
2.2.1 Command Modes

This topic describes the CLI command mode, the feature, and the switchover between command modes.
Classification
The MA5600T provides various modes to realize hierarchical protection and to prevent unauthorized access. The MA5600T provides the following command modes:
l l l l l l l
User mode Privilege mode Global config mode Interface config Mode RIP mode OSPF mode BTV mode
Features
l
Downward compatibility

All commands in the user mode can be run in the privilege mode. All commands in the user mode and privilege mode can be run in the global config mode.
Hierarchical protection Based on different command modes, the system can prevent unauthorized access. For users at different levels, the command modes involved are different, and the commands that can be executed for these users are also different even though they can enter the same mode.
Mode Switching
Figure 2-1 shows how to switch between the command modes.
Issue 02 (2008-04-25)
2-3
Figure 2-1 Switching between the command modes

ospf quit rip quit Login quit User mode enable huawei> disable config Global config mode huawei (config)# quit interface quit Interface config mode huawei (config-if-...)# OSPF mode huawei (config-ospf-...)# RIP mode huawei (config-rip-...)#
Privilege huawei#
btv quit
BTV mode huawei (config-btv)# -
Table 2-1 lists the features of the interface config modes. Table 2-1 Features of the interface config modes Command Mode SCU GIU Function Configures the control board. Configures upstream board parameters. Configures GPON port parameters. Configures maintenance network port parameters. Configures ADSL port parameters. Configures SHDSL port parameters. Configures VDSL port parameters. Configures OPF port parameters. Prompt huawei(config-if-scu-0/9) # huawei(config-ifgiu-0/19)# huawei(config-ifgpon-0/11)# huawei(config-if-eth-0/5) # Entry huawei(config) #interface scu huawei(config) #interface giu huawei(config) #interface gpon huawei(config) #interface eth
GPON ETH
ADSL SHDSL VDSL OPF
huawei(config-ifadsl-0/11)# huawei(config-ifshl-0/12)# huawei(config-ifvdsl-0/13)# huawei(config-if-opf-0/2) #
huawei(config) #interface adsl huawei(config) #interface shl huawei(config) #interface vdsl huawei(config) #interface opf
Issue 02 (2008-04-25)
2-4
Command Mode MEth
Function Configures the parameters of the maintenance network port. Configures the parameters of the loopback interface. Configures EMU port parameters. Configures NULL interface parameters. Configures VLAN parameters. Configures multicast VLAN parameters.
Prompt huawei(config-if-meth0) #
Entry huawei(config) #interface meth 0
Loopback interface EMU
huawei(config-ifloopback0)# huawei(config-ifpower4845/h801esc/ fan-0)# huawei(config-if-null0)#
huawei(config) #interface loopback 0 huawei(config) #interface emu huawei(config) #interface null huawei(config) #interface vlanif huawei(config) #multicast-vlan
NULL
VLANIF MVLAN
huawei(config-if-vlanif2) # huawei(config-mvlan10) #
NOTE
l l l l
To exit a command mode, run the quit command. To exit the current mode to the privilege mode, run the return command. To exit the privilege mode to the user mode, run the disable command. By default, the command line prompt uses MA5600MA5680" as its prefix. You can modify the prompt by running the sysname command. The information in the bracket describes the current mode.
2.2.2 Intelligent Matching

This topic describes the intelligent matching feature of the CLI. That is, when you type in an incomplete keyword and press the space bar, the matching key words are displayed automatically.
Function
To facilitate the operation, you can type in an incomplete keyword, and then press the space bar. The CLI interface automatically displays the matching keywords. For example, for the command enable, type en or ena (in the common user mode).
Note
After pressing the space bar, if the system does not return the commands, it indicates the following:

l
You have entered a wrong command. In this case, check the command and enter the correct command. For example, when you enter dip (for display) in the privilege mode, entering a space character does not display the commands.
Two or more commands match the entered keyword. For example, when you enter dis in the privilege mode, the system cannot find a matched keyword for it. This is because there are two commands that start with dis: disable and display.
2.2.3 Edit Characteristics

This topic describes the edit characteristics of the CLI. That is, the keys that you can use when inputting the command key words and parameters.
Function
The CLI provides basic command edit functions. It allows multi-line editing, with up to 255 bytes for each command.
Specification
Table 2-2 lists the edit functions. Table 2-2 Edit functions Key Common key <Backspace> Function If the edit buffer is not full, pressing such a key moves the cursor to the right from its current position. Pressing this key deletes the character before the cursor and moves the cursor backwards. The cursor stops when it reaches the beginning of the line. Moves the cursor one character to the left. Moves the cursor one character to the right. Displays history commands. For certain terminals, which do not support up/down arrow keys, you can use <Ctrl+P> to select the previous history command. Deletes the characters before the current cursor and moves the cursor to the beginning of the line. Deletes the characters after the current cursor and moves the cursor to the end of the line. Searches a string. Moves the cursor to the end of the line. Pressing this key twice deletes the current entry.
Left arrow key <> or <Ctrl+A> Right arrow key <> or <Ctrl+D> Up/Down arrow key < ><> <Ctrl+U> <Ctrl+K> <Ctrl+F> <Ctrl+B> <ESC>
2-6
NOTE
Common keys refer to letter keys, number keys, and mark keys.
2.2.4 Interaction Function

This topic describes the interaction function of the CLI. That is, the CLI system prompts certain keywords that can be input and the parameter type of the keyword.
Function
In the interactive mode, if you type an incomplete command and press Enter, the system prompts the following keywords that can be input and the parameter type of the keyword. When you input "?", the system prompts the help information of the command.
Examples
To run the load program command in the interactive mode, do as follows:
huawei#load program { xmodem<K>|tftp<K>|ftp<K> }:tftp huawei#load program { emu<K>|ont<K>|xmodem<K>|tftp<K>|ftp<K>|sftp<K> }:tftp
When the interactive mode is disabled, if you type an incomplete command and press Enter, the system prompts an error. To run the load program command when the interactive mode is disabled, do as follows:
huawei#undo smart huawei#load program tftp ^ % Incomplete command, the error locates at '^'
To display the help information provided by the command after you input the keyword switch, and then "?", do as follows:
huawei#switch ? --------------------------------------------Command of user Mode: --------------------------------------------language-mode Set language parameter
2.2.5 Parameter Prompt

This topic describes the parameter prompt function of the CLI.
Function
In the interactive mode, the CLI characters such as <K> and are used to express the parameter types of a keyword.
Specification
Table 2-3 lists the meaning of the CLI characters supported by the MA5600T.
Table 2-3 Meaning of the CLI characters supported by the MA5600T Character <K> <E> <L> <S> <M> <H> <D><yy-mm-dd> <T><hh:mm:ss> Meaning Keyword Enumeration: Items following it are the available options. ULONG: Information following it is the range of the value to be entered. LONG: Information following it is the range of the value to be entered. Character string: Information following it is the range of the character string to be entered. IP address MASK, such as the mask of an IP address. MAC address Hexadecimal number. That is, the "Ox" can be input. The default setting is decimal number. Date Time
NOTE
The hexadecimal number can be input in the CLI. If you, however, do not type "0x" when entering a hexadecimal number, the system considers the number that is entered as a decimal.
2.2.6 Display Characteristics

This topic describes the display characteristics of the CLI. That is, the CLI system supports the function of pausing the displayed information when there is a lot of information to be displayed.
Function
When you query the information, the CLI may fail to display the information on one screen. In such a case, use the pause function to view the information displayed on multiple screens.
l l
By default, the screen displayed by the HyperTerminal software of a PC contains 24 lines. The system supports the automatic screen scroll in the upward direction, that is, the information is displayed on the screen without a pause. Run the scroll command to enable the auto-scroll function, and run the undo scroll command to disable the auto-scroll function. By default, the auto-scroll function is disabled.
Specification
Table 2-4 lists the options for viewing the information displayed on multiple screens.
Table 2-4 Options for viewing the information displayed on multiple screens Key Press Q or Ctrl+C when the display is frozen. Press Space when the display is frozen Press Enter when the display is frozen Function Ends the display and the execution of the commands.
Continues to display the information on the next screen. Continues to display the information on the next line.
2.2.7 Saving and Querying History Commands

The CLI provides a function, such as Doskey, to save history commands automatically. With this function, you can retrieve the history commands that are saved in the CLI and run them repeatedly.
Background Information
By default, up to 10 history commands can be saved for every user in the CLI, and up to 10 history commands can be queried. The display history-command command displays only the commands run by the current user. After re-login, the history commands are cleared.
Procedure
Step 1 Run the history-command max-size command to set the number of history commands that can be saved in the command buffer. Step 2 Run the display history-command command to query history commands. ----End
Example
To set the number of history commands that can be saved in the command buffer to 20, do as follows:
huawei(config)#history-command max-size 20 huawei(config)#display history-command -------------------------------------------------No. Command -------------------------------------------------10 interface ? 9 history-command max-size 8 mac-pool ? 7 display current-configuration 6 ? 5 quit 4 quit 3 radius-server ? 2 ?
Issue 02 (2008-04-25)
2-9
1 ? --------------------------------------------------
2.2.8 CLI Error Prompts

This topic describes the CLI error prompts.
Function
The system checks the syntax of each command you type, and executes the command if it passes the check. If the command fails to pass the check, the system prompts an error message.
Specification
Table 2-5 shows the common CLI error prompts. Table 2-5 Common CLI error prompts Error Prompt Unknown command Cause
l l l l
The command cannot be found. The keyword cannot be found. The parameter type is incorrect. The parameter value exceeds the threshold.
Incomplete command Too many parameters Ambiguous command Parameter error
The command entered is incomplete. The parameters entered are too many. The command entered is ambiguous. The parameter is incorrect and the cursor indicates the error location.
2.3 Basic Operations Through CLI

This topic describes how to perform the basic operations on the MA5600T through the CLI. 2.3.1 Obtaining the Online Help Information This topic describes how to obtain the online help information. If you need to query the current command or the help information of the command in the current mode, perform this operation. If no help information is found, the help list is empty. 2.3.2 Enabling the Interactive Command Execution Mode This topic describes how to enable the interactive command execution mode. 2.3.3 Enabling the CLI Trap Reporting This topic describes how to enable the CLI trap reporting when displaying the alarm or when the progress information is required during the execution of a command. 2.3.4 Searching for a Keyword This topic describes how to search for a command keyword.
2.3.5 Switching the Terminal Language This topic describes how to select a preferred language as the terminal display language. 2.3.6 Setting the System Time This topic describes how to set the system time. 2.3.7 Setting the System Name This topic describes how to enable an administrator to set the system name to differentiate various MA5600Ts. 2.3.8 Setting the Terminal Type This topic describes how to set the terminal type of the CLI system according to the type of the terminal in use to ensure correct command line editing. 2.3.9 Setting the Timeout Exit Time This topic describes how to set the timeout exit time. During this time, if the user fails to type any information on the terminal, the system allows the user to exit the system. 2.3.10 Locking the Terminal This topic describes how to lock the terminal to prevent unauthorized users from accessing the terminal by using the current user name. 2.3.11 Clearing the Terminal Screen This topic describes how to clear the contents currently displayed on the terminal screen when you need to highlight the information to be input and output. After this operation is executed successfully, the prompt character is displayed on the upper left of the screen. 2.3.12 Querying the Version This topic describes how to query the system or board version. 2.3.13 Querying the CPU Usage This topic describes how to query the CPU usage of a board. By querying the CPU usage of the control board or the service board, you can obtain the information about the system running state to facilitate guiding other operations. 2.3.14 Querying the Memory Usage This topic describes how to query the memory usage. By querying the memory usage of the control board, you can obtain the information about the service running state to facilitate guiding other operations. 2.3.15 Testing the Network State This topic describes how to check the connectivity of a network and whether the host is reachable, and check all gateways passed by data packets sent from a host to the destination. In addition, this operation enables you to locate network faults.
2.3.1 Obtaining the Online Help Information

This topic describes how to obtain the online help information. If you need to query the current command or the help information of the command in the current mode, perform this operation. If no help information is found, the help list is empty.
The CLI provides the following two methods for obtaining online help:
l
Full help
Issue 02 (2008-04-25)
When you type ? following the prompt, you can obtain the help information about the current available commands. When you type ? following a complete keyword, you can obtain the brief help information about all commands matching that keyword and the parameters of these commands.
Partial help When you type ? following an incomplete keyword, you can obtain the help information about the commands matching that incomplete keyword.
Examples
To obtain the help information about all available commands in the global config mode, do as follows:
huawei(config)#? --------------------------------------------Command of config Mode: --------------------------------------------aaa AAA(Authentication,Authorization,Accounting) view acl Specify ACL configuration information adsl <Group> adsl command group arp <Group> ARP command group auto-backup Auto backup bandwidth Modify bandwidth or convergence bind <Group> bind command group ---- More ( Press 'Q' to break ) ----
To obtain the help information about the commands that match with the incomplete keyword display, do as follows:
huawei(config)#display ? --------------------------------------------Command of privilege Mode: --------------------------------------------acl ACL status and configuration information adsl <Group> adsl command group alarm Display alarm related information arp <Group> arp command group auto Display AUTO users auto-backup Auto backup ---- More ( Press 'Q' to break ) ----
To obtain the help information about the commands that match with the incomplete d, do as follows:
huawei(config)#d? --------------------------------------------Command of config Mode: --------------------------------------------DBA-profile <Group>DBA-profile configuration command group debugging Enable system debugging functions default Configure default MAC pool defaultvlan Configure default VLAN type device-template Device template command dhcp <Group> dhcp command group dhcp-option82 DHCP option82 dhcp-server Add DHCP server IP addresses dns Specify domain name system dot1x 802.1x dot1x-template 802.1x template --------------------------------------------Command of privilege Mode: --------------------------------------------debugging <Group> debugging command group
2-12
Issue 02 (2008-04-25)

diagnose Change into diagnose mode disable Turn off privileged mode commands display Display information duplicate <Group> duplicate command group --------------------------------------------Command of user Mode: --------------------------------------------display Display information
Related Operation
Table 2-6 lists the related operation for obtaining the online help information. Table 2-6 Related operation for obtaining the online help information To Obtain the system help information Run the Command... help
2.3.2 Enabling the Interactive Command Execution Mode

This topic describes how to enable the interactive command execution mode.
l
When the interactive command execution mode is enabled, and if you type a complete command and press Enter, the system displays the interactive prompts for the command execution. This helps to prevent maloperations. For example, if you type the reboot system command, and then press Enter, the system prompts the following: Please check whether data has saved, the unsaved data will lose if reboot system, are you sure to reboot system? (y/n)[n]:
If the interactive command execution mode is disabled, and you type a command and press Enter, the system executes the command directly. By default, the interactive command execution mode is enabled.
Procedure
Step 1 Run the interactive command to enable the interactive command execution mode. Step 2 Run the display interactive command to query the status of the interactive command execution mode. ----End
Example
To enable the interactive command execution mode, do as follows:
huawei>interactive Interactive function is enabled huawei>display interactive Command confirmed function is enabled
Issue 02 (2008-04-25)
2-13
Related Operation
Table 2-7 lists the related operation for enabling or disabling the interactive command execution mode. Table 2-7 Related operation for enabling or disabling the interactive command execution mode To Disable the interactive command execution mode Run the Command undo interactive
2.3.3 Enabling the CLI Trap Reporting

This topic describes how to enable the CLI trap reporting when displaying the alarm or when the progress information is required during the execution of a command.
By default, the CLI trap reporting is enabled.
Procedure
Step 1 Run the info-center enable command to enable the CLI trap reporting. Step 2 Run the display info-center command and the CLI trap reporting is enabled. ----End
Example
To enable the CLI trap reporting, do as follows:
huawei(config)#info-center enable huawei(config)#display info-center Information Center:enabled Log host: Console: channel number : 0, channel name : console Monitor: channel number : 1, channel name : monitor SNMP Agent: channel number : 5, channel name : snmpagent Log buffer: enabled,max buffer size 1024, current buffer size 512, current messages 36, channel number : 4, channel name : logbuffer dropped messages 0, overwrote messages 0 Trap buffer: enabled,max buffer size 1024, current buffer size 256, current messages 0, channel number:3, channel name:trapbuffer dropped messages 0, overwrote messages 0 Information timestamp setting: log - date, trap - date, debug - boot Sent messages = 37, Received messages = 37 IO Reg messages = 0 IO Sent messages = 0
2-14
Issue 02 (2008-04-25)
Related Operation
Table 2-8 lists the related operation for enabling or disabling the CLI trap reporting. Table 2-8 Related operation for enabling or disabling the CLI trap reporting To Disable the CLI trap reporting Run the Command undo info-center enable
2.3.4 Searching for a Keyword

This topic describes how to search for a command keyword.
This operation has the following functions:
l l l
Searches for the matching keyword based on the specified string. Specifies which command mode to search in. Searches for the command including the matching keyword based on the specified string: when the parameter detail is selected, the operation involves searching for the command including the matching keyword based on the specified string.
Procedure
Run the search keyword command to search for the keyword. ----End
Example
To search for the keyword including the string "alarm" in the user mode, do as follows:
huawei(config)#search keyword alarm templet common-exec { <cr>|mode<E><key,detailed> }: Command: search keyword alarm templet common-exec --------------------------------------------Command Templet: common-exec --------------------------------------------alarm alarmsn alarmid alarmlevel alarmtype alarmclass alarmtime alarmparameter
2.3.5 Switching the Terminal Language

This topic describes how to select a preferred language as the terminal display language.
The MA5600T supports the general language and the local language. Currently, English and Chinese are supported. English is the default language.
Procedure
Run the switch language-mode command to switch from one language to the other language. ----End
Example
To switch from one language to the other language, do as follows:
huawei(config)#switch language-mode
Related Operation
Table 2-9 lists the related operation for switching the terminal language. Table 2-9 Related operation for switching the terminal language To Display the terminal language Run the Command display language Remarks This command is not available for the common user.
2.3.6 Setting the System Time

This topic describes how to set the system time.
l l l
The time format is hh:mm:ss yyyy-mm-dd, that is, hour: minute: second year-month-day. The setting takes effect immediately. During the setting, the system checks the validity of the time. Special attention should be paid to the settings of leap year and leap month.
Procedure
Step 1 Run the time command to set the system time. Step 2 Run the display time command to query the current system time. ----End
Example
To set the current time of the system to 09:00:00 2007-05-08, do as follows:
huawei#time 09:00:00 2007-05-08 huawei#display time
2-16
Issue 02 (2008-04-25)

{ <cr>|dst<K>|time-stamp<K> }: Command: display time 2007-05-08 20:00:26+08:00
2.3.7 Setting the System Name

This topic describes how to enable an administrator to set the system name to differentiate various MA5600Ts.
l l l
By default, the device name is MA5600MA5680. The new system name takes effect immediately after it is set. After the system name is changed, the command line prompt changes to the new name accordingly.
Procedure
Run the sysname command to set the system name. ----End
Example
To name the first MA5600T at the New York office in U.S.A as NY_MA5600T_A, do as follows:
huawei(config)#sysname NY_MA5600T_A NY_MA5600T_A(config)#
2.3.8 Setting the Terminal Type

This topic describes how to set the terminal type of the CLI system according to the type of the terminal in use to ensure correct command line editing.
l
Different terminals feature different edit characteristics. To ensure that most terminals are mutually compatible, the system divides terminals into the following two types:

Standard terminals (ANSI) VT series terminals
l l
The default terminal type is ANSI. Certain terminal tools, such as HyperTerminal, Telnet, and Neterm, allow you to set the terminal types. You can use the associated menu to set the terminal emulation type so that the type of the terminal tool is consistent with the type of the terminal in the system.
Procedure
Step 1 Run the terminal type command to set the terminal type. Step 2 Run the display terminal type command to query the terminal type. ----End
Example
To set the terminal type as VT 100, do as follows:
huawei#terminal type vt100 huawei>display terminal type The terminal type: VT100
2.3.9 Setting the Timeout Exit Time

This topic describes how to set the timeout exit time. During this time, if the user fails to type any information on the terminal, the system allows the user to exit the system.
By default, the system allows the user to exit the system when the user fails to type any information on the terminal within 5 minutes.
Procedure
Step 1 Run the idle-timeout command to set the timeout exit time. Step 2 Run the display idle-timeout command and the timeout exit time is set correctly. ----End
Example
To set the timeout exit time to 23 minutes, do as follows:
huawei>idle-timeout 23 huawei>display idle-timeout The timeout value is set to 23 minutes currently. If there is no input from terminal during this time, the user will be disconnected
Related Operation
Table 2-10 lists the related operation for setting the timeout exit time. Table 2-10 Related operation for setting the timeout exit time To To set the timeout exit time to the default 120 minutes Run the Command undo idle-timeout
2.3.10 Locking the Terminal

This topic describes how to lock the terminal to prevent unauthorized users from accessing the terminal by using the current user name.
When a terminal is locked, and if you press any button on the terminal, the system prompts you to enter the password. After entering the correct password, you can operate the terminal.
Procedure
Run the terminal hold command to lock the terminal. ----End
Example
To lock, and then unlock the current CLI terminal, do as follows:
huawei(config)#terminal hold Hold Password(<=1523 chars): Confirm Password(<=1523 chars): The user terminal has been held Hold Password(<=1523 chars)://Press any key and the system will prompt you to enter the unblocking password. huawei(config)# //Input the correct password.
Related Operation
Table 2-11 lists the related operation for locking the terminal. Table 2-11 Related operation for locking the terminal To Unlock the terminal Run the Command undo terminal hold
2.3.11 Clearing the Terminal Screen

This topic describes how to clear the contents currently displayed on the terminal screen when you need to highlight the information to be input and output. After this operation is executed successfully, the prompt character is displayed on the upper left of the screen.
This command clears only what is displayed on the screen and not the contents in the buffer.
Procedure
Run the cls command to clear the contents displayed on the terminal screen. ----End
Example
To clear the contents of a terminal screen, do as follows:
huawei>cls
2.3.12 Querying the Version

This topic describes how to query the system or board version.
The command cannot show the version of a faulty board.
Procedure
Run the display version command to display the system or board version. ----End
Examples
To display the information about the version on the system, do as follows:
huawei>display version { <cr>|frameid/slotid<S><1,15>|backplane<K>}: Command: display version MA5600TV800R005 RELEASE SOFTWARE Copyright (c) by Huawei Technologies Co., Ltd. Uptime is 0 day(s), 17 hour(s), 21 minute(s), 57 second(s) huawei>display version { <cr>|frameid/slotid<S><1,15>|backplane<K> }: Command: display version MA5600V800R005 RELEASE SOFTWARE PRODUCT MA5600T Copyright (c) Huawei Technologies Co., Ltd. 1998-2007 All rights reserved Uptime is 5 day(s), 0 hour(s), 15 minute(s), 17 second(s)
To display the version information on the control board, do as follows:

huawei(config)#display version 0/9 Main Board: H801SCUL --------------------------------------PCB Version: H801SCUL VER B Base BIOS Version: 100 Extended BIOS Version: 100 Software Version: MA5600V800R005 Logic Version: (U27)100(U15)101(U16)102(U100)107 MAB Version: 0001 VOIPSubBoard: PCB Version: VER A CPLD Version: (U3)255
2.3.13 Querying the CPU Usage

This topic describes how to query the CPU usage of a board. By querying the CPU usage of the control board or the service board, you can obtain the information about the system running state to facilitate guiding other operations.
Procedure
Run the display cpu command to query the CPU usage of a board. ----End
Example
To query the CPU usage of the control board, do as follows:
huawei>display cpu 0/9 CPU occupancy: 12%
2.3.14 Querying the Memory Usage

This topic describes how to query the memory usage. By querying the memory usage of the control board, you can obtain the information about the service running state to facilitate guiding other operations.
You can query the following:
l l l
The memory usage of the control board The average memory usage of the system in the last ten minutes The threshold of the memory overload
NOTE
When the memory usage exceeds the threshold of the memory overload, the system reports an alarm. You can run the resource threshold mem command to set the threshold of the memory overload.
Procedure
Step 1 Run the display mem command to query the memory usage of the control board. Step 2 Run the display resource occupancy mem command to query the average memory usage of the system in the last ten minutes. Step 3 Run the display resource threshold mem command to query the threshold of the memory overload. ----End
Examples
To query the memory usage of the control board, do as follows:
huawei(config)#display mem 0/9 Memory occupancy: 47%
To query the average memory usage of the system in the last ten minutes, do as follows:
huawei(config)#display resource occupancy mem Average usage rate of system memory in 10 minutes: 64%
To query the threshold of the memory overload, do as follows:

huawei(config)#display resource threshold mem System memory overload threshold: 80
2.3.15 Testing the Network State

This topic describes how to check the connectivity of a network and whether the host is reachable, and check all gateways passed by data packets sent from a host to the destination. In addition, this operation enables you to locate network faults.
The commands used to test the network state include ping and tracert.
l
ping To check the network connectivity and the host reachability, run the ping command. tracert To send test packets from the transmit host to the destination host, run the tracert command. With this command, you can check the connectivity of a network and locate faults in the network. The following section describes the execution process of the tracert command: 1. 2. 3. The host sends a packet with the Time to Live (TTL) of 1 to the destination. During the first hop, the system returns an Internet Control Message Protocol (ICMP) packet to indicate the failure in sending the packet due to TTL timeout. The host sends a packet with the TTL of 2. The system also returns TTL timeout during the second hop.
The process continues in this manner until the packet reaches the destination. In this way, the system can record the source address of each ICMP TTL timeout message, and provide a path along which an IP packet reaches the destination.
Procedure
l l Run the ping command to test the network state. Run the tracert command to test the network state.
----End
Examples
To test the connectivity of a network by using the ping command, do as follows:
huawei(config)#ping 10.11.52.240 PING 10.11.52.240: 56 data bytes, press CTRL_C to break Reply from 10.11.52.240: bytes=56 Sequence=0 ttl=64 time Reply from 10.11.52.240: bytes=56 Sequence=1 ttl=64 time Reply from 10.11.52.240: bytes=56 Sequence=2 ttl=64 time Reply from 10.11.52.240: bytes=56 Sequence=3 ttl=64 time Reply from 10.11.52.240: bytes=56 Sequence=4 ttl=64 time --- 10.11.52.240 Ping statistics --5 packets transmitted 5 packets received 0.00% packet loss round-trip min/avg/max = 10/10/13 ms
= = = = =
10 10 13 10 10
ms ms ms ms ms
To test the connectivity of a network by using the tracert command, do as follows:

huawei#tracert 10.11.106.133 traceroute to 10.11.106.133 max hops 30 ,packet 40 bytes press CTRL_C to break 1 253 ms 476 ms 508 ms 10.11.120.62 2 * * * Request timed out. 3 * * * Request timed out. 4 4 ms 4 ms 5 ms 10.11.106.133
2-22
Issue 02 (2008-04-25)
3 Network Management Configuration
Network Management Configuration
About This Chapter

This topic describes how to manage the MA5600T through the N2000, and the related configuration operations.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service configuration, describes the configuration flow with one or more configuration examples, and then provides a detailed description of the basic operations that can be performed on the MA5600T. For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example (s) directly. For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations first.
3.1 Overview This topic describes the network management protocols, and the NMS that the MA5600T supports. 3.2 Basic Concepts This topic describes the concepts in the network configuration. 3.3 Configuration Example of an Outband NMS This topic describes how to connect the MA5600T to the N2000 through the maintenance network port. Then, you can maintain and manage the MA5600T through an outband management channel. In the outband NMS mode, the non-service channel is used to transmit the management information. In this case, the management channel is separated from the service channel, and a more reliable device management channel is provided compared with the inband NMS mode. Thus, when the MA5600T is faulty, the information about the device in the network can be located in time, and the real-time monitoring can be performed. 3.4 Configuration Example of an Inband NMS This topic describes how to connect the MA5600T to the N2000 through the GE port. You can then maintain and manage the MA5600T through an inband management channel. In the inband NMS mode, the NMS interactive information is transmitted through the service channel of the device. For the flexible networking of the inband NMS mode, no additional device is required. Thus, it saves cost, however, it is not easy to maintain.
3.5 SNMP Agent Configuration This topic describes how to configure an SNMP agent when you need to maintain the MA5600T through the manager. 3.6 Configuring the IP Address of the Outband NMS Interface This topic describes how to configure the IP address of the outband NMS interface (maintenance network port). 3.7 Configuring an NMS Route This topic describes how to create a static route between the MA5600T and the manager. 3.8 Configuring the IP Address of the Inband NMS Interface This topic describes how to configure the IP address of the inband NMS interface.
3-2
Issue 02 (2008-04-25)
3.1 Overview
This topic describes the network management protocols, and the NMS that the MA5600T supports.
Service Description
Based on the Simple Network Management Protocol (SNMP), the MA5600T communicates with the NMS through its network management interface. Here, the iManager N2000 Fixed Network Integrated Management System (N2000) is used as the NMS. The N2000 can manage and maintain the MA5600T through the network port of the MA5600T. The MA5600T uses traps to send the status information to the N2000 to report configuration changes or emergency events.
This topic describes the network configuration performed on the MA5600T to realize normal communication between the MA5600T and the N2000, including outband NMS configuration and inband NMS configuration.
NOTE
To realize normal communication between the MA5600T and the N2000, you must also configure on the N2000. For more information, refer to the MA5600T Commissioning Guide.
3.2 Basic Concepts

This topic describes the concepts in the network configuration.
SNMP
The SNMP is an existing network management protocol. It includes the following two parts:
l l
Network management workstation Agent
The SNMP ensures normal transmission of administrative message between any two points. It facilitates the following administrative operations on any node of the network:
l l l l l l
Retrieving information Modifying information Locating a fault Diagnosing a fault Planning the capacity Generating a report
Network Management Workstation

A network management workstation is to run the network management server software.
The network management workstation can send GetRequest, GetNextRequest, and SetRequest messages to the agent.
Agent
An agent is the server software running on a network device. When receiving request messages from the manager, the agent performs the following:
l l
Reads or writes the management variables based on the message type. Generates and sends the response messages to the manager.
Alternatively, when a cold start or warm start is performed on the device and during failure and fault recovery, the agent sends traps to report such events to the manager.
Trap
Traps refer to the unsolicited messages sent from a managed device to the manager to report configuration changes or emergency events.
3.3 Configuration Example of an Outband NMS

This topic describes how to connect the MA5600T to the N2000 through the maintenance network port. Then, you can maintain and manage the MA5600T through an outband management channel. In the outband NMS mode, the non-service channel is used to transmit the management information. In this case, the management channel is separated from the service channel, and a more reliable device management channel is provided compared with the inband NMS mode. Thus, when the MA5600T is faulty, the information about the device in the network can be located in time, and the real-time monitoring can be performed.
Networking
Figure 3-1 shows an example network for configuring the outband NMS. The NMS maintains and manages the MA5600T through the maintenance network port in the outband NMS mode. The primary NMS and the secondary NMS exist in the network. Add a static route to the NMS on the MA5600T, and configure the parameters related to SNMP V1.
3-4
Issue 02 (2008-04-25)
Figure 3-1 Example network for configuring the outband NMS

10.10.21.2/24 Secondary NMS
10.10.21.1/24 Primary NMS Router 10.10.20.254/24
CON ETH ESC
SCU
MA5600T
Data Plan
Table 3-1 provides the data plan for configuring the outband NMS. Table 3-1 Data plan for configuring the outband NMS Item Maintenance network port (ETH) of the MA5600T NMS Data IP address: 10.10.20.1/24 (Primary) IP address: 10.10.21.1/24 (Secondary) IP address: 10.10.21.2/24 SNMP version Router port connecting to the MA5600T V1 IP address: 10.10.20.254/24
Figure 3-2 shows the flowchart for configuring the outband NMS.
Issue 02 (2008-04-25)
3-5
Figure 3-2 Flowchart for configuring the outband NMS

Start Set the IP address of the maintenance network port Add a route for the outband NMS
Set the SNMP parameters
Enable trap sending Set the IP address of the target host for traps Set the source address for traps sending Save the data
End
NOTE
l l
This topic describes how to configure only the MA5600T. To set up the network connection, you also need to configure the router. If the Telnet environment is set up according to "1.4 Configuring the Terminal Through the Outband Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the maintenance network port.
huawei(config)#interface meth 0 huawei(config-if-meth0)#ip address 10.10.20.1 255.255.255.0
Step 2 Add a route for the outband NMS.

huawei(config-if-meth0)#quit huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Step 3 Set the SNMP parameters:

l
Create the community name

huawei(config)#snmp-agent community read public huawei(config)#snmp-agent community write private
l l
Set the administrator ID and contact

huawei(config)#snmp-agent sys-info contact HW-075528780808
Set the system location

3-6
huawei(config)#snmp-agent sys-info location Shenzhen_China l
Set the SNMP version

NOTE
The setting of the MA5600T should match with the settings in the N2000.
huawei(config)#snmp-agent sys-info version v1
Step 4 Enable trap sending.

huawei(config)#snmp-agent trap enable standard
Step 5 Set the IP address of the target host for traps.

huawei(config)#snmp-agent target-host trap address 10.10.21.1 securityname private huawei(config)#snmp-agent target-host trap address 10.10.21.2 securityname private
Step 6 Set the IP address of the maintenance network port as the source address for traps sending.
huawei(config)#snmp-agent trap source meth 0
Step 7 Save the data.

huawei(config)#save
----End
Result
After the configuration, you can manage the MA5600T through the N2000.
3.4 Configuration Example of an Inband NMS

This topic describes how to connect the MA5600T to the N2000 through the GE port. You can then maintain and manage the MA5600T through an inband management channel. In the inband NMS mode, the NMS interactive information is transmitted through the service channel of the device. For the flexible networking of the inband NMS mode, no additional device is required. Thus, it saves cost, however, it is not easy to maintain.
Networking
Figure 3-3 shows an example network for configuring the inband NMS. The NMS maintains and manages the MA5600T through the upstream port in the inband NMS mode. The primary NMS and the secondary NMS exist in the network. Add a static route to the NMS on the MA5600T, and configure the parameters related to SSMPV3. Figure 3-3 Example network for configuring the inband NMS
Router
PC
CON ETH ESC
GE 0/19/0
SCU
MA5600T
Issue 02 (2008-04-25)
3-7
Data Plan
Table 3-2 provides the data plan for configuring the inband NMS. Table 3-2 Data plan for configuring the inband NMS Item Inband NMS port of the MA5600T NMS Data IP address: 10.10.20.1/24 IP address of the primary NMS: 10.10.21.1/24 IP address of the secondary NMS: 10.10.21.2/24 Router port connecting to the MA5600T SNMP Agent IP address: 10.10.20.254/24 Version: V3 User name: user1 Group name: group1 View name: hardy
Figure 3-4 shows the flowchart for configuring the inband NMS.
3-8
Issue 02 (2008-04-25)
Figure 3-4 Flowchart for configuring the inband NMS

Start
Set the IP address of the inband NMS port
Add a route for the inband NMS
Set the SNMP parameters
Enable traps sending
Set the IP address of the target host for traps Set the source address for traps sending
Save the data
End
NOTE
l l
This topic describes how to configure only the MA5600T. To set up the network connection, you also need to configure the router. If the Telnet environment is set up according to "1.4 Configuring the Terminal Through the Outband Management Channel ", skip steps 1 and 2.
Procedure
Step 1 Set the IP address of the inband NMS port.
l l l l
Create an NMS VLAN

huawei(config)#vlan 1000 standard
Add the upstream port to the VLAN

huawei(config)#port vlan 1000 0/9 0
Enter the VLAN interface mode

huawei(config)#interface vlanif 1000
Set the IP address of the VLAN interface

huawei(config-if-vlanif1000)#ip address 10.10.20.2 255.255.255.0
Step 2 Add a route for the inband NMS.

huawei(config)#ip route-static 10.10.21.0 24 10.10.20.254
Issue 02 (2008-04-25)
3-9
Step 3 Set the SNMP parameters.

l
Set the SNMP version

NOTE
The setting of the MA5600T should match with the settings. Assume that the N2000 adopts SNMP V3.
huawei(config)#snmp-agent sys-info version v3 l
Set the SNMP user

huawei(config)#snmp-agent usm-user v3 user1 group1 authentication-mode md5 authkey privacy-mode des56 prikey
Set the SNMP group

huawei(config)#snmp-agent group v3 group1 privacy read-view hardy write-view hardy
l l l
Set the SNMP view

huawei(config)#snmp-agent mib-view hardy include ip
Set the system contact

huawei(config)#snmp-agent sys-info contact HW-075528780808
Set the system location

huawei(config)#snmp-agent sys-info location Shenzhen China
Step 4 Enable the traps sending.

huawei(config)#snmp-agent trap enable standard
Step 5 Set the IP address of the target host for traps.

huawei(config)#snmp-agent target-host trap address 10.10.21.1 securityname private huawei(config)#snmp-agent target-host trap address 10.10.21.2 securityname private
Step 6 Set the IP address of the VLAN interface as the source address for traps sending.
huawei(config)#snmp-agent trap source vlanif 1000

huawei(config)#save
----End
Result
After the configuration, you can manage the MA5600T successfully through the N2000.
3.5 SNMP Agent Configuration

This topic describes how to configure an SNMP agent when you need to maintain the MA5600T through the manager. 3.5.1 Setting the SNMP Version This topic describes how to set the version of the SNMP running in the system. 3.5.2 Adding a Community Name and Setting Its Read/Write Authorities This topic describes how to add a community name and set its read/write authorities. 3.5.3 Enabling the Trap Sending This topic describes how to enable the MA5600T to send traps to the N2000. 3.5.4 Setting the IP address of a Destination Host for Receiving Traps This topic describes how to set the IP address of a destination host for receiving traps. 3.5.5 Setting the Source Interface for Sending Traps
This topic describes how to set the source interface for sending traps. 3.5.6 Setting the System Contact Information This topic describes how to set the system contact information. 3.5.7 Setting the System Location Information This topic describes how to set the system location information. 3.5.8 Configuring an SNMP V3 User This topic describes how to add or modify an SNMP V3 user. 3.5.9 Configuring an SNMP V3 Group This topic describes how to configure an SNMP V3 group. After a group is configured, you can control the access authorities of all the users in that group. 3.5.10 Configuring an SNMP MIB View This topic describes how to configure an SNMP MIB view. 3.5.11 Configuring the Local SNMP Engine ID This topic describes how to configure an engine ID that uniquely identifies an SNMP entity. 3.5.12 Enabling the Timely Handshake Function between the MA5600T and the N2000 This topic describes how to enable the timely handshake function between the MA5600T and the N2000. 3.5.13 Setting the Handshake Interval This topic describes how to set the handshake interval.
3.5.1 Setting the SNMP Version

This topic describes how to set the version of the SNMP running in the system.
Procedure
Step 1 Run the snmp-agent sys-info version command to set the SNMP version. Step 2 Run the display snmp-agent sys-info version command to query the version of the SNMP configured in the system. ----End
Example
To set the SNMP version as V1 and V2C, do as follows:
huawei(config)#snmp-agent sys-info version v1 v2c huawei(config)#display snmp-agent sys-info version { <cr>|contact<K>|location<K> }: Command: display snmp-agent sys-info version SNMP version running in the system: SNMPv1 SNMPv2c
Related Operation
Table 3-3 lists the related operation for setting the SNMP version.
Table 3-3 Related operation for setting the SNMP version To Delete the set SNMP version information Run the Command undo snmp-agent sys-info version
3.5.2 Adding a Community Name and Setting Its Read/Write Authorities

This topic describes how to add a community name and set its read/write authorities.
l
The default read-only community name in the Huawei iManager N2000 BMS is public, and the read-write community name in the N2000 is private. The MA5600T supports up to 10 community names. The read and write community names set in the MA5600T should match with the read and write community names set in the manager.
l l
Procedure
Step 1 Run the snmp-agent community command to add a community name and set its read/write authorities. Step 2 Run the display snmp-agent community command to query a community name. ----End
Example
To add a read-only community named public, do as follows:
huawei(config)#snmp-agent community read public huawei(config)#display snmp-agent community read Community name: public Storage type: nonVolatile View name: ViewDefault Total number is 1
Related Operation
Table 3-4 lists the related operation for adding a community and setting its read/write authorities. Table 3-4 Related operation for adding a community and setting its read/write authorities To Delete a community name Run the Command undo snmp-agent community
3-12
Issue 02 (2008-04-25)
3.5.3 Enabling the Trap Sending

This topic describes how to enable the MA5600T to send traps to the N2000.
By default, the MA5600T is disabled in sending traps to the N2000.
Procedure
Step 1 Run the snmp-agent trap enable standard command to enable the traps sending. Step 2 Run the display snmp-agent trap enable command to check whether traps sending is enabled. ----End
Example
To enable the MA5600T to send traps to the N2000, do as follows:
huawei(config)#snmp-agent trap enable standard huawei(config)#display snmp-agent trap enable Trap is enabled
Related Operation
Table 3-5 lists the related operation for enabling the traps sending. Table 3-5 Related operation for enabling the traps sending To Disable the traps sending Run the Command undo snmp-agent trap enable standard
3.5.4 Setting the IP address of a Destination Host for Receiving Traps

This topic describes how to set the IP address of a destination host for receiving traps.
The N2000 can receive traps only when the IP address of a destination host for receiving traps is set correctly. The system supports up to 20 destination hosts.
Procedure
Step 1 Run the snmp-agent target-host trap command to set the IP address of a destination host for receiving traps. Step 2 Run the display snmp-agent target-host command to query the destination host for receiving traps. ----End
Example
To set the IP address of the destination host for receiving traps as 10.71.53.108, and to run the community name "private", do as follows:
huawei(config)#snmp-agent target-host trap address 10.71.53.108 securityname private v3 huawei(config)#display snmp-agent target-host Traphost list: Traphost address: 10.71.53.108 Traphost portnumber: 162 Traphost securityname: private Traphost trapversion: v3 Total number is 1
Related Operation
Table 3-6 lists the related operation for setting the IP address of a destination host for receiving traps. Table 3-6 Related operation for setting the IP address of a destination host for receiving traps To Delete the IP address of the destination host for receiving traps Run the Command undo snmp-agent target-host
3.5.5 Setting the Source Interface for Sending Traps

This topic describes how to set the source interface for sending traps.
Prerequisite
The L3 interface that functions as the source interface must exist.
The IP address of the interface for sending traps is the source IP address of the traps.
Procedure
Step 1 Run the snmp-agent trap source command to set the source interface for sending traps. Step 2 Run the display snmp-agent trap-source command to query the source interface for sending traps. ----End
Example
To set the source interface for sending traps as the L3 interface of VLAN 1000, do as follows:
huawei(config)#snmp-agent trap source vlanif 1000 huawei(config)#display snmp-agent trap-source Trap source interface name: vlanif1000
3-14
Issue 02 (2008-04-25)
Related Operation
Table 3-7 lists the related operation for setting the source interface for sending traps. Table 3-7 Related operation for setting the source interface for sending traps To Delete the source interface for sending traps Run the Command undo snmp-agent trap source
3.5.6 Setting the System Contact Information

This topic describes how to set the system contact information.
By default, the system contact information is "R&D Shenzhen, Huawei Technologies Co., Ltd.".
Procedure
Step 1 Run the snmp-agent sys-info contact command to set the system contact information. Step 2 Run the display snmp-agent sys-info contact command to query the system contact information. ----End
Example
To set the system contact information as HW-075528780808, do as follows:
huawei(config)#snmp-agent sys-info contact HW-075528780808 huawei(config)#display snmp-agent sys-info contact { <cr>|location<K>|version<K> }: Command: display snmp-agent sys-info contact The contact person for this managed node: HW-075528780808
Related Operation
Table 3-8 lists the related operation for setting the system contact information. Table 3-8 Related operation for setting the system contact information To Restore the default system contact information Run the Command undo snmp-agent sys-info contact
Issue 02 (2008-04-25)
3-15
3.5.7 Setting the System Location Information

This topic describes how to set the system location information.
By default, the system location information is "Shenzhen_China".
Procedure
Step 1 Run the snmp-agent sys-info location command to set the system location information. Step 2 Run the display snmp-agent sys-info location command to display the system location information. ----End
Example
To set the system location information as Shanghai China, do as follows:
huawei(config)#snmp-agent sys-info location Shanghai_China huawei(config)#display snmp-agent sys-info location { <cr>|contact<K>|version<K> }: Command: display snmp-agent sys-info location The physical location of this node: Shanghai_China
Related Operation
Table 3-9 lists the related operation for setting the system location information. Table 3-9 Related operation for setting the system location information To Restore the default system location information Run the Command undo snmp-agent sys-info location
3.5.8 Configuring an SNMP V3 User

This topic describes how to add or modify an SNMP V3 user.
l l
The MA5600T supports up to 20 SNMP V3 users. If the user name that is entered is an existing one, the system updates the configuration of the user. If you do not enter the user authentication and the encryption modes, the user can access the equipment without an authentication or encryption.
3-16
Procedure
Step 1 Run the snmp-agent usm-user command to configure an SNMP V3 user. Step 2 Run the display snmp-agent usm-user command to query the SNMP V3 user. ----End
Example
To add an SNMP V3 user named user, belonging to a group named group, with the authentication mode as md5, the authentication password as 1, the encryption mode as des56, and the encryption password as 2, do as follows:
huawei(config)#snmp-agent usm-user v3 user group authentication-mode md5 1 privacymode des56 2 huawei(config)#display snmp-agent usm-user user User name: user Engine ID: 800007DB0300E0FC995050 Group name: group Authentication mode: md5, Privacy mode: des56 Storage type: nonVolatile User status: active
Related Operation
Table 3-10 lists the related operation for configuring an SNMP V3 user. Table 3-10 Related operation for configuring an SNMP V3 user To Delete an SNMP V3 user Run the Command undo snmp-agent usm-user v3
3.5.9 Configuring an SNMP V3 Group

This topic describes how to configure an SNMP V3 group. After a group is configured, you can control the access authorities of all the users in that group.
l l
The MA5600T supports up to 20 SNMP V3 groups. By default, the system has a read view named viewDefault with the range of internet subtree; the write view and the notify view are blank. If the group name that is entered is an existing name, the system updates the configuration of the group. A specified view can be a non-existing view. In this case, the users in the group fail to access. A user can access views in the following three modes:

With authentication and encryption With authentication but no encryption With no authentication or encryption
Issue 02 (2008-04-25)

l
If the access mode level is lower than the security level of the configured group, the user fails to access. If the corresponding groups have multiple security levels, the user can select the group with the highest security level, and then access the view corresponding to that group.
Procedure
Step 1 Run the snmp-agent group v3 command to configure an SNMP V3 group. Step 2 Run the display snmp-agent group command to query the SNMP V3 group. ----End
Example
To configure a group named group, with authentication but no encryption, with the read view of internet, and with blank write and notify views, do as follows:
huawei(config)#snmp-agent group v3 group authentication read-view internet huawei(config)#display snmp-agent group group Group name: group Security model: v3 AuthnoPriv Readview: internet Writeview: <no specified> Notifyview: <no specified> Storage type: nonvolatile
Related Operation
Table 3-11 lists the related operation for configuring an SNMP V3 group. Table 3-11 Related operation for configuring an SNMP V3 group To Delete an SNMP V3 group Run the Command undo snmp-agent group v3
3.5.10 Configuring an SNMP MIB View

This topic describes how to configure an SNMP MIB view.
l l
The number of sub-trees of all the views cannot exceed 20. By default, the system has a read view named ViewDefault, with the range of internet subtree view. The view named ViewDefault cannot be deleted or updated.
NOTE
For SNMP V3, the access control is a type of control over the user access to the management information. The MIB view-based access control is realized by associating users with MIB views. An MIB view defines the management information both included in the view and excluded from the view.
3-18
Issue 02 (2008-04-25)
Procedure
Step 1 Run the snmp-agent mib-view command to configure an SNMP MIB view. Step 2 Run the display snmp-agent mib-view command to query the SNMP MIB view. ----End
Example
To configure a view named view1, including ip sub-tree, do as follows:
huawei(config)#snmp-agent mib-view view1 include ip huawei(config)#display snmp-agent mib-view view1 View name: view1 MIB subtree: ip Subtree mask: Storage type: nonVolatile View type: include View status: active
Related Operation
Table 3-12 lists the related operation for configuring an SNMP MIB view. Table 3-12 Related operation for configuring an SNMP MIB view To Delete an SNMP MIB view Run the Command undo snmp-agent mib-view
3.5.11 Configuring the Local SNMP Engine ID

This topic describes how to configure an engine ID that uniquely identifies an SNMP entity.
With no ID is configured manually, the MA5600T automatically initializes one ID at startup.
Procedure
Step 1 Run the snmp-agent local-engineid command to configure the local SNMP engine ID. Step 2 Run the display snmp-agent local-engineid command to query the local SNMP engine ID. ----End
Example
To configure the engine ID of the local SNMP entity as 800007DB0300E0FC113333, do as follows:
huawei(config)#snmp-agent local-engineid 800007DB0300E0FC113333 Info: Modify the local-engineid will disable the configured SNMPv3 user, all of user local-engineid changes to the modified one after system reset, proceed?[ Y/N]:y
Issue 02 (2008-04-25)
3-19
huawei(config)#display snmp-agent local-engineid SNMP local EngineID: 800007DB0300E0FC113333
Related Operations
Table 3-13 lists the related operations for configuring the local SNMP engine ID. Table 3-13 Related operations for configuring the local SNMP engine ID To Restore the default local SNMP engine ID Display the remote SNMP engine ID information Run the Command undo snmp-agent local-engineid display snmp-agent remote-engineid
3.5.12 Enabling the Timely Handshake Function between the MA5600T and the N2000
This topic describes how to enable the timely handshake function between the MA5600T and the N2000.
By default, the timely handshake function between the MA5600T and the N2000 is disabled.
Procedure
Step 1 Run the system handshake enable command to enable the timely handshake function between the MA5600T and the N2000. Step 2 Run the display system handshake command to query the timely handshake function between the MA5600T and the N2000. ----End
Example
To enable the timely handshake function between the MA5600T and the N2000, do as follows:
huawei(config)#system handshake enable huawei(config)#display system handshake system handshake : enable system handshake interval : 300s ---------------------------------------------IP of NMS Status between NMS and device ---------------------------------------------10.71.53.108 in register ----------------------------------------------
3-20
Issue 02 (2008-04-25)
Related Operations
Table 3-14 lists the related operations for enabling the timely handshake function between the MA5600T and the N2000. Table 3-14 Related operations for enabling the timely handshake function between the MA5600T and the N2000 To Disable the timely handshake function between the MA5600T and the N2000 Set the handshake interval Run the Command system handshake disable system handshake interval
3.5.13 Setting the Handshake Interval

This topic describes how to set the handshake interval.
l l
By default, the handshake interval between the MA5600T and the N2000 is 300s. The handshake interval between the MA5600T and the N2000 determines the handshake frequency.
When the interval is short, and the number of network elements under the N2000 is large, the N2000 is over-tasked to handle increasing handshake packets. When the interval is long, and the MA5600T and the N2000 are disconnected, the N2000 fails to locate the fault in time.
You can set an appropriate handshake interval according to the actual conditions.
Procedure
Step 1 Run the system handshake interval command to set the handshake interval. Step 2 Run the display system handshake command to query the handshake interval. ----End
Example
To set the handshake interval to 10 seconds, do as follows:
huawei(config)#system handshake interval 10 huawei(config)#display system handshake system handshake : enable system handshake interval : 10s ---------------------------------------------IP of NMS Status between NMS and device ---------------------------------------------10.71.53.108 in register ----------------------------------------------
Issue 02 (2008-04-25)
3-21
Related Operation
Table 3-15 lists the related operation for setting the handshake interval. Table 3-15 Related operation for setting the handshake interval To Configure the handshake function between the MA5600T and the N2000 Run the Command system handshake
3.6 Configuring the IP Address of the Outband NMS Interface

This topic describes how to configure the IP address of the outband NMS interface (maintenance network port).
l
By default, the IP address of the maintenance network port (ETH port on the control board) is 10.11.104.1, and the subnet mask is 255.255.0.0. Make sure that the IP address of the ETH port is located in the same subnet as the IP address of the gateway or the PC used for maintaining the MA5600T. After setting the IP address, save the record for future reference.
Procedure
Step 1 Run the interface meth command to enter the meth mode. Step 2 Run the ip address command to set the IP address of the ETH port on the control board. Step 3 Run the quit command to exit the meth mode. Step 4 Run the display interface meth command to query the IP address of the ETH port on the control board. ----End
Example
To set the IP address of the ETH port as 10.10.10.1 and the subnet mask as 255.255.255.0, do as follows:
huawei(config)#interface meth 0 huawei(config-if-meth0)#ip address 10.10.10.1 255.255.255.0 huawei(config-if-meth0)#quit huawei(config)#display interface meth 0 meth0 current state : UP Line protocol current state : UP Description : HUAWEI, , meth0 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 10.10.10.1/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fcaa-8516 Auto-duplex(Full), Auto-speed(100M)
3-22
Issue 02 (2008-04-25)
5 minutes input rate 1549 bytes/sec, 14 packets/sec 5 minutes output rate 168 bytes/sec, 1 packets/sec 10508484 packets input, 1472712535 bytes 2213003 packets output, 712283310 bytes
Related Operation
Table 3-16 lists the related operation for configuring the IP address of the outband NMS interface. Table 3-16 Related operation for configuring the IP address of the outband NMS interface To Delete the IP address of the outband NMS interface Run the Command undo ip address Remarks In meth mode.
3.7 Configuring an NMS Route

This topic describes how to create a static route between the MA5600T and the manager.
l l
The system supports up to 1000 static routes. When the MA5600T and the N2000 are located in different subnets, a route must be configured for the gateway to forward IP packets.
Procedure
Step 1 Run the ip route-static command to configure a static route. Step 2 Run the display ip routing-table command to query the current routing configuration. ----End
Example
To create a route to subnet 10.71.8.0 (where the manager is located), and the gateway as 10.71.53.1, do as follows:
huawei(config)#ip route-static 10.71.8.0 255.255.255.0 10.71.53.1 huawei(config)#display ip routing-table verbose Routing Table : Public Destinations : 15 Routes : 15 Destination: 10.0.0.0/8 Protocol: Static Process ID: Preference: 60 Cost: NextHop: 10.71.57.1 Interface: RelyNextHop: 0.0.0.0 Neighbour: Tunnel ID: 0x0 Label: State: Active Adv GotQ Age: Tag: 0 Destination: 10.10.10.0/24 0 0 vlanif1001 0.0.0.0 NULL 00h21m49s
Issue 02 (2008-04-25)
3-23

Protocol: Preference: NextHop: RelyNextHop: Tunnel ID: State: Tag: Direct 0 10.10.10.20 0.0.0.0 0x0 Active Adv 0

Process ID: Cost: Interface: Neighbour: Label: Age: 0 0 vlanif1004 0.0.0.0 NULL 00h21m50s
Destination: 10.10.10.20/32 Protocol: Direct Preference: 0 NextHop: 127.0.0.1 RelyNextHop: 0.0.0.0 Tunnel ID: 0x0 State: Active NoAdv Tag: 0
Process ID: Cost: Interface: Neighbour: Label: Age:
0 0 InLoopBack0 0.0.0.0 NULL 12d20h50m47s
Destination: 10.70.0.0/16 Protocol: Static Process ID: Preference: 60 Cost: NextHop: 10.71.57.1 Interface: RelyNextHop: 0.0.0.0 Neighbour: Tunnel ID: 0x0 Label: State: Active Adv GotQ Age: Tag: 0 Destination: 10.71.8.0/24 Protocol: Static Process ID: Preference: 60 Cost: NextHop: 10.71.53.1 Interface: RelyNextHop: 0.0.0.0 Neighbour: Tunnel ID: 0x0 Label: State: Inactive Adv WaitQ Age: Tag: 0
0 0 vlanif1001 0.0.0.0 NULL 00h21m51s
0 0 0.0.0.0 NULL 00h00m10s
Related Operation
Table 3-17 lists the related operation for configuring an NMS route. Table 3-17 Related operation for configuring an NMS route To... Delete an existing route Run the Command... undo ip route-static
3.8 Configuring the IP Address of the Inband NMS Interface

This topic describes how to configure the IP address of the inband NMS interface.
l l
The MA5600T realizes inband NMS through the port on the GIU board. To prevent login and access to the MA5600T from the user end, it is recommended that you use the standard VLAN as the NMS VLAN.
Procedure
Step 1 Run the vlan command to create an NMS VLAN.
Step 2 Run the interface vlanif command to enter the VLAN interface mode. Step 3 Run the ip address command to set the IP address of the VLAN interface. Step 4 Run the quit command to exit the VLAN interface mode. Step 5 Run the display interface vlanif command to query the IP address of the VLAN interface. ----End
Example
To set the IP address of the inband NMS interface as 10.10.10.2 and the subnet mask as 255.255.255.0, do as follows:
huawei(config)#vlan 1000 standard huawei(config)#interface vlanif 1000 huawei(config-if-vlanif1000)#ip address 10.10.10.2 255.255.255.0 huawei(config-if-vlanif1000)#quit huawei(config)#display interface vlanif 1000 Vlanif1000 current state : up Line protocol current state : up Description : HUAWEI, SmartAX Series, Vlanif1000 Interface The Maximum Transmit Unit is 1500 bytes Internet Address is 10.10.10.2/24 IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0.fc11.223c
Related Operation
Table 3-18 lists the related operation for configuring the IP address of the inband NMS interface. Table 3-18 Related operation for configuring the IP address of the inband NMS interface To Delete the IP address of the existing inband NMS interface Run the Command undo ip address Remarks In the VLAN interface mode.
Issue 02 (2008-04-25)
3-25
4 Log Host Configuration
4
About This Chapter
NOTE
Log Host Configuration
This topic describes the functions of a log host and the method of configuring a log host on the MA5600T.
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service configuration, describes the configuration flow with one or more configuration examples, and then provides a detailed description of the basic operations on the MA5600T. For the readers who are familiar with the MA5600T, it is recommended that you read the configuration examples directly. For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations first.
4.1 Overview This topic describes the functions of the log and the application of the log on the MA5600T. 4.2 Configuration Example of a Log Host This topic provides an example for configuring a log host. The log host is used for recording logs, which are useful for the device maintenance and fault location. 4.3 Configuring a Log Host This topic describes how to configure a log host, that is, how to add and activate the log host. 4.4 Deleting a Log Host This topic describes how to delete a log host. 4.5 Deactivating a Log Host This topic describes how to deactivate a log host. 4.6 Querying Logs This topic describes how to query logs.
Issue 02 (2008-04-25)
4-1
4.1 Overview
This topic describes the functions of the log and the application of the log on the MA5600T.
Function
Logs can function as important references for system maintenance and troubleshooting. In the MA5600T, you can query the executed commands and other important information recorded in the logs.
4.2 Configuration Example of a Log Host

This topic provides an example for configuring a log host. The log host is used for recording logs, which are useful for the device maintenance and fault location.
l
The log host is always installed on the NMS station and uses the NMS VLAN to communicate with the MA5600T. The log host must be installed with the FTP or TFTP software, and must be able to receive and save the logs reported by the MA5600T.
Networking
The log host resides in the NMS station and is connected to the upstream port of the MA5600T in the IP network. Figure 4-1 shows the example network for configuring a log host. Figure 4-1 Example network for configuring a log host
Router
Log host
CON ETH ESC
GE 0/19/0
SCU
MA5600T
Data Plan
Table 4-1 provides the data plan for configuring a log host.
Table 4-1 Data plan for configuring a log host Item Layer 3 interface Data VLAN: 10 Upstream port: 0/9/0 IP address of the L3 interface: 10.10.10.10/24 IP address of the gateway: 10.10.10.1 Log host IP address: 195.10.10.20/24
Figure 4-2 shows the flowchart for configuring a log host. Figure 4-2 Flowchart for configuring a log host
Start Configure the layer 3 interface Add a log host
Add the static route
Configure the ACL rule
Activate the log host
Save the data
End
Procedure
Step 1 Configure the L3 interface. 1. 2. 3.
Issue 02 (2008-04-25)
Create a VLAN.
Add the upstream port.

Configure the IP address of the L3 interface.


huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.10.10.10 255.255.255.0
Step 2 Add the log host.

huawei(config-if-vlanif10)#quit huawei(config)#loghost add 195.10.10.20 huawei
Step 3 Add the static route to the log host.

huawei(config)#ip route-static 195.10.10.20 24 10.10.10.1
Step 4 Configure the ACL rule (optional). Filter the packets that passes through the L3 interface. Only the IP packet from the log host is allowed to access the L3 interface. The packets without authorization are not allowed to access the L3 interface.
huawei(config)#acl 3010 huawei(config-acl-adv-3010)#rule deny ip source any destination 10.10.10.10 0.0.0.0 huawei(config-acl-adv-3010)#rule permit ip source 195.10.10.20 0.0.0.0 destination 10.10.10.10 0.0.0.0 huawei(config-acl-adv-3010)#quit huawei(config)#packet-filter inbound ip-group 3010 port 0/9/0
NOTE
The port aggregation configuration is not allowed for upstream port 0/9/0 to which the ACL rule is applied.
Step 5 Activate the log host.

huawei(config)#loghost activate name huawei

huawei(config)#save
----End
Result
l l
You can query the logs on the log server. The logs record the operation commands executed on the system. They are the same as the commands queried on the MA5600T.
4.3 Configuring a Log Host

This topic describes how to configure a log host, that is, how to add and activate the log host.
l
The MA5600T can log important operations in the log server (UNIX or Windows platform) of the internal network through the syslog mechanism. After configuring a log host on the MA5600T, you need to enable the log host service, and configure the directory for saving logs and the log file name. This helps to enable real-time reporting of logs.
Procedure
Step 1 Run the loghost add command to add a log host. Step 2 Run the loghost activate command to activate the log host.
Step 3 Run the display loghost list command to display the log host. ----End
Example
To add a log host as huawei with the IP address 10.10.10.1, do as follows:
huawei(config)#loghost add 10.10.10.1 huawei huawei(config)#loghost activate name huawei huawei(config)#display loghost list name huawei Log server configuration: IP address : 10.10.10.1 Host name : huawei Terminal state : Normal
Related Operations
Table 4-2 lists the related operations for configuring a log host. Table 4-2 Related operations for configuring a log host To Deactivate a log host Delete a log host Set the source interface for sending logs Run the Command loghost deactivate loghost delete syslog source
4.4 Deleting a Log Host

This topic describes how to delete a log host.
Procedure
Step 1 Run the loghost delete command to delete a log host Step 2 Run the display loghost list command to display the log host. ----End
Example
To delete the log host with the IP address 10.10.10.1, do as follows:
huawei(config)#loghost delete ip 10.10.10.1 huawei(config)#display loghost list ip 10.10.10.1 Failure: The log server not exist
Related Operations
Table 4-3 lists the related operations for deleting a log host.
Table 4-3 Related operations for deleting a log host To Add a log host Activate a log host Deactivate a log host Run the Command loghost add loghost activate loghost deactivate
4.5 Deactivating a Log Host

This topic describes how to deactivate a log host.
The system sends log information only to the activated log hosts.
Procedure
Step 1 Run the loghost deactivate command to deactivate a log host. Step 2 Run the display loghost list command to display the log host. ----End
Example
To deactivate the log host with the IP address 10.10.10.1, do as follows:
huawei#loghost deactivate ip 10.10.10.1 huawei#display loghost list ip 10.10.10.1 Log server configuration: IP address : 10.10.10.1 Host name : huawei Terminal state : Deactivate
Related Operations
Table 4-4 lists the related operations for deactivating a log host. Table 4-4 Related operations for deactivating a log host To Activate a log host Add a log host Delete a log host Run the Command loghost activate loghost add loghost delete
4-6
Issue 02 (2008-04-25)
4.6 Querying Logs

This topic describes how to query logs.
l
The MA5600T can maintain a record of the logs of the last 512 operations. System administrators can query the last executed operation commands through logs. The executed query commands cannot be recorded in the logs. Up to 512 logs can be stored in the system. When there are more than 512 records, the old records are overwritten. Query and record the system logs immediately in the case of a system failure. This prevents the loss of logs that can be used for locating a fault. To record the operation correctly, make sure that the system time is correct before service configuration.
Procedure
Run the display log command to query logs. ----End
Example
Issue 02 (2008-04-25)
4-7
5 User Management
5
About This Chapter
User Management
This topic describes the classification of users and how to add, modify, delete and disconnect a user. 5.1 Overview This topic provides the definition of users, and describes the user levels and authorities supported by the MA5600T. 5.2 Adding a User Profile This topic describes how to add a user profile. To add a new user, you need to bind this user profile to manage operators. 5.3 Adding a User This topic describes how to add a user who can log in to the MA5600T to maintain it. 5.4 Modifying the User Attributes You can modify the user attributes, such as user profile, authority, password, the permitted number of reenters and the appended information. 5.5 Disconnecting an Online User This topic describes how to disconnect an online user to prevent the user from logging in to the MA5600T. 5.6 Deleting a User This topic describes how to delete a user who is not permitted to log in to the MA5600T.
Issue 02 (2008-04-25)
5-1
5 User Management
5.1 Overview
This topic provides the definition of users, and describes the user levels and authorities supported by the MA5600T.
Service Description
Users refer to persons who configure and maintain the MA5600T through CLI.
In terms of authority, MA5600T users can be divided into the following four levels:
l l l l
Common user Operator Administrator Super user
Users of all levels can only add users of lower levels than them. Table 5-1 lists the authorities for users of all levels. Table 5-1 User authorities User Level Common user Operator Administrator and super user Authority Common users perform basic system operation and simple query operation. Operator can configure the MA5600T and services. Common:
l l
Perform all operations. Maintain the MA5600T user accounts and user authority. Only one super user exists in the system, however, multiple administrators can exist in the system. The super user is of the highest level in the system. The super user can create the administrator level account, but the administrator has no authority to add a super user.
Difference:
l
l l
5.2 Adding a User Profile

This topic describes how to add a user profile. To add a new user, you need to bind this user profile to manage operators.
5-2
Issue 02 (2008-04-25)
5 User Management
l
There is a root profile in the system. The root profile disables restrictions on users so that root users can log in to the system easily after a system is upgraded. It is not recommended to bind the root profile when you add a new user. The system provides three default profiles whose levels are administrator, operator, and common user. They are convenient for unified management and for adding users. Up to 12 profiles can be added.
To add a user profile, you need to configure the following parameters:

l l l l l l l
Use profile name Minimum length of the user name Minimum length of the password Validity period of the user name Validity period of the password Permitted start time of login for a user Permitted end time of login for a user
For details, refer to Table 5-2. Table 5-2 Parameters of a user profile Parameters Minimum length of the user name Minimum length of the password Validity period of the user name Description The minimum length of the user name can be 6 to 15 alphanumeric characters and it must be equal to or longer than six alphanumeric characters. The minimum length of the password can be 6 to 15 alphanumeric characters and it must be equal to or longer than six alphanumeric characters. It ranges from 0 to 999 days. If it is set to 0 day, the validity does not expire. By default, it is 30 days. The system checks the validity of the user names in the unit of day when a user logs in to the system. Three days prior to the expiration, the system generates an alarm informing the user of the expiration day. The system generates an alarm informing the user of the expiration once the system identifies the expiration of a user name. Validity period of the password It ranges from 0 to 999 days. If it is set to 0 day, the validity does not expire. By default, it is 30 days. The validity period of the password should not be equal to or shorter than the validity period of the user name. The system checks the validity of passwords in the unit of day when a user logs in to the system. Three days prior to the expiration, the system generates an alarm informing the user of the expiration day and prompting the user to modify the password in time.
5 User Management
Parameters Permitted start time of login for a user Permitted end time of login for a user
Description This parameter with the permitted end time of logon by a user parameter specifies the permitted period for a user to log in to the system. A user can log in to the system only in the permitted period. This parameter with the permitted start time of logon by a user parameter specifies the permitted period for a user to log in to the system. A user can log in to the system only in the permitted period. If a user logs in to the system at the permitted start time but does not log out at the permitted end time, the system logs out the user and stops the user from configuring the system.
Procedure
Step 1 Run the terminal user-profile add command to add a user profile. Step 2 Run the display terminal user-profile command to query the information on the user profile. ----End
Example
Assume the following:
l l l l l l l
Use profile name: userprofile Minimum length of the user name: eight alphanumeric characters Minimum length of the password: eight alphanumeric characters Validity period of the user name: 30 days Validity period of the password: 30 days Permitted start time of login for a user: 09:00 Permitted end time of login for a user: 19:00
To add the user profile, do as follows:

huawei(config)#terminal user-profile add User profile name(<=15 chars):userprofile Min. length of user name(6--15)[6]:8 Min. length of password(6--15)[6]:8 Validity period of the user name(0--999 days)[30]: Validity period of the password(0--999 days)[30]: Permitted start time of logon by a user(hh:mm):09:00 Permitted end time of logon by a user(hh:mm):19:00 Repeat this operation? (y/n)[n]: huawei(config)#display terminal user-profile name userprofile --------------------------------------------------------------------------User profile name : userprofile Min. length of user name : 8 Min. length of password : 8 Validity period of the user name : 30 Validity period of the password : 30 Permitted start time of logon by a user : 09:00 Permitted end time of logon by a user : 19:00 ---------------------------------------------------------------------------
5-4
Issue 02 (2008-04-25)
5 User Management
Related Operations
Table 5-3 lists the related operations for adding a user profile. Table 5-3 Related operations for adding a user profile To... Modify a user profile Run the Command... terminal user-profile modify Remarks The user profile name cannot be modified. The default user profiles cannot be modified, named root, admin, operator and common user. The bound user profiles cannot be modified. Delete a user profile terminal user-profile delete The default user profiles cannot be deleted, named root, admin, operator and common user. The bound user profiles cannot be deleted. Modify the profile bound with a user terminal user user-profile This operation binds the user to another profile.
5.3 Adding a User

This topic describes how to add a user who can log in to the MA5600T to maintain it.
l
The super user and the administrator can add users of lower levels than them. That is:

The super user can add an administrator, operators, and common users. The administrator can only add an operator and a common user.
l l
A user name is unique, and cannot be all or online. The super user or administrator can add multiple users to the system simultaneously. Up to 127 users can be added to the system. Up to 128 users can be added including the root user.
When adding a user, you need to configure the user attributes, including the user profile, user account, password, permitted number of reenters, authority, and appended information. Table 5-4 lists the user attributes. Table 5-4 User attributes User attribute User name Description A user name (or a user account) consists of 1-15 printable characters. A user name is unique, case sensitive and cannot contain any space.
Issue 02 (2008-04-25)
5 User Management
User attribute Password Authority
Description A password consists of 0-15 characters. It is case sensitive, and cannot be null. In terms of authority, the added users can be divided into the following three levels:
l l l
Common user Operator Administrator
Permitted number of reenters
The permitted number of reenters means the concurrent login count of a user account. Whether a username can be used to log in to the MA5600T from several terminals at the same time depends on the permitted number of reenters. It is in the range of 0-4, and is generally set to 1. Append information is a type of optional and supplementary information. It consists of a chain of characters and its total length is limited to 30. It can be a telephone number or an address of a user.
Append Information
Procedure
Step 1 Run the terminal user name command to add a user. Step 2 Run the display terminal user command to query a user. ----End
Example
To add a common user with the name huawei, with the password huawei, the reenter number 3, the bound user profile root, and the appended information user, do as follows:
huawei(config)#terminal user name User profile name(<=15 chars)[root]: User Name(<=15 chars):huawei User Password(<=15 chars):huawei Confirm Password(<=15 chars):huawei User's Level: 1. Common User 2. Operator 3. Administrator:1 Permitted Reenter Number(0--4):3 User's Appended Info(<=30 chars):user This user has been added Repeat this operation? (y/n)[n]:n huawei(config)#display terminal user all ---------------------------------------------------------------------------Name Level Status Reenter Profile Append Num Info ---------------------------------------------------------------------------root Super Online 1 root ----huawei User Offline 3 root user -----------------------------------------------------------------------------Total record(s) number: 2
5-6
Issue 02 (2008-04-25)
5 User Management
Related Operations
Table 5-5 lists the related operations for adding a user. Table 5-5 Related operations for adding a user To... Delete a user Run the Command... undo terminal user name Remarks
l
Only the super user and administrators can delete users of lower levels than them. Users cannot delete themselves. User root cannot be deleted. An online user cannot be deleted. To delete an online user, you need to disconnect the user first. Multiple users can be deleted at a time.
l l l
Modify the user profile
terminal user user-profile
The administrator can run this command to modify the profile where the user is located. That is, bind the user to another profile.
5.4 Modifying the User Attributes

You can modify the user attributes, such as user profile, authority, password, the permitted number of reenters and the appended information. 5.4.1 Modifying the Profile Bound with a User This topic describes how to bind a user with a different profile. 5.4.2 Modifying the User Login Mode This topic describes how to modify the user login mode. 5.4.3 Modifying a User Level This topic describes how to modify a user authority. 5.4.4 Changing a User Password This topic describes how to change a user password to ensure equipment security. 5.4.5 Modifying the Permitted Number of Reenters This topic describes how to modify the permitted number of reenters of a user to ensure the user authority. 5.4.6 Modifying the Appended Information This topic describes how to modify the appended information on a user to update user information in time.
5.4.1 Modifying the Profile Bound with a User

This topic describes how to bind a user with a different profile.
Issue 02 (2008-04-25)
5-7
5 User Management
l
Administrators and root users can modify the bound profile of themselves and users of lower levels than them. The user name and password must meet the specification of the user profile to be bound. Otherwise, the binding operation fails.
Procedure
Step 1 Run the terminal user user-profile command to modify the bound profile of a user. Step 2 Run the display terminal user command to query the bound profile of the user. ----End
Example
To modify the profile bound with the user named testuser to the default admin profile, do as follows:
huawei(config)#terminal user user-profile User Name(<=15 chars):testuser Permitted user-profile[root]:admin Confirm user-profile:admin Configuration will take effect when the user logs on next time. Repeat this operation? (y/n)[n]: huawei(config)#display terminal user all ---------------------------------------------------------------------------Name Level Status Reenter Profile Append Num Info ---------------------------------------------------------------------------root Super Online 1 root ----testuser User Offline 3 admin -------------------------------------------------------------------------------Total record(s) number: 2
Related Operations
Table 5-6 lists the related operations for modifying the profile bound with a user. Table 5-6 Related operations for modifying the profile bound with a user To... Configure a user profile Modify levels of a user Modify the password of a user Modify the permitted times of login for a user Modify the appended information on a user Run the Command... terminal user-profile terminal user level terminal user password terminal user reenter terminal user apdinfo
5.4.2 Modifying the User Login Mode

This topic describes how to modify the user login mode.
5 User Management
Context
l l
Only the super user and administrators can perform this operation. The user login mode includes:

The web mode The OSS mode The CLI mode
By default, the user login mode is CLI.
Procedure
Step 1 Run the terminal user access-type command to modify the user login mode. Step 2 Run the display terminal user command to query the user login mode. ----End
Example
To enable that common user huawei can login to the system in all three modes, do as follows:
huawei(config)#terminal user access-type User Name(<=15 chars):huawei User's access-type :(default : command line) Authorize web user to login in? (y/n)[n]:y Authorize OSS user to login in? (y/n)[n]:y Information will take effect when this user logs on next time Repeat this operation? (y/n)[n]:n huawei(config)#display terminal user all ---------------------------------------------------------------------------Name Level Status Reenter Access Profile Append Num Type Info ---------------------------------------------------------------------------root Super Online 1 CLI root none Web huawei Operator Offline 3 CLI root user Web OSS ---------------------------------------------------------------------------Total record(s) number: 2
Related Operation
Table 5-7 lists the related operations for modifying the user login mode. Table 5-7 Related operations for modifying the user login mode T0 Modify the user password Modify the user permitted number of reenters Modify the user append information Modify the user level
Issue 02 (2008-04-25)
Run the Command terminal user password terminal user reenter terminal user apdinfo terminal user level
5-9
5 User Management
5.4.3 Modifying a User Level

This topic describes how to modify a user authority.
Only the super user and administrators can perform the operation for users of lower levels than them.
l
The super user can modify the level of a user to the level of a common user, an operator, or an administrator. Administrators can modify the level of a user to the level of a common user or an operator.
Procedure
Step 1 Run the terminal user level command to modify a user level. Step 2 Run the display terminal user command to query a user level. ----End
Example
To change the common user huawei to an operator, do as follows:
huawei(config)#terminal user level User Name(<=15 chars):huawei 1. Common User 2. Operator 3.Administrator: User's Level:2 Confirm Level: 2 Information will take effect when this user logs on next time Repeat this operation? (y/n)[n]:n huawei(config)#display terminal user all ---------------------------------------------------------------------------Name Level Status Reenter Profile Append Num Info ---------------------------------------------------------------------------root Super Online 1 root ----huawei Operator Offline 3 root user -----------------------------------------------------------------------------Total record(s) number: 2
Related Operations
Table 5-8 lists the related operations for modifying a user level. Table 5-8 Related operations for modifying a user level To... Modify the profile bound with a user Change the user password
5-10
Run the Command... terminal user user-profile terminal user password

Issue 02 (2008-04-25)
5 User Management
To... Modify the permitted number of reenters of a user Modify the appended information on a user
Run the Command... terminal user reenter terminal user apdinfo
5.4.4 Changing a User Password

This topic describes how to change a user password to ensure equipment security.
l
The super user and the administrator can change the passwords of lower-level users (including themselves). When changing the passwords of lower-level users, the super user and the administrator need not enter the old password. The common user and the operator can change their own password only, and they need to enter the old password.
Procedure
Step 1 Run the terminal user password command to change a user password. Step 2 Log in to the equipment with the previous user name and the new password. ----End
Example
To change the password of the common user huawei, do as follows:
huawei(config)#terminal user password User name (<=15 chars):huawei New password(<=15 chars):huawei Confirm Password(<=15 chars):huawei Information takes effect Repeat this operation? (y/n)[n]:n
Related Operations
Table 5-9 lists the related operations for changing a user password. Table 5-9 Related operations for changing a user password To... Modify the profile bound with a user Modify user level Modify the permitted number of reenters of a user Modify the appended information on a user
Issue 02 (2008-04-25)
Run the Command... terminal user user-profile terminal user level terminal user reenter terminal user apdinfo
5-11
5 User Management
5.4.5 Modifying the Permitted Number of Reenters

This topic describes how to modify the permitted number of reenters of a user to ensure the user authority.
l
The super user and administrators can modify the permitted number of reenters of lowerlevel users. The permitted number of reenters of the super user cannot be modified.
Procedure
Step 1 Run the terminal user reenter command to modify the permitted number of reenters of a user. Step 2 Run the display terminal user command to query the permitted number of reenters of a user. ----End
Example
To modify the permitted number of reenters of the common user huawei to 1, do as follows:
huawei(config)#terminal user reenter User name (<=15 chars):huawei Permitted reenter number(0--4):1 Confirm Reenter Number(0--4):1 Information takes effect Repeat this operation? (y/n)[n]:n huawei(config)#display terminal user all ---------------------------------------------------------------------------Name Level Status Reenter Profile Append Num Info ---------------------------------------------------------------------------root Super Online 1 root ----huawei User Offline 1 root user -------------------------------------------------------------------Total record(s) number: 2
Related Operations
Table 5-10 lists the related operations for modifying the permitted number of reenters. Table 5-10 Related operations for modifying the permitted number of reenters To... Modify the profile bound with a user Modify user level Change user password Modify the appended information on user Run the Command... terminal user user-profile terminal user level terminal user password terminal user apdinfo
5-12
Issue 02 (2008-04-25)
5 User Management
5.4.6 Modifying the Appended Information

This topic describes how to modify the appended information on a user to update user information in time.
l
The super user and administrators can modify their own appended information and the appended information of lower-level users. Common users and operators can modify their own appended information.
Procedure
Step 1 Run the terminal user apdinfo command to modify the appended information on a user. Step 2 Run the display terminal user command to query the appended information on a user. ----End
Example
To modify the appended information of common user huawei to support@huawei.com, do as follows:
huawei(config)#terminal user apdinfo User name (<=15 chars):huawei User's Appended Info(<=30 chars):support@huawei.com Information takes effect Repeat this operation? (y/n)[n]:n huawei(config)#display terminal user all ---------------------------------------------------------------------------Name Level Status Reenter Profile Append Num Info ---------------------------------------------------------------------------root Super Online 1 root ----huawei User Offline 1 root support@huawei.com -------------------------------------------------------------------Total record(s) number: 2
Related Operations
Table 5-11 lists the related operations for modifying the appended information. Table 5-11 Related operations for modifying the appended information To... Modify the profile bound with a user Modify the user level Change the user password Modify the permitted number of reenters of a user Run the Command... terminal user user-profile terminal user level terminal user password terminal user reenter
Issue 02 (2008-04-25)
5-13
5 User Management
5.5 Disconnecting an Online User

This topic describes how to disconnect an online user to prevent the user from logging in to the MA5600T.
Only the super user and administrators can disconnect an online lower-level user.
Procedure
Step 1 Run the client kickoff command to disconnect an online user. Step 2 Run the display client command to query an online user. ----End
Example
To disconnect user 2, and to run the display client command to check whether the user is disconnected, do as follows:
huawei#client kickoff 2 Are you sure to kick the user off?(y/n)[n]: y huawei#display client ----------------------------------------------------------------------------ID Client name Domain name IP Address Login Time ----------------------------------------------------------------------------1 root -10.71.60.100 2006-02-08 12:26:53 -----------------------------------------------------------------------------
Related Operation
Table 5-12 lists the related operation for disconnecting an online user. Table 5-12 Related operation for disconnection an online user To... Delete a user Run the Command... undo terminal user name
5.6 Deleting a User

This topic describes how to delete a user who is not permitted to log in to the MA5600T.
l
Only the super user and administrators can delete the lower-level users other than themselves. Users cannot delete themselves. User root cannot be deleted.
l l
5-14

l
5 User Management
An online user cannot be deleted. To delete an online user, you need to disconnect the user first. Multiple users can be deleted at a time.
Procedure
Step 1 Run the undo terminal user name command to delete users. Step 2 Run the display terminal user command to verify whether a user is deleted successfully. ----End
Example
To delete a user named huawei, do as follows:
huawei(config)#undo terminal user name User Name(<=15 chars):huawei Are you sure to delete the user?(y/n)[n]:y This user has been deleted Repeat this operation? (y/n)[n]:n huawei(config)#display terminal user all ---------------------------------------------------------------------------Name Level Status Reenter Profile Append Num Info ---------------------------------------------------------------------------root Super Online 1 root -------------------------------------------------------------------------------Total record(s) number: 1
Related Operations
Table 5-13 lists the related operations for deleting a user. Table 5-13 Related operations for deleting a user To... Disconnect an online user Add a user Run the Command... client kickoff terminal user name
Issue 02 (2008-04-25)
5-15
6 Device Management
6
About This Chapter
Device Management
This topic describes the MA5600T management, which includes the shelf management and the board management. 6.1 Overview This topic describes the contents of the chapter and the board status. 6.2 Setting the Description of a Shelf This topic describes how to set the description for a shelf to differentiate it from other shelves. 6.3 Resetting the Control Boards This topic describes how to reset the control boards. When you need to reset the control boards to run the newly-loaded program and the database, use this command. 6.4 Adding a Service Board Offline This topic describes how to add a required service board in an idle slot and configure data of the service board offline. After the corresponding service board is inserted, the board can start immediately. 6.5 Confirming a Service Board This topic describes how to confirm a service board that has been detected automatically. 6.6 Deleting a Service Board This topic describes how to delete a service board that is no longer required. 6.7 Resetting a Service Board This topic describes how to reset a service board when it is unstable. 6.8 Prohibiting a Service Board This topic describes how to prohibit a service board. Through the operation, the service of the board is suspended but not deleted and the dynamic resources are not released.
Issue 02 (2008-04-25)
6-1
6 Device Management
6.1 Overview
This topic describes the contents of the chapter and the board status.
Service Description
Device management involves the following:
l
Shelf management

Setting description of a shelf Querying description of a shelf Querying attributes of a shelf Resetting a control board Querying a control board Adding a service board offline Confirming a service board Deleting a service board Resetting a service board Prohibiting/Unprohibiting a service board Querying a service board
Control board management

Service board management

Board Status
Table 6-1 lists the service board status. Table 6-1 Service board status State Active_normal Standby_normal Standby_failed Normal Failed Config Auto-find Remarks It indicates that the active control board is in the normal state. It indicates that the standby control board is in the normal state. It indicates that the standby control board is faulty. It indicates that the board is running in the normal state. It indicates that the service board is faulty. It indicates that the service board is being configured. It indicates that a service board is inserted, but not confirmed yet.
6-2
6 Device Management
State Prohibited
Remarks It indicates that the service board is prohibited.
6.2 Setting the Description of a Shelf

This topic describes how to set the description for a shelf to differentiate it from other shelves.
Procedure
Step 1 Run the frame set command to set the description of a shelf. Step 2 Run the display frame desc command to query the description of a shelf. ----End
Example
To set the description of shelf 0, do as follows:
huawei(config)#frame set 0 desc adl huawei(config)#display frame desc 0 -------------------------------------------------------FrameID Frame description -------------------------------------------------------0 adl --------------------------------------------------------
Related Operation
Table 6-2 lists the related operation for setting the description of a shelf. Table 6-2 Related operation for setting the description of a shelf To... Query the description of a shelf Run the Command... display frame info
6.3 Resetting the Control Boards

This topic describes how to reset the control boards. When you need to reset the control boards to run the newly-loaded program and the database, use this command.
l l
The control boards include active control board and the standby control board. Resetting an active control board leads to the following two results:
In the case of an active/standby configuration, the operation has no adverse impact on the ongoing services. In the case there is no standby control board, the operation disconnects the control board from all the service boards, that is, all service boards in the system are reset.
Issue 02 (2008-04-25)
6 Device Management
CAUTION
l
The reset operation may cause loss to the unsaved data. Therefore, before the operation, run the save command to save the system data. Reset the system only when necessary. In general, the system is reset after a new application or a database is loaded.
l l
The board reset command cannot be used to reset the control boards. The reboot active command and the reboot standby command can be used to reset the active control board and the standby control board respectively.
Procedure
Run the reboot command to reset the control board. ----End
Examples
To reset the active control board, do as follows:
huawei#reboot active Please check whether data has saved, the unsaved data may lose if reboot active board, are you sure to reboot active board? (y/n)[n]:y Standby board failure or not exist, reboot active will cause system reboot, are you sure to reboot active board? (y/n)[n]:y
To reset the standby control board, do as follows:

huawei#reboot standby Please check whether data has saved, are you sure to reboot standby board? (y/ n)[n]:y
Related Operations
Table 6-3 lists the related operations for resetting the control boards. Table 6-3 Related operations for resetting the control boards To... Query a board Reboot system Run the Command... display board reboot system Remarks You can query the board type, board status and port information. This command is used to reset the active and standby control boards at the same time. As a result, the service boards reset simultaneously.
6-4
Issue 02 (2008-04-25)
6 Device Management
6.4 Adding a Service Board Offline

This topic describes how to add a required service board in an idle slot and configure data of the service board offline. After the corresponding service board is inserted, the board can start immediately.
l
After the service board is added offline, the service board becomes faulty. Only after a service board of the configured type is inserted into this slot, the board becomes normal. If a service board of a different type is inserted, the board keep resetting because the board type is not matching. You can add a service board only in an idle slot.
Procedure
Step 1 Run the board add command to add a service board. Step 2 Run the display board command to query the information on the board. ----End
Example
To add a service board in slot 0/2, do as follows:
huawei(config)#board add 0/4 h801gpbc huawei(config)#display board 0 ------------------------------------------------------------------------SlotID BoardName Status SubType0 SubType1 Online/Offline ------------------------------------------------------------------------0 H801CITA Normal 1 2 H801GPBC Failed Offline 3 H801GPBC Normal 4 H801GPBC Failed Offline 5 6 H801TOPA Failed NH1A Online 7 8 9 H801SCUL Active_normal 10 11 12 13 14 15 16 17 18 19 H801GICG Failed Online 20 21 22 -------------------------------------------------------------------------
Related Operation
Table 6-4 lists the related operation for adding a service board offline.
6 Device Management
Table 6-4 Related operation for adding a service board offline To... Confirm a service board Run the Command... board confirm Remarks The service board that is identified automatically is in auto-find state, and it can be used after it is confirmed.
6.5 Confirming a Service Board

This topic describes how to confirm a service board that has been detected automatically.
After you insert a service board into an idle slot, the system automatically identifies the board type and the board is in the auto-find state. To enable the board for normal service transmission, you need to confirm this board.
Procedure
Step 1 Run the board confirm command to confirm a service board. Step 2 Run the display board command to query the confirmed service board. ----End
Example
To confirm board 0/2, do as follows:
huawei(config)#board confirm 0/2 0 frame 2 slot board confirm successfully
Related Operation
Table 6-5 lists the related operation for confirming a service board. Table 6-5 Related operation for confirming a service board To... Add a service board offline Run the Command... board add Remarks You can add a service board only to an idle slot.
6.6 Deleting a Service Board

This topic describes how to delete a service board that is no longer required.
6 Device Management
l
Before deleting a service board, you must delete its service data. If not, deleting the service board fails. A service board in the auto-find state cannot be deleted.
Procedure
Run the board delete command to delete a service board. ----End
Example
To delete service board 0/2, do as follows:
huawei(config)#board delete 0/2 are you sure to delete this board? (y/n)[n]:y Board delete successfully
Related Operation
Table 6-6 lists the related operation for deleting a service board. Table 6-6 Related operation for deleting a service board To... Query the board information Run the Command... display board
6.7 Resetting a Service Board

This topic describes how to reset a service board when it is unstable.
l
The system generates a fault alarm after the reset operation, and a recovery alarm after the board recovers. After a service board is reset and starts up successfully, it reports the registration information to the control board. Then the control board recovers the data configuration of the service board to recover the services.
Procedure
Run the board reset command to reset a service board. ----End
Example
To reset service board 0/1, do as follows:
6 Device Management
huawei(config)#board reset 0/1 Are you sure to reset board? (y/n)[n]:y 0 frame 1 slot reset board message sent successfully...
6.8 Prohibiting a Service Board

This topic describes how to prohibit a service board. Through the operation, the service of the board is suspended but not deleted and the dynamic resources are not released.
l l l
A control board cannot be prohibited. A service board that is in the auto-find state and unconfirmed cannot be prohibited. Prohibiting a service board interrupts the services of the board.
Procedure
Step 1 Run the board prohibit command to prohibit a service board. Step 2 Run the display board command to query the service board status. ----End
Example
To prohibit service board 0/2, do as follows:
huawei(config)#board prohibit 0/11 Prohibiting board will interrupt all services on this board, are you sure to prohibit board? (y/n)[n]:y Prohibited board successfully
Related Operation
Table 6-7 lists the related operation for prohibiting a service board. Table 6-7 Related operation for prohibiting a service board To... Un-prohibit a service board Run the Command... undo board prohibit
6-8
Issue 02 (2008-04-25)
7 Remote User Authentication Configuration
Remote User Authentication Configuration
About This Chapter

This topic describes how to manage a remote user on the MA5600T, including the user authentication, authorization, and accounting.
NOTE
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service configuration, describes the configuration flow with one or more configuration examples, and then provides a detailed description of the basic operations on the MA5600T. For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example (s) directly. For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations first.
7.1 Overview This topic describes the remote user authentication and the authentication modes. 7.2 Related Concepts This topic describes the concepts related to remote user authentication, including AAA, RADIUS, SSH and 802.1xAAA, RADIUS and SSH. 7.3 Configuration Example of Remote User Authentication This topic provides an example for authenticating the remote user so that the user can access the network resources through the MA5600T. 7.4 Configuring the RADIUS This topic describes the RADIUS configuration, including creating a RADIUS server template, setting the IP address and port number of a RADIUS server, setting the shared key of the RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum retransmit count of RADIUS request packets, setting the RADIUS server type, setting the format of user name sent to a RADIUS server. 7.5 Configuring 802.1x This topic describes the 802.1x configuration, including configuring an 802.1x template, enabling the 802.1x authentication on a port, configuring the control mode of a port, enabling the 802.1x authentication globally, and enabling the DHCP-triggered authentication. 7.6 Configuring AAA
This topic describes the AAA configuration, including configuring an authentication scheme, creating a domain, specifying the authentication scheme and binding the RADIUS server template. 7.7 Configuring SSH This topic describes the SSH configuration, including creating the local RSA key pair, configuring the SSH user public key and configuring an SSH user.
7-2
Issue 02 (2008-04-25)
7.1 Overview
This topic describes the remote user authentication and the authentication modes.
Service Description
Remote user authentication refers to the process of authenticating the users who remotely log in to the MA5600T. Only the authenticated users can log in to the MA5600T to manage and maintain it.
The MA5600T authenticates remote users in the following two ways:
l
AAA/RADIUS
In an authentication, authorization, and accounting (AAA)/Remote Authentication Dial-In User Service (RADIUS) frame, the MA5600T functions as a network access server (NAS). As for the RADIUS server, the MA5600T functions as a RADIUS client. The MA5600T forwards the user name and password of the login user to the RADIUS server for authentication when the AAA/RADIUS function is enabled. The SSH protocol is based on a client/server mode, using TCP for interconnections to realize secure remote access to insecure networks.
Secure Shell (SSH)
7.2 Related Concepts

This topic describes the concepts related to remote user authentication, including AAA, RADIUS, SSH and 802.1xAAA, RADIUS and SSH. 7.2.1 Introduction to AAA This topic describes AAA and its advantages. 7.2.2 Introduction to RADIUS This topic describes RADIUS and its principles. 7.2.3 Introduction to SSH This topic describes SSH and the advantages of the SSH protocol. 7.2.4 Introduction to 802.1x This topic introduces what is 802.1x and the working principle and the system architecture of the 802.1x protocol.
7.2.1 Introduction to AAA

This topic describes AAA and its advantages.
What Is AAA
AAA provides a framework for the consistency configuration of authentication, authorization and accounting. Actually, the AAA framework is used for network security management.
Advantages of AAA
Generally, the AAA framework adopts the server/client structure, where the server stores the user information and the client runs on the managed resources side. The AAA framework has the following advantages:
l l l l
Excellent expansibility Standardardized authentication schemes Centralized user management Multi-system based security mechanism
7.2.2 Introduction to RADIUS

This topic describes RADIUS and its principles.
What Is RADIUS
As a management framework, AAA can be performed by a number of protocols. The RADIUS protocol is commonly used to implement AAA.
l
The RADIUS protocol is an information exchange protocol with the distributed server/ client structure. It is used to manage a large number of distributed dialup users. A RADIUS server manages a simple user database to provide the AAA function to the users and to modify the service information of the users according to the service types and rights. The users forward their AAA requests to the RADIUS server through an NAS.
Principles of RADIUS
l
When a user tries to access another network (or some network resources) by setting up a connection to the NAS through a network, the NAS forwards the user authentication and accounting information to the RADIUS server. The RADIUS protocol specifies the means of transmitting the user information and accounting information between the NAS and the RADIUS server. The RADIUS server receives the connection requests of users sent from the NAS, authenticates the user account and password contained in the user data, and returns the required data to the NAS.
NOTE
l l
The NAS and the RADIUS server use a key to encrypt the data exchanged between them, thus preventing the user password from being intercepted or stolen. The RADIUS configuration only defines the parameters related to the connections between the NAS and the RADIUS server. To validate these parameters, you must specify the RADIUS scheme in domain mode and specify the RADIUS mode for authentication and accounting.
7.2.3 Introduction to SSH

This topic describes SSH and the advantages of the SSH protocol.
What Is SSH
SSH provides authentication, encryption, and identification to guarantee network communication security. When users telnet the router through an insecure network, SSH provides the MA5600T with powerful security and authentication. This ensures that the MA5600T is completely protected from attacks such as IP address spoofing or interception of passwords of plain texts.
SSH RFC
The Internet Engineering Task Force (IETF) released an SSH RFC document. The SSH protocol defined in the RFC document has two versions:
l
SSHv1.5: The SSHv1.5 was issued earlier than the SSHv2. At present, a majority of SSHs support this version. SSHv2: The SSHv2 is more standard and advanced than the SSHv1.5. It enhances security and provides the file transfer function.
Advantages
The SSH protocol is based on a client/server mode. It uses TCP for interconnections to realize secure remote access to insecure networks. Compared with telnet, SSH has the following advantages:
l l l
SSH supports the methods of using the password and RSA public key to authenticate clients. SSH supports data encryption standard (DES), 3DES, and AES to encrypt session data. When the SSH server communicates with the SSH client, both the user name and the password are encrypted to prevent the password from being intercepted. SSH encrypts the data to guarantee security and reliability of the data during the transmission. SSH supports authentication of a server. SSH supports the MD5 and SHA algorithms to identify the integrity of the session data to guarantee authenticity of the session data and prevent the data from being altered maliciously during the transfer process. SSH supports RSA authentication mode. In this mode, SSH implements secure key exchange and authentication of the server by generating public and private keys. These keys are generated according to the encryption principle of the asymmetric encryption system. This guarantees the whole secure process of sessions.
l l
7.2.4 Introduction to 802.1x

This topic introduces what is 802.1x and the working principle and the system architecture of the 802.1x protocol.
What is 802.1x
802.1x (IEEE Std 802.1x-2001) is derived from the 802.11 protocol of Wireless Local Area Network (WLAN), which is used for controlling the access and authentication of wireless users at the link layer. After the expansion, 802.1x can use the Ethernet packets to bear data so that 802.1x can be employed to facilitate the Ethernet access or other wired access methods.
Working Principle of 802.1x

802.1x defines the port-based network access control and the working principle is as follows:
The access port (the physical port or the logical port) is under the control of the access device. Before the authentication, the port is in the disabled state and users who are connected to this port cannot access the network resources. If a user passes the authentication, the port is enabled and users can access the permitted network resources.
System Architecture of 802.1x

802.1x defines the following three function entities: the supplicant, the authenticator and the authentication server.
l
The supplicant is usually a user-side device (such as a PC) and the client software supporting 802.1x must be installed on the device. The client software initiates the authentication and stops the authentication. The authenticator is a network device that supports the 802.1x protocol. The system authenticates the request of the supplicant and provides a service port to the supplicant. The service port can be a physical port or a logical port. The authentication server is an entity that provides the authentication service to the authenticator. The authentication server of 802.1x is always located at the carrier's AAA center. The uncontrolled port is always in the bi-directional connection and can transmit the authentication packets. By default, the controlled port is in the non-connection state. If the port passes the authentication, then the controlled port is in the authenticated state and the port can transmit service packets. If the port fails to pass the authentication, then the controlled port is in the unauthenticated state and the port cannot transmit the service packets.
The authentication port is divided into two types: the controlled port and the uncontrolled port.
l
7.3 Configuration Example of Remote User Authentication

This topic provides an example for authenticating the remote user so that the user can access the network resources through the MA5600T.
Networking
Figure 7-1 shows an example network for configuring the remote user authentication. The MA5600T connects the PC to the RADIUS server, and it supports the 802.1x feature. The IP address of the primary RADIUS server is 10.10.10.1, and the IP address of the secondary RADIUS server is 20.20.20.1. The IDs of the ports for authentication and accounting is 1812 and 1813 respectively. The 802.1x authentication mode is EAP-end, and the AAA authentication scheme is RADIUS.
7-6
Issue 02 (2008-04-25)
Figure 7-1 Example network for configuring the remote user authentication
10.10.10.1 Radius server 20.20.20.1 Router G P B C
CON ETH ESC
GE 0/19/0
SCU Optical splitter ONT
MA5600T
PC
Data Plan
Table 7-1 provides the data plan for configuring the remote user authentication. Table 7-1 Data plan for configuring the remote user authentication Item Remote user Data 802.1x authentication mode: EAP-end AAA authentication scheme: RADIUS User port: 0/11/0 VLAN: 10 Upstream port 0/9/0 VLAN: 10 IP address of the primary RADIUS server IP address of the secondary RADIUS server
Issue 02 (2008-04-25)
10.10.10.1 20.20.20.1
7-7
Item RADIUS server
Data Authentication port ID of the RADIUS server: 1812 Accounting port ID of the RADIUS server: 1813
NOTE
This topic provides information on configuration of the MA5600T only. For configuration of the RADIUS server, refer to related documents. The RADIUS configuration profile contains the IP address and port number of the RADIUS server. Configure other parameters such as RADIUS shared key and RADIUS server type according to the normal practice. Currently, the MA5600T supports two authentication modes: RADIUS authentication and local authentication.
Prerequisites
l l l
The network devices and the lines must be in the normal state. All boards of the MA5600T must be in the normal state. The 802.1x client software has been installed on the PC, or the PC supports the DHCPtriggered 802.1x authentication.
Figure 7-2 shows the flowchart for configuring the remote user authentication.
7-8
Issue 02 (2008-04-25)
Figure 7-2 Flowchart for configuring the remote user authentication

Start Configure the upstream port and the service port Configuring an 802.1X template Enable the 802.1X authentication Configure the AAA authentication scheme Configure the AAA accounting scheme Create the virtual profile for the RADIUS server Configure an AAA domain
Save the data
End
Procedure
Step 1 Configure the upstream port and the service port. 1. 2. Create a VLAN.
huawei(config)#vlan 10 smart

huawei(config)#port vlan 10 0/9 0 huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 vlan 10
3.
Add the service port.

huawei(config-if-scu-0/9)#quit huawei(config)#service-port 6 vlan 10 gpon 0/11/0 gemport 128 rx-cttr 5 tx-cttr 5
Step 2 Configuring an 802.1x template.

huawei(config)#dot1x-template 3 huawei(config-dot1x-template3)#keepalive retransmit 3 interval 10 huawei(config-dot1x-template3)#eap-end
Step 3 Enable the 802.1x authentication. 1.

Issue 02 (2008-04-25)
Enable the 802.1x authentication based on the physical port.


huawei(config-dot1x-template3)#quit huawei(config)#dot1x service-port 6
2.
Enable the 8021.X authentication globally.

huawei(config)#dot1x enable
Step 4 Configure the AAA authentication scheme.

huawei(config)#aaa huawei(config-aaa)#authentication-scheme huawei Note: Create a new authentication scheme huawei(config-aaa-authen-huawei)#authentication-mode radius
Step 5 Configure the AAA accounting scheme.

huawei(config-aaa-authen-huawei)#quit huawei(config-aaa)#accounting-scheme huawei Note: Create a new accounting scheme huawei(config-aaa-accounting-huawei)#accounting-mode radius huawei(config-aaa-accounting-huawei)#accounting interim interval 10
Step 6 Create the virtual profile for the RADIUS server.

NOTE
The configuration of the virtual profile for the RADIUS server must be the same as that of the remote RADIUS server.
huawei(config-aaa-accounting-huawei)#quit huawei(config-aaa)#quit huawei(config)#radius-server template huawei Note: Create a new server template huawei(config-radius-huawei)#radius-server huawei(config-radius-huawei)#radius-server secondary huawei(config-radius-huawei)#radius-server huawei(config-radius-huawei)#radius-server huawei(config-radius-huawei)#radius-server authentication 10.10.10.1 1812 authentication 20.20.20.1 1812 accounting 10.10.10.1 1813 accounting 20.20.20.1 1813 secondary shared-key huawei
Step 7 Configure an AAA domain.

huawei(config-radius-huawei)#quit huawei(config)#aaa huawei(config-aaa)#domain huawei Note: Create a new domain huawei(config-aaa-domain-huawei)#authentication-scheme huawei huawei(config-aaa-domain-huawei)#accounting-scheme huawei huawei(config-aaa-domain-huawei)#dot1x-template 3 huawei(config-aaa-domain-huawei)#radius-server huawei

huawei(config-aaa-domain-huawei)#quit huawei(config-aaa)#quit huawei(config)#save
----End
Result
After the configuration on the RADIUS server is complete, log in to the MA5600T and type in the user name in the format of "userid@huawei". If the RADIUS server contains the user name and domain configuration, the user can log in to it and manage the devices.
7.4 Configuring the RADIUS

This topic describes the RADIUS configuration, including creating a RADIUS server template, setting the IP address and port number of a RADIUS server, setting the shared key of the
RADIUS server, setting the response timeout interval of a RADIUS server, setting the maximum retransmit count of RADIUS request packets, setting the RADIUS server type, setting the format of user name sent to a RADIUS server. 7.4.1 Overview This topic describes the specification and notes for configuring the RADIUS. 7.4.2 Creating a RADIUS Server Template This topic describes how to create a RADIUS server template and enter the template configuration mode. 7.4.3 Setting the IP Address and Port Number of a RADIUS Server This topic describes how to set the IP address and UDP port number of the RADIUS server for a new RADIUS server template. 7.4.4 Setting the Shared Key of the RADIUS Server This topic describes how to set the shared key of the RADIUS server. 7.4.5 Setting the Response Timeout Interval of a RADIUS Server This topic describes how to set the response timeout interval of a RADIUS server. 7.4.6 Setting the Maximum Number of Transmissions for the RADIUS Request Packets This topic describes how to set the maximum number of transmissions for the RADIUS request packets. 7.4.7 Setting the Format of the User Name Sent to a RADIUS Server This topic describes how to set the format of the user name that is sent to a RADIUS server to specify whether the user name contains the domain name.
7.4.1 Overview
This topic describes the specification and notes for configuring the RADIUS.
Specification
For the MA5600T, the RADIUS is configured based on each RADIUS server group. In actual networking, a RADIUS server group can be any of the following:
l l
An independent RADIUS server A pair of primary/secondary RADIUS servers with the same configuration but different IP addresses
The following lists the attributes of a RADIUS server template:

l l l
IP addresses of primary and secondary servers Shared key RADIUS server type
NOTE
The RADIUS configuration only defines the parameters used for data exchange between the MA5600T and the RADIUS server. To validate these parameters, you need to reference the RADIUS server group in a domain. For details, see "7.6 Configuring AAA."
7.4.2 Creating a RADIUS Server Template

This topic describes how to create a RADIUS server template and enter the template configuration mode.
l
Before configuring the RADIUS, you must configure a RADIUS server template and enter the template configuration mode. One RADIUS server template can be used by multiple domains at the same time.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter RADIUS config mode. Step 2 Run the quit command to exit RADIUS config mode. Step 3 Run the display radius-server configuration command to query the created RADIUS server template. ----End
Example
To create the RADIUS server template named radius1, do as follows:
huawei(config)#radius-server template radius1 huawei(config-radius-radius1)#quit huawei(config)#display radius-server configuration template radius1 ------------------------------------------------------------------Server-template-name : radius1 Traffic-unit : Byte Shared-secret-key : huawei Timeout-interval(in second) : 5 Retransmission : 3 Domain-included : yes Primary-authentication-server : 0.0.0.0:0 Primary-accounting-server : 0.0.0.0:0 Secondary-authentication-server : 0.0.0.0:0 Secondary-accounting-server : 0.0.0.0:0 -------------------------------------------------------------------
Related Operation
Table 7-2 lists the related operation for creating a RADIUS server template Table 7-2 Related operation for creating a RADIUS server template To Delete a RADIUS server template Run the Command undo radius-server template
7.4.3 Setting the IP Address and Port Number of a RADIUS Server

This topic describes how to set the IP address and UDP port number of the RADIUS server for a new RADIUS server template.
l
By default, the RADIUS servers may consist of the primary and secondary RADIUS servers. The IP address of the primary and secondary RADIUS servers is 0.0.0.0. To ensure normal communication between the MA5600T and the RADIUS server, before setting the IP address and UDP port number of the server, make sure that the route between the MA5600T and the RADIUS server is in the normal state. Make sure that the port settings for the RADIUS service on the MA5600T must be consistent with the port settings on the RADIUS server.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter RADIUS config mode. Step 2 Run the radius-server authentication command to configure the primary RADIUS server. Step 3 Run the radius-server authentication secondary command to configure the secondary RADIUS server. Step 4 Run the quit command to exit RADIUS config mode. Step 5 Run the display radius-server configuration command to query the IP address and port number of the RADIUS servers. ----End
Example
To set the IP address and port number of the primary RADIUS server as 10.10.10.1 and 1812 respectively, and the IP address and port number of the secondary RADIUS server as 10.10.10.2 and 1812 respectively, do as follows:
huawei(config)#radius-server template radius1 huawei(config-radius-radius1)#radius-server authentication 10.10.10.1 1812 huawei(config-radius-radius1)#radius-server authentication 10.10.10.2 1812 secondary huawei(config-radius-radius1)#quit huawei(config)#display radius-server configuration template radius1 ------------------------------------------------------------------Server-template-name : radius1 Traffic-unit : Byte Shared-secret-key : huawei Timeout-interval(in second) : 5 Retransmission : 3 Domain-included : yes Primary-authentication-server : 10.10.10.1:1812 Primary-accounting-server : 0.0.0.0:0 Secondary-authentication-server : 10.10.10.2:1812 Secondary-accounting-server : 0.0.0.0:0 -------------------------------------------------------------------
Related Operation
Table 7-3 lists the related operation for setting the IP address and port number of a RADIUS server.
Issue 02 (2008-04-25)
7-13
Table 7-3 Related operation for setting the IP address and port number of a RADIUS server To Delete the configured RADIUS server Run the Command undo radius-server authentication
7.4.4 Setting the Shared Key of the RADIUS Server

This topic describes how to set the shared key of the RADIUS server.
l l
By default, the key is "huawei". The RADIUS client (namely the MA5600T) and the RADIUS server use the MD5 algorithm to encrypt the packets exchanged between them. Both the MA5600T and the RADIUS server are configured with shared keys to verify the validity of packets. They respond to the received packets only when the keys at both ends are identical.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter RADIUS config mode. Step 2 Run the radius-server shared-key command to set the shared key of the RADIUS server. Step 3 Run the quit command to exit RADIUS config mode. Step 4 Run the display radius-server configuration command to query the shared key of the RADIUS server. ----End
Example
To set the shared key of a RADIUS server as "radius2004", do as follows:
huawei(config)#radius-server template radius1 huawei(config-radius-radius1)#radius-server shared-key radius2004 huawei(config-radius-radius1)#quit huawei(config)#display radius-server configuration template radius1 ------------------------------------------------------------------Server-template-name : radius1 Traffic-unit : Byte Shared-secret-key : radius2004 Timeout-interval(in second) : 5 Retransmission : 3 Domain-included : yes Primary-authentication-server : 10.10.10.1:1812 Primary-accounting-server : 0.0.0.0:0 Secondary-authentication-server : 10.10.10.2:1812 Secondary-accounting-server : 0.0.0.0:0 -------------------------------------------------------------------
7.4.5 Setting the Response Timeout Interval of a RADIUS Server

This topic describes how to set the response timeout interval of a RADIUS server.
l
After the MA5600T sends RADIUS request packets to the RADIUS server, if no response from the RADIUS server is received after the timeout interval, the MA5600T resends these packets to the RADIUS server to ensure that the users can obtain the RADIUS service. By default, the timeout interval is 5s.
Procedure
Step 1 Run the radius-server template command to create a RADIUS template and enter RADIUS config mode. Step 2 Run the radius-server timeout command to set the response timeout interval of a RADIUS server. Step 3 Run the quit command to exit RADIUS config mode. Step 4 Run the display radius-server configuration command to query the response timeout interval of the RADIUS server. ----End
Example
To set the response timeout interval of a RADIUS server to 10s, do as follows:
huawei(config)#radius-server template radius1 huawei(config-radius-radius1)#radius-server timeout 10 huawei(config-radius-radius1)#quit huawei(config)#display radius-server configuration template radius1 ------------------------------------------------------------------Server-template-name : radius1 Traffic-unit : Byte Shared-secret-key : radius2004 Timeout-interval(in second) : 10 Retransmission : 3 Domain-included : yes Primary-authentication-server : 10.10.10.1:1812 Primary-accounting-server : 0.0.0.0:0 Secondary-authentication-server : 10.10.10.2:1812 Secondary-accounting-server : 0.0.0.0:0 -------------------------------------------------------------------
Related Operation
Table 7-4 lists the related operation for setting the response timeout interval of a RADIUS server. Table 7-4 Related operation for setting the response timeout interval of a RADIUS server To Restore the default response timeout interval of a RADIUS server Run the Command undo radius-server timeout
Issue 02 (2008-04-25)
7-15
7.4.6 Setting the Maximum Number of Transmissions for the RADIUS Request Packets
This topic describes how to set the maximum number of transmissions for the RADIUS request packets.
l
If no response has been received from the RADIUS server within the response timeout time specified by the timeout timer, the MA5600T resends the request packets to the RADIUS server. When the number of transmissions exceeds the specified maximum value, the MA5600T considers that its connection to the RADIUS server is interrupted, and then sends the request packets to another RADIUS server. By default, the maximum number of transmissions for the RADIUS request packets is 3. You can modify the configuration of a RADIUS server template. If there is an online user who is using the RADIUS server template, the new configuration effects only after the user gets online the next time.
l l
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter RADIUS config mode. Step 2 Run the radius-server retransmit command to configure the maximum number of transmissions for the RADIUS request packets. Step 3 Run the quit command to exit RADIUS config mode. Step 4 Run the display radius-server configuration command to query the maximum number of transmissions for the RADIUS request packets. ----End
Example
To set the maximum number of transmissions for the RADIUS request packets to 5, do as follows:
huawei(config)#radius-server template radius1 huawei(config-radius-radius1)#radius-server retransmit 5 huawei(config-radius-radius1)#quit huawei(config)#display radius-server configuration template radius1 ------------------------------------------------------------------Server-template-name : radius1 Traffic-unit : Byte Shared-secret-key : radius2004 Timeout-interval(in second) : 10 Retransmission : 5 Domain-included : yes Primary-authentication-server : 10.10.10.1:1812 Primary-accounting-server : 0.0.0.0:0 Secondary-authentication-server : 10.10.10.2:1812 Secondary-accounting-server : 0.0.0.0:0 -------------------------------------------------------------------
7-16
Issue 02 (2008-04-25)
Related Operation
Table 7-5 lists the related operation for setting the maximum number of transmissions for the RADIUS request packets. Table 7-5 Related operation for setting the maximum number of transmissions for the RADIUS request packets To Restore the maximum number of transmissions for the RADIUS request packets to the default value Run the Command undo radius-server retransmit
7.4.7 Setting the Format of the User Name Sent to a RADIUS Server
This topic describes how to set the format of the user name that is sent to a RADIUS server to specify whether the user name contains the domain name.
l l
By default, a user name sent to a RADIUS server contains the domain name. The names of the access users are generally in the format of "userid@domain-name". The part following "@" is the domain name. The MA5600T learns the domains of users based on their respective domain names. Some earlier RADIUS servers reject the user names that contain domain names. In this case, you can run the undo radius-server user-name domain-included command to specify that the user name to be sent to a RADIUS server carries no domain name. If a RADIUS server group does not accept user names that carry domain names, make sure that the RADIUS server group is not used at the same time in two or more domains. This is because users of different domains with the same user name can be mistaken as the same user by the RADIUS when it is receiving these user names at the same time. You can modify the configuration of a RADIUS server template. If there is an online user who is using the RADIUS server template, the new configuration can take effect only after the user gets online next time.
Procedure
Step 1 Run the radius-server template command to create a RADIUS server template and enter the corresponding RADIUS config mode. Step 2 Run the (undo)radius-server user-name domain-included command to set whether the user name that is sent to RADIUS server contains a domain name. Step 3 Run the quit command to exit RADIUS config mode. Step 4 Run the display radius-server configuration command to query the format of a user name that is sent to the RADIUS server. ----End
Examples
To specify that a user name to be sent to a RADIUS server contains no domain name, do as follows:
huawei(config)#radius-server template radius1 huawei(config-radius-radius1)#undo radius-server user-name domain-included huawei(config-radius-radius1)#quit huawei(config)#display radius-server configuration template radius1 ------------------------------------------------------------------Server-template-name : radius1 Traffic-unit : Byte Shared-secret-key : radius2004 Timeout-interval(in second) : 10 Retransmission : 5 Domain-included : no Primary-authentication-server : 10.10.10.1:1812 Primary-accounting-server : 0.0.0.0:0 Secondary-authentication-server : 10.10.10.2:1812 Secondary-accounting-server : 0.0.0.0:0 -------------------------------------------------------------------
To specify that a user name to be sent to a RADIUS server contains a domain name, do as follows:
huawei(config)#radius-server template radius1 huawei(config-radius-radius1)#radius-server user-name domain-included huawei(config-radius-radius1)#quit huawei(config)#display radius-server configuration template radius1 ------------------------------------------------------------------Server-template-name : radius1 Traffic-unit : Byte Shared-secret-key : radius2004 Timeout-interval(in second) : 10 Retransmission : 5 Domain-included : yes Primary-authentication-server : 10.10.10.1:1812 Primary-accounting-server : 0.0.0.0:0 Secondary-authentication-server : 10.10.10.2:1812 Secondary-accounting-server : 0.0.0.0:0 -------------------------------------------------------------------
7.5 Configuring 802.1x

This topic describes the 802.1x configuration, including configuring an 802.1x template, enabling the 802.1x authentication on a port, configuring the control mode of a port, enabling the 802.1x authentication globally, and enabling the DHCP-triggered authentication. 7.5.1 Configuring an 802.1x Template This topic describes how to configure an 802.1x template. 7.5.2 Enabling the 802.1x Authentication on a Port This topic describes how to enable the 802.1x authentication on a port. 7.5.3 Configuring the Control Mode of a Port This topic describes how to configure the control mode of the 802.1x authentication for a port. 7.5.4 Enabling the 802.1x Authentication Globally This topic describes how to enable the 802.1x authentication globally. 7.5.5 Enabling the DHCP-Triggered Authentication This topic describes how to trigger DHCP to enable the 802.1x authentication.
7.5.1 Configuring an 802.1x Template

This topic describes how to configure an 802.1x template.
l
The default 802.1x template is template 1 in the system. The default 802.1x template can be modified but cannot be deleted. When you create an 802.1x template, all the parameters in the template have default settings. By default, keep-alive in the 802.1x template is disabled. You can configure the permitted handshake failure times to enable the keep-alive. By default, reauthentication is enabled.
Procedure
Step 1 Run the dot1x-template command to enter dot1x-template mode. Step 2 Run the keepalive retransmit command to configure the number of handshake failures allowed. Step 3 Run the keepalive interval command to set the keep-alive interval. Step 4 Run the reauthentication interval command to set the reauthentication interval. Step 5 Run the authentication timeout command to set the timeout interval of the server. Step 6 Run the request interval command to set the timeout interval of the client. Step 7 Run the request retransmit command to configure the number of times for retransmitting packets to the client. Step 8 Run the quiet-period command to configure the quiet period after the authentication configuration on the client fails. In the quiet period, the system does not respond to authentication requests. Step 9 Run the eap-end command to configure the authentication mode as EAP-end. Step 10 Run the quit command to exit dot1x-template mode. Step 11 Run the display dot1x-template command to query the configuration of the 802.1x template. ----End
Example
l l l l l l l
Permitted handshake failure times: 3 Reauthentication interval: 100s Timeout interval of the server: 150s Timeout interval of the client: 30s Times for retransmitting packets to the client: 3 Quiet period: 15s Authentication mode: EAP-end
To create 802.1x template 6, do as follows:

huawei(config)#dot1x-template 6 huawei(config-dot1x-template6)#keepalive retransmit 3 huawei(config-dot1x-template6)#keepalive interval 10 huawei(config-dot1x-template6)#reauthentication interval 100 huawei(config-dot1x-template6)#authentication timeout 150 huawei(config-dot1x-template6)#request interval 30 huawei(config-dot1x-template6)#request retransmit 3 huawei(config-dot1x-template6)#quiet-period 15 huawei(config-dot1x-template6)#eap-end huawei(config-dot1x-template6)#quit huawei(config)#display dot1x-template 6 Template Number : 6 Authentication Timeout : 150 KeepAlive Switch : enable KeepAlive Interval : 10 KeepAlive Retransmit Times : 3 ReAuthentication Switch : enable ReAuthentication Interval : 100 Request Interval : 30 Request Retransmit Times : 3 Quiet-Period : 15 Eap-Mode : eap-end
Related Operations
Table 7-6 lists the related operations for configuring an 802.1x template. Table 7-6 Related operations for configuring an 802.1x template To... Disable keep-alive Run the Command... keepalive switch-off Remarks By default, keep-alive is disabled. You can configure the number of handshake failures allowed to enable keep-alive. By default, reauthentication is enabled. Switching the authentication mode of an 802.1x template forces the related users to get offline. Therefore, do not change the authentication mode after the 802.1x template is configured. When you need to cancel the configuration of a parameter of the 802.1x template, run the corresponding undo command of the configuration command. When you need to restore the default settings of all the parameters, run the reset command.
Disable reauthentication Restore the default authentication mode of the 802.1x template
reauthentication switch-off undo eap-end
Restore the default settings of parameters of the 802.1x template
reset
7-20
Issue 02 (2008-04-25)
7.5.2 Enabling the 802.1x Authentication on a Port

This topic describes how to enable the 802.1x authentication on a port.
l
On the GPON service board, you can enable the 802.1x authentication on a service port and not on a physical port. To reduce the occurrence of the abnormal logout caused by the change in the 802.1x configuration, the configuration of the 802.1x template and the port on the MA5600T does not take effect immediately. You must run the dot1x enable command to enable the 802.1x authentication. Only then the configuration takes effect. After the 802.1x authentication is disabled, the parameter configuration is retained. When the 802.1x authentication is enabled again, the configuration takes effect.
Procedure
Enable the 802.1x authentication based on the service port 1. 2. Run the dot1x service-port command to enable the 802.1x authentication based on the service port. Run the display dot1x service-port command to query the 802.1x configuration of the specified service port.
----End
Examples
To enable the 802.1x authentication of service port 8, do as follows:
huawei(config)#dot1x service-port 8 huawei(config)#display dot1x service-port 8 FlowID : 8 Authentication State : unauthorized Authentication Mode : auto User-Name : Framed-Pool :
Related Operations
Table 7-7 lists the related operations for enabling the 802.1x authentication on a port.
Issue 02 (2008-04-25)
7-21
Table 7-7 Related operations for enabling the 802.1x authentication on a port. To... Configure the 802.1x authentication mode of the specified port Run the Command... dot1x port-control Remarks By default, the control mode of a port with the 802.1x authentication enabled is automatic. In this mode, users can access the network resources only after the authentication. When the control mode of a port is force-authorized, the port is enabled and users can access the network resources without authentication. When the control mode of a port is force-unauthorized, the port is disabled and users cannot access the network resources. Enable the 802.1x authentication on the device Query the service ports in the system dot1x enable By default, the 802.1x authentication of the device is disabled.
display service-port
7.5.3 Configuring the Control Mode of a Port

This topic describes how to configure the control mode of the 802.1x authentication for a port.
l
By default, the control mode of a port for which the 802.1x authentication is enabled, is automatic. In this mode, users can access the network resources only after the authentication. When the control mode of a port is force-authorized, the port is enabled and users can access the network resources without authentication. When the control mode of a port is force-unauthorized, the port is disabled and users cannot access the network resources. On the GPON service board, you can configure the control mode on a service port and not on a physical port.
Procedure
Step 1 Run the dot1x port-control command to configure the 802.1x authentication mode of the specified port. Step 2 Query the 802.1x configuration of the specified port. l Run the display dot1x service-port command to query the 802.1x configuration of the specified service port.
----End
Example
To configure the control mode of the 802.1x authentication for service port 6 as forceauthorized, do as follows:
huawei(config)#dot1x port-control force-authorized service-port 6 huawei(config)#display dot1x service-port 6 FlowID : 6 Authentication State : Authentication Mode : force-authorized User-Name : Framed-Pool :
Related Operations
Table 7-8 lists the related operations for configuring the control mode of a port. Table 7-8 Related operations for configuring the control mode of a port To... Enable the 802.1x authentication of a service port Enable the 802.1x authentication of a device Run the Command... dot1x service-port Remarks By default, the 802.1x authentication of the service port is disabled.
dot1x enable
By default, the 802.1x authentication of the device is disabled.
7.5.4 Enabling the 802.1x Authentication Globally

This topic describes how to enable the 802.1x authentication globally.
l l
By default, the 802.1x authentication of the device is disabled. To minimize the occurrence of the abnormal logout caused by the change in the 802.1x configuration, the configuration of the 802.1x template and the port on the MA5600T does not take effect immediately. You must enable the 802.1x authentication and then the configuration takes effect. After the 802.1x authentication is disabled, the parameter configuration is retained. When the 802.1x authentication is enabled again, the configuration takes effect.
Procedure
Step 1 Run the dot1x enable command to enable the 802.1x authentication globally. Step 2 Run the display dot1x command to query the global state of the 802.1x authentication. ----End
Example
To enable the 802.1x authentication globally, do as follows:
huawei(config)#dot1x enable It will take several minutes to dot1x enable, please wait... huawei(config)#display dot1x { <cr>|port<K>|service-port<K>|statistics<K> }: Command: display dot1x 802.1x global status : enable 802.1x dhcp-trigger status : disable
Related Operations
Table 7-9 lists the related operations for enabling the 802.1x authentication globally. Table 7-9 Related operations for enabling the 802.1x authentication globally To... Disable the 802.1x authentication globally Enable the 802.1x authentication of a service port Run the Command... dot1x disable Remarks By default, the 802.1x authentication is disabled globally.
dot1x service-port
By default, the 802.1x authentication of the service port is disabled.
7.5.5 Enabling the DHCP-Triggered Authentication

This topic describes how to trigger DHCP to enable the 802.1x authentication.
l l
By default, the DHCP-triggered 802.1x authentication is disabled. The DHCP-triggered 802.1x authentication facilitates the devices that do not support the 802.1x client-triggered authentication to implement the 802.1x authentication.
Procedure
Step 1 Run the dot1x dhcp-trigger enable command to enable the DHCP-triggered 802.1x authentication. Step 2 Run the display dot1x command to query the global state of the 802.1x authentication. ----End
Example
To enable the DHCP-triggered 802.1x authentication, do as follows:
huawei(config)#dot1x dhcp-trigger enable It will take several minutes to dot1x enable, please wait... huawei(config)#display dot1x { <cr>|port<K>|service-port<K>|statistics<K> }: Command: display dot1x 802.1x global status : enable 802.1x dhcp-trigger status : enable
Related Operation
Table 7-10 lists the related operations for enabling the DHCP-triggered 802.1x authentication. Table 7-10 Related operations for enabling the DHCP-triggered 802.1x authentication To... Disable the DHCPtriggered authentication Enable the 802.1x authentication of a service port Run the Command... dot1x dhcp-trigger disable Remarks By default, the DHCP-triggered 802.1x authentication is disabled.
dot1x service-port
By default, the 802.1x authentication of the service port is disabled.
7.6 Configuring AAA

This topic describes the AAA configuration, including configuring an authentication scheme, creating a domain, specifying the authentication scheme and binding the RADIUS server template. 7.6.1 Configuring an Authentication Scheme This topic describes how to configure a scheme for authenticating the remote login requests of managed users. In the authentication scheme, you can specify the mode for authenticating the remote login requests of managed users. 7.6.2 Configuring an Accounting Scheme This topic describes how to configure an accounting scheme. 7.6.3 Configure an Accounting Mode This topic describes how to configure an accounting mode. 7.6.4 Configuring the Interval for the Real-time Accounting This topic describes how to configure the interval for the real-time accounting. 7.6.5 Creating a Domain This topic describes how to create a domain. 7.6.6 Binding a RADIUS Server Template This topic describes how to bind a domain with a RADIUS server template. 7.6.7 Specifying an Authentication Scheme
When you need to configure the remotely managed users to contain the domain information for authentication, This topic describes how to specify an authentication scheme for a domain. 7.6.8 Specifying an Accounting Scheme This topic describes how to specify an accounting scheme for a domain for the purpose of accounting. 7.6.9 Referencing an 802.1x Template This topic describes how to reference an 802.1x template for a domain.
7.6.1 Configuring an Authentication Scheme

This topic describes how to configure a scheme for authenticating the remote login requests of managed users. In the authentication scheme, you can specify the mode for authenticating the remote login requests of managed users.
l l
The MA5600T supports the authentication through the RADIUS server. After an authentication scheme is configured, it is validated when it is referenced by a domain. A domain defines one type of users. To adopt radius as the authentication mode, you must configure the RADIUS protocol for the MA5600T (for details, see "7.4 Configuring the RADIUS") and configure the related user information on the remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode. Step 2 Run the authentication-scheme command to configure an authentication scheme. Step 3 Run the authentication-mode radius command to configure the authentication mode of the scheme. Step 4 Run the quit command to exit authentication mode. Step 5 Run the display authentication-scheme command to query the configured authentication scheme. ----End
Example
To configure authentication scheme "huawei", with the authentication mode of RADIUS, do as follows:
huawei(config)#aaa huawei(config-aaa)#authentication-scheme huawei huawei(config-aaa-authen-huawei)#authentication-mode radius huawei(config-aaa-authen-huawei)#quit huawei(config-aaa)#display authentication-scheme { <cr>|string<S><1,32> }: Command: display authentication-scheme --------------------------------------------------------------------------Authentication-scheme-name Authentication-mode --------------------------------------------------------------------------default Local authentication
7-26
Issue 02 (2008-04-25)
huawei RADIUS authentication --------------------------------------------------------------------------Total 2,2 printed
Related Operations
Table 7-11 lists the related operations for configuring an authentication scheme. Table 7-11 Related operations for configuring an authentication scheme To Delete an authentication scheme Query AAA configuration Run the Command undo authentication-scheme Remarks The default authentication scheme of the system cannot be deleted. You can query the usage of the configuration resources of the authentication scheme table.
display aaa configuration
7.6.2 Configuring an Accounting Scheme

This topic describes how to configure an accounting scheme.
l
After configuring an accounting scheme, reference it for setting a user domain (the user type has been specified) to bring it into operation. Before you reference the radius accounting scheme, you must configure the RADIUS protocol (for details, see "7.4 Configuring the RADIUS") and configure the related user information on the remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode. Step 2 Run the accounting-scheme command to create an AAA accounting scheme and enter the corresponding configuration mode. Step 3 Run the quit command to exit the accounting mode. Step 4 Run the display accounting-scheme command to query the configuration of the accounting scheme. ----End
Example
To create an AAA accounting scheme named huawei, do as follows:
huawei(config)#aaa huawei(config-aaa)#accounting-scheme huawei Note: Create a new accounting scheme huawei(config-aaa-accounting-huawei)#quit
Issue 02 (2008-04-25)
7-27
huawei(config-aaa)#display accounting-scheme huawei --------------------------------------------------------------------------Accounting-scheme-name : huawei Accounting-mode : No accounting Realtime-accounting-switch : Close Realtime-accounting-interval(min) : ---------------------------------------------------------------------------
Related Operations
Table 7-12 lists the related operations for configuring an accounting scheme. Table 7-12 Related operations for configuring an accounting scheme To... Delete an accounting scheme Run the Command... undo accounting-scheme Remarks The default accounting scheme of the system cannot be deleted. The referenced accounting scheme cannot be deleted. Configure an accounting mode Configure the interval for real-time accounting Show AAA configuration accounting-mode accounting interim interval By default, the accounting mode is none. When the accounting mode is RADIUS, by default, the real-time accounting is disabled. You can query the usage of the resources configured on the accounting scheme table.
7.6.3 Configure an Accounting Mode

This topic describes how to configure an accounting mode.
l
The MA5600T supports the RADIUS accounting mode. By default, the accounting mode is none. After configuring an accounting scheme, reference it for setting a user domain (the user type has been specified) to bring it into operation. Before you reference the radius accounting scheme, you must configure the RADIUS protocol (for details, see "7.4 Configuring the RADIUS.") and also configure the related user information on the remote RADIUS server.
Procedure
Step 1 Run the aaa command to enter AAA mode.
Step 2 Run the accounting-scheme command to create an AAA accounting scheme and enter the corresponding configuration mode, or enter the mode of the specified accounting scheme. Step 3 Run the accounting-mode command to configure the accounting mode. Step 4 Run the quit command to exit the accounting mode. Step 5 Run the display accounting-scheme command to query the configuration of the accounting scheme. ----End
Example
To configure the accounting mode of the AAA accounting scheme of huawei as RADIUS, do as follows:
huawei(config)#aaa huawei(config-aaa)#accounting-scheme huawei huawei(config-aaa-accounting-huawei)#accounting-mode radius huawei(config-aaa-accounting-huawei)#quit huawei(config-aaa)#display accounting-scheme huawei --------------------------------------------------------------------------Accounting-scheme-name : huawei Accounting-mode : RADIUS accounting Realtime-accounting-switch : Open Realtime-accounting-interval(min) : 20 ---------------------------------------------------------------------------
Related Operations
Table 7-13 lists the related operations for configuring an accounting mode. Table 7-13 Related operations for configuring an accounting mode To... Configure an accounting scheme Configure an accounting mode Configure the interval for real-time accounting Show AAA configuration Run the Command... accounting-scheme Remarks The accounting scheme named default is the default scheme in the system. By default, the accounting mode is none. When the accounting mode is RADIUS, by default, the real-time accounting is disabled. You can query the usage of the resources configured on the accounting scheme table.
accounting-mode accounting interim interval
7.6.4 Configuring the Interval for the Real-time Accounting

This topic describes how to configure the interval for the real-time accounting.
When the accounting mode is RADIUS, by default, the real-time accounting is disabled.
Procedure
Step 1 Run the aaa command to enter AAA mode. Step 2 Run the accounting-scheme command to create an AAA accounting scheme and enter the corresponding configuration mode, or enter the mode of the specified accounting scheme. Step 3 Run the accounting interim interval command to configure the interval for the real-time accounting. Step 4 Run the quit command to exit the accounting mode. Step 5 Run the display accounting-scheme command to query the configuration of the accounting scheme. ----End
Example
To configure the interval for the real-time accounting of the AAA accounting scheme of huawei as 30 minutes, do as follows:
huawei(config)#aaa huawei(config-aaa)#accounting-scheme huawei huawei(config-aaa-accounting-huawei)#accounting interim interval 30 huawei(config-aaa-accounting-huawei)#quit huawei(config-aaa)#display accounting-scheme huawei --------------------------------------------------------------------------Accounting-scheme-name : huawei Accounting-mode : RADIUS accounting Realtime-accounting-switch : Open Realtime-accounting-interval(min) : 30 ---------------------------------------------------------------------------
Related Operations
Table 7-14 lists the related operations for configuring the interval for the real-time accounting. Table 7-14 Related operations for configuring the interval for the real-time accounting. To... Configure an accounting scheme Configure an accounting mode Show AAA configuration Run the Command... accounting-scheme Remarks The accounting scheme named default is the default scheme in the system. By default, the accounting mode is none. You can query the usage of the resources configured on the accounting scheme table.
accounting-mode display aaa configuration
7-30
Issue 02 (2008-04-25)
7.6.5 Creating a Domain

This topic describes how to create a domain.
l l
A domain is a group of users with the same attributes. For a user name in the format of "userid@domain-name", such as huawei20041028@huawei.net, the "huawei.net" following "@" is the domain name, and the "userid" is the user name for identity authentication. The length of the domain name used for login should be equal to or less than 15 characters. The length of other domain names should be equal to or less than 20 characters.
Procedure
Step 1 Run the aaa command to enter AAA mode. Step 2 Run the domain command to create a domain. Step 3 Run the quit command to exit domain mode. Step 4 Run the display domain command to query the domain. ----End
Example
To create a domain named huawei.net, do as follows:
huawei(config)#aaa huawei(config-aaa)#domain huawei.net huawei(config-aaa-domain-huawei.net)#quit huawei(config-aaa)#display domain { <cr>|string<S><1,20> }: Command: display domain ----------------------------------------------------------------------Domain name Online ----------------------------------------------------------------------default 0 huawei.net 0 ----------------------------------------------------------------------Total 2,2 printed
Related Operations
Table 7-15 lists the related operations for creating a domain. Table 7-15 Related operations for creating a domain To Delete a domain Run the Command undo domain Remarks The default domain cannot be deleted.
7-31
Issue 02 (2008-04-25)
To Query AAA configuration
Run the Command display aaa configuration
Remarks You can query the usage of configuration resources of the domain.
7.6.6 Binding a RADIUS Server Template

This topic describes how to bind a domain with a RADIUS server template.
Prerequisite
You must configure a RADIUS server template before this operation. For details, see "7.4 Configuring the RADIUS."
Procedure
Step 1 Run the aaa command to enter AAA mode. Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode. Step 3 Run the radius-server template command to bind a RADIUS server template with the AAA domain. Step 4 Run the quit command to exit domain mode. Step 5 Run the display domain command to query the information on the domain. ----End
Example
To bind "radius1" as the RADIUS server template of domain "huawei.net", do as follows:
huawei(config)#aaa huawei(config-aaa)#domain huawei.net huawei(config-aaa-domain-huawei.net)#radius-server template radius1 huawei(config-aaa-domain-huawei.net)#quit huawei(config-aaa)#display domain huawei.net ------------------------------------------------------------------Domain-name : huawei.net Authentication-scheme-name : default Accounting-scheme-name : default Radius-server-template : radius1 Dot1x-template-number : 1 Online-number : 0 -------------------------------------------------------------------
Related Operation
Table 7-16 lists the related operation for binding the RADIUS server template.
7-32
Issue 02 (2008-04-25)
Table 7-16 Related operation for binding the RADIUS server template To Cancel the reference of a RADIUS server template Run the Command undo radius-server template Remarks Run the command in domain mode to cancel the reference of the RADIUS server template.
7.6.7 Specifying an Authentication Scheme

When you need to configure the remotely managed users to contain the domain information for authentication, This topic describes how to specify an authentication scheme for a domain.
l l
An authentication scheme defines the policy to authenticate all the users of an ISP domain. An authentication scheme can be referenced by a domain only after it is created.
Procedure
Step 1 Run the aaa command to enter AAA mode. Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode. Step 3 Run the authentication-scheme command to specify the authentication scheme. Step 4 Run the quit command to exit domain mode. Step 5 Run the display domain command to query the information on the domain. ----End
Example
To specify huawei as the authentication scheme of domain huawei.net, do as follows:
huawei(config)#aaa huawei(config-aaa)#domain huawei.net huawei(config-aaa-domain-huawei.net)#authentication-scheme huawei huawei(config-aaa-domain-huawei.net)#quit huawei(config-aaa)#display domain huawei.net ------------------------------------------------------------------Domain-name : huawei.net Authentication-scheme-name : huawei Accounting-scheme-name : default Radius-server-template : Dot1x-template-number : 1 Online-number : 0 -------------------------------------------------------------------
Related Operations
Table 7-17 lists the related operations for specifying the authentication scheme.
Table 7-17 Related operations for specifying the authentication scheme To Delete the specified authentication scheme Query AAA configuration Run the Command undo authentication-scheme Remarks Run the command in domain mode to cancel the reference of the authentication scheme. You can query the usage of configuration resources of a domain.
7.6.8 Specifying an Accounting Scheme

This topic describes how to specify an accounting scheme for a domain for the purpose of accounting.
Prerequisite
Before specifying a scheme for a domain, you need to create the scheme.
Procedure
Step 1 Run the aaa command to enter AAA mode. Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode. Step 3 Run the accounting-scheme command to specify the accounting scheme. Step 4 Run the quit command to exit domain mode. Step 5 Run the display domain command to query the information on the domain. ----End
Example
To specify "huawei" as the accounting scheme of domain "huawei.net", do as follows:
huawei(config)#aaa huawei(config-aaa)#domain huawei.net huawei(config-aaa-domain-huawei.net)#accounting-scheme huawei huawei(config-aaa-domain-huawei.net)#quit huawei(config-aaa)#display domain huawei.net ------------------------------------------------------------------Domain-name : huawei.net Authentication-scheme-name : huawei Accounting-scheme-name : huawei Radius-server-template : Dot1x-template-number : 1 Online-number : 0 -------------------------------------------------------------------
Related Operations
Table 7-18 lists the related operations for specifying an accounting scheme.
Table 7-18 Related operations for specifying an accounting scheme To Delete the specified accounting scheme Query AAA configuration Run the Command undo accounting-scheme Remarks Delete the specified accounting scheme in domain mode. You can query the usage of resources configured on the domain.
7.6.9 Referencing an 802.1x Template

This topic describes how to reference an 802.1x template for a domain.
Prerequisite
You need to configure the 802.1x template before you reference it. For details on the configuration, see "7.5.1 Configuring an 802.1x Template."
Procedure
Step 1 Run the aaa command to enter AAA mode. Step 2 Run the domain command to specify huawei.net as the current domain and enter domain mode. Step 3 Run the dot1x-template command to bind an 802.1x template with a domain. Step 4 Run the quit command to exit domain mode. Step 5 Run the display domain command to query the information of the domain. ----End
Example
To configure the domain huawei.net and enable the domain to implement the authentication by using the 802.1x template, do as follows:
huawei(config)#aaa huawei(config-aaa)#domain huawei.net huawei(config-aaa-domain-huawei.net)#dot1x-template 3 huawei(config-aaa-domain-huawei.net)#quit huawei(config-aaa)#display domain huawei.net ------------------------------------------------------------------Domain-name : huawei.net Authentication-scheme-name : default Accounting-scheme-name : default Radius-server-template : radius1 Dot1x-template-number : 3 Online-number : 0 -------------------------------------------------------------------
Related Operation
Table 7-19 lists the related operation for referencing an 802.1x template.
Table 7-19 Related operation for referencing an 802.1x template To... Delete the reference to an 802.1x template Run the Command... undo dot1x-template Remarks In domain mode, run this command to delete the reference to an 802.1x template.
7.7 Configuring SSH

This topic describes the SSH configuration, including creating the local RSA key pair, configuring the SSH user public key and configuring an SSH user. 7.7.1 Creating the Local RSA Key Pair This topic describes how to create the local RSA key pair. 7.7.2 Configuring the SSH User Public Key This topic describes how to configure the SSH user public key. 7.7.3 Configuring an SSH User This topic describes how to configure an SSH user.
7.7.1 Creating the Local RSA Key Pair

This topic describes how to create the local RSA key pair.
l
The key size ranges from 512 bits to 2048 bits. You can change it to 512, 1024, or 2048 bits as required. By default, it is 512 bits. Before using the SSH service for the first time, you must run the rsa local-key-pair create command. If you destroy the SSH server host key pair and service key pair, you must create a new SSH server host key pair and service key pair.
Procedure
Step 1 Run the rsa local-key-pair create command to create the local RSA key pair. Step 2 Run the display rsa local-key-pair public command to query the local RSA key pair. ----End
Example
To set the name of the local RSA key pair to huawei_Host and set the length of the password to 1024, do as follows:
huawei(config)#rsa local-key-pair create The key name will be: huawei_Host % RSA keys defined for huawei_Host already exist. Confirm to replace them? [y/n]:y The range of public key size is (512 ~ 2048).
7-36
Issue 02 (2008-04-25)
NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]:1024 Generating keys... ......................++++++ ..++++++ ............................................++++++++ .++++++++ huawei(config)#display rsa local-key-pair public ===================================================== Time of Key pair created: 13:39:58 2006/2/10 Key name: huawei_Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 BF2B1846 14543312 785ABA61 595B1FA6 9B6D2A6D D0C5A771 07FE3692 CDEE3C8D 11EFB290 7247BC5B 6F28BBB0 8F0B9DC0 4247F4F0 0A38A5B3 A7E5BD5F 7330CB1D 0203 010001 ===================================================== Time of Key pair created: 13:40:0 2006/2/10 Key name: huawei_Server Key type: RSA encryption Key ===================================================== Key code: 3067 0260 B4830A71 7974B485 1365431A 0504081E C9D5A8AF 17AE7F6B A7E07227 3260B5DB 722F42F4 B1BD03D8 E6C527F3 B4403736 29E1A954 17AA56F9 50B3857B 21354F07 95F421C7 9468D159 75B72B27 EA79E33E 68C9D35C BF98B56D 9B880598 095EAB0D 0203 010001
Related Operation
Table 7-20 lists the related operation for creating a local RSA key pair. Table 7-20 Related operation for creating a local RSA key pair To Destroy the local RSA key pair Run the Command rsa local-key-pair destroy
7.7.2 Configuring the SSH User Public Key

This topic describes how to configure the SSH user public key.
Figure 7-3 shows the flowchart for configuring the SSH user public key.
Issue 02 (2008-04-25)
7-37
Figure 7-3 Flowchart for configuring the SSH user public key
Start
Enter config-rsa-public-key mode
Enter public key eidt mode
Input the user public key
Quit public key edit mode
End
Procedure
Step 1 Run the rsa peer-public-key command to enter rsa-public-key mode. Step 2 Run the public-key-code begin command to enter public key edit mode. Step 3 Input the user public key. Step 4 Run the public-key-code end command to exit public key edit mode. Step 5 Run the peer-public-key end command to exit to global config mode. Step 6 Run the display rsa peer-public-key command to query the SSH user public key. ----End
Example
To paste the conversed user public key in the current system, do as follows:
huawei(config)#rsa peer-public-key key huawei(config-rsa-public-key)#public-key-code begin huawei(config-rsa-key-code)#30450240 B9FCE18E DA769883 7680F2B7 CE35415A 9AB5E63E huawei(config-rsa-key-code)#FD00ED66 B8B5E954 2B053A82 131B967C 8DDC1176 0746A8BB huawei(config-rsa-key-code)#C30DF3F0 83F6EA5A EF97E26B 783C940F 2791710F 020125 huawei(config-rsa-key-code)#public-key-code end huawei(config-rsa-public-key)#peer-public-key end huawei(config)#display rsa peer-public-key { <cr>|brief<K>|name<K> }: Command: display rsa peer-public-key ===================================== Key name: key ===================================== Key Code: 3045 0240
7-38
Issue 02 (2008-04-25)
B9FCE18E DA769883 7680F2B7 CE35415A 9AB5E63E FD00ED66 B8B5E954 2B053A82 131B967C 8DDC1176 0746A8BB C30DF3F0 83F6EA5A EF97E26B 783C940F 2791710F 0201 25
7.7.3 Configuring an SSH User

This topic describes how to configure an SSH user.
SSH user authentication is classified as follows:
l
password: indicates the common password authentication mode. It is the default authentication type. rsa: indicates the RSA public key authentication. all: indicates the password or RSA authentication. In this authentication mode, a user can log in to the MA5600T by passing the password authentication or the RSA public key authentication. password-publickey: indicates the password and public key authentication. In this authentication mode, a user can log into the MA5600T only after passing the password authentication and the RSA public key authentication. This authentication mode applies to SSHv2.0.
l l
Procedure
Step 1 Run the ssh user assign rsa-key command to set the RSA public key of SSH user. Step 2 Run the ssh user authentication-type rsa command to set the RSA authentication mode of SSH user. Step 3 Run the display ssh user-information command to query the authentication mode of an SSH user. ----End
Example
To set the RSA public key of SSH user huawei as key, and the authentication mode as RSA, do as follows:
huawei(config)#ssh user huawei assign rsa-key key huawei(config)#ssh user huawei authentication-type rsa huawei(config)#display ssh user-information { <cr>|string<S><1,16> }: Command: display ssh user-information Username Authentication-type User-public-key-name huawei rsa key
Service-type stelnet
Related Operations
Table 7-21 lists the related operations for configuring an SSH user.
Issue 02 (2008-04-25)
7-39
Table 7-21 Related operations for configuring an SSH user To Delete the RSA public key of an SSH user Set the SSH user authentication mode Run the Command undo ssh user assign rsa-key ssh user authentication-type
7-40
Issue 02 (2008-04-25)
8 VLAN Configuration
8
About This Chapter
NOTE
VLAN Configuration
This topic describes how to configure the VLANs supported by the MA5600T.
8.1 Overview This topic describes the VLAN technology, and also the count, types and attributes of the VLANs supported by the MA5600T. 8.2 Configuration Example of a VLAN This topic provides an example for configuring a MUX VLAN to implement the ADSL2+ access service. For the configuration examples of VLANs of other types, see "8.1 Overview." 8.3 Configuration Example of a MUX VLAN This topic provides an example for configuring a MUX VLAN to implement the GPON access service. For the configuration example of VLANs of other types, see "8.1 Overview." 8.4 Creating a VLAN This topic describes how to create a VLAN or VLANs of the same type in batches. To control the communication between different ports of a device, you need to create the VLAN to logically group the ports into different subnets. 8.5 Configuring the VLAN Attribute This topic describes how to configure the VLAN attribute. You can configure the VLAN attribute to QinQ, stacking or common as required. 8.6 Setting the Inner and Outer Ethernet Protocols Type of a VLAN Stacking This topic describes how to set the inner and outer Ethernet protocol type that a stacking VLAN supports. The inner VLAN tag does not adopt the standard 802.1q protocol. Therefore, to enable the interconnection between the MA5600T and the devices of other vendors, you must configure
the inner and outer Ethernet protocol type of a stacking VLAN to be the same as the inner and outer Ethernet protocol type of the interconnected devices. 8.7 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN This topic describes how to set the inner VLAN priority of the service port in a stacking VLAN. To classify different users, you can configure the important user packets with higher priorities. In this way, these packets can be processed first. 8.8 Adding an Upstream Port to a VLAN This topic describes how to add an upstream port to a VLAN. To transmit the user packets with the VLAN tag through the upstream port, you must add the upstream port to a VLAN. 8.9 Adding a Service Port to a VLANAdding Service Port(s) to a VLAN This topic describes how to add a service port to a VLAN. This topic describes how to add service port(s) to a VLAN. The service port is used for user access. For the user connected to a user port of the MA5600T through a terminal, the service traffic of this user is borne on one service port of the user port. 8.10 Adding Service Ports in Batches This topic describes how to add service ports in batches. The MA5600T supports the function of adding multiple service ports on an ADSL2+ board, a SHDSL board, or a VDSL board to a smart VLAN. The MA5600T also supports the function of adding multiple service ports on one or more ADSL2+, SHDSL, or VDSL boards to different successive MUX VLANs at a time. 8.11 Configuring the Description of a Service Port This topic describes how to configure the description of a service port. Then the service ports are identified and classified based on the description to facilitate the management and maintenance of users or services.
8-2
Issue 02 (2008-04-25)
8.1 Overview
This topic describes the VLAN technology, and also the count, types and attributes of the VLANs supported by the MA5600T.
Service Description
Virtual local area network (VLAN) technology is a technology used to form virtual workgroups by logically grouping the devices of a LAN into different subtnets. The Institute of Electrical and Electronics Engineers (IEEE) issued draft IEEE 802.1q in 1999, aiming at standardizing VLAN implementations. For details on the VLAN feature, refer to "VLAN" in the MA5600T Feature Description.
The MA5600T supports up to 4K VLANs. The MA5600T supports the following types of VLANs:
l l l l
Standard VLAN Smart VLAN MUX VLAN Super VLAN
Table 8-1 lists the VLAN types and applications. Table 8-1 VLAN types and applications Type Standard VLAN Description
l
Application It is applied only to Ethernet ports for network management and subtending. For the configuration of the standard VLAN, see "3.4 Configuration Example of an Inband NMS."
Ethernet ports in a standard VLAN can communicate with each other. An Ethernet port in a standard VLAN is isolated from an Ethernet port in another standard VLAN.
Issue 02 (2008-04-25)
8-3
Type Smart VLAN
Description A smart VLAN can contain multiple xDSL service ports. The service streams of any two service ports in a smart VLAN are isolated. The service streams of different VLANs are also isolated from each other. A smart VLAN can serve multiple users, thus saving VLAN resources. A smart VLAN can contain multiple GPON service ports. Service streams of these ports in a smart VLAN are isolated from each other. Service streams of different VLANs are also isolated from each other. A smart VLAN can serve multiple users, thus saving VLAN resources.
Application It is applied to xDSL access, such as the Internet access service for residential users. Applied to GPON access, such as residential areas to provide access to the Internet. For the configuration of the smart VLAN, see "Configuration Example of the ADSL2+ PPPoE/ IPoE Service25.2 Configuration Example of the GPON Service." It is applied to xDSL access for the purpose of distinguishing users by VLANs. It is applied to GPON access for the purpose of distinguishing users by VLANs. For the configuration of the MUX VLAN, see "8.2 Configuration Example of a VLAN8.3 Configuration Example of a MUX VLAN." It is used for saving IP address resources, thus improving the usage efficiency of IP addresses. For the configuration of the super VLAN, see "10.2 ARP Proxy Configuration Example."
MUX VLAN
A MUX VLAN can contain only one xDSL service port. Service streams of different VLANs are isolated from each other. One-toone mapping can be set up between a MUX VLAN and an access user. In this way, a MUX VLAN can uniquely identify an access user. A MUX VLAN can contain only one GPON service port. Service streams of different VLANs are isolated from each other. One-toone mapping can be set up between a MUX VLAN and an access user. In this way, a MUX VLAN can uniquely identify an access user.
Super VLAN
A super VLAN is a layer 3 (an L3)-based VLAN. It consists of multiple sub VLANs. The sub VLANs can communicate with each other based on the ARP proxy feature. A sub VLAN can be a smart VLAN or a MUX VLAN.
The attributes of a VLAN are as follows:

l l l
Common QinQ Stacking
Table 8-2 lists the attributes of a VLAN.

Table 8-2 VLAN attributes VLAN attribute Common QinQ Application A VLAN with this attribute can be used as an L2 VLAN. You can create an L3 virtual interface for a common VLAN if necessary. When a packet contains the tag of a VLAN with the QinQ attribute, the packet contains two VLAN tags:
l l
Inner VLAN tag from the private network Outer VLAN tag allocated by the MA5600T
Through the outer VLAN tag, an L2 VPN tunnel can be set up to transparently transmit service data among private networks. For details on the QinQ VLAN, see "29 QinQ VLAN Private Line Service Configuration." Stacking When a packet contains the tag of a VLAN with the stacking attribute, the packet contains two VLAN tags allocated by the MA5600T: inner VLAN tag and outer VLAN tag. The upper layer BRAS can authenticate users based on the double VLAN tags, thus increasing the number of access users. The upper layer network working in L2 mode can forward packets based on the outer VLAN tag + MAC to provide the wholesale service function for ISPs. For details on the stacking VLAN, see "28 VLAN Stacking Wholesale Service Configuration."
8.2 Configuration Example of a VLAN

This topic provides an example for configuring a MUX VLAN to implement the ADSL2+ access service. For the configuration examples of VLANs of other types, see "8.1 Overview."
Networking
Figure 8-1 shows an example network for configuring a MUX VLAN. In this example network, the PCs are connected to the MA5600T through modems. PC1 and PC2 belong to different MUX VLANs. On the control board of the MA5600T, the packets from PC1 and PC2 are differentiated by the VLAN, and transmitted to the upper layer network.
Issue 02 (2008-04-25)
8-5
Figure 8-1 Example network for configuring a MUX VLAN

Router
A D L F
CON ETH ESC
GE 0/9/0
SCU Modem
MA5600T
Modem
PC1
PC2
Data Plan
Table 8-3 provides the data plan for configuring a MUX VLAN. Table 8-3 Data plan for configuring a MUX VLAN Item ADSL2+ board Data ADSL2+ port: 0/11/0 VPI/VCI: 0/35 VLAN ID: 20 ADSL2+ board ADSL2+ port: 0/11/1 VPI/VCI: 0/35 VLAN ID: 21 Upstream port 0/9/0
Prerequisites
l l l
The network devices and lines must be in the normal state. All the boards of the MA5600T must be in the normal state. The VPI/VCI of the modem is 0/35.
8-6
Figure 8-2 shows the flowchart for configuring a MUX VLAN. Figure 8-2 Flowchart for configuring a MUX VLAN
Start
Create MUX VLANs
Add upstream ports to the VLANs Add service ports to the VLANs
Save the data
End
Procedure
Step 1 Create MUX VLANs.
huawei(config)#vlan 20 mux huawei(config)#vlan 21 mux
Step 2 Add upstream ports to the VLANs.

huawei(config)#port vlan 20 0/9 0 huawei(config)#port vlan 21 0/9 0
Step 3 Add service ports to the VLANs. The service ports use the default traffic profile (profile 5).
huawei(config)#service-port vlan 20 adsl 0/11/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 21 adsl 0/11/1 vpi 0 vci 35 rx-cttr 5 tx-cttr 5

huawei(config)#save
----End
Result
After the configuration, both PC1 and PC2 can access the Internet, but they cannot communicate with each other.
8.3 Configuration Example of a MUX VLAN

This topic provides an example for configuring a MUX VLAN to implement the GPON access service. For the configuration example of VLANs of other types, see "8.1 Overview."
Networking
Figure 8-3 shows an example network for configuring a MUX VLAN. Figure 8-3 Example network for configuring a MUX VLAN
Router MA5600T G P B C SCU CON ETH ESC GE 0/19/0
Optical splitter ONT
Level-1 split ratio 1:2
Level-2 split ratio 1:32 PC
Data Plan
Table 8-4 provides the data plan for configuring a MUX VLAN. Table 8-4 Data plan for configuring a MUX VLAN Item MUX VLAN Upstream port GPON port DBA profile Data VLAN ID: 20 0/9/0 0/2/0 Index: 6 (the default) Type: type1 (fixed bandwidth) Fixed bandwidth: 100 Mbit/s Traffic profile Index: 5 (default profile) CIR: 2 Mbit/s
8-8
Issue 02 (2008-04-25)
Item GEM port
Data T-CONT ID: 1 GEM port ID: 128 User VLAN: 10
ONT
Port connected to the PC: FE port 0
Prerequisites
l l l
The network devices and lines must be in the normal state. All the boards of the MA5600T must be in the normal state. The ONT has been configured and the configuration data of the ONT must be consistent with that of the OLT.
Figure 8-4 shows the flowchart for configuring a MUX VLAN. Figure 8-4 Flowchart for configuring a MUX VLAN
Start
Configure a GEM port
Creat a VLAN
Bind the GEM Port with an ONT T-CONT

Map the GEM port to the service stream
Add an upstream port to the VLAN
Add an ONT
Add a service port
Bind a DBA profile
Save the data
Specify VLANs for ONT ports
End
Procedure
Step 1 Create a VLAN.
huawei(config)#vlan 20 mux
Step 2 Add an upstream port to the VLAN.

Issue 02 (2008-04-25)
8-9
Step 3 Add an ONT.

huawei(config)#interface gpon 0/2 huawei(config-if-gpon-0/2)#ont add 0 1 hwhw-11111111 password-auth huawei profileid 1
Step 4 Bind a DBA profile.

huawei(config-if-gpon-0/2)#tcont bind-profile 0 1 1 profile-id 6
Step 5 Specify VLANs for ONT ports.

huawei(config-if-gpon-0/2)#ont port vlan 0 1 fe 10 0 huawei(config-if-gpon-0/2)#ont port native-vlan 0 1 fe 0 vlan 10
Step 6 Configure a GEM port.

huawei(config-if-gpon-0/2)#gemport add 0 gemportid 128 eth
Step 7 Bind the GEM port with an ONT T-CONT.

huawei(config-if-gpon-0/2)#ont gemport bind 0 1 128 1 3
Step 8 Map the GEM port to the service stream.

huawei(config-if-gpon-0/2)#ont gemport mapping 0 1 128 vlan 10
Step 9 Add a service port.

huawei(config-if-gpon-0/2)#quit huawei(config)#service-port vlan 20 gpon 0/2/0 gemport 128 multi-service user-vlan 10 rx-cttr 5 tx-cttr 5

huawei#save
----End
Result
After the configuration, the PC can access the Internet.
8.4 Creating a VLAN

This topic describes how to create a VLAN or VLANs of the same type in batches. To control the communication between different ports of a device, you need to create the VLAN to logically group the ports into different subnets.
Prerequisite
The ID of the VLAN to be added does not exist in the system.
The MA5600T supports up to 4000 VLANs and some VLANs are reserved for the system.
NOTE
l l
By default, 15 VLANs are reserved in the system, and the VLAN ID is in the range of 4079-4093. You can run the vlan reserve command to configure the reserved VLANs in the MA5600T.
8-10
Issue 02 (2008-04-25)
Procedure
Step 1 Run the vlan command to add a VLAN. Step 2 Run the display vlan command to query the VLAN information. ----End
Examples
To add a standard VLAN with the VLAN ID of 2, do as follows:
huawei(config)#vlan 2 standard huawei(config)#display vlan 2 { <cr>|to<K> }: Command: display vlan 2 VLAN ID: 2 VLAN type: standard VLAN attribute: common Standard port number: 0 Service virtual port number: 0
To add 10 standard VLANs with VLAN IDs ranging from 1000 to 1009, do as follows:
huawei(config)#vlan 1000 to 1009 standard It will take several minutes, and console may be timeout, please use command idle-timeout to set time limit Are you sure to add VLANs? (y/n)[n]:y huawei#display vlan all { <cr>|vlantype<E><mux,standard,smart,super>|vlanattr<K> }: Command: display vlan all --------------------------------------------------------VLAN Type Attribute STND-Port NUM SERV-Port NUM --------------------------------------------------------1 MUX common 8 0 2 standard common 0 0 1000 standard common 0 0 1001 standard common 0 0 1002 standard common 0 0 1003 standard common 0 0 1004 standard common 0 0 1005 standard common 0 0 1006 standard common 0 0 1007 standard common 0 0 1008 standard common 0 0 1009 standard common 0 0 --------------------------------------------------------Total: 12 Note : STND-Port--standard port, SERV-Port--service virtual port
Related Operations
Table 8-5 lists the related operations for creating a VLAN.
Issue 02 (2008-04-25)
8-11
Table 8-5 Related operations for creating a VLAN To Delete a VLAN Run the Command undo vlan Remarks To delete a VLAN, ensure the following:
l
There is no upstream port, L3 interface, or service port in the VLAN. There is no sub VLAN in the VLAN if the VLAN is a super VLAN. The VLAN is not the default VLAN (VLAN 1)
Display the number of VLANs Display VLAN traffic statistics Configure the start number of the reserved VLANs
display vlan number display statistics vlan vlan reserve
The traffic statistics of the service ports in a VLAN are collected. -
8.5 Configuring the VLAN Attribute

This topic describes how to configure the VLAN attribute. You can configure the VLAN attribute to QinQ, stacking or common as required.
Prerequisite
The VLAN with its attribute to be configured is already added by running the vlan command.
l l
The attribute of the default VLAN (VLAN 1) cannot be configured to QinQ or stacking. When the attribute of a smart VLAN or a MUX VLAN is common, you can configure the attribute of the VLAN to QinQ or stacking. The attribute of a super VLAN or a standard VLAN cannot be configured to QinQ or stacking. The attribute of a VLAN cannot be changed from QinQ to stacking or from stacking to QinQ directly.
Procedure
Step 1 Run the vlan attrib command to configure the VLAN attribute. Step 2 Run the display vlan command to display the VLAN attribute. ----End
Example
To configure the attribute of smart VLAN 10 to QinQ, do as follows:
huawei(config)#vlan attrib 10 q-in-q huawei(config)#display vlan 10 { <cr>|to<K> }: Command: display vlan 10 VLAN ID: 10 VLAN type: smart VLAN type: smart VLAN attribute: QinQ VLAN description: -----------------------------F/S /P Native VLAN State -----------------------------0/9/0 2 down -----------------------------Standard port number: 1 Service virtual port number: 0
Related Operation
Table 8-6 lists the related operation for configuring the VLAN attribute. Table 8-6 Related operation for configuring the VLAN attribute To... Restore the VLAN attribute Run the Command undo vlan attrib Remarks By default, the VLAN attribute is common.
8.6 Setting the Inner and Outer Ethernet Protocols Type of a VLAN Stacking
This topic describes how to set the inner and outer Ethernet protocol type that a stacking VLAN supports. The inner VLAN tag does not adopt the standard 802.1q protocol. Therefore, to enable the interconnection between the MA5600T and the devices of other vendors, you must configure the inner and outer Ethernet protocol type of a stacking VLAN to be the same as the inner and outer Ethernet protocol type of the interconnected devices.
l
By default, the inner and outer Ethernet protocol type of a stacking VLAN is 0x8100. That is, the Ethernet frame has an 802.1q VLAN Tag. The protocol type to be set cannot be set as a value for other protocols, such as 0x0800 (IP packets) or 0x0806 (ARP packets).
Issue 02 (2008-04-25)
8-13
Procedure
Step 1 Run the stacking inner-ethertype command to set the inner Ethernet protocol type of a stacking VLAN, and run the stacking outer-ethertype command to set the outer Ethernet protocol type of a stacking VLAN. Step 2 Run the display stacking inner-ethertype command to display the inner Ethernet protocol type of a stacking VLAN, and run the display stacking outer-ethertype command to display the outer Ethernet protocol type of a stacking VLAN. ----End
Examples
To set the inner Ethernet protocol type that the stacking VLAN supports as 0x8100, do as follows:
huawei(config)#stacking inner-ethertype 0x8100 huawei(config)#display stacking inner-ethertype The inner Ethernet type in the system: 0x8100
8.7 Setting the Inner VLAN Priority of the Service Port in a Stacking VLAN
This topic describes how to set the inner VLAN priority of the service port in a stacking VLAN. To classify different users, you can configure the important user packets with higher priorities. In this way, these packets can be processed first.
The larger the value of the priority, the higher the priority.
Procedure
Run the stacking inner-priority command to set the inner VLAN priority of the service port. ----End
Example
To set GEM port ID as 128, and the inner priority of service port in user-side VLAN 10 to 5, do as follows:
huawei(config)#stacking inner-priority 0/2/0 gemport 128 user-vlan 10 5
To set the inner VLAN priority of the service port in stacking VLAN 4000 to 5, do as follows:
huawei(config)#stacking inner-priority vlan 4000 5
8.8 Adding an Upstream Port to a VLAN

This topic describes how to add an upstream port to a VLAN. To transmit the user packets with the VLAN tag through the upstream port, you must add the upstream port to a VLAN.
Prerequisite
The VLAN to which an upstream port is to be added already exists.
The upstream port of a VLAN must be an Ethernet port.
Procedure
Step 1 Run the port vlan command to add an upstream port. Step 2 Run the display vlan command to query the VLAN information. ----End
Example
To add upstream port 0/9/0 to VLAN 10, do as follows:
huawei(config)#port vlan 10 0/9 0 huawei(config)#display vlan 10 {<cr>|to<K>}: Command: display vlan 10 VLAN ID: 10 VLAN type: MUX VLAN attribute: common -----------------------------F/S /P Native VLAN State -----------------------------0/9/0 1 up -----------------------------Standard port number: 1 Service virtual port number: 0
Related Operation
Table 8-7 lists the related operation for adding an upstream port to a VLAN. Table 8-7 Related operation for adding an upstream port to a VLAN To Delete the upstream port in a VLAN Run the Command undo port vlan
8.9 Adding a Service Port to a VLANAdding Service Port(s) to a VLAN

This topic describes how to add a service port to a VLAN. This topic describes how to add service port(s) to a VLAN. The service port is used for user access. For the user connected to a user port of the MA5600T through a terminal, the service traffic of this user is borne on one service port of the user port.
Prerequisites
l
The VLAN to which the service port is to be added is already added by running the vlan command. A suitable traffic profile already exists.
l l
An xDSL port supports up to eight service ports. In the smart VLAN application, a user port supports multiple service ports, and the VPIs/ VCIs of the service ports are different. If the VPI/VCI of the service port is auto-sensing, only one service port can be created on a port. One GEM port supports up to eight service ports. The priorities of the upstream and downstream traffic entries must be consistent when you configure the upstream and downstream traffic of a service port. When the service port needs to carry multiple services, the MA5600T supports the traffic classification. The traffic can be classified by user VLAN, service encapsulation mode on the user side, and the priority of packets on the user side. When the traffic is classified by user VLAN, the untagged packets (data packet without VLAN tag) can be classified.
l l
Procedure
Step 1 Run the service-port vlan command to add a service port. Step 2 Run the display service-port vlan command to query the service port. ----End
Example
To add service port 0/2/0 whose GEM port ID is 128 and user-side VLAN is 10 to VLAN 30, do as follows:
huawei(config)#service-port vlan 30 gpon 0/2/0 gemport 128 multi-service user-vlan 10 rx-cttr 5 tx-cttr 5 huawei(config)#display service-port port 0/2/0 { gemport<K>|ont<K>|<cr>|sort-by<K>|autosense<K> }: Command: display service-port port 0/2/0 ------------------------------------------------------------------------INDEX VLAN VLAN PORT F/ S/ P VPI VCI FLOW FLOW RX TX STATE ID ATTR TYPE TYPE PARA ------------------------------------------------------------------------1 30 common gpon 0/2 /0 128 5 5 up ------------------------------------------------------------------------Total : 1 (Up/Down : 1/0) Note : F--Frame, S--Slot, P--Port, VPI indicates GEM PortID for GPON v/e--vlan/encap pri-tag--priority-tagged, ppp--pppoe, ip-ipoe
Related Operations
Table 8-8 lists the related operations for adding a service port to a VLAN.
Table 8-8 Related operations for adding a service port to a VLAN To Delete a service port Run the Command undo service-port Remarks The service port cannot be deleted in the following cases:
l
The port is encapsulated in PPPoA, IPoA or Auto mode. The port serves for BTV users. The port is bound with an IP address or a MAC address. The port is configured with a static MAC address.
l l
Display VLAN information Set description information on the service port Display description information on the service port
display vlan service-port desc
display service-port desc
8.10 Adding Service Ports in Batches

This topic describes how to add service ports in batches. The MA5600T supports the function of adding multiple service ports on an ADSL2+ board, a SHDSL board, or a VDSL board to a smart VLAN. The MA5600T also supports the function of adding multiple service ports on one or more ADSL2+, SHDSL, or VDSL boards to different successive MUX VLANs at a time.
l l
The VPI/VCI of the service port must be the same as that of the xDSL modem connected to the port. The smart VLAN supports multiple service ports on the same port, and the VPIs/VCIs of the service ports are different. If the VPI/VCI of a service port is auto-sensing, only one service port can be created on a port. An xDSL port supports up to eight service ports. The VLAN(s) to which the service ports are to be added already exist. The suitable traffic profile already exists.
l l l
Procedure
Step 1 Run the multi-service-port vlan or multi-service-port from-vlan command to add service ports. Step 2 Run the display service-port vlan command to query service ports. ----End
Examples
To add service ports 0/11/00/11/4 to smart VLAN 10, do as follows: To add all ADSL2+, SHDSL, or VDSL ports to MUX VLANs (to add port 1 to VLAN 2, port 2 to VLAN 3, and so on), do as follows:
huawei(config)#multi-service-port from-vlan 2 board 1-18 vpi 0 vci 35 rx-cttr 5 txcttr 5
NOTE
If certain ports fail to be added, it indicates that these ports have been added to the corresponding VLANs as service ports.
Related Operations
Table 8-9 lists the related operations for adding service ports in batches. Table 8-9 Related operations for adding service ports in batches To Delete a service port Run the Command... undo service-port Remarks A service port cannot be deleted in the following cases:
l
The port is encapsulated in PPPoA, IPoA or Auto mode. The port serves for a BTV user. The port is bound with an IP address or MAC address. The port is configured with a static MAC address.
l l
By selecting the command parameters, you can delete a specified service port or all service ports according to the board, port or VLAN. Display VLAN traffic statistics display statistics vlan -
8.11 Configuring the Description of a Service Port

This topic describes how to configure the description of a service port. Then the service ports are identified and classified based on the description to facilitate the management and maintenance of users or services.
Procedure
Step 1 Run the service-port desc command to configure the description of a service port. Step 2 Run the display service-port desc command to query the description of the service port. ----End
Example
To configure the description of service port 0/11/0 with VPI/VCI of 0/35, do as follows:
huawei(config)#service-port desc 0/11/0 vpi 0 vci 35 description user0/11/0 huawei(config)#display service-port desc 0/11/0 {<cr>|autosense<K>|vpi<K>|user-vlan<K>|user-encap<K>}: Command: display service-port desc 0/11/0 -----------------------------------------------------------------------------PORT : adl F/S/P : 0/11/0 VPI : 0 VCI : 35 FLOWTYPE : FLOWPARA : DESCRIPTION : user0/11/0 ------------------------------------------------------------------------------
To configure the description of service port 0/11/0 with the GEM port of 128 and the user-side VLAN of 10 to identify the user location, do as follows:
huawei(config)#service-port desc 0/11/0 gemport 128 user-vlan 10 description { description<S><1,63> }:F4-6-01 Command: service-port desc 0/11/0 gemport 128 user-vlan 10 description F4-6-01 huawei(config)#display service-port desc 0/11/0 gemport 128 user-vlan 10 -----------------------------------------------------------------------------Index : 6 Port : gpon F/S/P : 0/11/0 VPI : 128 VCI : Flow type : vlan Flow para : 10 Description : F4-6-01 ------------------------------------------------------------------------------
Related Operation
Table 8-10 lists the related operation for configuring the description of a service port. Table 8-10 Related operation for configuring the description of a service port To Delete the description of a service port Run the Command undo service-port desc
Issue 02 (2008-04-25)
8-19
9 DHCP Relay Configuration
9
About This Chapter
NOTE
DHCP Relay Configuration
This topic describes the DHCP relay principles, configuration examples, and related configuration operations on the MA5600T.
9.1 Overview This topic describes the DHCP relay function and its application on the MA5600T. 9.2 Configuration Example of DHCP Standard Mode This topic provides an example for configuring DHCP standard mode to obtain the IP address automatically. 9.3 Configuration Example of DHCP Option60 Mode This topic provides an example for enabling PCs to obtain IP addresses automatically in DHCP option60 mode. 9.4 Configuration Example of DHCP MAC Address Segment Mode This topic provides an example for enabling the PC to obtain the IP address automatically in DHCP MAC address segment mode. 9.5 Enabling the DHCP Proxy Function This topic describes how to enable the DHCP proxy function, including the server ID agent and lease-time agent functions. 9.6 Creating a DHCP Server Group This topic describes how to create a DHCP server group to provide DHCP service for the DHCP clients in the network. 9.7 Setting the Working Mode of a DHCP Server
This topic describes how to set the working mode of a DHCP server. That is to configure the working mode of the DHCP server for sending DHCP packets, including load-sharing mode and backup mode. 9.8 Setting the DHCP Relay Mode This topic describes how to set the DHCP relay mode, including the switching between the DHCP L2 forwarding and L3 forwarding, and the DHCP server selection mode when the L3 DHCP relay is adopted. If the device functions as the L2 device, the DHCP packets are forwarded at L2. 9.9 Binding a DHCP Server Group with a VLAN Interface This topic describes how to bind a DHCP server group with a VLAN interface so that the received DHCP packets on the specified VLAN interface are all forwarded to the bound DHCP server group. 9.10 Creating an Option60 Domain This topic describes how to create an option60 domain. When the device is enabled with the DHCP relay function and the forwarding mode is option60, the DHCP option60 domain needs to be created. 9.11 Binding a DHCP Server Group with a DHCP Option60 Domain This topic describes how to bind a DHCP server group with a DHCP Option60 domain. When the device is enabled with the DHCP relay function and the DHCP server selection mode is Option60, the DHCP Option60 domain needs to be bound with a DHCP server group. 9.12 Configuring the Gateway of a DHCP Option60 Domain This topic describes how to configure the gateway of a DHCP option60 domain. When the device is enabled with the DHCP relay function and the forwarding mode is Option60, the DHCP option60 domain needs to be configured with a gateway. 9.13 Creating a DHCP MAC Address Segment This topic describes how to create a DHCP MAC address segment. When the device is enabled with the DHCP relay function and the forwarding mode is MAC address segment, a MAC address segment needs to be created. 9.14 Setting the Range of a DHCP MAC Address Segment This topic describes how to set the range of a DHCP MAC address segment. When the device is enabled with the DHCP relay function and the forwarding mode is MAC address segment, the range of a DHCP MAC address segment needs to be configured. 9.15 Binding a DHCP Server Group with a DHCP MAC Address Segment This topic describes how to bind a DHCP server group with a DHCP MAC address segment. When the device is enabled with the DHCP relay function and the DCHP server selection mode is MAC address segment, a DHCP server group needs to be bound with a DHCP MAC address segment. 9.16 Configuring the Gateway of a DHCP MAC Address Segment This topic describes how to configure the gateway of a DHCP MAC address segment. When the device is enabled with the DHCP relay function and the forwarding mode is MAC address segment, a DHCP MAC address segment needs to be configured with the gateway. 9.17 Setting the DHCP Proxy Lease-Time This topic describes how to set the DHCP proxy lease-time. After the setting, the shorter leasetime between the lease-time allocated by the DHCP server and the lease-time allocated by the MA5600T is used as the lease-time for a user. 9.18 Kicking Off a DHCP User
This topic describes how to kick off a DHCP user when you find that the user is invalid, or is offline already though the MA5600T detects that the user is still online. This operation helps to release the resources occupied by the user.
Issue 02 (2008-04-25)
9-3
9.1 Overview
This topic describes the DHCP relay function and its application on the MA5600T.
Service Description
The Dynamic Host Configuration Protocol (DHCP) works in the server/client mode. The DHCP client can dynamically request configuration data and the DHCP server can provide the data for the client conveniently. Initially, the DHCP was only suitable for applications where the DHCP client and server were located on the same subnet and could not work across network segments. If the early DHCP is used to dynamically configure the host, each subnet should be equipped with a DHCP server. That is obviously uneconomical. The introduction of DHCP relay solves the mentioned problem. The DHCP relay functions as relay between the DHCP client and the server located on different subnets. The DHCP packets can be relayed to the destination DHCP server (or client) across network segments. In this way, the DHCP clients on different networks can use the same DHCP server. This is economical and convenient for centralized management. Figure 9-1 shows the principle of DHCP relay. Figure 9-1 MA5600T DHCP relay
LAN DHCP client DHCP server
DHCP client
LAN switch
MA5600T
DHCP client
DHCP server
For details on DHCP, refer to "DHCP Relay" in the MA5600T Feature Description.
The MA5600T guarantees DHCP security as it supports L2 and L3 DHCP relay, and DHCP Option82.
NOTE
For the configuration of the DHCP Option82, see "22.5 Enabling the DHCP Option82 Function" and "22.6 Setting the Maximum Length of DHCP Packets."
The MA5600T supports the following DHCP relay working modes:

l l l
Standard mode Option60 mode MAC address segment mode

9-4
9.2 Configuration Example of DHCP Standard Mode

This topic provides an example for configuring DHCP standard mode to obtain the IP address automatically.
Prerequisite
The primary IP address of the L3 interface of VLAN 2 and VLAN 3 should be in the same subnet as that of the upper layer router. There should be routing between the device and the DHCP server.
Networking
Figure 9-2 shows an example network for configuring DHCP standard mode. The MA5600T functions as a DHCP relay to obtain IP addresses from the DHCP servers on the network side for the PCs (DHCP clients) in VLAN 2 and VLAN 3. The MA5600T is configured with two DHCP server groups.
l
The two PCs in VALN 2 obtain IP addresses from DHCP server group 1 through the DHCP standard mode. The two PCs in VLAN 3 obtain IP addresses from DHCP server group 2 through the DHCP standard mode.
Figure 9-2 Example network for configuring DHCP standard mode

10.1.1.1/24 VLAN 2 DHCP server group 1 10.1.1.2/24 10.2.1.1/24 MA5600T VLAN 3 DHCP server group 2 10.2.1.2/24
Data Plan
Table 9-1 provides the data plan for configuring DHCP standard mode. Table 9-1 Data plan for configuring DHCP standard mode Item DHCP server group 1 Data Primary IP address: 10.1.1.1/24 Secondary IP address: 10.1.1.2/24
Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd
Remarks 9-5
Item DHCP server group 2
Data Primary IP address: 10.2.1.1/24 Secondary IP address: 10.2.1.2/24
Remarks VLAN 2 binds with DHCP server group 1. VLAN 3 binds with DHCP server group 2. -
VLAN 2 VLAN 3 Upstream port Service ports Service port
Layer 3 IP address: 2.2.2.1/24 Layer 3 IP address: 3.3.3.1/24 0/9/0 0/11/0, 0/11/1 0/2/0
NOTE
l l
The configuration on VLAN 3 is the same as that on VLAN 2. This example only shows how to configure PCs of VLAN 2 to obtain IP addresses.
Figure 9-3 shows the flowchart for configuring DHCP standard mode.
9-6
Issue 02 (2008-04-25)
Figure 9-3 Flowchart for configuring DHCP standard mode

Start
Select the DHCP relay mode
Create a DHCP server group
Set the working mode of the DHCP server group (optional) Configure the VLAN upstream port and the service port Configure the IP address of the layer 3 interface Bind the interface with the DHCP server group
Save the data
End
Procedure
Step 1 Select the DHCP relay mode.
huawei(config)#dhcp mode layer-3 standard
Step 2 Create a DHCP server group.

huawei(config)#dhcp-server 1 ip 10.1.1.1 10.1.1.2
Step 3 Set the working mode of the DHCP server group. The default load-sharing mode is applied and no separate configuration is needed.
NOTE
For details on setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP Server."
Step 4 Configure the VLAN upstream port and the service port.
huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 vlan 2 huawei(config-if-scu-0/9)#quit huawei(config)#service-port vlan 2 gpon 0/2/0 gemport 128 multi-service user-vlan 10 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 2 gpon 0/2/0 gemport 129 multi-service user-vlan 11 rx-cttr 5 tx-cttr 5
Issue 02 (2008-04-25)
9-7
huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 vlan 2 huawei(config-if-scu-0/9)#quit huawei(config)#service-port vlan 2 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6 huawei(config)#service-port vlan 2 adsl 0/11/1 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 5 Configure the IP address of the L3 interface.

huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 2.2.2.1 24
Step 6 Bind the interface with the DHCP server group.

huawei(config-if-vlanif2)#dhcp-server 1

huawei(config-if-vlanif2)#quit huawei(config)#save
----End
Result
The PCs can obtain IP addresses dynamically, and can access the Internet.
9.3 Configuration Example of DHCP Option60 Mode

This topic provides an example for enabling PCs to obtain IP addresses automatically in DHCP option60 mode.
Prerequisite
The primary IP address of the L3 of VLAN 2 should be in the same subnet as that of the upper layer router. There should be routing between the device and the DHCP server.
In multi-service provisioning on MA5600T, the services such as the video multicasting and IP phone services are provided by different service providers. These providers may use different DHCP servers or different relay IP addresses of the same DHCP server for allocating IP addresses for users. Hence, the DHCP option60 mode must be configured for the users to apply for the IP address from the DHCP server
NOTE
Option60 is one of the options of the DHCP packets, and it can identify the terminal type.
Networking
Figure 9-4 shows an example network for configuring DHCP option60 mode. Figure 9-4 Example network for configuring DHCP option60 mode
10.10.10.10/24 VLAN 2 MA5600T DHCP server group 10.10.10.11/24
9-8
Issue 02 (2008-04-25)
Data Plan
Table 9-2 provides the data plan for configuring DHCP option60 mode. Table 9-2 Data plan for configuring DHCP option60 mode Item DHCP server group 2 Data Primary IP address: 10.10.10.10/24 Secondary IP address: 10.10.10.11/24 VLAN 2 Upstream port Service port Layer 3 interface IP address: 10.1.2.1/24 0/9/0 0/11/0 0/11/0 Domain Domain: msft DHCP server group: DHCP server group Gateway IP address: 10.1.2.1/24 (the same as the IP address of the L3 interface)
l
The name of option60 domain must be configured according to the type of connected terminal device. If Windows 98/2000/XP/NT series runs on the DHCP client, the domain name must be msft. The system selects the domain based on option60 field in the packet by the longest-match rules. If there is no appropriate domain matched, the default domain is used.
Figure 9-5 shows the flowchart for configuring DHCP option60 mode.
Issue 02 (2008-04-25)
9-9
Figure 9-5 Flowchart for configuring DHCP option60 mode

Start
Create a DHCP server group Set the working mode of the DHCP server group(optional)
Define an option60 domain
Bind the domain with the DHCP server group Configure the VLAN upstream port and the service port Configure the IP address of VLAN layer 3 interface
Configure the domain gateway
Save the data
End
Procedure
huawei(config)#dhcp mode layer-3 option60

NOTE
For details on setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP Server."
Step 4 Define an option60 domain.

huawei(config)#dhcp domain msft
9-10
Issue 02 (2008-04-25)
Step 5 Bind the domain with the DHCP server group.

huawei(config-dhcp-domain-msft)#dhcp-server 2
Step 6 Configure the VLAN upstream port and the service port.
huawei(config-dhcp-domain-msft)#quit huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 huawei(config-if-scu-0/9)#quit huawei(config)#service-port vlan 2 gpon 10 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 2 gpon 11 rx-cttr 5 tx-cttr 5 huawei(config-dhcp-domain-msft)#quit huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 huawei(config-if-scu-0/9)#quit huawei(config)#service-port vlan 2 adsl
vlan 2 0/2/0 gemport 128 multi-service user-vlan 0/2/0 gemport 129 multi-service user-vlan
vlan 2 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 7 Configure the IP address of VLAN L3 interface.

Step 8 Configure the domain gateway.

huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1

----End
Result
The PCs can obtain IP addresses dynamically, and can access the Internet.
9.4 Configuration Example of DHCP MAC Address Segment Mode

This topic provides an example for enabling the PC to obtain the IP address automatically in DHCP MAC address segment mode.
Prerequisite
The primary IP address of the L3 interface of VLAN 2 should be in the same subnet as that of the upper layer router. There should be routing between the device and the DHCP server.
Networking
Figure 9-6 shows an example network for configuring MAC address segment mode.
Issue 02 (2008-04-25)
9-11
Figure 9-6 Example network for configuring MAC address segment mode
10.10.10.10/24 VLAN 2 MA5600T DHCP server group 10.10.10.11/24
Data Plan
Table 9-3 provides the data plan for configuring MAC address segment mode. Table 9-3 Data plan for configuring MAC address segment mode Function DHCP server group 2 VLAN 2 Upstream port Service port Data Primary IP address: 10.10.10.10/24 Secondary IP address: 10.10.10.11/24 Layer 3 interface IP address: 10.1.2.1/24 0/9/0 0/11/0 0/2/0 MAC address segment MAC address segment name: huawei Start range: 0000-0000-0001 End range: 0000-0000-0100 Gateway IP address: 10.1.2.1 The gateway IP address is the same as the IP address of the L3 interface. Remarks -
DHCP server group: DHCP server group PC MAC address: 0000-0000-0010
Figure 9-7 shows the flowchart for configuring MAC address segment mode.
9-12
Issue 02 (2008-04-25)
Figure 9-7 Flowchart for configuring MAC address segment mode

Start
Create a DHCP server group
Set working mode of the DHCP server group (optional)
Define the MAC address segment
Bind the MAC address segment with the DHCP server group
Configure the upstream port and the service port to the VLAN Configure the IP address of the VLAN layer 3 interface Configure the gateway address of the MAC address segment
Save the data
End
Procedure
huawei(config)#dhcp mode layer-3 mac-range

NOTE
For details of setting working mode of the DHCP server group, see "9.7 Setting the Working Mode of a DHCP Server."
Issue 02 (2008-04-25)
9-13
Step 4 Define the MAC address segment.

huawei(config)#dhcp mac-range huawei huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
Step 5 Bind the MAC address segment with the DCHP server group.
huawei(config-mac-range-huawei)#dhcp-server 2
Step 6 Configure the upstream port and the service port to the VLAN.
huawei(config-mac-range-huawei)#quit huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 huawei(config-if-scu-0/9)#quit huawei(config)#service-port vlan 2 gpon 10 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 2 gpon 11 rx-cttr 5 tx-cttr 5 huawei(config-mac-range-huawei)#quit huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 huawei(config-if-scu-0/9)#quit huawei(config)#service-port vlan 2 adsl
vlan 2 0/2/0 gemport 128 multi-service user-vlan 0/2/0 gemport 129 multi-service user-vlan
vlan 2 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 7 Configure the IP address of the VLAN L3 interface.

Step 8 Configure the gateway address of the MAC address segment.

huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1

----End
Result
The PCs can obtain IP addresses dynamically.
9.5 Enabling the DHCP Proxy Function

This topic describes how to enable the DHCP proxy function, including the server ID agent and lease-time agent functions.
Context
After the DHCP proxy function is enabled, the server ID agent and lease-time agent functions are enabled.
l
Server ID agent: indicates that the MA5600T functioning as the DHCP proxy replaces the server ID in the DHCP packets. In this way, the DHCP client considers that the MA5600T is the DHCP server in the DHCP system. By replacing the server ID of the DHCP packets, the MA5600T prevents the users from locating the actual DHCP server, thus protecting the DHCP server from network attacks. Lease-time agent: indicates that the lease-time allocated by the DHCP server to a DHCP client is replaced with a shorter lease-time, and then allocated to the client. A shorter leaseHuawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd Issue 02 (2008-04-25)
9-14
time is used to quickly detect whether a user gets offline. For details on the lease-time agent configuration, see "9.17 Setting the DHCP Proxy Lease-Time."
Procedure
Step 1 Run the dhcp proxy command to enable the DHCP proxy function. Step 2 Run the display dhcp config command to query the current DHCP configuration. ----End
Example
To enable the DHCP proxy function, do as follows:
huawei(config)#dhcp proxy enable huawei(config)#display dhcp config { <cr>|vlan<K> }: Command: display dhcp config DHCP relay mode : layer-3 DHCP proxy state : enable DHCP proxy lease-time : not configured
Related Operation
Table 9-4 lists the related operation for enabling the DHCP proxy function. Table 9-4 Related operation for enabling the DHCP proxy function To... Disable the DHCP proxy function Run the Command... dhcp proxy disable
9.6 Creating a DHCP Server Group

This topic describes how to create a DHCP server group to provide DHCP service for the DHCP clients in the network.
l
To improve the reliability of a network, you can specify a primary DHCP server and a secondary one in a server group to form a DHCP server group. Up to 20 DHCP server groups (019) can be configured in the system. The primary server or the secondary server is identified by its IP address. The secondary server cannot be added independently. Instead, it has to be added together with the primary server.
l l
Procedure
Step 1 Run the dhcp-server command to create a DHCP server group.
Step 2 Run the display dhcp-server command to query the information on the DHCP server group. ----End
Example
To add the primary and secondary DHCP servers with IP addresses of 10.1.1.1 and 10.1.1.2 respectively to DHCP server group 1, do as follows:
huawei(config)#dhcp-server 1 ip 10.1.1.1 10.1.1.2 huawei(config)#display dhcp-server 1 The primary IP address of DHCP server group 1: 10.1.1.1 The secondary IP address of DHCP server group 1: 10.1.1.2 Messages from this server group: 0 Messages to this server group: 0 Messages from clients to this server group: 0 Messages from this server group to clients: 0 DHCP OFFER messages: 0 DHCP ACK messages: 0 DHCP NAK messages: 0 DHCP DECLINE messages: 0 DHCP DISCOVER messages: 0 DHCP REQUEST messages: 0 DHCP INFORM messages: 0 DHCP RELEASE messages: 0
Related Operation
Table 9-5 lists the related operation for creating a DHCP server group. Table 9-5 Related operation for creating a DHCP server group To... Delete a DHCP server group Run the Command... undo dhcp-server
9.7 Setting the Working Mode of a DHCP Server

This topic describes how to set the working mode of a DHCP server. That is to configure the working mode of the DHCP server for sending DHCP packets, including load-sharing mode and backup mode.
The MA5600T supports two DHCP server working modes:
l
load-sharing: In this mode, the MA5600T sends DHCP messages to both the active and standby DHCP servers. By default, the system is in load-sharing mode. backup: In this mode, the MA5600T sends DHCP messages to the DHCP server that is running at the current time. The system firstly takes the active DHCP server as the running DHCP server at the current time. When the DHCP server does not reply OFFER message to the MA5600T within a specified period, the system switches the standby DHCP server to the running DHCP server at the current time. This mode can reduce the message load in the network.
9-16
Procedure
Step 1 Run the dhcp server mode command to set the working mode of a DHCP server. Step 2 Run the display dhcp server config command to query the working mode of the DHCP server. ----End
Example
To set the DHCP server to backup mode, the maximum response time to DISCOVER message to 50s and the maximum timeout times for responding to DISCOVER message to 100, do as follows:
huawei(config)#dhcp server mode backup 50 100 huawei(config)#display dhcp server config DHCP server mode: backup DHCP server reply max time: 50 second DHCP server reply timeout max times: 100
Related Operations
Table 9-6 lists the related operations for setting the working mode of a DHCP server. Table 9-6 Related operations for setting the working mode of a DHCP server To... Create a DHCP server Query information on a DHCP server Run the Command... dhcp-server display dhcp-server
9.8 Setting the DHCP Relay Mode

This topic describes how to set the DHCP relay mode, including the switching between the DHCP L2 forwarding and L3 forwarding, and the DHCP server selection mode when the L3 DHCP relay is adopted. If the device functions as the L2 device, the DHCP packets are forwarded at L2.
The MA5600T supports the L2 and the L3 DHCP relay. For the L3 DHCP relay, the DHCP server selection modes involve the following:
l
DHCP standard mode: Select the DHCP server according to the IP address of the VLAN L3 interface for forwarding DHCP packets. DHCP option60 mode: Select the DHCP server according to the DHCP option60 domain. Option60 is one of the options of the DHCP packets, and it can identify the terminal type. DHCP Option60 mode selects the DHCP server according to the different terminal type. DHCP MAC address segment mode: Select the DHCP server group according to the source MAC address segment of DHCP packets.
Issue 02 (2008-04-25)
Procedure
Step 1 Run the dhcp mode command to set the DHCP relay mode. Step 2 Run the display dhcp config command to query the DHCP relay mode. ----End
Examples
To set the DHCP relay mode as layer-2, do as follows:
huawei(config)#dhcp mode layer-2 huawei(config)#display dhcp config DHCP relay mode: layer-2
To set the DHCP relay mode as layer-3 and the DHCP server selection mode as option60, do as follows:
huawei(config)#dhcp mode layer-3 option60 huawei(config)#display dhcp config DHCP relay mode: layer-3 DHCP server select mode: option60
9.9 Binding a DHCP Server Group with a VLAN Interface

This topic describes how to bind a DHCP server group with a VLAN interface so that the received DHCP packets on the specified VLAN interface are all forwarded to the bound DHCP server group.
Prerequisite
The DHCP server group has been created by running the dhcp-server command.
l
A VLAN L3 interface can be bound with only one DHCP server group. Therefore, all DHCP packets to be sent upstream through the VLAN L3 interface should be forwarded to the DHCP server group bound with the VLAN interface. If an L3 interface has been bound with a DHCP server group, the new setting overwrites the old one. By default, a VLAN interface is not bound with any DHCP server.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode. Step 2 Run the dhcp-server command to bind a DHCP server group. Step 3 Run the display dhcp-server interface vlanif command to query the DHCP server group that is bound with VLAN interface. ----End
Example
To bind DHCP server group 1 to VLAN interface 2, do as follows:

huawei(config)#interface vlanif 2 huawei(config-if-Vlanif2)#dhcp-server 1 huawei(config)#display dhcp-server interface vlanif 2 The DHCP server group of this interface is 1
Related Operations
Table 9-7 lists the related operations for binding a DHCP server group with a VLAN interface. Table 9-7 Related operations for binding a DHCP server group with a VLAN interface To... Unbind a VLAN interface from a DHCP server Show the settings of DHCP relay Run the Command... undo dhcp-server display dhcp config Remarks In VLAN interface mode. -
9.10 Creating an Option60 Domain

This topic describes how to create an option60 domain. When the device is enabled with the DHCP relay function and the forwarding mode is option60, the DHCP option60 domain needs to be created.
l l
The system supports up to 128 DHCP option60 domains. If the domain exists, enter domain mode directly. By default, the system has a DHCP option60 domain named default.
Procedure
Step 1 Run the dhcp domain command to create a domain. Step 2 Run the quit command to exit domain mode. Step 3 Run the display dhcp domain command to query the option60 domain. ----End
Example
To create domain msft, do as follows:
huawei(config)#dhcp domain msft huawei(config-dhcp-domain-msft)#quit huawei(config)#display dhcp domain { <cr>|string<s><1,32> }: Command: display dhcp domain -------------------------------------------------------------------Index Name Server VLANIF Gateway -group -------------------------------------------------------------------0 default none none none
Issue 02 (2008-04-25)
9-19
1 msft none none none -------------------------------------------------------------------Total: 2
Related Operation
Table 9-8 lists the related operation for creating a DHCP option60 domain. Table 9-8 Related operation for creating a DHCP option60 domain To... Delete a DHCP option60 domain Run the Command... undo dhcp domain Remarks The domain named default cannot be deleted.
9.11 Binding a DHCP Server Group with a DHCP Option60 Domain

This topic describes how to bind a DHCP server group with a DHCP Option60 domain. When the device is enabled with the DHCP relay function and the DHCP server selection mode is Option60, the DHCP Option60 domain needs to be bound with a DHCP server group.
Only one DHCP server group can be bound to a DHCP domain.
Procedure
Step 1 Run the dhcp domain command to enter domain mode. Step 2 Run the dhcp-server command to bind a DHCP server group. Step 3 Run the display dhcp domain command to query the DHCP server group. ----End
Examples
To bind DHCP server group 1 to DHCP domain msft, do as follows:
huawei(config)#dhcp domain msft huawei(config-dhcp-domain-msft)#dhcp-server 1 huawei(config-dhcp-domain-msft)#quit huawei(config)#display dhcp domain msft -------------------------------------------------------------------Index Name Server VLANIF Gateway -group -------------------------------------------------------------------1 msft 1 none none --------------------------------------------------------------------
Related Operations
Table 9-9 lists the related operations for binding a DHCP server group with a DHCP option60 domain.
Table 9-9 Related operations for binding a DHCP server group with a DHCP option60 domain To Delete a DHCP domain Unbind the DHCP server group from a DHCP domain Run the Command undo dhcp domain undo dhcp-server Remarks In option60 domain mode.
9.12 Configuring the Gateway of a DHCP Option60 Domain

This topic describes how to configure the gateway of a DHCP option60 domain. When the device is enabled with the DHCP relay function and the forwarding mode is Option60, the DHCP option60 domain needs to be configured with a gateway.
l l
A DHCP domain can be configured with only one gateway address. By default, the gateway address of a domain is the IP address of the VLAN L3 interface.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode. Step 2 Run the dhcp domain gateway command to set the gateway address. Step 3 Run the quit command to exit VLAN interface mode. Step 4 Run the display dhcp domain command to query the DHCP server group. ----End
Example
To set the gateway address of domain msft as 10.1.2.1, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1 huawei(config-if-vlanif2)#quit huawei(config)#display dhcp domain msft -------------------------------------------------------------------Index Name Server VLANIF Gateway -group -------------------------------------------------------------------1 msft 1 2 10.1.2.1 --------------------------------------------------------------------
Related Operation
Table 9-10 lists the related operation for configuring the gateway of a DHCP option60 domain.
Issue 02 (2008-04-25)
9-21
Table 9-10 Related operation for configuring the gateway of a DHCP option60 domain To... Delete the gateway of a DHCP option60 domain Run the Command... undo dhcp domain gateway Remarks In VLAN interface mode
9.13 Creating a DHCP MAC Address Segment

This topic describes how to create a DHCP MAC address segment. When the device is enabled with the DHCP relay function and the forwarding mode is MAC address segment, a MAC address segment needs to be created.
Prerequisites
l l
The IP address of the VLAN L3 interface has been configured. By default, the system has a MAC address segment named default.
The system supports up to 128 MAC address segments.
Procedure
Step 1 Run the dhcp mac-range command to create a DHCP MAC address segment and enter MAC address segment mode. Step 2 Run the display dhcp mac-range command to query the MAC address segment. ----End
Example
To set a MAC address segment named huawei, do as follows:
huawei(config)#dhcp mac-range huawei huawei(config-mac-range-huawei)#quit huawei(config)#display dhcp mac-range { <cr>|string<S><1,32> }: Command: display dhcp mac-range -----------------------------------------------------------------------------Index Name MAC-start MAC-end Server VLAN Gateway -group -IF -----------------------------------------------------------------------------0 default none none none none none 1 huawei none none none none none -----------------------------------------------------------------------------Total: 2
Related Operation
Table 9-11 lists the related operation for creating a DHCP MAC address segment.
Table 9-11 Related operation for creating a DHCP MAC address segment To... Delete a DHCP MAC address segment Run the Command... undo dhcp mac-range Remarks The MAC address segment named default cannot be deleted.
9.14 Setting the Range of a DHCP MAC Address Segment

This topic describes how to set the range of a DHCP MAC address segment. When the device is enabled with the DHCP relay function and the forwarding mode is MAC address segment, the range of a DHCP MAC address segment needs to be configured.
l
A MAC address segment is a consecutive MAC address range specified by a start MAC address and an end MAC address. The MAC address adopts the format of "H-H-H" ("H" is a 4-bit hexadecimal number).
Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address segment mode. Step 2 Run the mac-range command to set the range of a MAC address segment. Step 3 Run the quit command to exit the MAC address segment mode. Step 4 Run the display dhcp mac-range command to query the range of the MAC address segment. ----End
Example
To set the range of MAC address segment huawei from 0000-0000-0001 to 0000-0000-0100, do as follows:
huawei(config)#dhcp mac-range huawei huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100 huawei(config-mac-range-huawei)#quit huawei(config)#display dhcp mac-range { <cr>|string<S><1,32> }: Command: display dhcp mac-range -----------------------------------------------------------------------------Index Name MAC-start MAC-end Server VLAN Gateway -group -IF -----------------------------------------------------------------------------0 default none none none none none 1 huawei 0000-0000-0001 0000-0000-0100 none none none -----------------------------------------------------------------------------Total: 2
Related Operation
Table 9-12 lists the related operation for setting the range of a DHCP MAC address segment.
Table 9-12 Related operation for setting the range of a DHCP MAC address segment To... Cancel the range of a MAC address segment Run the Command... undo mac-range Remarks The MAC address segment named default cannot be deleted.
9.15 Binding a DHCP Server Group with a DHCP MAC Address Segment
This topic describes how to bind a DHCP server group with a DHCP MAC address segment. When the device is enabled with the DHCP relay function and the DCHP server selection mode is MAC address segment, a DHCP server group needs to be bound with a DHCP MAC address segment.
A MAC address segment can be bound with only one DHCP server group.
Procedure
Step 1 Run the dhcp mac-range command to create a MAC address segment and enter MAC address segment mode. Step 2 Run the dhcp-server command to bind a DHCP server group. Step 3 Run the quit command to exit MAC address segment mode. Step 4 Run the display dhcp mac-range command to query the information on the MAC address segment. ----End
Example
To bind server group 10 to MAC address segment huawei, do as follows:
huawei(config)#dhcp mac-range huawei huawei(config-mac-range-huawei)#dhcp-server 10 huawei(config-mac-range-huawei)#quit hauwei(config)#display dhcp mac-range { <cr>|string<S><1,32> }: Command: display dhcp mac-range -----------------------------------------------------------------------------Index Name MAC-start MAC-end Server VLAN Gateway -group -IF -----------------------------------------------------------------------------0 default none none none none none 1 huawei none none 10 none none -----------------------------------------------------------------------------Total: 2
9-24
Issue 02 (2008-04-25)
Related Operation
Table 9-13 lists the related operation for binding a DHCP server group with a DHCP MAC address segment. Table 9-13 Related operation for binding a DHCP server group with a DHCP MAC address segment To... Delete the DHCP server group from a DHCP MAC address segment Run the Command.. undo dhcp-server
9.16 Configuring the Gateway of a DHCP MAC Address Segment

This topic describes how to configure the gateway of a DHCP MAC address segment. When the device is enabled with the DHCP relay function and the forwarding mode is MAC address segment, a DHCP MAC address segment needs to be configured with the gateway.
A DHCP MAC address segment can be configured with only one gateway address.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode. Step 2 Run the dhcp mac-range gateway command to configure the gateway address. Step 3 Run the quit command to exit VLAN interface mode. Step 4 Run the display dhcp mac-range command to query the information on the gateway address. ----End
Example
To set the gateway address of MAC address segment huawei as 10.1.2.1, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1 huawei(config-if-vlanif2)#quit huawei(config)#display dhcp mac-range huawei -----------------------------------------------------------------------------Index Name MAC-start MAC-end Server VLAN Gateway -group -IF -----------------------------------------------------------------------------0 huawei none none none 2 10.1.2.1 ------------------------------------------------------------------------------
Issue 02 (2008-04-25)
9-25
Related Operations
Table 9-14 lists the related operations for configuring the gateway of a DHCP MAC address segment. Table 9-14 Related operations for configuring the gateway of a DHCP MAC address segment To... Cancel the gateway of the MAC address segment on a VLAN interface Unbind the DHCP server group from a MAC address segment Run the Command... undo dhcp mac-range gateway undo dhcp-server Remarks -
In MAC address segment mode.
9.17 Setting the DHCP Proxy Lease-Time

This topic describes how to set the DHCP proxy lease-time. After the setting, the shorter leasetime between the lease-time allocated by the DHCP server and the lease-time allocated by the MA5600T is used as the lease-time for a user.
Context
l
Lease-time agent: indicates that the lease-time allocated by the DHCP server to a DHCP client is replaced with a shorter lease-time, and then allocated to the client. A shorter leasetime is used to quickly detect whether a user gets offline. This function takes effect only when the DHCP proxy function is enabled. For how to enable the DHCP proxy function, see "9.5 Enabling the DHCP Proxy Function."
Procedure
Step 1 Run the dhcp proxy lease-time command to set the DHCP proxy lease-time. Step 2 Run the display dhcp config command to query the current DHCP setting. ----End
Example
To set the DHCP proxy lease-time as one day, 12 hours, and 30 minutes, do as follows:
huawei(config)#dhcp proxy lease-time day 1 hour 12 minute 30 huawei(config)#display dhcp config { <cr>|vlan<K> }: Command: display dhcp config DHCP relay mode : layer-2 DHCP proxy state : enable DHCP proxy lease-time : 1 day(s) 12 hour(s) 30 minute(s)
Related Operation
Table 9-15 lists the related operation for setting the DHCP proxy lease-time.
Table 9-15 Related operation for setting the DHCP proxy lease-time To... Delete a DHCP proxy leasetime Run the Command... undo dhcp proxy lease-time
9.18 Kicking Off a DHCP User

This topic describes how to kick off a DHCP user when you find that the user is invalid, or is offline already though the MA5600T detects that the user is still online. This operation helps to release the resources occupied by the user.
Procedure
Step 1 Run the dhcp user kickoff command to kick off an online DHCP user.
NOTE
To kick off a DHCP user, you need to specify the user index. The user index is allocated dynamically. To query the user indexes, run the display dhcp proxy user command.
Step 2 Run the display dhcp proxy user command to query the DHCP users. ----End
Example
To kick off a DHCP user with the index of 1, do as follows:
huawei(config)#display dhcp proxy user all ------------------------------------------------------------------Index : 1 IP-Address : 100.100.100.5 MAC-Address : 00E0-4C77-7115 VLANID : 4001 F/S/P : 0 /1 /32 Service-Port Index : 0 Server IP : 192.168.10.1 Expiration date : 2000-01-10 06:37 ------------------------------------------------------------------Total: 1 huawei(config)#dhcp user kickoff 1 huawei(config)#display dhcp proxy user all Failure: No DHCP proxy user exists
Issue 02 (2008-04-25)
9-27
10 ARP & ARP Proxy Configuration
10
NOTE
ARP & ARP Proxy Configuration
About This Chapter

This topic describes the principles of ARP and ARP proxy and the method of configuring them on the MA5600T.
10.1 Overview This topic describes the ARP proxy service description and service specification. 10.2 ARP Proxy Configuration Example This topic describes how to configure ARP proxy to enable users in isolated ports of the same broadcast domain or in ports of different broadcast domains to communicate with each other. The ARP proxy must be enabled on the L3 interface. To reduce the network load, the ARP requests are limited in a VLAN. 10.3 Adding a Static ARP Entry This topic describes how to configure the static mapping between the specified IP address and the MAC address, that is, to add a static ARP entry. 10.4 Enabling the ARP Proxy This topic describes how to enable the ARP proxy. To implement the communication between users who are in isolated ports of the same broadcast domain or in ports of different broadcast domains, the ARP proxy needs to be enabled on the L3 interface.
Issue 02 (2008-04-25)
10-1
10.1 Overview
This topic describes the ARP proxy service description and service specification.
Service Description
For two hosts in a network to communicate with each other, they are required to know the physical addresses of each other. These physical addresses are the MAC addresses. The IP address represents only the address of a host at the network layer. To send the data at the network layer to a destination host, the source host must know the physical address of the destination host; therefore, an IP address is required to be translated into an MAC address. Address Resolution Protocol (ARP) is used to translate an IP address into a MAC address. Through ARP proxy and a super VLAN, two PCs subject to L2 isolation can interconnect with each other at L3. For details on the ARP proxy feature, refer to "ARP Proxy" in the MA5600T Feature Description.
The MA5600T can maintain ARP entries both dynamically and manually. In addition, the MA5600T supports ARP proxy function. The MA5600T supports the ARP protocol and maintains an ARP table for mapping between the MAC addresses and the IP addresses. You can configure the static ARP entry manually. The MA5600T supports up to 500 static ARP entries and 4096 dynamic ARP entries.
10.2 ARP Proxy Configuration Example

This topic describes how to configure ARP proxy to enable users in isolated ports of the same broadcast domain or in ports of different broadcast domains to communicate with each other. The ARP proxy must be enabled on the L3 interface. To reduce the network load, the ARP requests are limited in a VLAN.
Networking
Figure 10-1 shows an example network for configuring the ARP proxy. PC1 and PC2 are in sub VLAN 10, service ports 0/11/0 and 0/11/1 are isolated, and PC3 is in service port 0/12/0 of sub VLAN 20. User packets can be forwarded in the L3 forwarding mode through upstream port 0/9/0 of the super VLAN. The IP address of the super VLAN interface is 10.0.0.254, and the interface is in the same subnet with PC1, PC2, and PC3. After the ARP proxy function is enabled, PC1 and PC2 can communicate with each other, and PC3 can communicate with PC1 and PC2.
10-2
Issue 02 (2008-04-25)
Figure 10-1 Example network for configuring the ARP proxy
Router
MA5600 T 10.0.0.254/24
PC1 VLAN 10
PC2
PC3 VLAN 20
Data Plan
Table 10-1 provides the data plan for configuring the ARP proxy. Table 10-1 Data plan for configuring the ARP proxy Item Super VLAN Data VLAN ID: 100 Sub VLAN: VLAN 10, VLAN 20 IP address: 10.0.0.254/24 Sub VLAN VLAN ID: 10 VLAN type: smart VLAN User: PC1 (0/11/0), PC2 (0/11/1) Sub VLAN VLAN ID: 20 VLAN type: MUX VLAN User: PC3 (0/12/0) Upstream port Port: 0/9/0 VLAN: standard VLAN 30 IP address: 10.0.1.254/24
Issue 02 (2008-04-25)
10-3
Prerequisites
l l l
The network equipment and line must work in the normal state. Service boards must work in the normal state. VPI/VCI configured on the modem must be 0/35.
Figure 10-2 shows the flowchart for configuring the ARP proxy. Figure 10-2 Flowchart for configuring the ARP proxy
Start
Create a super VLAN Create sub VLANs and add them to the super VLAN Configure the service ports of the sub VLANs Configure the upstream port Configure the layer 3 interface of the super VLAN Enable the ARP proxy function
Save the data
End
Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create Sub VLANs 3 and 4, and add them to the super VLAN.
huawei(config)#vlan 10 smart huawei(config)#vlan 20 mux huawei(config)#supervlan 100 subvlan 10 huawei(config)#supervlan 100 subvlan 20
Step 3 Configure the service ports of the sub VLANs.

huawei(config)#service-port vlan 10 adsl 0/11/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 10 adsl 0/11/1 vpi 0 vci 35 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 20 adsl 0/12/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5
10-4
Issue 02 (2008-04-25)
huawei(config)#service-port vlan 10 gpon 0/11/0 gemport 128 multi-service user-vlan 15 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 10 gpon 0/11/1 gemport 129 multi-service user-vlan 16 rx-cttr 5 tx-cttr 5 huawei(config)#service-port vlan 20 gpon 0/12/0 gemport 130 multi-service user-vlan 17 rx-cttr 5 tx-cttr 5
Step 4 Configure the upstream port.

huawei(config)#vlan 30 standard huawei(config)#port vlan 30 0/9 0 huawei(config)#interface vlanif 30 huawei(config-if-vlanif30)#ip address 10.0.1.254 24
Step 5 Configure the L3 interface of the super VLAN.

NOTE
The IP address of the L3 interface of the super VLAN must be in the same subnet as the IP address of the PC.
Step 6 Enable the ARP proxy function. 1. 2. 3. Enable the ARP proxy function globally.
huawei(config)#arp proxy enable
Enable ARP proxy on the super VLAN interface.

huawei(config-if-vlanif100)#arp proxy enable
Enable ARP proxy on the sub VLAN interface.

huawei(config-if-vlanif100)#arp proxy enable subvlan 10
NOTE
Skip substep 3 in step 6 if you only want PCs in different VLANs to communicate with each other.

----End
Result
After the global ARP proxy function and the ARP proxy function of the super VLAN interface are enabled, PC1, PC2, and PC3 in different VLANs can communicate with each other. After the global ARP proxy function, the ARP proxy function of the super VLAN interface, and that of the sub VLAN interface are enabled, PC1 and PC2 in the same VLAN can communicate with each other.
10.3 Adding a Static ARP Entry

This topic describes how to configure the static mapping between the specified IP address and the MAC address, that is, to add a static ARP entry.
The system supports the configuration of up to 500 static ARP entries.
Procedure
Step 1 Run the arp command to add a static ARP entry. Step 2 Run the display arp static command and you can find that a static ARP entry has been added successfully. ----End
Example
To add a static ARP entry to set up the mapping between the IP address 129.102.0.1 and the MAC address 00e0-fc01-0000, passing through port 0/11/0 of VLAN 10, do as follows:
huawei(config)#arp 129.102.0.1 00e0-fc01-0000 10 0/11/0 huawei(config)#display arp static IP Address MAC Address VLAN ID Port 129.102.0.1 00e0-fc01-0000 10 0/11/0 --1 entry found ---
Type Static
Related Operations
Table 10-2 lists the related operations for adding a static ARP entry. Table 10-2 Related operations for adding a static ARP entry To Delete an ARP entry Clear an ARP entry Run the Command undo arp reset arp Remarks The system can delete both static and dynamic ARP entries. You can clear a static ARP entry, a dynamic ARP entry, or ARP entries related to a port. By entering the parameter "all", you can clear all ARP entries.
10.4 Enabling the ARP Proxy

This topic describes how to enable the ARP proxy. To implement the communication between users who are in isolated ports of the same broadcast domain or in ports of different broadcast domains, the ARP proxy needs to be enabled on the L3 interface.
Principles for applying the ARP proxy are as follows: Hosts isolated at L2 can communicate with each other through the ARP proxy function of the MA5600T. This topic offers an example for the principles of applying of the ARP proxy. For the topology as shown in Table 10-3, to achieve interconnections between PCs in the VLAN, you must set the ARP proxy as follows:
Table 10-3 Data plan of the ARP proxy Super VLAN VLAN 100 (Super VLAN) Sub VLAN VLAN 10 (Smart VLAN) PC PC A PC B VLAN 20 (MUX VLAN) PC C
For the interconnection between PC A and PC B, enable the global ARP proxy and the ARP proxy on super VLAN 2 and sub VLAN 3. For the interconnection between PC A and PC C, enable the global ARP proxy and the ARP proxy on super VLAN 2.
Procedure
Step 1 Run the arp proxy command to enable the ARP proxy function. Step 2 Run the display arp proxy command to query the configuration of the ARP proxy. ----End
Examples
To enable the global ARP proxy, do as follows:
huawei(config)#arp proxy enable huawei(config)#display arp proxy Global arp proxy is enabled
To enable the ARP proxy of an L3 interface, do as follows:

huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#arp proxy enable huawei(config-if-vlanif100)#display arp proxy VLANIF 100 : Arp proxy is enabled
To enable the ARP proxy of a sub VLAN, do as follows:

huawei(config)#vlan 100 super huawei(config)#vlan 10 smart huawei(config)#supervlan 100 subvlan 10 huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#arp proxy enable subvlan 10 huawei(config-if-vlanif100)#display arp proxy VLANIF 100 : Arp proxy is enabled ARP proxy enable subvlan 10
Related Operation
Table 10-4 lists the related operation for enabling the ARP proxy.
Issue 02 (2008-04-25)
10-7
Table 10-4 Related operation for enabling the ARP proxy To Disable the ARP proxy Run the Command arp proxy disable
10-8
Issue 02 (2008-04-25)
11 RIP Routing Protocol Configuration
11
RIP Routing Protocol Configuration
About This Chapter

This topic describes how to configure the RIP routing protocol supported by the MA5600T. 11.1 Overview This topic describes Routing Information Protocol (RIP) and its application on the MA5600T. 11.2 Configuration Example of the Static Route This topic provides an example for configuring the static route which enables users in different network segments to interconnect across different MA5600T devices. 11.3 Configuration Example of RIP This topic provides an example for configuring the RIP. Through the protocol, you can create the route from the device to the network to implement the interconnection between the device and the management network. 11.4 Configuration Example of a Routing Policy This topic provides an example for configuring a routing policy for imported routes. 11.5 Adding a Static Route This topic describes how to add a static route to the destination address. This helps to realize the L3 interconnection among network devices in different network segments. 11.6 Configuring RIP This topic describes how to configure RIP to make it function properly. 11.7 Controlling the RIP Routing Information This topic describes how to control the RIP route advertisement and reception such as advertising the aggregated routes, filtering the received routes, and importing the external routes. 11.8 Adjusting and Optimizing RIP This topic describes how to adjust and optimize the RIP configuration to improve the RIP network performance. 11.9 Configuring a Routing Policy This topic describes how to configure a routing policy. 11.10 Enabling the Transparent Transmission function of the RIP Packet Based on the VLAN
Issue 02 (2008-04-25)
11-1
This topic describes how to enable the transparent transmission function of the RIP packet based on the VLAN. When you want to transmit the RIP packet in a VLAN transparently, enable this function.
11-2
Issue 02 (2008-04-25)
11.1 Overview
This topic describes Routing Information Protocol (RIP) and its application on the MA5600T.
Service Description
RIP is a distance-vector algorithm-based protocol. RIP is a simple interior gateway protocol and it applies to the small-scale networks such as the campus network, and the regional network with a simple architecture. In general, for the complex application scenarios and the large-scale networks, it is not recommended to adopt RIP.
11.2 Configuration Example of the Static Route

This topic provides an example for configuring the static route which enables users in different network segments to interconnect across different MA5600T devices.
Networking
Figure 11-1 shows an example network for configuring the static route. In this example network, MA5600T_A, MA5600T_B, and MA5600T_C have the routing function. It is expected that after the configuration, any two PCs can communicate with each other. Figure 11-1 Example network for configuring the static route
PC_C 1.1.5.1/24 ONT 1.1.2.2/24 1.1.2.1/24 1.1.5.2/24 1.1.3.1/24 1.1.3.2/24
MA5600T_ C
1.1.1.2/24 ONT MA5600T_ A MA5600T_ B
1.1.4.2/24 ONT
PC_A 1.1.1.1/24
PC_B 1.1.4.1/24
Data Plan
Table 11-1 provides the data plan for configuring the static route on the user side.
Issue 02 (2008-04-25)
11-3
Table 11-1 Data plan for configuring the static route on the user side Item MA5600T_A Data Primary IP address of the L3 interface: 1.1.2.1/24 Secondary IP address of the L3 interface: 1.1.1.2/24 VLAN ID: 2 Upstream port: 0/9/0 PC_A MA5600T_B IP address: 1.1.1.1/24 Secondary IP address of the L3 interface: 1.1.4.2/24 Primary IP address of the L3 interface: 1.1.3.2/24 VLAN ID: 2 Upstream port: 0/9/0 PC_B MA5600T_C IP address: 1.1.4.1/24 Primary IP address of the L3 interface: 1.1.3.1/24 Secondary IP address of the L3 interface: 1.1.5.2/24 Secondary IP address of the L3 interface: 1.1.2.2/24 VLAN ID: 2 Upstream port: 0/9/0 (connecting MA5600T_A) and 0/9/1 (connecting MA5600T_B) PC_C IP address: 1.1.5.1/24
Configure a native VLAN of the L3 interface of each MA5600T to ensure a normal communication among MA5600T devices.
Figure 11-2 shows the flowchart for configuring the static route.
11-4
Issue 02 (2008-04-25)
Figure 11-2 Flowchart for configuring the static route

Start Configure the IP address of the layer 3 interface Configure static routes Configure the host gateways Save the data
End
NOTE
The procedure shown in the preceding flowchart is for configuring static routes on one MA5600T. To configure static routes on multiple MA5600T devices, repeat the procedure.
Procedure
Step 1 Configure the IP address of the L3 interface.
NOTE
The configurations for the three MA5600T devices are the same. Here, the configuration of the MA5600T is considered as an example.
huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 1.1.1.2 24 huawei(config-if-vlanif2)#ip address 1.1.2.1 24 sub
Step 2 Configure static routes. 1. Configure static route for MA5600T_A.

huawei(config-if-vlanif2)#quit huawei(config)#ip route-static 1.1.0.0 255.255.0.0 1.1.2.2
2. 3.
Configure static route for MA5600T_B.

huawei(config)#ip route-static 1.1.0.0 255.255.0.0 1.1.3.1
Configure static routes for MA5600T_C.

huawei(config)#ip route-static 1.1.1.0 255.255.255.0 1.1.2.1 huawei(config)#ip route-static 1.1.4.0 255.255.255.0 1.1.3.2
Step 3 Configure the host gateways. 1. 2. 3. Configure the default gateway of Host A to 1.1.1.2. Configure the default gateway of Host B to 1.1.4.2. Configure the default gateway of Host C to 1.1.5.2.


huawei#save
----End
Result
After the configuration, an interconnection can be set up between all the hosts and between all the MA5600T devices.
11.3 Configuration Example of RIP

This topic provides an example for configuring the RIP. Through the protocol, you can create the route from the device to the network to implement the interconnection between the device and the management network.
Networking
Figure 11-3 shows an example network for configuring RIP. MA5600T_A is subtended with MA5600T_B through port 0/9/1, and uses port 0/9/0 to transmit services in the upstream. Besides, it connects to the management center network through the MAN. RIP is enabled on MA5600T_A and MA5600T_B so that the administrator can access MA5600T_A and MA5600T_B through the RIP route. Then, you can operate and maintain MA5600T_A and MA5600T_B. Figure 11-3 Example network for configuring RIP
Management center 192.13.24.5/22 GE 192.15.24.1/26 MA5600T_B Loopback ip 192.13.2.2/24 192.15.24.2/26 MA5600T_A Loopback ip 192.13.2.1/24 Operation and maintenance Router
Data Plan
Table 11-2 provides the data plan for configuring RIP.
Table 11-2 Data plan for configuring RIP Item MA5600T_A Data Upstream port: 0/9/0 Administration VLAN: smart VLAN 100 IP address of the L3 interface in the administration VLAN: 192.13.24.5/22 Loopback interface address: 192.13.2.1/24 RIP version: V2 RIP route filtering policy: filtering routes based on the IP address prefix list "abc". Only the routes with the IP addresses 192.13.2.1 and 192.13.2.2 can be advertised through the L3 interface of VLAN 100. Subtending port: 0/9/1 Subtending administration VLAN: smart VLAN 10 IP address of the L3 interface in the subtending administration VLAN: 192.15.24.1/26 MA5600T_B Subtending port: 0/9/0 Administration VLAN: smart VLAN 10 IP address of the L3 interface in the administration VLAN: 192.15.24.2/26 Loopback interface address: 192.13.2.2/24 RIP version: V2 RIP route filtering policy: filtering routes based on the IP address prefix list "abc". Only the route with the IP address 192.13.2.2 can be advertised through the L3 interface of VLAN 10.
Figure 11-4 shows the flowchart for configuring RIP.
Issue 02 (2008-04-25)
11-7
Figure 11-4 Flowchart for configuring RIP

Device A Start Device B Start
Configure the L3 interface
Enable RIP
Enable RIP
Configure the route filtering policy
Configure the route filtering policy
Configure the subtending port
Save the data
Enable RIP on the subtending port
End
Save the data
End
Procedure
l Configure MA5600T_A. 1. Configure the RIP-supported L3 interface.
huawei(config)#vlan 100 smart huawei(config)#port vlan 100 0/9 0 huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#ip address 192.13.24.5 22 huawei(config-if-vlanif100)#quit huawei(config)#interface loopBack 0 huawei(config-if-loopback0)#ip address 192.13.2.1 24 huawei(config-if-loopback0)#quit
2.
Enable RIP.
huawei(config)#rip 1 huawei(config-rip-1)#network 192.13.24.0 huawei(config-rip-1)#network 192.13.2.0 huawei(config-rip-1)#version 2 huawei(config-rip-1)#quit
3.
Configure the route filtering policy.

huawei(config)#ip ip-prefix abc permit 192.13.2.1 32 huawei(config)#ip ip-prefix abc permit 192.13.2.2 32 huawei(config)#rip 1 huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 100
4.
Configure the subtending port.

huawei(config)#vlan 10 smart huawei(config)#port vlan 10 0/9 1 huawei(config)#interface vlanif 10
11-8
Issue 02 (2008-04-25)
huawei(config-if-vlanif10)#ip address 192.15.24.1 26 huawei(config-if-vlanif10)#quit
5.
Enable RIP on the subtending port.

huawei(config)#rip 1 huawei(config-rip-1)#network 192.15.24.0 huawei(config-rip-1)#quit
6. l
Save the data.

huawei(config)#save
Configure MA5600T_B. 1. Configure the RIP-supported L3 interface.

huawei(config)#vlan 10 smart huawei(config)#port vlan 10 0/9 0 huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 192.15.24.2 26 huawei(config-if-vlanif10)#quit huawei(config)#interface loopBack 0 huawei(config-if-loopback0)#ip address 192.13.2.2 24 huawei(config-if-loopback0)#quit
2.
Enable RIP.
huawei(config)#rip 1 huawei(config-rip-1)#network 192.15.24.0 huawei(config-rip-1)#network 192.13.2.0 huawei(config-rip-1)#version 2 huawei(config-rip-1)#quit
3.
Configure the route filtering policy.

huawei(config)#ip ip-prefix abc permit 192.13.2.2 32 huawei(config)#rip 1 huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 10 huawei(config-rip-1)#quit
4. ----End
Save the data.

huawei(config)#save
Result
The maintenance terminal of the administration center can access MA5600T_A and MA5600T_B, and operate and maintain the two devices.
11.4 Configuration Example of a Routing Policy

This topic provides an example for configuring a routing policy for imported routes.
Networking
Figure 11-5 shows an example network for configuring the routing policy. In this example network, two MA5600Ts that have the routing function are adopted, namely MA5600T_A and MA5600T_B. Both of them are running the OSPF routing protocol, and within area 0. MA5600T_A imports static routes, and MA5600T_B is configured with the routing policy.
Issue 02 (2008-04-25)
11-9
Figure 11-5 Example network for configuring the routing policy

Static:20.0.0.1 30.0.0.1 40.0.0.1 Vlanif2 10.0.0.1/24 Vlanif2 10.0.0.2/24
MA5600T_A 1.1.1.1
Area 0
MA5600T_B 2.2.2.2
Data Plan
Table 11-3 provides the data plan for configuring the routing policy. Table 11-3 Data plan for configuring the routing policy Item MA5600T_A Data IP address of the L3 interface: 10.0.0.1/24 VLAN ID: 2 Router ID: 1.1.1.1 OSPF area: 0 Static routes: 20.0.0.1, 30.0.0.1, 40.0.0.1 MA5600T_B IP address of the L3 interface: 10.0.0.2/24 VLAN ID: 2 Router ID: 2.2.2.2 OSPF area: 0
Figure 11-6 shows the flowchart for configuring the routing policy.
11-10
Issue 02 (2008-04-25)
Figure 11-6 Flowchart for configuring the routing policy

Device A
Start Configure the IP address of layer 3 interface Enable route function Configure the OSPF router ID Configure the static routes
Device B
Start Configure the IP address of layer 3 interface Configure the ACL
Enable route function Configure the OSPF router ID Filter imported routes
Import static routes
Save the data
Save the data
End
End
Procedure
Step 1 Configuring MA5600T_A. 1. Configure the IP address of the L3 interface on MA5600T_A.
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.0.0.1 24 huawei(config-if-vlanif2)#quit
2.
Enable OSPF on MA5600T_A and specify the area ID to which the interface belongs.
huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
3. 4.
Configure the OSPF router ID on MA5600T_A.

huawei(config)#router id 1.1.1.1
Configure three static routes.

huawei(config)#ip route-static 20.0.0.1 32 vlanif 2 huawei(config)#ip route-static 30.0.0.1 32 vlanif 2 huawei(config)#ip route-static 40.0.0.1 32 vlanif 2
5.
Import static routes into the OSPF routing table to improve its capability of obtaining routes.
huawei(config)#ospf hawei(config-ospf-1)#import-route static hawei(config-ospf-1)#quit
6.
Save the data.

huawei(config)#save
Step 2 Configuring MA5600T_B.

1.
Configure the IP address of the L3 interface on MA5600T_B.

huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.0.0.2 24 huawei(config-if-vlanif2)#quit
2.
Configure the ACL.

huawei(config)#acl 2000 huawei(config-acl-basic-2000)#rule deny source 30.0.0.0 255.255.255.0 huawei(config-acl-basic-2000)#rule permit source any huawei(config-acl-basic-2000)#quit
3.
Enable OSPF on MA5600T_B and specify the area id to which the interface belongs.
huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
4. 5.
Configure the OSPF router ID of MA5600T_B.

Filter imported routes.

huawei(config)#ospf uawei(config-ospf-1)#filter-policy 2000 import huawei(config-ospf-1)#quit
6.
Save the data.

huawei(config)#save
----End
Result
1. 2. MA5600T_A and MA5600T_B run OSPF successfully, and they can communicate well with each other. After a filter is configured on MA5600T_B, parts of the three imported static routes are available while part of them is screened. That is, routes from segments 20.0.0.0 and 40.0.0.0 are available, while the route from segment 30.0.0.0 is screened.
11.5 Adding a Static Route

This topic describes how to add a static route to the destination address. This helps to realize the L3 interconnection among network devices in different network segments.
Prerequisite
The IP address has been configured for the L3 interface.
l l
The system supports up to 1000 static routes. The following items are contained in a static route:
Destination address: It is used to label the destination address or destination network of an IP packet. Subnet mask: The subnet mask is comprised of consecutive "1"s, and expressed in dotted decimal format, or the count of consecutive "1"s. The mask is used with the destination address to identify the subnet address of the destination host or router.
11-12

Output interface: It specifies the interface of a router for IP packet forwarding. Next hop IP address: It indicates the next router that an IP packet passes through. Route priority: When there are multiple routes with different priorities to the same destination, the route with the highest priority (smallest value) is the optimal one. The default priority of a static route is 60.
When configuring a static route, specify the transmit interface or the next hop IP address if necessary. For a port supporting ARP or connecting to a point-to-point network, the destination IP address is in the network that connects to the port directly. In this case, you need to specify the transmit interface. A route with both the destination IP address and network mask being 0.0.0.0 is the default route. If no matching route is found in the routing table for an IP packet, the packet is forwarded over the default route.
Procedure
Step 1 Run the ip route-static command to add a static route. Step 2 Run the display ip routing-table command to query the routing table. ----End
Example
To set up a static route to the subnet 10.71.8.0 through gateway 10.71.53.1, do as follows:
huawei(config)#ip route-static 10.71.8.0 255.255.255.0 10.71.53.1 huawei(config)#display ip routing-table protocol static { <cr>|inactive<K>|verbose<K> }: Command: display ip routing-table protocol static Total static routes configed in Public routing table: 3 Public routing table : Static Destinations : 3 Routes : 3
Static routing table status : <Active> Destinations : 0 Routes : 0 Static routing table status : <Inactive> Destinations : 3 Routes : 3 Destination/Mask 10.71.8.0/24 10.71.53.0/24 10.71.54.0/24 Proto Pre Cost 0 0 0 NextHop 10.71.53.1 10.71.8.0 10.71.8.0 Interface
Static 60 Static 60 Static 60
Related Operation
Table 11-4 lists the related operation for adding a static route. Table 11-4 Related operation for adding a static route To... Delete a static route
Issue 02 (2008-04-25)
Run the Command... undo ip route-static

11-13
11.6 Configuring RIP

This topic describes how to configure RIP to make it function properly. 11.6.1 Enabling the RIP Process This topic describes how to enable the RIP process. 11.6.2 Setting the RIP Version This topic describes how to set the RIP version. 11.6.3 Enabling an Interface to Receive/Transmit RIP Packets This topic describes how to enable an interface to receive and transmit RIP packets.
11.6.1 Enabling the RIP Process

This topic describes how to enable the RIP process.
To configure the global parameters of RIP, you need to enable RIP first. However, you do not have to comply with this when configuring the interface related parameters.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the display rip command to query the RIP. ----End
Example
To enable RIP process 1, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-1 compatibility Preference : 100 Checkzero : Enabled Default-cost : 0 Summary : Enabled Hostroutes : Enabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None Default routes : Disabled Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0
11-14
Issue 02 (2008-04-25)

Number Number Number Number of of of of route changes : 0 replies to queries : 0 routes in database : 0 interfaces enabled : 0
Related Operation
Table 11-5 lists the related operation for enabling the RIP process. Table 11-5 Related operation for enabling the RIP process To... Disable RIP process Run the Command... undo rip
11.6.2 Setting the RIP Version

This topic describes how to set the RIP version.
l l
The MA5600T supports packets in two formats: RIP-1 and RIP-2. The default is RIP-1.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the version command to set the RIP version. Step 3 Run the display rip command to query the RIP information. ----End
Example
To set the format of packets as RIP-2, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#version 2 huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-2 Preference : 100 Checkzero : Enabled Default-cost : 0 Summary : Enabled Hostroutes : Enabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None
Issue 02 (2008-04-25)
11-15

Default routes : Disabled Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0 Number of routes in database : 0 Number of interfaces enabled : 0
Related Operation
Table 11-6 lists the related operation for setting the RIP version. Table 11-6 Related operation for setting the RIP version To... Restore the system default format of the RIP packets Run the Command... undo version
11.6.3 Enabling an Interface to Receive/Transmit RIP Packets

This topic describes how to enable an interface to receive and transmit RIP packets.
By default, an interface is enabled to receive and transmit RIP packets.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the rip input (rip output) command to enable an interface to receive/transmit RIP packets. ----End
Examples
To allow VLAN interface 2 to receive RIP packets, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#rip input
To allow VLAN interface 2 to transmit RIP packets, do as follows:

huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#rip output
Related Operations
Table 11-7 lists the related operations for enabling an interface to receive and transmit RIP packets.
Table 11-7 Related operations for enabling an interface to receive and transmit RIP packets To... Prevent an interface from transmitting RIP packets Prevent an interface from receiving RIP packets Set the interface to the suppression state Run the Command... undo rip output undo rip input silent-interface Remarks When the interface is in suppression state, it only receives the RIP packets to update its routing table, but it cannot send RIP packets.
NOTE
l The configuration by running
the silent-interface command has higher priority over that made on the interface by running the rip input/rip output command.
l By default, the interface is not
in suppression state.
11.7 Controlling the RIP Routing Information

This topic describes how to control the RIP route advertisement and reception such as advertising the aggregated routes, filtering the received routes, and importing the external routes. 11.7.1 Setting the Cost of the Default Route This topic describes how to set the cost of the default route. 11.7.2 Specifying the Default Routing Metric This topic describes how to specify the default routing metric. 11.7.3 Setting the Additional Metric of a Route This topic describes how to set the additional metric of a route. 11.7.4 Enabling the Route Summarization This topic describes how to enable the route summarization. 11.7.5 Configuring a Summary Route IP Address This topic describes how to configure the IP address of a summary route. 11.7.6 Disabling Receiving Host Routes This operation prohibits the router from receiving host routes. In some special cases, the router can receive a number of host routes from the same subnet, and these routes are of little help in route addressing, but consume vast amounts of network resources. In this case, receiving host routes should be disabled. 11.7.7 Configuring the RIP Preference This topic describes how to set RIP preference. 11.7.8 Importing the Routes of Other Protocols This topic describes how to import the routes of other protocols.
11.7.9 Configuring the Route Filtering Policy This topic describes how to configure the route filtering policy to filter unnecessary routes. 11.7.10 Verifying the Source IP Address of a RIP Route Update This topic describes how to verify the source IP address of a RIP route update.
11.7.1 Setting the Cost of the Default Route

This topic describes how to set the cost of the default route.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the default-route originate command to create a default route and set its cost. Step 3 Run the display rip command to query the configured cost of the default route. ----End
Example
To create a default route and set its cost as 5, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#default-route originate cost 5 huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-2 Preference : 100 Checkzero : Enabled Default-cost : 0 Summary : Enabled Hostroutes : Enabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None Default routes : Enabled Default route cost : 5 Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0
Related Operation
Table 11-8 lists the related operation for setting the cost of the default route. Table 11-8 Related operation for setting the cost of the default route To... Delete the default route
11-18
Run the Command... undo default-route originate

Issue 02 (2008-04-25)
11.7.2 Specifying the Default Routing Metric

This topic describes how to specify the default routing metric.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the default-cost command to specify the default routing metric. Step 3 Run the display rip command to query the configuration information on the default routing metric. ----End
Example
To set the default routing metric to 10, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#default-cost 10 huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-2 Preference : 100 Checkzero : Enabled Default-cost : 10 Summary : Enabled Hostroutes : Enabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None Default routes : Enabled Default route cost : 5 Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0
Related Operation
Table 11-9 lists the related operation for specifying the default routing metric. Table 11-9 Related operation for specifying the default routing metric To... Restore the default routing metric Run the Command... undo default-cost
Issue 02 (2008-04-25)
11-19
11.7.3 Setting the Additional Metric of a Route

This topic describes how to set the additional metric of a route.
The default input metric is 0 while the default output metric is 1.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the rip metricin (rip metriout) command to set the added metric when the interface receives or transmits the RIP packets. ----End
Examples
To set the added metric to 5 when the interface receives the RIP packets, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#rip metricin 5
To set the added metric to 5 when the interface transmits the RIP packets, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#rip metriout 5
Related Operations
Table 11-10 lists the related operations for setting the additional metric of a route. Table 11-10 Related operations for setting the additional metric of a route To... Restore the default added metric when the interface receives the RIP packets Restore the default added metric when the interface transmits the RIP packets Run the Command... undo rip metricin
undo rip metricout
11.7.4 Enabling the Route Summarization

This topic describes how to enable the route summarization.
Route summarization is to combine routes of different subnets into one route. Route summarization helps to reduce the routing traffic on the network as well as the size of the routing table.
Procedure
Step 1 Run the rip command to start RIP process. Step 2 Run the summary command to enable the route summarization. Step 3 Run the display rip command to query the configuration of default route summarization. ----End
Example
To enable the route summarization, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#summary huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-2 Preference : 100 Checkzero : Enabled Default-cost : 0 Summary : Enabled Hostroutes : Enabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None Default routes : Enabled Default route cost : 5 Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0 Number of routes in database : 0 Number of interfaces enabled : 0
Related Operation
Table 11-11 lists the related operation for enabling the route summarization. Table 11-11 Related operation for enabling the route summarization To... Disable the route summarization Run the Command... undo summary
11.7.5 Configuring a Summary Route IP Address

This topic describes how to configure the IP address of a summary route.
l l
The summary address is valid only when the classful summarization is disabled. With split horizon or poison reverse is enabled, summary address and classful summarization fail. That is, to transmit route summarization to neighbors, disable split horizon or poison reverse of the related interface.
Procedure
Step 1 Runt the interface vlanif command to enter VLAN interface mode. Step 2 Runt the rip summary-address command to configure IP address of a summary route. ----End
Example
To configure the summary IP address of VLAN interface 2 as 10.0.0.0, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#rip summary-address 10.0.0.0 255.255.255.0
Related Operation
Table 11-12 lists the related operation for configuring a summary route IP address. Table 11-12 Related operation for configuring a summary route IP address To... Cancel the specified summary route IP address Run the Command... undo rip summary-address
11.7.6 Disabling Receiving Host Routes

This operation prohibits the router from receiving host routes. In some special cases, the router can receive a number of host routes from the same subnet, and these routes are of little help in route addressing, but consume vast amounts of network resources. In this case, receiving host routes should be disabled.
By default, receiving host routes is enabled.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the undo host-route command to prohibit the host route from being added to the route table. Step 3 Run the display rip command to query the configuration of the host route. ----End
Example
To set the system to prohibit the host route from being added to the route table, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#undo host-route huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-2 Preference : 100 Checkzero : Enabled Default-cost : 10 Summary : Enabled Hostroutes : Disabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None Default routes : Enabled Default route cost : 5 Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0 Number of routes in database : 0 Number of interfaces enabled : 0
Related Operation
Table 11-13 lists the related operation for disabling receiving host routes. Table 11-13 Related operation for disabling receiving host routes To... Receive host routes Run the Command... host-route
11.7.7 Configuring the RIP Preference

This topic describes how to set RIP preference.
l
Each kind of IGP routing protocol has its own preference. The route policy selects the route of the routing protocol with the highest preference as the optimal route. The greater the preference value, the lower the preference. The default RIP preference is 100.
l l
Issue 02 (2008-04-25)
11-23
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the preference command to configure the RIP preference. Step 3 Run the display rip command to query the configuration of RIP preference. ----End
Example
To set the RIP preference to 120, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#preference 120 huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-2 Preference : 120 Checkzero : Enabled Default-cost : 10 Summary : Enabled Hostroutes : Disabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None Default routes : Enabled Default route cost : 5 Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0
Related Operation
Table 11-14 lists the related operation for configuring the RIP preference. Table 11-14 Related operation for configuring the RIP preference To... Restore the default RIP preference Run the Command... undo preference
11.7.8 Importing the Routes of Other Protocols

This topic describes how to import the routes of other protocols.
To enhance the routing function, the MA5600T allows RIP to import routes (including direct route, static routes and OSPF routes) of other protocols into the routing table at a certain metric.
This greatly improves the capability of RIP to obtain routes and enhances the performance of RIP.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the import-route command to import static routes. ----End
Example
To import static routes, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#import-route static
Related Operation
Table 11-15 lists the related operation for importing the routes of other protocols. Table 11-15 Related operation for importing the routes of other protocols To... Stop importing the routes of other protocols Run the Command... undo import-route
11.7.9 Configuring the Route Filtering Policy

This topic describes how to configure the route filtering policy to filter unnecessary routes.
The route filtering can be performed based on the ACL, IP-prefix list of the system, or the IPprefix of the VLAN interface. Routes which fail to meet the filtering criteria are not be received or sent.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the filter-policy ip-prefix export static command to configure the route filtering policy. ----End
Example
To filter the transmitted RIP routing updates based on the IP-prefix list abc, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#filter-policy ip-prefix abc export static
Issue 02 (2008-04-25)
11-25
Related Operation
Table 11-16 lists the related operation for configuring the route filtering policy. Table 11-16 Related operation for configuring the route filtering policy To... Delete the route filtering policy Run the Command... undo filter-policy
11.7.10 Verifying the Source IP Address of a RIP Route Update

This topic describes how to verify the source IP address of a RIP route update.
In general, do not disable this function.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the verify-source command to verify the source IP address of a RIP route update. Step 3 Run the display rip command to query the configuration information. ----End
Example
To enable the RIP route verification function, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#verify-source huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-2 Preference : 120 Checkzero : Enabled Default-cost : 10 Summary : Enabled Hostroutes : Disabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None Default routes : Enabled Default route cost : 5 Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0
11-26
Issue 02 (2008-04-25)
Related Operation
Table 11-17 lists the related operation for verifying the source IP address of a RIP route update. Table 11-17 Related operation for verifying the source IP address of a RIP route update To... Disable the verification function Run the Command... undo verify-source
11.8 Adjusting and Optimizing RIP

This topic describes how to adjust and optimize the RIP configuration to improve the RIP network performance. 11.8.1 Configuring the RIP Timer This topic describes how to configure the RIP timer to improve the RIP running performance. 11.8.2 Configuring the Zero Field Check for RIP-I Packets This topic describes how to configure the zero field check for RIP-1 packets. 11.8.3 Configuring the RIP-2 Authentication Mode This topic describes how to configure the RIP-2 authentication mode. 11.8.4 Enabling the Split Horizon Function This topic describes how to enable the split horizon function. 11.8.5 Enabling the Poison Reverse Function This topic describes how to enable the poison reverse function.
11.8.1 Configuring the RIP Timer

This topic describes how to configure the RIP timer to improve the RIP running performance.
By default:
l l l l
The interval for sending the update packet is 30s. The route expiration time is 180s. The suppression time is 0s. The aging time of the route in the route table (garbage-collect time defined in the standard) is 120s.
In general, do not change the default values of the timer. The suppression time must be set to 0. Otherwise, the system prompts "Suppress time will not take effect in system."
Procedure
Step 1 Run the rip command to enable the RIP process.
Step 2 Run the timers rip command to configure the RIP timer. Step 3 Run the display rip route command to query configuration information on the RIP timer. ----End
Example
To set the interval for sending the update packet to 35s, route expiration time as 170s, suppression time as 0s and garbage-collect time as 240s, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#timers rip 35 170 0 240 huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-1 compatibility Preference : 100 Checkzero : Enabled Default-cost : 0 Summary : Enabled Hostroutes : Enabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : vlanif7 Default routes : Disabled Verify-source : Enabled Networks : 192.0.1.0 Configured peers : 10.0.0.1 Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0 Number of routes in database : 0 Number of interfaces enabled : 1
Related Operation
Table 11-18 lists the related operation for configuring the RIP timer. Table 11-18 Related operation for configuring the RIP timer To... Restore the default RIP timer configuration Run the Command... undo timers rip
11.8.2 Configuring the Zero Field Check for RIP-I Packets

This topic describes how to configure the zero field check for RIP-1 packets.
11-28
Issue 02 (2008-04-25)
If the field is not zero, RIP refuses to process the packet.
Procedure
Step 1 Run the rip command to enable the RIP process. Step 2 Run the checkzero command to configure the zero field check for RIP-1 packets. Step 3 Run the display rip command to query the configuration information. ----End
Example
To configure the zero field check for RIP-1 packets, do as follows:
huawei(config)#rip 1 huawei(config-rip-1)#checkzero huawei(config-rip-1)#quit huawei(config)#display rip 1 { route<K>|database<K>|interface<K>|<cr> }: Command: display rip 1 Public VPN-instance name : RIP process : 1 RIP version : RIP-2 Preference : 100 Checkzero : Enabled Default-cost : 0 Summary : Enabled Hostroutes : Enabled Maximum number of balanced paths : 1 Update time : 35 sec Age time : 170 sec Suppress time : 0 sec Garbage-collect time : 240 sec Silent interfaces : None Default routes : Disabled Verify-source : Enabled Networks : None Configured peers : None Triggered updates sent : 0 Number of route changes : 0 Number of replies to queries : 0 Number of routes in database : 0 Number of interfaces enabled : 0
Related Operation
Table 11-19 lists the related operation for configuring the zero field check for RIP-1 packets. Table 11-19 Related operation for configuring the zero field check for RIP-1 packets To... Cancel the zero field check for RIP-1 packets Run the Command... undo checkzero
Issue 02 (2008-04-25)
11-29
11.8.3 Configuring the RIP-2 Authentication Mode

This topic describes how to configure the RIP-2 authentication mode.
RIP-2 supports two authentication modes: plain text authentication and MD5 encrypted text authentication.
l
The plain text authentication does not ensure security. The authentication key, which is not encrypted, is sent together with the packet. MD5 encrypted text authentication ensures security in that the authentication key is encrypted and then sent. MD5 encrypted text authentication has two formats: one is a common packet format and the other is a non-standard packet format.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the rip authentication-mode command to configure the RIP-2 authentication mode. ----End
Example
To configure the RIP-2 authentication mode as plain text mode and password as huawei, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#rip authentication-mode simple huawei
Related Operation
Table 11-20 lists the related operation for configuring the RIP-2 authentication mode. Table 11-20 Related operation for configuring the RIP-2 authentication mode To... Cancel the RIP authentication Run the Command... undo rip authentication-mode
11.8.4 Enabling the Split Horizon Function

This topic describes how to enable the split horizon function.
l
Once the function is enabled, RIP does not send the routing information learned from a neighbor back to it again. This helps to prevents routing loops. By default, the split horizon function is enabled. The split horizon and poison reserve functions cannot be enabled at the same time.
l l
11-30
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the rip split-horizon command to enable the split horizon function. ----End
Example
To enable the RIP split horizon function, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#rip split-horizon
Related Operation
Table 11-21 lists the related operation for enabling the split horizon function. Table 11-21 Related operation for enabling the split horizon function To... Disable the split horizon function Run the Command... undo rip split-horizon
11.8.5 Enabling the Poison Reverse Function

This topic describes how to enable the poison reverse function.
You are not allowed to enable both the split horizon and poison reverse functions at the same time.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the rip poison-reverse command to enable the poison reverse function. ----End
Example
To enable the RIP poison reverse function, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#rip poison-reverse
NOTE
Once the function is enabled, if a route breaks down but is still kept in RIP packets, the route is configured as infinite, that is, the routing metric is set as 16. The poison reversal function helps to prevent routing loops among multiple routers.
Issue 02 (2008-04-25)
11-31
Related Operation
Table 11-22 lists the related operation for enabling the poison reverse function. Table 11-22 Related operation for enabling the poison reverse function To... Disable the poison reversal function Run the Command... undo rip poison-reverse
11.9 Configuring a Routing Policy

This topic describes how to configure a routing policy. 11.9.1 Defining a Routing Policy This topic describes how to define a routing policy. 11.9.2 Defining the If-match Clause of a Route Policy This topic describes how to define the if-match clause of a route policy. The if-match clause defines the matching rules, namely the preconditions for routes to pass the current route policy, based on the attributes of the routes. 11.9.3 Defining the Apply Clause of a Route Policy This topic describes how to define the apply clause of a route policy.
11.9.1 Defining a Routing Policy

This topic describes how to define a routing policy.
l
Up to 1000 route policies can be defined in the system, and each routing policy can be configured with up to 20 nodes. A routing policy may consist of several nodes, with each node as a unit for the match test. The node number is also the matching order. The relationship between nodes of a routing policy is "or". The system checks every node of a routing policy. If one node passes the match test, it means that the routing policy passes the match test. Every node consists of if-match clause and apply clause:
The if-match clause defines the matching order. The relationship between two ifmatch clauses of a node is "and". In other words, the match test can be considered as pass-through only when all if-match clauses of a node are met. The apply clause specifies the action to be taken when node match test is conducted, that is, set some attributes of the routes.
Parameter Description
Table 11-23 lists the parameters for defining a routing policy.
Table 11-23 Parameters for defining a routing policy Parameter permit Description It specifies the matching mode of a node as "permit". When a route entry passes a node, the system executes the apply clause of the node without the test by the next node. If the route entry fails to pass the filtering, the route goes to the next node for test. It specifies the matching mode of a mode as "deny". In this mode, the apply clause of the node is not executed. When a route entry meets all if-match clauses of a node, the route entry does not go to the next node for test. If a route entry does not meet any if-match clause of a node, the route entry goes to the next node for test.
deny
Procedure
Step 1 Run the route-policy command to create a routing policy and the enter routing policy configuration mode. Step 2 Run the display route-policy command to query the running status of the configured routing policy. ----End
Example
To configure routing policy 1 with node number of 10 and the matching mode "permit", do as follows:
huawei(config)#route-policy policy1 permit node 10 Info: New Sequence of this List ! huawei(config-route-policy)#quit huawei(config)#display route-policy { <cr>|string<S><1,19> }:policy1 Command: display route-policy policy1 Route-policy : policy1 permit : 10
Related Operation
Table 11-24 lists the related operation for configuring a routing policy. Table 11-24 Related operation for configuring a routing policy To... Delete a routing policy Run the Command... undo route-policy Remarks By default, no routing policy is defined.
Issue 02 (2008-04-25)
11-33
11.9.2 Defining the If-match Clause of a Route Policy

This topic describes how to define the if-match clause of a route policy. The if-match clause defines the matching rules, namely the preconditions for routes to pass the current route policy, based on the attributes of the routes.
l l
By default, no match action is taken. The relationship between two if-match clauses of a node is "and". The match test can be considered as pass-through only when all if-match clauses of a node are met. The apply clause specifies the action to be taken when node match test is conducted. If no if-match clause is specified, all routes can pass through the node.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration mode. Step 2 Run the if-match ip command to set the filtering criteria of routing information. Step 3 Run the display route-policy command to query the configuration information. ----End
Example
To set filtering the address prefix list p1 of destination address of route, do as follows:
huawei(config)#route-policy 1 permit node 1 huawei(config-route-policy)#if-match ip next-hop ip-prefix p1 huawei(config-route-policy)#quit huawei(config)#display route-policy { <cr>|string<S><1,19> }:1 Command: display route-policy 1 Route-policy : 1 permit : 1 Match clauses : if-match ip-prefix p1
Related Operation
Table 11-25 lists the related operation for defining the route policy matching rule. Table 11-25 Related operation for defining the route policy matching rule To... Delete the route policy matching rule Run the Command... undo if-match ip
11.9.3 Defining the Apply Clause of a Route Policy

This topic describes how to define the apply clause of a route policy.
l
The apply clause specifies the commands to be used for modifying the attributes of the routes when if-match clauses are met. By default, no setting is available.
Procedure
Step 1 Run the route-policy command to create a route policy and enter route policy configuration mode. Step 2 Run the if-match command to set the filtering criteria of routing information. Step 3 Run the apply tag command to set the tag of the route information. Step 4 Run the display route-policy command to query the configured route policy. ----End
Example
To set the routing information tag of the filtered route as 100, do as follows:
huawei(config)#route-policy 1 permit node 1 huawei(config-route-policy)#if-match ip-prefix p1 huawei(config-route-policy)#apply tag 100 huawei(config-route-policy)#quit huawei(config)#display route-policy { <cr>|string<S><1,19> }:1 Command: display route-policy 1 Route-policy : 1 permit : 1 Match clauses : if-match ip-prefix p1 Apply clauses : apply tag 100
Related Operation
Table 11-26 lists the related operation for modifying the attributes of the filtered route. Table 11-26 Related operation for modifying the attributes of the filtered route To... Cancel the modification of the attributes of the filtered route Run the Command... undo apply
Issue 02 (2008-04-25)
11-35
11.10 Enabling the Transparent Transmission function of the RIP Packet Based on the VLAN
This topic describes how to enable the transparent transmission function of the RIP packet based on the VLAN. When you want to transmit the RIP packet in a VLAN transparently, enable this function.
By default, the function is disabled.
Procedure
Step 1 Run the rip tunnel command to enable the transparent transmission function of the RIP packet based on the VLAN. Step 2 Run the display rip tunnel command to query the status of the function. ----End
Example
To enable the transparent transmission function of the RIP packet based on VLAN 10, do as follows:
huawei(config)#rip tunnel enable vlan 10 huawei(config)#display rip tunnel vlan 10 rip tunnel is enable
11-36
Issue 02 (2008-04-25)
12 OSPF Routing Protocol Configuration
12
OSPF Routing Protocol Configuration
About This Chapter

This topic describes how to configure the OSPF routing protocol supported by the MA5600T.
NOTE
12.1 Overview This topic describes the Open Shortest Path First (OSPF) routing protocol and its application on the MA5600T. 12.2 Configuration Example of OSPF This topic provides an example for configuring OSPF on the MA5600T. 12.3 Configuring OSPF This topic describes how to configure OSPF. 12.4 Controlling the OSPF Routing Information This topic describes how to control the OSPF routing information, including transmitting aggregation routes, filtering received routes, and importing external routes. 12.5 Adjusting and Optimizing OSPF This topic describes how to adjust and optimize the OSPF configuration to improve the OSPF network performance.
Issue 02 (2008-04-25)
12-1
12.1 Overview
This topic describes the Open Shortest Path First (OSPF) routing protocol and its application on the MA5600T.
Service Description
OSPF is a dynamic routing protocol based on the link state algorithm such as the Shortest Path First (SPF) algorithm. OSPF is an interior gateway protocol (IGP), which is used to divide the network of an Autonomous System (AS) into different tiers of areas for management, thus decreasing the number of OSPF packets, and accelerating the convergence of the network. OSPF applies to the networks of various scales, and supports up to hundreds of routers in a network.
12.2 Configuration Example of OSPF

This topic provides an example for configuring OSPF on the MA5600T.
Networking
Figure 12-1 shows an example network for configuring OSPF. In this example network, OSPF is enabled on the four MA5600Ts. Besides, MA5600T_A is configured with the highest designated router (DR) priority, MA5600T_C is configured with the second highest DR priority, and MA5600T_A realizes the broadcast of network link status for the DR. Figure 12-1 Example network for configuring OSPF
MA5600T_ A DR 192.1.1.1/24 192.1.1.2/24 192.1.1.4/24 192.1.1.3/24 BDR MA5600T_B 2.2.2.2 MA5600T_C 3.3.3.3 1.1.1.1 MA5600T_D 4.4.4.4
Data Plan
Table 12-1 provides the data plan for configuring OSPF.
Table 12-1 Data plan for configuring OSPF Item MA5600T_A Data IP address of the L3 interface: 192.1.1.1/24 Priority: 100 VLAN ID: 2 Router ID: 1.1.1.1 MA5600T_B IP address of the L3 interface: 192.1.1.2/24 Priority: 80 VLAN ID: 2 Router ID: 2.2.2.2 MA5600T_C IP address of the L3 interface: 192.1.1.3/24 Priority: 90 VLAN ID: 2 Router ID: 3.3.3.3 MA5600T_D IP address of the L3 interface: 192.1.1.4/24 Priority: not configured VLAN ID: 2 Router ID: 4.4.4.4 Remarks Default: 1 -
l
The native VLAN of each interface of the MA5600T must be configured to ensure a normal communication. The OSPF area IDs of the MA5600T devices must be consistent.
Figure 12-2 shows the flowchart for configuring OSPF.
Issue 02 (2008-04-25)
12-3
Figure 12-2 Flowchart for configuring OSPF

Start Configure the IP address of the layer 3 interface Configure the OSPF router ID Enable OSPF
Configure the OSPF priority
Save the data
End
NOTE
The procedure shown in the preceding flowchart is for configuring OSPF on one MA5600T. To configure OSFP on multiple MA5600T devices, repeat the procedure.
Procedure
Step 1 Configure MA5600T_A. 1. Configure the IP address of the L3 interface.
huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 192.1.1.1 24 huawei(config-if-vlanif2)#quit
2. 3.
Configure the OSPF Router ID.

Enable OSPF.
huawei(config)#ospf huawei(config-ospf-1)#area 0 huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#network 1.1.1.1 0.0.0.0 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
4.
Configure the OSPF priority.

huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf dr-priority 100 huawei(config-if-vlanif2)#quit
5.
Save the data.

huawei(config)#save
Step 2 Configure MA5600T_B.

1.
Configure the IP address of the L3 interface.

huawei(config)#vlan 2 mux huawei(config)#port vlan 2 0/9 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 192.1.1.2 24 huawei(config-if-vlanif2)#quit
2. 3.

Enable OSPF.
4.

5.
Save the data.

huawei(config)#save
Step 3 Configure MA5600T_C. 1. Configure the IP address of the L3 interface.

2. 3.

Enable OSPF.
4.

5.
Save the data.

huawei(config)#save
Step 4 Configure MA5600T_D. 1. Configure the IP address of the L3 interface.

2. 3.

Enable OSPF.
huawei(config)#ospf huawei(config-ospf-1)#area 0
Issue 02 (2008-04-25)
12-5
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255 huawei(config-ospf-1-area-0.0.0.0)#network 4.4.4.4 0.0.0.0 huawei(config-ospf-1-area-0.0.0.0)#quit huawei(config-ospf-1)#quit
4.
Save the data.

huawei#save
----End
Result
Run the display ip routing-table command and you can find the learnt route table. Hosts can communicate with each other.
12.3 Configuring OSPF

This topic describes how to configure OSPF. 12.3.1 Enabling the OSPF Process This topic describes how to enable the OSPF process. 12.3.2 Configuring the DR Priority This topic describes how to configure the DR priority. To reduce the OSPF packet traffic in the network segment, a router is specified as the DR and another router is specified as the BDR according to the interface DR priority. 12.3.3 Setting an OSPF Router ID This topic describes how to configure the ID for a router. 12.3.4 Disabling the OSPF Packet Transmission on an Interface This topic describes how to prohibit an interface from transmitting OSPF packets to enhance the network adaptability of OSPF and reduce the consumption of system resources. 12.3.5 Entering OSPF Area Config Mode This topic describes how to enter OSPF area config mode. 12.3.6 Configuring the Subnets for an Area This topic describes how to configure the interface running OSPF and the area of the interface. 12.3.7 Configuring the OSPF Stub Area This topic describes how to configure an area as an OSPF Stub area and set its attributes. The Stub area is a non-backbone area with one ABR at the edge of the autonomous system. The ABR of the Stub area does not transmit the external routes of the autonomous system, thus greatly decreasing the route information transmission and the size of the route tables of routers in this area. 12.3.8 Configuring an NBMA Adjacent Router This topic describes how to manually configure a router adjacent to the NBMA interface. Because the adjacent router cannot be found dynamically through broadcasting the Hello packet in the NBMA network, the adjacent router must be specified manually. 12.3.9 Enabling the OSPF Logging Function This topic describes how to enable the OSPF logging function. 12.3.10 Configuring the Network Type on an OSPF Interface This topic describes how to configure the network type for an OSPF interface.
12.3.11 Configuring the MTU of the DD Packet This topic describes how to configure the MTU of the DD packet.
12.3.1 Enabling the OSPF Process

This topic describes how to enable the OSPF process.
l l
By default, OSPF is disabled. To configure the related parameters, enable OSPF first.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the display ospf command to query the OSPF process. ----End
Example
To enable OSPF process 1, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#quit huawei(config)#display ospf brief OSPF Process 1 with Router ID 10.71.62.27 OSPF Protocol Information RouterID: 10.71.62.27 Border Router: Route Tag: 0 Multi-VPN-Instance is not enabled Spf-schedule-interval: 5 Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 0 RFC 1583 Compatible Retransmission limitation is disabled Area Count: 0 Nssa Area Count: 0 ExChange/Loading Neighbors: 0
Related Operation
Table 12-2 lists the related operation for enabling the OSPF process. Table 12-2 Related operation for enabling the OSPF process To... Disable OSPF Run the Command... undo ospf
Issue 02 (2008-04-25)
12-7
12.3.2 Configuring the DR Priority

This topic describes how to configure the DR priority. To reduce the OSPF packet traffic in the network segment, a router is specified as the DR and another router is specified as the BDR according to the interface DR priority.
l l
OSPF does not support the configuration of the DR priority for interface NULL. The DR is for broadcast or NBMA type interfaces. The interfaces of p2p, p2mp network type do not need DR election. Before this operation, the IP address of the L3 interface must be in an OSPF domain.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf dr-priority command to configure the DR priority. Step 3 Run the display ospf interface command to query the DR priority. ----End
Example
To configure the DR priority 8 for VLAN interface 2, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 192.1.1.1 24 huawei(config-if-vlanif2)#ospf dr-priority 8 huawei(config-if-vlanif2)#quit huawei(config)#display ospf interface vlanif 2 OSPF Process 1 with Router ID 192.168.1.1 Interfaces Interface: 192.1.1.1 (vlanif2) Cost: 1 State: Down Type: Broadcast MTU: 1500 Priority: 8 Designated Router: 0.0.0.0 Backup Designated Router: 0.0.0.0 Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
12.3.3 Setting an OSPF Router ID

This topic describes how to configure the ID for a router.
A router ID is a 32-bit unsigned integer, which uniquely identifies a router in the AS.
Procedure
Step 1 (Optional) Run the ospf router-id command to set an OSPF router ID.
NOTE
If this operation is omitted, the router ID configured by running the router id command in global config mode is used as the OSPF router ID.
12-8
Issue 02 (2008-04-25)
Step 2 Run the display ospf brief command to query the configured OSPF router ID. ----End
Example
To set the ID of a router as 192.168.1.1, do as follows:
huawei(config)#ospf router-id 192.168.1.1 Warning: OSPF The new router id will be activated only after Reset Ospf Process huawei(config-ospf-1)#quit huawei(config)#reset ospf 1 process huawei(config)#display ospf brief OSPF Process 1 with Router ID 192.168.1.1 OSPF Protocol Information RouterID: 192.168.1.1 Border Router: Route Tag: 0 Multi-VPN-Instance is not enabled Spf-schedule-interval: 5 Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 0 RFC 1583 Compatible Retransmission limitation is disabled Area Count: 0 Nssa Area Count: 0 ExChange/Loading Neighbors: 0
Related Operation
Table 12-3 lists the related operation for setting an OSPF router ID. Table 12-3 Related operation for setting an OSPF router ID To... Disable the OSPF process Run the Command... undo ospf
12.3.4 Disabling the OSPF Packet Transmission on an Interface

This topic describes how to prohibit an interface from transmitting OSPF packets to enhance the network adaptability of OSPF and reduce the consumption of system resources.
After the transmission is disabled on an interface, the interface should be in silent state. The interface can still advertise its direct route. However, the OSPF Hello packets of the interface are blocked, and no adjacency can be set up on the interface.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the silent-interface command to prohibit an interface from transmitting OSPF packets. ----End
Example
To prohibit VLAN interface 7 from transmitting OSPF packets, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#silent-interface vlanif 7
Related Operation
Table 12-4 lists the related operation for prohibiting an interface from transmitting OSPF packets. Table 12-4 Related operation for prohibiting an interface from transmitting OSPF packets To... Allow an interface to send OSPF packets Run the Command... undo silent-interface Remarks By default, the system allows an interface to send OSPF packets.
12.3.5 Entering OSPF Area Config Mode

This topic describes how to enter OSPF area config mode.
l
OSPF further divides the AS into different areas. Routing information is transmitted between the areas through the ABRs which are located at the boarders of the areas. This helps to reduce the number of OSPF packets in the network, thus improving the performance of OSPF. If the specified area does not exist, the system first creates the area and then enters area config mode. An area ID can be set in the form of an integer or an IP address, but it is displayed only in the form of an IP address. If an area ID is an integer, the MA5600T automatically converts the integer into an IP address.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the area command to add an area and enter the configuration mode of the area. ----End
Example
To create area 1 and enter area config mode, do as follows:
huawei(config)#ospf 100 huawei(config-ospf-100)#area 1 huawei(config-ospf-100-area-0.0.0.1)#
12-10
Issue 02 (2008-04-25)
Related Operation
Table 12-5 lists the related operation for entering OSPF area config mode. Table 12-5 Related operation for entering OSPF area config mode To... Delete an area Run the Command... undo area
12.3.6 Configuring the Subnets for an Area

This topic describes how to configure the interface running OSPF and the area of the interface.
Wildcard-mask in the network command is the reverse of the IP address, that is, the mask of the IP address is reserved (0 changed to 1 and 1 changed to 0). "1" indicates the digit in the IP address is omitted and "0" indicates that the digit must be reserved.
Procedure
Step 1 Run the ospf command to start the OSPF progress. Step 2 Run the area command to add an area and enter the configuration mode of the area. Step 3 Run the network command to configure the interface running OSPF and the area the interface belongs to. ----End
Example
To configure the subnet 192.1.1.0 for the interface running OSPF, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#area 1 huawei(config-ospf-1-area-0.0.0.2)#network 192.1.1.0 0.0.0.255
Related Operation
Table 12-6 lists the related operation for configuring the subnets for an area. Table 12-6 Related operation for configuring the subnets for an area To... Delete the interface running OSPF Run the Command... undo network
12.3.7 Configuring the OSPF Stub Area

This topic describes how to configure an area as an OSPF Stub area and set its attributes. The Stub area is a non-backbone area with one ABR at the edge of the autonomous system. The ABR
of the Stub area does not transmit the external routes of the autonomous system, thus greatly decreasing the route information transmission and the size of the route tables of routers in this area.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the area command to add an area and enter the configuration mode of the area. Step 3 Run the stub command to configure the OSPF stub area. ----End
Example
To configure OSPF area 1 as a Stub area, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#area 1 huawei(config-ospf-1-area-0.0.0.1)#stub
Related Operations
Table 12-7 lists the related operations for configuring a Stub area. Table 12-7 Related operations for configuring a Stub area To... Delete a Stub area Configure a Stub router Run the Command... undo stub (undo)stub-router
12.3.8 Configuring an NBMA Adjacent Router

This topic describes how to manually configure a router adjacent to the NBMA interface. Because the adjacent router cannot be found dynamically through broadcasting the Hello packet in the NBMA network, the adjacent router must be specified manually.
l l
By default, the preference for NBMA interface adjacent router is 1. Up to 128 adjacent routers can be configured in a process.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the peer command to configure an NBMA adjacent router. ----End
Example
To configure the IP address of the NBMA adjacent router as 1.1.1.1 and specify the DR priority as 120, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#peer 1.1.1.1 dr-priority 120
Related Operation
Table 12-8 lists the related operation for configuring an NBMA adjacent router. Table 12-8 Related operation for configuring an NBMA adjacent router To... Cancel the configuration of the NBMA adjacent router Run the Command... undo peer
12.3.9 Enabling the OSPF Logging Function

This topic describes how to enable the OSPF logging function.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the enable log command to query log information. ----End
Example
To enable the logging function of OSPF, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#enable log config
Related Operation
Table 12-9 lists the related operation for enabling the OSPF logging function. Table 12-9 Related operation for enabling the OSPF logging function To... Disable the logging function of OSPF Run the Command... undo enable log
12.3.10 Configuring the Network Type on an OSPF Interface

This topic describes how to configure the network type for an OSPF interface.
OSPF divides networks into four types. By default, the network type of an interface is determined by the physical interface. For details, see Table 12-10. Table 12-10 Description of the network types Network type Broadcast NBMA Description The default network type. Non-Broadcast Multi-Access. This type of network is fully connected, non-broadcast and multi-access. The ATM network is of this type. Point-to-Multipoint Point-to-Point Default The default network type of an Ethernet port is broadcast. The default network type of an ATM interface is NBMA. The default network type of a serial port is P2P.
p2mp p2p
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf network-type command to configure the network type. ----End
Example
Assume that the Ethernet port 0/9/0 is in VLAN 2, to configure the network type of the port 0/9/0 as P2P, do as follows:
huawei(config)#interface vlanif 2 huawei(config-vlanif-2)#ospf network-type p2p
Related Operation
Table 12-11 lists the related operation for configuring the network type on an OSPF interface. Table 12-11 Related operation for configuring the network type on an OSPF interface To... Restore the default network type of the OSPF interface Run the Command... undo ospf network-type
12-14
Issue 02 (2008-04-25)
12.3.11 Configuring the MTU of the DD Packet

This topic describes how to configure the MTU of the DD packet.
l
After the adjacency is set up between two routers, the routers begin to transmit DD packets to each other to exchange the owned routing information. By default, the interface does not fill in the MTU field while transmitting DD packets. In other words, the MTU field in the DD packets is 0.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf mtu-enable command to configure the MTU of the DD packet. ----End
Example
To configure VLAN interface 2 to fill in the MTU field when transmitting DD packet, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf mtu-enable
Related Operation
Table 12-12 lists the related operation for configuring the MTU of the DD packet. Table 12-12 Related operation for configuring the MTU of the DD packet To... Restore the default setting for the interface when transmitting DD packets Run the Command... undo ospf mtu-enable
12.4 Controlling the OSPF Routing Information

This topic describes how to control the OSPF routing information, including transmitting aggregation routes, filtering received routes, and importing external routes. 12.4.1 Setting the OSPF Preference This topic describes how to set the OSPF preference. Multiple dynamic routing protocols can run on one router at the same time. Due to this reason, the problem of route sharing and routing protocol selection occurs. The system defines a preference for each routing protocol. When different routes are found by different protocols to the same destination, the route found by the routing protocol with the highest preference functions as the current effective route. 12.4.2 Configuring the Maximum OSPF Route Count This topic describes how to configure the maximum OSPF route count. 12.4.3 Configuring the OSPF Packet Authentication
This topic describes how to configure the OSPF packet authentication. 12.4.4 Configuring the OSPF Cost This topic describes how to configure the cost of the interface running OSPF. 12.4.5 Configuring the Route Summarization Between Areas This topic describes how to configure the route summarization between areas. Route summarization means that the ABR summarizes all routes with the same prefix to a route entry, and then send it to other areas to reduce the broadcast routing information. 12.4.6 Configuring the Aggregation of Routes Imported by OSPF This topic describes how to configure the aggregation of routes imported by OSPF. 12.4.7 Importing Routes from Other Protocols into OSPF This topic describes how to import routes from other protocols into OSPF. 12.4.8 Setting the Default Parameters of OSPF Imported Routes This topic describes how to set the default parameters of OSPF imported routes.
12.4.1 Setting the OSPF Preference

This topic describes how to set the OSPF preference. Multiple dynamic routing protocols can run on one router at the same time. Due to this reason, the problem of route sharing and routing protocol selection occurs. The system defines a preference for each routing protocol. When different routes are found by different protocols to the same destination, the route found by the routing protocol with the highest preference functions as the current effective route.
l l
The OSPF preference ranges from 1 to 255. By default, it is 10.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the preference command to set OSPF preference. Step 3 Run the display ospf brief command to query the OSPF preference. ----End
Example
To set the OSPF preference to 12, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#preference 12 huawei(config-ospf-1)#quit huawei(config)#display ospf brief OSPF Process 1 with Router ID 192.0.2.3 OSPF Protocol Information RouterID: 192.0.2.3 Border Router: Route Tag: 0 Multi-VPN-Instance is not enabled Applications Supported: MPLS Traffic-Engineering Spf-schedule-interval: 5 Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 12
12-16
Issue 02 (2008-04-25)

ASE Route Preference: 150 SPF Computation Count: 2 Retransmission limitation is disabled Area Count: 0 Nssa Area Count: 0 ExChange/Loading Neighbors: 0
Related Operation
Table 12-13 lists the related operation for setting the OSPF preference. Table 12-13 Related operation for setting the OSPF preference To... Restore the default OSPF preference Run the Command... undo preference
12.4.2 Configuring the Maximum OSPF Route Count

This topic describes how to configure the maximum OSPF route count.
The default maximum route count is:
l l l
Intra-area routes: 10000 Inter-area routes: 10000 External routes: 10000
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the maximum-routes command to configure the maximum OSPF route count. ----End
Example
To configure the maximum count of OSPF routes as 500, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#maximum-routes intra 500
Related Operation
Table 12-14 lists the related operation for configuring the maximum OSPF route count. Table 12-14 Related operation for configuring the maximum OSPF route count To... Restore the default setting
Issue 02 (2008-04-25)
Run the Command... undo maximum-routes

12-17
12.4.3 Configuring the OSPF Packet Authentication

This topic describes how to configure the OSPF packet authentication.
l
OSPF supports plain text authentication or MD5/HMAC-MD5 encrypted text authentication for adjacent routes to transmit OSPF packets. By default, the interface is not configured with any authentication mode.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf authentication-mode command to configure OSPF packet authentication. ----End
Example
To configure the OSPF authentication as plain text authentication and the authentication password as "huawei", do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf authentication-mode simple huawei
Related Operation
Table 12-15 lists the related operation for configuring the OSPF packet authentication. Table 12-15 Related operation for configuring the OSPF packet authentication To... Delete the configured authentication mode and key Run the Command... undo ospf authentication-mode
12.4.4 Configuring the OSPF Cost

This topic describes how to configure the cost of the interface running OSPF.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf cost command to configure the cost of the interface running OSPF. ----End
Example
To configure the cost of the interface running OSPF as 5, do as follows:
huawei(config)#interface vlanif 2 huawei(config-vlanif2)#ospf cost 5
Related Operation
Table 12-16 lists the related operation for configuring the OSPF cost. Table 12-16 Related operation for configuring the OSPF cost To... Restore the default cost Run the Command... undo ospf cost Remarks By default, the system calculates the cost needed for the interface running OSPF according to the current baud rate of the interface.
12.4.5 Configuring the Route Summarization Between Areas

This topic describes how to configure the route summarization between areas. Route summarization means that the ABR summarizes all routes with the same prefix to a route entry, and then send it to other areas to reduce the broadcast routing information.
l l l
By default, the ABR does not summarize routes between areas. One area can be configured with multiple summarization network segments. The route summarization is valid when configured on an ABR.
Procedure
Step 1 Run the ospf command to start the OSPF progress. Step 2 Run the area command to add an area and enter the configuration mode of the area. Step 3 Run the network command to configure the interface running OSPF protocol and the area the interface belongs to. Step 4 Run the abr-summary command to configure route summarization between areas. ----End
Example
To summarize the routes in the two network segments of 20.20.10.0 and 20.20.20.0 in OSPF area as one route entry 20.20.0.0 and send it to other areas, do as follows:
huawei(config)#ospf 100 huawei(config-ospf-100)#area 1 huawei(config-ospf-100-area-0.0.0.1)#network 20.20.10.0 0.0.0.255 huawei(config-ospf-100-area-0.0.0.1)#network 20.20.20.0 0.0.0.255
Issue 02 (2008-04-25)
12-19
huawei(config-ospf-100-area-0.0.0.1#abr-summary 20.20.0.0 255.255.0.0
Related Operation
Table 12-17 lists the related operation for configuring the route summarization between areas. Table 12-17 Related operation for configuring the route summarization between areas To... Disable the route summarization between areas Run the Command... undo abr-summary
12.4.6 Configuring the Aggregation of Routes Imported by OSPF

This topic describes how to configure the aggregation of routes imported by OSPF.
OSPF supports the aggregation of imported routes. By default, the aggregation of imported routes is disabled.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the asbr-summary command to configure the aggregation of routes with the same prefix. ----End
Example
To enable the aggregation of routes with the same prefix of 10.2, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#asbr-summary 10.2.0.0 255.255.0.0
Related Operation
Table 12-18 lists the related operation for configuring the aggregation of routes imported by OSPF. Table 12-18 Related operation for configuring the aggregation of routes imported by OSPF To... Disable the aggregation of routes imported by OSPF Run the Command... undo asbr-summary
12-20
Issue 02 (2008-04-25)
12.4.7 Importing Routes from Other Protocols into OSPF

This topic describes how to import routes from other protocols into OSPF.
l
OSPF processes the routes found by other routing protocols to be processed as routes outside the AS. The protocol types of routes that OSPF can import are RIP routes, direct routes and static routes. By default, importing routes from other protocols by OSPF is disabled.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the import-route rip command to import routes from other protocols into OSPF. ----End
Example
To specify the imported RIP route as Type 2 external route, the route tag as 33, and the metric as 50, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#import-route rip 40 type 2 tag 33 cost 50
Related Operation
Table 12-19 lists the related operation for importing routes from other protocols into OSPF. Table 12-19 Related operation for importing routes from other protocols into OSPF To... Cancel the imported route from other protocols Run the Command... undo import-route rip
12.4.8 Setting the Default Parameters of OSPF Imported Routes

This topic describes how to set the default parameters of OSPF imported routes.
The default settings are:
l l l l
Cost: 10 The type of imported route: Type-2 The upper limit of the imported external routes: 1000 at a time The tag value: 10
Issue 02 (2008-04-25)
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the default command to set the default parameters for OSPF to import external routes. ----End
Example
l l l l
The upper limit of the default imported external routes: 100 The default cost for OSPF to accept external routes: 8 The default tag for OSPF to accept external routes: 8 The default type of imported routes: Type-1
To set the OSPF imported routes, do as follows:

huawei(config)#ospf 100 huawei(config-ospf-100)#default cost 8 type 1 tag 8 limit 100
Related Operations
Table 12-20 lists related operations for setting parameters for OSPF to import external routes. Table 12-20 Related operations for setting parameters for OSPF to import external routes To... Restore the default upper limit for OSPF to import external routes each time Restore the default cost for OSPF to import external routes Restore the default tag when OSPF imports external routes Restore the default type of the external routes to be imported Run the Command... undo default limit undo default cost undo default tag undo default type
12.5 Adjusting and Optimizing OSPF

This topic describes how to adjust and optimize the OSPF configuration to improve the OSPF network performance. 12.5.1 Setting the Interval for Sending the Hello Packets This topic describes how to set the interval for sending Hello packets. The OSPF router transmits Hello packets periodically to find the adjacent router, to maintain adjacency and elect the DR and BDR. 12.5.2 Setting the Dead Time Between Adjacent Routers
This topic describes how to set the dead time between adjacent routers. If a router fails to receive any Hello packet from an adjacent router for a certain period, it considers the adjacent router as unavailable. This period is called the dead time between adjacent routers. 12.5.3 Setting the Hello Packet Poll Interval This topic describes how to set the Hello packet poll interval. 12.5.4 Setting the LSA Transmit Delay This topic describes how to set the LSA transmit delay. 12.5.5 Setting the LSA Retransmit Interval between Adjacent Routers This topic describes how to set the LSA retransmit interval between adjacent routers. 12.5.6 Setting the SPF Calculation Interval for OSPF This topic describes how to set the SPF calculation interval for OSPF.
12.5.1 Setting the Interval for Sending the Hello Packets

This topic describes how to set the interval for sending Hello packets. The OSPF router transmits Hello packets periodically to find the adjacent router, to maintain adjacency and elect the DR and BDR.
l
By default, Hello interval of the P2P, P2MP and broadcast interfaces is 10s and that of the NBMA interface is 30s. The intervals for sending Hello packets of network neighbors should be consistent with each other. The interval for sending Hello packets should be in inverse proportion of route convergence speed and network load. After the network type of the interface is modified, the interval for sending Hello packets restores the default value.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf timer hello command to set the interval for sending Hello packets. ----End
Example
To set the interval for sending OSPF Hello packet to 15s, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf timer hello 15
Related Operation
Table 12-21 lists the related operation for setting the interval for sending Hello packets.
Issue 02 (2008-04-25)
12-23
Table 12-21 Related operation for setting the interval for sending Hello packets To... Restore the default interval for sending Hello packets Run the Command... undo ospf timer hello
12.5.2 Setting the Dead Time Between Adjacent Routers

This topic describes how to set the dead time between adjacent routers. If a router fails to receive any Hello packet from an adjacent router for a certain period, it considers the adjacent router as unavailable. This period is called the dead time between adjacent routers.
l
By default, the dead time between adjacent routers on the P2P, P2MP and broadcast interfaces is 40s and that on the NBMA (non-broadcast) interface is 120s. The value of dead seconds must be 4 times that of hello seconds at least. After the network type of the interface is modified, the dead time is restored to the default value.
l l
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf timer dead command to set the dead time of adjacent routers. ----End
Example
To set the dead time of adjacent routers to 60s, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf timer dead 60
Related Operation
Table 12-22 lists the related operation for setting the dead time between adjacent routers. Table 12-22 Related operation for setting the dead time between adjacent routers To... Restore the default dead time Run the Command... undo ospf timer dead
12.5.3 Setting the Hello Packet Poll Interval

This topic describes how to set the Hello packet poll interval.
l
In the NBMA network, after the adjacent router fails, a router transmits Hello packet to the failed router periodically with the Hello packet poll interval. The Hello packet poll interval shall at least four times the interval for sending Hello packets. By default, the Hello packet poll interval is 120s.
l l
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf timer poll command to set the Hello packet poll interval. ----End
Example
To set the Hello packet poll interval to 60s, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf timer poll 60
Related Operation
Table 12-23 lists the related operation for setting the Hello packet poll interval. Table 12-23 Related operation for setting the Hello packet poll interval To... Restore the default poll interval Run the Command... undo ospf timer poll
12.5.4 Setting the LSA Transmit Delay

This topic describes how to set the LSA transmit delay.
l
The Link State Advertise (LSA) describes the interface state and the adjacency state of a router. An LSA gets aged when it is saved in the LSDB of the local router. However, an LSA does not get aged in the transmission process. Before an LSA is transmitted by an interface, you must configure the delay for the interface to transmit the LSA according to the transmission condition of the network, especially for a low speed network. Besides, you must add the delay to the aging time for the LSA during the transmission process. This configuration is to ensure the LSA validity. By default, the LSA transmit delay is 1s.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode.
Step 2 Run the ospf trans-delay command to set the LSA transmit delay. ----End
Example
To set LSA transmit delay as 10s, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf trans-delay 10
Related Operation
Table 12-24 lists the related operation for setting the LSA transmit delay. Table 12-24 Related operation for setting the LSA transmit delay To... Restore the default LSA transmit delay Run the Command... undo ospf trans-delay
12.5.5 Setting the LSA Retransmit Interval between Adjacent Routers

This topic describes how to set the LSA retransmit interval between adjacent routers.
l
When a router sends an LSA to its neighbors, it shall wait for an ACK from them. If no ACK is received from the neighbors within the retransmit interval, this LSA should be resent. A very small LSA retransmit interval on an interface may lead to unnecessary retransmission. A very large LSA retransmit interval affects the flooding speed in case of packet loss. By default, the LSA retransmit interval between adjacent routers is 5s.
Procedure
Step 1 Run the interface vlanif command to enter VALN interface mode. Step 2 Run the ospf timer retransmit command to set the LSA retransmit interval. ----End
Example
To set the LSA retransmit interval to 8s, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ospf timer retransmit 8
12-26
Issue 02 (2008-04-25)
Related Operation
Table 12-25 lists the related operation for setting the LSA retransmit interval between adjacent routers. Table 12-25 Related operation for setting LSA retransmit interval between adjacent routers To... Restore the default LSA retransmit interval between adjacent routers Run the Command... undo ospf timer retransmit
12.5.6 Setting the SPF Calculation Interval for OSPF

This topic describes how to set the SPF calculation interval for OSPF.
l l
Whenever the LSDB of OSPF changes, the SPF should be recalculated. Calculating the shortest path upon any change consumes vast amounts of resources and affects the operation efficiency of the router. Adjusting the SPF calculation interval, however, can restrain the resource consumption due to frequent network changes. By default, the interval of SPF recalculation is 5s.
Procedure
Step 1 Run the ospf command to enable the OSPF process. Step 2 Run the spf-schedule-interval command to set the SPF calculation interval for OSPF. ----End
Example
To set the interval of SPF recalculation to 10s, do as follows:
huawei(config)#ospf 1 huawei(config-ospf-1)#spf-schedule-interval 10
Related Operation
Table 12-26 lists the related operation for setting the SPF calculation interval for OSPF. Table 12-26 Related operation for setting the SPF calculation interval for OSPF To... Restore the default SPF calculation interval Run the Command... undo spf-schedule-interval
Issue 02 (2008-04-25)
12-27
13 IS-IS Routing Protocol Configuration
13
IS-IS Routing Protocol Configuration
About This Chapter

This topic describes how to configure the IS-IS routing protocol supported by the MA5600T.
NOTE
13.1 Overview This topic describes the Intermediate System-to-Intermediate System (IS-IS) routing protocol and its application on the MA5600T. 13.2 Configuration Example of IS-IS This operation enables the corresponding device configured data to run the IS-IS protocol on the MA5600T. 13.3 Configuring IS-IS This topic describes how to configure IS-IS. Before configuring or validating other functions related to IS-IS, you must start the IS-IS process, specify the NET, and then enable IS-IS on the specified port. 13.4 Controlling the IS-IS Routing Information This topic describes how to control the IS-IS routing information, including advertising aggregated routes, filtering received routes, and importing external routes. It also describes how to modify the attributes of a route such as its priority and cost. Based on the methods described in this topic, you can control the propagation of the IS-IS routing information in the AS. 13.5 Adjusting and Optimizing IS-IS This topic describes how to adjust and optimize the configurations of an IS-IS network, including modifying the network type of an interface, adjusting the IS-IS protocol parameters, and configuring the IS-IS verification function.
Issue 02 (2008-04-25)
13-1
13.1 Overview
This topic describes the Intermediate System-to-Intermediate System (IS-IS) routing protocol and its application on the MA5600T.
Service Description
IS-IS is a dynamic routing protocol based on the link state algorithm. IS-IS belongs to the Interior Gateway Protocols (IGPs). It is used to create two-level hierarchical network topologies, namely Level-1 areas and Level-2 areas, by dividing areas within the AS. Level-1 routers manage the intra-area routes, and Level-2 routers manage the inter-area routes. The border router that belongs to the Level-1 area and the Level-2 area is a Level-1-2 router. In this way, a large-scale routing network is supported, and the bandwidth occupied by the IS-IS packets is decreased. Figure 13-1 shows the IS-IS network topology. Figure 13-1 IS-IS network topology
Level-1 Area
Level-2 Backbone Level-1 Area
Level-1 Area
The MA5600T acts as an MSAN. When the MA5600T supports the IS-IS protocol, it always runs in the Level-1 area as an Intermediate System (IS).
Related Concepts
l
IS: It is the basic unit used for generating routes and transmitting routing information in the IS-IS application. The function of an IS is similar to that of a router in the TCP/IP application. When enabled with the IS-IS protocol, the MA5600T can act as an IS. End system (ES): It is not involved in the processing of the IS-IS protocol. The function of an ES is similar to that of a host system in the TCP/IP application. Routing domain (RD): In an RD, a group of ISs exchange routing information by adopting the same routing protocol. Area: It is the division unit of a routing domain.
13-2

l
Link state database (LSDB): It contains the information on the states of all the links in a network. Each IS has a minimum of one LSDB. An IS generates its own routes through the link state SPF algorithm by using the LSDB. Link state protocol data unit (LSP): In the IS-IS application, each IS generates LSP. The LSP contains information on the states of all the links of the IS. Each IS collects all LSPs within an area and generates its own LSDB by exchanging LSP packets. Network protocol data unit (NPDU): It indicates the protocol packets at the network layer in the ISO. The function of NPDU packets is similar to that of the IP packets in the TCP/ IP application. Designated IS (DIS): It is an elected router in a broadcast network. The function of a DIS is similar to that of a DR in the OSPF application. Network service access point (NSAP): It indicates the address of the network layer in the ISO. The function of an NSAP address is similar to that of an IP address in the TCP/IP application.
13.2 Configuration Example of IS-IS

This operation enables the corresponding device configured data to run the IS-IS protocol on the MA5600T.
Networking
Figure 13-2 shows an example network for configuring IS-IS on the MA5600T. In this example network, the MA5600T forwards the access VoIP service through the L3 interface to the NGN network. Then, the MA5600T obtains the routes of the NGN networking through the IS-IS protocol. The area ID of the Level-2 router differs from the area ID of the Level-1-2 router to which the Level-2 router connects. Figure 13-2 Example network for configuring IS-IS
Area 10 Level-1 RG VoIP Router1 Router2 NGN MA5600T Backbone Level-2
Phone
DHCP Server
Data Plan
Table 13-1 provides the data plan for configuring IS-IS. Table 13-1 Data plan for configuring IS-IS Item MA5600T
Issue 02 (2008-04-25)
Data IS-IS process ID: 1

Item
Data NET: 10.0000.0000.0001.00, where:

l l l l
Area ID: 10 System ID: 0000.0000.0001 Level: Level-1 Host name: MA5600T
IS-IS interface:
l l l
Port number: 0/19/0 VLAN ID: 20 IP address: 192.15.24.5/16
Router1
IS-IS process ID: 1 NET: 10.0000.0000.0002.00, where:

l l l l
Area ID: 10 System ID: 0000.0000.0002 Level: Level-1 Host name: Router1
IS-IS interface: 1/0/0 IP address: 192.15.20.8/16 Router2 IS-IS process ID: 1 NET: 10.0000.0000.0005.00, where:
l l l l
Area ID: 10 System ID: 0000.0000.0005 Level: Level-1-2 Host name: Router2
IS-IS interface: 1/0/0 IP address: 192.15.18.5/16
NOTE
NET: Network entity title
Figure 13-3 shows the flowchart for configuring IS-IS.
13-4
Issue 02 (2008-04-25)
Figure 13-3 Flowchart for configuring IS-IS

Start
Configure the layer 3 interface
Start the IS-IS process
Configure the NET
Configure the router level
Configure the local host name (optional) Enable the IS-IS function on an interface Control the IS-IS routing information (optional) Adjust and optimize ISIS (optional)
End
Procedure
l Configure IS-IS on the MA5600T. 1. Configure the L3 interface.
huawei(config)#vlan 20 standard huawei(config)#port vlan 20 0/19 0 huawei(config)#interface vlanif 20 huawei(config-if-vlanif20)#ip address 192.15.24.5 16 huawei(config-if-vlanif20)#quit
2.
Start the IS-IS process.

huawei(config)#isis 1 huawei(config-isis-1)#
3. 4. 5.
Issue 02 (2008-04-25)
Configure the NET.

huawei(config-isis-1)#network-entity 10.0000.0000.0001.00
Configure the router level.

huawei(config-isis-1)#is-level level-1
Configure the local host name.

huawei(config-isis-1)#is-name MA5600T huawei(config-isis-1)#quit
6.
Enable the IS-IS function on an interface.

huawei(config)#interface vlanif 20 huawei(config-if-vlanif20)#isis enable 1
Configure IS-IS on Router1. The process of configuring IS-IS on Router1 is similar to that of configuring IS-IS on the MA5600T. The details are not provided in this chapter.
Configure IS-IS on Router2. The process of configuring IS-IS on Router2 is similar to that of configuring IS-IS on the MA5600T. The details are not provided in this chapter.
----End
Result
l l
Run the display isis lsdb command and you can query the IS-IS LSDB. Run the display isis route command and you can query the IS-IS route. The routing table of the Level-1 router should have a default route, and the next hop should be the Level-1-2 router. The Level-2 router should have the routes to all the Level-1 routers and the Level-2 routers.
13.3 Configuring IS-IS

This topic describes how to configure IS-IS. Before configuring or validating other functions related to IS-IS, you must start the IS-IS process, specify the NET, and then enable IS-IS on the specified port. 13.3.1 Enabling the IS-IS Process This topic describes how to create an IS-IS process and enter IS-IS mode of the process. If the specified IS-IS process already exists, the system enters IS-IS mode directly. 13.3.2 Configuring the Network Entity Title This topic describes how to configure the network entity title (NET) of the specified IS-IS process. 13.3.3 Configuring the Router Level This topic describes how to configure the router level. 13.3.4 Enabling the IS-IS Function on an Interface This topic describes how to enable the IS-IS function on a specified interface and starts the ISIS protocol.
13.3.1 Enabling the IS-IS Process

This topic describes how to create an IS-IS process and enter IS-IS mode of the process. If the specified IS-IS process already exists, the system enters IS-IS mode directly.
l l
You can configure the IS-IS process only in IS-IS mode. If the IS-IS process ID is not specified, the system creates IS-IS process 1 by default.
13-6

l
The IS-IS protocol be started only when an IS-IS process is created, and is activated on the interface that may have connection to other routers.
Prerequisite
The IP address of the interface on the MA5600T is configured, and the ping operation between the MA5600T and the adjacent router is successful.
Procedure
In global config mode, run the isis command to create an IS-IS process and enter IS-IS mode of the process. ----End
Example
To create IS-IS process 1 and enter IS-IS mode of process 1, do as follows:
huawei(config)#isis huawei(config-isis-1)#
Related Operation
Table 13-2 lists the related operation for enabling the IS-IS process. Table 13-2 Related operation for enabling the IS-IS process To... Delete the IS-IS process Run the Command... undo isis
13.3.2 Configuring the Network Entity Title

This topic describes how to configure the network entity title (NET) of the specified IS-IS process.
An NET defines the area address and the system ID of the current IS-IS. Figure 13-4 shows the architecture of the IS-IS network topology. Figure 13-4 IS-IS network topology
1-13byte 6byte 1byte
Area Address
System ID
SEL
Where:

l
Area Address An area address indicates the ID of an area. The area addresses must be unique in any two routing domains. In general, a router requires only one area address, and the area addresses of all nodes in an area must be the same. If a router needs to support the functions of an area, such as smooth merge, split, and conversion, multiple area addresses must be configured. The MA5600T supports up to three area addresses.
System ID A system ID is used to uniquely identify a router in an area. The length of an ID is always 48 bits (six bytes). In actual applications, a router ID is always mapped with a system ID. For example, if a router uses the IP address (168.10.1.1) of an L3 interface as the router ID, the system ID used by the router in the IS-IS can be converted in the following way: 1. 2. 3. Extend each segment of the IP address 168.10.1.1 to three bytes by adding 0 to the left of the segment Divide the extended address 168.010.001.001 into three segments. Each of these segments should consist of four bytes. The new address 1680.1000.1001 can be used as the system ID of the router.
NOTE
A system ID can be specified in different ways. It should uniquely identify a router in an area.
l
SEL The function of an SEL (also referred as NSAP Selector or N-SEL) is similar to that of a protocol identifier in the IP application. The SEL varies according to the transfer protocols. The SEL corresponding to the IP protocol is 00.
Because the foresaid address format definitely defines an area, the routing mode is simplified in this way:
l
The Level-1 router performs the routing in an area based on the system ID. Upon detecting that the destination address of the packets does not belong to its area, the Level-1 router forwards the packets to the nearest Level-1-2 router. The level-2 router performs the routing between different areas based on the area address.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the network-entity command to configure the NET. ----End
Example
To configure the NET of IS-IS process 1 as 10.0001.1010.1020.1030.00, where the area address is 10.0001, the system ID is 1010.1020.1030 and the SEL is 00, do as follows:
huawei(config)#isis huawei(config-isis-1)#network-entity 10.0001.1010.1020.1030.00
13-8
Issue 02 (2008-04-25)
Related Operation
Table 13-3 lists the related operation for configuring an NET. Table 13-3 Related operation for configuring an NET To... Delete an NET Run the Command... undo network-entity
13.3.3 Configuring the Router Level

This topic describes how to configure the router level.
The levels of a router are classified into Level-1, Level-2 and Level-1-2. The default router level of the MA5600T is Level-1-2.
l
Level-1 router A Level-1 router manages the intra-area routes, and has adjacencies only with other Level-1 routers and Level-1-2 routers in the same area. The Level-1 router maintains a Level-1 LSDB, which contains only the information on the routes of the local area. When the Level-1 router exchanges data with the routers in other areas, it forwards the data to the nearest Level-1-2 router.
Level-2 router A Level-2 router manages the inter-area routes, and has adjacencies with the Level-2 and Level-1-2 routers in other areas. The Level-2 router maintains a Level-2 LSDB, which contains the information on the inter-area routes. All the Level-2 routers constitute the backbone network of a routing domain for inter-area communication. The Level-2 routers in a routing domain must be deployed successively for ensuring the continuity of the backbone network. Only the Level-2 routers can directly exchange data packets or routing information with the routers that exist outside the routing domain.
Level-1-2 router The router that belongs to both Level-1 area and Level-2 area is a Level-1-2 router. Such a router can have Level-1 adjacencies with the Level-1 and Level-2 routers in the same area, and have Level-2 adjacencies with the Level-2 and Level-1-2 routers in other areas. A Level-1 router can connect to other areas only through a Level-2 router. A Level-1-2 router maintains two LSDBs, where, Level-1 LSDB is used for maintaining the intra-area routes, and Level-2 LSDB is used for maintaining the inter-area routes.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of a specified process. Step 2 Run the is-level command to configure the NET. ----End
Example
To enable the current router to work at Level-1, do as follows:
huawei(config)#isis huawei(config-isis-1)#is-level level-1
Related Operation
Table 13-4 lists the related operation for configuring the router level. Table 13-4 Related operation for configuring the router level To... Restore the default level of a router Run the Command... undo is-level
13.3.4 Enabling the IS-IS Function on an Interface

This topic describes how to enable the IS-IS function on a specified interface and starts the ISIS protocol.
When the IS-IS function on a specified interface is enabled, the IS-IS process running on the interface is activated, and the IS-IS protocol is started. After the IS-IS function is enabled successfully, the interface starts exchanging routing information with its adjacent routers and also starts learning the network routes. In this case, you can query the information on the IS-IS LSDB, adjacent routers, routes and statistics.
Prerequisites
l l l
The router must be enabled with the IS-IS process, and configured with the NET. The specified virtual L3 interface of the VLAN must be configured. The virtual L3 interface of the VLAN must be up.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure IS-IS on the L3 interface. Step 2 Run the isis enable command to enable the IS-IS function on the L3 interface and associate the interface with the specified IS-IS process. ----End
Examples
To enable the IS-IS function and IS-IS process 1 on VLAN interface 10, do as follows:
huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#isis enable 1
13-10
Issue 02 (2008-04-25)
To enable the IS-IS function and IS-IS process 1 on loopback interface 0, do as follows:
huawei(config)#interface loopback 0 huawei(config-if-loopback0)#isis enable 1
Related Operations
Table 13-5 lists the related operations for enabling the IS-IS function on an interface. Table 13-5 Related operations for enabling the IS-IS function on an interface To... Disable the IS-IS function on an interface Query the IS-IS interface Query the IS-IS LSDB Query the IS-IS adjacent routers Query the IS-IS routes Query the statistics on an IS-IS process Run the Command... undo isis enable display isis interface display isis lsdb display isis peer display isis route display isis statistics
13.4 Controlling the IS-IS Routing Information

This topic describes how to control the IS-IS routing information, including advertising aggregated routes, filtering received routes, and importing external routes. It also describes how to modify the attributes of a route such as its priority and cost. Based on the methods described in this topic, you can control the propagation of the IS-IS routing information in the AS. 13.4.1 Configuring the IS-IS Priority This topic describes how to configure the priority of the IS-IS protocol. 13.4.2 Configuring the Cost of an IS-IS Interface This topic describes how to configure the cost of an IS-IS interface. 13.4.3 Configuring IS-IS Route Aggregation This topic describes how to aggregate multiple routes with the same next hop into one route, thus decreasing the number of IS-IS route entries. 13.4.4 Generating IS-IS Default Routes This topic describes how to configure the MA5600T to generate IS-IS default routes. 13.4.5 Configuring IS-IS to Filter the Received or Advertised Routing Information This topic describes how to configure the MA5600T to filter the received or advertised routing information based on the ACL rule, IP address prefix or routing policy. By default, the MA5600T does not filter the received or advertised routing information. 13.4.6 Setting the State of IS-IS Interface to Suppressed This topic describes how to set an IS-IS interface to the suppressed state so that it can prevent the transmission of useless IS-IS protocol packets in the area.
13.4.7 Configuring IS-IS to Import External Routes This topic describes how to configure the IS-IS system to import external routes. 13.4.8 Configuring the IS-IS Route Leaking This topic describes how to configure the IS-IS route leaking. This allows the routing information on the Level-2 router to be advertised to the Level-1 areas.
13.4.1 Configuring the IS-IS Priority

This topic describes how to configure the priority of the IS-IS protocol.
Multiple routing protocols can concurrently run on a router. When these routing protocols detect the routes to the same destination, the system selects the route detected by the protocol with the highest priority as the route to the destination. By default, the priority of the IS-IS protocol is 15. The smaller the priority value, the higher the priority.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the preference command to configure the priority of the IS-IS protocol. ----End
Examples
To configure the priority of the IS-IS protocol as 20, do as follows:
huawei(config)#isis huawei(config-isis-1)#preference 20
To configure the priority of the IS-IS route matching routing policy abc as 50, and the priority of other IS-IS routes as 30, do as follows:
huawei(config)#route-policy abc permit node 1 huawei(config-route-policy)#if-match cost 20 huawei(config-route-policy)#apply preference 50 huawei(config)#display route-policy abc Route-policy : abc permit : 1 Match clauses : if-match cost 20 Apply clauses : apply preference 50 huawei(config)#isis huawei(config-isis-1)#preference 30 route-policy abc
NOTE
If the priority is not specified in the routing policy, the priority specified by running the preference command is used as the priority for all IS-IS routes.
Related Operations
Table 13-6 lists the related operations for configuring the IS-IS priority.
Table 13-6 Related operations for configuring the IS-IS priority To... Restore the default IS-IS priority Query the IS-IS LSDB Run the Command... undo preference display isis lsdb
13.4.2 Configuring the Cost of an IS-IS Interface

This topic describes how to configure the cost of an IS-IS interface.
The IS-IS determines the cost of its interface in the following ways:
l
Interface cost: indicates that the link cost is configured for a single IS-IS interface. By default, the link cost of an IS-IS interface is 10. Global cost: indicates that the link cost is configured for all interfaces. By default, the global cost is not configured in the system. Auto-cost: indicates that the link cost is automatically calculated based on the IS-IS interface bandwidth.
If the IS-IS interface cost is not configured by using any of the foresaid ways, the default cost of an IS-IS interface is 10. IS-IS supports multiple cost types. For different cost types, the cost range of an interface is different, and the cost range of the routes that can be received also varies. The cost types are as follows:
l
Narrow: If the cost type is narrow, the cost of an interface ranges from 0 to 63, and the maximum cost of the received route is 1023. Narrow-compatible or compatible: If the cost type is narrow-compatible or compatible, the cost of an interface ranges from 0 to 63, and the cost of the received route is related to the parameter relax-spf-limit. Wide or wide-compatible: If the cost type is wide or wide-compatible, the cost of an interface ranges from 1 to 16777215. When the cost is 16777215, the neighbor TLV (cost: 16777215) generated on the link cannot be used in the routing calculation and can only be used to deliver the information related to TE. The maximum cost of the received route is 0xFFFFFFFF.
By default, the cost type is narrow.
Notes
l
If the IS-IS interface cost is not configured by using any of the foresaid ways, the default cost of an IS-IS interface is 10. The priority of the global cost is lower than the priority of the interface cost. If the link cost is not configured for a specified interface, the global cost configured for the interface takes effect. The priority of the auto-cost is the lowest. If the function of automatic cost calculation is enabled on an interface, the system automatically calculates the cost of the interface only
Issue 02 (2008-04-25)
when the interface cost is not configured for the interface and the global cost is not configured for the IS-IS process.
l
The cost of a loopback interface cannot be modified by enabling the function of automatic cost calculation or by configuring the global cost. It must be separately configured only in loopback interface mode.
Procedure
l Configure the cost of the specified interface. 1. 2. 3. (Optional) In global config mode, run the isis command to enter IS-IS mode of the specified process. (Optional) Run the cost-style command to configure the cost type of the interface. In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Run the isis cost command to configure the link cost of the interface. In global config mode, run the isis command to enter IS-IS mode of the specified process. (Optional) Run the cost-style command to configure the cost type of the interface. Run the circuit-cost command to configure the global cost of the interface. In global config mode, run the isis command to enter IS-IS mode of the specified process. (Optional) Run the cost-style command to configure the cost type of the interface. (Optional) Run the bandwidth-reference command to configure the reference value for calculating the bandwidth. Run the auto-cost enable command to enable the function of automatic cost calculation on the IS-IS interface.
NOTE
4. l 1. 2. 3. l 1. 2. 3. 4.
Configure the global cost.
Configure the auto-cost.
The bandwidth reference value configured by running the bandwidth-reference is valid only when the cost type is wide or wide-compatible. Then, the cost of each interface = (bandwidth reference/interface bandwidth) x 10. When the cost type is narrow, narrow-compatible, or compatible, the cost of each interface can be obtained by referring to Table 13-7. Table 13-7 Relationship between the interface cost and the bandwidth Cost 60 50 40 30 20 Interface Bandwidth Range interface bandwidth <= 10 Mbit/s 10 Mbit/s < interface bandwidth <= 100 Mbit/s 100 Mbit/s < interface bandwidth <= 155 Mbit/s 155 Mbit/s < interface bandwidth <= 622 Mbit/s 622 Mbit/s < interface bandwidth <= 2.5 Gbit/s
13-14
Issue 02 (2008-04-25)

Cost 10

Interface Bandwidth Range 2.5 Gbit/s < interface bandwidth
----End
Examples
To configure the link cost of VLAN interface 10 as 8, do as follows:
huawei(config)#interface vlanif huawei(config-if-vlanif10)#isis cost 8
NOTE
If the Level-1 or Level-2 is not specified in the command lines, the same link cost is configured for the level-1 and level-2 interfaces by default.
To configure the cost of all Level-1 interfaces as 10 and that of all Level-2 interfaces as 8, do as follows:
huawei(config)#isis huawei(config-isis-1)#circuit-cost 10 level-1 huawei(config-isis-1)#circuit-cost 8 level-2
NOTE
If Level-1 or Level-2 is not specified in the command lines, the cost of all Level-1-2 interfaces is configured by default.
To enable the function of automatic cost calculation on an IS-IS interface, do as follows:

huawei(config)#isis huawei(config-isis-1)#auto-cost enable
Related Operations
Table 13-8 lists the related operations for configuring the IS-IS interface cost. Table 13-8 Related operations for configuring the IS-IS interface cost To... Restore the default cost of an IS-IS interface Delete the global cost of an IS-IS interface Disable the function of automatic cost calculation on an IS-IS interface Restore the default cost type of an ISIS interface Cancel the reference value of the interface bandwidth Query the IS-IS interface
Issue 02 (2008-04-25)
Run the Command... undo isis cost undo circuit-cost undo auto-cost enable undo cost-style undo bandwidth-reference display isis interface
13-15
13.4.3 Configuring IS-IS Route Aggregation

This topic describes how to aggregate multiple routes with the same next hop into one route, thus decreasing the number of IS-IS route entries.
The minimum cost of the routes to be aggregated is used as the cost of the aggregated route. By default, the IS-IS route aggregation is not configured in the MA5600T.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the summary command to configure the IS-IS route aggregation. ----End
Example
To configure aggregation route 202.0.0.0/8, do as follows:
huawei(config)#isis huawei(config-isis-1)#summary 202.0.0.0 255.0.0.0
Related Operations
Table 13-9 lists the related operations for configuring the IS-IS route aggregation. Table 13-9 Related operations for configuring the IS-IS route aggregation To... Delete an IS-IS aggregation route Query the IS-IS LSDB Run the Command... undo summary display isis lsdb
13.4.4 Generating IS-IS Default Routes

This topic describes how to configure the MA5600T to generate IS-IS default routes.
Based on the route level, you can configure the MA5600T to generate the Level-1 and Level-2 default routes. If the level is not specified, the Level-2 default route is generated. The generated default routes are advertised only to the routers at the same level. By using the routing policy, you can force the IS-IS to generate the default routes only if there is a matching route in the routing table.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the default-route-advertise command to configure the IS-IS to generate default routes. ----End
Example
To configure the IS-IS to generate the Level-1 default route, do as follows:
huawei(config)#isis huawei(config-isis-1)#default-route-advertise level-1
Related Operations
Table 13-10 lists the related operations for configuring the IS-IS to generate default routes. Table 13-10 Related operations for configuring the IS-IS to generate default routes To... Disable the function of generating IS-IS default routes Query the IS-IS LSDB Run the Command... undo default-route-advertise display isis lsdb
13.4.5 Configuring IS-IS to Filter the Received or Advertised Routing Information

This topic describes how to configure the MA5600T to filter the received or advertised routing information based on the ACL rule, IP address prefix or routing policy. By default, the MA5600T does not filter the received or advertised routing information.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the filter-policy import command or the filter-policy export command to configure the MA5600T to filter the received or advertised routing information. ----End
Examples
To apply ACL rule 2000 filter to filter the routing information received by the MA5600T, do as follows:
huawei(config)#isis huawei(config-isis-1)#filter-policy 2000 import
NOTE
The ACL rule applied must be a basic ACL rule. That means the ID of the ACL rule must be in the range of 20002999.
Issue 02 (2008-04-25)
13-17
To filter the routing information advertised by the MA5600T applying IP address prefix abc, and allow the MA5600T to advertise the routing information of the network 10.0.192.0/8, do as follows:
huawei(config)#ip ip-prefix abc permit 10.0.192.0 8 huawei(config)#isis huawei(config-isis-1)#filter-policy ip-prefix abc export
Related Operations
Table 13-11 lists the related operations for filtering the received or advertised routing information. Table 13-11 Related operations for filtering the received or advertised routing information To... Disable the function of filtering the routing information received by the IS-IS Disable the function of filtering the routing information advertised by the IS-IS Query the IS-IS LSDB Run the Command... undo filter-policy import
undo filter-policy export
display isis lsdb
13.4.6 Setting the State of IS-IS Interface to Suppressed

This topic describes how to set an IS-IS interface to the suppressed state so that it can prevent the transmission of useless IS-IS protocol packets in the area.
When the IS-IS network connects to other ASs, the IS-IS protocol must be enabled on the egress interface, so that the routers within an area can learn the egress routes. In this way, the interface sends IS-IS Hello packets to the network segment where it belongs. However, this is not required. Then, you can enable the suppression function on the IS-IS interface. With the function enabled, the interface does not send or receive Hello packets. But, the routes of the network segment, to which the interface belongs, can still be advertised to other routers within the area.
NOTE
If the IS-IS protocol on the egress interface in the area is Down, the routers within the area cannot learn the egress routes.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Step 2 Run the isis silent command to enable the suppression function on the interface. ----End
Example
To enable the suppression function on VLAN interface 10, do as follows:
huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#isis silent
Related Operations
Table 13-12 lists the related operations for configuring the suppression function on an IS-IS interface. Table 13-12 Related operations for configuring the suppression function To... Cancel the suppression function on an IS-IS interface Query the IS-IS interface Run the Command... undo isis silent display isis interface
13.4.7 Configuring IS-IS to Import External Routes

This topic describes how to configure the IS-IS system to import external routes.
The MA5600T enabled with the IS-IS protocol considers the routes discovered by other routing protocols as external routes. When importing the routes of other routing protocols, you can specify the default cost and the level of the imported routes. If the level is not specified, the system imports the external routes to the Level-2 routing table by default. By default, the IS-IS system does not import external routes.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the import-route command to configure the IS-IS to import external routes. Step 3 (Optional) Run the filter-policy import command to apply a routing policy to filter the imported routes. ----End
Example
To import an internal static route and set its cost as 15, do as follows:
huawei(config)#isis huawei(config-isis-1)#impor-route static cost-style internal cost 15
Issue 02 (2008-04-25)
13-19
Related Operations
Table 13-13 lists the related operations for configuring the IS-IS to import external routes. Table 13-13 Related operations for configuring the IS-IS to import external routes To... Disable the IS-IS to import external routes Query the IS-IS LSDB Run the Command... undo import-route display isis lsdb
13.4.8 Configuring the IS-IS Route Leaking

This topic describes how to configure the IS-IS route leaking. This allows the routing information on the Level-2 router to be advertised to the Level-1 areas.
A Level-1 router manages the intra-area routes, and a Level-2 router manages the inter-area routes. By default, a Level-2 router does not advertise the known routing information of Level-2 areas and other Level-1 areas to the routers in a Level-1 area. A Level-1 router cannot determine the routes outside the local area. Therefore, it may fail to determine an optimal route to other areas. Through the IS-IS route leaking, a Level-2 router can advertise its own routing information of other Level-1 areas and Level-2 areas to a specified Level-1 area, and the routing information can be filtered by applying the ACL rule, routing policy, and IP address prefix.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the import-route isis level-2 into level-1 command to configure the IS-IS to import external routes. ----End
Example
To enable the IS-IS route leaking, do as follows:
huawei(config)#isis huawei(config-isis-1)#import-route isis level-2 into level-1
Related Operations
Table 13-14 lists the related operations for configuring the IS-IS route leaking.
13-20
Issue 02 (2008-04-25)
Table 13-14 Related operations for configuring the IS-IS route leaking To... Disable the IS-IS route leaking Query the IS-IS LSDB Run the Command... undo import-route isis level-2 into level-1 display isis lsdb
13.5 Adjusting and Optimizing IS-IS

This topic describes how to adjust and optimize the configurations of an IS-IS network, including modifying the network type of an interface, adjusting the IS-IS protocol parameters, and configuring the IS-IS verification function. 13.5.1 Configuring Network Type of an IS-IS Interface This topic describes how to configure the network type of an IS-IS interface. A P2P interface can be simulated on an Ethernet port when the network type is set to P2P. By default, the network type of an interface is determined by the physical interface. 13.5.2 Configuring the Level of an IS-IS Interface This topic describes how to configure the level of an IS-IS interface for establishing an adjacency of a certain level with a peer interface. 13.5.3 Configuring DIS Priority of an IS-IS Interface This topic describes how to configure the DIS priority of an IS-IS interface. 13.5.4 Configuring IS-IS for Not Checking IP Addresses of Received Hello Packets This topic describes how to configure the IS-IS for not checking the IP addresses of the received Hello packets. This allows the setup of adjacencies between the P2P interfaces of different subnets. 13.5.5 Configuring the IS-IS Packet Timer This topic describes how to configure the IS-IS packet timer. 13.5.6 Configuring LSP Parameters This topic describes how to configure the LSP parameters to improve the efficiency of the ISIS protocol. 13.5.7 Enabling LSP Fast Flooding This topic describes how to configure the LSP fast flooding. This helps to accelerate the network convergence and stablize the IS-IS network. 13.5.8 Configuring SPF Parameters This topic describes how to configure the SPF parameters to improve the performance of the ISIS router. 13.5.9 Configuring IS-IS Host Name Mapping This topic describes how to configure the IS-IS host name to set up the mapping between the host name and the system ID. After configuring the IS-IS host name successfully, the host name is advertised in an area as LSP packets. 13.5.10 Configuring IS-IS Authentication This topic describes how to configure the area, routing domain, and interface authentication on the MA5600T by running the IS-IS protocol. 13.5.11 Configuring LSDB Overload Flag Bit
This topic describes how to configure the LSDB overload flag bit. This allows other routers in an area not to take the overloaded router into consideration during the SPF calculation. 13.5.12 Enabling Output of the Adjacency State This topic describes how to enable the output of the adjacency state, allowing the change of ISIS adjacency state to be output to the maintenance terminal.
13.5.1 Configuring Network Type of an IS-IS Interface

This topic describes how to configure the network type of an IS-IS interface. A P2P interface can be simulated on an Ethernet port when the network type is set to P2P. By default, the network type of an interface is determined by the physical interface.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Step 2 Run the isis circuit-type command to set the network type of the IS-IS interface to P2P. ----End
Example
To set the network type of IS-IS VLAN interface 10 to P2P, do as follows:
huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#isis circuit-type p2p
Related Operation
Table 13-15 lists the related operation for configuring the network type of an IS-IS interface. Table 13-15 Related operation for configuring the network type of an IS-IS interface To... Restore the default network type of an IS-IS interface Run the Command... undo isis circuit-type
13.5.2 Configuring the Level of an IS-IS Interface

This topic describes how to configure the level of an IS-IS interface for establishing an adjacency of a certain level with a peer interface.
The levels of an IS-IS interface are as follows:
l l
Level-1: indicates that only the Level-1 adjacency can be established for the interface. Level-2: indicates that only the Level-2 adjacency can be established for the interface.
13-22

l
Level-1-2: indicates that both Level-1 and Level-2 adjacencies can be established for the interface.
By default, the level of an IS-IS interface is Level-1-2. That is, both Level-1 and Level-2 adjacencies can be established for the IS-IS interface. To prevent unnecessary processing and to save the network bandwidth, you can configure the level of an interface on a Level-1-2 router, allowing the interface to receive and send Hello packets of a certain level (Level-1 or Level-2), and to establish an adjacency with another interface. For a P2P link, only one type of Hello packets can be received and sent. Hence, the level configuration is invalid for a P2P interface.
NOTE
The level configuration of an interface takes effect only for the Level-1-2 router. For the routers of other levels, the level of a router determines the level of the adjacency with a peer router.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Step 2 Run the isis circuit-level command to configure the level of an IS-IS interface. ----End
Example
To configure the level of VLAN interface 10 as Level-1, do as follows:
huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#isis circuit-level level-1
Related Operations
Table 13-16 lists the related operations for configuring the IS-IS interface level. Table 13-16 Related operations for configuring the IS-IS interface level To... Restore the default setting of the IS-IS interface level Configure the router level Run the Command... undo isis circuit-level is-level
13.5.3 Configuring DIS Priority of an IS-IS Interface

This topic describes how to configure the DIS priority of an IS-IS interface.
Level-1 designated ISs (DISs) and Level-2 DISs are elected respectively. The higher the DIS priority value of a router is, the more likely that the router is elected as a DIS. If there are two or more routers with the same DIS priority in the network, the router with the largest MAC address is elected. If the level is not specified when you configure the DIS priority, the Level-1-2 DIS priority is preferred by default. By default, the DIS priority of an IS-IS interface is 64.
NOTE
The DIS priority is valid only for the broadcast network. If the network type of an IS-IS interface is set to P2P running the isis circuit-type command, the DIS priority setting does not take effect for the interface.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Step 2 Run the isis dis-priority command to configure the DIS priority of the IS-IS interface. ----End
Example
To configure the DIS priority of VLAN interface 10 as 50, and the level as Level-1, do as follows:
huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#isis dis-priority 50 level-1
Related Operations
Table 13-17 lists the related operations for configuring the DIS priority of an IS-IS interface. Table 13-17 Related operations for configuring the DIS priority of an IS-IS interface To... Restore the default DIS priority of an IS-IS interface Configure the router level Run the Command... undo isis dis-priority is-level
13.5.4 Configuring IS-IS for Not Checking IP Addresses of Received Hello Packets
This topic describes how to configure the IS-IS for not checking the IP addresses of the received Hello packets. This allows the setup of adjacencies between the P2P interfaces of different subnets.
When the network type of an IS-IS interface is set to P2P by running the isis circuit-type command for simulating a P2P interface, the IS-IS checks the IP address of the received Hello
packets. The adjacency can be set up only when the IP address of the packets and the address of the local interface receiving the Hello packets belong to the same subnet. If the IP address of the interface that sends the Hello packets and the IP address of the interface that receives the Hello packets belong to different subnets, and the IS-IS is configured for not checking the IP addresses of the received Hello packets, the adjacency can also be set up between the interfaces at both ends. The routing table has routes of two different subnets. The ping between the two subnets, however, fails.
Prerequisites
The network type of the IS-IS interface is P2P.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Step 2 Run the isis peer-ip-ignore command to configure the IS-IS for not checking the IP addresses of the received Hello packets. ----End
Example
To configure VLAN interface 10 for not checking the IP address of the received Hello packets, do as follows:
huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#isis peer-ip-ignore
Related Operations
Table 13-18 lists the related operations for configuring the IS-IS for not checking the IP addresses of the received Hello packets. Table 13-18 Related operations for configuring the IS-IS for not checking the IP addresses of the received Hello packets To... Configure the IS-IS to check the IP addresses of the received Hello packets Configure the network type of an ISIS interface Run the Command... undo isis peer-ip-ignore
isis circuit-type
13.5.5 Configuring the IS-IS Packet Timer

This topic describes how to configure the IS-IS packet timer.
By configuring the IS-IS packet timer, you can specify the interval for sending Hello packets, the number of Hello packets which invalidates an adjacency, the interval for sending CSNP packets, the interval for retransmitting Label Switched Path (LSP) packets, and the minimum interval for sending the LSP packets.
l
Interval for sending Hello packets On the broadcast links, there are Level-1 and Level-2 Hello packets. For different types of Hello packets, the intervals vary. If the level is not specified, the configuration is valid for both Level-1 and Level-2 Hello packets by default. On a P2P link, the Hello packets are not divided into levels. Hence, the packet level does not need to be specified. By default, the interval for sending Hello packets is 10000 ms.
Number of Hello packets which invalidates an adjacency The IS-IS protocol maintains the adjacencies among the routers by sending and receiving Hello packets. If the MA5600T does not receive the Hello packets from the peer router within the holding time, that is, if the MA5600T does not receive the specified number of Hello packets continuously within this time, it considers that the peer router is not working properly. By default, the number of Hello packets which invalidates an adjacency is 3.
Interval for sending CSNP packets The CSNP packets are transmitted by the Designated IS (DIS) over the broadcast network to synchronize the LSDB. If the level is not specified, the interval for broadcasting the CSNP packets of the current level is configured by default. By default, the interval for sending CSNP packets is 10s.
Interval for retransmitting LSP packets After sending an LSP packet on a P2P link, if the local router does not receive the response from the peer router within a specified period of time, it considers that the LSP packet has been lost or dropped. To ensure reliable transmissions, the local router is configured to retransmit the LSP packet. A broadcast link does not support retransmission of LSP packets. By default, the interval for retransmitting LSP packets over a P2P link is 5s.
Minimum interval for sending LSP packets The minimum interval for the IS-IS to send LSP packets on an interface, that is, the delay between two successive LSP packets. By default, the minimum interval for sending the LSP packets is 50 ms.
Procedure
Step 1 In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Step 2 (Optional) Run the isis timer hello command to configure the interval for sending Hello packets on the interface. Step 3 (Optional) Run the isis timer holding-multiplier command to configure the number of Hello packets which invalidates an adjacency.
Step 4 (Optional) Run the isis timer csnp command to configure the interval for sending the CSNP packets on the interface. Step 5 (Optional) Run the isis timer lsp-retransmit command to configure the interval for retransmitting LSP packets on the P2P link. Step 6 (Optional) Run the isis timer lsp-throttle command to configure the minimum interval for sending LSP packets. ----End
Example
For VLAN interface 10, to configure the interval for sending Level-1 Hello packets as 20s, the number of Hello packets which invalidates an adjacency as 6, and the minimum interval for sending LSP packets as 500 ms, do as follows:
huawei(config)#interface vlanif huawei(config-if-vlanif10)#isis huawei(config-if-vlanif10)#isis huawei(config-if-vlanif10)#isis 10 timer hello 20 level-1 timer holding-multiplier 6 level-1 timer lsp-throttle 500
Related Operations
Table 13-19 lists the related operations for configuring the IS-IS packet timer. Table 13-19 Related operations for configuring the IS-IS packet timer To... Restore the default interval for sending Hello packets Restore the default number of Hello packets which invalidates an adjacency Restore the default interval for sending CSNP packets Restore the default interval for retransmitting LSP packets Restore the default minimum interval for sending LSP packets Run the Command... undo isis timer hello undo isis timer holding-multiplier undo isis timer csnp undo isis timer lsp-retransmit undo isis timer lsp-throttle
13.5.6 Configuring LSP Parameters

This topic describes how to configure the LSP parameters to improve the efficiency of the ISIS protocol.
You can modify the LSP parameters according to the running status of the network to improve the efficiency of the IS-IS protocol. A router supports the following LSP parameters. In general, it is recommended that you use the default LSP configurations.

l
LSP refreshment period To synchronize all the LSPs in the entire area, the IS-IS periodically transmits all the current LSPs. Ensure that the LSP refresh period is shorter than the aging time of the LSP. By default, the LSP refresh period is 900s.
LSP aging time When a router generates an LSP, it configures the aging time for the LSP. When the LSP is received by another router, the router starts its aging timer. If the router does not receive LSP update messages within the aging time, it keeps the LSP for 60 more seconds. After 60s, if LSP update messages are not received, the router deletes the LSP from the LSDB. By default, the LSP aging time is 1200s.
Intelligent timer for generating LSPs For the IS-IS protocol, when the local routing information is changed, the router generates new LSPs to advertise this change. When the change is frequent, the interval for generating a new LSP should, however, be delayed. This is to prevent too many system resources from being occupied, which impairs the system performance. If the delay is very long, the change in the local routing information cannot be advertised to the adjacent routers in time, thus decelerating the network convergence. To accelerate the network convergence without affecting the system performance of the routers, the intelligent timer is adopted. The intelligent timer is used to adjust the delay according to the frequency of network change. The interval for initially generating the LSP is called the initial-interval. An incremental interval is added to the initial-interval when each change occurs until the initial-interval reaches the value of max-interval. When the interval reaches the value of max-interval three times, it drops to the initial-interval value again. By default, the max-interval for generating an LSP is 2s.
Ignoring LSP checksum error When the router receives an LSP, it checks its checksum. If the checksum is inconsistent with the calculated checksum, you can set the aging time and the checksum of the LSP to 0. That is, the LSP gets aged. If you configure the router to ignore the checksum error, the LSP packets are processed as normal packets even when the LSP checksum error is detected. By default, the system does not ignore the LSP checksum error.
LSP cache size The LSP packet cache is classified into cache for generating LSP packets and cache for receiving LSP packets, which indicate the size of the LSP packets generated by a router and the size of the LSP packets received by a router respectively. The size of the cache generating LSP packets must be smaller than the size of the cache receiving LSP packets. By default, the size of the cache for LSP packets is 1497 bytes.
NOTE
The cache for LSP packets must be smaller than the MTU of the IS-IS interface. Otherwise, the forwarding of the LSP packets may fail.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 (Optional) Run the timer lsp-refresh command to configure the LSP refreshment period.
Step 3 (Optional) Run the timer lsp-max-age command to configure the LSP aging time. Step 4 (Optional) Run the timer lsp-generation command to configure the intelligent timer for generating the LSPs. Step 5 (Optional) Run the ignore-lsp-checksum-error command to configure the function of ignoring the LSP checksum errors. Step 6 (Optional) Run the lsp-length receive command to configure the size of the LSP packets received currently. Step 7 (Optional) Run the lsp-length originate command to configure the size of the LSP packets generated by the current router. ----End
Example
To configure the LSP refresh period as 1000 ms, the LSP aging time as 1500 ms, the max-interval as 20s, the initial-interval as 50 ms, the incremental-interval as 2000 ms, and the size of generated LSP packets as 1024 bytes, do as follows:
huawei(config)#isis huawei(config-isis-1)#timer lsp-refresh 1000 huawei(config-isis-1)#timer lsp-max-age 1500 huawei(config-isis-1)#timer lsp-generation 20 50 2000 huawei(config-isis-1)#lsp-length originate 1024
Related Operations
Table 13-20 lists the related operations for configuring the LSP parameters. Table 13-20 Related operations for configuring the LSP parameters To... Restore the default LSP refreshment period Restore the default LSP aging time Restore the default configuration of the intelligent timer for generating the LSPs Restore the default configuration of ignoring the LSP checksum errors Restore the default size of the LSP packets received by the current router Restore the default size of the LSP packets generated by the current router Run the Command... undo timer lsp-refresh undo timer lsp-max-age undo timer lsp-generation
undo ignore-lsp-checksum-error undo lsp-length receive undo lsp-length originate
Issue 02 (2008-04-25)
13-29
13.5.7 Enabling LSP Fast Flooding

This topic describes how to configure the LSP fast flooding. This helps to accelerate the network convergence and stablize the IS-IS network.
You can specify the maximum number of LSPs flooded each time and the maximum interval for LSP flooding for an interface. The configuration takes effect for all the interfaces. By default, for an interface, the maximum number of LSPs flooded each time is 5, and the maximum interval for LSP flooding is 10 ms. If the level is not specified, the configuration takes effect for both Level-1 and Level-2 LSPs.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the flash-flood command to configure the LSP fast flooding. ----End
Example
To configure the LSP fast flooding on the MA5600T running the IS-IS protocol, allowing each interface to send up to six LSPs each time at a maximum interval of 100 ms, do as follows:
huawei(config)#isis huawei(config-isis-1)#flash-flood 6 max-timer-interval 100
Related Operation
Table 13-21 lists the related operation for configuring the LSP fast flooding. Table 13-21 Related operation for configuring the LSP fast flooding To... Restore the default setting of LSP fast flooding Run the Command... undo flash-flood
13.5.8 Configuring SPF Parameters

This topic describes how to configure the SPF parameters to improve the performance of the ISIS router.
For the IS-IS protocol, when the LSDB changes, the router needs to recalculate the routes. Recalculating the routes frequently occupies many system resources and affects the system efficiency. Delaying SPF calculation improves the efficiency in route calculation to some extent and reduces consumption of system resources. A long delay, however, slows the network convergence.

l
SPF intelligent timer It can adjust the delay for SPF calculation according to the LSDB change frequency. By default, the delay for SPF calculation is 10s.
Duration for each SPF calculation When the number of routing entries in a routing table is more than 150,000, the SPF calculation of IS-IS occupies the CPU for a long time, lowering the system performance of the router. To prevent this, you can divide the SPF calculation into segments and set the duration for each SPF calculation. By default, the SPF calculation is not divided into segments, and the calculation is completed at a time.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 (Optional) Run the timer spf command to configure the delay for SPF calculation. Step 3 (Optional) Run the spf-slice-size command to configure the duration for each SPF calculation. ----End
Example
To configure the maximum delay for SPF calculation as 5s, and the duration for SPF calculation as 500 ms, do as follows:
huawei(config)#isis huawei(config-isis-1)#timer spf 5 huawei(config-isis-1)#spf-slice-size 500
Related Operations
Table 13-22 lists the related operations for configuring the SPF parameters. Table 13-22 Related operations for configuring the SPF parameters To... Restore the default delay for SPF calculation Restore the default duration for SPF calculation Run the Command... undo timer spf undo spf-slice-size
13.5.9 Configuring IS-IS Host Name Mapping

This topic describes how to configure the IS-IS host name to set up the mapping between the host name and the system ID. After configuring the IS-IS host name successfully, the host name is advertised in an area as LSP packets.
l
An IS-IS router supports the mapping of both the local IS-IS host name and the remote ISIS host name. A DIS router also supports the mapping of DIS host name. By default, the mapping of the IS-IS host name is not configured. When you run the display isis peer command to query the adjacency, the mapping name is displayed in the command response, provided that the mapping of the IS-IS host name is configured on both ends. The mapping name is not displayed if the mapping of the ISIS host name is configured on only one end.
NOTE
l l
The DIS host name is configured for the DIS interface. A P2P interface does not support the configuration of a host name.
Procedure
l Configure the host name of the local IS-IS and that of the remote IS-IS. 1. 2. l 1. In global config mode, run the isis command to enter IS-IS mode of the specified process. Run the is-name command to configure the host name of the local or remote IS-IS. In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Run the isis dis-name command to configure the DIS host name.
Configure the DIS host name.
2. ----End
Examples
To configure the host name of the local IS-IS process as RUTA, and to configure the host name of the remote IS-IS process (System ID: 0000.0000.0041) as RUTB, do as follows:
huawei(config)#isis huawei(config-isis-1)#is-name RUTA huawei(config-isis-1)#is-name map 0000.0000.0041 RUTB
To configure the DIS host name as LocalArea, do as follows:

huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#isis dis-name LocalArea huawei(config-isis-1)#is-name map 0000.0000.0041 RUTB
Related Operations
Table 13-23 lists the related operations for configuring host name mapping. Table 13-23 Related operations for configuring host name mapping To... Delete the local/remote host name Delete the DIS host name
13-32
Run the Command... undo is-name undo isis dis-name

Issue 02 (2008-04-25)
To... Query the mapping between the host name and the system ID
Run the Command... display isis name-table
13.5.10 Configuring IS-IS Authentication

This topic describes how to configure the area, routing domain, and interface authentication on the MA5600T by running the IS-IS protocol.
l
Area authentication This function is used to verify the Level-1 routing packets such as LSP, CSNP, and PSNP received by the router, and filter the routing packets that cannot pass the authentication. With the area authentication enabled, a router encapsulates the specified authentication mode and password into the LSP, CSNP, and PSNP packets for advertisement. At the same time, the router authenticates the received LSP, CSNP and PSNP packets. The packets can be received only when these packets contain the authentication mode and password consistent with those configured on the router. If other routers in the same area also start the area authentication process, the authentication modes and the passwords of these routers should be identical. Otherwise, the routers cannot work normally. By default, the area authentication is not disabled.
Routing domain authentication This function is used to verify the Level-2 routing packets such as LSP, CSNP, and PSNP received by the router, and filter the routing packets that cannot pass the authentication. With the routing domain authentication enabled, a Level-2 router at the backbone layer encapsulates the specified authentication mode and password into the LSP, CSNP, and PSNP packets for advertisement. At the same time, the router authenticates the received LSP, CSNP and PSNP packets. The packets can be received only when these packets contain the authentication mode and password consistent with the authentication mode and password configured on the router. If other routers at the backbone layer also start the routing domain authentication process, the authentication modes and the passwords of these routers should be identical. Otherwise, the routers cannot work normally. By default, the routing domain authentication is not disabled.
Interface authentication This function is used to verify the received Hello packets to confirm if their adjacencies are valid and correct.
NOTE
When configuring the interface authentication, note the following:

l l l
The IS-IS function is enabled on the interface. The authentication modes and passwords of the same level must be identical for all interfaces in the same network. The level configuration does not take effect for a P2P interface.
Issue 02 (2008-04-25)
13-33
Procedure
l Configure the area and domain authentication. 1. 2. 3. l In global config mode, run the isis command to enter IS-IS mode of the specified process. Run the area-authentication-mode command to configure the area authentication. Run the domain-authentication-mode command to configure the routing domain authentication. In global config mode, run the interface vlanif command to enter VLAN interface mode, or run the interface loopback command to enter loopback mode to configure the L3 interface enabled with the IS-IS function. Run the isis authentication-mode command to configure the interface authentication.
Configure the interface authentication. 1.
2. ----End
Examples
To configure the area authentication password as hello and the authentication mode as simple, do as follows:
huawei(config)#isis huawei(config-isis-1)#area-authentication-mode simple hello
To configure the routing domain authentication password as huawei and the authentication mode as MD5, do as follows:
huawei(config)#isis huawei(config-isis-1)#domain-authentication-mode md5 huawei
To configure the authentication password as huawei and the authentication mode as simple for VLAN interface 10, do as follows:
huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#isis authentication-mode simple huawei
Related Operations
Table 13-24 lists the related operations for configuring the IS-IS authentication. Table 13-24 Related operations for configuring the IS-IS authentication To... Disable the area authentication Disable the routing domain authentication Disable the interface authentication Run the Command... undo area-authentication-mode undo domain-authentication-mode undo isis authentication-mode
13-34
Issue 02 (2008-04-25)
13.5.11 Configuring LSDB Overload Flag Bit

This topic describes how to configure the LSDB overload flag bit. This allows other routers in an area not to take the overloaded router into consideration during the SPF calculation.
With the LSDB overload flag bit configured, a router still advertises the LSP packets containing the overload flag bit. The other routers in the network, however, do not use the LSP packets with the overload flag bit for calculating the routes of the overloaded router. That is, after a router is configured with the overload flag bit, other routers do not take the routes learned by this router into consideration during the SPF calculation. But the direct routes of this router are calculated. In the IS-IS network, if a router is faulty, the routes for the entire area are not calculated correctly. Then, you can set the overload flag bit for the faulty router to temporarily remove it from the IS-IS network. This helps you to locate the fault easily. By default, the overload flag bit is not configured.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process. Step 2 Run the set-overload command to configure the LSDB overload flag bit. ----End
Example
To configure the LSDB overload flag bit for IS-IS process 1, do as follows:
huawei(config)#isis huawei(config-isis-1)#set-overload
Related Operation
Table 13-25 lists the related operation for configuring the LSDB overload flag bit. Table 13-25 Related operation for configuring the LSDB overload flag bit To... Delete the overload flag bit Run the Command... undo set-overload
13.5.12 Enabling Output of the Adjacency State

This topic describes how to enable the output of the adjacency state, allowing the change of ISIS adjacency state to be output to the maintenance terminal.
Procedure
Step 1 In global config mode, run the isis command to enter IS-IS mode of the specified process.
Step 2 Run the log-peer-change command to enable the output of the adjacency state. ----End
Example
To enable the output of the adjacency state for IS-IS process 1, do as follows:
huawei(config)#isis huawei(config-isis-1)#log-peer-change
Related Operation
Table 13-26 lists the related operation for enabling the output of the adjacency state. Table 13-26 Related operation for enabling the output of the adjacency state To... Disable the output of the adjacency state Run the Command... undo log-peer-change
13-36
Issue 02 (2008-04-25)
14 BGP Routing Protocol Configuration
14
BGP Routing Protocol Configuration
About This Chapter

This topic describes how to configure the BGP routing protocol supported by the MA5600T.
NOTE
14.1 Overview This topic describes the Border Gateway Protocol (BGP) and its application on the MA5600T. 14.2 Configuration Example of BGP This topic provides an example for configuring the BGP on the MA5600T. 14.3 Configuring Basic BGP Functions This topic describes how to configure the basic BGP functions. 14.4 Configuring BGP Route Attributes This topic describes how to configure the BGP route attributes. 14.5 Controlling the BGP Routing Information This topic describes how to control the BGP routing information. 14.6 Adjusting and Optimizing BGP This topic describes how to adjust and optimize the configurations of a BGP network such as modifying the BGP timers, configuring the interval for sending update messages, and configuring the BGP verification function.
Issue 02 (2008-04-25)
14-1
14.1 Overview
This topic describes the Border Gateway Protocol (BGP) and its application on the MA5600T.
Service Description
l l
BGP is a dynamic routing protocol used between Autonomous Systems (ASs). BGP is an Exterior Gateway Protocol (EGP). It controls the route propagation and selection of optimal routes. It does not control the discovery and calculation of routes. This distinguishes BGP from the Interior Gateway Protocols (IGPs) such as OSPF and RIP. As an exterior routing protocol for the Internet, BGP is widely used among various Internet service providers (ISPs).
Service Specifications
BGP runs on the MA5600T in either of the following modes:
l l
Interior BGP (IBGP): BGP is called an IBGP when it runs within an AS. Exterior BGP (EBGP): BGP is called an EBGP when it runs among ASs.
14.2 Configuration Example of BGP

This topic provides an example for configuring the BGP on the MA5600T.
Networking
Figure 14-1 shows an example network for configuring the BGP. In this example network, an EBGP connection is set up between MA5600T_A and MA5600T_B, and an IBGP connection is set up among MA5600T_B, MA5600T_C, and MA5600T_D. Figure 14-1 Example network for configuring the BGP
AS 2001 AS 2000 8.1.1.1/8 200.1.1.2/24 9.1.3.1/24 MA5600T_A 1.1.1.1 9.1.3.2/24 9.1.2.1/24
MA5600T_C 3.3.3.3 9.1.2.2/24
200.1.1.1/24
9.1.1.1/24 9.1.1.2/24 MA5600T_D 4.4.4.4
MA5600T_B 2.2.2.2
14-2
Issue 02 (2008-04-25)
Data Plan
Table 14-1 provides the data plan for configuring the BGP. Table 14-1 Data plan for configuring the BGP Item MA5600T_A Data IP address of VLAN interface 6: 200.1.1.2/24 IP address of VLAN interface 2: 8.1.1.1/8 Router ID1.1.1.1 AS number: 2000 MA5600T_B IP address of VLAN interface 6: 200.1.1.1/24 IP address of VLAN interface 3: 9.1.3.1/24 IP address of VLAN interface 4: 9.1.1.1/24 Router ID2.2.2.2 AS number: 2001 MA5600T_C IP address of VLAN interface 3: 9.1.3.2/24 IP address of VLAN interface 5: 9.1.2.1/24 Router ID3.3.3.3 AS number: 2001 MA5600T_D IP address of VLAN interface 5: 9.1.2.2/24 IP address of VLAN interface 4: 9.1.1.2/24 Router ID4.4.4.4 AS number: 2001
Issue 02 (2008-04-25) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd
Remarks It is used for the EBGP connection to AS2001. It is used for the EBGP connection to AS2000. It is used for the IBGP connection to the MA5600T_C. It is used for the IBGP connection to the MA5600T_D. It is used for the IBGP connection to the MA5600T_B. It is used for the IBGP connection to the MA5600T_D. It is used for the IBGP connection to the MA5600T_C. It is used for the IBGP connection to the MA5600T_B. 14-3
Figure 14-2 shows the flowchart for configuring the BGP. Figure 14-2 Flowchart for configuring the BGP
Start
Enable the BGP function
Save the data
End
Procedure
Step 1 Configure MA5600T_A. 1. Configure the IP address of the L3 interface.
huawei(config)#vlan 6 smart huawei(config)#port vlan 6 0/9 0 huawei(config)#interface vlanif 6 huawei(config-if-vlanif6)#ip address 200.1.1.2 24 huawei(config-if-vlanif6)#quit huawei(config)#vlan 2 smart huawei(config)#port vlan 2 0/9 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 8.1.1.1 8 huawei(config-if-vlanif2)#quit
2.
Enable the BGP function.

huawei(config)#bgp 2000 huawei(config-BGP)#router-id 1.1.1.1 huawei(config-BGP)#peer 200.1.1.1 as-number 2001 huawei(config-BGP)#network 8.0.0.0 8 huawei(config-BGP)#quit
3.
Save the data.

huawei(config)#save
Step 2 Configure MA5600T_B. 1. Configure the IP address of the L3 interface.

huawei(config)#vlan 6 smart huawei(config)#port vlan 6 0/9 0 huawei(config)#interface vlanif 6 huawei(config-if-vlanif6)#ip address 200.1.1.1 24 huawei(config-if-vlanif6)#quit huawei(config)#vlan 3 smart huawei(config)#port vlan 3 0/9 0 huawei(config)#interface vlanif 3
14-4
Issue 02 (2008-04-25)
huawei(config-if-vlanif3)#ip address 9.1.3.1 24 huawei(config-if-vlanif3)#quit huawei(config)#vlan 4 smart huawei(config)#port vlan 4 0/9 0 huawei(config)#interface vlanif 4 huawei(config-if-vlanif4)#ip address 9.1.1.1 24 huawei(config-if-vlanif4)#quit
2.

huawei(config)#bgp 2001 huawei(config-BGP)#router-id 2.2.2.2 huawei(config-BGP)#peer 200.1.1.2 as-number 2000 huawei(config-BGP)#peer 9.1.3.2 as-number 2001 huawei(config-BGP)#peer 9.1.1.2 as-number 2001 huawei(config-BGP)#import-route direct huawei(config-BGP)#quit
3.
Save the data.

huawei(config)#save
Step 3 Configure MA5600T_C. 1. Configure the IP address of the L3 interface.

2.

huawei(config)#bgp 2001 huawei(config-BGP)#router-id 3.3.3.3 huawei(config-BGP)#peer 9.1.3.1 as-number 2001 huawei(config-BGP)#peer 9.1.2.2 as-number 2001 huawei(config-BGP)#quit
3.
Save the data.

huawei(config)#save
Step 4 Configure MA5600T_D. 1. Configure the IP address of the L3 interface.

2.

huawei(config)#bgp 2001 huawei(config-BGP)#router-id 4.4.4.4 huawei(config-BGP)#peer 9.1.2.1 as-number 2001 huawei(config-BGP)#peer 9.1.1.1 as-number 2001 huawei(config-BGP)#quit
3.
Save the data.

huawei(config)#save
----End
Result
l
Run the display bgp peer command, and you can see that:

The EBGP connection is set up between MA5600T_A and MA5600T_B. The IBGP connections are set up among MA5600T_B, MA5600T_C, and MA5600T_D. The route with the destination subnet 8.0.0.0/8 exists on MA5600T_C and MA5600T_D, and the next hop of the route is the interface address of MA5600T_A
Run the ping command on MA5600T_C and MA5600T_D to ping the Layer 3 interface (8.1.1.1/24) on MA5600T_A. The ping command is executed successfully.
14.3 Configuring Basic BGP Functions

This topic describes how to configure the basic BGP functions. 14.3.1 Configuring BGP Basic Description This topic describes how to configure the BGP basic description. 14.3.2 Configuring BGP to Advertise the Local Routes This topic describes how to configure the MA5600T to advertise the BGP local routes. 14.3.3 Configuring the Local Interface Used for a BGP Connection This topic describes how to configure the local interface used for a BGP connection. 14.3.4 Configuring the Maximum Number of Hops in an EBGP Connection This topic describes how to configure the maximum number of hops in an EBGP connection.
14.3.1 Configuring BGP Basic Description

This topic describes how to configure the BGP basic description.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the router-id command to set the BGP router ID.
NOTE
l l
This configuration is optional. If the BGP router ID is not set, the router ID set in global config mode by running the router id command is used as the BGP router ID. Setting the BGP router ID reestablishes the connections between the MA5600T and the peer. Exercise caution when you perform this operation.
Step 3 Run the peer as-number command to specify the IP address and the AS number of the peer.
NOTE
The IP address of the specified peer can be as follows:

l l
The IP address of the peer interface that is directly connected to the MA5600T. The IP address of the loopback interface of the reachable peer. In this case, you must run the peer connect-interface command to configure the source interface of the peer for sending the BGP packets, and make sure that the peer is connected properly.
Step 4 Run the peer description command to configure the description of the peer.
Step 5 Run the display bgp peer command to query the peer. ----End
Example
To enable BGP process 1 and enter BGP mode to set the router ID to 10.10.10.1, to specify the peer IP address as 10.10.10.2 and AS number as 10, and to set the description of the peer to huawei, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#router-id 10.10.10.1 CAUTION! Changing configuration will reset peer session. Continue?(Y/N):y huawei(config-bgp)#peer 10.10.10.2 as-number 10 huawei(config-bgp)#peer 10.10.10.2 description huawei huawei(config-bgp)#quit huawei(config)#display bgp peer 10.10.10.2 verbose Peer: 10.10.10.2 Local router ID: 10.10.10.1 Type: EBGP link Peer's description: "huawei" BGP version 4, remote router ID 0.0.0.0 BGP current state: Active BGP current event: ConnOpenFailed BGP last state: Connect Received: Total 0 messages, Update messages 0 Sent: Total 0 messages, Update messages 0 Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled Peer Preferred Value: 0 Routing policy configured: No routing policy is configured
Related Operation
Table 14-2 lists the related operation for configuring the BGP basic description. Table 14-2 Related operation for configuring the BGP basic description To... Configure the source interface of the peer for sending the BGP packets Run the Command... peer connect-interface
14.3.2 Configuring BGP to Advertise the Local Routes

This topic describes how to configure the MA5600T to advertise the BGP local routes.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the network command to configure the BGP router to advertise the local routes. Step 3 Run the display bgp network command to query the routing information advertised by the BGP router running the network command.
Step 4 Run the display bgp routing-table command to query the BGP routing information.
NOTE
After the BGP router is configured to advertise the local routes by running the network command, the routing information advertised by the BGP router by running the command can be queried by running the display bgp network command. A route, however, exists in the BGP routing table only when the destination address and the mask specified by the network command match the local route. You can run the display bgp routing-table command to query the routes in the BGP routing table.
----End
Example
To configure the BGP router to advertise local route with the destination address/mask of 10.10.10.0/24 by applying routing policy huawei, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#network 10.10.10.0 24 route-policy huawei huawei(config-bgp)#quit huawei(config)#display bgp network BGP Local Router ID is 10.10.10.1 Local AS Number is 1 Network Mask Route-policy 10.10.10.0 255.255.255.0 huawei huawei(config)#display bgp routing-table { regular-expression<K>|<cr>|ip_addr<X.X.X.X>|statistics<K>|cidr<K>|community <K>|community-filter<K>|dampened<K>|dampening<K>|as-path-filter<K>|flap-info<K>| peer<K>|different-origin-as<K> }: Command: display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 10.71.42.12 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.10.10.0 0.0.0.0 0 0 i
Related Operations
Table 14-3 lists the related operations for advertising the BGP local routes. Table 14-3 Related operations for advertising the BGP local routes To... Query the current routing information in the system Create a routing policy and enter the routing policy mode Run the Command... display ip routing-table route-policy
14.3.3 Configuring the Local Interface Used for a BGP Connection

This topic describes how to configure the local interface used for a BGP connection.
Context
l
By default, the physical interface that is directly connected to the peer is used as the local interface for a BGP connection. To ensure that a BGP connection is reliable and stable, you can configure the local interface used for the BGP connection as the loopback interface. In this way, when there are redundant links in the network, the BGP connection should not break off due to the failure of a certain interface or link. In general, to create a BGP connection, you need to configure the local interface used for the BGP connection as the loopback interface. Otherwise, the BGP connection cannot be created.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the peer connect-interface command to configure the local interface of the peer for sending the BGP packets. Step 3 Run the display bgp peer command to query the BGP peer. ----End
Example
To set the local interface for the peer 10.10.10.2 to send BGP packets as the loopback interface, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.2 connect-interface loopback 0 huawei(config-bgp)#quit huawei(config)#display bgp peer 10.10.10.2 verbose Peer: 10.10.10.2 Local router ID: 10.10.10.1 Type: EBGP link Peer's description: "huawei" BGP version 4, remote router ID 0.0.0.0 BGP current state: Idle BGP current event: TransFatalError BGP last state: Connect Received: Total 0 messages, Update messages 0 Sent: Total 0 messages, Update messages 0 Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled Connect-interface has been configured Peer Preferred Value: 0 Routing policy configured: No routing policy is configured
Related Operation
Table 14-4 lists the related operation for configuring the local interface used for a BGP connection.
Issue 02 (2008-04-25)
14-9
Table 14-4 Related operation for configuring the local interface used for a BGP connection To... Configure the IP address and AS number of the peer Run the Command... peer as-number
14.3.4 Configuring the Maximum Number of Hops in an EBGP Connection

This topic describes how to configure the maximum number of hops in an EBGP connection.
Context
By default, the maximum number of hops in an EBGP connection is 1, which indicates that the EBGP connection cannot be set up between the BGP router and the peers on the network. An EBGP connection can be set up with the peers on the network that is not connected directly only when the maximum number of hops in the EBGP connection is configured.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the peer ebgp-max-hop command to configure the maximum number of hops for setting up an EBGP connection to the peers on the network that is not connected directly. Step 3 Run the display bgp peer command to query the BGP peer. ----End
Example
To configure the maximum number of hops as 10 for setting up an EBGP connection to peer 20.20.20.1 on the network that is not connected directly, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 20.20.20.1 ebgp-max-hop 10 huawei(config-bgp)#quit huawei(config)#display bgp peer 20.20.20.1 verbose Peer: 20.20.20.1 Local router ID: 10.71.42.12 Type: EBGP link BGP version 4, remote router ID 0.0.0.0 BGP current state: Active BGP current event: ConnOpenFailed BGP last state: Connect Received: Total 0 messages, Update messages 0 Sent: Total 0 messages, Update messages 0 Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled Multi-hop ebgp has been enabled Peer Preferred Value: 0 Routing policy configured: No routing policy is configured
14-10
Issue 02 (2008-04-25)
Related Operation
Table 14-5 lists the related operation for configuring the maximum number of hops in an EBGP connection. Table 14-5 Related operation for configuring the maximum number of hops in an EBGP connection To... Configure the IP address and AS number of the peer Run the Command... peer as-number
14.4 Configuring BGP Route Attributes

This topic describes how to configure the BGP route attributes. 14.4.1 Configuring the BGP Route Preference This topic describes how to configure the BGP route preference. 14.4.2 Configuring the Default Local_Pref Attribute This topic describes how to configure the default Local_Pref attribute, that is the local priority of the MA5600T, which shows the priority of the BGP router, and check the best routing when the flow exits the AS. 14.4.3 Configuring the MED Attribute This topic describes how to configure the MED attribute. 14.4.4 Configuring the Next_Hop Attribute This topic describes how to configure the Next_Hop attribute. 14.4.5 Configuring the AS-Path Attribute This topic describes how to configure the AS_Path attribute.
14.4.1 Configuring the BGP Route Preference

This topic describes how to configure the BGP route preference.
Context
You can configure the preference for the following three types of BGP routes.
l l l
routes learned from external peers (EBGP) routes learned from internal peers (IBGP) routes that originated locally (Local Originated)
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the preference(BGP) command to configure the BGP route preference.
Step 3 Run the display ip routing-table command to query the preference of the EBGP and IBGP routes. ----End
Example
To configure the preference of the EBGP route as 200, and to adopt the default preference 255 for the IBGP and BGP local routes, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#preference 200 255 255 huawei(config-bgp)#quit huawei(config)#display ip routing-table { <cr>|vpn-instance<K>|verbose<K>|statistics<K>|protocol<K>|acl<K>|ip-prefix<K>| ip_addr<X.X.X.X> }: Command: display ip routing-table Routing Tables: Public Destinations : 2 Routes : 2 Destination/Mask 10.10.10.0/24 20.20.20.0/24 Proto Pre Cost 0 0 NextHop 20.20.20.2 20.20.20.1 Interface vlanif20 vlanif20
BGP 200 Direct 0
14.4.2 Configuring the Default Local_Pref Attribute

This topic describes how to configure the default Local_Pref attribute, that is the local priority of the MA5600T, which shows the priority of the BGP router, and check the best routing when the flow exits the AS.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the default local-preference command to configure the Local_Pref attribute of the MA5600T. ----End
Example
To configure the default BGP local preference as 200, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#default local-preference 200
14.4.3 Configuring the MED Attribute

This topic describes how to configure the MED attribute.
Context
When a router where BGP is running obtains multiple routes with the same destination address but different next hops through different EBGP peers, the router chooses the route with the minimum MED value as the optimal route, provided that the other parameters of the routes are the same. Configuring the MED attribute involves the following:

l l
Configuring the MED value of a BGP route Enabling the comparison of MED values of the routes from different ASs In general, the BGP router compares only the MED values of the routes from the same AS (different peers).
Configuring the disposal method when the MED value is lost After configuring the disposal method, if the MED value does not exist in the route attributes, a maximum MED value is used during the optimal route selection.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the default med command to configure the MED value of the BGP route. Step 3 Run the compare-different-as-med command to enable the comparison of MED values of the routes from different ASs. Step 4 Run the bestroute med-none-as-maximum command to configure the disposal method when the MED value is lost. ----End
Example
To configure the MED value of the BGP route as 200, enable the comparison of MED values of the routes from different ASs, and use the maximum MED value during the optimal route selection when the MED value does not exist in the route attributes, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#default med 200 huawei(config-bgp)#compare-different-as-med huawei(config-bgp)#bestroute med-none-as-maximum
14.4.4 Configuring the Next_Hop Attribute

This topic describes how to configure the Next_Hop attribute.
Context
If BGP load balancing is configured, the MA5600T sets the address of its outbound interface as the next hop address when advertising routes to IBGP peer groups, regardless of whether the Next_Hop attribute is configured by running the peer next-hop-local command.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the peer next-hop-local command to enable the MA5600T to change the address of its outbound interface as the next hop address when advertising routes to the IBGP peer. ----End
Example
To enable the MA5600T to set its outbound interface as the next hop address when it advertises routes to IBGP peer 10.101.10.1, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 next-hop-local
Related Operation
Table 14-6 lists the related operation for configuring the Next_Hop attribute. Table 14-6 Related operation for configuring the Next_Hop attribute To... Configure BGP load balancing Run the Command... maximum load-balancing
14.4.5 Configuring the AS-Path Attribute

This topic describes how to configure the AS_Path attribute.
Context
Configuring the AS_Path attribute involves the following:
l
Allowing repeat local AS numbers In special applications such as VPN, you can configure the AS_Path attribute of the routes sent from the peers to contain the local AS number, and configure the repeat count of the local AS number.
Ignoring the AS_Path attribute during the optimal BGP route selection By default, the AS_Path attribute is used as a rule for the optimal route selection. In certain special applications, if the attribute is not used supposed to be a rule for the optimal route selection, use this function.
Configuring the fake AS number This function is used to hide the actual AS number. EBGP peers in other ASs can see only the fake AS number. That is, when specifying their local AS number, the EBGP peers in other ASs must choose this fake AS number as their local number.
Replacing the AS number in the AS-path attribute When this function is enabled, if the AS_Path attribute of a route to be advertised contains the same AS number as that of the specified peer, the AS number is replaced with the AS number of the local router before the route is advertised.
Configuring the AS_Path attribute to carry only the public AS number when the BGP router sends BGP update messages When this function is enabled, if the AS_Path attribute of the BGP routing information advertised to the peer contains private AS numbers, the BGP router deletes the private AS numbers.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the peer allow-as-loop command to allow repeat local AS numbers.
Step 3 Run the bestroute as-path-neglect command to configure the BGP to ignore the AS_Path attribute during the optimal route selection. Step 4 Run the peer fake-as command to configure the fake AS number. Step 5 Run the peer substitute-as command to enable the function of replacing the AS number in the AS_Path attribute. Step 6 Run the peer public-as-only command to configure the AS_Path attribute to carry only the public AS number when the BGP router sends BGP update messages.
NOTE
Each attribute above can be configured. If it is not configured, the value is default.
----End
Examples
To configure the repeat count of the local AS number allowed by peer 10.10.10.1 as 2, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 allow-as-loop 2
To configure the BGP to ignore the AS_Path attribute during the optimal route selection, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#bestroute as-path-neglect
To configure the fake AS number of peer 10.10.10.1 as 200, do as follows:

huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 fake-as 200
To enable the function of replacing AS numbers for peer 10.10.10.1, do as follows:

huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 substitute-as
To configure peer 10.10.10.1 to carry only public AS numbers when the BGP router sends BGP update messages, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 public-as-only
Related Operation
Table 14-7 lists the related operation for configuring the AS_Path attribute. Table 14-7 Related operation for configuring the AS_Path attribute To... Enable the split horizon function among the ASs Run the Command... as-split-horizon
14.5 Controlling the BGP Routing Information

This topic describes how to control the BGP routing information.
14.5.1 Configuring BGP to Import Routes This topic describes how to configure the BGP to import the routes. 14.5.2 Filtering the Routes Imported by BGP This topic describes how to filter the routes imported by BGP. 14.5.3 Configuring BGP Route Aggregation This topic describes how to configure the BGP route aggregation. 14.5.4 Configuring a Router to Advertise the Default Route to Its Peer This topic describes how to configure a router to advertise the default route to its peer. 14.5.5 Configuring BGP Access List This topic describes how to configure the BGP access list. 14.5.6 Configuring a BGP Routing Policy This topic describes how to configure a BGP routing policy. 14.5.7 Configuring the Policy for Advertising the BGP Routing Information This topic describes how to configure the policy for advertising the BGP routing information. 14.5.8 Configuring the Policy for Receiving the BGP Routing Information This topic describes how to configure the policy for receiving the BGP routing information.
14.5.1 Configuring BGP to Import Routes

This topic describes how to configure the BGP to import the routes.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the import-route command to enable the BGP to import the routes of other protocols. ----End
Example
To import static routes to the BGP routing table, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#import-route static
Related Operations
Table 14-8 lists the related operations for configuring the BGP to import routes. Table 14-8 Related operations for configuring the BGP to import routes To... Advertise the default route to a peer Query the BGP routing information Query the current routing information in the system
14-16
Run the Command... peer default-route-advertise display bgp routing-table display ip routing-table
Issue 02 (2008-04-25)
To... Enable the default route to be imported to the BGP routing table
Run the Command... default-route imported
14.5.2 Filtering the Routes Imported by BGP

This topic describes how to filter the routes imported by BGP.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the filter-policy import command to configure the rules for filtering the received routes. ----End
Example
To filter the received routes according to the rules defined in ACL 2001, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#filter-policy 2001 import
Related Operation
Table 14-9 lists the related operation for filtering the routes imported by BGP. Table 14-9 Related operation for filtering the routes imported by BGP To... Configure the rules for filtering the routes advertised by BGP Run the Command... filter-policy export
14.5.3 Configuring BGP Route Aggregation

This topic describes how to configure the BGP route aggregation.
Context
The BGP route aggregation can be automatic aggregation and manual aggregation. The preference of manual aggregation is higher than that of automatic aggregation.
l
Automatic aggregation: aggregates the imported routes, which can be direct routes, static routes, RIP routes, OSPF routes, and IS-IS routes, except the routes advertised by running the network command. Manual aggregation: aggregates the routes existing in the local BGP routing table. For example, when the route to the subnet 10.1.0.0/24 does not exist in the BGP routing table,
Issue 02 (2008-04-25)
BGP does not advertise the aggregated route even if you run the aggregate 10.1.0.0 16 command to aggregate the route.
Procedure
l Configure the automatic route aggregation function. 1. 2. l Run the bgp command to enable the BGP process and enter BGP mode. Run the summary automatic command to configure the function of automatically aggregating the BGP subnet routes. Run the bgp command to enable the BGP process and enter BGP mode. Run the aggregate command to aggregate routes in BGP.
Configure the manual route aggregation function. 1. 2.
----End
Examples
To configure the function of automatically aggregating the BGP subnet routes, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#summary automatic
To manually aggregate the BGP routes in the subnet 10.10.0.0/16, do as follows:

huawei(config)#bgp 1 huawei(config-bgp)#aggregate 10.10.0.0 16
Related Operations
Table 14-10 lists the related operations for configuring the BGP route aggregation. Table 14-10 Related operations for configuring the BGP route aggregation To... Query the BGP routing information Query the current routing information in the system Run the Command... display bgp routing-table display ip routing-table
14.5.4 Configuring a Router to Advertise the Default Route to Its Peer

This topic describes how to configure a router to advertise the default route to its peer.
Context
Perform this operation to enable a router to unconditionally send a default route with its own address as the next hop address to a peer in case that the routing table does not have to contain any default route.
Procedure
Step 1 Run the bgp command to enable the BGP process and enter BGP mode. Step 2 Run the peer default-route-advertise command to configure the MA5600T to advertise the default route to its peer. ----End
Example
To configure the MA5600T to advertise the default route to peer 10.10.10.1, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 default-route-advertise
Related Operations
Table 14-11 lists the related operations for configuring the MA5600T to advertise the default route to its peer. Table 14-11 Related operations for configuring the MA5600T to advertise the default routes to its peer To... Enable BGP to import the routes of other protocols Enable the default route to be imported to the BGP routing table Run the Command... import-route default-route imported
14.5.5 Configuring BGP Access List

This topic describes how to configure the BGP access list.
Procedure
Step 1 Run the ip as-path-filter command to configure the AS path filter. Step 2 Run the ip community-filter command to configure the community attributes filter. ----End
Examples
To set AS path filter 1, which permits the routes of AS 30 to pass through (regular expression "-30-" indicates any AS list that contains AS30), do as follows:
huawei(config)#ip as-path-filter 1 permit -30-
To configure basic community attribute filter 10, where the community number is 20, the community attributes list is 100:2, and the matching mode for the community attributes is permit, do as follows:
huawei(config)#ip community-filter 10 permit 20 100:2 internet
Related Operations
Table 14-12 lists the related operations for configuring the BGP access list. Table 14-12 Related operations for configuring the BGP access list To... Query the community attributes filter Enable the MA5600T to advertise the community attributes to its peer Run the Command... display ip community-filter peer advertise-community
14.5.6 Configuring a BGP Routing Policy

This topic describes how to configure a BGP routing policy.
Context
l
The MA5600T supports up to 16 routing policies, each of which can be configured with up to eight nodes. A routing policy can have multiple nodes. Each node acts as a unit of a matching test, and the nodes are identified by sequence number for the matching test. The relation between different nodes of a routing policy is OR. That is, the router checks the nodes of the routing policy one by one. If one node passes the match test, it means that the route policy passes the match test, and match test for the next node is not required. Each node consists of the following clauses:
if-match clause It defines the matching rules. The relation between different if-match clauses of a node is AND. That is, the node can pass the matching test only when all the if-match clauses of the node are met.
apply clause It specifies the actions to be taken after a route passes the matching test. The apply clause is used to configure the attributes of the route.
Procedure
Step 1 Run the route-policy command to create a routing policy and enter routing policy mode. Step 2 Run the if-match command to configure the matching rules of the routing policy for filtering the routing information.
NOTE
You can configure the rules in different ways. For details, see Table 14-13.
Step 3 Run the apply command to configure the attributes of a route.

NOTE
You can configure various attributes of a route. For details, see Table 14-13.
14-20
Issue 02 (2008-04-25)
Step 4 Run the display route-policy command to query the configured routing policies. ----End
Example
To create routing policy huawei with the node of 1 and the matching mode of permit, set the IP address prefix list 100 as the matching condition, and set the cost of the route meeting the matching condition as 40000, do as follows:
huawei(config)#route-policy huawei permit node 1 Info: You are overwriting this sequence ! huawei(config-route-policy)#if-match ip-prefix 100 huawei(config-route-policy)#apply cost 40000 huawei(config-route-policy)#quit huawei(config)#display route-policy huawei Route-policy : huawei permit : 1 Match clauses : if-match ip-prefix 100 Apply clauses : apply cost 40000
Parameter Description
Table 14-13 lists the parameters for configuring a routing policy. Table 14-13 Parameters for configuring a routing policy Parameter permit Parameter Description Specifies the matching mode of the node as permit. If the routing information is permitted to pass the node, the apply clause of the node is executed, and the matching test of another node is not performed. If the routing information is not permitted to pass the node, the matching test continues on the next node. Specifies the matching mode of the node as deny. In this case, the apply clause is not executed. When the routing information meets all the if-match clauses of the node, the matching test is not performed on the next node. If the routing information does not meet the if-match clause of the node, the matching test continues on the next node.
deny
Related Operations
Table 14-14 lists the related operations for configuring a routing policy. Table 14-14 Related operations for configuring a routing policy To... Configure a matching rule based on the access control list (ACL)
Issue 02 (2008-04-25)
Run the Command... if-match acl
14-21
To... Configure a matching rule based on the AS path filter Configure a matching rule based on the community attribute filter Configure a matching rule based on the route cost Configure a matching rule based on the egress interface Configure a matching rule based on the IP information Configure a matching rule based on the IP address prefix Configure a matching rule based on the route type Configure a matching rule based on the routing tag field Configure the AS_Path attribute of the route meeting the matching rules Delete the BGP routing community according to the value specified in the community attribute filter Configure the BGP community attribute of the route meeting the matching rules Configure the routing cost for the matched route Configure the next hop of the routing information Configure the local preference of the BGP route Configuring the Origin attribute of the BGP route Configure the preference of the BGP route Configure the preferred value of the BGP route Configure the tag of the routing information
Run the Command... if-match as-path-filter if-match community-filter if-match cost if-match interface if-match ip if-match ip-prefix if-match route-type if-match tag apply as-path apply comm-filter
apply community apply cost apply ip-address apply local-preference apply origin apply preference apply preferred-value apply tag
14.5.7 Configuring the Policy for Advertising the BGP Routing Information
This topic describes how to configure the policy for advertising the BGP routing information.
Context
Configuring the policy for advertising the BGP routing information involves the following:

l
Filtering the advertised BGP routing information It filters all advertised BGP routing information. The routes advertised to all peers are discarded when they do not comply with the filtering rules.
Applying a routing policy to the advertised routing information It indicates that if the routing information advertised to the peer complies with the routing policy, the route is configured based on the routing policy and then advertised to the peer. If the routing information does not comply with the routing policy, the route is directly advertised to the peer.
Filtering the routing information advertised to the peer It indicates that the routing information advertised to the peer is discarded when it does not comply with the routing policy.
Procedure
l Filter the advertised BGP routing information. 1. 2. l Run the bgp command to enable the BGP process and enter BGP mode. Run the filter-policy export command to configure the rules for filtering the advertised BGP routes. Run the bgp command to enable the BGP process and enter BGP mode. Run the peer route-policy command and select the parameter export to apply the routing policy to the routing information advertised to the peer.
NOTE
Apply a routing policy to the advertised routing information. 1. 2.
The routing policy applied in the peer route-policy command does not support taking a certain interface as one of the matching rules. That is, the if-match interface command is not supported for applying a routing policy.
Filter the routing information advertised to the peer. 1. 2. Run the bgp command to enable the BGP process and enter BGP mode. Run the peer filter-policy command and select the parameter export to configure the ACL-based routing policy for the routing information advertised to the peer.
NOTE
The routes advertised to the peer can also be filtered in the following ways:
l l
Run the peer as-path-filter command and select the parameter export to configure a policy based on the AS path for filtering the routes advertised to the peer. Run the peer ip-prefix command and select the parameter export to configure a policy based on the IP address prefix for filtering the routes advertised to the peer.
----End
Examples
To filter the advertised information on the static routes based on the rules defined in ACL 2001, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#filter-policy 2001 export static
To apply routing policy abc to the routing information advertised to peer 10.10.10.1, do as follows:
huawei(config)#bgp 1
Issue 02 (2008-04-25)
14-23
huawei(config-bgp)#peer 10.10.10.1 route-policy abc export
To apply ACL-based routing policy 2009 to the routing information advertised to peer 10.10.10.1, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 filter-policy 2009 export
Related Operations
Table 14-15 lists the related operations for configuring the policy for advertising the BGP routing information. Table 14-15 Related operations for configuring the policy for advertising the BGP routing information To... Query the BGP routing information Configure a filtering policy based on the AS path for the peer Configure a filtering policy based on the IP address prefix for the peer Configure the rules for filtering the received BGP routing information Run the Command... display bgp routing-table peer as-path-filter peer ip-prefix filter-policy import
14.5.8 Configuring the Policy for Receiving the BGP Routing Information
This topic describes how to configure the policy for receiving the BGP routing information.
Context
Configuring the policy for receiving the BGP routing information involves the following:
l
Filtering the received BGP routing information: filters all received BGP routing information. The routes from all peers are discarded if they do not comply with the filtering rules. Applying a routing policy to the received routing information: indicates that if the routing information from a specified peer complies with the routing policy, the route is configured according to the routing policy. The received route is not affected even if the routing information does not comply with the routing policy. Filtering the routing information from the peer: indicates that the routing information from a specified peer is discarded if it does not comply with the routing policy. Limiting the number of the routes received from peers: Limits the number of routes from a specified peer.
Procedure
l
14-24
Filter the received BGP routing information.

1. 2. l
Run the bgp command to enable the BGP process and enter BGP mode. Run the filter-policy import command to configure the rules for filtering the received BGP routes. Run the bgp command to enable the BGP process and enter BGP mode. Run the peer route-policy command and select the parameter import to apply the routing policy to the received routing information.
NOTE
Apply a routing policy to the received routing information. 1. 2.
The routing policy applied in the peer route-policy command does not support taking a certain interface as one of the matching rules. That is, the if-match interface command is not supported for applying a routing policy.
Filter the routing information received from the peer. 1. 2. Run the bgp command to enable the BGP process and enter BGP mode. Run the peer filter-policy command and select the parameter import to configure the ACL-based routing policy for the routes received from the peer.
NOTE
The routes received from the peer can also be filtered in the following ways:
l l
Run the peer as-path-filter command and select the parameter import to configure a policy based on the AS path for filtering the routes received from the peer. Run the peer ip-prefix command and select the parameter import to configure a policy based on the IP address prefix for filtering the routes received from the peer.
Limit the number of routes received from the peer. 1. 2. Run the bgp command to enable the BGP process and enter BGP mode. Run the peer route-limit command to configure the number of routes allowed to be received from the peer.
----End
Examples
To filter the received routes based on the rules defined in ACL 2001, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#filter-policy 2001 import
To apply routing policy abc to the routes received from peer 10.10.10.1, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 route-policy abc import
To apply ACL-based routing policy 2009 to the routes received from peer 10.10.10.1, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 filter-policy 2009 import
To set the maximum number of routes allowed to be received from peer 10.10.10.1 to 200, and enable the generation of only an alarm when the number of received routes exceeds the threshold, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 10.10.10.1 route-limit 200 alert-only
Issue 02 (2008-04-25)
14-25
Related Operations
Table 14-16 lists the related operations for configuring the policy for receiving the BGP routing information. Table 14-16 Related operations for configuring the policy for receiving the BGP routing information To... Query the BGP routing information Configure a filtering policy based on the AS path for the peer Configure a filtering policy based on the IP address prefix for the peer Configure the rules for filtering the advertised BGP routing information Run the Command... display bgp routing-table peer as-path-filter peer ip-prefix filter-policy export
14.6 Adjusting and Optimizing BGP

This topic describes how to adjust and optimize the configurations of a BGP network such as modifying the BGP timers, configuring the interval for sending update messages, and configuring the BGP verification function. 14.6.1 Configuring the BGP Timers This topic describes how to configure the BGP keepalive time and holding time. 14.6.2 Configuring the Interval for Sending the Update Messages This topic describes how to configure the interval for the peer to send the update messages. 14.6.3 Configuring BGP Soft Reset This topic describes how to configure the BGP soft reset. This allows the BGP router to apply new routing policies to dynamically update the routing table without interrupting the BGP connection. 14.6.4 Enabling Quick Reset of an EBGP Connection This topic describes how to enable the quick reset function of an EBGP connection. This allows a quick response to changes of EBGP routes. 14.6.5 Configuring MD5 Authentication This topic describes how to configure the MD5 authentication for the TCP connection set up by the BGP peer. This ensures the security of the BGP connection. 14.6.6 Configuring the Maximum Number of Equal-Cost Routes This topic describes how to configure the maximum number of equal-cost routes. This allows the load transmitted to the same destination to be shared among the equal-cost routes. 14.6.7 Configuring EBGP Neighbor Split Horizon This topic describes how to configure the split horizon function among the EBGP neighbors. This decreases unnecessary routing information advertised among ASs.
14-26
Issue 02 (2008-04-25)
14.6.1 Configuring the BGP Timers

This topic describes how to configure the BGP keepalive time and holding time.
There are two types of BGP timers, which are used for controlling the BGP keepalive time and holding time.
l
keepalive-time The BGP router sends keepalive messages to the peer at an interval of keepalive time for maintaining the connectivity of the BGP connection. The maximum interval for sending keepalive messages is one third of the holding time, and cannot be less than 1s.
hold-time If the BGP router does not receive keepalive messages or update messages from the peer within the specified holding time, it considers that the BGP connection is closed and then exits the connection.
By default, the keepalive time is 60s and the holding time is 180s. When creating a BGP connection to a peer, a router negotiates with the peer to obtain the keepalive time and the holding time. Between the holding time of the BGP router and that of its peer, the smaller one is considered as the negotiated holding time. Between the keepalive time (one third of the holding time) and the keepalive time configured locally, the smaller one is considered as the negotiated keepalive time. The BGP router allows you to configure the global BGP timer and the peer BGP timer. The priority for configuring the global BGP timer is lower than that for configuring the peer BGP timer.
Notes
CAUTION
Modifying the BGP timer value temporarily interrupts the BGP connection between routers. Exercise caution when you perform this operation. Note the following when configuring the BGP timers:
l
If the values of keepalive time and holding time are 0, the BGP timers are invalid. That is, the BGP router does not send keepalive messages or detect whether the holding time has expired. The holding time is more than the keepalive time. For example, the keepalive time is 1, and the holding time is 65535. A longer holding time, however, cannot ensure that BGP detects the link faults in time.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode.
Step 2 Run the time command to configure the global BGP timer. Step 3 Run the peer timer command to configure the peer BGP timer. ----End
Example
To configure the global BGP timer with the keepalive time of 30s and the holding time of 90s, and configure the peer BGP timer with the keepalive time of 10s and the holding time of 30s, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#timer keepalive 30 hold 90 huawei(config-bgp)#peer 20.20.20.1 timer keepalive 10 hold 30
Related Operations
Table 14-17 lists the related operations for configuring the BGP timer. Table 14-17 Related operations for configuring the BGP timer To... Restore the default settings of the global BGP timer Restore the default settings of the peer BGP timer Configure the BGP peer Run the Command... undo time undo peer timer peer as-number
14.6.2 Configuring the Interval for Sending the Update Messages

This topic describes how to configure the interval for the peer to send the update messages.
Update messages are used for exchanging routing information among the peers. The packets can be used for advertising the information on a reachable route, or can be used for canceling multiple unreachable routes. By default, the interval for the IBGP peer to send the update messages is 15s, and that for the EBGP peer to send the update messages is 30s.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode. Step 2 Run the peer route-update-interval command to configure the interval for the peer to send the update messages. ----End
Example
To configure the interval for the peer to send the update messages as 10s, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 20.20.20.1 route-update-interval 10
Related Operations
Table 14-18 lists the related operations for configuring the interval for sending the update messages. Table 14-18 Related operations for configuring the interval for sending the update messages To... Restore the default interval for sending the update messages Configure the BGP peer Run the Command... undo peer route-update-interval peer as-number
14.6.3 Configuring BGP Soft Reset

This topic describes how to configure the BGP soft reset. This allows the BGP router to apply new routing policies to dynamically update the routing table without interrupting the BGP connection.
After changing the BGP routing policies, you must reset the current BGP connection to validate the new configuration. The BGP connection is thus interrupted temporarily. BGP supports the route-refresh function. In this way, when routing policies change, the router refreshes the BGP routing table automatically without interrupting the BGP connection.
l
If the route-refresh function is enabled on all peers, the local router advertises route-refresh messages to its peers when the BGP routing policy is changed. The peer receiving the messages sends its routing information to the local router again. In this way, the BGP routing table is updated dynamically by applying the new routing policy without interrupting the BGP connection. You can also run the refresh bgp command to perform soft reset on the local router to update the routing table manually. By default, the route-refresh function is enabled on the BGP router. For a peer not supporting the route-refresh function, you can configure the local router to reserve all the route update information of the peer. When the routing policy of the local router changes, the BGP soft reset command is executed, allowing the routing information to generate the BGP routes again. By default, the route update information of the peer is not reserved.
Procedure
l Configure the BGP soft reset when the peer supports the route-refresh function. 1.
Issue 02 (2008-04-25)
In global config mode, run the bgp command to enter BGP mode.
2. 3. l
Run the peer capability-advertise command to advertise the route-fresh function that the MA5600T supports to the peer. (Optional) Run the refresh bgp command to perform soft reset on the BGP connection manually. In global config mode, run the bgp command to enter BGP mode. Run the ipv4-family unicast command to enter IPv4 unicast mode. Run the peer keep-all-routes command to reserve all route update information of the peer. Run the refresh bgp command to perform soft reset on the BGP connection manually.
Configure the BGP soft reset when the peer does not support the route-refresh function. 1. 2. 3. 4.
----End
Examples
To advertise the route-refresh function that the MA5600T supports to the peer with the IP address of 20.20.20.1, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 20.20.20.1 capability-advertise route-refresh
To perform soft reset on the ingress direction of the BGP connection to peer 20.20.20.1, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#ipv4-family unicast huawei(config-bgp-af-ipv4)peer 20.20.20.1 keep-all-routes huawei(config-bgp)#return huawei#refresh bgp 20.20.20.1 import
Related Operations
Table 14-19 lists the related operations for configuring the BGP soft reset. Table 14-19 Related operations for configuring the BGP soft reset To... Restore the default setting of the route-refresh function of the peer Restore the default configuration of reserving all route update information of the peer Query the details of the BGP peer Run the Command... undo peer capability-advertise undo peer keep-all-routes
display bgp peer
14.6.4 Enabling Quick Reset of an EBGP Connection

This topic describes how to enable the quick reset function of an EBGP connection. This allows a quick response to changes of EBGP routes.
l
When this function is enabled, if the EBGP connection is faulty, that is, the status of a certain interface becomes Down, the BGP immediately deletes failure and then resets. When this function is disabled, the repeated setup and deletion of the BGP session caused by route flapping is prevented. This saves the network bandwidth to some extent. By default, the quick reset function of the EBGP connection is enabled.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode. Step 2 Run the ebgp-interface-sensitive command to enable the quick reset function of the EBGP connection. ----End
Example
To enable the quick reset function of the EBGP connection, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#ebgp-interface-sensitive
Related Operation
Table 14-20 lists the related operation for enabling the quick reset function of the EBGP connection. Table 14-20 Related operation for enabling the quick reset function of the EBGP connection To... Disable the quick reset function of the EBGP connection Run the Command... undo ebgp-interface-sensitive
14.6.5 Configuring MD5 Authentication

This topic describes how to configure the MD5 authentication for the TCP connection set up by the BGP peer. This ensures the security of the BGP connection.
A BGP router uses the TCP protocol as the transport layer protocol for setting up the BGP connection to the peer. To improve the security of the BGP connection, the BGP router supports the MD5 authentication for setting up the TCP connection. The MD5 authentication supported by BGP applies to the TCP connection, but does not apply to the BGP packets. TCP completes the authentication procedure. The TCP connection can be set up only when the authentication is successful.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode. Step 2 Run the peer password command to configure the MD5 authentication. ----End
Example
To configure the MD5 authentication with the password huawei and the plaintext mode (simple) for the TCP connection set up between the local router and the peer 20.20.20.1, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#peer 20.20.20.1 password simple huawei
Related Operation
Table 14-21 lists the related operation for configuring the MD5 authentication. Table 14-21 Related operation for configuring the MD5 authentication To... Cancel the MD5 authentication Run the Command... undo peer password
14.6.6 Configuring the Maximum Number of Equal-Cost Routes

This topic describes how to configure the maximum number of equal-cost routes. This allows the load transmitted to the same destination to be shared among the equal-cost routes.
The maximum number of equal-cost routes varies with products and protocols, and it must be adjusted according to the license file of a product. By default, the maximum number of equal-cost routes is 1.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode. Step 2 Run the ipv4-family unicast command to enter IPv4 unicast mode. Step 3 Run the maximum load-balancing command to configure the maximum number of BGP equalcost routes. ----End
Example
To allow two equal-cost routes to reach the destination address, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#ipv4-family unicast huawei(config-bgp-af-ipv4)maximum load-balancing 2
Related Operation
Table 14-22 lists the related operation for configuring the maximum number of equal-cost routes. Table 14-22 Related operation for configuring the maximum number of equal-cost routes To... Restore the default maximum number of equal-cost routes Run the Command... undo maximum load-balancing
14.6.7 Configuring EBGP Neighbor Split Horizon

This topic describes how to configure the split horizon function among the EBGP neighbors. This decreases unnecessary routing information advertised among ASs.
In general, the split horizon function among the EBGP neighbors can be enabled only when multiple EBGP peers exist between two ASs. When the function is disabled, the route received from one AS is advertised through other EBGP peers back to the AS again. If the EBGP peer does not support AS loops, it discards the route based on the AS_Path attribute, thus wasting the resources. When the function is enabled, the route received from an AS is not advertised back to the AS. In this way, the unnecessary route advertising is decreased. By default, the split horizon function among ASs is disabled.
Procedure
Step 1 In global config mode, run the bgp command to enter BGP mode. Step 2 Run the as-split-horizon command to enable the split horizon function among the EBGP neighbors. ----End
Example
To enable the split horizon function among the EBGP neighbors, do as follows:
huawei(config)#bgp 1 huawei(config-bgp)#as-split-horizon
Related Operations
Table 14-23 lists the related operations for configuring the split horizon function among the EBGP neighbors.
Table 14-23 Related operations for configuring the split horizon function among the EBGP neighbors To... Disable the split horizon function among the EBGP neighbors Configure the peer to allow AS loops Run the Command... undo as-split-horizon peer allow-as-loop
14-34
Issue 02 (2008-04-25)
15 MSTP Configuration
15
About This Chapter
MSTP Configuration
This topic describes how to configure MSTP on the MA5600T. 15.1 Overview This topic describes the multiple spanning tree protocol (MSTP) and its application on the MA5600T. 15.2 Enabling the MSTP Function This topic describes how to enable the MSTP function on the MA5600T. 15.3 Setting the Working Mode of MSTP This topic describes how to set the working mode of MSTP. 15.4 Setting the MST Region Parameters This topic describes how to set the parameters of the multiple spanning tree (MST) region.It includes setting the MD5-Key for the MD5 encryption algorithm,configuring the MST region name,mapping the specified VLAN to the specified MSTP instance,mapping all VLANs to the MSTP instances by modular arithmetic,setting the MSTP revision level,restoring the default settings for all parameters of the MST region. 15.5 Activating the Configuration of the MST Region This topic describes how to activate the configuration of the MST region. 15.6 Specifying the Device as a Root Bridge or a Backup Root Bridge This topic describes how to specify the device as a root bridge or a backup root bridge. 15.7 Setting the Priority of the Device in the Specified Spanning Tree Instance This topic describes how to set the priority of the device in the specified spanning tree instance. 15.8 Setting the Maximum Number of Hops of the MST Region This topic describes how to set the maximum number of hops of the MST region. 15.9 Setting the Diameter of the Switching Fabric This topic describes how to set the diameter of the switching fabric. 15.10 Setting the Calculation Standard for the Path Cost This topic describes how to set the calculation standard for the path cost. 15.11 Setting the Time Parameters of the Specified Network Bridge
This topic describes how to set the time parameters of the specified network bridge. The time parameters include Forward Delay, Hello Time, MAX Age, and Time Factor. 15.12 Setting the Parameters of the Specified Port This topic describes how to set the parameters of the specified port. 15.13 Setting the mCheck Variable This topic describes how to set the mCheck variable to force a port to work in MSTP mode. 15.14 Configuring the Device Protection Function This topic describes how to configure the device protection functions, including BPDU protection, loopback protection and root protection. 15.15 Clear the MSTP Protocol Statistics This topic describes how to clear the protocol statistics.
15-2
Issue 02 (2008-04-25)
15.1 Overview
This topic describes the multiple spanning tree protocol (MSTP) and its application on the MA5600T.
Service Description
MSTP applies to a redundant network. It makes up for the drawback of STP and RSTP. MSTP makes the network converge fast and the traffic of different VLANs distributed along their respective paths, which provides a better load-sharing mechanism. MSTP trims a loop network into a loop-free tree network. It prevents the proliferation and infinite cycling of the packets in the loop network. In addition, MSTP provides multiple redundant paths for VLAN data transmission to achieve the load-sharing purpose. For details on MSTP, refer to "MSTP" in the MA5600T Feature Description.
The MA5600T supports MSTP, which is compatible with the STP and RSTP. It supports MSTP loop network to meet the various networking requirements.
15.2 Enabling the MSTP Function

This topic describes how to enable the MSTP function on the MA5600T.
l l
By default, the MSTP function is disabled. After the MSTP function is enabled, the device determines whether it works in STP compatible mode or MSTP mode based on the configured protocol. After the MSTP function is enabled, MSTP maintains dynamically the spanning tree of the VLAN based on the received BPDU packets. After the MSTP function is disabled, the MSTP device becomes a transparent bridge and does not maintain the spanning tree.
Procedure
Step 1 Run the stp enable command or the stp port enable command to enable the MSTP function of the bridge or the port. Step 2 Run the display stp command or the display stp port command to query the MPLS state of the bridge or the port. ----End
Examples
To enable the MSTP function of the bridge, do as follows:
huawei(config)#stp enable Change global stp state may active region configuration,it may take several minutes,are you sure to change global stp state? [Y/N][N]y
Issue 02 (2008-04-25)
15-3
huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command:
display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 1 days :18m:27s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
Path cost to IST root bridge is 0 Path cost to CST root bridge is 0 -------------------------------------------------------------------------------- More ( Press 'Q' to break ) ----
To enable the MSTP function of port 0/9/0, do as follows:

huawei(config)#stp port 0/9/0 enable huawei(config)#display stp port 0/9/0 ----[CIST][Port1(Down)]---Port Protocol :enabled Port Role :CIST Disabled Port Port Priority :128 Port Cost :Config=auto / Active=200000 Desg. Bridge/Port :32768.00e0-fc99-5050 / 128.1 Port Edged(Admin) :disabled Point-to-point :Config=auto / Active=false Transit Limit :3 packets/hello-time Protection Type :None Port Stp Mode :Stp PortTimes :Hello 2 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20 BPDU Sent :0 TCN: 0, Config: 0, RST: 0, MST: 0 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0
Related Operations
Table 15-1 lists the related operations for enabling the MSTP function. Table 15-1 Related operations for enabling the MSTP function To... Disable the MSTP function of the device Disable the MSTP function of the port Restore the default MSTP state of the device Restore the default MSTP state of the port
15-4
Run the Command... stp disable stp port disable undo stp undo stp port
Remarks By default, it is disabled. By default, it is enabled.

Issue 02 (2008-04-25)
To... Query the MSTP information
Run the Command... display stp
Remarks -
15.3 Setting the Working Mode of MSTP

This topic describes how to set the working mode of MSTP.
l
MSTP supports two working modes:

MSTP mode STP mode
MSTP is compatible with STP. If the network bridge that runs STP exists in the switching fabric, MSTP automatically runs in MSTP/STP compatible mode. When the network condition is good, though the network bridge that runs STP in the subnet is removed, the port still runs in the STP compatible mode. In this case, run the stp mode mstp command to force the port to work in MSTP mode.
Procedure
l The following section shows the procedure for setting the STP working mode. 1. 2. l 1. 2. ----End Run the stp mode stp command to set the STP working mode. Run the display stp command to query the working mode. Run the stp mode mstp command to set the MSTP working mode. Run the display stp command to query the working mode.
The following section shows the procedure for setting the RSTP working mode.
Examples
To set the STP working mode, do as follows:
huawei(config)#stp mode stp huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE compatible Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 2 days :16m:14s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
Issue 02 (2008-04-25)
15-5
To set the MSTP working mode, do as follows:

huawei(config)#stp mode mstp huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 2 days :16m:16s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
Related Operation
Table 15-2 lists the related operation for setting the working mode of MSTP. Table 15-2 Related operation for setting the working mode of MSTP To... Restore the default working mode of MSTP Run the Command... undo stp mode Remarks By default, the device works in MSTP mode.
15.4 Setting the MST Region Parameters

This topic describes how to set the parameters of the multiple spanning tree (MST) region.It includes setting the MD5-Key for the MD5 encryption algorithm,configuring the MST region name,mapping the specified VLAN to the specified MSTP instance,mapping all VLANs to the MSTP instances by modular arithmetic,setting the MSTP revision level,restoring the default settings for all parameters of the MST region. 15.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region This topic describes how to set the MD5-Key for the MD5 encryption algorithm. 15.4.2 Configuring the MST Region Name This topic describes how to configure the MST region name.
15.4.3 Mapping the Specified VLAN to the Specified MSTP Instance This topic describes how to map the specified VLAN to the specified MSTP instance. 15.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic This topic describes how to map all VLANs to the MSTP instances by modular arithmetic. 15.4.5 Setting the MSTP Revision Level This topic describes how to set the MSTP revision level. 15.4.6 Restoring the Default Settings for All Parameters of the MST Region This topic describes how to restore the default settings for all parameters of the MST region.
15.4.1 Setting the MD5-Key for the MD5 Encryption Algorithm Configured on the MST Region
This topic describes how to set the MD5-Key for the MD5 encryption algorithm.
l
The purpose of setting the MD5-Key is for device security. Two devices in the same multiple spanning tree (MST) can communicate with each other when their MD5-Key values are the same. The MD5-Key value is a hex character string not more than 32 bytes. In addition, its length must be a multiple of 2. By default, it is 0x13AC06A62E47FD 51F95D2BA243CD0346.
Procedure
Step 1 Run the stp md5-key command to set the MD5-Key for the MD5 encryption algorithm configured on the MST region. Step 2 Run the display current-configuration command to query the configuration of the device. ----End
Example
To set the MD5-Key for the MD5 encryption algorithm as 0x11ed224466, do as follows:
huawei(config)#stp md5-key 11ed224466 huawei(config)#display current-configuration section config [MA5680V800R005: 1001] # [config] <config> mpls vlan 10 mpls vlan 20 mpls vlan 500 mpls vlan 1000 mpls vlan 1001 # stp region-configuration region-name huawei instance 1 vlan 1000 instance 2 vlan 100 active region-configuration stp instance 0 priority 0 stp timer hello 1000 stp md5-key 11ED224466 stp port 0/9/0 root-protection enable stp enable
Issue 02 (2008-04-25)
15-7
# lacp priority 0 system lacp long-period 20 ---- More ( Press 'Q' to break ) ----
Related Operation
Table 15-3 lists the related operation for setting the MD5-Key for the MD5 encryption algorithm configured on the MST region. Table 15-3 Related operation for setting the MD5-Key for the MD5 encryption algorithm configured on the MST region To... Restore the default MD5-Key for the MD5 encryption algorithm Run the Command... undo stp md5-key
15.4.2 Configuring the MST Region Name

This topic describes how to configure the MST region name.
You can configure the parameters related to the MST regions, such as the name, revision level, and VLAN instance mapping table. The default values of the three parameters are as follows:
l l l
The MST region name is the MAC address of the maintenance network port of the device. All VLANs are mapped to common and internal spanning tree (CIST). The revision level of MSTP is 0.
Procedure
Step 1 Run the stp region-configuration command to enter MST region mode. Step 2 Run the region-name command to configure the name of the MST region. Step 3 Run the check region-configuration command to query the parameters of the current MST region. ----End
Example
To configure the name of the MST region as huawei-mstp-bridge, do as follows:
huawei(config)#stp region-configuration huawei(stp-region-configuration)#region-name huawei-mstp-bridge huawei(stp-region-configuration)#check region-configuration Admin configuration Format selector Region name :0 :huawei-mstp-bridge
15-8
Issue 02 (2008-04-25)

Revision level Instance 0 :0
Vlans Mapped 1 to 4094
Related Operations
Table 15-4 lists the related operations for configuring the MST region name. Table 15-4 Related operations for configuring the MST region name To... Restore the default name of the MST region Activate the configuration of the MST region Query the configuration of the MST region Run the Command... undo region-name active region-configuration display stp region-configuration
15.4.3 Mapping the Specified VLAN to the Specified MSTP Instance

This topic describes how to map the specified VLAN to the specified MSTP instance.
l l
By default, all VLANs are mapped to CIST, that is, instance 0. One VLAN can be mapped to only one instance. If you re-map a VLAN to another instance, the original mapping is disabled. A maximum of 10 VLAN sections can be configured for an MSTP instance. The configuration does not take effect immediately. It is validated only after being activated.
l l
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode. Step 2 Run the instance vlan command to map the specified VLAN to the specified MSTP instance. Step 3 Run the check region-configuration command to query the parameters of the current MST region. ----End
Example
To map VLANs 2-10 and VLANs 12-16 to MSTP instance 3, do as follows:
huawei(config)#stp region-configuration huawei(stp-region-configuration)#instance 3 vlan 2 to 10 12 to 16
Issue 02 (2008-04-25)
15-9
huawei(stp-region-configuration)#check region-configuration Admin configuration Format selector :0 Region name :huawei-mstp-bridge Revision level :0 Instance 0 3 Vlans Mapped 1, 11, 2 to 17 10, to 12 4094 to
16
Related Operations
Table 15-5 lists the related operations for mapping the specified VLAN to the specified MSTP instance. Table 15-5 Related operations for mapping the specified VLAN to the specified MSTP instance To... Disable the VLAN mapping of the specified MSTP instance Activate the configuration of the MST region Query the configuration of the validated MST region Run the Command... undo instance vlan Remarks VLAN mapping in CIST (instance 0) cannot be disabled. -
active region-configuration
display stp regionconfiguration
15.4.4 Mapping All VLANs to the MSTP Instances by Modular Arithmetic

This topic describes how to map all VLANs to the MSTP instances by modular arithmetic.
l l
By default, all VLANs are mapped to CIST, that is, instance 0. On the MA5600T, you can specify the VLAN to each MSTP instance rapidly by modular arithmetic.
When you map the VLAN to the MSTP instance by modular arithmetic, the ID of the mapped instance is (VLANID - 1) % module + 1. The modular value for the modular arithmetic ranges from 1 to 16. It indicates the number of the MSTP instances.
This operation is used to map the VLANs to the MSTP instances rapidly, which results in the change of the mapping relations for all VLANs. In actual application, you can run the instance vlan command to adjust the mappings as required. The configuration does not take effect immediately. It is validated only after being activated.
15-10
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode. Step 2 Run the vlan-mapping module command to map all VLANs to the MSTP instances by modular arithmetic. Step 3 Run the check region-configuration command to query the parameters of the current MST region. ----End
Example
To map all VLANs to the MSTP instances by modular arithmetic, with the modular value of 16, do as follows:
huawei(config)#stp region-configuration huawei(stp-region-configuration)#vlan-mapping module 16 huawei(stp-region-configuration)#check region-configuration Admin configuration Format selector :0 Region name :huawei-mstp-bridge Revision level :0 Vlans Mapped 1, 17, 33, 49, 177, 193, 209, 225, 353, 369, 385, 401, 529, 545, 561, 577, 705, 721, 737, 753, 881, 897, 913, 929, 1057, 1073, 1089, 1105, 1233, 1249, 1265, 1281, 1409, 1425, 1441, 1457, 1585, 1601, 1617, 1633, 1761, 1777, 1793, 1809, 1937, 1953, 1969, 1985, 2113, 2129, 2145, 2161, 2289, 2305, 2321, 2337, 2465, 2481, 2497, 2513, 2641, 2657, 2673, 2689, 2817, 2833, 2849, 2865, 2993, 3009, 3025, 3041, 3169, 3185, 3201, 3217, 3345, 3361, 3377, 3393, 3521, 3537, 3553, 3569, 3697, 3713, 3729, 3745, 3873, 3889, 3905, 3921, 4049, 4065, 4081 2 2, 18, 34, 50, 178, 194, 210, 226, ---- More ( Press 'Q' to break ) ---Instance 1 65, 241, 417, 593, 769, 945, 1121, 1297, 1473, 1649, 1825, 2001, 2177, 2353, 2529, 2705, 2881, 3057, 3233, 3409, 3585, 3761, 3937, 66, 242, 81, 257, 433, 609, 785, 961, 1137, 1313, 1489, 1665, 1841, 2017, 2193, 2369, 2545, 2721, 2897, 3073, 3249, 3425, 3601, 3777, 3953, 82, 258, 97, 273, 449, 625, 801, 977, 1153, 1329, 1505, 1681, 1857, 2033, 2209, 2385, 2561, 2737, 2913, 3089, 3265, 3441, 3617, 3793, 3969, 98, 274, 113, 289, 465, 641, 817, 993, 1169, 1345, 1521, 1697, 1873, 2049, 2225, 2401, 2577, 2753, 2929, 3105, 3281, 3457, 3633, 3809, 3985, 114, 290, 129, 305, 481, 657, 833, 1009, 1185, 1361, 1537, 1713, 1889, 2065, 2241, 2417, 2593, 2769, 2945, 3121, 3297, 3473, 3649, 3825, 4001, 130, 306, 145, 321, 497, 673, 849, 1025, 1201, 1377, 1553, 1729, 1905, 2081, 2257, 2433, 2609, 2785, 2961, 3137, 3313, 3489, 3665, 3841, 4017, 146, 322, 161, 337, 513, 689, 865, 1041, 1217, 1393, 1569, 1745, 1921, 2097, 2273, 2449, 2625, 2801, 2977, 3153, 3329, 3505, 3681, 3857, 4033, 162, 338,
Related Operations
Table 15-6 lists the related operations for mapping all VLANs to the MSTP instances. Table 15-6 Related operations for mapping all VLANs to the MSTP instances To... Map all VLANs to CIST instance 0
Issue 02 (2008-04-25)
Run the Command... undo vlan-mapping module

15-11
To... Activate the configuration of the MST region Query the effective configuration of the MST region
Run the Command... active region-configuration display stp region-configuration
15.4.5 Setting the MSTP Revision Level

This topic describes how to set the MSTP revision level.
l l
By default, the revision level is 0. Activate the setting to validate it.

NOTE
l l
When you configure the parameters related to the MST region, the current device is placed into a specified MST region. Two devices belong to the same MST region when they meet the following conditions:
l l
They have the same MST region name and the MSTP revision level. The VLAN mapping tables, which correspond to all the spanning tree instances, must be the same with each other.
Procedure
Step 1 Run the stp region-configuration command to enter MST region mode. Step 2 Run the revision-level command to set the MSTP revision level of the device. Step 3 Run the check region-configuration command to query the parameters of the current MST region. ----End
Example
To set the MSTP revision level as 100, do as follows:
huawei(config)#stp region-configuration huawei(stp-region-configuration)#revision-level 100 huawei(stp-region-configuration)#check region-configuration Admin configuration Format selector :0 Region name :00e0fc995050 Revision level :100 Instance 0 Vlans Mapped 1 to 4094
Related Operations
Table 15-7 lists the related operations for setting the MSTP revision level of the device.
Table 15-7 Related operations for setting the MSTP revision level of the device To... Restore the MSTP revision level Activate the configuration of the MST region Query the configuration of the validated MST region Run the Command... undo revision-level active region-configuration display stp region-configuration
15.4.6 Restoring the Default Settings for All Parameters of the MST Region
This topic describes how to restore the default settings for all parameters of the MST region.
By default, the name of the MST region is its management MAC address, all VLANs are mapped to instance 0, and the revision level of MSTP is 0.
Procedure
Step 1 Run the reset stp region-configuration command to restore the default settings to all parameters of the MST region. Step 2 Run the stp region-configuration command to switch over to MST region mode. Step 3 Run the display stp region-configuration command to query the configuration of the MST region. ----End
Example
To restore the default settings for all parameters of the MST region, do as follows:
huawei(config)#reset stp region-configuration huawei(config)#stp region-configuration huawei(stp-region-configuration)#display stp region-configuration Oper configuration Format selector :0 Region name :00e0fc995050 Revision level :0 Instance 0 Vlans Mapped 1 to 4094
15.5 Activating the Configuration of the MST Region

This topic describes how to activate the configuration of the MST region.
When you configure the parameters related to the MST region, especially the VLAN mapping table, MSTP recalculates the spanning tree. This results in an unstable network topology. To prevent it, MSTP does not recalculate the spanning tree immediately after you configure the parameters, unless the following conditions are met:
l
Run the active region-configuration command to activate the configuration of the MST region. Run the stp enable command to enable the MSTP function.
Procedure
Step 1 Run the stp region-configuration command to switch over to MST region mode. Step 2 Run the active region-configuration command to activate the configuration of the MST region. Step 3 Run the display stp region-configuration command to query the effective configuration of the MST region. ----End
Example
To activate the configuration of the MST region, do as follows:
huawei(config)#stp region-configuration huawei(stp-region-configuration)#active region-configuration huawei(stp-region-configuration)#display stp region-configuration Oper configuration Format selector :0 Region name :huawei-mstp-bridge Revision level :100 Instance 0 Vlans Mapped 1 to 4094
Related Operation
Table 15-8 lists the related operation for activating the configuration of the MST region. Table 15-8 Related operation for activating the configuration of the MST region To... Query the configuration of the current MST region Run the Command... check region-configuration
15.6 Specifying the Device as a Root Bridge or a Backup Root Bridge

This topic describes how to specify the device as a root bridge or a backup root bridge.
l l
By default, the device is not used as a root bridge or a backup root bridge. After specifying the current bridge as a root bridge or a backup root bridge, you cannot modify the system priority of the root bridge. One spanning tree instance can be configured with only one root bridge, but more backup root bridges.

If the root bridge fails or is powered off, the backup root bridge is used as the root bridge. If multiple backup root bridges are configured, the root bridge with the smallest MAC address is used as the root bridge of the specified spanning tree instance.
Procedure
Step 1 Run the stp root command to specify the device as a root bridge or a backup root bridge. Step 2 Run the display stp command to query the MSTP configuration of the device. ----End
Example
To specify the current device as the root bridge of MSTP instance 2, do as follows:
huawei(config)#stp instance 2 root primary
NOTE
If you do not specify the parameter instance instance-id, the setting takes effect only to the CIST instance.
huawei(config)#display stp instance 2 { <cr>|port<K> }: Command: display stp instance 2 The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 3 days :15m:52s ============================== Bridge Priority : 0 Hello Time: 2 sec IST Root Priority : 0 Hello Time: 2 sec Instance 2 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
Path cost to IST root bridge is 0
Related Operation
Table 15-9 lists the related operation for specifying the device as a root bridge or a backup root bridge. Table 15-9 Related operation for specifying the device as a root bridge or a backup root bridge To... Restore the device to be a root bridge or a backup root bridge Run the Command... undo stp root
Issue 02 (2008-04-25)
15-15
15.7 Setting the Priority of the Device in the Specified Spanning Tree Instance
This topic describes how to set the priority of the device in the specified spanning tree instance.
l l
The priority of the device ranges from 0 to 61440, with the step of 4096. By default, it is 32768. The priority of the device determines whether it can be selected as the root bridge of the spanning tree. A device with a smaller priority is likely to be selected as the root bridge of the spanning tree. The device that supports MSTP has different priorities in different spanning tree instances. If the devices have the same priority, then the device with the smallest MAC address is selected as the root bridge of the spanning tree.
l l
Procedure
Step 1 Run the stp priority command to set the priority of the device in the specified spanning tree instance. Step 2 Run the display stp command to query the MSTP configuration of the device. ----End
Example
To set the priority of the device in spanning tree instance 2 as 4096, do as follows:
huawei(config)#stp instance 2 priority 4096
NOTE
If you set the parameter instance instance-id as 0, the priority you set is used as the priority of the device in the CIST.
huawei(config)#display stp instance 2 { <cr>|port<K> }: Command: display stp instance 2 The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 3 days :16m:20s ============================== Bridge Priority : 4096 Hello Time: 2 sec IST Root Priority : 4096 Hello Time: 2 sec Instance 2 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
Path cost to IST root bridge is 0
Related Operations
Table 15-10 lists the related operations for setting the priority of the device in the specified spanning tree instance.
Table 15-10 Related operations for setting the priority of the device in the specified spanning tree instance To... Restore the default priority of the device in the specified spanning tree instance Set the priority of the port in the specified spanning tree instance Run the Command... undo stp priority stp port port-priority
15.8 Setting the Maximum Number of Hops of the MST Region

This topic describes how to set the maximum number of hops of the MST region.
l l
By default, the maximum number of hops of the MST region is 20. The device takes the root device of the spanning tree in the MST region as a start point. When the configuration message in the region, that is, the BPDU packet, is forwarded by one device, the hop is reduced by 1. The device drops the packet with the hop of 0. In this case, the network scale in the region is restricted. If the current device becomes the root bridge device of the CIST or multiple spanning tree instance (MSTI) in the MST region, the maximum number of hops configured on the bridge device becomes the network diameter of the spanning tree. In this case, the spanning tree scale in the region is restricted.
Procedure
Step 1 Run the stp max-hops command to set the maximum number of hops of the MST region. Step 2 Run the display stp command to query the MSTP configuration of the current device. ----End
Example
To set the maximum number of hops of the MST region to 10, do as follows:
huawei(config)#stp max-hops 10 huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 10 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 3 days :17m:39s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Instance 0 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050
Issue 02 (2008-04-25)
15-17
Hello Time: 2 sec Priority : 32768 Hello Time: 2 sec

Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
CST Root
Related Operation
Table 15-11 lists the related operation for setting the maximum number of hops of the MST region. Table 15-11 Related operation for setting the maximum number of hops of the MST region To... Restore the default maximum number of hops of the device Run the Command... undo stp max-hops
15.9 Setting the Diameter of the Switching Fabric

This topic describes how to set the diameter of the switching fabric.
l l
The setting takes effect only to CIST. If the current device becomes the root bridge of the CIST or MSTI in the MST region, the maximum hop configured on the root bridge is the network diameter of the spanning tree. The parameters Hello Time, Forward Delay and Max Age are related to the network scale. When you set the diameter of the switching fabric, MSTP sets automatically the parameters Hello Time, Forward Delay and Max Age to a proper value based on the configured network diameter. By default, the diameter of the switching fabric is 7, the Forward Delay is 15s, the Hello Time is 2s, and the Max Age is 20s.
NOTE
l l
The diameter of the switching fabric is the path with the most switching devices along it. The diameter is indicated by the number of the switching devices along the path. Network diameter indicates the scale of a network. The larger the network diameter is, the larger the network scale is.
Procedure
Step 1 Run the stp bridge-diameter command to set the diameter of the switching fabric. Step 2 Run the display stp command to query the MSTP configuration of the device. ----End
Example
To set the diameter of the switching fabric to 6, do as follows:
huawei(config)#stp bridge-diameter 6 huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 6 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 3 days :17m:55s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 13 sec Max Age: 18 sec MAC Address : 00e0-fc99-5050 Forward Delay: 13 sec Max Age: 18 sec MAC Address : 00e0-fc99-5050 Forward Delay: 13 sec Max Age: 18 sec
Related Operation
Table 15-12 lists the related operation for setting the diameter of the switching fabric. Table 15-12 Related operation for setting the diameter of the switching fabric To... Restore the default diameter of the switching fabric Run the Command... undo stp bridge-diameter
15.10 Setting the Calculation Standard for the Path Cost

This topic describes how to set the calculation standard for the path cost.
l
The MA5600T supports three kinds of calculation standards for the path cost: the IEEE 802.1d standard (dot1d), the IEEE 802.1t standard (dot1t), and the private standard of Huawei (legacy). By default, the private standard of Huawei (legacy) is used. After the calculation standard is set, the path cost of the device is calculated based on it automatically. Different calculation standards define different path cost values for the ports. If the set calculation standard is different from the current standard, all ports use the default path cost of the set calculation standard.
Issue 02 (2008-04-25)
15-19
Procedure
Step 1 Run the stp pathcost-standard command to set the calculation standard for the path cost. Step 2 Run the display stp command to query the MSTP configuration of the device. ----End
Example
To set the calculation standard for the path cost as IEEE 802.1t, do as follows:
huawei(config)#stp pathcost-standard dot1t huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 6 Max Hops : 20 PathCost standard : DOT1T BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 95 Time since last TC : 0 days : 0m: 4s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc00-0056 Forward Delay: 13 sec Max Age: 18 sec MAC Address : 00e0-fc00-0056 Forward Delay: 13 sec Max Age: 18 sec MAC Address : 00e0-fc00-0056 Forward Delay: 13 sec Max Age: 18 sec
Related Operation
Table 15-13 lists the related operation for setting the calculation standard for the path cost. Table 15-13 Related operation for setting the calculation standard for the path cost To... Restore the default calculation standard for the path cost Run the Command... undo stp pathcost-standard
15.11 Setting the Time Parameters of the Specified Network Bridge

This topic describes how to set the time parameters of the specified network bridge. The time parameters include Forward Delay, Hello Time, MAX Age, and Time Factor. 15.11.1 Setting the Forward Delay of the Specified Network Bridge This topic describes how to set the Forward Delay of the specified network bridge.
15.11.2 Setting the Hello Time of the Specified Network Bridge This topic describes how to set the Hello Time of the specified network bridge. 15.11.3 Setting the Max Age of the Specified Network Bridge This topic describes how to set the Max Age of the specified network bridge. 15.11.4 Setting the Timeout Time Factor of the Specified Network Bridge This topic describes how to set the timeout time factor of the specified network bridge.
15.11.1 Setting the Forward Delay of the Specified Network Bridge

This topic describes how to set the Forward Delay of the specified network bridge.
l
For MSTP, when the port switches from discarding to forwarding state, an intermediate state (Learning) is used if the rapid transition condition of the port state is not met, and the state switching needs to wait for some time. This is to maintain the state switching concurrent with the remote switch and to prevent temporary loops. The Forward Delay of the root bridge specifies the interval of state transition. If the current device is a root bridge, its state transition interval is specified by the Forward Delay. The other devices use the Forward Delay specified by the root bridge to perform state transition. The three time parameters, Forward Delay, Hello Time, and Max Age must comply with the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second) Max Age 2 x (Hello Time + 1.0 second). By default, the Forward Delay is 15 seconds. The unit of the Forward Delay is centisecond (one second equals to 100 centiseconds).
NOTE
The time parameters of MSTP are related to the network scale. You are recommended to run the stp bridgediameter command to specify the network diameter of the switching fabric. In this case, MSTP adjusts the Hello Time, Forward Delay and Max Age to the proper values automatically based on the specified network diameter.
Procedure
Step 1 Run the stp timer forward-delay command to set the Forward Delay of the specified network bridge. Step 2 Run the display stp command to query the MSTP configuration of the device. ----End
Example
To set the Forward Delay of the specified network bridge to 2000 centiseconds, do as follows:
huawei(config)#stp timer forward-delay 2000 huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 6 Max Hops : 20 PathCost standard : DOT1T BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 96 Time since last TC : 0 days : 1m:15s
Issue 02 (2008-04-25)
15-21
============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec
Instance 0 ================================== MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 18 sec MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 18 sec MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 18 sec
Related Operations
Table 15-14 lists the related operations for setting the Forward Delay of the specified network bridge. Table 15-14 Related operations for setting the Forward Delay of the specified network bridge To... Restore the default Forward Delay Set the Hello Time of the specified network bridge Set the Max Age of the specified network bridge Run the Command... undo stp timer forward-delay stp timer hello stp timer max-age
15.11.2 Setting the Hello Time of the Specified Network Bridge

This topic describes how to set the Hello Time of the specified network bridge.
l
The device transmits the configuration packets at regular intervals specified by the Hello Time to keep the spanning tree stable. If a device does not receive the configuration packets, it considers that the configuration packets are timed out and then recalculates the spanning tree. If the current device is a root bridge, the configuration packets are sent at regular intervals specified by the Hello Time. The other devices use the Hello Time specified by the root bridge to send the configuration packets. The three time parameters, Forward Delay, Hello Time, and Max Age must comply with the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second) Max Age 2 x (Hello Time + 1.0 second). By default, the Hello Time is 2 seconds. The unit of the Hello Time is centisecond (one second equals to 100 centiseconds).
NOTE
15-22
Issue 02 (2008-04-25)
Procedure
Step 1 Run the stp timer hello command to set the Hello Time of the specified network bridge. Step 2 Run the display stp command to query the MSTP configuration of the device. ----End
Example
To set the Hello Time of the specified network bridge to 1000 centiseconds, do as follows:
huawei(config)#stp timer hello 1000 huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 6 Max Hops : 20 PathCost standard : DOT1T BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 96 Time since last TC : 0 days : 1m:15s ============================== Bridge Priority : 32768 Hello Time: 10 sec IST Root Priority : 32768 Hello Time: 10 sec CST Root Priority : 32768 Hello Time: 10 sec Instance 0 ================================== MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 18 sec MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 18 sec MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 18 sec
Related Operations
Table 15-15 lists the related operations for setting the Hello Time of the specified network bridge. Table 15-15 Related operations for setting the Hello Time of the specified network bridge To... Restore the default Hello Time Set the Forward Delay of the specified network bridge Set the Max Age of the specified network bridge Run the Command... undo stp timer hello stp timer forward-delay stp timer max-age
15.11.3 Setting the Max Age of the Specified Network Bridge

This topic describes how to set the Max Age of the specified network bridge.
l l
The Max Age takes no effect to MSTI. On the CIST, the MA5600T uses the Max Age to determine whether the configuration received by the port is out of date. If it is out of date, the MA5600T recalculates the spanning tree instance. If the device is a CIST root bridge, it uses the Max Age to determine whether the configuration is out of date. If the device is not a CIST root bridge, it uses the Max Age set on the CIST root bridge to determine it. The three time parameters, Forward Delay, Hello Time, and Max Age must comply with the following formula to guarantee network stability: 2 x (Forward Delay - 1.0 second) Max Age 2 x (Hello Time + 1.0 second). By default, the Max Age is 20 seconds. The unit of the Max Age is centisecond (one second equals to 100 centiseconds).
NOTE
Procedure
Step 1 Run the stp timer max-age command to set the Max Age of the specified network bridge. Step 2 Run the display stp command to query the MSTP configuration of the device. ----End
Example
To set the Max Age of the specified network bridge to 3000 centiseconds, do as follows:
huawei(config)#stp timer max-age 3000 huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 6 Max Hops : 20 PathCost standard : DOT1T BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 96 Time since last TC : 0 days : 1m:15s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 10 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 30 sec MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 30 sec MAC Address : 00e0-fc00-0056 Forward Delay: 20 sec Max Age: 30 sec
15-24
Issue 02 (2008-04-25)
Related Operations
Table 15-16 lists the related operations for setting the Max Age of the specified network bridge. Table 15-16 Related operations for setting the Max Age of the specified network bridge To... Restore the default Max Age Set the Forward Delay of the specified network bridge Set the Hello Time of the specified network bridge Run the Command... undo stp timer max-age stp timer forward-delay stp timer hello
15.11.4 Setting the Timeout Time Factor of the Specified Network Bridge
This topic describes how to set the timeout time factor of the specified network bridge.
l
The device that supports MSTP sends Hello packets at regular intervals to the neighboring network bridges. In this case, it checks whether the links are in the normal state. If the device does not receive the Hello packets from the upstream device within a triple Hello Time, it considers the upstream device faulty and recalculates the spanning tree. By doing so, the link problem can be resolved in time. Generally, the network condition is good. If the upstream devices are busy, the spanning tree may be recalculated. You can avoid such an unnecessary calculation by the timeout time factor of the specified network bridge. By default, the timeout time factor of the specified network bridge is 3.
Procedure
Step 1 Run the stp time-factor command to set the timeout time factor of the specified network bridge. Step 2 Run the display stp command to query the MSTP configuration of the device. ----End
Example
To set the timeout time factor of the specified network bridge as 6, do as follows:
huawei(config)#stp time-factor 6 huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 6 Max Hops : 20 PathCost standard : DOT1T BPDU-Protection : disabled
Issue 02 (2008-04-25)
15-25
Time Factor : 6 TC or TCN received : 96 ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 10 sec CST Root Priority : 32768 Hello Time: 2 sec
Time since last TC
: 0 days : 1m:15s
Related Operation
Table 15-17 lists the related operation for setting the timeout time factor of the specified network bridge. Table 15-17 Related operation for setting the timeout time factor of the specified network bridge To... Restore the default timeout time factor of the specified network bridge Run the Command... undo stp time-factor
15.12 Setting the Parameters of the Specified Port

This topic describes how to set the parameters of the specified port. 15.12.1 Setting the Maximum Transmission Rate of the Specified Port This topic describes how to set the maximum transmission rate of the specified port. 15.12.2 Setting the Specified Port as an Edge Port This topic describes how to set the specified port as an edge port. An edge port is not connected to any switching device. 15.12.3 Setting the Path Cost of a Specified Port This topic describes how to set the path cost of a specified port. 15.12.4 Setting the Priority of the Specified Port This topic describes how to set the priority of the specified port. 15.12.5 Setting the Point-to-Point Link Connection of the Specified Port This topic describes how to set the point-to-point link connection of the specified port.
15.12.1 Setting the Maximum Transmission Rate of the Specified Port

This topic describes how to set the maximum transmission rate of the specified port.
15-26
Issue 02 (2008-04-25)
l
The maximum transmission rate of the port indicates the maximum number of MSTP packets transmitted by the port within one Hello Time. The port can transmit a maximum of 255 packets within one Hello Time. The default number of packets transmitted is 3.
Procedure
Step 1 Run the stp port transmit-limit command to set the number of packets transmitted by the port within the Hello Time. Step 2 Run the display stp port command to query the MSTP configuration of the port. ----End
Example
To set the maximum number of packets transmitted by the port within one Hello Time to 16, do as follows:
huawei(config)#stp port 0/9/0 transmit-limit 16 huawei(config)#display stp port { frame/slot/port<S><1,15> }:0/9/0 Command: display stp port 0/9/0 ----[CIST][Port1(Down)]---Port Protocol :enabled Port Role :CIST Disabled Port Port Priority :128 Port Cost :Config=auto / Active=200000 Desg. Bridge/Port :32768.2222-2222-2222 / 128.1 Port Edged(Admin) :disabled Point-to-point :Config=auto / Active=false Transit Limit :16 packets/hello-time Protection Type :None Port Stp Mode :Stp PortTimes :Hello 2 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20 BPDU Sent :0 TCN: 0, Config: 0, RST: 0, MST: 0 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0
Related Operation
Table 15-18 lists the related operation for setting the maximum transmission rate of the specified port. Table 15-18 Related operation for setting the maximum transmission rate of the specified port To... Restore the default maximum number of packets transmitted by the port Run the Command... undo stp port transmit-limit
Issue 02 (2008-04-25)
15-27
15.12.2 Setting the Specified Port as an Edge Port

This topic describes how to set the specified port as an edge port. An edge port is not connected to any switching device.
l
You can set only the port connected to the terminal as an edge port. When the BPDU protection is disabled from the switching device, after the port receives the BPDD packets, even if the port is set as an edge port, it still works as a non-edge port. By default, all ports are set as non-edge ports. If you specify a port as an edge port, the rapid transition can be implemented if the port is transited from blocking to forwarding state. This setting takes effect to all spanning tree instances. When a port is set as an edge port, it works as an edge port on all spanning tree instances. When a port is set as a non-edge port, it works as a non-edge port on all spanning tree instances.
NOTE
For the port directly connected to the terminal, set it as an edge port, and enable its BPDU protection function. For more details, see This topic "15.14.1 Enabling the BPDU Protection Function of the Device." In this case, the rapid transition of the port state can be implemented, and the network security is guaranteed.
Procedure
Step 1 Run the stp port edged-port enable command to set the port as an edge port. Step 2 Run the display stp command to query the MSTP global configuration. ----End
Example
To set port 0/9/0 as an edge port, do as follows:
huawei(config)#stp port 0/9/0 edged-port enable huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 0 days : 2m:25s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
Path cost to IST root bridge is 0 Path cost to CST root bridge is 0 ----------------------------------------------------------------------------Port F/ S/ P Priority Cost Admin-State Role State Type ----------------------------------------------------------------------------1 0/9/ 0 128 200000 Disabled Disa Down Edge
15-28
Issue 02 (2008-04-25)
3 0/9/ 2 128 200000 Enabled Disa Down None 17 0/ 2/ 0 0 200000 Enabled Disa Down None 18 0/ 2/ 1 128 200000 Enabled Disa Down None 19 0/ 2/ 2 128 200000 Enabled Disa Down None 20 0/ 2/ 3 128 200000 Enabled Disa Down None -----------------------------------------------------------------------------
Related Operation
Table 15-19 lists the related operation for setting the specified port as an edge port. Table 15-19 Related operation for setting the specified port as an edge port To... Set a port as a non-edge port Run the Command... stp port edged-port disable
15.12.3 Setting the Path Cost of a Specified Port

This topic describes how to set the path cost of a specified port.
l l
By default, the network bridge obtains the path cost of the port based on the link status. Setting the path cost of the Ethernet port results in the recalculation of the spanning tree. Therefore, the default path cost is recommended.
NOTE
l l
Path cost is a parameter related to the rate of the link connected to the port. For the device that supports MSTP, the port has different path costs in different spanning tree instances. Setting a proper path cost makes various VLAN traffic be forwarded along different physical links. In this case, the VLAN load-sharing function is implemented.
Procedure
Step 1 Run the stp port cost command to set the path cost of a specified port. Step 2 Run the display stp command to query the MSTP global configuration. ----End
Example
To set the path cost of the port in the specified spanning tree instance to 1024, do as follows:
huawei(config)#stp port 0/9/0 instance 0 cost 1024
NOTE
huawei(config)#display stp instance 0 { <cr>|port<K> }: Command: display stp instance 0 The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20
Issue 02 (2008-04-25)
15-29
PathCost standard : LEGACY Time Factor : 3 TC or TCN received : 0 ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec

BPDU-Protection Time since last TC : disabled : 0 days : 5m:27s
Path cost to IST root bridge is 0 Path cost to CST root bridge is 0 ----------------------------------------------------------------------------Port F/ S/ P Priority Cost Admin-State Role State Type ----------------------------------------------------------------------------1 0/9/ 0 128 1024 Disabled Disa Down Edge 3 0/9/ 2 128 200000 Enabled Disa Down None 17 0/ 2/ 0 0 200000 Enabled Disa Down None 18 0/ 2/ 1 128 200000 Enabled Disa Down None 19 0/ 2/ 2 128 200000 Enabled Disa Down None 20 0/ 2/ 3 128 200000 Enabled Disa Down None -----------------------------------------------------------------------------
Related Operation
Table 15-20 lists the related operation for setting the path cost of a specified port. Table 15-20 Related operation for setting the path cost of a specified port To... Restore the default path cost of a specified port Run the Command... undo stp port cost
15.12.4 Setting the Priority of the Specified Port

This topic describes how to set the priority of the specified port.
l
The priority of a port affects its role in the specified spanning tree instance. You can set different priorities for the same port on the different MSTIs. This makes various VLAN traffic be forwarded along different physical links. In this case, the VLAN load-sharing function is implemented. If the priority of the port changes, MSTP recalculates the role of the port and perform state transition. The priority of the port ranges from 0 to 240, with the step of 16. By default, it is 128.
Procedure
Step 1 Run the stp port port-priority command to set the priority of the specified port. Step 2 Run the display stp command to query the MSTP global configuration. ----End
Example
To set the priority of the specified port to 64, do as follows:
huawei(config)#stp port 0/9/0 instance 0 port-priority 64
NOTE
huawei(config)#display stp instance 0 { <cr>|port<K> }: Command: display stp instance 0 The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : disabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 0 days : 5m:57s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
Path cost to IST root bridge is 0 Path cost to CST root bridge is 0 ----------------------------------------------------------------------------Port F/ S/ P Priority Cost Admin-State Role State Type ----------------------------------------------------------------------------1 0/9/ 0 64 1024 Disabled Disa Down Edge 3 0/9/ 2 64 200000 Enabled Disa Down None 17 0/ 2/ 0 0 200000 Enabled Disa Down None 18 0/ 2/ 1 128 200000 Enabled Disa Down None 19 0/ 2/ 2 128 200000 Enabled Disa Down None 20 0/ 2/ 3 128 200000 Enabled Disa Down None -----------------------------------------------------------------------------
Related Operation
Table 15-21 lists the related operation for setting the priority of the specified port. Table 15-21 Related operation for setting the priority of the specified port To... Restore the default priority of the specified port Run the Command... undo stp port port-priority
15.12.5 Setting the Point-to-Point Link Connection of the Specified Port

This topic describes how to set the point-to-point link connection of the specified port.
Issue 02 (2008-04-25)
15-31
l
By default, the point-to-point parameter is set to auto mode. MSTP checks whether the link connected to the specified port is a point-to-point link. The port state cannot be changed rapidly if the port is not connected to a point-to-point link. The default setting is recommended. This setting takes effect to CIST and MSTI. When the port is set as connecting (or not connecting) to the point-to-point link, the setting applies to all the spanning tree instances. If the port is set as connecting to the point-to-point link, but actually it is not connected to a point-to-point link, the port is in loopback state.
NOTE
l l
For an aggregated port, only the primary port can be set as connecting to the point-to-point link. Assume that a port works in auto negotiation mode, if it is in full-duplex mode after the negotiation, it can be set as connecting to the point-to-point link.
Procedure
Run the stp port point-to-point command to set whether the link that is connected to the port is a point-to-point link. ----End
Example
To set the link that is connected to port 0/9/0 as a point-to-point link, do as follows:
huawei(config)#stp port 0/9/0 point-to-point force-true
Related Operation
Table 15-22 lists the related operation for setting the point-to-point link connection of the specified port. Table 15-22 Related operation for setting the point-to-point link connection of the specified port To... Set the link connected to the port as the default state Run the Command... undo stp port point-to-point
15.13 Setting the mCheck Variable

This topic describes how to set the mCheck variable to force a port to work in MSTP mode.
Run the stp port mcheck command to check whether there is any network bridge that runs STP in the subnet to which the current port is connected.

l
If the network bridge that runs STP exists in the subnet where the port is connected, the port runs in MSTP/STP compatible mode automatically. When the network condition is good, though the network bridge that runs STP in the subnet is removed, the port still runs in the STP compatible mode. In this case, run the command to force the port to work in MSTP mode. After that, the type of the packets received by the port determines whether it works in MSTP or STP compatible mode.
This command takes effect only when the network bridge runs MSTP.
Procedure
Run the stp port mcheck command to set the mCheck variable. ----End
Example
To transit port 0/9/0 to work in MSTP mode, do as follows:
huawei(config)#stp port 0/9/0 mcheck
15.14 Configuring the Device Protection Function

This topic describes how to configure the device protection functions, including BPDU protection, loopback protection and root protection. 15.14.1 Enabling the BPDU Protection Function of the Device This topic describes how to enable the BPDU protection function of the device. 15.14.2 Enabling the Loop Protection Function of the Device This topic describes how to enable the loop protection function of the device. 15.14.3 Enabling the Root Protection Function of the Device This topic describes how to enable the root protection function of the device.
15.14.1 Enabling the BPDU Protection Function of the Device

This topic describes how to enable the BPDU protection function of the device.
l l
By default, the BPDU protection function is disabled. If the port of an access device is connected directly to the user terminal, such as a PC, or connected to the file server, the port is usually set as an edge port to implement rapid state transition. When the port receives the BPDU packets, the system sets the port as a nonedge port and recalculates the spanning tree. This results in an unstable network topology. MSTP provides the BPDU protection function to prevent users from forging BPDU packets to attack the device maliciously. If the BPDU protection function is enabled on the device, the system disables the edge port that receives the BPDU packets. If the disabled port does not receive the BPDU packets within 180s, it is enabled automatically.
Issue 02 (2008-04-25)
15-33
Procedure
Step 1 Run the stp bpdu-protection enable command to enable the BPDU protection function of the device. Step 2 Run the display stp command to query the MSTP global configuration. ----End
Example
To enable the BPDU protection function of device, do as follows:
huawei(config)#stp bpdu-protection enable huawei(config)#display stp { <cr>|instance<K>|port<K> }: Command: display stp The bridge is executing the IEEE Multiple Spanning Tree Protocol Bridge Diameter : 7 Max Hops : 20 PathCost standard : LEGACY BPDU-Protection : enabled Time Factor : 3 TC or TCN received : 0 Time since last TC : 0 days : 6m:42s ============================== Bridge Priority : 32768 Hello Time: 2 sec IST Root Priority : 32768 Hello Time: 2 sec CST Root Priority : 32768 Hello Time: 2 sec Instance 0 ================================== MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec MAC Address : 00e0-fc99-5050 Forward Delay: 15 sec Max Age: 20 sec
Related Operation
Table 15-23 lists the related operation for enabling the BPDU protection function of the device. Table 15-23 Related operation for enabling the BPDU protection function of the device To... Disable the BPDU protection function of the device Run the Command... stp bpdu-protection disable
15.14.2 Enabling the Loop Protection Function of the Device

This topic describes how to enable the loop protection function of the device.
l
To prevent the switching fabric loop due to the link congestion or unidirectional link fault, MSTP provides the loop protection function.
15-34

l
After the loop protection function is enabled, the root port keeps its role, and the blocked port keeps its discarding state and does not forward any packets. In this case, the loop does not occur in the network. By default, the loop protection function is disabled.
Procedure
Step 1 Run the stp port loop-protection enable command to enable the loop protection function of the port. Step 2 Run the display stp port command to query the MSTP configuration of the port. ----End
Example
To enable the loop protection function of port 0/9/0, do as follows:
huawei(config)#stp port 0/9/0 loop-protection enable huawei(config)#display stp port 0/9/0 ----[CIST][Port1(Down)]---Port Protocol :enabled Port Role :CIST Disabled Port Port Priority :128 Port Cost :Config=auto / Active=200000 Desg. Bridge/Port :0.00e0-fc99-5050 / 128.1 Port Edged(Admin) :disabled Point-to-point :Config=auto / Active=false Transit Limit :3 packets/hello-time Protection Type :Loop Port Stp Mode :Stp PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20 BPDU Sent :0 TCN: 0, Config: 0, RST: 0, MST: 0 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0 ----[MSTI 2][Port1(Down)]---Port Role :Disabled Port Port Priority :128 Port Cost :Config=auto / Active=200000 ---- More ( Press 'Q' to break ) ----
Related Operations
Table 15-24 lists the related operations for enabling the loop protection function of the device. Table 15-24 Related operations for enabling the loop protection function of the device To... Disable the loop protection function of the device Enable the BPDU protection function of the device Enable the root protection function of the device
Issue 02 (2008-04-25)
Run the Command... stp port loop-protection disable stp bpdu-protection stp port root-protection
15-35
15.14.3 Enabling the Root Protection Function of the Device

This topic describes how to enable the root protection function of the device.
l
Due to the incorrect configuration or malicious attacks, the legal root bridge in the network might receive the configuration packets with a higher priority. In this case, the current root bridge becomes invalid, which causes the network topology changed. MSTP provides the root protection function to prevent such a case. For the port that is enabled with the root protection function, it is only used as a specified port for all instances. Once the port receives the configuration packets with a higher priority, which sets the port as a non-specified port, the port is in the listening state, and does not forward the packets. When the port does not receive the configuration packets with a higher priority for a certain period, the port restores to the normal state. By default, the root protection function of the port is disabled.
Procedure
Step 1 Run the stp port root-protection enable command to enable the root protection function of the port. Step 2 Run the display stp port command to query the MSTP configuration of the port. ----End
Example
To enable the root protection function of port 0/9/0, do as follows:
huawei(config)#stp port 0/9/0 root-protection enable huawei(config)#display stp port 0/9/0 ----[CIST][Port1(Down)]---Port Protocol :enabled Port Role :CIST Disabled Port Port Priority :128 Port Cost :Config=auto / Active=200000 Desg. Bridge/Port :0.00e0-fc99-5050 / 128.1 Port Edged(Admin) :disabled Point-to-point :Config=auto / Active=false Transit Limit :3 packets/hello-time Protection Type :Root Port Stp Mode :Stp PortTimes :Hello 10 s MaxAge 20 s FwDly 15 s Message Age 0 s RemHop 20 BPDU Sent :0 TCN: 0, Config: 0, RST: 0, MST: 0 BPDU Received :0 TCN: 0, Config: 0, RST: 0, MST: 0 ----[MSTI 2][Port1(Down)]---Port Role :Disabled Port Port Priority :128 Port Cost :Config=auto / Active=200000 ---- More ( Press 'Q' to break ) ----
15-36
Issue 02 (2008-04-25)
Related Operations
Table 15-25 lists the related operations for enabling the root protection function of the device. Table 15-25 Related operations for enabling the root protection function of the device To... Disable the root protection function of the device Enable the BPDU protection function of the device Enable the loop protection function of the port Run the Command... stp port root-protection disable stp bpdu-protection stp port loop-protection
15.15 Clear the MSTP Protocol Statistics

This topic describes how to clear the protocol statistics.
You can clear the device/port protocol statistics.
Procedure
l l Run the reset stp statistics command to clear the protocol statistics. Run the reset stp port statistics command to clear the protocol statistics of a port.
----End
Examples
To clear the protocol statistics on the MA5600T, do as follows:
huawei(config)#reset stp statistics
To clear the protocol statistics on the 0/9/0, do as follows:

huawei(config)#reset stp port 0/9/0 statistics
Issue 02 (2008-04-25)
15-37
16 NTP Configuration
16
About This Chapter
NOTE
NTP Configuration
This topic describes how to configure the NTP protocols supported by the MA5600T.
This document describes the configuration on the MA5600T. Each chapter provides an overview of the service configuration, describes the configuration flow with one or more configuration examples, and provides a detailed description of the basic operations on the MA5600T. For the readers who are familiar with the MA5600T, it is recommended that you read the configuration example (s) directly. For the readers who are not familiar with the MA5600T, it is recommended that you read the basic operations first.
16.1 Overview This topic describes the NTP concepts and its specification on the MA5600T. 16.2 Configuration Example of NTP Broadcast Mode This topic describes how to configure the NTP broadcast mode on the MA5600T, and implement the clock synchronization among network devices. The server and the client must be configured in the broadcast mode. After the configuration, the server broadcasts the clock synchronization packets periodically, and the client intercepts the broadcast packets and synchronizes the local clock based on the received packet. 16.3 Configuration Example of NTP Multicast Mode This topic describes how to configure the NTP multicast mode on the MA5600T, and implement the clock synchronization among network devices. After the configuration, the server broadcasts the clock synchronization packets periodically, and the client intercepts the broadcast packets and synchronizes the local clock based on the received packet. 16.4 Configuration Example of NTP Server/Client Mode This topic provides an example for configuring the MA5600T as the NTP client to implement clock synchronization with the NTP server. 16.5 Configuration Example of NTP Peer Mode This topic describes how to configure the NTP peer mode on the MA5600T, and implement the clock synchronization among network devices. In the peer mode, only the active peer needs to be configured, whereas the passive peer needs not to be configured. In addition to it, the active
and passive peers can synchronize each other, and the peer with a higher clock stratum is synchronized by the peer with a lower clock stratum. 16.6 Configuring the NTP ID Authentication This topic describes how to configure the NTP ID authentication to enhance network security and prevent unauthorized clock modification. 16.7 Configuring the NTP Master Clock This topic describes how to configure the NTP master clock. You can select the external reference clock or local clock as the master clock. 16.8 Configuring the NTP Broadcast Mode This topic describes how to configure the MA5600T as the NTP broadcast server mode and NTP broadcast client mode. 16.9 Configuring the NTP Multicast Mode This topic describes how to configure the MA5600T as the NTP multicast server or the client. 16.10 Configuring the NTP Server/Client Mode This topic describes how to configure the MA5600T as the NTP server or the client in the NTP server/client mode. 16.11 Configuring the NTP Peer Mode This topic describes how to configure the MA5600T as the peer of a local device. 16.12 Configuring the Authority of Access to an NTP Service of a Local Device This topic describes how to configure the authority of access to an NTP service of a local device. The access control authority provides minimum security measures. A more secure method is to configure the NTP authentication. 16.13 Configuring an Interface for Transmitting/Receiving NTP Packets This topic describes how to configure an interface for transmitting or receiving NTP packets.
16-2
Issue 02 (2008-04-25)
16.1 Overview
This topic describes the NTP concepts and its specification on the MA5600T.
Service Description
The Network Time Protocol (NTP) is an application layer protocol in the TCP/IP protocol suite. The NTP is used to synchronize the time between the distributed time server and the client. The network devices that support NTP synchronizes the time by exchanging NTP packets to implement various service applications based on universal time, such as the network management system and the network accounting system. The NTP synchronization is a relatively advanced time-based mode. If the network or the lower level server can access the upper level server, the NTP synchronization can be implemented. The NTP mode is accurate to microsecond, hence it is applicable to alarm, log, and charging. For details on NTP, refer to "NTP" in the MA5600T Feature Description.
There are four NTP modes, which are as follows:
l l l l
Server/client Peer Broadcast Multicast
The MA5600T supports all these modes. The MA5600T, which is an access layer device, mainly works in the server/client mode and functions as an NTP client to synchronize the NTP server in the network.
16.2 Configuration Example of NTP Broadcast Mode

This topic describes how to configure the NTP broadcast mode on the MA5600T, and implement the clock synchronization among network devices. The server and the client must be configured in the broadcast mode. After the configuration, the server broadcasts the clock synchronization packets periodically, and the client intercepts the broadcast packets and synchronizes the local clock based on the received packet.
Networking
Figure 16-1 shows an example network for configuring the NTP broadcast mode. An MA5600T functions as an NTP broadcast server, and periodically sends the clock synchronization packets to destination 255.255.255.255. The other MA5600T functions as a client to intercept the broadcast packets from the server, and then synchronizes its clock with the clock of the server.
Issue 02 (2008-04-25)
16-3
Figure 16-1 Example network for configuring the NTP broadcast mode
LAN switch
1.1.1.1/24
1.1.1.2/24
MA5600T_ A
MA5600T_B
Data Plan
Table 16-1 provides the data plan for configuring the NTP broadcast mode. Table 16-1 Data plan for configuring the NTP broadcast mode Item MA5600T_A Data VLAN ID: 2 IP address of the L3 interface 1: 1.1.1.1/24 Clock: selects the local clock as the NTP master clock at stratum 2. MA5600T_B VLAN ID: 2 IP address of the L3 interface 2: 1.1.1.2/24 Clock: is set according to the clock of the broadcast server.
l l
The network devices and the line must be in the normal state. The clock stratum of the synchronizing device must be equal to or lower than the clock stratum of the synchronized device. Otherwise, the clock synchronization fails.
Figure 16-2 shows the flowchart for configuring the NTP broadcast mode.
16-4
Issue 02 (2008-04-25)
Figure 16-2 Flowchart for configuring the NTP broadcast mode
Start
Is there a clock reference? Yes No Configure authentication Yes Enable NTP authentication
No
Configure the master NTP clock
Add a layer 3 virtual port? Yes Add a layer 3 virtual port
No
Configure NTP broadcast mode
Save the data
End
Procedure
l Configure the NTP broadcast server MA5600T_A. 1. 2. Define the local clock of MA5600T_A as the master NTP clock at stratum 2.
huawei(config)#ntp-service refclock-master 2
Enable NTP authentication.

huawei(config)#ntp-service authentication enable huawei(config)#ntp-service authentication-keyid 88 authentication-mode md5 123456 huawei(config)#ntp-service reliable authentication-keyid 88
3.
Add an L3 virtual port.

Issue 02 (2008-04-25)
16-5
4.
Define the master NTP clock as the NTP broadcast server and specify the authentication ID.
huawei(config-if-vlanif2)#ntp-service broadcast-server authentication-keyid 88 huawei(config-if-vlanif2)#quit
5. l
Save the data.

huawei(config)#save
Configure the NTP broadcast client MA5600T_B. 1. Enable NTP authentication.

2.

3. 4. ----End
Define the MA5600T_B as a broadcast client.

huawei(config-if-vlanif2)#ntp-service broadcast-client
Save the data.

huawei(config)#save
Result
Perform the following steps to verify the configuration: 1. After synchronization, check the status of MA5600T_B.
huawei(config)#display ntp-service status clock status: synchronized clock stratum: 3 reference clock ID: 1.1.1.1 nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 996.5820 ms root delay: 0.00 ms root dispersion: 10.45 ms peer dispersion: 10.93 ms reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
According to the preceding configurations, the clock of the MA5600T_B is at stratum 3, and is synchronized with the clock of the MA5600T_A. 2. Check the sessions of the MA5600T_B.
huawei(config)#display ntp-service sessions { <cr>|verbose<K> }: Command: display ntp-service sessions source reference stra reach poll now offset delay disper ****************************************************************************** ** [1234]1.1.1.1 LOCAL(0) 2 376 64 27 991.1 0.0 1.9 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
By analyzing the sessions of the MA5600T_B, you can find that the MA5600T_B is connected to the MA5600T_A.
16.3 Configuration Example of NTP Multicast Mode

This topic describes how to configure the NTP multicast mode on the MA5600T, and implement the clock synchronization among network devices. After the configuration, the server broadcasts the clock synchronization packets periodically, and the client intercepts the broadcast packets and synchronizes the local clock based on the received packet.
Networking
Figure 16-3 shows an example network for configuring the NTP multicast mode. The MA5600T_A sends multicast packets through VLAN interface 2, whereas the MA5600T_B intercepts multicast information from VLAN interface 2. After receiving multicast packets from the MA5600T_A, the MA5600T_B synchronizes with the MA5600T_A. Figure 16-3 Example network for configuring the NTP multicast mode
LAN switch
1.1.1.1/24
1.1.1.2/24
MA5600T_ A
MA5600T_B
Data Plan
Table 16-2 provides the data plan for configuring the NTP multicast mode. Table 16-2 Data plan for configuring the NTP multicast mode Item MA5600T_A Data IP address of the L3 interface 2: 1.1.1.1/24 Clock: selects the local clock as the NTP master clock at stratum 2. MA5600T_B IP address of the L3 interface 2: 1.1.1.2/24 Clock: follows the clock of the multicast server.
Issue 02 (2008-04-25)
16-7
The stratum of the NTP server must be higher than or equal to the stratum of the NTP client. Otherwise, the synchronization fails.
Figure 16-4 shows the flowchart for configuring the NTP multicast mode. Figure 16-4 Flowchart for configuring the NTP multicast mode
Start
Is there a clock reference? Yes No Configure authentication? Yes Configure the NTP authentication
No
Configure the master NTP clock
No
Configure NTP multicast mode
Save the data
End
Procedure
l Configure the NTP multicast server MA5600T_A. 1. Set the local clock as the master clock working at stratum 2.
16-8
Issue 02 (2008-04-25)
2.
Configure the NTP authentication.

3.

4.
Set the MA5600T_A as the multicast server and specify the authentication ID.
huawei(config-if-vlanif2)#ntp-service multicast-server authenticationkeyid 88
5. l
Save the data.

huawei(config)#save
Configure the NTP multicast host MA5600T_B. 1. Configure the NTP authentication.
2.

3.
Set the MA5600T_B as an NTP multicast client.

huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)# ntp-service multicast-client
4. ----End
Save the data.

huawei(config)#save
Result
Perform the following steps to verify the configuration: 1. After synchronization, check the status of the MA5600T_B.
huawei(config)#display ntp-service status clock status: synchronized clock stratum: 3 reference clock ID: 1.1.1.1 nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 996.5820 ms root delay: 0.00 ms root dispersion: 10.45 ms peer dispersion: 10.93 ms reference time: 12:10:10.170 UTC May 14 2005(C6306922.2BC286F8)
According to the preceding configurations, the clock of the MA5600T_B is at stratum 3, and is synchronized with the clock of the MA5600T_A. 2. Check the sessions of the MA5600T_B.
huawei(config)#display ntp-service sessions { <cr>|verbose<K> }: Command: display ntp-service sessions
Issue 02 (2008-04-25)
16-9

source reference stra reach poll now offset delay disper ****************************************************************************** ** [1234]1.1.1.1 LOCAL(0) 2 376 64 27 991.1 0.0 1.9 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
By analyzing the sessions of the MA5600T_B, you can find that the MA5600T_B is connected to the MA5600T_A.
16.4 Configuration Example of NTP Server/Client Mode

This topic provides an example for configuring the MA5600T as the NTP client to implement clock synchronization with the NTP server.
Prerequisites
l l
The NTP server has been configured and must be in the normal state. There is a route from the NTP server to the gateway of the MA5600T.
Networking
Figure 16-5 shows an example network for configuring NTP server/client mode. An MA5600T functions as an NTP broadcast server, while the other MA5600T functions as a client. The client sends the clock synchronization request to the server and the server synchronizes the clock according to the request. Figure 16-5 Example network for configuring NTP server/client mode
Router
NTP server
CON ETH ESC GE 0/19/0
SCU
MA5600T
Data Plan
Table 16-3 provides the data plan for configuring NTP server/client mode.
16-10
Issue 02 (2008-04-25)
Table 16-3 Data plan for configuring NTP server/client mode Item Layer 3 interface Data VLAN: 2 Upstream port: 0/9/0 IP address of the L3 interface: 10.10.10.10/24, IP address of the gateway: 10.10.10.1 NTP server IP address: 195.10.10.10/24
Figure 16-6 shows the flowchart for configuring NTP server/client mode. Figure 16-6 Flowchart for configuring the NTP server/client mode
Start Configure the layer 3 interface Specify the IP address of the NTP server Add the static route
Configure the ACL rule
Save the data
End
Procedure
Step 1 Configure the L3 interface.
Step 2 Specify the IP address of the NTP server.

huawei(config)#ntp-service unicast-server 195.10.10.10
Step 3 Add the static route to the NTP server.

huawei(config)#ip route-static 195.10.10.10 255.255.255.255 10.10.10.1 preference 1
Issue 02 (2008-04-25)
16-11
Step 4 Configure the ACL rule. Filter the packet that pass through the L3 interface. Only the IP packet from the log host is allowed to access the L3 interface; others without authorization are denied.
huawei(config)#acl 3010 huawei(config-acl-adv-3010)#rule permit ip source 195.10.10.10 0.0.0.0 destination 10.10.10.10 0.0.0.0 huawei(config-acl-adv-3010)#rule deny ip source any destination 10.10.10.10 0.0.0.0 huawei(config-acl-adv-3010)#quit huawei(config)#packet-filter inbound ip-group 3010 port 0/9/0

huawei(config)#save
----End
Result
1. Query the status of the MA5600T before the synchronization.
huawei(config)#display ntp-service status clock status: unsynchronized clock stratum: 16 reference clock ID: none nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 0.00 ms peer dispersion: 0.00 ms reference time: 00:00:00.000 UTC Jan 1 1900 (00000000.00000000)
2.
Query the status of the MA5600T after the synchronization.

huawei(config)#display ntp-service status clock status: synchronized clock stratum: 3 reference clock ID: 195.10.10.10 nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 1189.3705 ms root delay: 999.73 ms root dispersion: 0.11 ms peer dispersion: 10.94 ms
16-12
Issue 02 (2008-04-25)

reference time: 18:14:38.1000 UTC Apr 26 2007 (C9DB6A8E.FFFFFFFF)
3.
Query the sessions of the MA5600T.

huawei(config)#display ntp-service sessions { <cr>| verbose<K> }: Command: display ntp-service sessions source reference stra reach poll now offset delay disper ****************************************************************************** ** [12345]195.10.10.10 LOCAL(0) 2 377 64 20 -307 -0.3 4.9 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured, 6 vpninstance
16.5 Configuration Example of NTP Peer Mode

This topic describes how to configure the NTP peer mode on the MA5600T, and implement the clock synchronization among network devices. In the peer mode, only the active peer needs to be configured, whereas the passive peer needs not to be configured. In addition to it, the active and passive peers can synchronize each other, and the peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.
Networking
Figure 16-7 shows an example network for configuring the NTP peer mode. One MA5600T functions as an NTP active peer, whereas the other MA5600T functions as a passive peer. The active peer sends a clock synchronization request to the passive peer, and the passive peer responds to the request. In this case, the peer with a higher clock stratum is synchronized by the peer with a lower clock stratum. Figure 16-7 Example network for configuring the NTP peer mode
LAN switch
1.1.1.1/24
1.1.1.2/24
MA5600T_ A
MA5600T_B
Issue 02 (2008-04-25)
16-13
Data Plan
Table 16-4 provides the data plan for configuring the NTP peer mode. Table 16-4 Data plan for configuring the NTP peer mode Item MA5600T_A Data IP address of VLAN interface 2: 1.1.1.1/24 Clock: selects the local clock as the NTP master clock at stratum 2. MA5600T_B IP address of VLAN interface 2: 1.1.1.2/24 Clock: selects the MA5600T_A as the peer.
Figure 16-8 shows the flowchart for configuring the NTP peer mode.
16-14
Issue 02 (2008-04-25)
Figure 16-8 Flowchart for configuring the NTP peer mode
Start
Is there a clock reference? Yes No Configure authentication? Yes Configure the NTP authentication
No
Configure the NTP master clock
No
Configure NTP peer mode
Save the data
End
Procedure
l Configure the server MA5600T_A. 1. 2. Set the local clock as the NTP master clock at stratum 2.

3. 4.
Set the MA5600T_B as the peer.

huawei(config)#ntp-service unicast-peer 1.1.1.2
Save the data.

huawei(config)#save
Issue 02 (2008-04-25)
16-15
Configure the MA5600T_B as the passive peer. 1. Add an L3 virtual port.

2. ----End
Save the data.

huawei(config)#save
Result
According to the preceding configurations, the MA5600T_A and MA5600T_B are defined as peers. The MA5600T_A works in the active peer mode, and the MA5600T_B works in the passive peer mode. By default, the system clock is at stratum 16; hence, the clock of the MA5600T_B is at stratum 16. The clock of the MA5600T_A is at stratum 2. Therefore, the MA5600T_B synchronizes with the MA5600T_A. You can verify the configuration by performing the following steps: 1. Check the status of the MA5600T_B before the synchronization.
huawei(config)#display ntp-service status clock status: synchronized clock stratum: 16 reference clock ID: none nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 8.18 ms root dispersion: 0.15 ms peer dispersion: 10.94 ms reference time: 11:06:39.203 UTC May 14 2005(C6305A3F.3422EE41)
2.
Check the status of the MA5600T_B after the synchronization.

huawei(config)#display ntp-service status clock status: synchronized clock stratum: 3 reference clock ID: 1.1.1.1 nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 8.18 ms root dispersion: 0.15 ms peer dispersion: 10.94 ms reference time: 11:06:39.203 UTC May 14 2005(C6305A3F.3422EE41)
The MA5600T_A is synchronized with MA5600T_B, and the stratum of MA5600T_B is 3, which is one more than the stratum of MA5600T_A.
NOTE
Whether the active peer synchronizes with the passive peer or the passive peer synchronizes with active peer is determined by the clock stratum and is not determined by the active or the passive states of the peers.
16-16
Issue 02 (2008-04-25)
16.6 Configuring the NTP ID Authentication

This topic describes how to configure the NTP ID authentication to enhance network security and prevent unauthorized clock modification.
l
If the NTP authentication is disabled on the client, the client can synchronize with the server, regardless of whether the NTP authentication is enabled on the server. If NTP authentication is enabled, a reliable key should be configured. The configuration of the server should be consistent with the configuration of the client. If NTP is enabled on the client, the client can pass the authentication by the server only if the server is configured with the same key as the key of the client, regardless of whether NTP authentication is enabled on the server or its key is reliable. The client synchronizes with the server that provides the reliable key. If the server provides an unreliable key, the client does not synchronize with the server.
l l l
Figure 16-9 shows the flowchart for configuring the NTP server/client mode with ID authentication. Figure 16-9 Flowchart for configuring the NTP server/client mode with ID authentication
Start
Enable the NTP ID authentication
Set a key for the ID authentication
Define the key as a reliable one
Query the current configuration of the system
End
Procedure
Step 1 Run the ntp-service authentication enable command to enable the NTP ID authentication. Step 2 Run the ntp-service authentication-keyid command to set a key for the ID authentication.
Step 3 Run the ntp-service reliable authentication-keyid command to define the key as a reliable key. Step 4 Run the display current-configuration section command to query the current configuration of the system. ----End
Example
To enable the NTP ID authentication, configure the NTP configuration key as aNiceKey with key number 42, and then define key 42 as a reliable key, do as follows:
huawei(config)#ntp-service authentication enable huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey huawei(config)#ntp-service reliable authentication-keyid 42 huawei(config)#display current-configuration section post-system # [post-system] <post-system> ip route-static 0.0.0.0 0.0.0.0 10.71.55.1 ip route-static 2.2.2.2 255.255.255.255 10.1.1.2 ip route-static 2.2.2.2 255.255.255.255 20.1.1.2 # static-lsp ingress tunnel-interface tunnel1 destination 2.2.2.2 nexthop 10.1.1 .2 out-label 8200 static-lsp ingress tunnel-interface tunnel2 destination 2.2.2.2 nexthop 20.1.1 .2 out-label 8210 # snmp-agent local-engineid 000007DB0300E0FC590001 snmp-agent sys-info version v1 v2c snmp-agent group v3 group authentication read-view internet snmp-agent usm-user v3 user group authentication-mode md5 5B35F3BA2B65CA9D4A35CC868E5963CF privacy-mode des56 B889728872508FA68D4C91595D092958 snmp-agent # ntp-service authentication enable ntp-service authentication-keyid 42 authentication-mode md5 X&9#$^U(!:[Q=^Q` MAF4<1!! ntp-service reliable authentication-keyid 42 # ssh user op authentication-type password ssh user user authentication-type password ssh user test authentication-type password # tunnel-policy policy10 # return
Related Operations
Table 16-5 lists the related operations for configuring the NTP ID authentication. Table 16-5 Related operations for configuring the NTP ID authentication To... Disable the NTP ID authentication
16-18
Run the Command... undo ntp-service authentication enable
Issue 02 (2008-04-25)
To... Remove the NTP authentication key Cancel a key as a reliable key Display the NTP service status
Run the Command... undo ntp-service authentication-keyid undo ntp-service reliable authentication-keyid display ntp-service status
16.7 Configuring the NTP Master Clock

This topic describes how to configure the NTP master clock. You can select the external reference clock or local clock as the master clock.
l
The IP address of the local reference clock is set to 127.127.t.u, in which:

t ranges from 0 to 37, but is currently set to 1. u ranges from 0 to 3, representing the NTP process number.
When the IP address is not specified, local clock 127.127.1.0 functions as the NTP master clock by default. Clock stratum represents clock accuracy. The clock stratum number ranges from 1 to 15. The default value of the clock stratum is 16 before it is configured. The most accurate clock is at stratum 1. The larger the clock stratum number, the lower is the clock accuracy.
Procedure
Step 1 Run the ntp-service refclock-master command to configure the NTP master clock. Step 2 Run the display ntp-service status command to query the NTP status information. ----End
Example
To define the clock of a local device as the master NTP clock at stratum 2 and specify the IP address as 127.127.127.0, do as follows:
huawei(config)#ntp-service refclock-master 127.127.1.0 2 huawei(config)#display ntp-service status clock status: synchronized clock stratum: 2 reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 0.00 ms peer dispersion: 10.00 ms reference time: 13:41:41.065 UTC Feb 14 2006(C79C5C95.10ADBC66)
Issue 02 (2008-04-25)
16-19
Related Operation
Table 16-6 lists the related operation for configuring the NTP master clock. Table 16-6 Related operation for configuring the NTP master clock To... Cancel the NTP master clock Run the Command... undo ntp-service refclock-master
16.8 Configuring the NTP Broadcast Mode

This topic describes how to configure the MA5600T as the NTP broadcast server mode and NTP broadcast client mode. 16.8.1 Configuring the NTP Broadcast Server Mode This topic describes how to configure the MA5600T as the NTP broadcast server. 16.8.2 Configuring the NTP Broadcast Client Mode This topic describes how to configure the MA5600T as the NTP broadcast client.
16.8.1 Configuring the NTP Broadcast Server Mode

This topic describes how to configure the MA5600T as the NTP broadcast server.
l
This task is performed to specify an interface on the local device to transmit the NTP broadcast packets. The local device operates in the broadcast-server mode, and functions as a broadcast server to broadcast packets to its clients regularly. Perform this operation on the interface where the NTP broadcast packets are to be transmitted.
Procedure
Step 1 Run the interface vlanif command to enter the VLAN interface mode. Step 2 Run the ntp-service broadcast-server command to configure the NTP broadcast server mode. Step 3 Run the display current-configuration section command to query the current configuration of the system. ----End
Example
To define VLAN interface 2 on a local device to transmit NTP broadcast packets which are encrypted by key 88, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ntp-service broadcast-server authentication-keyid 88
16-20
Issue 02 (2008-04-25)
Related Operations
Table 16-7 lists the related operations for configuring the NTP broadcast server mode. Table 16-7 Related operations for configuring the NTP broadcast server mode To... Cancel the broadcast server configuration Display NTP service trace Run the Command... undo ntp-service broadcast-server display ntp-service trace Remarks Synchronize NTP server chain from the local device to the reference clock source, and display brief information on each NTP server. -
Display the state of sessions maintained by NTP service Enable NTP debugging
display ntp-service sessions debugging ntp-service
16.8.2 Configuring the NTP Broadcast Client Mode

This topic describes how to configure the MA5600T as the NTP broadcast client.
l
The local device first detects the broadcast packets from the server. When the local device receives the first broadcast packet, it enters the client/server mode briefly to exchange packets with a remote server for estimating the network delay. The local device then enters the broadcast client mode, continues to detect the broadcast packets, and synchronizes the local clock according to the received broadcast packets. Perform this operation on the interface where the NTP multicast packets are to be transmitted.
Procedure
Step 1 Run the interface vlanif command to enter the VLAN interface mode. Step 2 Run the ntp-service broadcast-client command to configure the NTP broadcast client mode. Step 3 Run the display ntp-service status command to query the NTP information. ----End
Example
To specify a local device as a broadcast client to receive broadcast packets through VLAN interface 2, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ntp-service broadcast-client huawei(config)#display ntp-service status
Issue 02 (2008-04-25)
16-21
huawei#display ntp-service status clock status: synchronized clock stratum: 3 reference clock ID: 212.125.95.4 nominal frequence: 100.0000 Hz actual frequence: 100.0000 Hz clock precision: 2^6 clock offset: 0.5809 ms root delay : 372.66 ms root dispersion: 23.87 ms peer disper: 10.83 ms reference time: 04:01:11.344 UTC May 16 2003(C26EE107.5847A17F)
Related Operations
Table 16-8 lists the related operations for configuring the NTP broadcast client mode. Table 16-8 Related operations for configuring the NTP broadcast client mode To... Cancel the broadcast client configuration Display NTP service trace Run the Command undo ntp-service broadcast-client display ntp-service trace
16.9 Configuring the NTP Multicast Mode

This topic describes how to configure the MA5600T as the NTP multicast server or the client.
Working principle of the NTP multicast server is as follows:
l
The multicast server sends the clock synchronization packets to multicast destination IP address 224.0.1.1. The client detects the multicast packets and synchronizes the local clock according to the packets.
Working principles of the NTP multicast client are as follows:

l
The local device first detects the multicast packets from the server. When local device receives the first multicast packet, it enters the client/server mode briefly to exchange packets with a remote server for estimating the network delay. The local device then enters the multicast client mode, continues to detect the multicast packets, and synchronizes the local clock according to the received multicast packets.
Note the following:

l
The server and the client can be configured only on the interface where the NTP multicast packets are to be transmitted or received. In the multicast mode, the NTP configurations must be performed on both the server and the client. The client must be synchronized by the clock of the server.
Procedure
Step 1 Run the interface vlanif command to enter the L3 interface mode.
Step 2 Run the ntp-service multicast-server command to configure the NTP multicast mode. Step 3 Run the display ntp-service status command to query the NTP status information. ----End
Examples
To define a local device as multicast server to transmit multicast packets through VLAN interface 2, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ntp-service multicast-server huawei(config-if-vlanif2)#quit huawei(config)#display ntp-service status clock status: synchronized clock stratum: 2 reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 10.94 ms peer dispersion: 10.00 ms reference time: 21:57:54.244 UTC Sep 9 2006(C8ADB762.3E7CD035)
To define a local device as multicast client to receive multicast packets through VLAN interface 2, do as follows:
huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ntp-service multicast-client huawei(config)#display ntp-service status UA5000(config)#display ntp-service status clock status: synchronized clock stratum: 2 reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 10.94 ms peer dispersion: 10.00 ms reference time: 22:00:03.537 UTC Sep 9 2006(C8ADB7E3.89A7E308)
Related Operations
Table 16-9 lists the related operations for configuring the NTP multicast mode. Table 16-9 Related operations for configuring the NTP multicast mode To... Cancel the multicast server configuration Cancel the multicast client configuration Display NTP service trace Run the Command undo ntp-service multicast-server undo ntp-service multicast-client display ntp-service trace
Issue 02 (2008-04-25)
16-23
16.10 Configuring the NTP Server/Client Mode

This topic describes how to configure the MA5600T as the NTP server or the client in the NTP server/client mode.
l
The client sends the clock synchronization request to the server. After receiving the request, the server automatically works in the server mode and sends the response. After receiving the response from the server, the client filters and selects the clock, and synchronizes with the preferred server. In this mode, only the local client initiates the clock synchronization with the remote server, whereas the remote server does not initiate the clock server.
Procedure
Step 1 Run the ntp-service unicast-server command to configure the NTP server/client mode. Step 2 Run the display ntp-service status command to query the NTP status information. ----End
Example
To specify the device with the IP address of 1.0.1.11 as the NTP server and the version as 3 for the client, do as follows:
huawei(config)#ntp-service unicast-server 1.0.1.11 version 3 huawei(config)#display ntp-service status clock status: unsynchronized clock stratum: 16 reference clock ID: none nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 0.00 ms peer dispersion: 0.00 ms reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Related Operations
Table 16-10 lists the related operations for configuring the NTP server/client mode. Table 16-10 Related operations for configuring the NTP server/client mode To... Cancel a specified NTP server Set the maximum local session number Restore the default setting of maximum local sessions Run the Command... undo ntp-service unicast-server ntp-service max-dynamic-sessions undo ntp-service max-dynamic-sessions
16-24
Issue 02 (2008-04-25)
16.11 Configuring the NTP Peer Mode

This topic describes how to configure the MA5600T as the peer of a local device.
l
The active peer sends the clock synchronization request to the passive peer. After receiving the request, the passive peer automatically works in the passive peer mode and sends the response. The clocks between the active peer and the passive peer are synchronized mutually. In the NTP peer mode, the NTP configuration is performed only on the active peer. The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.
l l
Procedure
Step 1 Run the ntp-service unicast-peer command to configure the NTP peer mode. Step 2 Run the display ntp-service status command to query the NTP status information. ----End
Example
To specify the remote device with IP address of 3.0.1.32 as the peer of the local device, do as follows:
huawei(config)#ntp-service unicast-peer 3.0.1.32 huawei(config)#display ntp-service status clock status: unsynchronized clock stratum: 16 reference clock ID: none nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 0.00 ms peer dispersion: 0.00 ms reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Related Operation
Table 16-11 lists the related operation for configuring the NTP peer mode. Table 16-11 Related operation for configuring the NTP peer mode To... Cancel the specified NTP peer Run the Command... undo ntp-service unicast-peer
Issue 02 (2008-04-25)
16-25
16.12 Configuring the Authority of Access to an NTP Service of a Local Device

This topic describes how to configure the authority of access to an NTP service of a local device. The access control authority provides minimum security measures. A more secure method is to configure the NTP authentication.
Prerequisite
The ACL applied already exists.
By default, access to an NTP service of a local device is not controlled. With this configuration, when there is an access request, the request is matched with the peer, query, server, and synchronization in the descending order. The peer, query, server, and synchronization are described as follows:
l l l l
peer: authority for absolute access query: control and query authority. server: authority for server's access and query synchronization: authority for only the server access
Procedure
Step 1 Run the ntp-service access command to configure the authority of access to an NTP service of a local device. Step 2 Run the display current-configuration section command to query the current configuration of the system. ----End
Example
To configure the authority of access to an NTP service of a local device as "peer", and the ACL applied as 2000, do as follows:
huawei(config)#ntp-service access peer 2000
Related Operations
Table 16-12 lists the related operations for configuring the authority of access to an NTP service of a local device.
16-26
Issue 02 (2008-04-25)
Table 16-12 Related operations for configuring the authority of access to an NTP service of a local device To... Cancel the NTP access authority configuration Configure the maximum number of dynamic sessions that can be set up on a local device Cancel the configuration of maximum number of dynamic sessions that can be set up on a local device Run the Command undo ntp-service access ntp-service max-dynamic-sessions
undo ntp-service max-dynamic-sessions
16.13 Configuring an Interface for Transmitting/Receiving NTP Packets

This topic describes how to configure an interface for transmitting or receiving NTP packets.
Prerequisite
The applied ACL must exist.
l
Once an interface is specified through the ntp-service source-interface command, the IP address of the interface is also the IP address of the packets. If the ntp-service unicast-server or the ntp-service unicast-peer command also specifies a transmit interface, take the transmit interface specified by the ntp-service unicastserver or the ntp-service unicast-peer command.
Procedure
Run the ntp-service source-interface command to specify an interface for transmitting NTP packets. ----End
Example
To specify interface MEth 0 for transmitting NTP packets, do as follows:
huawei(config)#ntp-service source-interface meth 0
Related Operations
Table 16-13 lists the related operations for configuring an interface for transmitting or receiving NTP packets.
Table 16-13 Related operations for configuring an interface for transmitting or receiving NTP packets To... Cancel the local transmit or receive interface Disable an interface from receiving NTP packets Enable an interface to receive NTP packets Run the Command undo ntp-service sourceinterface ntp-service in-interface disable undo ntp-service in-interface disable Remarks In corresponding interface config mode In corresponding interface config mode
16-28
Issue 02 (2008-04-25)
17 System Clock Configuration
17
About This Chapter
NOTE
System Clock Configuration
This topic describes the synchronization of system clock and the method of configuring the system clock on the MA5600T.
17.1 Overview This topic describes the specification and synchronization of system clock on the MA5600T. 17.2 Configuration Example of the System Clock This topic provides an example for configuring the system clock to restrict the clock frequency and phase of each node in a network within the predefined tolerance scope. 17.3 Configuring a Clock Source This topic describes how to set the MA5600T to extract clock signals from the E1 port as the clock source. 17.4 Setting the Priority of a Clock Source This topic describes how to set the priority of a clock source. The clock source with the highest priority and in the normal state is used as the system clock source.
Issue 02 (2008-04-25)
17-1
17.1 Overview
This topic describes the specification and synchronization of system clock on the MA5600T.
Service Description
The MA5600T provides the solution to Time Division Multiplex (TDM) over packet switching network. In a TDM network, the problem that needs to be solved initially is the clock synchronization. The purpose of clock synchronization is to restrict the clock frequency and phase of each node in a network within the predefined tolerance scope. This prevents degradation of transmission performance due to inaccurate location at both Tx and Rx ends. To achieve clock synchronization in a digital network, the MA5600T provides the following methods:
l l
Pseudo synchronization Master-slave synchronization
Table 17-1 describes the two modes of clock synchronization.
Table 17-1 Clock synchronization description Synchronization mode Pseudo synchronization Description In a digital network that uses pseudo synchronization, all digital exchanges are independent in terms of the clock. The clock of each digital exchange is of high precision and stability. Usually, the cesium clock is used. Because these clocks are independent of each other, their frequencies and phases are not totally synchronized; but because these clocks are precise, the difference can be negligible. Therefore, the synchronization of such a clock is known as pseudo synchronization. It is applied in international digital networks. In a digital network that uses master-slave synchronization, there is a master exchange with a high-precision clock, and the other exchanges in the network lock the clock of this master exchange. The lower layer exchange locks the clock of the upper layer exchange.
Master-slave synchronization
The MA5600T often applies the master-slave synchronization mode. The MA5600T supports the system clock and the line clock. By default, the system clock is applied. The control board delivers the system clock to various service boards. The clock signals are transmitted to the lower layer network element through the service boards. The line clock is provided by the E1 data signal of the TOPA board. The working procedure is as follows:
1. 2.
The MA5600T extracts the clock source signals from the upper-layer equipment. A clock source that has the highest priority is used as the system clock source. After processed by the TOPA board, the clock source provides clock signals.
NOTE
When the TOPA board is not configured, or when the board is not in position or not in the normal state, the MA5600T uses the input clock source as the output clock signal.
3. 4.
The clock signal processed by the TOPA board is sent to all service boards. The service boards transmit the clock signals to the lower-layer network element.
17.2 Configuration Example of the System Clock

This topic provides an example for configuring the system clock to restrict the clock frequency and phase of each node in a network within the predefined tolerance scope.
Networking
Figure 17-1 shows an example network for configuring the system clock. In this example network, the MA5600T is uplinked to the TDM network through the E1 port on the TOPA board. The TOPA board obtains the clock signals with high priority from the TDM device at the upper layer network, and sends the signals to each service board. Then the service board sends the signals to the TDM device connected to the ONT. Figure 17-1 Example network for configuring the system clock
TDM network TDM device E1 SCU G P B A
CON ETH ESC
Optical splitter
MA5600T
ONT E1 TDM device
Issue 02 (2008-04-25)
17-3
Data Plan
Table 17-2 provides the data plan for configuring the system clock. Table 17-2 Data plan for configuring the system clock Item Clock source port of the MA5600T Data Clock source 0: 0/6/0 Priority: 1 (the secondary priority) Clock source 2: 0/6/2 Priority: 0 (the highest priority)
Figure 17-2 shows the flowchart for configuring the system clock. Figure 17-2 Flowchart for configuring the system clock
Start
Set sysytem clock sources
Set priorities of clock sources
Save the data
End
Procedure
Step 1 Set system clock sources. Set the input clocks of ports 0/6/0 and 0/6/2to function as the clock sources.
huawei(config)#clock source 0 0/6/0 huawei(config)#clock source 2 0/6/2
Step 2 Set priorities of clock sources. Set clock source 2 with the highest priority, and clock source 0 with the second highest priority.
huawei(config)#clock priority 2/0

huawei(config)#save
----End
Result
After the configuration, the system obtains the reference clock source from port 0/6/2 when the clock source is in the normal state.
17.3 Configuring a Clock Source

This topic describes how to set the MA5600T to extract clock signals from the E1 port as the clock source.
l l
By default, the MA5600T adopts the system clock. The system supports up to 10 clock sources. The system adopts the clock that has the highest priority and is normal as the clock source.
Procedure
Step 1 Run the clock source command to specify the system clock source. Step 2 Run the display clock source command to query the information on the clock source. ----End
Example
To set E1 port 0 of the TOPA board in slot 0/6 as clock source 0, and E1 port 2 as clock source 2, do as follows:
huawei(config)#clock source 0 0/6/0 huawei(config)#clock source 2 0/6/2 huawei(config)#display clock source -------------------------------------------------------------------Index Config Source State Priority Output -------------------------------------------------------------------0 YES H801TOPA 0/6 /0 Failed ----1 NO 2 YES H801TOPA 0/6 /2 Failed ----3 NO 4 NO 5 NO 6 NO 7 NO 8 NO 9 NO --------------------------------------------------------------------
Related Operations
Table 17-3 lists the related operations for configuring the system clock.
Issue 02 (2008-04-25)
17-5
Table 17-3 Related operations for configuring the system clock To... Set the priority of a clock source Run the Command... clock priority Remarks When there are multiple clock sources, the system selects the clock source with the highest priority as the reference clock source. The MA5600T supports two clock modes: system clock and line clock.
Query working mode of a clock source
display clock mode
17.4 Setting the Priority of a Clock Source

This topic describes how to set the priority of a clock source. The clock source with the highest priority and in the normal state is used as the system clock source.
l
The system supports up to 10 priorities. They also stand for the priority sequence of the clock sources. The highest priority is p0 and the lowest priority is p9. The system selects the port with the highest priority as the clock source irrespective of the quality of the clock source. Therefore, assign a higher priority for the clock source with better quality. The clock priority takes effect after the clock module is configured. Setting the priority of a clock source may cause the switchover of clock sources.
Procedure
Step 1 Run the clock priority command to specify the priority of a clock source. Step 2 Run the display clock source command to query the information on the clock source. ----End
Example
To assign the highest priority (p0) to clock source 5, the second highest priority (p1) to clock source 2, and the third highest priority (p2) to clock source 0, do as follows:
huawei(config)#clock priority 5/2/0 huawei(config)#display clock source -------------------------------------------------------------------Index Config Source State Priority Output -------------------------------------------------------------------0 YES H801TOPA 0/6 /0 Failed 2 --1 NO 2 YES H801TOPA 0/6 /2 Failed 1 --3 NO 4 NO 5 YES H801TOPA 0/6 /5 Failed 0 --6 NO 7 NO 8 NO 9 NO --------------------------------------------------------------------
17-6
Issue 02 (2008-04-25)
Related Operations
Table 17-4 lists the related operations for setting the priority of a clock source. Table 17-4 Related operations for setting the priority of a clock source To... Configure a clock source Query the working mode of a clock Run the Command... clock source display clock mode Remarks The MA5600T supports two clock modes: system clock and line clock.
Issue 02 (2008-04-25)
17-7
18 MAC Address Management
18
About This Chapter
MAC Address Management
This topic describes how to configure the MAC address and MAC address pool on the MA5600T. 18.1 Overview This topic describes MAC address and its application on the MA5600T. 18.2 Adding a Static MAC Address This topic describes how to add a static MAC address. 18.3 Setting the Maximum MAC Address Number Learned by a Service Port This topic describes how to set the maximum MAC address number learned by a service port. This helps to restrict the number of users connected to the port. 18.4 Configuring the Aging Time of a Dynamic MAC Address This topic describes how to configure the aging time of a dynamic MAC address. 18.5 Binding the MAC Address This topic describes how to bind a service port with a MAC address. This helps to limit the source MAC address of the packets passing through this service port to be only the bound MAC address. 18.6 Configuring the MAC Address Filtering This topic describes how to configure the function of MAC address filtering to discard the packets with the specified source MAC address. 18.7 Configuring the MAC Address Pool This topic describes how to configure the MAC address pool.
Issue 02 (2008-04-25)
18-1
18.1 Overview
This topic describes MAC address and its application on the MA5600T.
Service Description
To meet the requirements for bearing multiple services, the MA5600T supports the MAC address list and the MAC address pool. The MAC address list of the MA5600T can learn the new MAC addresses. If the source MAC address of a packet does not exist in the list, the MA5600T can add the source MAC address and the port number of the received packet to the list as a new item. Dynamic MAC addresses in the MAC address list also features the aging function. If the MA5600T does not receive any packet from a device for a certain period, it deletes the associated address items of the device. In IP over ATM (IPoA) or PPP over ATM (PPPoA) access, the MA5600T needs to convert the IPoA/PPPoA packets into IP over Ethernet (IPoE)/PPP over Ethernet (PPPoE) packets. In this case, the MAC address pool of the MA5600T needs to allocate MAC addresses to users, and add ATM cells with the MAC address, that is, source MAC addresses (SMAC), to convert ATM cells into Ethernet frames.
The MA5600T supports up to 1024 static MAC addresses. The MA5600T supports up to 20 MAC address pools, but the total number of configurable MAC addresses cannot exceed 1024.
18.2 Adding a Static MAC Address

This topic describes how to add a static MAC address.
Prerequisites
l l
The service port must be created before you set the static MAC address of the port. The port must be added to the specified VLAN before you set the static MAC address of the upstream port.
l
When you add a static MAC address and a similar dynamic MAC address already exists in the specified service channel or the upstream port of a specified VLAN, the dynamic MAC address is overwritten by the static MAC address. A static MAC address cannot be added if the same static MAC address already exists in the system. The configured static MAC address must be excluded from the MAC address pool. You can run the display mac-pool command to check it. An upstream port which is included in different VLANs can be configured with the same static MAC address.
18-2
Procedure
Step 1 Run the mac-address static command to add a static MAC address. Step 2 Run the display mac-address static command to query the configured static MAC address. ----End
Example
To configure the MAC address of port 0/11/0 with VPI/VCI of 0/32 with GEM port of 151 as 1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/11/0 vpi 0 vci 32 1010-1010-1010 huawei(config)#display mac-address static --------------------------------------------------------------------------Type MAC MAC Type F/S /P VPI VCI FLOWTYPE FLOWPARA VLANID --------------------------------------------------------------------------adl 1010-1010-1010 static 0/11/0 0 32 3 --------------------------------------------------------------------------Total: 1 Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port or PON ID in epon port
Related Operation
Table 18-1 lists the related operation for adding a static MAC address. Table 18-1 Related operation for adding a static MAC address To... Delete a static MAC address Run the Command... undo mac-address static
18.3 Setting the Maximum MAC Address Number Learned by a Service Port
This topic describes how to set the maximum MAC address number learned by a service port. This helps to restrict the number of users connected to the port.
l l
By default, the maximum MAC address number learned by a service port is 255. The maximum MAC address number learned by a service port does not include the configured static MAC addresses.
Procedure
Step 1 Run the mac-address max-mac-count command to set the maximum MAC address number learned by a service port.
Step 2 Run the display mac-address max-mac-count command to query the configured maximum MAC address number learned by the service port. ----End
Example
To set the maximum MAC address number learned by service port 0/11/0 with VLAN ID of 10 on the user side to 10, do as follows:
huawei(config)#mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan 10 10 huawei(config)#display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan 10 Command: display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 32 user-vlan 10 ---------------------------------------------------------------------------Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number ---------------------------------------------------------------------------adl 0/11/0 0 32 10 user-vlan 10 10 ---------------------------------------------------------------------------Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port or PON ID in gpon port
To set the maximum MAC address number learned by port 0/2/0, with VLAN ID of 10, GEM Port ID of 128 on the user side to 10, do as follows:
huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 user-vlan 10 10
18.4 Configuring the Aging Time of a Dynamic MAC Address

This topic describes how to configure the aging time of a dynamic MAC address.
l
To effectively realize the aging function of dynamic MAC addresses, you need to configure the aging time. If a device has not transmitted any packet during the period which is the one to two times of the aging time, the MA5600T deletes the MAC address of the device from the MAC address list. By default, the aging time is 300s. In general, the default value is recommended. If the aging time is set very short, a dynamic MAC address is deleted very soon. As a result, the data packets associated with the address are broadcast to all the ports in a VLAN due to the failure to find the destination address, thus affecting the running efficiency of the MA5600T. On the other hand, if the aging time is set very long, the MA5600T cannot update its MAC address list according to the network change. Consequently, if the number of MAC addresses learnt by the specified port reaches the maximum value, packets with new MAC addresses are directly discarded due to the failure to find the destination address. The address aging function is only effective to dynamic MAC addresses.
l l
Procedure
Step 1 Run the mac-address timer command to configure the aging time of a dynamic MAC address.
Step 2 Run the display mac-address timer command to query the configured aging time of the dynamic MAC address. ----End
Examples
To set the aging time of a dynamic MAC address to 500s, do as follows:
huawei(config)#mac-address timer 500 huawei(config)#display mac-address timer MAC aging time: 500s
To configure no aging time of a dynamic MAC address, do as follows:

huawei(config)#mac-address timer no-aging huawei(config)#display mac-address timer MAC aging time: No aging
18.5 Binding the MAC Address

This topic describes how to bind a service port with a MAC address. This helps to limit the source MAC address of the packets passing through this service port to be only the bound MAC address.
The MA5600T does not support the configuration of binding a MAC address directly. By configuring a static MAC address entry and setting the maximum address count to 0, you can bind a port with a MAC address.
l
The MA5600T supports up to 1K static MAC addresses. The number of MAC addresses that can be bound with a service stream is not limited. The MA5600T supports up to 8K dynamic MAC addresses. Each service stream can be bound with up to eight MAC addresses dynamically.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port. Step 2 Run the mac-address max-mac-count command to set the maximum address count for the service port. Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address number that can be learnt by service channels. ----End
Example
Assume that the static MAC address of ADSL2+ port 0/11/0 is 1010-1010-1010, and the maximum address count is 0. To bind the port with the MAC address so that the port only allows the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/11/0 vpi 0 vci 35 1010-1010-1010 huawei(config)#mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35 0 huawei(config)#display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35
Issue 02 (2008-04-25)
18-5
---------------------------------------------------------------------------Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number ---------------------------------------------------------------------------adl 0/11/0 0 35 4000 0 -------------------------------------------------------------------------Total: 1 Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port or PON ID in epon port
Assume that the static MAC address of GPON port 0/11/0 is 1010-1010-1010, and the maximum address count is 0. To bind the port with the MAC address so that the port only allows the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static gpon 0/2/0 gemport 128 1010-1010-1010 huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 0 huawei(config)#display mac-address max-mac-count gpon 0/2/0 gemport 128 { <cr>|user-vlan<K>|user-8021p<K> }: Command: display mac-address max-mac-count gpon 0/2/0 gemport 128 --------------------------------------------------------------------------Type F /S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number --------------------------------------------------------------------------gpon 0 /2 /0 128 10 0 --------------------------------------------------------------------------Total: 1 Note : F--Frame, S--Slot, P--Port; VPI indicates GEM PortID for GPON
18.6 Configuring the MAC Address Filtering

This topic describes how to configure the function of MAC address filtering to discard the packets with the specified source MAC address.
The system supports up to four MAC addresses to be filtered.
Procedure
Step 1 Run the security mac-filter command to configure the MAC address filtering. Step 2 Run the display security mac-filter command to query the configured filtering MAC address. ----End
Example
To filter the data packets with the source MAC address of 1000-0000-0000, do as follows:
huawei(config)#security mac-filter source 1000-0000-0000 huawei(config)#display security mac-filter --------------------------------------------------------Index MAC-Address Type --------------------------------------------------------1 1000-0000-0000 source --------------------------------------------------------Total: 1
Related Operation
Table 18-2 lists the related operation for configuring the MAC address filtering.
Table 18-2 Related operation for configuring the MAC address filtering To Delete the filtering MAC address Run the Command undo security mac-filter
18.7 Configuring the MAC Address Pool

This topic describes how to configure the MAC address pool.
l l
The system supports up to 20 MAC address pools and totally 1024 MAC addresses. The configured static MAC address must be excluded from the MAC address pool to be configured. You can run the display mac-pool static command to check it. A MAC address pool cannot contain the MAC address of the control board. When adding a MAC address pool, you do not need to specify the index and range of the MAC address pool. By default, the range is 256.
l l
Procedure
Step 1 Run the mac-pool command to configure the MAC address pool. Step 2 Run the display mac-pool command to query the added MAC address pool. ----End
Example
To add a MAC address pool with the index of 0, the start MAC address of 1000-0000-0000, and the address count of 800, do as follows:
huawei(config)#mac-pool 0 1000-0000-0000 800 huawei(config)#display mac-pool all Current allocation method of MAC addresses: manual User-configured MAC pools : ---------------------------------------------------------------Index StartMAC EndMAC Scope UsedNum ---------------------------------------------------------------0 1000-0000-0000 1000-0000-031f 800 0 ---------------------------------------------------------------MAC pools : 1, MAC addresses :800, Addresses in use : 0
Issue 02 (2008-04-25)
18-7
19 TCP/IP Connection Configuration
19
TCP/IP Connection Configuration
About This Chapter

This topic describes how to configure the TCP/IP connections on the MA5600T. 19.1 Overview This topic describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection attributes and the application on the MA5600T. 19.2 Basic Concepts This topic describes the concepts of synwait timer and finwait timer. 19.3 Configuring the Synwait Timer This topic describes how to configure the synwait timer. 19.4 Configuring the Finwait Timer This topic describes how to configure the finwait timer. 19.5 Configuring the Socket Buffer This topic describes how to configure the size of the socket transmit and receive buffer. 19.6 Enabling the TCP Debugging This topic describes how to enable the TCP debugging so that the required information can be displayed on the terminal. 19.7 Enabling the IP Packets Debugging This topic describes how to enable the IP packets debugging.
Issue 02 (2008-04-25)
19-1
19.1 Overview
This topic describes the Transfer Control Protocol/Internet Protocol (TCP/IP) connection attributes and the application on the MA5600T.
Service Description
TCP connection configuration supported by the MA5600T includes the following:
l l l l
Configuring the synwait timer Configuring the finwait timer Configuring the socket buffer Enabling the TCP debugging
IP connection involves enabling the IP packets debugging.
The MA5600T supports the configuration of TCP/IP connection.
19.2 Basic Concepts

This topic describes the concepts of synwait timer and finwait timer.
Synwait Timer
When the synchronization (SYN) packet is sent, TCP enables the synwait timer. If no acknowledgement (ACK) packet is received before time specified by the synwait timer, the TCP connection is terminated.
Finwait Timer
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the finwait timer is enabled. If no FIN packet is received before the time specified by the finwait timer, the TCP connection is dropped.
19.3 Configuring the Synwait Timer

This topic describes how to configure the synwait timer.
The timeout time of synwait timer ranges from 2s to 600s. The default is 75s.
19-2
Issue 02 (2008-04-25)
Procedure
Run the tcp timer syn-timeout command to configure the synwait timer. ----End
Example
To set the TCP timer time to 100s, do as follows:
huawei(config)#tcp timer syn-timeout 100
Related Operation
Table 19-1 lists the related operation for configuring the synwait timer. Table 19-1 Related operation for configuring the synwait timer To... Restore the default setting of the syswait timer Run the Command... undo tcp timer syn-timeout
19.4 Configuring the Finwait Timer

This topic describes how to configure the finwait timer.
The timeout time of finwait timer ranges from 76s to 3600s. The default is 675s.
Procedure
Run the tcp timer fin-timeout command to configure the finwait timer. ----End
Example
To set the time of finwait timer to 200s, do as follows:
huawei(config)#tcp timer fin-timeout 200
Related Operation
Table 19-2 lists the related operation for configuring the finwait timer.
Issue 02 (2008-04-25)
19-3
Table 19-2 Related operation for configuring the finwait timer To... Restore the default setting of finwait timer Run the Command... undo tcp timer fin-timeout
19.5 Configuring the Socket Buffer

This topic describes how to configure the size of the socket transmit and receive buffer.
The buffer size ranges from 1 KB to 32 KB. The default is 4 KB.
Procedure
Run the tcp window command to set the size of the socket transmit and receive buffer. ----End
Example
To set the size of the socket transmit & receive buffer to 12 KB, do as follows:
huawei(config)#tcp window 12
Related Operation
Table 19-3 lists the related operation for configuring the socket buffer. Table 19-3 Related operation for configuring the socket buffer To... Restore the default setting of the socket buffer Run the Command... undo tcp window
19.6 Enabling the TCP Debugging

This topic describes how to enable the TCP debugging so that the required information can be displayed on the terminal.
The debugging information is displayed on the terminal only after the terminal monitor and terminal debugging function are enabled.
Procedure
Run the debugging tcp packet command to enable the TCP debugging. ----End
Example
To enable the TCP debugging, do as follows:
huawei(config)#debugging tcp packet
Related Operations
Table 19-4 lists the related operations for enabling the IP packets debugging. Table 19-4 Related operations for enabling the IP packets debugging To... Disable the TCP debugging Enable/Disable the function of displaying the debugging/log/alarm information at the terminal Enable/Disable output of the debugging information on the terminal Run the Command... undo debugging tcp (undo) terminal monitor
(undo) terminal debugging
19.7 Enabling the IP Packets Debugging

This topic describes how to enable the IP packets debugging.
The debugging information is displayed on the terminal only after the terminal monitor and terminal debugging function are enabled. By default, the terminal monitor and terminal debugging function are disabled.
NOTE
A large amount of debugging information may be displayed on the terminal after the debugging is enabled. Perform this operation with caution!
Procedure
Run the debugging ip packet command to enable the IP packets debugging. ----End
Example
To enable the IP packets debugging, do as follows:
huawei(config)#debugging ip packet *0.24271340 MA5600-42 IP/8/debug_case: Receiving, interface = vlanif3000, version = 4, headlen = 20, tos = 192, pktlen = 70, pktid = 35614, offset = 0, ttl = 1, protocol = 17, checksum = 17131, s = 10.11.0.209, d = 224.0.0.2 prompt: Receiving IP packet *0.880717530 huawei IP/8/debug_case: Sending, interface = meth0, version = 4, headlen = 20, tos = 192, pktlen = 316, pktid = 5152, offset = 0, ttl = 255, protocol = 6, checksum = 36292, s = 10.78.212.64, d = 10.70.47.67 prompt: Sending the packet from local at meth0
Related Operations
Table 19-5 lists the related operations for enabling the IP packets debugging. Table 19-5 Related operations for enabling the IP packets debugging To... Disable the IP packets debugging Enable/Disable the ICMP debugging Query the information about the IP layer interfaces Enable/Disable the switch for displaying the debugging/log/alarm information at the terminal Enable/Disable output of the debugging information on the terminal Run the Command... undo debugging ip packet (undo) debugging ip icmp display ip interface (undo) terminal monitor
(undo) terminal debugging
19-6
Issue 02 (2008-04-25)
20 ACL Configuration
20
About This Chapter
NOTE
ACL Configuration
This topic describes the ACL types, rules and related configurations on the MA5600T.
20.1 Overview This topic describes access control list (ACL) and its application on the MA5600T. 20.2 Configuring the Basic ACL This topic describes how to filter data packets that meet the source IP address conditions within a certain period of time. 20.3 Configuring the Advanced ACL This topic describes how to filter data packets that meet the source IP address and DSCP conditions within a certain period of time. 20.4 Configuring the L2 ACL This topic describes how to filter data packets that meet the source MAC address, destination MAC address, and VLAN ID conditions within a certain period of time. 20.5 Configuration Example of the User-Defined ACL This topic describes how to filter data packets that meet the customized conditions within a certain period of time. 20.6 Creating an ACL This topic describes how to create a basic ACL, an advanced ACL, an L2 ACL or a customized ACL. 20.7 Configuring a Time Range This topic describes how to configure a time range to specify the valid time of an ACL rule.
20.8 Setting the Step This topic describes how to modify the step of ACL rules when they are automatically numbered. 20.9 Creating a Basic ACL Rule This topic describes how to configure a basic ACL rule so that the device can filter data packets according to the source IP address. 20.10 Creating an Advanced ACL Rule This topic describes how to configure an advanced ACL rule to filter data packets according to information such as the source IP address, destination IP address, and IP bearer protocol type. 20.11 Creating an L2 ACL Rule This topic describes how to configure an L2 ACL rule to filter data packets according to the link layer information such as the source MAC address, source VLAN ID, L2 protocol type, L2 forward port, and destination MAC address. 20.12 Creating a Customized ACL Rule This topic describes how to configure a customized ACL rule to filter data packets according to any eight character strings (up to four bytes in a character string) in the first 80 bytes of the IP data frame. 20.13 Activating an ACL This topic describes how to activate a configured ACL to validate it.
20-2
Issue 02 (2008-04-25)
20.1 Overview
This topic describes access control list (ACL) and its application on the MA5600T.
Service Description
An ACL performs the packet filtering function. You can configure some matching rules on network devices to filter unwanted data packets. With the matching rules, network devices can allow or disallow the matching data packets to pass. The classified traffic is the prerequisite for configuring the Quality of Service (QoS) or user security. For details on ACL, refer to "ACL" in the MA5600T Feature Description.
The MA5600T supports the following types of ACLs:
l l l l
Basic ACL Advanced ACL L2 ACL Customized ACL
The MA5600T performs filtering, traffic mirroring, traffic limitation, adding the priority tag, redirection, and traffic measurement on packets filtered by ACL rules. If ACL rules are delivered to user port of the MA5600T, such as ADSL2+ port 0/11/0, then all ADSL2+ ports in slot 0/11 filter packets. If ACL rules are delivered to an Ethernet port, then only the Ether port filters the packets. For the basic, advanced or L2 ACL, the mask of the IP/MAC address is the inverse mask. For the customized ACL, the mask of the IP/MAC address is the positive mask.
ACL Types
Table 20-1 describes the four types of ACLs. Table 20-1 ACL types ACL Type Basic ACL Numeral Range 20002999 Feature Allows rule definition according to L3 source IP address.
Issue 02 (2008-04-25)
20-3
ACL Type Advanced ACL
Numeral Range 30003999
Feature Allows rule definition according to source address, destination address, IP bearer protocol type, TCP source port, TCP destination port, ICMP protocol type and ICMP code. Compared with the basic ACL, the definition of the advanced ACL is more accurate, richer and more flexible.
L2 ACL
40004999
Allows rule definition according to source MAC address, source VLAN ID, L2 protocol type, and destination MAC address. Allows rule definition according to any 32 bytes of the first 80 bytes in an IP frame.
Customized ACL
50005999
Difference Between Matching Sequence and Configuration Sequence

ACL rule IDs are assigned in the same sequence as the sequence in which the ACL is defined. By default, the ID of the first ACL rule is 5, the ID of the second rule is 10, the ID of the third rule is 15, and so on. This is called configuration sequence. If a service stream reaches a device and matches with two or more ACL rules, the rule which should be followed to handle the traffic is determined by the matching sequence. You can match the traffic with one group of ACL rules or with different groups of ACL rules.
Matching with One Group of ACL Rules

l
If all rules in an ACL are activated at the same time, a rule defined later has a higher priority than the rules defined at earlier stages. If rules in an ACL are activated one by one, a rule activated later has higher priority than those activated earlier.
Configure ACL rule A that permits packets to a specific IP address, and then configure ACL rule B that denies all IP packets. Activate the two rules at the same time. In this case, the two ACL rules conflict when they are used to process packets to such a specific IP address. Since ACL rule B is configured later, it has higher priority over ACL rule A, so ACL rule B is chosen as the rule to denies all IP packets.
20-4
Issue 02 (2008-04-25)
Matching with Different Groups of ACL Rules

When matching the packets using different groups of ACL rules, the QoS action that is activated later has a higher priority than the actions activated earlier. Configure ACL rule A that permits packets to a specific IP address, and then configure ACL rule B that denies all IP packets. QoS action A is based on ACL A, and QoS action B is based on ACL B. Activate QoS action A first on a port, and then activate QoS action B on the same port. After that, all IP packets are filtered. This is because the QoS action B is activated after the QoS action A. If QoS action B is activated first on the port, and QoS action A is activated later, all packets are filtered except the packets with the specific IP address.
Default Matching Sequence

If a service stream does not match with any rule, the stream is processed according to a default rule. The default rule is to forward all the un-matched packets. To avoid ambiguity, you can define a rule such as permit any or deny any for all ACLs so that any packet has a rule to match. This helps to determine whether to forward or filter packets that have no special tags by default.
Recommendations on Configuring ACL Rules

To use ACLs more efficiently, you can do as follows:
l
Activate QoS actions consecutively if the QoS actions apply to the same ACL rule. To enable traffic statistics and traffic limitation on packets that match with rule 10 of ACL 2001, activate these two actions consecutively. The reason is that all QoS actions based on the same rule share the same hardware resource.
The activated ACL rules consume the hardware resources and share the hardware resources with the protocol module (such as DHCP and IPoA) functions. In this case, the hardware resources are insufficient. Hardware resources consumption by the ACL rules results in failure in enabling other service function. Therefore, it is recommended to initiate the protocol module first and then activate ACL rules in the data configuration. If you fail to initiate a protocol module, perform the following steps:

Check whether ACL rules occupy too many resources. If ACL rules occupy too many resources, deactivate or delete the ACL configurations that are unimportant or not in the use, and then initiate the protocol module.
20.2 Configuring the Basic ACL

This topic describes how to filter data packets that meet the source IP address conditions within a certain period of time.
Data Plan
Table 20-2 provides the data plan for configuring the basic ACL.
Table 20-2 Data plan for configuring the basic ACL Item ACL number Source IP address ACL step Time range Port Data 2000 2.2.2.2 Default value From 00:00 to 12:00 every Friday 0/9/0 Remarks Data packets from 2.2.2.2 are permitted to pass. Wildcard: 0.0.0.0 (negative mask). Apply ACL 2000 on the port.
Figure 20-1 shows the flowchart for configuring a basic ACL. Figure 20-1 Flowchart for configuring a basic ACL
Start
Configure a time range (Optional)
Create an ACL
Configure the basic ACL rule
Activate/Deactivate the ACL on a port
Save the data
End
Procedure
Step 1 Configure a time range.
huawei(config)#time-range time1 00:00 to 12:00 fri
Step 2 Create an ACL.

huawei(config)#acl 2000
20-6
Issue 02 (2008-04-25)
Step 3 Configure the basic ACL rule.

huawei(config-acl-basic-2000)#rule deny time-range time1 huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0.0.0.0 time-range time1
Step 4 Activate the ACL on port 0/9/0.

huawei(config-acl-basic-2000)#quit huawei(config)#packet-filter inbound ip-group 2000 port 0/9/0

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, the port 0/9/0 on the MA5600T can receive the data packets from IP address 2.2.2.2, and discard other data packets.
20.3 Configuring the Advanced ACL

This topic describes how to filter data packets that meet the source IP address and DSCP conditions within a certain period of time.
Data Plan
Table 20-3 provides the data plan for configuring the advanced ACL. Table 20-3 Data plan for configuring the advanced ACL Item ACL number Source IP address Destination IP address DSCP ACL step Time range Port Data 3000 2.2.2.2 3.3.3.3 23 Default value From 00:00 to 12:00 every Friday 0/9/0 Remarks Wildcard mask: 0.0.0.255 Wildcard mask: 0.0.0.0 Apply ACL 3000 on the port.
Figure 20-2 shows the flowchart for configuring an advanced ACL.
Figure 20-2 Flowchart for configuring an advanced ACL.

Start
Create an ACL
Save the data
End
Procedure

Step 3 Configure the advanced ACL rule.

huawei(config-acl-adv-3000)#rule deny ip time-range time1 huawei(config-acl-adv-3000)#rule 3 permit ip source 2.2.2.2 0.0.0.255 destination 3.3.3.3 0 dscp 23 time-range time1

huawei(config-acl-adv-3000)#quit huawei(config)#packet-filter inbound ip-group 3000 port

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T can receive the data packets from 2.2.2.0 to 3.3.3.3 with DSCP of 23. Other packets are discarded.
20.4 Configuring the L2 ACL

This topic describes how to filter data packets that meet the source MAC address, destination MAC address, and VLAN ID conditions within a certain period of time.
Data Plan
Table 20-4 provides the data plan for configuring the L2 ACL. Table 20-4 Data plan for configuring the L2 ACL Item ACL number Type COS Source VLAN ID Source MAC address Destination MAC address ACL step Time range Port Data 4000 0x8863 1 12 2222-2222-2222 00e0-fc11-4141 Default value From 00:00 to 12:00 every Friday 0/9/0 Remarks The type of an Ethernet bearer protocol in hexadecimal digits. 802.1p priority Wildcard: 0000-0000-0000 Wildcard: 0000-0000-0000 Apply ACL 4000 on the port.
CAUTION
If you omit "0x" when entering the type of an Ethernet bearer protocol, the input should be considered as a decimal number. The decimal number you input is converted to hexadecimal number for the protocol type.
Figure 20-3 shows the flowchart for configuring an L2 ACL.
Issue 02 (2008-04-25)
20-9
Figure 20-3 Flowchart for configuring an L2 ACL

Start
Create an ACL
Save the data
End
Procedure

Step 3 Configure the L2 ACL rule.

huawei(config-acl-link-4000)#rule deny time-range time1 huawei(config-acl-link-4000)#rule 1 permit type 0x8863 cos 1 source 12 2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000 time-range time1

huawei(config-acl-link-4000)#quit huawei(config)#packet-filter inbound link-group 4000 port 0/9/0

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T can receive the Ethernet frames with the source MAC address of 2222-2222-2222, destination MAC address of 00e0-fc11-4141, VLAN ID of 12, and COS of 1. Other packets are discarded.
20-10
Issue 02 (2008-04-25)
20.5 Configuration Example of the User-Defined ACL

This topic describes how to filter data packets that meet the customized conditions within a certain period of time.
In the user-defined ACL, the regular mask and the offset are used to extract any bytes from the first 80 bytes for comparison with the user-defined rule. After the comparison, the data frames matching the rule are obtained for related processing.
Data Plan
Table 20-5 provides the data plan for configuring the user-defined ACL. Table 20-5 Data plan for configuring the user-defined ACL Item ACL number Matching byte Offset ACL step Time range Port Data 5000 06 27 default From 00:00 to 12:00 every Friday 0/9/0 Remarks Wildcard: FF (regular mask) The ACL 5000 applies to this port.
Figure 20-4 shows the flowchart for configuring a user-defined ACL.
Issue 02 (2008-04-25)
20-11
Figure 20-4 Flowchart for configuring a user-defined ACL

Start
Create an ACL
Save the data
End
Procedure

Step 3 Configure the user-defined ACL rule.

huawei(config-acl-user-5000)#rule deny 06 ff 27 time-range time1

huawei(config-acl-user-5000)#quit huawei(config)#packet-filter inbound user-group 5000 port 0/9/0

huawei(config)#save
----End
Result
According to the ACL rule, from 00:00 to 12:00 every Friday, port 0/9/0 on the MA5600T rejects TCP packets.
20.6 Creating an ACL

This topic describes how to create a basic ACL, an advanced ACL, an L2 ACL or a customized ACL.
The MA5600T supports up to 64 ACLs. Each ACL can be configured with up to 64 rules. Table 20-6 lists the ACL number range. Table 20-6 ACL number range ACL type Basic ACL (for IP packets) Advanced ACL (IP packets) L2 ACL (for link layer packets) Customized ACL Numeral range 2000-2999 3000-3999 4000-4999 5000-5999
Procedure
Step 1 Run the acl command to create an ACL. Step 2 Run the quit command to exit ACL config mode. Step 3 Run the display acl command to query the configuration of the ACL. ----End
Example
To create an advanced ACL with ID of 3000, do as follows:
huawei(config)#acl 3000 huawei(config-acl-adv-3000)#quit huawei(config)#display acl 3000 Advanced ACL 3000, 0 rule Acl's step is 5
Related Operations
Table 20-7 lists the related operations for creating an ACL. Table 20-7 Related operations for creating an ACL To Delete an ACL Run the Command undo acl Remarks If an ACL and its rules are activated, or if they are quoted by other QoS functions, the ACL and the rules cannot be deleted. The description covers the functions and features of the ACL.
Configure the description for an ACL

Issue 02 (2008-04-25)
description
20-13
To Delete the description for an ACL Configure the step for an ACL Restore the default step
Run the Command undo description
Remarks -
step
Step means the difference between two neighboring rules in a group of ACL rules. By default, it is 5. By default, it is 5.
undo step
20.7 Configuring a Time Range

This topic describes how to configure a time range to specify the valid time of an ACL rule.
ACL time ranges include relative time and absolute time.
l
Relative time refers to periodical intervals, such as the period from 8:30 in the morning to 18:30 in the afternoon every Monday. Absolute time refers to intervals from a specific moment to another specific moment, such as the period from 12:00 in the noon on June 8, 2006 to 18:00 in the afternoon on August 8, 2006.
The principle for a time range to take effect is as follows:

l
When a time range includes only absolute time or relative time, the union set of all intervals in the time range takes effect. When a time range includes both absolute time and relative time, the intersection set of the union sets of both relative time and absolute time takes effect.
NOTE
l l
Configuring a time range is optional when you configure an ACL. A time range that is used cannot be deleted.
Procedure
Step 1 Run the time-range command to configure a time range. Step 2 Run the display time-range command and you can find that the time range is configured. ----End
Example
To create a time range named "last24hrs" that is valid for the whole day of 2008-03-24, do as follows:
huawei(config)#time-range last24hrs from 00:00 2008/03/24 to 24:00 2008/03/24 huawei(config)#display time-range all
20-14
Issue 02 (2008-04-25)

Current time is 15:12:28 3-21-2007 Wednesday Time-range : last24hrs ( Inactive ) from 00:00 2008/3/24 to 24:00 2008/3/24
20.8 Setting the Step

This topic describes how to modify the step of ACL rules when they are automatically numbered.
l l
By default, the step is 5. If a step changes, the rules in an ACL should be re-numbered. For example, assume that the rules of an ACL are numbered as 5, 10, and 15. If you set the step to 2 by using the command step 2, the rules are numbered as 2, 4, and 6.
To restore the default step value and renumber the ACL rules, run the undo step command. Assume that ACL 1 contains rules 1, 3 and 5 with a step of 2. After you run the undo step command, the numbers of the ACL rules are 5, 10, and 15, with the default step of 5.
Procedure
Step 1 Run the step command to modify the step of ACL rule. Step 2 Run the display acl command to query the set step. ----End
Example
To set the step to 10, do as follows:
huawei(config-acl-basic-2000)#step 10 huawei(config)#display acl 2000 Basic ACL 2000, 1 rule Acl's step is 10 rule 10 permit (0 times matched)
Related Operation
Table 20-8 lists the related operation for setting the step. Table 20-8 Related operation for setting the step To Restore the default step value Run the Command undo step Remarks By default, it is 5.
20.9 Creating a Basic ACL Rule

This topic describes how to configure a basic ACL rule so that the device can filter data packets according to the source IP address.
Prerequisite
The basic ACL to which the rule is added already exists.
Up to 64 rules can be created for an ACL. You can change the configuration of an ACL rule by specifying the number of the rule. This method does not change the untouched part of the rule.
Procedure
Step 1 Run the acl command to create a basic ACL rule. Step 2 Run the rule command to configure the basic ACL rule. Step 3 Run the quit command to exit the basic ACL config mode. Step 4 Run the display acl command to query the information on the basic ACL rule. ----End
Example
To define a basic ACL rule that enables data packets from 2.2.2.2 to pass, do as follows:
huawei(config)#acl 2000 huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0 huawei(config-acl-basic-2000)#quit huawei(config)#display acl 2000 Basic ACL 2000, 1 rule Acl's step is 5 rule 5 permit source 2.2.2.2 0 (0 times matched)
Related Operation
Table 20-9 lists the related operation for creating a basic ACL rule. Table 20-9 Related operation for creating a basic ACL rule To Delete an ACL rule Run the Command undo rule
20.10 Creating an Advanced ACL Rule

This topic describes how to configure an advanced ACL rule to filter data packets according to information such as the source IP address, destination IP address, and IP bearer protocol type.
Prerequisite
The advanced ACL to which the rule is added already exists.
Procedure
Step 1 Run the acl command to create an advanced ACL rule. Step 2 Run the rule command to configure the advanced ACL rule. Step 3 Run the quit command to exit the advanced ACL config mode. Step 4 Run the display acl command to query the information on the ACL rule. ----End
Example
To define an advanced ACL rule that enables data packets from 2.2.2.2 to 3.3.3.3 with DSCP of 23 to pass, and the valid time as the predefined time 1, do as follows:
huawe(config)#acl 3000 huawei(config-acl-adv-3000)#rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3 0 dscp 23 time-range time1 huawei(config-acl-adv-3000)#quit huawei(config)#display acl 3000 Advanced ACL 3000, 1 rule Acl's step is 5 rule 3 permit ip source 2.2.2.2 0 destination 3.3.3.3 0 dscp 23 time-range time1 (0 times matched)(Inactive)
Related Operation
Table 20-10 lists the related operation for creating an advanced ACL rule. Table 20-10 Related operation for creating an advanced ACL rule To Delete an ACL rule Run the Command undo rule
20.11 Creating an L2 ACL Rule

This topic describes how to configure an L2 ACL rule to filter data packets according to the link layer information such as the source MAC address, source VLAN ID, L2 protocol type, L2 forward port, and destination MAC address.
Prerequisite
The L2 ACL to which the rule is added already exists.
Procedure
Step 1 Run the acl command to create an L2 ACL rule. Step 2 Run the rule command to configure the L2 ACL rule. Step 3 Run the quit command to exit the L2 ACL config mode. Step 4 Run the display acl command to query the information on the L2 ACL rule. ----End
Example
To define an L2 ACL rule that enables data packets with type of 0x8863, VLAN ID of 12, COS of 1, source MAC address of 2222-2222-2222 and destination MAC address of 00e0-fc11-4141 to pass, do as follows:
huawei(config)#acl 4000 huawei(config-acl-link-4000)#rule 1 permit type 0x8863 cos 1 source 12 2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000 huawei(config-acl-link-4000)#quit huawei(config)#display acl 4000 Basic ACL 4000, 1 rule Acl's step is 5 rule 1 permit type 0x8863 cos background source 2222-2222-2222 0000-0000-0000 12 destination 00e0-fc11-4141 0000-0000-0000
Related Operation
Table 20-11 lists the related operation for creating an L2 ACL rule. Table 20-11 Related operation for creating an L2 ACL rule To Delete an ACL rule Run the Command undo rule
20.12 Creating a Customized ACL Rule

This topic describes how to configure a customized ACL rule to filter data packets according to any eight character strings (up to four bytes in a character string) in the first 80 bytes of the IP data frame.
Prerequisite
The customized ACL to which the rule is added already exists.
Up to 64 rules can be created for an ACL. You can change the configuration of an ACL rule by specifying the number of the rule. This method does not change the untouched part of the rule. Figure 20-5 shows the first 64 bytes of an IP frame. Every letter represents one hexadecimal, and every two letters represent one byte. Figure 20-5 First 64 bytes of an IP frame
Table 20-12 lists the meaning of the letters and their offset values. Table 20-12 Description of letters and their offset values Letter A B C D E F G H I J Meaning Destination MAC address Source MAC address VLAN tag field Protocol type IP version TOS field IP packet length ID number Flags field TTL field Offset 0 6 12 16 18 19 20 22 24 26 Letter L M N O P Q R S T U Meaning IP check sum Source IP address Destination IP address TCP source port TCP destination port Serial number Acknowledgem ent IP header length and reserved bit Reserved bit and flags bit Window Size field Offset 28 30 34 38 40 42 46 50 51 52
Issue 02 (2008-04-25)
20-19
Letter K
Meaning Protocol number (6 refers to TCP and 17 refers to UDP)
Offset 27
Letter V
Meaning Other
Offset 54
NOTE
In Figure 20-5, the offset value of their field is their offset value in the 802.3 data frame of Sub Network Access Protocol (SNAP) + tag. For the customized ACL, the user can use the rule mask and offset parameters to extract any byte from the first 80 bytes of data frame, and then compare the extracted byte with customized rules to filter matched data frames for processing.
Procedure
Step 1 Run the acl command to create a customized ACL rule. Step 2 Run the rule command to configure the customized ACL rule. Step 3 Run the display acl command to query the information on the ACL rule. ----End
Example
To filter all TCP packets, do as follows:
huawei(config)#acl 5000 huawei(config-acl-adv-5000)#rule permit 06 ff 27 huawei(config-acl-adv-5000)#quit huawei(config)#display acl 5000 User ACL 5000, 1 rule Acl's step is 5 rule 5 permit 06 ff 27
Related Operation
Table 20-13 lists the related operation for creating a customized ACL rule. Table 20-13 Related operation for creating a used defined ACL rule To Delete an ACL rule Run the Command undo rule
20.13 Activating an ACL

This topic describes how to activate a configured ACL to validate it.
Prerequisite
The ACL to be activated must be configured, and the port for which the ACL is to be activated must work in the normal state.
Procedure
Step 1 Run the packet-filter command to activate an ACL. Step 2 Run the display packet-filter port command and you can find that the ACL is activated. ----End
Example
To activate ACL 3000 of port 0/11/0, do as follows:
huawei(config)#packet-filter inbound ip-group 3000 port 0/11/0 huawei(config)#display packet-filter port 0/11/0 port0/11/0 Inbound: inbound Acl 3000 rule 1 port 0/11/0 running
Related Operation
Table 20-14 lists the related operation for activating the ACL of a port. Table 20-14 Related operation for activating the ACL of a port To... Deactivate an ACL Run the Command... undo packet-filter
Issue 02 (2008-04-25)
20-21
21 QoS Configuration
21
About This Chapter
NOTE
QoS Configuration
This topic describes the QoS configuration examples and related configuration operations on the MA5600T.
21.1 Overview This topic describes various QoS functions and their applications on the MA5600T. 21.2 Configuration Example of Queue Scheduling This topic provides an example for configuring queue scheduling so that services with different priorities have different scheduling policies. Then corresponding QoS of these services can be guaranteed. 21.3 Configuration Example of Traffic Management Based on service streams This topic provides an example for configuring the IP and ATM traffic profiles to manage the traffic of different service streams through different traffic profiles. 21.4 Configuration Example of Traffic Management Based on ACL rules This topic provides an example for applying different ACL rules to different VLANs to implement flow control on upstream services transmitted through different VLANs. 21.5 Configuring the Traffic Management Based on service streams This topic describes the types and application of the traffic profile supported by the MA5600T. The MA5600T specifies different traffic profiles for different streams to implement the traffic management based on service streams. 21.6 Configuring the Traffic Management Based on Port + CoS
Issue 02 (2008-04-25)
21-1
This topic describes how to configure the traffic management based on port + CoS to specify a specified IP traffic profile for service streams that have the same 802.1p priority and are borne on the same port. This facilitates the service traffic management through the traffic profile. 21.7 Configuring Queue Scheduling A queue is the unit of the packet scheduling in the physical port. After the queue scheduling is configured, the packet of the key service can be processed in time when the network congestion occurs. 21.8 Configuring Traffic Management Based on ACL rules This topic describes the function of filtering the traffic of the port through the ACL rule and manages the traffic that complies with the ACL rule. 21.9 Enabling the Line Rate Limit on an Upstream Port This topic describes how to enable the line rate limit on a specified upstream port.
21-2
Issue 02 (2008-04-25)
21.1 Overview
This topic describes various QoS functions and their applications on the MA5600T.
Service Description
Quality of service (QoS) means the performance of the data stream that passes the network. By setting different parameters of the QoS, such as service availability, throughput, time delay, jitter, and loss rate, you can provide users with high quality services. For details on QoS, refer to "QoS" in the MA5600T Feature Description.
The MA5600T mainly supports the following QoS functions:
l l
Traffic management based on service streams Traffic management based on port + CoS

If this mode is configured based on a service board, it is valid to all ports of the board. The AIUG, GPON, and ETHAGPON and ETHA boards do not support this mode.
Queue scheduling The MA5600T supports the following queue scheduling modes:

PQ: Strict-Priority queue WRR: Weighted Round Robin PQ + WRR
l l
Traffic management based on ACL rules Line rate limit on an upstream port
21.2 Configuration Example of Queue Scheduling

This topic provides an example for configuring queue scheduling so that services with different priorities have different scheduling policies. Then corresponding QoS of these services can be guaranteed.
Networking
Figure 21-1 shows an example network for configuring queue scheduling. The MA5600T is configured with the queue scheduling policy based on the service type. The VoIP service priority is 7, the video service priority is 6, and the Internet service priority is 5. When congestion occurs, the system can ensure that the service stream with higher priority can be processed in time, and can also guarantee the QoS of services with lower priority.
Issue 02 (2008-04-25)
21-3
Figure 21-1 Example network for configuring queue scheduling

LAN switch
MA5600T
Internet
IPTV
VoIP
Data Plan
Table 21-1 provides the data plan for configuring queue scheduling. Table 21-1 Data plan for configuring queue scheduling Item Mapping between the queue and the priority Data Adopts the default mapping and needs no separate configuration. Queue 0: 0 (802.1p) Queue 1: 1 (802.1p) Queue 2: 2 (802.1p) Queue 3: 3 (802.1p) Queue 4: 4 (802.1p) Queue 5: 5 (802.1p) Queue 6: 6 (802.1p) Queue 7: 7 (802.1p) Queue buffer Buffer ratio of each queue Queue 0: 7% Queue 1: 6% Queue 2: 13% Queue 3: 13% Queue 4: 12% Queue 5: 12% Queue 6: 25% Queue 7: 12%
21-4
Issue 02 (2008-04-25)
Item Queue scheduling mode
Data 2PQ + 6WRR Where: Queues 7 and 6 adopt the PQ mode, and other queues adopt the WRR mode.
Figure 21-2 shows the flowchart for configuring queue scheduling. Figure 21-2 Flowchart for configuring queue scheduling
Start
Map the queue to the 802.1 priority of the packet (optional)
Configure the queue buffer (optional)
Configuration queue scheduling mode
Save the data
End
Procedure
Step 1 Map the queue to the 802.1 priority of the packet.
huawei(config)#cos-queue-map cos0 0 cos1 1 cos2 2 cos3 3 cos4 4 cos5 5 cos6 6 cos7 7 huawei(config)#display cos-queue-map CoS and queue map: -----------------------CoS Queue ID -----------------------0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 ------------------------
Step 2 Configure the queue buffer.

huawei(config)#queue-buffer 7 6 13 13 12 12 25 12 huawei(config)#display queue-buffer
Issue 02 (2008-04-25)
21-5
-----------------------Queue Depth size ratio -----------------------0 7 1 6 2 13 3 13 4 12 5 12 6 25 7 12 ------------------------
Step 3 Configuration queue scheduling mode.

huawei(config)#queue-scheduler wrr 5 5 10 10 10 60 0 0 huawei(config)#display queue-scheduler Queue scheduler mode : WRR --------------------------------Queue Scheduler Mode WRR Weight --------------------------------0 WRR 5 1 WRR 5 2 WRR 10 3 WRR 10 4 WRR 10 5 WRR 60 6 PQ -7 PQ ----------------------------------

huawei(config)#save
----End
Result
When network congestion occurs, the system performs scheduling based on the configured scheduling policy.
21.3 Configuration Example of Traffic Management Based on service streams

This topic provides an example for configuring the IP and ATM traffic profiles to manage the traffic of different service streams through different traffic profiles.
Networking
Figure 21-3 shows an example network for configuring the traffic management based on service streams. The MA5600T is accessed with the broadband service through ADSL port 0/11/0 and ATM port 0/6/0. To implement the traffic management on this service, select or configure the proper IP and ATM profiles, and bind the profiles with the specified service streams.
21-6
Issue 02 (2008-04-25)
Figure 21-3 Example network for configuring the traffic management based on service streams
LAN switch
MA5600T
ADSL user
ATM access device
Data Plan
Table 21-2 provides the data plan for configuring the traffic management based on service streams. Table 21-2 Data plan for configuring the traffic management based on service streams Item ADSL Internet service Data IP traffic profile with the index of 7
l l l
Access rate: 3072 kbit/s Priority: 6 Scheduling policy: Local-Setting
Upstream port: 0/9/0 Upstream VLAN: 10, with the type of smart VLAN Access port: 0/11/0 ATM Internet service ATM traffic profile with the index of 5 (the default profile)
l l
Service type: UBR Access rate: 3072 kbit/s
Upstream port: 0/9/0 Upstream VLAN: type 10, and smart VLAN Access port: 0/6/0
Figure 21-4 shows the flowchart for configuring the traffic management based on service streams.
Issue 02 (2008-04-25)
21-7
Figure 21-4 Flowchart for configuring the traffic management based on service streams
Start
Is there the proper traffic profile? Yes Specify a traffic profile for the service stream
No Configure a traffic profile
End
Procedure
l Configure the traffic management of the ADSL service. 1. Check whether the proper IP traffic profile exists in the system.
huawei(config)#display traffic table ip from-index 0 ------------------------------------------------------------------------TID CIR(kbps) CBS(bytes) PIR(kbps) PBS(bytes) Pri Copy-policy Pri-Policy ------------------------------------------------------------------------0 1024 34768 2048 69536 6 tag-pri 1 2496 81872 4992 163744 6 tag-pri 2 512 18384 1024 36768 0 tag-pri 3 576 20432 1152 40864 2 tag-pri 4 64 4048 128 8096 4 tag-pri 5 2048 67536 4096 135072 0 tag-pri 6 off off off off 0 tag-pri ------------------------------------------------------------------------Total Num : 7
2.
Configure a proper IP traffic profile.

huawei(config)#traffic table ip index 7 cir 3072 priority 6 prioritypolicy local-Setting Create traffic descriptor record successfully -------------------------------------------TD Index : 7 Priority : 6 Copy Priority : Priority Policy : local-pri CIR : 3072 kbps CBS : 100304 bytes PIR : 6144 kbps PBS : 200608 bytes Referenced Status: not used --------------------------------------------
3. l
Bind the IP traffic profile with the service stream.

huawei(config)#service-port vlan 10 adsl 0/11/0 rx-cttr 7 tx-cttr 7
Configure the traffic management of the ATM service. 1. Check whether the proper ATM traffic profile exists in the system.
huawei(config)#display traffic table atm from-index 0 Traffic parameters for ATM service: ---------------------------------------------------------------------------TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/
21-8
Issue 02 (2008-04-25)

SHAPE Type 1/10us Type kbps kbps kbps kbps
cells
---------------------------------------------------------------------------0 cbr 2 1024 -----off/ -1 cbr 2 2500 -----off/ -2 ubr 2 512 -----on / -3 nrt-vbr 5 1200 -600 -250 -on / -4 rt-vbr 15 128 --64 300 10000000 on / off 5 ubr 2 2048 -----on / -6 ubr 1 ------off/ ----------------------------------------------------------------------------Total Num : 7 Traffic type definition: 1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr 4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr 7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr 10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt 13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt ----------------------------------------------------------------------------
2.
Bind the default ATM traffic profile 5 with the service stream.
huawei(config)#service-port vlan 10 atm 0/6/0 vpi 0 vci 35 rx-cttr 5 upc off tx-cttr 5 upc off
----End
Result
The system manages the traffic of the ADSL and ATM services respectively based on the specified traffic profiles.
21.4 Configuration Example of Traffic Management Based on ACL rules

This topic provides an example for applying different ACL rules to different VLANs to implement flow control on upstream services transmitted through different VLANs.
Networking
Figure 21-5 shows an example network for configuring the traffic management based on ACL rules.
The MA5600T transmits the service streams to the upper layer network through VLANs 10, 20, and 30. To manage the service stream received through different VLANs, the MA5600T applies different ACL rules to different VLANs for flow control. Figure 21-5 Example network for configuring the traffic management based on ACL rules
LAN switch VLAN 10, 20, and 30 MA5600T
PC
PC
PC
Data Plan
Table 21-3 provides the data plan for configuring the traffic management based on ACL rules. Table 21-3 Data plan for configuring the traffic management based on ACL rules Item Upstream port Data Upstream port: 0/9/0 Upstream VLAN: 10, 20, and 30, with the type of smart VLAN ACL rule ACL number: 4100 (link ACL) Rule 5: allowing passing the packet from VLAN 10. Rule 10: allowing passing the packet from VLAN 20. Rule 15: allowing passing the packet from VLAN 30. Flow control policy Limits VLAN 10 to receive the traffic with bandwidth of 6400 kbit/s. Limits VLAN 20 to receive the traffic with bandwidth of 12800 kbit/s. Limits VLAN 30 to receive the traffic with bandwidth of 19200 kbit/s.
Figure 21-6 shows the flowchart for configuring the traffic management based on ACL rules.
21-10
Issue 02 (2008-04-25)
Figure 21-6 Flowchart for configuring the traffic management based on ACL rules
Start Configure the upstream port Configure the ACL rule Configure the flow control policy Save the data
End
Procedure
Step 1 Configure the upstream port.
huawei(config)#vlan 10,20,30 smart huawei(config)#port vlan 10,20,30 0/9 0
Step 2 Configure the ACL rule.

huawei(config)#acl 4100 huawei(config-acl-link-4100)#rule permit source 10 huawei(config-acl-link-4100)#rule permit source 20 huawei(config-acl-link-4100)#rule permit source 30 huawei(config-acl-link-4100)#quit
Step 3 Configure the flow control policy.

huawei(config)#traffic-limit inbound link-group 4100 rule 5 6400 port 0/9/0 huawei(config)#traffic-limit inbound link-group 4100 rule 10 12800 port 0/9/0 huawei(config)#traffic-limit inbound link-group 4100 rule 10 19200 port 0/9/0

huawei(config)#save
----End
Result
The service traffic received in VLANs 10, 20, and 30 do not exceed their respective flow control bandwidth.
21.5 Configuring the Traffic Management Based on service streams

This topic describes the types and application of the traffic profile supported by the MA5600T. The MA5600T specifies different traffic profiles for different streams to implement the traffic management based on service streams.
Overview
The MA5600T performs the traffic management by specifying a traffic profile for each service stream accessing the device. By default, the system supports the traffic management based on service streams. 21.5.1 Configure the IP Traffic Profile This topic describes how to configure the IP traffic profile. The IP traffic profile defines multiple traffic parameters. When configuring a service port, apply the IP traffic profile to the port and manages the traffic of the port through the traffic parameters defined in the profile. 21.5.2 Configure the ATM Traffic Profile The ATM traffic profile defines ATM traffic parameters. When configuring the service connection, apply the ATM traffic profile to the service port and manages the ATM service traffic through the traffic parameters defined in the profile.
21.5.1 Configure the IP Traffic Profile

This topic describes how to configure the IP traffic profile. The IP traffic profile defines multiple traffic parameters. When configuring a service port, apply the IP traffic profile to the port and manages the traffic of the port through the traffic parameters defined in the profile.
l
The system contains seven default IP traffic profiles with the IDs of 0-6. You can run the display traffic table command to query the traffic parameters of these default traffic profiles. It is recommended to select the default traffic profiles first. You need to configure a new IP traffic profile only when the default traffic profiles cannot meet the demand.
Table 21-4 lists the traffic parameters defined in the IP traffic profile. Table 21-4 Traffic parameters defined in the IP traffic profile Item Parameters of two rate three color management Parameter Description CIR: committed information rate CBS: committed burst size PIR: peak information rate PBS: peak burst size
NOTE
l CIR is mandatory, and the other three parameters are optional. If you
configure only the CIR, the system calculates the other three parameters based on the formula.
l According to the four parameters, the system marks the service packet with
color. The red packet is discarded directly, and the packets of the other two colors are marked on its DEI field of the VLAN tag, with 1 on the yellow packet and 0 on the green one.
21-12
Issue 02 (2008-04-25)
Item Priority policy
Parameter Description The priority policies are classified into the following three types:
l l
Specified priority: specifying the 802.1p priority for the packet. user-cos: copying the 802.1p priority in the VLAN of the packet to the VLAN of the upstream packet. user-cos: copying the ToS priority in the VLAN of the packet to the VLAN of the upstream packet.
Scheduling policy
The scheduling policies are classified into the following two types:
l
Tag-In-Package: The system performs scheduling based on the 802.1p priority of the packet. Local-Setting: the local priority. The system performs scheduling based on the 802.1p priority specified in the traffic profile bound with the service stream.
NOTE The scheduling policy is only valid to the downstream packet.
Procedure
Step 1 Run the traffic table ip command to configure the traffic profile. Step 2 Run the display traffic table ip command to query the traffic profile. ----End
Example
To add IP traffic profile 9, with the CIR as 2048 kbit/s, the 802.1p priority of the upstream packet as 6, and the scheduling policy of downstream packet as tag-in-package, do as follows:
huawei(config)#traffic table ip index 9 cir 2048 priority 6 priority-policy tag-InPackage Create traffic descriptor record successfully -------------------------------------------TD Index : 9 Priority : 6 Copy Priority : Priority Policy : tag-pri CIR : 2048 kbps CBS : 67536 bytes PIR : 4096 kbps PBS : 135072 bytes Referenced Status: not used -------------------------------------------huawei(config)#display traffic table ip index 9 -------------------------------------------TD Index : 9 Priority : 6 Copy Priority : Priority Policy : tag-pri CIR : 2048 kbps CBS : 67536 bytes PIR : 4096 kbps PBS : 135072 bytes
Issue 02 (2008-04-25)
21-13

Referenced Status: not used --------------------------------------------
Related Operations
Table 21-5 lists the related operations for configuring the traffic entry. Table 21-5 Related operations for configuring the traffic entry To... Delete the IP traffic profile Modify the IP traffic profile Run the Command... undo traffic table ip traffic table ip modify Remarks Only the traffic entry that is not applied can be deleted.
l
The priority policy and the scheduling policy in the traffic profile cannot be modified. The default and the applied traffic profiles can be modified.
21.5.2 Configure the ATM Traffic Profile

The ATM traffic profile defines ATM traffic parameters. When configuring the service connection, apply the ATM traffic profile to the service port and manages the ATM service traffic through the traffic parameters defined in the profile.
l
The system contains seven default ATM traffic profiles with the IDs of 0-6. You can run the display traffic table atm command to query the traffic parameters of these default traffic profiles. It is recommended to select the default traffic profiles first. You need to configure a new traffic profile only when the default traffic profiles cannot meet the demand.
Table 21-6 lists the relations between the service type, traffic description, and traffic parameters. Table 21-6 Relations between the service type, traffic description, and traffic parameters. Service Type Constant bit rate (CBR) Traffic Description Type ClpNoTaggingNoScr Parameter Description Clp01Pcr: peak cell rate (PCR) with the CLP of 0 + 1 Clp01Pcr: PCR with the CLP of 0 ClpNoTaggingNoScr Clp01Pcr: PCR with the CLP of 0 + 1 Cdvt: cell delay variation tolerance ClpTransparentNoScr Clp01Pcr: PCR with the CLP of 0 + 1 Cdvt: cell delay variation tolerance
Service Type
Traffic Description Type ClpNoTaggingNoScr NoClpNoScrCdvt
Parameter Description Clp01Pcr: PCR with the CLP of 0 + 1 Clp01Pcr: PCR with the CLP of 0 + 1 Cdvt: cell delay variation tolerance
real-time Variable Bit Rate (rt_VBR)
ClpNoTaggingScrCdvt ClpTaggingScrCdvt ClpTransparentScr NoClpScrCdvt
Clp01Pcr: PCR with the CLP of 0 + 1 Clp0Scr: SCR with the CLP of 0 + 1 Mbs: maximum burst size Cdvt: cell delay variation tolerance Clp01Pcr: PCR with the CLP of 0 + 1 Clp0Scr: SCR with the CLP of 0 + 1 Mbs: maximum burst size Clp01Pcr: PCR with the CLP of 0 + 1 Clp01Pcr: PCR with the CLP of 0 + 1 Cdvt: cell delay variation tolerance
Non-real-time variable bit rate (nrt_VBR)
ClpNoTaggingScr ClpTaggingScr NoClpScr
Unspecified bit rate (UBR)
NoClpNoScr NoClpNoScrCdvt
NoClpTaggingNoScr
Clp01Pcr: PCR with the CLP of 0 + 1 Cdvt: cell delay variation tolerance
NoTrafficDescriptor
Table 21-7 lists the application scenario of the ATM services. Table 21-7 Application scenario of the ATM services Service Type CBR Application Scenario CBR service is used for connections that require static bandwidth and top priority. CBR features high stability and low burst. Data services are delivered in fixed period. Typical applications of CBR services are circuit service, emulation voice service and video service. Peak cell rate (PCR) is the only parameter required for applying CBR service. Cells are delivered at the source end at the PCR rate or a rate below PCR.
Issue 02 (2008-04-25)
21-15
Service Type rt_VBR
Application Scenario rt-VBR service is very sensitive to delay and jitter. Typical applications of rt-VBR are voice service and video service. Compared with CBR service, rt-VBR service allows a certain degree of delay. The data may be delivered at the source end at different rates. Parameters required for applying rt-VBR service include PCR, SCR, and MBS. nrt-VBR service is used for connections in which there is no fixed timing relationship between samples. Compared with rt-VBR, nrt-VBR has lower priority than rt-VBR. Parameters required for service application include PCR, SCR, and MBS. UBR service is used for services with high burst and without real-time requirement. UBR users only demand optimum network service, but require no guarantee on quality of service (QoS). The network offers no QoS guarantee for UBR service. In the case of network congestion, UBR cells are the first to be discarded. Error correction is implemented by the upper layer protocols. Typical applications of UBR service are FTP and E-mail.
nrt_VBR
UBR
Procedure
Step 1 Run the traffic table atm command to configure the ATM traffic profile. Step 2 Run the display traffic table atm command to query the ATM traffic profile. ----End
Example
To add ATM traffic profile 12, with the service type of UBR, traffic description type of NoClpNoScr and 2048 kbit/s, and Clp01Pcr of 2048 kbit/s, do as follows:
huawei(config)#traffic table atm index 12 srvcategory ubr tdtype noclpnoscr clp01Pcr 2048 Create traffic descriptor record successfully ----------------------------------------------------------------------------TD Index : 12 Priority : 0 Priority Policy : tag-pri TD Type : NoClpNoScr Service Category : ubr Referenced Status: not used EnPPDISC : off Clp01Pcr : 2048 kbps ----------------------------------------------------------------------------huawei(config)#display traffic table atm index 12 ----------------------------------------------------------------------------TD Index : 12 Priority : 0 Priority Policy : tag-pri TD Type : NoClpNoScr Service Category : ubr Referenced Status: not used EnPPDISC : off
21-16
Issue 02 (2008-04-25)
Clp01Pcr : 2048 kbps -----------------------------------------------------------------------------
Related Operation
Table 21-8 lists the related operation for configuring the traffic entry. Table 21-8 Related operation for configuring the traffic entry To... Delete the ATM traffic profile Run the Command... undo traffic table atm Remarks Only the traffic entry that is not applied can be deleted.
21.6 Configuring the Traffic Management Based on Port + CoS

This topic describes how to configure the traffic management based on port + CoS to specify a specified IP traffic profile for service streams that have the same 802.1p priority and are borne on the same port. This facilitates the service traffic management through the traffic profile.
l
Traffic management based on service streams and based on port + CoS are mutually exclusive. By default, the system supports traffic management based on service streams. If the board is configured with the service stream, the traffic management mode cannot be modified. You cannot set or query the CAR mode of a GPON service board. The AIUG and GPON boards supportGPON board supports only the traffic management based on service streams while not supporting that based on port + CoS.
l l
Procedure
Step 1 Run the car-mode command to set the traffic management mode of a service board as port + CoS.
NOTE
l l l
The configured traffic management mode is valid to all ports of the board. service-port: traffic management mode based on service streams, which is the default mode. port-cos: traffic management mode based on port + CoS.
Step 2 Run the car-port command to set the 802.1p priority of the a port, bind the IP traffic profile with the service stream that matches the set priority, and manage the traffic of the service stream through the profile. Step 3 Run the display car-mode command to query the traffic management mode of the service board. Step 4 Run the display car-mode command to query the traffic management mode of the port. ----End
Example
Assume that the packets with the 802.1p priority of 4 on port 0 in upstream is bound with IP traffic profile 2 and those in downstream is bound with profile 5, and the packets with the 802.1p priority of 6 on port 0 in upstream is bound with IP traffic profile 2 and those in downstream is bound with profile 7. To set the traffic management mode of service board 0/2 to port + COS, do as follows:
huawei(config)#interface adsl 0/2 huawei(config-if-adsl-0/2)#car-mode port-cos huawei(config-if-adsl-0/2)#car-port 0 cos 4 inbound 2 outbound 5 huawei(config-if-adsl-0/2)#car-port 0 cos 6 inbound 2 outbound 7 huawei(config-if-adsl-0/2)#display car-mode The CAR mode of the board : port-cos huawei(config-if-adsl-0/2)#display car-port 0 ------------------------------------Port CoS Inbound-index Outbound-index ------------------------------------0 4 2 5 0 6 2 7 -------------------------------------
21.7 Configuring Queue Scheduling

A queue is the unit of the packet scheduling in the physical port. After the queue scheduling is configured, the packet of the key service can be processed in time when the network congestion occurs.
Features of Queue Scheduling

l
The system performs queue scheduling based on the queue priority. The larger the queue number, the higher the priority. The mapping between the queue and the 802.1 priority of the packet can be configured. The queue buffer size can be configured. Three queue scheduling modes are supported:

l l l
PQ: strict-priority queue WRR: Weighted Round Robin PQ + WRR

NOTE
By default, the system adopts PQ mode.
21.7.1 Configuring the Queue Scheduling Mode This topic describes how to configure the queue scheduling mode for ensuring that the packet in the queue with higher priority can be processed in time in the case of congestion. 21.7.2 Mapping the 802.1p Priority to Queues This topic describes how to map the 802.1p priority to queues so that packets with different 802.1p priorities map to the specified queues based on the configured mapping. This enhances the flexibility of mapping packets to the queue. 21.7.3 Configuring the Queue Buffer of a Service Board This topic describes how to configure the buffer size for the queue. After the configuration, buffer sizes are re-allocated to queues to guarantee a flexible QoS.
21.7.1 Configuring the Queue Scheduling Mode

This topic describes how to configure the queue scheduling mode for ensuring that the packet in the queue with higher priority can be processed in time in the case of congestion.
The MA5600T supports the following three queue scheduling modes: Strict-Priority Queue (PQ) and Weighted Round Robin (WRR) and PQ+WRR.
l
Strict-Priority Queue (PQ) PQ gives preference to packets in a high priority queue. When a high priority queue is empty, packets in a queue of lower priority are sent. By default, PQ mode is adopted.
Weighted Round Robin (WRR) The system supports WRR for eight queues. Each queue has a weight value (w7, w6, w5, w4, w3, w2, w1 and w0 in descending order) for resource acquisition. WRR is performed for the queues by turns. This guarantees that each queue can obtain certain service time. Table 21-9 lists the mapping between the queue weight and the actual queue. Table 21-9 Mapping between the queue weight and the actual queue Queue Number Configured Weight Actual Queue Weight (the port supporting 8 queues) W7 W6 W5 W4 W3 W2 W1 W0 Actual Queue Weight (the port supporting 4 queues) W7+W6 W5+W4 W3+W2 W1+W0
7 6 5 4 3 2 1 0
W7 W6 W5 W4 W3 W2 W1 W0
Wn: indicates the weight of queue n. The weight sum of queues must be equal to 100.
l
PQ + WRR
The system supports PQ for some queues and WRR for the other queues. When the value of WRR is 0, it indicates that this queue adopts the PQ mode. The queues adopting the PQ mode must be the ones with higher priorities. The weight sum of queues must be equal to 100.
Issue 02 (2008-04-25)
Procedure
Step 1 Run the queue-scheduler command to configure the queue scheduling mode. Step 2 Run the display queue-scheduler command to query configuration of the queue scheduling. ----End
Examples
To configure a WRR scheduler and assign these weight values to the eight queues: 10, 10, 20, 20, 10, 10, 10 and 10, do as follows:
huawei(config)#queue-scheduler wrr 10 10 20 20 10 10 10 10 huawei(config)#display queue-scheduler Queue scheduler mode : WRR --------------------------------Queue Scheduler Mode WRR Weight --------------------------------0 WRR 10 1 WRR 10 2 WRR 20 3 WRR 20 4 WRR 10 5 WRR 10 6 WRR 10 7 WRR 10 ---------------------------------
To configure a PQ+WRR scheduler and assign these weight values to the six queues: 20, 20, 10, 30, 10, and 10, do as follows:
huawei(config)#queue-scheduler wrr 20 20 10 30 10 10 0 0 huawei(config)#display queue-scheduler Queue scheduler mode : WRR --------------------------------Queue Scheduler Mode WRR Weight --------------------------------0 WRR 20 1 WRR 20 2 WRR 10 3 WRR 30 4 WRR 10 5 WRR 10 6 PQ -7 PQ ----------------------------------
Related Operations
Table 21-10 lists the related operations for configuring the queue scheduling mode. Table 21-10 Related operations for configuring the queue scheduling mode To Restore the default queue scheduling setting Configure the mapping between the 802.1p priority and the queue
21-20
Run the Command undo queue-scheduler cos-queue-map
Issue 02 (2008-04-25)
To Configure the queue buffer of a service board
Run the Command queue-buffer
21.7.2 Mapping the 802.1p Priority to Queues

This topic describes how to map the 802.1p priority to queues so that packets with different 802.1p priorities map to the specified queues based on the configured mapping. This enhances the flexibility of mapping packets to the queue.
l l
The configuration applies to all the service boards in the system. By default, the mapping between the 802.1p priority and queues is as shown in Table 21-11. Table 21-11 Mapping between the 802.1p priority and queue Queue Number Actual Queue Number (the port supporting 8 queues) 7 6 5 4 3 2 1 0 Actual Queue Number (the port supporting 4 queues) 3 3 2 2 1 1 0 0 802.1p Priority
7 6 5 4 3 2 1 0
7 6 5 4 3 2 1 0
Procedure
Step 1 Run the cos-queue-map command to map the 802.1p priority to the queues. Step 2 Run the display cos-queue-map command to query the mapping setting. ----End
Example
To map 802.1p priority 0 to queue 0, 802.1p priority 1 to queue 2, and others to queue 6, do as follows:
huawei(config)#cos-queue-map cos0 0 cos1 2 cos2 6 cos3 6 cos4 6 cos5 6 cos6 6 cos7 6 huawei(config)#display cos-queue-map CoS and queue map: -----------------------CoS Queue ID -----------------------0 0 1 2 2 6 3 6 4 6 5 6 6 6 7 6 ------------------------
Related Operations
Table 21-12 lists the related operations for mapping the 802.1p priority to the queue of a service board. Table 21-12 Related operations for mapping the 802.1p priority to the queue of a service board To... Restore the default mapping setting Configure the queue buffer of a service board Configure the queue scheduling mode Run the Command... undo cos-queue-map queue-buffer queue-scheduler
21.7.3 Configuring the Queue Buffer of a Service Board

This topic describes how to configure the buffer size for the queue. After the configuration, buffer sizes are re-allocated to queues to guarantee a flexible QoS.
The queue buffer determines the capacity of queues for handling the burst packet. The larger the queue buffer, the stronger the capacity for handling the burst packet. The buffer size of a port is set by proportion. Table 21-13 lists the default buffer size. Table 21-13 Default buffer size Queue Number 7 6 5
21-22
Queue Buffer (the port supporting 8 queues) L7 (Default: 6) L6 (Default: 25) L5 (Default: 12)
Actual queue number (the port supporting 4 queues) Issue 02 (2008-04-25)
Queue Number 4 3 2 1 0
Queue Buffer (the port supporting 8 queues) L4 (Default: 12 L3 (Default: 13) L2 (Default: 13) L1 (Default: 6) L0 (Default: 13)
Actual queue number (the port supporting 4 queues) L7+L6 (Default: 31) L5+L4 (Default: 24) L3+L2 (Default: 26) L1+L0 (Default: 18)
Ln: indicates the buffer size of queue n. The sum of proportions must be equal to 100.
Procedure
Step 1 Run the queue-buffer command to configure the buffer size for the queue of a service board. Step 2 Run the display queue-buffer command to query the buffer size configuration for the queue of a service board. ----End
Example
To configure the buffer size proportion of the eight queues as 20, 20, 10, 10, 10, 10, 10 and 10, do as follows:
huawei(config)#queue-buffer 20 20 10 10 10 10 10 10 huawei(config)#display queue-buffer -----------------------Queue Depth size ratio -----------------------0 20 1 20 2 10 3 10 4 10 5 10 6 10 7 10 ------------------------
Related Operations
Table 21-14 lists the related operations for configuring the queue buffer of a service board. Table 21-14 Related operations for configuring the queue buffer of a service board To... Restore the default buffer setting Configure the queue scheduling
Issue 02 (2008-04-25)
Run the Command... undo queue-buffer queue-scheduler

21-23
To... Map the 802.1p priority to the priority queue
Run the Command... cos-queue-map
21.8 Configuring Traffic Management Based on ACL rules

This topic describes the function of filtering the traffic of the port through the ACL rule and manages the traffic that complies with the ACL rule. 21.8.1 Enabling Traffic Limit This topic describes how to enable traffic limit of packets matching an ACL rule on a specified port, and processing the traffic that exceeds the limit such as adding the DSCP tag or discarding the packet directly. 21.8.2 Adding a Priority Tag to Packets This topic describes how to add a priority tag to packets matching an ACL on a specified port so that the traffic can obtain the service that match the specified priority. The priority tag type can be ToS, DSCP, and 802.1p. 21.8.3 Enabling the Traffic Statistics This topic describes how to enable the traffic statistics for packets matching an ACL on a port to analyze and monitor this traffic. 21.8.4 Enabling the Traffic Mirroring This topic describes how to mirror the traffic matching an ACL rule on a port to a specified port. Mirroring does not affect receiving and transmitting packets on the mirroring source port. You can monitor the traffic of the mirroring source port through analyzing the traffic that passes the mirroring destination port. 21.8.5 Enabling the Traffic Redirection This topic describes how to enable the redirection of packets matching an ACL on a port. After this operation is executed successfully,, the original port does not forward packets matching the ACL, but the specified port forwards the packets.
21.8.1 Enabling Traffic Limit

This topic describes how to enable traffic limit of packets matching an ACL rule on a specified port, and processing the traffic that exceeds the limit such as adding the DSCP tag or discarding the packet directly.
Prerequisite
The ACL and its rule have been configured, and the port for traffic limit is working in the normal state.
l l
The traffic limitation is only valid for permit rules of an ACL. The limited traffic must be a multiple of 64.
21-24
Issue 02 (2008-04-25)
Procedure
Step 1 Run the traffic-limit command to enable traffic limit of packets matching an ACL rule on a specified port. Step 2 Run the display qos-info traffic-limit port command to query the traffic limitation information on the specified port. ----End
Example
To limit the traffic received on port 0/11/0 that matches the rules of ACL 2001 to 512 kbit/s, and mark the DSCP priority tag (af1) to packets that exceed the limitation, do as follows:
huawei(config)#traffic-limit inbound ip-group 2001 512 exceed remark-dscp af1 port 0/11/0 huawei(config)#display qos-info traffic-limit port 0/11/0 traffic-limit: port 0/11/0: Inbound: Matches: Acl 2001 rule 5 running Target rate: 512 Kbps Exceed action: remark-dscp af1
Related Operation
Table 21-15 lists the related operation for enabling traffic limit of packets matching an ACL on a specified port. Table 21-15 Related operation for enabling traffic limit of packets matching an ACL on a specified port To Disable the traffic limitation of packets matching an ACL rule on a specified port Run the Command undo traffic-limit
21.8.2 Adding a Priority Tag to Packets

This topic describes how to add a priority tag to packets matching an ACL on a specified port so that the traffic can obtain the service that match the specified priority. The priority tag type can be ToS, DSCP, and 802.1p.
Prerequisite
The ACL and its rule have been configured, and the port involved in adding a priority tag to packets is working in the normal state.
l l
This operation is only valid for permit rules of an ACL. The ToS priority and the DSCP priority cannot be configured at the same time.
Issue 02 (2008-04-25)
Procedure
Step 1 Run the traffic-priority command to add a priority tag to packets matching an ACL on a specified port. Step 2 Run the display qos-info traffic-priority port command to query the configured priority. ----End
Example
l l
DSCP priority level: 10 (af1) Local priority level: 0
To add a priority tag to packets received on port 0/11/0 that match ACL 2001, do as follows:
huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0 port 0/11/0 huawei(config)#display qos-info traffic-priority port 0/11/0 traffic-priority: port 0/11/0: Inbound: Matches: Acl 2001 rule 5 running Priority action: dscp af1 cos background
Related Operation
Table 21-16 lists the related operation for adding a priority tag to packets matching an ACL on a specified port. Table 21-16 Related operation for adding a priority tag to packets matching an ACL on a specified port To Cancel the priority tag of the traffic that matches an ACL Run the Command undo traffic-priority
21.8.3 Enabling the Traffic Statistics

This topic describes how to enable the traffic statistics for packets matching an ACL on a port to analyze and monitor this traffic.
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic statistics is working in the normal state.
The traffic statistics function is only valid for permit rules of an ACL.
Procedure
Step 1 Run the traffic-statistic command to measure traffic matching an ACL on a specified port. Step 2 Run the display qos-info traffic-statistic port command to query the traffic statistics for packets matching an ACL on the specified port. ----End
Example
To measure the packets received at port 0/9/0 that match ACL 2001, do as follows:
huawei(config)#traffic-statistic inbound ip-group 2001 port 0/9/0 huawei(config)#display qos-info traffic-statistic port 0/9/0 traffic-statistic: port 0/9/0: Inbound: Matches: Acl 2001 rule 5 0 packet
running
Related Operations
Table 21-17 lists the related operations for enabling the traffic statistics for packets matching an ACL on a port. Table 21-17 Related operations for enabling the traffic statistics for packets matching an ACL on a port To Clear the traffic statistics for packets that match an ACL rule on a port Disable traffic statistics for packets matching an ACL Run the Command reset traffic-statistic undo traffic-statistic
21.8.4 Enabling the Traffic Mirroring

This topic describes how to mirror the traffic matching an ACL rule on a port to a specified port. Mirroring does not affect receiving and transmitting packets on the mirroring source port. You can monitor the traffic of the mirroring source port through analyzing the traffic that passes the mirroring destination port.
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic mirroring is working in the normal state.
l
The command only works for permit rules of an ACL.

Issue 02 (2008-04-25)
l l
The mirroring destination port cannot be an aggregated port. Only one mirroring destination port is supported and the mirroring destination port must be the upstream port.
Procedure
Step 1 Run the traffic-mirror command to enable the traffic mirroring of packets matching an ACL rule on a specified port. Step 2 Run the display qos-info traffic-mirror port command to query the traffic mirroring of packets matching an ACL rule on a specified port. ----End
Example
To mirror the packets on ADSL2+ port 0/11/0 that match the rules of ACL 2001 to Ethernet port 0/9/0, do as follows:
huawei(config)#traffic-mirror inbound ip-group 2001 port 0/11/0 to port 0/9/0 huawei(config)#display qos-info traffic-mirror port 0/11/0 traffic-mirror: port 0/11/0: Inbound: Matches: Acl 2001 rule 5 Mirror to: port 0/9/0
running
Related Operation
Table 21-18 lists the related operation for enabling the traffic mirroring of packets matching an ACL rule on a specified port. Table 21-18 Related operation for enabling the traffic mirroring of packets matching an ACL rule on a specified port To Disable traffic mirroring on packets matching an ACL rule Run the Command undo traffic-mirror
21.8.5 Enabling the Traffic Redirection

This topic describes how to enable the redirection of packets matching an ACL on a port. After this operation is executed successfully,, the original port does not forward packets matching the ACL, but the specified port forwards the packets.
Prerequisite
The ACL and its rule have been configured, and the port involved in traffic redirection is working in the normal state.
l l
The traffic redirection is only valid for permit rules of an ACL. The service ports support only redirection of packets matching the ACL to upstream ports. The upstream port supports only redirection of packets matching the ACL to ports on the board of the same type.
Procedure
Step 1 Run the traffic-redirect command to redirect traffic matching an ACL on a port. Step 2 Run the display qos-info traffic-redirect port command to query the redirection information of packets matching an ACL on a port. ----End
Example
To redirect traffic matching with ACL 2001 on port 0/9/0 to port 0/9/1, do as follows:
huawei(config)#traffic-redirect inbound ip-group 2001 port 0/9/0 to port 0/9/1 huawei(config)#display qos-info traffic-redirect port 0/9/0 traffic-redirect: port 0/9/0: Inbound: Matches: Acl 2001 rule 5 running Redirected to: port 0/9/1
Related Operation
Table 21-19 lists the related operation for redirecting traffic matching an ACL on a port. Table 21-19 Related operation for redirecting traffic matching an ACL on a port To Cancel the ACL-based traffic redirection Run the Command undo traffic-redirect
21.9 Enabling the Line Rate Limit on an Upstream Port

This topic describes how to enable the line rate limit on a specified upstream port.
l
Line rate limit on the MA5600T is to limit the transmit rate of an Ethernet port on the SCU and GIU boards, instead of limiting the rate on a service port. The limited rate should be a multiple of 64.
Procedure
Step 1 Run the line-rate command to limit the line rate on a specified port.
Step 2 Run the display qos-info line-rate port command to query the line rate limit information on the specified port. ----End
Example
To limit the rate at Ethernet port 0/9/0 to 6400 kbit/s, do as follows:
huawei(config)#line-rate 6400 port 0/9/0 huawei(config)#display qos-info line-rate port 0/9/0 line-rate: port 0/9/0: Line rate: 6400 Kbps
Related Operation
Table 21-20 lists the related operation for enabling the line rate limit on an upstream port. Table 21-20 Related operation for enabling the line rate limit on an upstream port To Disable the line rate limit on a port Run the Command undo line-rate
21-30
Issue 02 (2008-04-25)
22 User Security Configuration
22
About This Chapter
User Security Configuration
This topic describes how to configure the user security on the MA5600T. 22.1 Overview This topic describes the service description and service specifications of user security. 22.2 Enabling PITP This topic describes how to enable PITP so that the device can report the user port information to the BRAS for authenticating the user. 22.3 Setting the RAIO Working Mode This topic describes how to set the Relay Agent Information Option (RAIO) working mode to correctly classify the format of the DHCP option82 tag and the PITP tag required by different operators. 22.4 Setting the Ethernet Encapsulation Type This topic describes how to set the Ethernet encapsulation type. 22.5 Enabling the DHCP Option82 Function This topic describes how to enable the DHCP option82 function so that the BRAS can authenticate the access users. The MA5600T adds the option82 field to the DHCP packets to ensure the security of the DHCP function. 22.6 Setting the Maximum Length of DHCP Packets This topic describes how to set the maximum length of DHCP packets. 22.7 Binding the IP Address This topic describes how to bind a service channel with one or more IP addresses. In this way, only the messages with the source IP address as the bound IP address can pass through the service channel. 22.8 Binding the MAC Address This topic describes how to bind a service port with a MAC address. This helps to limit the source MAC address of the packets passing through this service port to be only the bound MAC address. 22.9 Enabling the Anti MAC Spoofing This topic describes how to enable the anti MAC spoofing function. With the anti MAC spoofing function enabled, unauthorized users are prevented from sending PPPoE and DHCP control
packets through forging the MAC addresses of the valid users, thus guaranteeing the user security greatly. 22.10 Enabling the Anti IP Spoofing This operation enable the anti IP spoofing function. With the anti IP spoofing function enabled, unauthorized users are prevented from logging in to the device by forging legal IP addresses, thus guaranteeing the user security.
22-2
Issue 02 (2008-04-25)
22.1 Overview
This topic describes the service description and service specifications of user security.
Service Description
Policy Information Transfer Protocol (PITP), a member of Huawei Group Management Protocol (HGMP) family, provides the Broadband Remote Access Server (BRAS) with the information about the user port. PITP binds user accounts with the user ports to prevent the theft and roaming of user accounts. The DHCP option82 contains reliable user port information and terminal information, which are added to the DHCP packets. The DHCP option82 is used as reference for the DHCP server to allocate the IP address and other parameters. For details on the user security feature, refer to "User Security" in the MA5600T Feature Description.
The MA5600T supports the PITP V mode and P mode as well as DHCP option82 to implement binding between the user account and the user port.
l
PITP V mode (VBAS mode): After the PPPoE discovery phase, BRAS initiates a request for querying user ports, requiring the MA5600T to report the information on the user ports. The MA5600T sends the user port information to the BRAS when the MA5600T responds to messages. PITP V mode (PPPoE Tag mode): In the PPPoE discovery phase, the MA5600T initiates a request for querying user ports, and adds tags to the PPPoE authentication request messages. In this way, the user port information is sent to the BRAS.
22.2 Enabling PITP

This topic describes how to enable PITP so that the device can report the user port information to the BRAS for authenticating the user.
PITP has two modes:
l
vmode VBAS mode: The BRAS sends the VBAS request packets to the MA5600T first, and the MA5600T sends the port information to the BRAS.
pmode PPPoE mode: The MA5600T adds the tag to the PPPoE packets directly, and sends the port information to the BRAS.
You can configure the PITP in the following two modes:

l
Global configuration
Issue 02 (2008-04-25)
You can run the pitp { disable | enable { pmode | vmode } } command to disable PITP or select PITP mode. By default, the PITP is disabled globally. You can run the pitp { port frameid/slotid/portid { enable | disable } | board frameid/slotid { enable | disable } } command to enable or disable PITP of the physical port. By default, the port configuration of PITP is enabled.
Port configuration
You can switch over between P and V modes of PITP. However, the system works in only one mode. Disabling PITP invalidates both PITP modes. Global PITP configuration is of higher priority than port PITP configuration. If global PITP configuration is disabled, packets from a port do not contain user port information no matter whether the port PITP is enabled. When you enable or disable PITP of the physical port on one board, the board must be in the normal state or the offline configuration state. The ports on the control board do not support PITP, and it only transmits the PITP packets transparently. To enable DHCP option82 or PITP, you need to configure the RAIO mode first. For the configuration of the RAIO mode, see This topic "22.3 Setting the RAIO Working Mode."
l l
Procedure
Step 1 Run the pitp command to enable the PITP V mode or the PITP of the physical port. Step 2 Run the display pitp config command to query the PITP configuration. ----End
Examples
To enable the PITP V mode, do as follows:
huawei(config)#pitp enable vmode huawei(config)#display pitp config PITP is enabled. Current mode:vmode PITP sub-option90 is disabled
To enable PITP of port0/11/0the service port with GEM Port ID of 128 in port 0/11/0, do as follows:
huawei(config)#pitp port 0/11/0 enablepitp port 0/11/0 gemport 128 enable huawei(config)#display pitp port 0/11/0 configdisplay pitp port 0/11/0 gemport 128 config PITP is enabled on this port
22.3 Setting the RAIO Working Mode

This topic describes how to set the Relay Agent Information Option (RAIO) working mode to correctly classify the format of the DHCP option82 tag and the PITP tag required by different operators.
l
RAIO includes DHCP option82 and PITP tag. Because these two options are not standardized, different carriers have different formats of them. By default, the RAIO working mode is common. To differentiate the formats, set correctly the RAIO working mode before using the DHCP option82 and PITP tag function.
l l
Procedure
Step 1 Run the raio-mode command to set the RAIO working mode. Step 2 Run the display raio-mode command to query the RAIO working mode. ----End
Examples
To set the RAIO working mode as port-userlabel so that after the DHCP option82 function is enabled on the port, and the PPPoE packets contain the description of the port, do as follows:
huawei(config)#raio-mode port-userlabel dhcp-option82
To set the RAIO working mode as user-defined so that after the PITP P mode is enabled on the port, the PPPoE packets contain the user-defined description of the port, do as follows: To set the RAIO working mode as xdsl-port-rate so that after the PITP P mode is enabled on the port, the PPPoE packets contain the upstream/downstream activation rate of the port, do as follows:
huawei(config)#raio-mode xdsl-port-rate pitp-pmode huawei(config)#raio-mode user-defined pitp-pmode huawei(config)#display raio-mode { <cr>|pitp-pmode<K>|pitp-vmode<K>|dhcp-option82<K>|detail<K> }: Command: display raio-mode Current mode of PITP pmode: user-defined mode Current mode of PITP vmode: common mode Current mode of DHCP option82: xdsl-port-rate mode
22.4 Setting the Ethernet Encapsulation Type

This topic describes how to set the Ethernet encapsulation type.
When setting a protocol type, make sure that it does not conflict with any of existing protocol types, such as:
l l l l l
IP: 0x0800 ARP: 0x0806 RARP: 0x8035 802.1q: 0x8100 PPPoE: 0x8863 and0x8864
Issue 02 (2008-04-25)

NOTE
Before setting the Ethernet encapsulation type, make sure that the PITP V mode is disabled.
Procedure
Step 1 Run the pitp vmode ether-type command to set the Ethernet encapsulation type. Step 2 Run the display pitp vmode ether-type command and you can find the Ethernet encapsulation type is set successfully. ----End
Example
To set the Ethernet encapsulation type in V mode, do as follows:
huawei(config)#pitp vmode ether-type 0x8200 huawei(config)#display pitp vmode ether-type Vmode ethernet type is 0x8200
Related Operation
Table 22-1 lists the related operation for setting the Ethernet encapsulation type. Table 22-1 Related operation for setting the Ethernet encapsulation type To... Disable PITP function Run the Command... pitp disable
22.5 Enabling the DHCP Option82 Function

This topic describes how to enable the DHCP option82 function so that the BRAS can authenticate the access users. The MA5600T adds the option82 field to the DHCP packets to ensure the security of the DHCP function.
l
With the DHCP option82 function enabled, the MA5600T can add/remove the option82 field to/from DHCP packets. With the DHCP option82 function disabled, the MA5600T transparently transmits or directly forwards DHCP packets without processing them.
Procedure
Step 1 Run the dhcp option82 enable command to enable the DHCP option82. Step 2 Run the display dhcp option82 config command to query the state of the DHCP option82 function. ----End
Example
To enable the DHCP option82, do as follows:
huawei(config)#dhcp option82 enable huawei(config)#display dhcp option82 config DHCP option82 is enabled Maximum length of DHCP packet is 1300 bytes
Related Operations
Table 22-2 lists the related operations for enabling the DHCP option82. Table 22-2 Related operations for enabling the DHCP option82 To... Disable the DHCP option82 function Set the maximum length of the DHCP packet Run the Command... dhcp option82 disable dhcp option82 max-length
22.6 Setting the Maximum Length of DHCP Packets

This topic describes how to set the maximum length of DHCP packets.
l l
By default, the maximum length of DHCP packets is 1500 bytes. You can set the maximum length for the DHCP packets added with Relay Agent Information Option messages. If there are packets with length exceeding this value, the system transparently transmits these packets.
Procedure
Step 1 Run the dhcp option82 max-length command to set the maximum length of DHCP packets. Step 2 Run the display dhcp option82 config command to query the configured maximum length of DHCP packets. ----End
Example
To set the maximum length of DHCP packets to 1300 bytes, do as follows:
huawei(config)#dhcp option82 max-length 1300 huawei(config)#huawei(config)#display dhcp option82 config DHCP option82 is enabled Maximum length of DHCP packet is 1300 bytes
Issue 02 (2008-04-25)
22-7
22.7 Binding the IP Address

This topic describes how to bind a service channel with one or more IP addresses. In this way, only the messages with the source IP address as the bound IP address can pass through the service channel.
l
A service channel can be bound with up to 8 IP addresses. The bound IP address must be a unicast IP address. One port can be bound with either one IP address or eight consecutive IP addresses according to the IP address mask at one time.
Procedure
Step 1 Run the bind ip command to bind an IP address. Step 2 Run the display bind command to query the IP address binding information. ----End
Examples
To bind the IP address 10.1.1.245 of the service channel (VPI/VCI of 0/35) with ADSL port 0/11/0, do as follows: To bind the IP address 10.10.10.1 of the service channel (GEM Port ID of 128) with GPON port 0/11/0, do as follows:
huawei(config)#bind ip gpon 0/11/0 gemport 128 10.10.10.1 huawei(config)#display bind gpon 0/11/0 gemport 128 { <cr>|user-vlan<K>|user-8021p<K> }: Command: display bind gpon 0/11/0 gemport 128 ------------------------No. IP address ------------------------0 10.10.10.1 1 2 3 4 5 6 7 -------------------------
To bind IP addresses 10.10.10.1/29 of the service channel (GEM Port ID of 128) with GPON port 0/11/0 (the bound IP address segment is 0.10.10.010.10.10.7), do as follows:
huawei(config)#bind ip gpon 0/11/0 gemport 128 10.10.10.1 29 huawei(config)#display bind gpon 0/11/0 gemport 128 { <cr>|user-vlan<K>|user-8021p<K> }: Command: display bind gpon 0/12/1 gemport 128 ------------------------No. IP address -------------------------
22-8
Issue 02 (2008-04-25)

0 10.10.10.0 1 10.10.10.1 2 10.10.10.2 3 10.10.10.3 4 10.10.10.4 5 10.10.10.5 6 10.10.10.6 7 10.10.10.7 -------------------------
Related Operation
Table 22-3 lists the related operation for binding the IP address. Table 22-3 Related operation for binding the IP address To... Cancel the binding of IP address Run the Command... undo bind ip
22.8 Binding the MAC Address

This topic describes how to bind a service port with a MAC address. This helps to limit the source MAC address of the packets passing through this service port to be only the bound MAC address.
The MA5600T does not support the configuration of binding a MAC address directly. By configuring a static MAC address entry and setting the maximum address count to 0, you can bind a port with a MAC address.
l
The MA5600T supports up to 1K static MAC addresses. The number of MAC addresses that can be bound with a service stream is not limited. The MA5600T supports up to 8K dynamic MAC addresses. Each service stream can be bound with up to eight MAC addresses dynamically.
Procedure
Step 1 Run the mac-address static command to configure the static MAC address for a port. Step 2 Run the mac-address max-mac-count command to set the maximum address count for the service port. Step 3 Run the display mac-address max-mac-count command to query the maximum MAC address number that can be learnt by service channels. ----End
Example
Assume that the static MAC address of ADSL2+ port 0/11/0 is 1010-1010-1010, and the maximum address count is 0. To bind the port with the MAC address so that the port only allows the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static adsl 0/11/0 vpi 0 vci 35 1010-1010-1010 huawei(config)#mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35 0 huawei(config)#display mac-address max-mac-count adsl 0/11/0 vpi 0 vci 35 ---------------------------------------------------------------------------Type F/S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number ---------------------------------------------------------------------------adl 0/11/0 0 35 4000 0 -------------------------------------------------------------------------Total: 1 Note : F--Frame, S--Slot, P--Port(xDSL Port,UP-Link Port,IMA GROUP or VLAN ID etc.), the VPI is access-end VLAN ID in vdsl/eau port or PON ID in epon port
Assume that the static MAC address of GPON port 0/11/0 is 1010-1010-1010, and the maximum address count is 0. To bind the port with the MAC address so that the port only allows the pass of packets with the source MAC address of 1010-1010-1010, do as follows:
huawei(config)#mac-address static gpon 0/2/0 gemport 128 1010-1010-1010 huawei(config)#mac-address max-mac-count gpon 0/2/0 gemport 128 0 huawei(config)#display mac-address max-mac-count gpon 0/2/0 gemport 128 { <cr>|user-vlan<K>|user-8021p<K> }: Command: display mac-address max-mac-count gpon 0/2/0 gemport 128 --------------------------------------------------------------------------Type F /S /P VPI VCI VLAN ID FLOWTYPE FLOWPARA Learnable MAC number --------------------------------------------------------------------------gpon 0 /2 /0 128 10 0 --------------------------------------------------------------------------Total: 1 Note : F--Frame, S--Slot, P--Port; VPI indicates GEM PortID for GPON
22.9 Enabling the Anti MAC Spoofing

This topic describes how to enable the anti MAC spoofing function. With the anti MAC spoofing function enabled, unauthorized users are prevented from sending PPPoE and DHCP control packets through forging the MAC addresses of the valid users, thus guaranteeing the user security greatly.
l l
The anti MAC spoofing function is implemented through MAC address binding. Each service virtue port can be bound with up to eight different MAC addresses dynamically. If a user has been online before the anti MAC spoofing function is enabled, the system does not bind MAC address. Then the user is forced to log out, so the user must log in again. The user MAC address can be bound only when a user logs in after the anti MAC spoofing function is enabled.
Procedure
Step 1 Run the security anti-macspoofing enable command to enable the anti MAC spoofing function. Step 2 Run the display security config command and you can find that the function is enabled. ----End
22-10
Issue 02 (2008-04-25)
Example
To enable the anti MAC spoofing function, do as follows:
huawei(config)#security anti-macspoofing enable huawei(config)#display security config Anti-ipspoofing function : disable Anti-dos function : enable Anti-macspoofing function : enable Anti-ipattack function : disable Anti-icmpattack function : disable Source-route filter function : disable PPPoE Overall Aging Time(sec): 360 PPPoE Aging Period (sec): 90 DHCP Overall Aging Time(sec): 1560
Related Operations
Table 22-4 lists the related operations for enabling the anti MAC spoofing function. Table 22-4 Related operations for enabling the anti MAC spoofing function To Disable the anti MAC spoofing function Display the dynamically bound MAC addresses Run the Command security anti-macspoofing disable display security bind mac
22.10 Enabling the Anti IP Spoofing

This operation enable the anti IP spoofing function. With the anti IP spoofing function enabled, unauthorized users are prevented from logging in to the device by forging legal IP addresses, thus guaranteeing the user security.
l l l l
The anti IP spoofing function is implemented through dynamic IP address binding. By default, the dynamic IP address binding function is disabled. The system only binds the IP address of the user who obtains the IP address through DHCP. If a user has been online before the anti IP spoofing function is enabled, the system does not bind IP address. Then the user is forced to log out, so the user must log in again. The user IP address can be bound only when a user logs in after the anti IP spoofing function is enabled.
Procedure
Step 1 Run the security anti-ipspoofing enable command to enable the anti IP spoofing function globally.
Step 2 Run the display security config command to query the configuration status of the anti IP spoofing function. ----End
Examples
To enable the anti IP spoofing function, do as follows:
huawei(config)#security anti-ipspoofing enable huawei(config)#display security config Anti-ipspoofing function : enable Anti-dos function : enable Anti-macspoofing function : enable Anti-ipattack function : disable Anti-icmpattack function : disable Source-route filter function : disable PPPoE Overall Aging Time(sec): 360 PPPoE Aging Period (sec): 90 DHCP Overall Aging Time(sec): 1560
Related Operations
Table 22-5 lists the related operations for enabling the anti MAC spoofing function. Table 22-5 Related operations for enabling the anti MAC spoofing function To Disable the anti IP spoofing function Display the dynamically bound IP addresses Run the Command security anti-ipspoofing disable display security bind ip
22-12
Issue 02 (2008-04-25)
23 System Security Configuration
23
About This Chapter
System Security Configuration
This topic describes how to configure the system security on the MA5600T. 23.1 Overview This topic describes the service description and service specification of system security. 23.2 Enabling the Anti DoS Attack This topic describes how to enable the anti DoS attack function to prevent large amount of packets sent by the access user from attacking the MA5600T. 23.3 Enabling the Anti IP Attack This topic describes how to enable the anti IP attack function. This function prevents users from maliciously sending IP packets to the IP address of the device to enhance the device security. 23.4 Enabling Anti ICMP Attack This topic describes how to enable the anti ICMP attack function to prevent users from sending malicious ICMP packets to the IP address of the device, thus protecting the device system. 23.5 Enabling the Source Route Filtering This topic describes how to enable the function of source route filtering. This function filters the IP packet containing the route option field. 23.6 Configuring the MAC Address Filtering This topic describes how to configure the function of MAC address filtering to discard the packets with the specified source MAC address. 23.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE Users This topic describes how to set the time to detect exceptional disconnection of the PPPoE users. 23.8 Configuring the Black List This topic describes how to configure a firewall black list, such as adding some IP addresses to the firewall black list, so that the service packets from these IP addresses cannot pass the firewall. 23.9 Configuring the Firewall Function This topic describes how to configure the firewall function to prohibit or allow the packets that meet the criteria to pass the inband or outband management interface. 23.10 Configuring an Accessible Address Segment
This topic describes how to configure the accessible address segment for the firewall of a specified protocol type. 23.11 Configuring the Inaccessible Address Segment This topic describes how to add the inaccessible address segment for the firewall of the specified protocol type.
23-2
Issue 02 (2008-04-25)
23.1 Overview
This topic describes the service description and service specification of system security.
Service Description
The MA5600T supports system security setting to prevent attacks initiated on the network or user side. This helps to guarantee user or equipment stability. For details on the system security, refer to "System Security" in the MA5600T Feature Description.
To ensure stable operation, the MA5600T supports the following security features:
l l l l l l l l
Anti DoS attack Anti IP attack Anti ICMP attack Source route filtering MAC address filtering IP/MAC address binding Firewall function SSH
23.2 Enabling the Anti DoS Attack

This topic describes how to enable the anti DoS attack function to prevent large amount of packets sent by the access user from attacking the MA5600T.
Procedure
Step 1 Run the security anti-dos enable command to enable the anti DoS attack. Step 2 Run the display security config command to query the status of anti DoS attack. ----End
Example
To enable the anti DoS attack, do as follows:
huawei(config)#security anti-dos enable huawei(config)#display security config Anti-ipspoofing function : disable Anti-dos function : enable Anti-macspoofing function : disable Anti-ipattack function : disable Anti-icmpattack function : disable Source-route filter function : disable PPPoE Overall Aging Time(sec): 360
Issue 02 (2008-04-25)
23-3

PPPoE Aging Period (sec): 90 DHCP Overall Aging Time(sec): 1560
Related Operations
Table 23-1 lists the related operations for enabling the anti DoS attack. Table 23-1 Related operations for enabling the anti DoS attack To Disable the anti DoS attack Display the black list of anti DoS attackers Run the Command security anti-dos disable display security dos-blacklist
23.3 Enabling the Anti IP Attack

This topic describes how to enable the anti IP attack function. This function prevents users from maliciously sending IP packets to the IP address of the device to enhance the device security.
Procedure
Step 1 Run the security anti-ipattack enable command to enable the anti IP attack function. Step 2 Run the display security config command and you can find that the function is enabled. ----End
Example
To enable the anti IP attack function, do as follows:
huawei(config)#security anti-ipattack enable huawei(config)#display security config Anti-ipspoofing function : enable Anti-dos function : enable Anti-macspoofing function : enable Anti-ipattack function : enable Anti-icmpattack function : disable Source-route filter function : disable PPPoE Overall Aging Time(sec): 360 PPPoE Aging Period (sec): 90 DHCP Overall Aging Time(sec): 1560
Related Operation
Table 23-2 lists the related operation for enabling the anti IP attack function. Table 23-2 Related operation for enabling the anti IP attack function To Disable the anti IP attack function
23-4
Run the Command security anti-ipattack disable

Issue 02 (2008-04-25)
23.4 Enabling Anti ICMP Attack

This topic describes how to enable the anti ICMP attack function to prevent users from sending malicious ICMP packets to the IP address of the device, thus protecting the device system.
Procedure
Step 1 Run the security anti-icmpattack enable command to enable the anti ICMP attack function. Step 2 Run the display security config command and you can find that the function is enabled. ----End
Example
To enable the anti ICMP attack function, do as follows:
huawei(config)#security anti-icmpattack enable huawei(config)#display security config Anti-ipspoofing function : enable Anti-dos function : enable Anti-macspoofing function : enable Anti-ipattack function : enable Anti-icmpattack function : enable Source-route filter function : disable PPPoE Overall Aging Time(sec): 360 PPPoE Aging Period (sec): 90 DHCP Overall Aging Time(sec): 1560
Related Operation
Table 23-3 lists the related operation for enabling the anti ICMP attack function. Table 23-3 Related operation for enabling the anti ICMP attack function To Disable the anti ICMP attack function Run the Command security anti-icmpattack disable
23.5 Enabling the Source Route Filtering

This topic describes how to enable the function of source route filtering. This function filters the IP packet containing the route option field.
By default, the function of source route filtering is disabled.
Issue 02 (2008-04-25)
23-5
Procedure
Step 1 Run the security source-route enable command to enable the function of source route filtering. Step 2 Run the display security config command and you can find that the function is enabled. ----End
Example
To enable the function of source route filtering, do as follows:
huawei(config)#security source-route enable huawei(config)#display security config Anti-ipspoofing function : enable Anti-dos function : enable Anti-macspoofing function : enable Anti-ipattack function : enable Anti-icmpattack function : enable Source-route filter function : enable PPPoE Overall Aging Time(sec): 360 PPPoE Aging Period (sec): 90 DHCP Overall Aging Time(sec): 1560
Related Operation
Table 23-4 lists the related operation for enabling the function of source route filtering. Table 23-4 Related operation for enabling the function of source route filtering To Disable source route filtering Run the Command security source-route disable
23.6 Configuring the MAC Address Filtering

This topic describes how to configure the function of MAC address filtering to discard the packets with the specified source MAC address.
The system supports up to four MAC addresses to be filtered.
Procedure
Step 1 Run the security mac-filter command to configure the MAC address filtering. Step 2 Run the display security mac-filter command to query the configured filtering MAC address. ----End
Example
To filter the data packets with the source MAC address of 1000-0000-0000, do as follows:
huawei(config)#security mac-filter source 1000-0000-0000 huawei(config)#display security mac-filter --------------------------------------------------------Index MAC-Address Type --------------------------------------------------------1 1000-0000-0000 source --------------------------------------------------------Total: 1
Related Operation
Table 23-5 lists the related operation for configuring the MAC address filtering. Table 23-5 Related operation for configuring the MAC address filtering To Delete the filtering MAC address Run the Command undo security mac-filter
23.7 Setting the Time to Detect Exceptional Disconnection of the PPPoE Users
This topic describes how to set the time to detect exceptional disconnection of the PPPoE users.
l
For PPPoE users, the timeout time includes aging period and overall aging time.
The system checks the online/offline status of a user every aging period. When the offline period of a user exceeds the aging period but is less than the overall aging time, the offline time of the user is accumulated. When the accumulated offline time exceeds the overall aging time, it is considered that the user has been offline.
By default, the PPPoE aging period is 90s, and the overall aging time is 360s.
Procedure
Step 1 Run the security timeout command to set the time to detect exceptional disconnection of the PPPoE users. Step 2 Run the display security config command and you can find the information about the time to detect the exceptional disconnection of the PPPoE users. ----End
Examples
To set the timeout total time for PPPoE users to 1800s, do as follows:
huawei(config)#security pppoe timeout 1800 huawei(config)#display security config Anti-ipspoofing function : enable Anti-dos function : disable Anti-macspoofing function : disable Anti-ipattack function : disable
Issue 02 (2008-04-25)
23-7

Anti-icmpattack function : disable Source-route filter function : disable
PPPoE Overall Aging Time(sec): 1800 PPPoE Aging Period (sec): 90 DHCP Overall Aging Time(sec): 1560 huawei(config)#security dhcp timeout 1800
23.8 Configuring the Black List

This topic describes how to configure a firewall black list, such as adding some IP addresses to the firewall black list, so that the service packets from these IP addresses cannot pass the firewall.
Prerequisite
The ACL applied to the firewall function exists.
l l
The system supports up to 2000 items in a firewall black list. You can use the ACL rule when enabling the firewall black list function. In this case, the priority level of the firewall black list is higher than that of the ACL rule. That is, the system checks the firewall black list first, and then matches the ACL rule. The ACL rule used when the black list function is enabled can only be the advanced ACL rule. The firewall black list function only takes effect to the service packets that are sent from the user side.
Procedure
Step 1 Run the firewall blacklist item command to add a firewall black list item. Step 2 Run the firewall blacklist enable command to enable the firewall black list item. Step 3 Run the display firewall blacklist item command to show the configuration of the firewall black list. ----End
Example
To add IP address 10.10.10.10 to a firewall black list with the aging time of 100 minutes, enable the firewall black list function and apply ACL 3000, do as follows:
huawei(config)#firewall blacklist item 10.10.10.10 timeout 100 huawei(config)#firewall blacklist enable acl-number 3000 huawei(config)#display firewall blacklist item { <cr>|ip_addr<X.X.X.X> }: Command: display firewall blacklist item Firewall blacklist items : Current manual insert items : 1 Current automatic insert items : 0 Need aging items : 1 IP Reason AgeTime ---------------------------------------
23-8
Issue 02 (2008-04-25)

10.10.10.10 Manual 100
Related Operations
Table 23-6 lists the related operations for configuring the firewall black list function. Table 23-6 Related operations for configuring the firewall black list function To Disable the firewall black list function Delete an item from a firewall black list Run the Command undo firewall blacklist enable undo firewall blacklist item
23.9 Configuring the Firewall Function

This topic describes how to configure the firewall function to prohibit or allow the packets that meet the criteria to pass the inband or outband management interface.
Prerequisites
The ACL applied to the firewall function already exists.
NOTE
This topic takes the operation of enabling the outband firewall function as an example to describe how to enable the firewall function.
l
Only one ACL can be configured respectively for the egress and ingress directions of the inband or outband management interface. The ACL applied to the firewall function can be the basic ACL or the advanced ACL. The priority level of the ACL rule is superior to the default operation of firewall. That is, the packets matching the ACL rule are handled based on the ACL rule, and those not matching the rule are handled based on the default operation of firewall.
l l
Figure 23-1 shows the flowchart for configuring the firewall function.
Issue 02 (2008-04-25)
23-9
Figure 23-1 Flowchart for configuring the firewall function

Start
Enable the firewall function
Set the default operation of firewall
Apply ACL to the GE or ETH port of the SCU board
End
Procedure
Step 1 Run the firewall enable command to enable the firewall function. Step 2 Run the firewall default command to set the default operation of the firewall as deny. Step 3 Run the interface meth 0 command to enter interface config mode. Step 4 Run the firewall packet-filter command to apply ACL 2000 to the maintenance network port. Step 5 Run the display firewall packet-filter statistics command and you can find the configuration. ----End
Example
To enable the firewall function, set the default operation of the firewall as deny, and apply ACL 2000 to the outband management interface to filter packets, do as follows:
huawei(config)#firewall enable huawei(config)#firewall default deny huawei(config)#interface meth 0 huawei(config-if-meth0)#firewall packet-filter 2000 inbound huawei(config)#display firewall packet-filter statistics all Interface: meth0 In-bound Policy: acl 2000 From 2008-02-16 10:00:26 to 2008-02-16 10:02:43 0 packets, 0 bytes, 0% permitted, 0 packets, 0 bytes, 0% denied, 0 packets, 0 bytes, 0% permitted default, 0 packets, 0 bytes, 0% denied default, Totally 0 packets, 0 bytes, 0% permitted, Totally 0 packets, 0 bytes, 0% denied.
Related Operation
Table 23-7 lists the related operation for configuring the firewall function.
23-10
Issue 02 (2008-04-25)
Table 23-7 Related operation for configuring the firewall function To Disable the firewall function Run the Command undo firewall enable
23.10 Configuring an Accessible Address Segment

This topic describes how to configure the accessible address segment for the firewall of a specified protocol type.
l l l
The specified protocol types include: Telnet, SSH, and SNMP. Each firewall can be added with up to 10 address segments. When one address segment is added, the first address cannot be the same as the existed one. When deleting one address segment, you can only input the first address of the address segment.
Procedure
Step 1 Run the sysman ip-access command to add an accessible address segment. Step 2 Run the display sysman ip-access telnet command to query the configuration of the accessible address segment. ----End
Example
To add a legal address segment the refuse list of the telnet type, do as follows:
huawei (config)#sysman ip-access telnet 1.1.1.1 10.10.10.10 huawei(config)#display sysman ip-access telnet IP-Access Table: -------------------------------------------Index Start-IPAddr End-IPAddr -------------------------------------------1 1.1.1.1 10.10.10.10 --------------------------------------------
Related Operations
Table 23-8 lists the related operations for configuring an accessible address segment. Table 23-8 Related operations for configuring an accessible address segment To Delete an accessible address segment
Issue 02 (2008-04-25)
Run the Command undo sysman ip-access

23-11
To Display the firewall configuration
Run the Command display sysman
23.11 Configuring the Inaccessible Address Segment

This topic describes how to add the inaccessible address segment for the firewall of the specified protocol type.
l
The protocol type that can be configured with the inaccessible address segment includes: Telnet, SSH, SNMP. Each firewall is allowed to add ten address segments. When you add an address segment, the start address cannot be the same as an existing one. To delete an address segment, input the start address of the address segment.
l l l
Procedure
Step 1 Run the sysman ip-refuse command to configure the inaccessible address segment. Step 2 Run the display sysman ip-refuse command to query configuration of the accessible address segment. ----End
Example
To add a address segment to the telnet IP-refuse table, do as follows:
huawei(config)#sysman ip-refuse telnet 1.1.1.10 10.10.10.1 huawei(config)#display sysman ip-refuse telnet IP-Refuse Table: -------------------------------------------Index Start-IPAddr End-IPAddr -------------------------------------------1 1.1.1.10 10.10.10.1 --------------------------------------------
Related Operations
Table 23-9 lists the related operations for configuring the inaccessible address segment. Table 23-9 Related operations for configuring the inaccessible address segment To Delete the inaccessible address segment Display the configuration of firewall Run the Command undo sysman ip-refuse display sysman
23-12
Issue 02 (2008-04-25)
24 P2P Fiber Access Service Configuration
24
P2P Fiber Access Service Configuration
About This Chapter

This topic describes the P2P fiber access technology and the method of configuring the P2P fiber access service on the MA5600T.
NOTE
24.1 Overview This topic consists of the service description and specification of the fiber access service. 24.2 Configuration Example of Fiber Access Service-Single Port for Single Service This topic provides an example for accessing the Internet through the fiber. 24.3 Configuration Example of Fiber Access Service-Single Port for Multi-service This topic provides an example for configuring triple play (data, voice and video) through a single port for multi-service. 24.4 Setting the Port Auto-negotiation Mode This topic describes how to set the auto-negotiation mode of an Ethernet port. 24.5 Setting the Port Duplex Mode This topic describes how to set the duplex mode of an Ethernet port. 24.6 Setting the Port Rate This topic describes how to set the rate of an Ethernet port.
Issue 02 (2008-04-25)
24-1
24.1 Overview
This topic consists of the service description and specification of the fiber access service.
Service Description
The MA5600T supports P2P network topology for fiber access to enable Ethernet access convergence. In fiber access, the MA5600T provides 100 Mbit/s bandwidth for the users, which is sufficient for the integrated video, voice and data applications. For details on the fiber access, refer to "P2P FE Optical Access" in the MA5600T Commissioning Guide.
The MA5600T supports fiber access through the high-density FE optical access board (OPFA). The OPFA board provides 16 FE optical ports for single-fiber bi-directional transmission of Ethernet frames.
24.2 Configuration Example of Fiber Access Service-Single Port for Single Service
This topic provides an example for accessing the Internet through the fiber.
Networking
Figure 24-1 shows an example network for the fiber access-single port for single service. In this example network, the PC connects to a service port on the OPFA board of the MA5600T through an optical access modem. The P2P fiber access service-single port for single service is realized in this way. The user data packets are transmitted to the MA5600T through the modem, and then to the upper layer network through the upstream port on the control board.
24-2
Issue 02 (2008-04-25)
Figure 24-1 Example network for the fiber access service-single port for single service
Router
10.1.1.1/24
O P F A
CON ETH ESC
GE 0/19/0
SCU Modem
MA5600T
PC
Data Plan
Table 24-1 provides the data plan for configuring the fiber access service-single port for single service. Table 24-1 Data plan for configuring the fiber access service-single port for single service Item OPFA Data Service port: 0/11/0 VLAN ID: 10 Downstream bandwidth: 100 Mbit/s SCU Upstream port: 0/9/0 IP address of the gateway: 10.1.1.1/24 Remarks Must be the same as that of the upper layer device. Must meet the user's requirements. -
Figure 24-2 shows the flowchart for configuring the fiber access service-single port for single service.
Issue 02 (2008-04-25)
24-3
Figure 24-2 Flowchart for configuring the fiber access service-single port for single service
Start
Create a VLAN and add an upstream port to it
Configure a traffic profile
Add a service port to the VLAN
Save the data
End
Procedure
Step 1 Create a VLAN and add an upstream port to it.
huawei(config)#vlan 10 smart huawei(config)#port vlan 10 0/9 0
Step 2 Configure a traffic profile.

huawei(config)#traffic table ip index 8 cir 10240 priority 5 priority-policy tag-InPackage
Step 3 Add a service port to the VLAN and use traffic profile 8 for the port.
huawei(config)#service-port vlan 10 eth 0/11/0 rx-cttr 8 tx-cttr 8

huawei(config)#save
----End
Result
After the configuration, the fiber access user can access the Internet.
24.3 Configuration Example of Fiber Access Service-Single Port for Multi-service

This topic provides an example for configuring triple play (data, voice and video) through a single port for multi-service.
Networking
Figure 24-3 shows an example network for the fiber access service-single port for multi-service. In this example network, the PC, Ephone and TV connect to a service port on the OPFA board of the MA5600T through an optical access modem. The fiber access service-single port for multiservice is realized in this way. The user data packets are transmitted to MA5600T through the modem, and then to the upper layer network through the upstream port on the control board.
NOTE
User 1 (LAN switch 1) and user 2 (LAN switch 2) adopt the triple play network.
Figure 24-3 Example network for the fiber access service-single port for multi-service
OSS&Radius server NMS
Multicast source
GW
IPTV DHCP server Router VoIP DHCP server
BRAS LAN switch

O O P P F F A A
CON ETH ESC
GE 0/19/0
SCU Modem LAN switch 1 DHCP PPPoE DHCP STB Ephone PC Ephone PC DHCP
MA5600T
Modem LAN switch 2 PPPoE DHCP STB
TV
TV
Data Plan
Table 24-2 provides the data plan for configuring the fiber access service-single port for multiservice.
Issue 02 (2008-04-25)
24-5
Table 24-2 Data plan for configuring the fiber access service-single port for multi-service Item OPFA Downstream bandwidth Data Service port: 0/11/0 and 0/12/0 Internet service: 10 Mbit/s VoIP service: 10 Mbit/s IPTV service: No limit Upstream port Upstream VLAN 0/9/0 Internet service: Smart VLAN 102 VoIP service: Smart VLAN 103 IPTV service: Smart VLAN 104 User VLAN Internet service: VLAN 2 VoIP service: VLAN 3 IPTV service: VLAN 4 DHCP VoIP: DHCP option60 domain is voice and the gateway is 10.1.1.1. DHCP server group 1 with IP addresses of 20.1.1.2 and 20.1.1.3 IPTV: DHCP option60 domain of the STB is video and the gateway is 10.2.2.1. DHCP server group 2 with IP addresses of 20.2.2.2 and 20.2.2.3. Program library For program BTV-1, the multicast address is 224.1.1.1, and the program source IP address is 10.10.10.10. For program BTV-2, the multicast address is 224.1.1.2, and the program source IP address is 10.10.10.10. Authority profile IGMP user Set profile0 with the right to watch BTV-1. User 1 (port 0/2/0) can watch all programs. User 2 (port 0/3/0) can watch only BTV-1. Priority 802.1p priority is adopted, with the VoIP service priority of 6, IPTV service priority of 5, and Internet service priority of 1.
24-6
Issue 02 (2008-04-25)

NOTE
l l
In this example, services are differentiated by user VLANs. If service data is differentiated according to the encapsulation type (IPoE/PPPoE) of the frames transmitted from the user ports, then the configuration procedure is the same as that for differentiating services by user VLANs, except that the selection of the encapsulation types are different. DHCP option60 domain values of the Set Top Box (STB) and Ethernet Phone (Ephone) vary with the terminals. In the actual application, refer to the user guides of the STB and the Ephone. Run the dhcp domain command to set the DHCP domain name. The domain name configured is a character string containing no space.
l l
Figure 24-4 shows the flowchart for configuring the fiber access service-single port for multiservice. Figure 24-4 Flowchart for configuring the fiber access service-single port for multi-service
Start Internet VoIP IPTV
Configure the VLAN and its upstream port
Configure the traffic profile
Configure the service port
Configure DHCP Relay
Configure IGMP Proxy
End
Procedure
Step 1 Configure the Internet service. 1. Create the VLAN and add the upstream port to it.
2.
Configure the traffic profile. Because the VoIP, IPTV and Internet services are transmitted through the same port, it is necessary to set the 802.1p priority for each service. In general, the VoIP service has the highest priority, and the Internet service has the lowest priority. In this example, set the traffic profile index as 7, and the priority of the Internet service as 1.
huawei(config)#traffic table ip index 7 cir 10240 priority 1 priority-policy pvc-Setting
Issue 02 (2008-04-25)
24-7
3.
Add the service port to the VLAN, and use the traffic profile created in the previous step.
huawei(config)#service-port vlan 102 eth 0/11/0 multi-service user-vlan 2 rxcttr 7 tx-cttr 7 huawei(config)#service-port vlan 102 eth 0/12/0 multi-service user-vlan 2 rxcttr 7 tx-cttr 7
4.
Save the data.

huawei(config)#save
Step 2 Configure the VoIP service. 1. Create the VLAN and add the upstream port to it.
2.
Configure the traffic profile. In this example, set the traffic profile index as 8 and the priority of the VoIP service as 6.
huawei(config)#traffic table ip index 8 cir 10240 priority 6 priority-policy pvc-Setting
3.
Add the service port to the VLAN, and use the traffic profile created in the previous step.
huawei(config)#service-port vlan 103 eth 0/11/0 multi-service user-vlan 3 rxcttr 8 tx-cttr 8 huawei(config)#service-port vlan 103 eth 0/12/0 multi-service user-vlan 3 rxcttr 8 tx-cttr 8
4.
Configure DHCP relay. The VoIP service and video service adopt DHCP mode. The DHCP option60 domain is used to differentiate the service type. In this example, set the DHCP option60 domain of the VoIP service as voice.
huawei(config)#dhcp mode layer-3 option-60 huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3 huawei(config)#dhcp domain voice//Refer to the actual DHCP option 60 domain. huawei(config-dhcp-domain-voice)#dhcp-server 1 huawei(config-dhcp-domain-voice)#quit huawei(config)#interface vlanif 103 huawei(config-if-vlanif103)#ip address 10.1.1.1 24 huawei(config-if-vlanif103)#dhcp domain voice gateway 10.1.1.1
5.
Save the data.

huawei(config)#save
Step 3 Configure the IPTV service. 1. Create the VLAN and add the upstream port to it.
2.
Configure the traffic profile. In this example, set the traffic profile index as 9 and the priority of the IPTV service as 5.
huawei(config)#traffic table ip index 9 cir off priority 5 priority-policy pvcSetting
3.
Add the service port to the VLAN.
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast packets borne by the PVC does not take effect. Add the service port to the VLAN, and use the traffic profile 9.
huawei(config)#service-port 20 vlan 104 eth 0/11/0 multi-service user-vlan 4 rx-cttr 9 tx-cttr 9 huawei(config)#service-port 20 vlan 104 eth 0/12/0 multi-service user-vlan 4 rx-cttr 9 tx-cttr 9
4.
Configure DHCP relay. In this example, set the DHCP option60 domain of the IPTV service as video.
huawei(config)#dhcp mode layer-3 option-60 huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3 huawei(config)#dhcp domain video//Refer to the actual DHCP option 60 domain. huawei(config-dhcp-domain-video)#dhcp-server 2 huawei(config-dhcp-domain-voice)#quit huawei(config)#interface vlanif 104 huawei(config-if-vlanif104)#ip address 10.2.2.1 24 huawei(config-if-vlanif104)#dhcp domain video gateway 10.2.2.1
5.
Set multicast data.

huawei(config-if-vlanif104)#quit huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 vlan 104 huawei(config-if-scu-0/9)#quit huawei(config)#multicast-vlan 104 huawei(config-mvlan104)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-mvlan4)#igmp uplink-port 0/9/0 huawei(config-mvlan4)#quit huawei(config)#btv huawei(config-btv)#igmp uplink-port-mode default Are you sure to change the uplink port mode?(y/n)[n]:y huawei(config-mvlan104)#igmp program add name BTV-1 ip 224.1.1.1 sourceip 10.10.10.10 huawei(config-mvlan104)#igmp program add name BTV-2 ip 224.1.1.2 sourceip 10.10.10.10 huawei(config-mvlan104)#quit huawei(config)#btv huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1 watch huawei(config-btv)#igmp policy service-port 20 normal huawei(config-btv)#igmp policy service-port 30 normal huawei(config-btv)#igmp user add port 0/11/0 user-vlan 4 no-auth max-program 8 huawei(config-btv)#igmp user add port 0/12/0 user-vlan 4 auth huawei(config-btv)#igmp user bind-profile port 0/12/0 profile-name profile0 huawei(config-btv)#multicast-vlan 104 huawei(config-mvlan104)#igmp multicast-vlan member port 0/11/0 huawei(config-mvlan104)#igmp multicast-vlan member port 0/12/0 huawei(config-mvlan104)#quit
6.
Save the data.

huawei(config)#save
----End
Result
After the configuration of the corresponding upstream/downstream devices, the following three services run in the normal state:
l l
The Internet user can access the Internet in PPPoE dial mode. The VoIP user can make a call.
Issue 02 (2008-04-25)

l
The IPTV user connected to port 0/11/0 can watch all programs, and the user connected to 0/12/0 can watch BTV-1 only.
24.4 Setting the Port Auto-negotiation Mode

This topic describes how to set the auto-negotiation mode of an Ethernet port.
By default, the auto-neg switch is disabled.
Procedure
Step 1 Run the interface opf command to enter OPF mode. Step 2 Run the auto-neg command to set the auto-negotiation mode of an Ethernet port. Step 3 Run the display port state command to query the configuration of the Ethernet port. ----End
Example
To disable the auto-negotiation mode of Ethernet port 0/11/0 on the OPFA board, do as follows:
huawei(config)#interface opf 0/11 huawei(config-if-opf-0/11)#auto-neg 0 enable huawei(config-if-opf-0/11)#display port state 0 Optics module status is absence The port is active Ethernet port is offline Ethernet port duplex is auto-negotiation Ethernet port rate is auto-negotiation
24.5 Setting the Port Duplex Mode

This topic describes how to set the duplex mode of an Ethernet port.
l
The duplex of the Ethernet port on the OPFA board supports full duplex and autonegotiation. However even if the port duplex mode is set to auto-negotiation, the Ethernet port on the OPFA board is also auto-negotiated to full duplex mode. When setting the duplex mode of an Ethernet port, make sure that the duplex of the Ethernet port must be the same as that of the interconnected port on the peer device. To change the duplex mode of a port, you need to run the auto-neg command to disable the auto-negotiation mode of the port first. By default, the FE optical port is in full duplex mode.
Procedure
Step 1 Run the interface opf command to enter OPF mode.
Step 2 Run the auto-neg command to disable the auto-negotiation mode. Step 3 Run the duplex command to set the duplex mode of the Ethernet port. Step 4 Run the display port state command to query the configuration of the Ethernet port. ----End
Example
To change the auto-negotiation mode of Ethernet port 0/11/0 to full duplex, do as follows:
huawei(config)#interface opf 0/11 huawei(config-if-opf-0/11)#auto-neg 0 disable huawei(config-if-opf-0/11)#duplex 0 full huawei(config-if-opf-0/11)#display port state 0 Optics module status is absence The port is active Ethernet port is offline Ethernet port is full duplex Ethernet port rate is 100M
24.6 Setting the Port Rate

This topic describes how to set the rate of an Ethernet port.
l
When a port is in auto-negotiation state, you must run the auto-neg command to disable the auto-negotiation mode before you set the port rate. The required rate of the Ethernet port on the OPFA board must be 100 Mbit/s. You can run the speed command to set the rate to 100 Mbit/s directly, or set it to 100 Mbit/s by autonegotiation. By default, the rate of an Ethernet rate is 100 Mbit/s.
Procedure
Step 1 Run the interface opf command to enter OPF mode. Step 2 Run the auto-neg command to disable the auto-negotiation mode. Step 3 Run the speed command to set the rate of the Ethernet port. Step 4 Run the display port state command to query the configuration of the Ethernet port. ----End
Example
To set the rate of Ethernet port 0/11/0 to 100 Mbit/s, do as follows:
huawei(config)#interface opf 0/11 huawei(config-if-opf-0/11)#auto-neg 0 disable huawei(config-if-opf-0/11)#speed 0 100 huawei(config-if-opf-0/11)#display port state 0 Optics module status is absence The port is active Ethernet port is offline
Issue 02 (2008-04-25)
24-11
Ethernet port duplex is auto-negotiation Ethernet port rate is auto-negotiation
24-12
Issue 02 (2008-04-25)
25 GPON Service Configuration
25
About This Chapter
NOTE
GPON Service Configuration
This topic describes the GPON technology and the method of configuring the GPON service on the MA5600T.
25.1 Overview This topic describes the GPON service and its specification. 25.2 Configuration Example of the GPON Service This topic provides an example for configuring the MA5600T to provide users with high-speed Internet services when the MA5600T connects to the remote ONTs through the GPON ports. 25.3 Adding a DBA Profile This topic describes how to add a DBA profile. The DBA profile describes the traffic parameters of the T-CONT. You can control the traffic of a T-CONT by binding the T-CONT with a specified DBA profile. 25.4 Binding a DBA Profile This topic describes how to bind a DBA profile with one or more T-CONTs. After this operation is executed successfully, the system controls the traffic of the T-CONT according to the parameters of the DBA profile. 25.5 Adding an Alarm Profile This topic describes how to add an alarm profile which contains majority of performance parameters of the ONT line. After an alarm profile is added and bound with an ONT, it can be directly referenced to activate the ONT. 25.6 Adding a GEM Port
This topic describes how to add a GEM port. The GEM port is contained in a T-CONT and is used to carry service streams. 25.7 Configuring a GPON Port This topic describes how to configure a GPON port. 25.8 Configuring a GPON ONT This topic describes how to configure a GPON ONT.
25-2
Issue 02 (2008-04-25)
25.1 Overview
This topic describes the GPON service and its specification.
Service Description
GPON is an access technology used to provide flexible broadband and narrowband access services. The GPON technology supports the following:
l l l
Broadband access with ultra-high-bandwidth Multiple rate modes Multiple services, such as voice, data, and video services over a single fiber
For details on the GPON access, refer to "GPON Access" in the MA5600T Feature Description.
The MA5600T provides the GPON service through the GPBC board. Each GPBC board can provide four GPON ports. Each port supports a 1:64 split ratio. Therefore, a GPBC board can support up to 256 ONTs.
25.2 Configuration Example of the GPON Service

This topic provides an example for configuring the MA5600T to provide users with high-speed Internet services when the MA5600T connects to the remote ONTs through the GPON ports.
Prerequisites
l l
The network devices and the lines must be in the normal state. The VLAN of the interface of the upper layer device must be consistent with the VLAN configured on the upstream port of the MA5600T.
There are multiple application scenarios for the GPON service, such as Fiber To The Home (FTTH), Fiber To The Building (FTTB), and Fiber to the Curb (FTTC). The basic configuration procedures for these application scenarios are the same and only the configuration data varies. In this topic, the basic configuration of the Internet service in the FTTH scenario is considered as an example. Table 25-1 lists the configurations of the GPON service in different application scenarios.
Issue 02 (2008-04-25)
25-3
Table 25-1 Configurations of the GPON service in different application scenarios Application Scenario FTTH Network Mode The ONT is installed in the users' home to provide the Ethernet port and the phone port so that users can access multiple services. Configuration
l
In the triple play service application, configure different T-CONTs and GEM ports for the three kinds of services to isolate their traffic. Besides, configure user-side VLANs to differentiate services. Whether the terminals, such as a PC and an STB connected to the ONT support VLAN tags determines the following:
Whether to keep the port VLAN and native VLAN consistent Whether to add VLAN tags to the data packets received by the ONT Whether to remove VLAN tags from the data packets sent by the ONT
FTTB
The ONT is installed in the corridor. It can be connected to an L2 switch to provide more Ethernet ports, thus providing the access service for more users.
To configure Internet services for home users, configure different VLANs for each port of the ONT if the ONT connects to multiple users, the users cannot communicate with each other, and each user is authenticated independently. It is recommended to configure different T-CONTs and GEM ports for different users to isolate their traffic. In the small office and home office (SOHO) network, the L2 switch is connected to the ONT. In this case, it is recommended to configure different TCONTs and GEM ports for the services of each port of the ONT. When the L2 switch is connected to the ONT, the data received on a port of the ONT carry VLAN tags. In this case, no native VLAN needs to be configured for the ONT port. However, the userside VLAN must be consistent with the VLAN tag of the data.
FTTC
The ONT and a mini DSLAM device or a mini DSLAM device with the GPON upstream transmission function are installed in the street cabinet to provide the access service for more users.
Configure the service ports on the MA5600T according to the upstream VLAN of the mini DSLAM device. Because the traffic volume in each service port is high, it is recommended to configure a unique T-CONT and a unique GEM port for each service port.
25-4
Issue 02 (2008-04-25)
Networking
Figure 25-1 shows an example network for configuring the GPON service. In the networking, the PC connects to the FE port of the ONT, the user data frames are added with the VLAN tag (user-side VLAN) on the FE port of the ONT, and the user data is transmitted to different service channels based on the user-side VLAN. The MA5600T switches the userside VLAN tag to the upstream VLAN tag, and transmits the data out over the upstream port. Figure 25-1 Example network for configuring the GPON service
Figure 25-2 shows the flowchart for configuring the GPON service.
Issue 02 (2008-04-25)
25-5
Figure 25-2 Flowchart for configuring the GPON service

Start
Create a VLAN
Add an upstream port
Is there an appropriate ONT profile? Yes
No
Add an ONT Add an ONT profile Bind the alarm profile
Is there an appropriate traffic profile? Yes
No
Bind the DBA profile
Add a traffic profile
Specify VLANs for ONT ports
Configure a GEM port Is there an appropriate DBA profile? Yes No

Bind the GEM port with ONT T-CONT
Add a DBA profile

Map the GEM port with the service stream
Is there an appropriate alarm profile? Yes
No
Add a service port
Add an alarm profile
Save the data
End
Data Plan
Table 25-2 provides the data plan for configuring the GPON service. Table 25-2 Data plan for configuring the GPON service Item Smart VLAN Upstream port DBA profile Data VLAN ID: 100 0/9/0 Index: 10 Profile type: type1 Fixed bandwidth: 100 Mbit/s
25-6
Issue 02 (2008-04-25)
Item Traffic profile
Data Index: 8 CIR: 10 Mbit/s Index: 5 (default) CIR: 2 Mbit/s
ONT
ONT ID: 0 ONT authentication mode: serial number + authentication password (SN-auth)
l l
ONT serial number: hwhw-10101010 ONT authentication password: huawei
ONT profile: 2 (default ONT capability set profile) ONT port connected to the PC: FE port 0; user-side VLAN 10 GEM port Port: 0/11/1 GEM port ID: 150 T-CONT ID: 1
Procedure
Step 2 Add an upstream port.

Step 3 Add a traffic profile.

huawei(config)#traffic table ip index 8 cir 10240 priority 0 priority-policy tag-InPackag
Step 4 Add a DBA profile.

huawei(config)#DBA-profile add profile-id 10 type1 fix 102400
Step 5 Configure an alarm profile.

l
To configure the alarm threshold parameters for monitoring the performance statistics of an activated ONT line, run the gpon alarm-profile add command to configure a GPON alarm profile. The system has a default GPON alarm profile, namely alarm profile 1. Every alarm threshold value of the profile is 0, which means that no alarm is reported. This example uses the default alarm profile. No configuration is needed.
Step 6 Add an ONT.
Issue 02 (2008-04-25)
25-7

NOTE
l l
To add an ONT, you can run the ont add command to add it offline, or run the ont confirm command to confirm an automatically found ONT. Run the port ont-auto-find command in GPON mode to enable the function of automatically finding an ONT.

NOTE
In this example, the ONT uses the default capability set profile (profile 2). You can run the ont-profile add command to configure an ONT capability set profile on demand.
Step 7 Bind the alarm profile.

huawei(config-if-gpon-0/2)#ont alarm-profile 1 0 profile-id 1
Step 8 Bind the DBA profile.


Step 10 Configure a GEM port.

huawei(config-if-gpon-0/2)#gemport add 1 gemportid 150 eth
Step 11 Bind the GEM port with an ONT T-CONT.

NOTE
If the ONT does not support the priority queue scheduling, you can adopt the CAR mode for rate limitation when configuring the binding between a GEM port and an ONT T-CONT.
huawei(config-if-gpon-0/2)#ont gemport bind 1 0 150 1 priority-queue 3
Step 12 Map the GEM port with the service stream.

Step 13 Add a service port.


huawei(config)#save
----End
Result
After the configuration, the MA5600T can transmit user data at L2 and the user can access the Internet.
25.3 Adding a DBA Profile

This topic describes how to add a DBA profile. The DBA profile describes the traffic parameters of the T-CONT. You can control the traffic of a T-CONT by binding the T-CONT with a specified DBA profile.
l l
The MA5600T supports up to 512 DBA profiles. DBA profiles 19 are the default DBA profiles that are configured with typical traffic parameters. The default DBA profiles can be queried and modified, but they cannot be added or deleted. When you add a DBA profile, the system adjusts the bandwidth value that you enter downwards to a multiple of 64. The traffic value configured in the DBA profile is the traffic volume of GEM frames after data encapsulation. The actual traffic value of data packets is less than the value configured in the DBA profile.
Procedure
Step 1 Run the DBA-profile add command to add a DBA profile. Step 2 Run the display DBA-profile command to query the information on the DBA profile. ----End
Example
To add a DBA profile with the ID of 30 and the fixed bandwidth of 100 Mbit/s, do as follows:
huawei(config)#DBA-profile add profile-id 30 type1 fix 102400 { <cr>|bandwidth_compensate<K> }: Command: DBA-profile add profile-id 30 type1 fix 102400 huawei(config)#display DBA-profile profile-id 30 ---------------------------------------------------------------------------Profile-name : DBA-profile_30 Profile-ID: 30 type: 1 Bandwidth compensation: No Fix(kbps): 102400 Assure(kbps): 0 Max(kbps): 0 bind-times: 0 ----------------------------------------------------------------------------
Related Operations
Table 25-3 lists the related operations for adding a DBA profile. Table 25-3 Related operations for adding a DBA profile To... Delete a DBA profile Run the Command... DBA-profile delete Remarks
l
Only the DBA profile that is not referenced can be deleted. The default DBA profile cannot be deleted.
25-9
Issue 02 (2008-04-25)
To... Modify a DBA profile
Run the Command... DBA-profile modify
Remarks The bound profile cannot be modified.
25.4 Binding a DBA Profile

This topic describes how to bind a DBA profile with one or more T-CONTs. After this operation is executed successfully, the system controls the traffic of the T-CONT according to the parameters of the DBA profile.
l l
You can bind a DBA profile with one or more T-CONTs only after an ONT is added. By default, T-CONT 0 of the ONT is reserved for the Optical Network Termination Management and Control Interface (OMCI), and it is bound with DBA profile 1. For the OMCI T-CONT, the recommendations are as follows:
It is recommended not to modify the DBA profile bound with the T-CONT. To modify it if necessary, make sure that the fixed bandwidth for the new profile is equal to or larger than 5 Mbit/s. It is recommended not to bind any the GEM port with the T-CONT, that is, not to bear no service on the T-CONT.
Procedure
Step 1 Run the tcont bind-profile command to bind a T-CONT with a profile. Step 2 Run the display ont info command to query the information on the ONT. ----End
Example
To bind DBA profile 12 with T-CONT 7 on ONT 0 under port 0/3/0, do as follows:
huawei(config-if-gpon-0/3)#tcont bind-profile 0 0 7 profile-id 12 huawei(config-if-gpon-0/3)#display ont info 0 0 -----------------------------------------------------------------------------F/S/P : 0/3/0 ONT-ID : 0 Control flag : active Run state : down Config state : initial Match state : Initial DBA type : NSR Loop mode : disable ONT RTD(us) : Ont Profile ID : 1 Authentic type : SN-auth SN : hwhw-10101010 Description : ONT_NO_DESCRIPTION --------------------------------------------------------------------------------------------------------------------------T-CONT-ID T-CONT profile Alloc-ID ---------------------------------------------0 1 0
25-10
Issue 02 (2008-04-25)

1 1 256 7 12 1792 ----------------------------------------------
Related Operation
Table 25-4 lists the related operation for binding a DBA profile. Table 25-4 Related operation for binding a DBA profile To... Unbind one or more TCONTs Run the Command... undo tcont bind-profile Remarks A T-CONT cannot be unbound from a DBA profile when the T-CONT is configured with the GEM port.
25.5 Adding an Alarm Profile

This topic describes how to add an alarm profile which contains majority of performance parameters of the ONT line. After an alarm profile is added and bound with an ONT, it can be directly referenced to activate the ONT.
The ONT alarm profile consists of a series of alarm threshold parameters. It is used to monitor the performance statistics of the ONT line. When a statistic reaches the related alarm threshold, the host is notified of this information, and then the host reports an alarm to the log host and the NMS.
l l
The MA5600T supports up to 50 alarm profiles. There is a default alarm profile (profile 1) in the system. It cannot be deleted but can be modified.
Procedure
Step 1 Run the gpon alarm-profile add command to add an alarm profile. Step 2 Run the display gpon alarm-profile command to query the information on the alarm profile. ----End
Example
To add alarm profile 2, do as follows:
huawei(config)#gpon alarm-profile add profile-id 2 { <cr>|profile-name<K> }: Command: > > > gpon alarm-profile add profile-id 2 GEM port loss of packets threshold (0~100)[0]: GEM port misinserted packets threshold (0~100)[0]: GEM port impaired blocks threshold (0~100)0[0]: 20 30 40
Issue 02 (2008-04-25)
25-11
> Ethernet FCS errors threshold (0~100)[0]: 50 > Ethernet excessive collision count threshold (0~100)[0]: 49 > Ethernet late collision count threshold (0~100)[0]: 22 > Too long Ethernet frames threshold (0~100)[0]: 22 > Ethernet buffer (Rx) overflows threshold (0~100)[0]: 22 > Ethernet buffer (Tx) overflows threshold (0~100)[0]: 22 > Ethernet single collision frame count threshold (0~100)[0]: 32 > Ethernet multiple collisions frame count threshold (0~100)[0]: 32 > Ethernet SQE count threshold (0~100)[0]: 33 > Ethernet deferred transmission count threshold (0~100)[0]: 33 > Ethernet internal MAC Tx errors threshold (0~100)[0]: 33 > Ethernet carrier sense errors threshold (0~100)[0]: 33 > Ethernet alignment errors threshold (0~100)[0]: 33 > Ethernet internal MAC Rx errors threshold (0~100)[0]: 33 > PPPOE filtered frames threshold (0~100)[0]: 33 > MAC bridge port discarded frames due to delay threshold (0~100)[0]: 33 > MAC bridge port MTU exceeded discard frames threshold (0~100)[0]: 33 > MAC bridge port received incorrect frames threshold (0~100)[0]: 33 > CES error time threshold(0~100)[0]: 33 > CES severely time threshold(0~100)[0]: 33 > CES bursty time threshold(0~100)[0]: 33 > CES controlled slip threshold(0~100)[0]: 33 > CES unavailable time threshold(0~100)[0]: 33 huawei(config)#display gpon alarm-profile profile-id 2 ----------------------------------------------------------------------Profile ID: 2 Name: alarm-profile_2 ----------------------------------------------------------------------Alarm Profile Bind Times: 1 GEM port loss of packets threshold: 20 GEM port misinserted packets threshold: 30 GEM port impaired blocks threshold: 40 Ethernet FCS errors threshold: 50 Ethernet excessive collision count threshold: 49 Ethernet late collision count threshold: 22 Too long Ethernet frames threshold: 22 Ethernet buffer (Rx) overflows threshold: 22 Ethernet buffer (Tx) overflows threshold: 22 Ethernet single collision frame count threshold: 32 Ethernet multiple collisions frame count threshold: 32 Ethernet SQE count threshold: 33 Ethernet deferred transmission count threshold: 33 Ethernet internal MAC Tx errors threshold: 33 Ethernet carrier sense errors threshold: 33 Ethernet alignment errors threshold: 33 Ethernet internal MAC Rx errors threshold: 33 PPPOE filtered frames threshold: 33 MAC bridge port discarded frames due to delay threshold: 33 MAC bridge port MTU exceeded discard frames threshold: 33 MAC bridge port received incorrect frames threshold: 33 CES error time threshold: 33 CES severely time threshold: 33 CES bursty time threshold: 33 CES controlled slip time threshold: 33 CES unavailable time threshold: 33 -----------------------------------------------------------------------
Related Operations
Table 25-5 lists the related operations for adding an alarm profile. Table 25-5 Related operations for adding an alarm profile To... Delete an alarm profile Run the Command... gpon alarm-profile delete Remarks The alarm profile bound with an ONT cannot be deleted.
Issue 02 (2008-04-25)
25-12
To... Modify an alarm profile Bind/Unbind an alarm profile with/from an ONT
Run the Command... gpon alarm-profile modify [undo] ont alarm-profile
Remarks The alarm profile bound with an ONT cannot be modified.

l
To bind an ONT with an alarm profile, make sure that the alarm profile exists. When a board is online, the command is delivered to the board. When a board is offline, the board is configured offline. When a board is prohibited or being configured, binding or unbinding an alarm profile with/from the ONT fails.
25.6 Adding a GEM Port

This topic describes how to add a GEM port. The GEM port is contained in a T-CONT and is used to carry service streams.
l
To add a GEM port, you must select the correct attribute based on the service type. For example, when the GEM port is used to carry the TDM service, the attribute must be TDM. The ONT can bear services only after the mapping between GEM ports and T-CONTs, and the mapping between GEM ports and service streams are configured on the ONT. The system supports up to 16K GEM ports, with up to 8K GEM ports for each board and with up to 3872 GEM ports for each PON port. The system supports up to 16K service streams, with up to 8K service streams for each board and with up to eight service streams for each GEM port. Each smart VLAN supports up to 256 service streams.
Procedure
Step 1 Run the interface gpon command to enter GPON mode. Step 2 Run the gemport add command to add a GEM port. Step 3 Run the display gemport command to query the information on the GEM port. ----End
Example
To add GEM port 140 to port 0/2/1, with service type eth and downstream encryption switch on, do as follows:
huawei(config)#interface gpon 0/2 huawei(config-if-gpon-0/2)#gemport add 1 gemportid 140 eth encrypt on huawei(config-if-gpon-0/2)#display gemport 1 gemportid 140 ----------------------------------------GEM port-ID Serv-Type Encrypt ----------------------------------------140 ETHERNET on -----------------------------------------
Related Operations
Table 25-6 lists the related operations for adding a GEM port. Table 25-6 Related operations for adding a GEM port To... Delete a GEM port Modify a GEM port Run the Command... gemport delete gemport modify Remarks The GEM ports that are bound with service ports cannot be deleted. For a bound GEM port, the encryption attribute can be modified, but the GEM port type cannot be modified.
25.7 Configuring a GPON Port

This topic describes how to configure a GPON port. 25.7.1 Enabling the FEC Function on a PON Port This topic describes how to enable the FEC function on a PON port to perform FEC on data frames and enhance the reliability of data transmission. 25.7.2 Disabling the Laser on a PON Port This topic describes how to disable the laser on a PON port.
25.7.1 Enabling the FEC Function on a PON Port

This topic describes how to enable the FEC function on a PON port to perform FEC on data frames and enhance the reliability of data transmission.
l l
By default, the FEC function on a PON port is disabled. FEC involves adding redundant data to normal packets to grant error tolerance to the line. FEC, however, uses a lot of bandwidth resources. When multiple ONTs are online, enabling the FEC function on a PON port may cause certain ONTs to go offline. Therefore, it is not recommended to enable the FEC function on a PON port when some ONTs are online.
25-14
Issue 02 (2008-04-25)
Procedure
Step 1 Run the port portid fec command to enable or disable the FEC function on a PON port. Step 2 Run the display port info command to query the configuration of the port. ----End
Example
To enable the FEC function on PON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 fec enable The command for port configuration is executed successfully, PORT = 0 Thuawei(config-if-gpon-0/2)#display port info 0 ---------------------------------------F/S/P 0/2/0 Min distance(km) 15 Max distance(km) 20 Left bandwidth(kb) 1223040 Number of T-CONTs 3 Autofind Enable FEC check Enable Laser switch Off ONT secret key interval(h) Disable ----------------------------------------
25.7.2 Disabling the Laser on a PON Port

This topic describes how to disable the laser on a PON port.
By default, the laser on a PON port of the MA5600T is enabled.
NOTE
Before disabling the laser, ensure that the PON port bears no service.
Procedure
Step 1 Run the port portid laser-switch command to enable or disable the laser on a PON port. Step 2 Run the display port info command to query the configuration of the port. ----End
Example
To disable the laser on PON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 laser-switch off huawei(config-if-gpon-0/2)#display port info 0 ---------------------------------------F/S/P 0/2/0 Min distance(km) 15 Max distance(km) 20 Left bandwidth(kb) 1223040 Number of T-CONTs 3 Autofind Enable FEC check Disable Laser switch Off
Issue 02 (2008-04-25)
25-15
ONT secret key interval(h) Disable ----------------------------------------
25.8 Configuring a GPON ONT

This topic describes how to configure a GPON ONT. 25.8.1 Adding a GPON ONT This topic describes how to add a GPON ONT. 25.8.2 Activating a GPON ONT This topic describes how to activate a GPON ONT. The ONT can transmit service streams only after it is activated. 25.8.3 Enabling the ONT Auto-find Function of a GPON Port This topic describes how to enable the ONT auto-find function of a GPON port. After this function is enabled, the board delivers the SN request periodically. The online ONT reports the SN information to the board and the board then applies for an ONT address to the host. 25.8.4 Setting the Aging Time of the ONT Auto-find Function This topic describes how to set the aging time of the ONT auto-find function. If an automatically found ONT is not confirmed before the aging time expires, the registration information of the ONT is deleted from the registration buffer. 25.8.5 Confirming an Automatically Found ONT This topic describes how to confirm an ONT that is automatically found under a GPON port. 25.8.6 Setting the Minimum and Maximum Logical Reach This topic describes how to set the minimum and maximum logical reach of an ONT under a GPON port.
25.8.1 Adding a GPON ONT

This topic describes how to add a GPON ONT.
A GPON port supports up to 64 ONTs.
Procedure
Step 1 Run the ont add command to add a GPON ONT. Step 2 Run the display ont info command to query the information on the GPON ONT. ----End
Example
l l l
The SN of ONT 2: hwhw-66666666 Authentication mode: password-auth Password: huawei

25-16

l
ONT profile bound: 1
To add ONT 2 to port 0/2/0, do as follows:

huawei(config-if-gpon-0/2)#ont add 0 2 hwhw-66666666 password-auth huawei profileid 1 huawei(config-if-gpon-0/2)#display ont info 0 2 -----------------------------------------------------------------------------F/S/P : 0/2/0 ONT-ID : 2 Control flag : active Run state : down Config state : initial Match state : initial DBA type : NSR Loop mode : disable ONT RTD(us) : Ont Profile ID : 1 Authentic type : password-auth SN : hwhw-66666666 Password : huawei Description : ONT_NO_DESCRIPTION --------------------------------------------------------------------------------------------------------------------------T-CONT-ID T-CONT profile Alloc-ID ---------------------------------------------0 1 2 ----------------------------------------------
Related Operations
Table 25-7 lists the related operations for adding a GPON ONT. Table 25-7 Related operations for adding a GPON ONT To... Delete a GPON ONT Run the Command... ont delete Remarks
l
An ONT can be deleted only when it has no service channel bound with a T-CONT. If an ONT is deleted, the configuration of the physical ports on the ONT is also deleted.
Modify a GPON ONT
ont modify
25.8.2 Activating a GPON ONT

This topic describes how to activate a GPON ONT. The ONT can transmit service streams only after it is activated.
l l
By default, an ONT is in the activated state after it is added. When an ONT is deactivated, the service of the ONT is interrupted. To resume the service of the ONT, activate the ONT.
Issue 02 (2008-04-25)

l
If the control flag of an ONT is active, or if the ONT is in the fault state, the activation command fails to be delivered to activate the ONT. If a board is prohibited or is being configured, the activation command fails to be delivered to activate an ONT connected to the board. If the board fails, it is configured offline.
Procedure
Step 1 Run the ont activate command to activate an ONT. Step 2 Run the display ont info command to query the information on the ONT. ----End
Example
To activate ONT 0 under port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#ont activate 0 0 huawei(config-if-gpon-0/2)#display ont info 0 all ---------------------------------------------------------------------------F/S/P ONT-ID SN Control Run Config Match DBA Flag State State State Type ---------------------------------------------------------------------------0/2/0 0 hwhw-00140000 active down initial Initial NSR 0/2/0 2 hwhw-66666666 active down initial Initial NSR -----------------------------------------------------------------------------In port 0, the total of ONTs are: 2
Related Operation
Table 25-8 lists the related operation for activating a GPON ONT. Table 25-8 Related operation for activating a GPON ONT To... Deactivate a GPON ONT Run the Command... ont deactivate Remarks Run the ont deactivate command to deactivate an ONT in the following cases:
l
The ONT fails and you need to deactivate the ONT to locate the fault. You need to prohibit services on the ONT.
25.8.3 Enabling the ONT Auto-find Function of a GPON Port

This topic describes how to enable the ONT auto-find function of a GPON port. After this function is enabled, the board delivers the SN request periodically. The online ONT reports the SN information to the board and the board then applies for an ONT address to the host.
25-18
Issue 02 (2008-04-25)
By default, the ONT auto-find function of a GPON port is disabled.
Procedure
Step 1 Run the port ont-auto-find command to configure the ONT auto-find function of a GPON port. Step 2 Run the display port info command to query the information on the ONT. ----End
Example
To enable the ONT auto-find function of GPON port 0/2/0, do as follows:
huawei(config-if-gpon-0/2)#port 0 ont-auto-find enable huawei(config-if-gpon-0/2)#display port info 0 ---------------------------------------F/S/P 0/2/0 Min distance(km) 0 Max distance(km) 20 Left bandwidth(kb) 1233408 Number of T-CONTs 1 Autofind Enable FEC check Disable Laser switch On ONT secret key interval(h) Disable ----------------------------------------
Related Operations
Table 25-9 lists the related operations for enabling the ONT auto-find function of a GPON port. Table 25-9 Related operations for enabling the ONT auto-find function of a GPON port To... Disable the ONT autofind function of a GPON port Set the aging time of the ONT auto-find function Set the interval for automatically finding an ONT Run the Command... port portid ont-autofind disable Remarks -
ont autofind timeout
Run the command in global config mode. Run the command in global config mode.
ont autofind distance-time
25.8.4 Setting the Aging Time of the ONT Auto-find Function

This topic describes how to set the aging time of the ONT auto-find function. If an automatically found ONT is not confirmed before the aging time expires, the registration information of the ONT is deleted from the registration buffer.
l l
By default, the aging time of the ONT auto-find function is 300 seconds. The aging time helps to prevent the ONT registration failure due to the full registration buffer.
Procedure
Step 1 Run the ont autofind timeout command to set the aging time of the ONT auto-find function. Step 2 Run the display ont autofind time command to query the aging time of the ONT auto-find function. ----End
Example
To set the aging time of the ONT auto-find function to 150s, do as follows:
huawei(config)#ont autofind timeout 150 huawei(config)#display ont autofind time Ageing time of the automatically found ONTs: 150 The value of auto-find interval: 5
Related Operations
Table 25-10 lists the related operations for setting the aging time of the ONT auto-find function. Table 25-10 Related operations for setting the aging time of the ONT auto-find function To... Set an interval for automatically finding an ONT Query the information on the ONTs automatically found by all ports Query the information on the ONTs automatically found by a specified port Run the Command... ont autofind distance-time Remarks Run the command in global config mode. Run the command in global config mode.
display ont autofind all
display ont autofind portid
Run the command in GPON mode.
25.8.5 Confirming an Automatically Found ONT

This topic describes how to confirm an ONT that is automatically found under a GPON port.
25-20
Issue 02 (2008-04-25)
l
When the ONT auto-find function is enabled on a port, and if a new ONT gets online, the system reports a message to the user to confirm the new ONT. An automatically found ONT is in the auto_find state and can work in the normal state only after it is confirmed. You can confirm one or more ONTs that are automatically found under a port at a time.
Procedure
Run the ont confirm command to confirm the automatically found ONTs. ----End
Example
To confirm all ONTs that are automatically found under port 0/2/0 and bind capability profile 1 with them, do as follows:
huawei(config-if-gpon-0/2)#ont confirm 0 all profile-id 1
Related Operations
Table 25-11 lists the related operations for confirming an automatically found ONT. Table 25-11 Related operations for confirming an automatically found ONT To... Query the information on the ONTs automatically found by all ports Query the information on the ONTs automatically found by a specified port Clear the information on the auto-found ONTs Run the Command... display ont autofind all Remarks Run the command in global config mode.
display ont autofind portid
Run the command in GPON mode.
ont cancel portid
Run the command in GPON mode. You can clear the information about the auto-found ONTs that are not confirmed. The information does not exist after it is cleared. If the ONT gets online next time, the system saves its information for the user to confirm it.
Issue 02 (2008-04-25)
25-21
25.8.6 Setting the Minimum and Maximum Logical Reach

This topic describes how to set the minimum and maximum logical reach of an ONT under a GPON port.
l l
By default, the minimum logical reach is 0 km, and the maximum logical reach is 60 km. The maximum logical reach must be larger than the minimum logical reach. The maximum differential fiber distance between the farthest and the nearest ONTs is 20 km. The configuration granularity is 1 km.
Procedure
Step 1 Run the port range command to set the minimum and maximum logical reach. Step 2 Run the display port info command to query the information on the port. ----End
Example
To set the minimum and maximum logical reach of the ONT under port 0/2/0 to 10 km and 15 km respectively, do as follows:
huawei(config-if-gpon-0/2)#port 0 range min-distance 10 max-distance 15 This command will result in the ONT's re-register in the port. Are you sure to execute this command? (y/n)[n]:y huawei(config-if-gpon-0/2)#display port info 0 ---------------------------------------F/S/P 0/2/0 Min distance(km) 10 Max distance(km) 15 Left bandwidth(kb) 1240576 Number of T-CONTs 0 Autofind Disable FEC check Disable Laser switch On ONT secret key interval(h) Disable ----------------------------------------
25-22
Issue 02 (2008-04-25)
26 Protection Configuration for Upstream Link
26
Protection Configuration for Upstream Link
About This Chapter

This topic describes the mechanism of upstream link protection and the method of configuring the upstream link protection on the MA5600T.
NOTE
26.1 Overview This topic describes the service protection mechanism of the uplink on the MA5600T to enhance the reliability of the service transmission. 26.2 Configuration Example of the Upstream Link Protection This topic provides an example for configuring the upstream link protection to improve the service transmission reliability. 26.3 Configuring a Protection Group This topic describes how to configure a protection group. When the protection group is configured, if the services are interrupted due to the physical disconnection to the upper layer device, the MA5600T automatically uses the standby line to transmit the user data.
Issue 02 (2008-04-25)
26-1
26.1 Overview
This topic describes the service protection mechanism of the uplink on the MA5600T to enhance the reliability of the service transmission.
Service Description
l
The broadband access service of Internet becomes more and more popular, and users demand for both high performance and stable network access. As a result, carriers prefer the broadband access equipment that runs stably and has better automatic protection and self-healing capability. The MA5600T adopts the active/standby mechanism to ensure the normal operation of the service. In addition, it is designed with the service protection mechanism of the upstream port. When the MA5600T is disconnected with the upper layer device physically, the MA5600T uses the standby line to transmit the user services so that the services can recover quickly.
The MA5600T provides two detection modes of the active/standby switchover to achieve the service protection of the upstream port.
l
Port status detection mode: It means the two ports of a protection group, or the Tx ports of the two boards are enabled. The port status determines whether to implement switchover. Delay detection mode: It means only one Tx port in a protection group is enabled, and the other one is disabled. If the status of the enabled Tx port is DOWN, disable the port. Then, enable the other Tx port. If the status of the other Tx port is UP, then switchover is performed. Otherwise, detection proceeds.
26.2 Configuration Example of the Upstream Link Protection

This topic provides an example for configuring the upstream link protection to improve the service transmission reliability.
Two upstream ports can be in the same upstream board or in different upstream boards, but must be of the same port type.
Networking
Figure 26-1 shows an example network for configuring the upstream link protection. Configure the two upstream ports on the MA5600T as a protection group. In general, services are transmitted on the active line. When the active line is faulty, the MA5600T automatically switches the services to the standby line.
Figure 26-1 Example network for configuring the upstream link protection
Router MA5600T G P B C
GE0/19/0
CON ETH ESC
GE0/19/1
SCU Optical splitter
GIU
ONT PC
Figure 26-2 shows the flowchart for configuring the upstream link protection.
Issue 02 (2008-04-25)
26-3
Figure 26-2 Flowchart for configuring the upstream link protection

Start
Aggregate the upstream ports Configure the protection group
Create a VLAN
Add the upstream port to the VLAN Add the service port to the VLAN
Save the data
End
Data Plan
Table 26-1 provides the data plan for configuring the upstream link protection. Table 26-1 Data plan for configuring the upstream link protection Item VLAN ID Upstream port Protection group mode Service port Data 10 0/9/0 and 0/9/1 Timedelay mode 0/11/0
Procedure
Step 1 Aggregate the upstream ports.
huawei(config)#link-aggregation 0/9 0 0/19 1 egress-ingress workmode lacp-static
Step 2 Configure the protection group.

huawei(config)#protect huawei(config-protect)#protect-group first 0/9/0 second 0/9/1 eth workmode timedelay enable
26-4
Issue 02 (2008-04-25)

huawei(config-protect)#quit huawei(config)#vlan 10 smart
Step 4 Add the VLAN to the upstream port.

huawei(config)#port vlan 10 0/9 0-1
Step 5 Add the service port to the VLAN.

huawei(config)#service-port vlan 10 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6 huawei(config)#service-port vlan 10 gpon 0/2/0 gemport 128 multi-service user-vlan 100 rx-cttr 6 tx-cttr 6

huawei(config)#save
----End
Result
After the configuration, the user can access the Internet. When the upstream link of upstream port 0/9/0 fails, the system automatically transfers the service to the upstream link of upstream port 0/9/1. In this case, the user can still access the Internet.
26.3 Configuring a Protection Group

This topic describes how to configure a protection group. When the protection group is configured, if the services are interrupted due to the physical disconnection to the upper layer device, the MA5600T automatically uses the standby line to transmit the user data.
l
The two upstream ports in a protection group can be in the same upstream board or in different upstream boards, but must be of the same port type. The two ports in the protection group must be the only two ports in the same aggregation group.
NOTE
If the IGMP upstream port configurations exist for a protection group, make sure that the configurations are consistent for the two ports in the protection group.
Procedure
Step 1 Run the protect-group command to configure a protection group. Step 2 Run the display protect-group command to query the protection group. ----End
Example
To configure a protection group that consists of ports 0/9/0 and 0/9/1, do as follows:
huawei(config-protect)#protect-group first 0/9/0 second 0/9/1 eth workmode timedelay enable
Issue 02 (2008-04-25)
26-5
huawei(config-protect)#display protect-group --------------------------------------------------------------------------NO. FirstIntf SecondIntf Enable ActiveFlag ProtectType WorkMode --------------------------------------------------------------------------0 0/9/0 0/9/1 Enable First ETH TimeDelay --------------------------------------------------------------------------Total : 1
Related Operations
Table 26-2 lists the related operations for configuring the protection group. Table 26-2 Related operations for configuring the protection group To... Delete a protection group Switch over between the ports in a protection group by force Run the Command... undo protect-group protect-group switch-over
26-6
Issue 02 (2008-04-25)
27 Device Subtending Configuration
27
NOTE
Device Subtending Configuration
About This Chapter

This topic describes the Ethernet technology and how to subtend the MA5600T.
27.1 Overview The MA5600T supports multiple types of Ethernet ports and other DSLAM devices can be subtended to these Ethernet ports. This topic describes the application of the MA5600T in a subtending network. 27.2 Configuration Example of a Subtended Network Through the ETHA Board This examples shows how to subtend two MA5600T devices through the Ethernet port on the ETH board. 27.3 Configuring the Physical Attributes of an Ethernet Port 27.4 Enabling the Flow Control on an Ethernet Port This topic describes how to enable the flow control on an Ethernet port. 27.5 Enabling the Traffic Suppression This topic describes how to enable the traffic suppression on a port to guarantee the stable network services. 27.6 Enabling the Ethernet Port Aggregation This topic describes how to enable Ethernet port aggregation. 27.7 Mirroring an Ethernet Port This topic describes how to enable the mirroring function of an Ethernet port. This helps analyze the cause of a faulty port. 27.8 Adding an Ethernet Port to a VLAN
This topic describes how to add Ethernet ports to a VLAN. 27.9 Setting the Native VLAN for an Ethernet Port This topic describes how to set the native VLAN for an Ethernet port to control whether the packets out from the Ethernet port bear VLAN tags.
27-2
Issue 02 (2008-04-25)
27.1 Overview
The MA5600T supports multiple types of Ethernet ports and other DSLAM devices can be subtended to these Ethernet ports. This topic describes the application of the MA5600T in a subtending network.
Service Description
The MA5600T supports subtended through the Ethernet port. Multiple DSLAMs at different tiers can be subtended through the GE/FE port to extend the network coverage and meet the requirements for a large capacity. For details on the subtended network, refer to "Subtended Network Configuration" in the MA5600T Feature Description.
The MA5600T provides Ethernet ports through the SCU, GIU, ETH and OPFA boards. Where:
l
The Ethernet ports provided by the SCU or the GIU board are used for upstream service transmission and subtended network configuration. The ETH board functions as an extension of the SCU board to provide Ethernet ports for upstream service transmission and subtended network configuration. The Ethernet ports provided by the OPFA board are used for P2P Ethernet optical service access.
Table 27-1 lists the Ethernet ports of the MA5600T Table 27-1 Ethernet ports of the MA5600T Port Type 100 Base-FX Port 100M single-mode/ multiple-mode optical port 1000M electrical port Working Mode Full duplex Rate 100 Mbit/s
1000 Base-TX
l l l
Half duplex Full duplex Auto negotiation Full duplex Auto negotiation Full duplex Auto negotiation Full duplex Auto negotiation
l l l
10 Mbit/s 100 Mbit/s 1000 Mbit/s
1000 Base-SX
1000M multiple-mode optical port 1000M single-mode optical port 10GE optical port
l l l l l l
1000 Mbit/s
1000 Base-LX
1000 Mbit/s
10 GBase-L
10000 Mbit/s
Issue 02 (2008-04-25)
27-3
27.2 Configuration Example of a Subtended Network Through the ETHA Board

This examples shows how to subtend two MA5600T devices through the Ethernet port on the ETH board.
Networking
Figure 27-1 shows an example network for configuring a subtended network through the ETH board. MA5600T_B is subtended to MA5600T_A through port 0/6/0, and MA5600T_A transmits the services of MA5600T_B to the upper layer network through port 0/9/0. Figure 27-1 Example network for configuring a subtended network through the ETH board
Router
E T H A
CON ETH ESC
GE 0/19/0
SCU G P B C
MA5600T_A
CON ETH ESC
GE 0/19/0
SCU Optical splitter ONT
MA5600T_B
PC
27-4
Issue 02 (2008-04-25)
Prerequisites
l l l
The network devices and the lines must be in the normal state. All boards of the MA5600T must be in the normal state. Ethernet port 0/6/0 on MA5600T_A and Ethernet port 0/9/0 on MA5600T_B are of the same type, and the port rate and duplex mode is auto negotiation. The access user configuration on MA5600T_B is complete and it is not repeated here.
Figure 27-2 shows the flowchart for configuring a subtended network through the ETH board Figure 27-2 Flowchart for configuring a subtended network through the ETH board
Start
Create a standard VLAN
Add an upstream port to the VLAN
Add a subtending port to the VLAN
Save the data
End
NOTE
The mentioned configuration is performed on MA5600T_A. No subtending port is needed to be configured on MA5600T_B. For other configurations, they are the same on MA5600T_A and MA5600T_B. For configurations on MA5600T_B, see "Procedure" in "25.2 Configuration Example of the GPON Service."
Procedure
Step 1 Create a smart VLAN.

Step 3 Add a subtending port.

Issue 02 (2008-04-25)
27-5

huawei(config)#save
----End
Result
After the configuration, the subtended devices can be configured with services and users connected to MA5600T_B can access the Internet.
27.3 Configuring the Physical Attributes of an Ethernet Port

27.3.1 Setting the Auto-negotiation Mode of an Ethernet Port This topic describes how to set the auto-negotiation mode of an Ethernet port. When an Ethernet port works in auto-negotiation mode, the Ethernet port negotiates the parameters such as port rate and duplex mode with the interconnected port. Manual configuration is not required. 27.3.2 Setting the Duplex Mode of an Ethernet Port This topic describes how to set the duplex mode of an Ethernet port. 27.3.3 Setting the Rate of an Ethernet Port This topic describes how to set the rate of an Ethernet port. 27.3.4 Setting the Network Cable Type of an Ethernet Port This topic describes how to set the network cable type of an Ethernet port.
27.3.1 Setting the Auto-negotiation Mode of an Ethernet Port

This topic describes how to set the auto-negotiation mode of an Ethernet port. When an Ethernet port works in auto-negotiation mode, the Ethernet port negotiates the parameters such as port rate and duplex mode with the interconnected port. Manual configuration is not required.
l l
By default, the auto-negotiation switch of the Ethernet electric port is enabled. By default, the auto-negotiation switch of the Ethernet optical port is disabled.
Procedure
Step 1 Run the interface scu command to enter SCU mode. Step 2 Run the interface giu command to enter SCU mode. Step 3 Run the auto-neg command to set the auto-negotiation mode of an Ethernet port. Step 4 Run the display port state command to query the configuration of the Ethernet port. ----End
Example
To disable the auto-negotiation mode of Ethernet port 0/9/1 on the SCU board, do as follows:
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#auto-neg 1 disable
27-6
Issue 02 (2008-04-25)
huawei(config-if-scu-0/9)#display port state 1 The port is active Native VLAN ID is 1 Ethernet port is offline Ethernet port is full duplex Ethernet port rate is 1000M Ethernet port does not support flow control Ethernet port does not support jumbo frame Line-adaptive function of the ethernet port is auto-negotiation Ethernet port network-role is uplink
27.3.2 Setting the Duplex Mode of an Ethernet Port

This topic describes how to set the duplex mode of an Ethernet port.
l
The duplex of an Ethernet port can be full duplex, half duplex, or auto-negotiation. When setting the duplex mode of an Ethernet port, make sure that the duplex of the Ethernet port must be the same as that of the interconnected port on the peer device. This prevents communication failure. When a port is in auto-negotiation mode, to change its duplex mode to full duplex, disable the auto-negotiation mode of the port first. By default:

The FE electrical port is in auto-negotiation mode. The FE optical port is in full duplex mode.
Procedure
Step 1 Run the interface giu command to enter SCU mode. Step 2 Run the interface giu command to enter GIU mode. Step 3 Run the auto-neg command to disable the auto negotiation mode of an Ethernet port. Step 4 Run the duplex command to set the duplex mode of the Ethernet port. Step 5 Run the display port state command to query the duplex mode of the port. ----End
Example
To change the auto-negotiation mode of Ethernet port 0/9/1 to full duplex, do as follows:
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#auto-neg 1 disable huawei(config-if-scu-0/9)#duplex 1 full huawei(config-if-scu-0/9)#display port state 1 The port is active Native VLAN ID is 1 Ethernet port is offline Ethernet port is full duplex Ethernet port rate is 1000M Ethernet port does not support flow control Ethernet port does not support jumbo frame Line-adaptive function of the ethernet port is auto-negotiation Ethernet port network-role is uplink
Issue 02 (2008-04-25)
27-7
27.3.3 Setting the Rate of an Ethernet Port

This topic describes how to set the rate of an Ethernet port.
When setting the rate of an Ethernet port, make sure that the rate of the Ethernet port must be the same as that of the interconnected port on the peer device. This prevents communication failure. By default:
l l l l
The rate of the GE electrical port is auto-negotiation. The rate of the GE optical port is 1000 Mbit/s. The rate of the 10GE optical port is 10000 Mbit/s. When a port is in auto-negotiation mode, to change its rate to a specific value, disable the auto-negotiation mode first.
Procedure
Step 1 Run the interface giu command to enter SCU mode. Step 2 Run the interface giu command to enter GIU mode. Step 3 Run the auto-neg command to set the rate of an Ethernet port. Step 4 Run the speed command to query the configured rate of the Ethernet port. ----End
Example
To set the rate of a GE electrical port to 100 Mbit/s, do as follows:
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#auto-neg 1 disable huawei(config-if-scu-0/9)#speed 1 100 huawei(config-if-scu-0/9)#display port state 1 The port is active Native VLAN ID is 1 Ethernet port is offline Ethernet port is full duplex Ethernet port rate is 100M Ethernet port does not support flow control Ethernet port does not support jumbo frame Line-adaptive function of the ethernet port is auto-negotiation Ethernet port network-role is uplink Line-adaptive function of the ethernet port is auto-negotiation
27.3.4 Setting the Network Cable Type of an Ethernet Port

This topic describes how to set the network cable type of an Ethernet port.
l
The Ethernet electrical port uses a straight-through cable or a crossover cable. To set the type of the network cable of the Ethernet port, run the mdi command.
27-8

l l l
The default network cable type is auto (auto-adaptive). Such setting only applies to the Ethernet electrical port. When the Ethernet electrical port is not in auto-negotiation mode, the network cable type cannot be configured as auto.
Procedure
Step 1 Run the interface giu command to enter SCU mode. Step 2 Run the interface giu command to enter GIU mode. Step 3 Run the mdi command to set the network cable type of an Ethernet port. Step 4 Run the display port state command to query the configured network cable type. ----End
Example
To set the network cable type of Ethernet electrical port 0/9/1 as straight-through cable, do as follows:
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#mdi 1 normal huawei(config-if-scu-0/9)#display port state 1 The port is active Native VLAN ID is 1 Ethernet port is offline Ethernet port is full duplex Ethernet port rate is 100M Ethernet port does not support flow control Ethernet port does not support jumbo frame Line-adaptive function of the ethernet port is normal Ethernet port network-role is uplink Line-adaptive function of the ethernet port is normal
27.4 Enabling the Flow Control on an Ethernet Port

This topic describes how to enable the flow control on an Ethernet port.
l
When the traffic exceeds a certain level (> 1 Gbit/s for the GE port or > 100 Mbit/s for the FE port), the MA5600T sends PAUSE frames to inform the remote PC to reduce the traffic to reduce the packet loss rate. The process involved is called flow control. It is required that both the MA5600T and the peer device support the flow control function. In general, when the peer device supports the flow control function, enable the flow control function of the MA5600T; when the peer device does not support the flow control function, disable the flow control function of the MA5600T. By default, the flow control on the Ethernet port is disabled.
Procedure
Step 1 Run the interface giu command to enter SCU mode.
Step 2 Run the interface giu command to enter GIU mode. Step 3 Run the flow-control command to enable the flow control on an Ethernet port. Step 4 Run the display port state command to query the flow control information on the port. ----End
Example
To enable the flow control on all ports, do as follows:
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#flow-control all huawei(config-if-scu-0/9)#display port state all ----------------------------------------------------------------------------Port Port Optic Native MDI Speed Duplex Flow- Active Link Type Status VLAN (Mbps) Ctrl State ----------------------------------------------------------------------------0 GE absence 1 1000 full on active offline 1 GE absence 1 1000 full on active offline 2 GE absence 1 1000 full on active offline 3 GE absence 1 1000 full on active offline -----------------------------------------------------------------------------
Related Operation
Table 27-2 lists the related operation for enabling the flow control of an Ethernet port. Table 27-2 Related operation for enabling the flow control of an Ethernet port To... Disable the flow control on the Ethernet port Run the command... undo flow-control
27.5 Enabling the Traffic Suppression

This topic describes how to enable the traffic suppression on a port to guarantee the stable network services.
There are three traffic suppression modes available:
l
Broadcast storm suppression Broadcast storm suppression refers to discarding broadcast traffic when it exceeds a preset threshold to guarantee stable network services.
l l
Unknown unicast suppression Unknown multicast storm suppression
By default, the level of broadcast storm suppression, unknown unicast suppression, and unknown multicast suppression is 7. It is suggested to enable broadcast storm suppression according to network conditions.
When the IGMP proxy or the IGMP snooping is enabled, the unknown multicast packet is not suppressed. When the IGMP proxy and the IGMP snooping are both disabled, (running the igmp mode off command), the unknown multicast packet is suppressed.
l
When IGMP Proxy or IGMP snooping is enabled, unknown multicast packets are not suppressed. When IGMP proxy and IGMP snooping are disabled (running the igmp mode off command), unknown multicast packets are suppressed. By default, the level of unknown multicast suppression is 7. When the multicast service is accessed through the ETH board, to enable the multicast transparent transmission, you must run the undo traffic-suppress portid multicast command to disable the broadcast storm suppression for the unknown multicast packets on the ETH board.
Procedure
Step 1 Run the interface giu command to enter SCU mode. Step 2 Run the interface giu command to enter GIU mode. Step 3 Run the traffic-suppress command to enable the traffic suppression on a port. Step 4 Run the display traffic-suppress command to query the configuration of the traffic suppression. ----End
Examples
To set broadcast storm suppression for all ports on the control board to level 1, do as follows:
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#traffic-suppress all broadcast value 1 huawei(config-if-scu-0/9)#display traffic-suppress all Traffic suppression ID definition: --------------------------------------------------------------------NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps) --------------------------------------------------------------------1 6 145 12 2 12 291 24 3 24 582 48 4 48 1153 95 5 97 2319 191 6 195 4639 382 7 390 9265 763 8 781 18531 1526 9 1562 37063 3052 10 3125 74126 6104 11 6249 148241 12207 12 12499 296483 24414 -----------------------------------------------------------------------------------------------------------------------------------Current traffic suppression index of broadcast : 1 Current traffic suppression index of multicast : 7 Current traffic suppression index of unknown unicast : 7 ----------------------------------------------------------------
To set unknown unicast suppression for port 0/9/0 to level 1, do as follows:

huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#traffic-suppress 0 unicast value 1 huawei(config-if-scu-0/9)#display traffic-suppress 0 Traffic suppression ID definition: --------------------------------------------------------------------NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps)
Issue 02 (2008-04-25)
27-11
--------------------------------------------------------------------1 6 145 12 2 12 291 24 3 24 582 48 4 48 1153 95 5 97 2319 191 6 195 4639 382 7 390 9265 763 8 781 18531 1526 9 1562 37063 3052 10 3125 74126 6104 11 6249 148241 12207 12 12499 296483 24414 -----------------------------------------------------------------------------------------------------------------------------------Current traffic suppression index of broadcast : 1 Current traffic suppression index of multicast : 7 Current traffic suppression index of unknown unicast : 7 ----------------------------------------------------------------
To set multicast suppression for port 0/9/0 to level 1, do as follows:

huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#traffic-suppress 0 multicast value 1 huawei(config-if-scu-0/9)#display traffic-suppress 0 Traffic suppression ID definition: --------------------------------------------------------------------NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps) --------------------------------------------------------------------1 6 145 12 2 12 291 24 3 24 582 48 4 48 1153 95 5 97 2319 191 6 195 4639 382 7 390 9265 763 8 781 18531 1526 9 1562 37063 3052 10 3125 74126 6104 11 6249 148241 12207 12 12499 296483 24414 -----------------------------------------------------------------------------------------------------------------------------------Current traffic suppression index of broadcast : 1 Current traffic suppression index of multicast : 7 Current traffic suppression index of unknown unicast : 7 ----------------------------------------------------------------
Related Operations
Table 27-3 lists the related operations for enabling traffic suppression. Table 27-3 Related operations for enabling traffic suppression To... Disable unknown unicast packet suppression Disable unknown multicast packet suppression Disable broadcast storm suppression Run the Command... undo traffic-suppress unicast undo traffic-suppress multicast undo traffic-suppress broadcast
27-12
Issue 02 (2008-04-25)
27.6 Enabling the Ethernet Port Aggregation

This topic describes how to enable Ethernet port aggregation.
Port aggregation means aggregation of multiple ports together to expand the bandwidth. The input and output load can be distributed among the member ports.
l l l
The SCU board supports up to 4 port aggregation groups. One aggregation group supports up to 8 Ethernet ports. Multiple physical ports can be aggregated only if they meet the following conditions:

All the ports must work in full duplex mode. The rates of all the ports must be the same, and the rates of the electrical ports cannot be configured as auto-negotiation. The default VLAN (PVID) and VLAN attributes of all the ports must be the same. One port belongs to only one aggregation group. No mirror destination port is included. The port cannot be in the auto-negotiation state. The start port number must be smaller than the end port number.
Procedure
Step 1 Run the link-aggregation command to set the port aggregation. Step 2 Run the display link-aggregation command to query the related information about the aggregated ports. ----End
Example
To set the Ethernet port aggregation, do as follows:
huawei(config)#link-aggregation 0/9 0-1 ingress huawei(config)#display link-aggregation all
Related Operation
Table 27-4 lists the related operation for enabling the Ethernet port aggregation. Table 27-4 Related operation for enabling the Ethernet port aggregation To... Delete the Ethernet port aggregation Run the command... undo link-aggregation
Issue 02 (2008-04-25)
27-13
27.7 Mirroring an Ethernet Port

This topic describes how to enable the mirroring function of an Ethernet port. This helps analyze the cause of a faulty port.
l l l
You can configure only one mirroring destination port in the system. You can mirror multiple ports to one destination port. The mirroring destination port cannot be the aggregated port.
Procedure
Step 1 Run the interface scu command to enter SCU mode. Step 2 Run the interface giu command to enter SCU mode. Step 3 Run the mirror port command to enable the mirroring function of an Ethernet port. Step 4 Run the display mirror command to query the configuration of the Ethernet port. ----End
Example
To mirror the transmit and receive packets of port 0 to port 1, do as follows:
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#mirror port 0 1 all huawei(config-if-scu-0/9)#display mirror -----------------------------------------------Source port Direction Destination port -----------------------------------------------0 all 1 ------------------------------------------------
Related Operation
Table 27-5 lists the related operation for mirroring an Ethernet port. Table 27-5 Related operation for mirroring an Ethernet port To... Cancel the mirroring of an Ethernet port. Run the command... undo mirror port
27.8 Adding an Ethernet Port to a VLAN

This topic describes how to add Ethernet ports to a VLAN.
Context
The VLAN must have been existed.
Procedure
Step 1 Run the port vlan command to add an Ethernet Port to a VLAN. Step 2 Run the display port vlan command to query the VLAN of a specified upstream port. ----End
Example
To add Ethernet port 0/9/0 to VLAN 2, do as follows:
huawei(config)#port vlan 2 0/9 0 huawei(config)#display port vlan 0/9/0 --------------------------------------1 10 20 --------------------------------------Total: 3 Native VLAN: 1
Related Operation
Table 27-6 lists the related operation for adding an Ethernet Port to a VLAN. Table 27-6 Related operation for adding an Ethernet Port to a VLAN To... Delete a port from a VLAN Query the configuration and the port of a specified VLAN Run the command... undo port vlan display vlan
27.9 Setting the Native VLAN for an Ethernet Port

This topic describes how to set the native VLAN for an Ethernet port to control whether the packets out from the Ethernet port bear VLAN tags.
l l
The default Native VLAN of the Ethernet ports is VLAN 1. When the Ethernet port is used as the upstream port:
If the native VLAN of the Ethernet port is the same as the VLAN to which this Ethernet port belongs, the Ethernet port removes the VLAN Tag of the upstream packets. If the native VLAN of the Ethernet port is different from the VLAN to which this Ethernet port belongs, the Ethernet port keeps the VLAN Tag of the upstream packets.
Before specifying the native VLAN of an Ethernet port, the VLAN must be included in the port. Whether the native VLAN must be set for the upstream port depends on the upper-layer equipment connected to the port.
If the upper-layer equipment supports the packets containing the VLAN tag, the native VLAN of the upstream port of the MA5600T must be different from the VLAN to which the upstream port belongs.
Issue 02 (2008-04-25)
If the upper-layer equipment does not support the packets containing the VLAN tag, the native VLAN of the upstream port of the MA5600T must be the same as the VLAN to which the upstream port belongs.
Procedure
Step 1 Run the interface scu command to enter SCU mode. Step 2 Run the interface giu command to enter SCU mode. Step 3 Run the native-vlan command to set the native VLAN of an Ethernet port. Step 4 Run the display port state command to query the configuration of the Native VLAN. ----End
Example
To set the native VLAN of Ethernet port0/9/0 as VLAN 10, do as follows:
huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 vlan 10 huawei(config-if-scu-0/9)#display port state 0 The port is active Native VLAN ID is 10 Ethernet port is offline Ethernet port is full duplex Ethernet port rate is 1000M Ethernet port does not support flow control Ethernet port does not support jumbo frame Line-adaptive function of the ethernet port is auto-negotiation Ethernet port network-role is uplink
27-16
Issue 02 (2008-04-25)
28 VLAN Stacking Wholesale Service Configuration
28
NOTE
VLAN Stacking Wholesale Service Configuration
About This Chapter

This topic describes how to configure the VLAN stacking wholesale service supported by the MA5600T.
28.1 Overview This topic describes how to use the VLAN stacking function to implement the multi-ISP wholesale access and VLAN ID extension. 28.2 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access This topic provides an example for configuring VLAN stacking multi-ISP wholesale access so that the services provisioned by the ISP can be delivered to the specified user group.
Issue 02 (2008-04-25)
28-1
28.1 Overview
This topic describes how to use the VLAN stacking function to implement the multi-ISP wholesale access and VLAN ID extension.
The MA5600T adds two layers of 802.1Q tags to the user packets. With the two layers of VLAN tags, the packets are transmitted to the L2 switched network, and are forwarded according to the outer VLAN tag.
l
Multi-ISP wholesale access Multiple internet service providers (ISP) exist in an L2 MAN. To quickly provision services provided by the ISP to the specified user group, use the outer VLAN tag to identify the ISP and use the inner VLAN tag to identify the user. With the wholesale service function, users can be connected to different ISPs in batches based on the outer VLAN tag.
NOTE
In the wholesale service, the upper layer device must work in L2 mode to forward packets based on the VLAN and the MAC addresses.
l
VLAN ID extension In the application of the VLAN ID extension, the outer and inner VLAN tags are used to identify the user, or the outer VLAN tag is used to identify the access device and the inner tag is used to identify the users that access the device. The BRAS identifies the access users based on the L2 VLAN tag to increase the number of users identified by the VLAN ID, thus increasing the number of users that access the BRAS.
NOTE
The application of the VLAN ID extension needs support from the BRAS.
For the details of the VLAN Stacking function and related features, refer to "VLAN" in the MA5600T Feature Description.
Service Description
The MA5600T supports a maximum of 4000 VLAN stacking. The following VLANs cannot be configured with the stacking attributes.
l l l l l
Super VLAN Sub VLAN The VLAN that is configured with the L3 interface The default VLAN The reserved VLAN
28.2 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access

This topic provides an example for configuring VLAN stacking multi-ISP wholesale access so that the services provisioned by the ISP can be delivered to the specified user group.
Networking
Figure 28-1 shows an example network for configuring the VLAN stacking multi-ISP wholesale access. Users 1 and 2 belong to one ISP, and users 3 and 4 belong to another ISP. Based on the VLAN stacking feature, the MA5600T adds the outer VLAN tag to differentiate ISPs and the inner VLAN tag to differentiate users, and forwards the user packets to the L2 network. Then the switch at the L2 forwards the user packets to the specified ISP BRAS based on the outer VLAN tag. The BRASs of the user's ISP identifies the users based on the inner VLAN tag and authenticate the users. After the users pass the authentication, the BRASs terminate the two VLAN tags and then the users can access the Internet. Figure 28-1 Example network for configuring the VLAN stacking multi-ISP wholesale access
ISP1 BRAS MA5600T

G
ISP2 BRAS
P B C
CON ETH ESC
P B C
GE 0/19/0
SCU Optical splitter Optical splitter
ONT1
ONT2
ONT3
ONT4
User 1
User 2
User 3
User 4
Data Plan
Table 28-1 provides the data plan for configuring the VLAN stacking multi-ISP wholesale access.
Issue 02 (2008-04-25)
28-3
Table 28-1 Data plan for configuring the VLAN stacking multi-ISP wholesale access Item User 1, user 2 Data Service provider: ISP1 Service VLAN of ISP1: 60 Upstream port: 0/9/0 Service port: 0/11/1 GEM port IDs:
l l
User 1: 131 User 2: 132
User-side VLANs:
l l
User 1: 21 User 2: 22
Inner tags
l l
User 1: 11 User 2: 12
User 3, user 4
Service provider: ISP2 Service VLAN of ISP2: 61 Upstream port: 0/9/0 Service port: 0/14/0 GEM port IDs:
l l
User 3: 133 User 4: 134
User-side VLANs:
l l
User 3: 23 User 4: 24
Inner tags:
l l
User 3: 13 User 4: 14
Figure 28-2 shows the flowchart for configuring the VLAN stacking multi-ISP wholesale access.
28-4
Issue 02 (2008-04-25)
Figure 28-2 Flowchart for configuring the VLAN stacking multi-ISP wholesale access
Start
Create VLANs
Set the VLAN attribute
Add the upstream port
Add service ports
Set the inner tags
Save the data
End
NOTE
l l
For the configuration of the GPON access service, see "25.2 Configuration Example of the GPON Service." For the details on the stacking VLAN feature, refer to "VLAN" in the MA5600T Feature Description.
Procedure
Step 1 Create the VLAN.
huawei(config)#vlan 60-61 smart
Step 2 Set the VLAN attribute.

huawei(config)#vlan attrib 60-61 stacking
Step 3 Add the upstream port to the VLAN.

huawei(config)#port vlan 60-61 0/9 0
Step 4 Add service ports to the VLAN. The default traffic profile 5 is applied.
huawei(config)#service-port 21 rx-cttr 5 tx-cttr 5 huawei(config)#service-port 22 rx-cttr 5 tx-cttr 5 huawei(config)#service-port 23 rx-cttr 5 tx-cttr 5 huawei(config)#service-port 24 rx-cttr 5 tx-cttr 5 vlan 60 gpon 0/2/1 gemport 131 multi-service user-vlan vlan 60 gpon 0/2/1 gemport 132 multi-service user-vlan vlan 61 gpon 0/14/0 gemport 133 multi-service user-vlan vlan 61 gpon 0/14/0 gemport 134 multi-service user-vlan
Step 5 Set the inner VLAN tag.

huawei(config)#stacking label 0/2/1 gemport 131 user-vlan 21 11 huawei(config)#stacking label 0/2/1 gemport 132 user-vlan 22 12
Issue 02 (2008-04-25)
28-5
huawei(config)#stacking label 0/14/0 gemport 133 user-vlan 23 13 huawei(config)#stacking label 0/14/0 gemport 134 user-vlan 24 14

huawei(config)#save
----End
Result
After the configuration, user 1 and user 2 can access the Internet through ISP 1, and user 3 and user 4 can access the Internet through ISP 2.
28-6
Issue 02 (2008-04-25)
29 QinQ VLAN Private Line Service Configuration
29
NOTE
QinQ VLAN Private Line Service Configuration
About This Chapter

This topic describes how to configure the QinQ VLAN leased line service supported by the MA5600T.
29.1 Overview This topic describes the application of the QinQ feature to the private line service. 29.2 Configuration Example of the QinQ VLAN This topic provides an example for configuring the private line service based on the QinQ feature to provide security channel for data transmission between private networks of the enterprises. 29.3 Configuration Example of the QinQ VLAN Private Line Service This topic provides an example for configuring the private line service based on the QinQ feature to provide security channel for data transmission between private networks of the enterprises. 29.4 Enabling the Transparent Transmission of BPDUs This topic describes how to enable the transparent transmission of Bridge Protocol Data Units (BPDUs). The MA5600T supports that the BPDUs of private networks are transparently transmitted based on the QinQ function of the public network.
Issue 02 (2008-04-25)
29-1
29.1 Overview
This topic describes the application of the QinQ feature to the private line service.
Service Description
The QinQ feature is applied to the broadband private line service service. It utilizes the public network resources to provide a transparent and safe data channel for the private networks of a enterprise that are located at different places. With the QinQ feature, the MA5600T adds a public network VLAN tag (QinQ VLAN) to the tagged packet of the local private network. The packet with the private network VLAN tag is forwarded to the peer MA5600T in the public network based on its outer VLAN tag. The peer MA5600T removes the VLAN tag and transmits the packet to the peer private network of the enterprise. For details of the QinQ feature and related features, refer to "VLAN" in the MA5600T Feature Description.
l
Leased line access mode The MA5600T adopts xDSL access mode to provide enterprise users with the symmetric bandwidth of 2 Mbit/s in upstream and downstream.
BPDU packet transparent transmission The MA5600T supports the transmission of the BPDU packet of the private network to the remote private network through the QinQ private line service.
Leased line connection type

Single PVC for single service Single PVC for multiple services (classified by the encapsulation type)
QinQ VLAN application limit The MA5600T supports a maximum of 4000 QinQ VLANs. The following VLANs cannot be configured with the QinQ VLAN.

Super VLAN Sub VLAN The VLAN that is configured with the L3 interface The default VLAN The reserved VLAN
29.2 Configuration Example of the QinQ VLAN

This topic provides an example for configuring the private line service based on the QinQ feature to provide security channel for data transmission between private networks of the enterprises.
29-2
Issue 02 (2008-04-25)
Prerequisites
l l l
The network devices and lines must be in the normal state. The service boards must be in the normal state. The upper layer network is in L2 mode, and forwards packets based on the VLAN and the MAC address.
Networking
Figure 29-1 shows an example network for configuring the private line service. The two branches of enterprise A are connected to the MAN through the MA5600T. On the MA5600T, the attribute of the upstream VLAN of user packets is configured as QinQ. In this way, services and BPDU packets from the private network of the enterprise can be transparently transmitted to the peer private network. Figure 29-1 Example network for configuring the private line service
L2/L3
L2/L3
S H L B
CON ETH ESC
GE 0/9/0
S H L B
CON ETH ESC
GE 0/9/0
SCU Modem LSW
MA5600T_A
SCU Modem LSW
MA5600T_B
Branch of enterprise A
Data Plan
Table 29-1 lists data plan for configuring the private line service. Table 29-1 Data plan for configuring the private line service Item MA5600T_A Data SHDA port: 0/12/0 Upstream port: 0/9/0
Item
Data Up stream VLAN ID: 50 VLAN type: smart VLAN VLAN attribute: QinQ BPDU transparent function: enable Traffic profile index: 5 (default), with the permitted access rate of 2 Mbit/s VPI/VCI: 0/35 (the same as that of the modem)
MA5600T_B
The same as the data plan of MA5600T_A
Figure 29-2 shows the flowchart for configuring the private line service. Figure 29-2 Flowchart for configuring the private line service
Start
Create a VLAN
Set the VLAN attribute
Enable transparent transmission of BPDUs Add the upstream port to the VLAN Add the service port to the VLAN
Save the data
End
The configurations on both MA5600T_A and MA5600T_B are the same. The following considers the configuration on MA5600T_A as an example, and describes how to configure the QinQ VLAN private line service.
29-4
Issue 02 (2008-04-25)
Procedure

huawei(config)#vlan attrib 50 q-in-q
Step 3 Enable transparent transmission of BPDUs.

huawei(config)#bpdu tunnel vlan 50 enable

huawei(config)#port vlan 50 0/9/0
Step 5 Add the service port to the VLAN by adopting the default traffic profile 5.
huawei(config)#service-port vlan 50 shdsl 0/12/0 vpi 0 vci 35 rx-cttr 5 tx-cttr 5

huawei(config)#save
----End
Result
After the configuration, the two branches of enterprise A can communicate with each other, and various services between private networks are implemented.
29.3 Configuration Example of the QinQ VLAN Private Line Service

This topic provides an example for configuring the private line service based on the QinQ feature to provide security channel for data transmission between private networks of the enterprises.
Networking
Figure 29-3 shows an example network of the QinQ VLAN private line service. The two branches of enterprise A are connected to the MAN through the MA5600T. On the MA5600T, the attribute of the upstream VLAN of user packets is configured as QinQ. In this way, service data and VLAN tags from the private network of the enterprise can be transparently transmitted to the peer private network.
Issue 02 (2008-04-25)
29-5
Figure 29-3 Example network of the QinQ VLAN private line service
L2/L3
L2/L3
P B C
CON ETH ESC
G
GE 0/19/0
P B C
CON ETH ESC
GE 0/19/0
SCU
MA5600T_A
SCU
MA5600T_B
Optical splitter
Optical splitter
ONT LAN switch
ONT LAN switch
Data Plan
Table 29-2 lists data plan for the QinQ VLAN private line service. Table 29-2 Data plan for the QinQ VLAN private line service Item MA5600T_A Data Upstream port: 0/9/0 Service port: 0/2/1 User-side VLAN ID: 10 Outer VLAN ID: 50 ONT ID: 11 ONT port: FE port 0 GEM port ID: 131 MA5600T_B Upstream port: 0/9/0 Service port: 0/2/1 User-side VLAN ID: 10 Outer VLAN ID: 50
Item
Data ONT ID: 11 ONT port: FE port 0 GEM port ID: 130
NOTE
l l
The example is based on the configuration of MA5600T_A. The configuration procedure also applies to MA5600T_B. Here only the configuration of MA5600T_A is described. The MA5600T supports the OMCI protocol. That is, the management and configuration data of the MA5600T is transmitted to the ONT through the OMCI channel. If the ONT does not support the OMCI protocol, you need to configure the ONT. For details on the GPON access, see "25.2 Configuration Example of the GPON Service."
Figure 29-4 shows the flowchart for configuring the private line service. Figure 29-4 Flowchart for configuring the private line service
Start Enable transparent transmission of BPDUs Create a VLAN
Set the VLAN attribute Add the upstream port to the VLAN Add the service port to the VLAN Save the data
Ebd
Procedure
Step 1 Enable transparent transmission of BPDUs.
huawei(config)#bpdu tunnel vlan 10 enable



huawei(config)#vlan attrib 50 q-in-q

huawei(config)#port vlan 50 0/9/0
Step 5 Add the service port to the VLAN.

huawei(config)#service-port vlan 50 gpon 0/2/1 gemport 131 multi-service user-vlan 10 rx-cttr 5 tx-cttr 5

huawei(config)#save
----End
Result
After the configuration, the two branches of enterprise A can communicate with each other.
29.4 Enabling the Transparent Transmission of BPDUs

This topic describes how to enable the transparent transmission of Bridge Protocol Data Units (BPDUs). The MA5600T supports that the BPDUs of private networks are transparently transmitted based on the QinQ function of the public network.
l
The transparent transmission of BPDUs is based on the VLAN, and is valid only to QinQ VLAN. T The BPDUs of the private network that can be transparently transmitted refer to the upstream/downstream packets with the destination MAC address ranging from 01-80c2-00-00-00 to 01-80-c2-00-00-2f. Especially, the packets with the destination MAC address of 01-80-c2-00-00-00, 01-80-c2-00-00-08, or 01-80-c2-00-00-11 that is in this range cannot be transparently transmitted. When the transparent transmission of BPDUs is enabled, the L2 BPDUs under the QinQ VLAN can be transparently transmitted. Otherwise, these BPDUs cannot be transparently transmitted.
Procedure
Step 1 Run the bpdu tunnel vlan command to enable the transparent transmission of BPDUs on a specified VLAN. Step 2 Run the display bpdu tunnel config command to display the transparent transmission status of BPDUs. ----End
Example
To enable the transparent transmission of BPDUs on VLAN 20, do as follows:
huawei(config)#bpdu tunnel vlan 20 enable huawei(config)#display bpdu tunnel config The VLAN info of enable bpdu tunnel: ----------------------------------------------------------------------------
29-8
Issue 02 (2008-04-25)
20, 100, ---------------------------------------------------------------------------The VLAN number of enable bpdu tunnel: 2
Related Operation
Table 29-3 lists the related operation for enabling the transparent transmission of BPDUs. Table 29-3 Related operation for enabling the transparent transmission of BPDUs To Disable the transparent transmission of BPDUs Run the Command bpdu tunnel vlan vlanid disable
Issue 02 (2008-04-25)
29-9
30 Multicast Service Configuration
30
NOTE
Multicast Service Configuration
About This Chapter

This topic describes how to configure the multicast service supported by the MA5600T.
30.1 Overview This topic describes the multicast service and its application on the MA5600T. 30.2 Configuration Example of the IGMP Proxy Multicast Service This topic provides an example for realizing the IGMP proxy multicast service. 30.3 Configuration Example of the IGMP Snooping Multicast Service This topic provides an example for configuring the IGMP snooping multicast service. 30.4 Configuration Example of the IGMP Snooping Multicast Service This topic provides an example for realizing the IGMP snooping multicast service. 30.5 Configuration Example of the Multicast Service in Subtending Mode This topic provides an example for configuring the multicast service in subtending mode. 30.6 Configuring the Multicast Service in MSTP Networking This topic describes how to configure the multicast service in networking. 30.7 Configuration Example of the Multicast Service Through the PIM-SSM Protocol This topic provides an example for realizing the multicast service through the Protocol Independent Multicast Source Specific Multicast (PIM-SSM) protocol. 30.8 Setting the IGMP Mode This topic describes how to set the IGMP mode, including IGMP proxy and IGMP snooping. 30.9 Configuring the IGMP Upstream Port
This topic describes how to add an IGMP upstream port and set its working mode and assigned bandwidth rate. 30.10 Setting the Multicast Mode of an Upstream Port This topic describes how to set the mode for an upstream port to interact with the upstream devices. The modes can be IGMP or PIM-SSM. 30.11 Enabling the Multicast Routing Function This topic describes how to enable the multicast routing function. 30.12 Specifying a Subtending Port This topic describes how to specify a subtending port. To subtend the MA5600T to a slave shelf with multicast service users, you need to define the port connecting to the slave shelf as a subtending port. 30.13 Configuring a Program for a Static Subtending Port This topic describes how to add a program for a static subtending port. 30.14 Configuring IGMP Global Parameters This topic describes how to configure the IGMP global parameters. 30.15 Configuring the IGMP VLAN Parameters This topic describes how to configure the IGMP VLAN parameters. 30.16 Configuring the PIM-SSM Protocol Parameters This topic describes how to configure the PIM-SSM protocol parameters. 30.17 Managing Multicast Bandwidth This topic describes how to manage multicast bandwidth. 30.18 Configuring an Authority Profile This topic describes how to configure an authority profile. 30.19 Configuring Multicast Users This topic describes how to configure multicast users. 30.20 Configuring the Preview Function This topic describes how to configure the preview function. 30.21 Configuring the Logging Function This topic describes how to configure the logging function. 30.22 Setting the Automatic CDR Reporting This topic describes how to collect audience statistics by setting the auto call detailed record (CDR) reporting.
30-2
Issue 02 (2008-04-25)
30.1 Overview
This topic describes the multicast service and its application on the MA5600T.
Service Description
With the advent of the streaming medias such as multimedia video and data warehouse in the IP network, the multicast service is becoming increasingly popular in service applications. It is widely applied in streaming, remote learning, video conferencing, video on demand (VOD), net gaming, Internet data center (IDC), and other point-to-multipoint data transmission applications. For details on the multicast service, refer to "Multicast" in the MA5600T Feature Description.
Designed with the carrier-class multicast operability, the MA5600T supports multicast protocols and controllable multicast, and a complete set of end-to-end (from the user side to the network side) protocols. This lays a foundation for provisioning of the value-added broadband multicast service and management of the multicast service. The MA5600T provides the operable, manageable, and controllable multicast services by supporting IGMP V2/V3, IGMP proxy, and IGMP snooping. The MA5600T supports multicast service access through the ETH board and the SCU board. The MA5600T supports the following:
l l l
multicast groups Up to eight multicast groups for each multicast server Program preview, preview in a short time, and configuration of the preview count, preview duration, and preview interval Audience statistics Controllable multicast to control users' access to multicast groups and programs Authority profile types including watch, preview, forbidden and idle.
l l l
30.2 Configuration Example of the IGMP Proxy Multicast Service

This topic provides an example for realizing the IGMP proxy multicast service.
Prerequisites
l l l
The network devices and lines must be in the normal state. The multicast source is available in the network and its IP address is known. The related service boards must be in the normal state.
Issue 02 (2008-04-25)
30-3
The MA5600T supports the function of delivering the OMCI configuration. That is, the management and configuration data of the MA5600T is transmitted to the ONT through the OMCI channel. If the ONT does not support the OMCI function, you need to configure the ONT. Pay attention to the configuration on the ONT, and make sure that:
l l l
The user-side VLAN must be the same as that of the OLT. The GEM port ID must be the same as that of the OLT. Alloc ID is 256(T-CONT ID) + (ONT ID) or can be displayed by running the display ont info command on the OLT. The Alloc ID of a PON port must be unique.
Networking
Figure 30-1 shows an example network for configuring the IGMP proxy multicast service. Figure 30-1 Example network for configuring the IGMP proxy multicast service
Multicast source
Router G P B C
CON ETH ESC
GE 0/19/1
MA5600T Optical splitter
ONT1
ONT2
PC1
PC2
Data Plan
Table 30-1 provides the data plan for configuring the IGMP proxy multicast service.
30-4
Issue 02 (2008-04-25)
Table 30-1 Data plan for configuring the IGMP proxy multicast service Item Smart VLAN Data VLAN ID: 100 IP address of the interface: 10.0.0.254 Upstream port DBA profile 0/9/1
l l l
Index: 6 (the default profile) Type: type 1 Fixed bandwidth: 100 Mbit/s Profile index: 6 (the default traffic profile); CIR: no restriction. Profile index: 5 (the default traffic profile); CIR: 2 Mbit/s. ONT ID: 0 ONT authentication mode: serial number + authentication password (SN-auth)

Traffic profile
l l
ONT1
l l
ONT serial number (SN): hwhw-10101010 ONT authentication password: huawei
l l
ONT port: FE port 0, VLAN 10 ONT capability set profile: 2 (the default ONT profile) ONT ID: 1 ONT authentication mode: serial number + authentication password (SN-auth)

ONT2
l l
l l
ONT port: FE port 0, VLAN 11 ONT capability set profile: 2 (the default ONT profile) GPON port: 0/2/1 GEM port ID: 150 (PC1), 151 (PC2) T-CONT ID: 1 User-side VLAN: 10 (PC1), 11 (PC2)
GEM port
l l l l
Program library
The multicast server provides three programs. The IP address of the program ranges from 224.1.1.1 to 224.1.1.3. The source IP address of the program is 10.10.10.10. Three programs use the default preview profile of the system. In authority profile 0, the user is allowed to watch program1 (224.1.1.1) and program2 (224.1.1.2) in the program library.
l l
Authority profile User
User 1 (PC1) is an auth user, and is bound with authority profile 0. User 2 (PC2) is a non-auth user.
Issue 02 (2008-04-25)
30-5
Figure 30-2 shows the flowchart for configuring the IGMP proxy multicast service. Figure 30-2 Flowchart for configuring the IGMP proxy multicast service
Start
Select the IGMP mode
Create a VLAN
Configure the IGMP upstream port Configure the global parameters (optional) Configure the program library Configure the preview attributes (optional) Configure the authority profile
Add ONTs
BInd the T-CONT profile
Specify ONTs for VLANs
Configure GEM ports Configure multicast users Add service ports Save the data
End
Procedure
Step 1 Create a VLAN and specify the IP address of the interface.
huawei(config)#vlan 100 smart huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#ip address 10.0.0.254 255.255.255.0
Step 2 Add the upstream port.

huawei(config-if-vlanif100)#quit huawei(config)#port vlan 100 0/9 1
Step 3 Add an ONT: First add an ONT capability set profile complying with the actual capability of the HG810. Then add an ONT and bind it with the profile. The default ONT capability set profile 2 is bound.
huawei(config-if-gpon-0/2)#ont add 1 0 hwhw-10101010 password-auth huawei profileid 2 huawei(config-if-gpon-0/2)#ont add 1 1 hwhw-01010101 password-auth huawei profileid 2
Step 4 Bind a DBA profile.

huawei(config-if-gpon-0/2)#tcont bind-profile 1 0 1 profile-id 6 huawei(config-if-gpon-0/2)#tcont bind-profile 1 1 1 profile-id 6
30-6
Issue 02 (2008-04-25)

huawei(config-if-gpon-0/2)#ont huawei(config-if-gpon-0/2)#ont huawei(config-if-gpon-0/2)#ont huawei(config-if-gpon-0/2)#ont port port port port vlan 1 0 fe native-vlan vlan 1 1 fe native-vlan 10 0 1 0 fe 0 vlan 10 11 0 1 1 fe 0 vlan 11
Step 6 Configure GEM ports. 1. Add GEM ports 150 and 151 to PON port 1, with attribute ETH and no encryption.
huawei(config-if-gpon-0/2)#gemport add 1 gemport-id 150 eth huawei(config-if-gpon-0/2)#gemport add 1 gemport-id 151 eth
2.
Bind GEM ports with ONT T-CONTs.

huawei(config-if-gpon-0/2)#ont gemport bind 1 0 150 1 priority-queue 0 huawei(config-if-gpon-0/2)#ont gemport bind 1 1 151 1 priority-queue 0
3.
Map GEM ports to service streams.

huawei(config-if-gpon-0/2)#ont gemport mapping 1 0 150 vlan 10 huawei(config-if-gpon-0/2)#ont gemport mapping 1 1 151 vlan 11
Step 7 Add service ports.

huawei(config-if-gpon-0/2)#quit huawei(config)#service-port vlan 100 gpon 0/11/1 gemport 150 multi-service uservlan 10 rx-cttr 5 tx-cttr 6 huawei(config)#service-port vlan 100 gpon 0/11/1 gemport 151 multi-service uservlan 11 rx-cttr 5 tx-cttr 6
Step 8 Select IGMP mode.

huawei(config)#multicast-vlan 100 huawei(config-mvlan100)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y
Step 9 Configure IGMP upstream port.

huawei(config-mvlan100)#igmp uplink-port 0/9/1 huawei(config-mvlan100)#quit huawei(config)#btv huawei(config-btv)#igmp uplink-port-mode default Are you sure to change the uplink port mode?(y/n)[n]:y
Step 10 Configure global parameters. In the example, all global parameters adopt the default settings. If the parameters need to be configured, refer to "30.15 Configuring the IGMP VLAN Parameters" and "30.14 Configuring IGMP Global Parameters." Step 11 Configure the program library.
huawei(config)#multicast-vlan 100 huawei(config-mvlan100)#igmp program add name program1 ip 224.1.1.1 sourceip 10.10.10.10 huawei(config-mvlan100)#igmp program add name program2 ip 224.1.1.2 sourceip 10.10.10.10 huawei(config-mvlan100)#igmp program add name program3 ip 224.1.1.3 sourceip 10.10.10.10
Step 12 Configure the authority profile. Add watch access for profile0 to program 1 and program 2.
huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program2 watch
Step 13 Configure multicast users. An auth-user must be bound with an authority profile, then the user gets the access configured in the profile. Non-auth-user has access to all programs.
huawei(config-btv)#igmp policy service-port 100 normal huawei(config-btv)#igmp policy service-port 101 normal
Issue 02 (2008-04-25)
30-7
huawei(config-btv)#igmp user add port 0/11/1 gemport 150 user-vlan 10 auth maxprogram 8 huawei(config-btv)#igmp user add port 0/11/1 gemport 151 user-vlan 11 no-auth maxprogram 8 huawei(config-btv)#igmp user bind-profile port 0/11/1 gemport 150 profile-name profile0 huawei(config-btv)#quit huawei(config)#multicast-vlan 100 huawei(config-mvlan100)#igmp multicast-vlan member port 0/11/1 gemport 150 huawei(config-mvlan100)#igmp multicast-vlan member port 0/11/1 gemport 151 huawei(config-mvlan100)#quit

huawei(config)#save
----End
Result
After the configuration:
l l
User 1 can watch program1 and program2, but cannot watch program3. User 2 can watch all programs.
30.3 Configuration Example of the IGMP Snooping Multicast Service

This topic provides an example for configuring the IGMP snooping multicast service.
Prerequisites
l l l
Networking
Figure 30-3 shows an example network for configuring the IGMP snooping multicast service.
30-8
Issue 02 (2008-04-25)
Figure 30-3 Example network for configuring the IGMP snooping multicast service
Multicast source
Router
A D L F
CON ETH ESC
GE 0/9/1
SCU Modem Modem
MA5600T
PC
PC
Data Plan
Table 30-2 provides the data plan for configuring the IGMP snooping multicast service. Table 30-2 Data plan for configuring the IGMP snooping multicast service Item Smart VLAN Upstream port Program library Data VLAN ID: 2 0/9/1 The multicast server provides three programs. program1: 224.1.1.1 program2: 224.1.1.2 program3: 224.1.1.3 Authority profile Profile0 In authority profile 0, the user is allowed to access program1 (224.1.1.1) and program2 (224.1.1.2) in the program library.
Issue 02 (2008-04-25)
30-9
Item User
Data Multicast user 1, with service port of 0/11/0, VPI/VCI of 0/35, and bound with authority profile 0. Multicast user 2, with service port of 0/11/1, VPI/VCI of 0/35, with no authentication.
IP address of the host
IP address: 10.0.0.254 The IP address of the host should be in the same subnet as that of the upper layer router.
Modem
VPI/VCI of the modem connected to the port: 0/35
Figure 30-4 shows the flowchart for configuring the IGMP snooping multicast service. Figure 30-4 Flowchart for configuring the IGMP snooping multicast service
Multicast service configuration Start Set the IGMP mode Configure IGMP upstream port Configure the global parameters (optional)
Configure the xDSL port
Create a Smart VLAN
Add the upstream port to the VLAN Set native VLAN for the port (optional)
Configure program library
Configure preview attributes (optional)
Configure the service port Configure authority profile VLAN configuration Configure multicast user
End
Procedure
Step 1 Configure the xDSL port.
30-10
Issue 02 (2008-04-25)
In this example, the default ADSL2+ line profile (line profile 1002) is used. Therefore, you do not have to configure a line profile. Step 2 Configure a VLAN. 1. 2. 3. Create a VLAN.
Add an upstream port to the VLAN.

Add service ports to the VLAN.

huawei(config)#service-port 100 vlan 2 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 txcttr 6 huawei(config)#service-port 101 vlan 2 adsl 0/11/1 vpi 0 vci 35 rx-cttr 6 txcttr 6
Step 3 Configure the multicast service. 1. 2. 3. Set the IGMP mode. Configure the IGMP upstream port. Configure the global parameters. In the example, all global parameters adopt the default settings. For details on the configuration, refer to "30.15 Configuring the IGMP VLAN Parameters" and "30.14 Configuring IGMP Global Parameters." 4. 5. Configure the program library. Configure the authority profile.
6.
Configure the multicast users.

huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#quit policy service-port 100 normal policy service-port 101 normal user add port 0/11/1 no-auth max-program 8 user add port 0/11/0 auth max-program 8 user bind-profile port 0/11/0 profile-name profile0

huawei(config)#save
----End
Result
l l
30.4 Configuration Example of the IGMP Snooping Multicast Service

This topic provides an example for realizing the IGMP snooping multicast service.
Prerequisites
l l l
The MA5600T supports the function of delivering the OMCI configuration. That is, the management and configuration data of the MA5600T is transmitted to the ONT through the OMCI channel. If the ONT does not support the OMCI function, you need to configure the ONT separately. Pay attention to the configuration of the ONT, and make sure that:
l l l
The user-side VLAN must be the same as that of the OLT. The GEM Port ID must be the same as that of the OLT. Alloc ID is 256(T-CONT ID) + (ONT ID) or can be displayed through the command display ont info on the OLT. The Alloc ID of a PON port must be unique.
Networking
Figure 30-5 shows an example network for configuring the IGMP snooping multicast service. Figure 30-5 Example network for configuring the IGMP snooping multicast service
Multicast source
Router G P B C
CON ETH ESC
GE 0/19/1
MA5600T Optical splitter
ONT1
ONT2
PC1
PC2
30-12
Issue 02 (2008-04-25)
Data Plan
Table 30-3 provides the data plan for configuring the IGMP snooping multicast service. Table 30-3 Data plan for configuring the IGMP snooping multicast service Item Smart VLAN Upstream port DBA profile Data VLAN ID: 100 0/9/1
l l l
Index: 6 (the default profile) Type: type 1 Fixed bandwidth: 100 Mbit/s Index: 6 (the default traffic profile); CIR: with no restriction Index: 5 (default profile); CIR: 2 Mbit/s ONT ID: 0 ONT authentication mode: serial number + authentication password (SN-auth)

Traffic profile
l l
ONT1
l l
l l
ONT port connected to PC: FE port 0, VLAN 10 ONT capability set profile: 2 (the default ONT profile) ONT ID: 1 ONT authentication mode: serial number + authentication password (SN-auth)

ONT2
l l
l l
ONT port connected to PC: FE port 0, VLAN 11 ONT capability set profile: 2 (the default ONT profile) Port: 0/11/1 GEM port ID: 150 (PC1), 151 (PC2) T-CONT ID: 1 User-side VLAN: 10 (PC1), 11 (PC2)
GEM port
l l l l
Program library
The multicast server provides three programs. The IP address of the program ranges from 224.1.1.1 to 224.1.1.3. The source IP address of the program is 10.10.10.10. Three programs use the default preview profile of the system. In authority profile 0, the user is allowed to access program1 (224.1.1.1) and program2 (224.1.1.2) in the program library.
Authority profile
Issue 02 (2008-04-25)
30-13
Item User
Data
l l
User 1 (PC1) is an auth user, and is bound with authority profile 0. User 2 (PC2) is a non-auth user.
Figure 30-6 shows the flowchart for configuring the IGMP snooping multicast service. Figure 30-6 Flowchart for configuring the IGMP snooping multicast service
Start
Select the IGMP mode
Create a VLAN
Configure the IGMP upstream port Configure the global parameters (optional) Configure the program library Configure the preview attributes (optional) Configure the authority profile
Add ONTs
BInd the T-CONT profile
Specify ONTs for VLANs
Configure GEM ports Configure multicast users Add service ports Save the data
End
Procedure

Step 3 Add an ONT: First add an ONT capability set profile complying with the actual capability of the HG810. Then add an ONT and bind it with the profile. The default ONT capability set profile 2 is bound.
huawei(config-if-gpon-0/2)#ont add 1 0 hwhw-10101010 password-auth huawei profileid 2 huawei(config-if-gpon-0/2)#ont add 1 1 hwhw-01010101 password-auth huawei profileid 2
Step 4 Bind the DBA profile.

huawei(config-if-gpon-0/2)#tcont bind-profile 1 0 1 profile-id 6 huawei(config-if-gpon-0/2)#tcont bind-profile 1 1 1 profile-id 6

huawei(config-if-gpon-0/2)#ont huawei(config-if-gpon-0/2)#ont huawei(config-if-gpon-0/2)#ont huawei(config-if-gpon-0/2)#ont port port port port vlan 1 0 fe native-vlan vlan 1 1 fe native-vlan 10 0 1 0 fe 0 vlan 10 11 0 1 1 fe 0 vlan 11
Step 6 Configure GEM ports. 1. Add GEM ports with attribute ETH and no encryption.
huawei(config-if-gpon-0/2)#gemport add 1 gemport-id 150 eth huawei(config-if-gpon-0/2)#gemport add 1 gemport-id 151 eth
2.
Bind the GEM port with the ONT T-CONT.

huawei(config-if-gpon-0/2)#ont gemport bind 1 0 150 1 priority-queue 0 huawei(config-if-gpon-0/2)#ont gemport bind 1 1 151 1 priority-queue 0
3.
Map GEM ports to service streams.

huawei(config-if-gpon-0/2)#ont gemport mapping 1 0 150 vlan 10 huawei(config-if-gpon-0/2)#ont gemport mapping 1 1 151 vlan 11
Step 7 Add service ports.

huawei(config-if-gpon-0/2)#quit huawei(config)#service-port vlan 100 gpon 0/2/1 gemport 150 multi-service user-vlan 10 rx-cttr 5 tx-cttr 6 huawei(config)#service-port vlan 100 gpon 0/2/1 gemport 151 multi-service user-vlan 11 rx-cttr 5 tx-cttr 6
Step 8 Select the IGMP mode.

huawei(config)#multicast-vlan 100 huawei(config-mvlan100)#igmp mode snooping Are you sure to change IGMP mode?(y/n)[n]:y
Step 9 Configure the IGMP upstream port.

Step 10 Configure the global parameters. In the example, all global parameters adopt the default settings. For details on the configuration, refer to "30.15 Configuring the IGMP VLAN Parameters" and "30.14 Configuring IGMP Global Parameters." Step 11 Configure the program library.
Step 12 Configure the authority profile. Add watch access for profile0 to program1 and program2.
Step 13 Configure multicast users. An auth-user must be bound with an authority profile, then the user gets the access configured in the profile. Non-auth-user has access to all programs.
huawei(config-btv)#igmp policy service-port 100 normal huawei(config-btv)#igmp policy service-port 101 normal huawei(config-btv)#igmp user add port 0/11/1 gemport 150 user-vlan 10 auth maxprogram 8 huawei(config-btv)#igmp user add port 0/11/1 gemport 151 user-vlan 11 no-auth maxprogram 8 huawei(config-btv)#igmp user bind-profile port 0/11/1 gemport 150 profile-name profile0 huawei(config-btv)#quit huawei(config)#multicast-vlan 100 huawei(config-mvlan100)#igmp multicast-vlan member port 0/11/1 gemport 150 huawei(config-mvlan100)#igmp multicast-vlan member port 0/11/1 gemport 151 huawei(config-mvlan100)#quit

huawei(config)#save
----End
Result
l l
User 1 (PC1) can watch program1 and program2, but cannot watch program3. User 2 (PC2) can watch all programs.
30.5 Configuration Example of the Multicast Service in Subtending Mode

This topic provides an example for configuring the multicast service in subtending mode.
Networking
Figure 30-7 shows an example network for configuring the subtended multicast service.
30-16
Issue 02 (2008-04-25)
Figure 30-7 Example network for configuring the subtended multicast service
Multicast source
Router
CON ETH ESC
GE 0/9/0 GE 0/9/1
SCU A D L F
MA5600T_ A
CON ETH ESC
GE 0/9/0
SCU Modem Modem
MA5600T_B
PC
PC
Data Plan
Table 30-4 provides the data plan for configuring the subtended multicast service. Table 30-4 Data plan for configuring the subtended multicast service Item MA5600T_A Data SCU board The SCU board provides an upstream port (0/9/0) to connect to the upper layer multicast router (with IP address of 10.0.0.254) and a subtending port (0/9/1) to connect to MA5600T_B. VLAN Add port 0 on the SCU board to VLAN 100 as the upstream port of this VLAN. Add port 1 on the SCU board to VLAN 100 as the subtending port.
Item
Data The multicast server provides three programs. The source IP address of the program is 10.10.10.10. Three programs use the default preview profile of the system. program1: 224.1.1.1 program2: 224.1.1.2 program3: 224.1.1.3 The IP address of the port of the upper layer router that is interconnected with the MA5600T is 10.0.0.254.
MA5600T_B
VLAN Add port 0 on the SCU board to VLAN 100 as the upstream port of this VLAN. The multicast server provides three programs. The source IP address of the program is 10.10.10.10. Three programs use the default preview profile of the system. program1: 224.1.1.1 program2: 224.1.1.2 program3: 224.1.1.3 Authority profile Set profile 0 as the authority profile. Based on this profile, users can watch program1 (224.1.1.1) and program2 (224.1.1.2) in the program library. Modem The VPI/VCI of the modem connected to the ADSL port is 0/35. Multicast user
l
Multicast user 1: The service port is 0/11/0, the VPI/VCI is 0/35, and the bound authority profile is profile0. Multicast user 2: The service port is 0/11/1, the VPI/VCI is 0/35, and no authentication is required.
Figure 30-8 and Figure 30-9 show the flowchart for configuring the multicast service in subtending mode.
30-18
Issue 02 (2008-04-25)
Figure 30-8 Flowchart for configuring the multicast service in subtending mode (MA5600T_A)
Multicast service configuration
Set the IGMP mode

Configure the IGMP upstream port
Start
Create a Smart VLAN
Configure the global parameters (optional)

Set the native VLAN for the port (optional)
Configure the program library Configure the multicast subtending port
VLAN configuration
End
Figure 30-9 Flowchart for configuring the multicast service in subtending mode (MA5600T_B)
Multicast service configuration Start Set the IGMP mode
Configure the IGMP upstream port Configure the global parameters (optional) Configure the program library Configure the preview attriobutes (optional) Configure the authority profile Configure the multicast users
Create a VLAN Add an upstream port to the VLAN Configure the native VLAN of the port (optional) Add service ports to the VLAN VLAN configuration
End
Issue 02 (2008-04-25)
30-19
Procedure
l Procedure for configuring MA5600T_A 1. Configure a VLAN.

Create a VLAN.
Add upstream ports to the VLAN.

2.
Configure the multicast service.
Set the IGMP mode.

Configure the IGMP upstream port.

Configure the program library.

Configure the multicast subtending port.

huawei(config-mvlan100)#quit huawei(config)#btv huawei(config-btv)#igmp cascade-port 0/9/1 static enable
3.
Save the data.

huawei(config-btv)#quit huawei(config)#save
Procedure for configuring MA5600T_B 1. Configure the xDSL port. In this example, the ADSL2+ port is bound with the default line profile (profile 1002). No configuration is needed. 2. Configure a VLAN.

Create a VLAN.
Add an upstream port to the VLAN.

Set the native VLAN of the port.

Add service ports to the VLAN.

huawei(config)#service-port vlan 100 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6 huawei(config)#service-port vlan 100 adsl 0/11/1 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
3.
Set the IGMP mode.

30-20


Configure the authority profile.

Configure the multicast user.

huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp profile0 policy service-port 100 normal policy service-port 101 normal user add port 0/11/1 no-auth user add port 0/11/0 auth user bind-profile port 0/11/0 profile-name
4.
Save the data.

----End
Result
l l
30.6 Configuring the Multicast Service in MSTP Networking

This topic describes how to configure the multicast service in networking.
Prerequisite
l l l
The network devices and lines must be in the normal state. There exists a multicast source in the network and its IP address is known. The related service boards must be in the normal state.
Networking
Figure 30-10 shows the example network of the multicast service in MSTP networking.
Three MA5600T devices (MA5600T_A, MA5600T_B and MA5600T_C) form an ring network. All services are transmitted upstream to the IP network through MA5600T_A. MA5600T_C subtends MA5600T_D through the GE port. Figure 30-10 Example network of the multicast service in MSTP networking
Multicast source
Router
2 3 A D L F A D L F
9
CON ETH ESC
0 1 2 3
SCU
MA5600T_A
2 3 A D L F A D L F
9
CON ETH ESC
2 A D L F
0 1 2 3
0 1 2 3
MA5600T_B
SCU
MA5600T_C
2 A D L F
SCU
9
CON ETH ESC
0 1 2 3
SCU
ADSL2+ modem PC1 ADSL2+ modem
MA5600T_D
PC2
Data Plan
Table 30-5 provides the data plan for the example network of the multicast service in MSTP networking.
30-22
Issue 02 (2008-04-25)
Table 30-5 Data plan for the example network of the multicast service in MSTP networking Item MA5600T_ A Data The SCU board:
l
Provides upstream port 0/9/0 to interconnect with the upper layer multicast router (10.0.0.254). Provides subtending port 0/9/1 to connect to the MA5600T_B. Provides subtending port 0/9/2 to connect to the MA5600T_C.
l l
VLAN: Add ports 0/9/0, 0/9/1 and 0/9/2 on the SCU board to VLAN 100, which are used as the upstream port of the VLAN. The native VLAN of the port is set to VLAN 100. The multicast server provides three programs. program1: 224.1.1.1 program2: 224.1.1.2 program3: 224.1.1.3 MA5600T_ B The SCU board:
l l
Provides the port 0/9/0 to connect to the MA5600T_A. Provides the subtending port 0/9/1 to connect to the MA5600T_C.
VLAN:
l
Add the ports 0/9/0 and 0/9/1 on the SCU board to VLAN 100, which are used as the upstream port of the VLAN. The native VLAN of the port is set to 100.
The multicast server provides three programs. program1: 224.1.1.1 program2: 224.1.1.2 program3: 224.1.1.3 MA5600T_ C The SCU board:
l l l
Provides the upstream port 0/9/0 to connect to the MA5600T_A. Provides the subtending port 0/9/1 to connect to the MA5600T_B. Provides the subtending port 0/9/2 to connect to the MA5600T_D.
VLAN:
l
Add the ports 0/9/0, 0/9/1 and 0/9/2 on the SCU board to VLAN 100, which are used as the upstream port of the VLAN. The native VLAN of the port is set to 100.
The multicast server provides three programs. program1: 224.1.1.1 program2: 224.1.1.2 program3: 224.1.1.3
Item MA5600T_ D
Data VLAN: Add the port 0/9/0 on the SCU board to VLAN 100, which is used as the upstream port of the VLAN. The multicast server provides three programs. program1: 224.1.1.1 program2: 224.1.1.2 program3: 224.1.1.3 Authority profile: Users bound with authority profile profile0 can watch program1 and program2, and preview program3. Modem: The VPI/VCI of the modem connected to the port is 0/35. Multicast user:
l
Multicast user 1: The service port is 0/11/0, VPI/VCI is 0/35, and authority profile profile0 is bound. Multicast user 2: The service port is 0/11/1, VPI/VCI is 0/35, without authentication.
Figure 30-11 and Figure 30-12 show the flowchart for configuring the multicast service in networking mode. Figure 30-11 Flowchart for configuring the multicast service in MSTP networking on MA5600T_A, MA5600T_B and MA5600T_C
Multicast service configuration Start
Set IGMP mode
Enable the MSTP function
Configure the IGMP upstream port Configure IGMP global parameters (optional)
Create the VLAN
Configure the program library Configure the IGMP subtending port
Set native VLAN for the port
VLAN configuration
End
30-24
Issue 02 (2008-04-25)
Figure 30-12 Flowchart for configuring the multicast service in MSTP networking on MA5600T_D
Multicast service configuration Start Set IGMP Proxy mode
Enable the MSTP function
Configure IGMP upstream port Configure IGMP global parameters (optional)
Create the VLAN
Configure program library

Configure preview attributes (optional) Configure authority profile

Set native VLAN for the port
Configure the virtual port VLAN configuration
Configure multicast user
End
Procedure
l Configuration of MA5600T_A. 1. Configure the VLAN.

Create a VLAN.
Add an upstream port.

huawei(config)#port vlan 100 0/90-2
Set the native VLAN of the upstream port.

huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 vlan 100 huawei(config-if-scu-0/9)#native-vlan 1 vlan 100 huawei(config-if-scu-0/9)#native-vlan 2 vlan 100
2.

Set the IGMP mode. Configure the IGMP upstream port.

huawei(config-mvlan100)#igmp default uplink-port 0/9/0 huawei(config-mvlan100)#quit huawei(config)#btv huawei(config-btv)#igmp uplink-port-mode mstp Are you sure to change the uplink port mode?(y/n)[n]:y

huawei(config)#multicast-vlan 100 huawei(config-mvlan100)#igmp program add name program1 ip 224.1.1.1 sourceip 10.10.10.10 huawei(config-mvlan100)#igmp program add name program2 ip 224.1.1.2
Issue 02 (2008-04-25)
30-25

sourceip 10.10.10.10 huawei(config-mvlan100)#igmp program add name program3 ip 224.1.1.3 sourceip 10.10.10.10

huawei(config-mvlan100)#quit huawei(config)#btv huawei(config-btv)#igmp cascade-port 0/9/1 static enable huawei(config-btv)#igmp cascade-port 0/9/2 static enable
3.
Save the data.

Configuration of MA5600T_B. 1. Configure the VLAN.

Create a VLAN.


huawei(config)#interface scu 0/9 huawei(config-if-scu-0/9)#native-vlan 0 vlan 100 huawei(config-if-scu-0/9)#native-vlan 1 vlan 100
2.
Set the IGMP mode.


huawei(config-mvlan100)#igmp uplink-port 0/9/0 huawei(config-mvlan100)#quit huawei(config)#btv huawei(config-btv)#igmp uplink-port-mode mstp Are you sure to change the uplink port mode?(y/n)[n]:y


huawei(config-mvlan100)#quit huawei(config)#btv huawei(config-btv)#igmp cascade-port 0/9/1 quickleave enable
3.
Save the data.

Configuration of MA5600T_C. 1. Configure the VLAN.

Create a VLAN.


30-26
Issue 02 (2008-04-25)
huawei(config-if-scu-0/9)#native-vlan 1 vlan 100 huawei(config-if-scu-0/9)#native-vlan 2 vlan 100
2.
Set the IGMP mode.


huawei(config-mvlan100)#igmp uplink-port 0/9/0 huawei(config-mvlan100)#quit huawei(config)#btv huawei(config-btv)#igmp uplink-port-mode mstp Are you sure to change the uplink port mode?(y/n)[n]:y

huawei(config-mvlan100)#quit huawei(config)#btv huawei(config-btv)#igmp cascade-port 0/9/1 quickleave enable huawei(config-btv)#igmp cascade-port 0/9/2 quickleave enable

huawei(config-btv)#quit huawei(config)#multicast-vlan 100 huawei(config-mvlan100)#igmp program add name program1 ip 224.1.1.1 sourceip 10.10.10.10 huawei(config-mvlan100)#igmp program add name program2 ip 224.1.1.2 sourceip 10.10.10.10 huawei(config-mvlan100)#igmp program add name program3 ip 224.1.1.3 sourceip 10.10.10.10
3.
Save the data.

Configuration of MA5600T_D. 1. Configure the xDSL port. In this example, the ADSL2+ port uses the system default line profile (profile 1002). 2. Configure the VLAN.

Create a VLAN.


Add a service port.

huawei(config)#service-port 100 vlan 100 adsl 0/11/0 vpi 0 vci 35 rxcttr 6 tx-cttr 6 huawei(config)#service-port 101 vlan 100 adsl 0/11/1 vpi 0 vci 35 rxcttr 6 tx-cttr 6
3.
Set the IGMP mode.


huawei(config-mvlan100)#igmp uplink-port 0/9/0 huawei(config-mvlan100)#quit huawei(config)#btv
Issue 02 (2008-04-25)
30-27

huawei(config-btv)#igmp uplink-port-mode mstp Are you sure to change the uplink port mode?(y/n)[n]:y


huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program2 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program3 preview

huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp huawei(config-btv)#igmp profile0 policy service-port 100 normal policy service-port 101 normal user add port 0/11/1 no-auth user add port 0/11/0 auth user bind-profile port 0/11/0 profile-name
4.
Save the data.

----End
Result
l l
User 1 can watch program1 and program2, and can preview program3. User 2 can watch all programs.
30.7 Configuration Example of the Multicast Service Through the PIM-SSM Protocol
This topic provides an example for realizing the multicast service through the Protocol Independent Multicast Source Specific Multicast (PIM-SSM) protocol.
Prerequisite
l l l l
The network devices and lines must be in the normal state. The multicast source must be available in the network and its IP address must be known. The related service boards must be in the normal state. The IP address and the unicast routing protocol of the routing interface must be configured. In this way, the L3 intercommunication between the MA5600T and the upper layer router must be realized, and the dynamic routes are updated based on the unicast routing protocols.
30-28
Issue 02 (2008-04-25)
Networking
The MA5600T communicates with the multicast terminals through the IGMP protocol. At the same time, the MA5600T communicates with the devices on the network side through the PIMSSM protocol. The PIM-SSM protocol allows the MA5600T to provide the multicast service in an L3 network. Figure 30-13 shows an example network for configuring the multicast service through the PIMSSM protocol. Figure 30-13 Example network for configuring the multicast service through the PIM-SSM protocol
Multicast source Internet
PIM-SSM-supported router
PIM-SSM interaction G P B C IGMP interaction MA5600T Optical splitter

CON ETH ESC
GE 0/19/0
ONT PC
Data Plan
Table 30-6 provides the data plan for configuring the multicast service through the PIM-SSM protocol.
Issue 02 (2008-04-25)
30-29
Table 30-6 Data plan for configuring the multicast service through the PIM-SSM protocol Item Multicast VLAN Data
l l l
VLAN ID: 600 IP address of VLAN interface 600: 10.10.10.2 Protocol running on VLAN interface 600: IGMP VLAN: 700 IP address of VLAN interface 700: 10.10.20.1 Protocol running on VLAN interface 700: PIM-SSM
PIM-SSM
l l l
Upstream port Program library
0/19/0
l l l
Program name: program1 IP address of the program: 224.1.1.1 Source IP address of the program: 192.1.1.2
Authority profile User
profile0: It allows the users to watch program1 in the program library

l l l
Service port: 0/11/0 VPI/VCI: 0/35 Authority profile: profile0
IP address of the host Modem
10.0.0.254: It should be in the same subnet as the IP address of the upper layer router. VPI/VCI of modem connected to the port: 0/35
Figure 30-14 shows the flowchart for configuring the multicast service through the PIM-SSM protocol.
30-30
Issue 02 (2008-04-25)
Figure 30-14 Flowchart for configuring the multicast service through the PIM-SSM protocol
Start Configure the multicast mode of the upstream port as PIM-SSM Create a VLAN PIM-SSM configuration Enable the multicast routing function Configure the multicast VLAN L3 interface and turn it into up state Enable the IGMP protocol on the L3 interface of the multicast VLAN Configure the L3 interface and enable the PIM-SSM protocol (Optional) Configure the PIM-SSM parameters
Add the service port to the VLAN
Configure the IGMP proxy mode

(Optional) Configure IGMP global parameters and multicast VLAN parameters
Configure the program library
Save the data
Configure the authority profile End Configure the multicast user IGMP configuration
Procedure
Step 1 Configure the multicast mode of the upstream port as PIM-SSM.
huawei(config)#multicast upstream-mode pim-ssm

Step 3 Add a service port to the VLAN.

huawei(config)#service-port vlan 600 adsl 0/2/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
Step 4 Configure the IGMP protocol. 1. Configure the IGMP proxy mode.
huawei(config)#multicast-vlan 600 huawei(config-mvlan600)#igmp mode proxy Are you sure to change IGMP mode?(y/n) [n]:y
2.
(Optional) Configure the IGMP global parameters and the multicast VLAN parameters. In this example, the default values of the IGMP global parameters and multicast VLAN parameters are used. To configure these parameters, see "30.14 Configuring IGMP Global Parameters" and "30.15 Configuring the IGMP VLAN Parameters."
3.
Issue 02 (2008-04-25)

huawei(config-mvlan600)#igmp program add name program1 ip 224.1.1.1 sourceip 192.1.1.2 hostip 10.0.0.254
4.

huawei(config-mvlan600)#quit huawei(config)#btv huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch
5.

l
Create a multicast user: A multicast user can be created, provided that the related service port exists. In this example, the service port created in step 3 is used.
huawei(config-btv)#igmp user add port 0/11/0 adsl 0 35 auth
l l
Bind the multicast user with the authority profile.

huawei(config-btv)#igmp user bind-profile port 0/11/0 profile-name profile0
Add the multicast user to the multicast VLAN.

huawei(config)#multicast-vlan 600 huawei(config-mvlan600)#igmp multicast-vlan member port 0/11/0 huawei(config-mvlan600)#quit
Step 5 Configure the PIM-SSM protocol. 1. 2. Enable the multicast routing function.
huawei(config)#multicast routing-enable
Configure the multicast VLAN L3 interface and turn it into up state.

l l
Add the upstream port to the multicast VLAN.

huawei(config-btv)#port vlan 600 0/19 0
Create the L3 interface of the multicast VLAN and configure the interface IP. Make sure that the IP address of the interface is not limited so that the L3 interface can be up.
3. 4.
Enable the IGMP protocol on the L3 interface of the multicast VLAN.

huawei(config-if-vlanif600)#igmp enable
Configure the L3 interface and enable the PIM-SSM protocol on the interface.
l l l
Create a VLAN.
Add the upstream port to the VLAN.

Create the L3 interface and configure its IP address.

Enable the PIM-SSM protocol on the interface.

huawei(config-if-vlanif700)#pim sm
5.
(Optional) Configure the PIM-SSM parameters. In this example, the default values of the PIM-SSM parameters are used. To configure the parameters, see "30.16 Configuring the PIM-SSM Protocol Parameters."

huawei(config)#save
----End
Result
The users can watch program1.
30.8 Setting the IGMP Mode

This topic describes how to set the IGMP mode, including IGMP proxy and IGMP snooping.
l
The configuration in IGMP snooping is the same as that in IGMP proxy. The difference only lies in the internal protocol processing. In IGMP snooping mode, the host function, prejoin function, unsolicited report function and static program adding function are not available.
Procedure
Step 1 Run the multicast-vlan command to enter MVLAN mode. Step 2 Run the igmp mode command to set the IGMP mode. Step 3 Run the display igmp config vlan command to query the current multicast mode. ----End
Example
To set the IGMP proxy mode, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-mvlan10)#display igmp config vlan 10 -------------------------------------------------------------------IGMP mode : proxy IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : disable Leave proxy switch : disable Unsolicited report interval(s) : 10 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : --------------------------------------------------------------------
30.9 Configuring the IGMP Upstream Port

This topic describes how to add an IGMP upstream port and set its working mode and assigned bandwidth rate.
The working modes of the IGMP upstream port include default mode, MSTP mode and protect mode. By default, the IGMP upstream port works in default mode.
Issue 02 (2008-04-25)
30-33

l
Default mode: The IGMP packet are sent through the specified VLAN in the upstream direction, and the selection of the upstream port for the received multicast stream depends on the upper layer device. MSTP mode: The IGMP upstream port is the root port used by MSTP or the default upstream port. Protect mode: The IGMP upstream port is the activated upstream port in a protection group.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp uplink-port command to configure the IGMP upstream port. Step 3 Run the quit command to exit multicast VLAN mode. Step 4 Run the btv command to enter BTV mode. Step 5 Run the igmp uplink-port-mode command to set the working mode of the upstream port. Step 6 Run the display igmp uplink-port command to query the configuration of the IGMP upstream port. ----End
Example
To set port 0/9/0 as the IGMP upstream port and to set it to work in MSTP mode, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp uplink-port 0/9/0 huawei(config-mvlan10)#quit huawei(config)#btv huawei(config-btv)#igmp uplink-port-mode mstp Are you sure to change the uplink port mode?(y/n)[n]:y huawei(config-btv)#display igmp uplink-port all --------------------------------------------Port | Vlan | IGMP | V2 Router Present | | version | Timer (s) --------------------------------------------0/9/0 2 IGMP V3 0 0/9/1 2 IGMP V3 0 --------------------------------------------Total: 2
Related Operation
Table 30-7 lists the related operation for configuring the IGMP upstream port. Table 30-7 Related operation for configuring the IGMP upstream port To... Delete an IGMP upstream port Run the Command... undo igmp uplink-port
30-34
Issue 02 (2008-04-25)
30.10 Setting the Multicast Mode of an Upstream Port

This topic describes how to set the mode for an upstream port to interact with the upstream devices. The modes can be IGMP or PIM-SSM.
Context
CAUTION
When the multicast mode of an upstream port is switched from IGMP to PIM-SSM, the IGMP global parameters of the port are restored to the default value, but the subtending port and IGMP user configurations remain the same.
l
By default, the IGMP mode is adopted. In this way, the MA5600T interacts with the upstream devices in the IGMP mode for the multicast service. The multicast mode of an upstream port can be switched from PIM-SSM to IGMP only when the PIM-SSM function is not enabled on any VLAN interface in the MA5600T. For how to disable the PIM-SSM function, refer to the related operation described in the last part of this topic.
The multicast mode of an upstream port can be switched only when all the multicast VLANs are deleted. For how to delete a multicast VLAN, refer to the related operation described in the last part of this topic.
Procedure
Step 1 Run the multicast upstream-mode command to set the multicast mode of an upstream port. Step 2 Run the display multicast upstream-mode command to query the multicast mode of the upstream port. ----End
Example
To set the multicast mode of the upstream port as PIM-SSM, do as follows:
huawei(config)#multicast upstream-mode pim-ssm huawei(config)#display multicast upstream-mode The current interactive mode of the upstream route is: PIM-SSM
Related Operations
Table 30-8 lists the related operations for setting the multicast mode of the upstream port. Table 30-8 Related operations for setting the multicast mode of the upstream port To... Disable the PIM-SSM function
Issue 02 (2008-04-25)
Run the Command... undo pim sm

30-35
To... Delete a multicast VLAN
Run the Command... undo multicast-vlan
30.11 Enabling the Multicast Routing Function

This topic describes how to enable the multicast routing function.
Context
To configure the PIM-SSM function on an MA5600T, you must set the multicast mode of the upstream port as PIM-SSM, enable the multicast routing function, and then enable the PIMSSM function on the VLAN L3 interface. For the detailed configuration procedures, see "30.7 Configuration Example of the Multicast Service Through the PIM-SSM Protocol."
Procedure
Run the multicast routing-enable command to enable the multicast routing function. ----End
Example
To enable the multicast routing function, do as follows:
huawei(config)#multicast routing-enable
Related Operations
Table 30-9 lists the related operations for enabling the multicast routing function. Table 30-9 Related operations for enabling the multicast routing function To... Disable the multicast routing function Enable the PIM-SSM function Set the multicast mode of the upstream port Run the Command... undo multicast routing-enable pim sm multicast upstream-mode
30.12 Specifying a Subtending Port

This topic describes how to specify a subtending port. To subtend the MA5600T to a slave shelf with multicast service users, you need to define the port connecting to the slave shelf as a subtending port.
l l
An upstream port cannot be specified as a subtending port. If a subtending port is configured with the static attribute, the MA5600T does not process any leave packet because the programs added to the port are not subject to aging. If a subtending port is configured with the quick leave attribute, when receiving leave packets, the MA5600T cuts off the video stream, instead of sending specific group queries. The priority of the static attribute is higher than that of the quick leave attribute. That is, when a subtending port is configured with both the static attribute and the quick leave attribute, the latter is invalid.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp cascade-port command to configure a static subtending port. Step 3 Run display igmp cascade-port command to query the IGMP subtending port. ----End
Example
To specify a subtending port of port 0/9/1, do as follows:
huawei(config)#btv huawei(config-btv)#igmp cascade-port 0/9/1 static enable huawei(config-btv)#display igmp cascade-port 0/9/1 ------------------------------------------Port : 0/9/1 Active program : 0 Static join : enable Quick leave : disable Mismatch process : transparent -------------------------------------------------
Related Operations
Table 30-10 lists the related operations for specifying a subtending port. Table 30-10 Related operations for configuring a subtending port To... Delete an IGMP subtending port Modify the attributes of an IGMP subtending port Run the Command... undo igmp cascade-port igmp cascade-port modify
30.13 Configuring a Program for a Static Subtending Port

This topic describes how to add a program for a static subtending port.
l
Programs can be added or deleted for a subtending port through the command line, provided that the subtending port is configured with static attributes. The subtending port has been added to the multicast VLAN. Programs can be added for a subtending port only when the IGMP mode of the multicast VLAN is IGMP proxy.
l l
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp static-join cascade-port command to configure a program for a static subtending port. Step 3 Run the display igmp static-join cascade-port command to display the settings of the IGMP subtending port, as well as the forwarded program list of the port. ----End
Example
To add program 224.1.1.1 to static subtending port 0/9/1, do as follows:
huawei(config)#btv huawei(config-btv)#igmp static-join cascade-port 0/9/1 ip 224.1.1.1 vlan 10 huawei(config-btv)#display igmp static-join cascade-port ------------------------------Port VLAN IP --------------------------------0/9/1 10 224.1.1.1 --------------------------------Total: 1
Related Operation
Table 30-11 lists the related operation for configuring a program for a static subtending port. Table 30-11 Related operation for configuring a program for a static subtending port To... Delete a program from the static subtending port Run the Command... undo igmp static-join cascade-port
30.14 Configuring IGMP Global Parameters

This topic describes how to configure the IGMP global parameters. 30.14.1 Enabling the IGMP Proxy Authorization This topic describes how to enable the IGMP proxy authorization. 30.14.2 Setting the Robustness Variable This topic describes how to set the robustness variable. 30.14.3 Setting the General Query Interval
This topic describes how to set the interval of the general query issued by the querier. 30.14.4 Setting the Maximum Response Time to the General Query This topic describes how to set the maximum response time to the general query. 30.14.5 Setting the Number of Specific Queries This topic describes how to set the number of specific queries. 30.14.6 Setting the Group-Specific Query Interval This topic describes how to set the group-specific query interval. 30.14.7 Setting the Maximum Response Time to the Group-Specific Query This topic describes how to set the maximum response time to a group-specific query. After the system issues a group-specific query, the user must respond to the query within the maximum response time. 30.14.8 Setting the TTL for a V2 Router This topic describes how to set the time to live (TTL) for a V2 router. After receiving the query packet of the V2 version from the upper layer router, the MA5600T enables an aging timer of V2 router to the upstream port. Before the timer expires, the upstream port sends the V2 report to the upstream. 30.14.9 Setting the Preview Recognition Time This topic describes how to set the preview recognition time. When the preview recognition time is set, any preview that is not exceeding this duration is not considered as valid, and is not saved. The invalid preview is not journalized. 30.14.10 Enabling the User Action Report Function This topic describes how to enable the user action report function. 30.14.11 Set the Permitted Encapsulation Mode of IGMP Packets This topic describes how to set the permitted encapsulation mode of IGMP packets. 30.14.12 Enabling the IGMP Echo Function This topic describes how to enable the IGMP echo function.
30.14.1 Enabling the IGMP Proxy Authorization

This topic describes how to enable the IGMP proxy authorization.
By default, the IGMP proxy authorization is enabled. To enable authentication of the "auth" users, you need to enable the IGMP proxy authorization first.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp proxy authorization enable command to enable the IGMP proxy authorization. Step 3 Run the display igmp config global command to check whether the IGMP proxy authorization is enabled. ----End
Example
To enable the IGMP proxy authentication, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy authorization enable huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-12 lists the related operation for enabling the IGMP proxy authorization. Table 30-12 Related operation for enabling the IGMP proxy authorization To... Disable the IGMP proxy authentication Run the Command... igmp proxy authorization disable
30.14.2 Setting the Robustness Variable

This topic describes how to set the robustness variable.
l
The robustness variable defines the reliability of a system. It determines the aging time of a member and the packet retransmit count. If a subnet is unstable, and prone to packet loss, you need to enhance the robustness. By default, the variable is 2.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router robustness command to set the robustness variable of the system. Step 3 Run the display igmp config global command to query the robustness variable. ----End
Example
To set the robustness variable of the system to 5, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy router robustness 5 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 5 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-13 lists the related operation for setting the robustness variable. Table 30-13 Related operation for setting the robustness variable To Restore the default robustness variable Run the Command undo igmp proxy router robustness
30.14.3 Setting the General Query Interval

This topic describes how to set the interval of the general query issued by the querier.
By default, the general query interval is 125s.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp proxy router gen-query-interval command to set the interval of the general query issued by the querier. Step 3 Run the display igmp config global command to display the interval of the general query issued by the querier. ----End
Example
To set the query interval to 200s, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy router gen-query-interval 200 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 200 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-14 lists the related operation for setting the general query interval. Table 30-14 Related operation for setting the general query interval To Restore the default general query interval Run the Command undo igmp proxy router gen-query-interval
30.14.4 Setting the Maximum Response Time to the General Query

This topic describes how to set the maximum response time to the general query.
l
The maximum response time determines the time taken by a multicast user in responding to a query packet. By increasing the maximum response time, you can reduce the burst of response packet traffic. By default, the maximum response time is 100 in the unit of 0.1s, that is, 10s. The maximum response time to the general query must be smaller than the general query interval. You can set the maximum response time to the group-specific query of the IGMP V2 and V3 versions respectively.
l l
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp proxy router gen-response-time command to set the maximum response time to the general query. Step 3 Run the display igmp config global command to display the maximum response time to the general query. ----End
Example
To set the maximum response time to 20s, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy router gen-response-time v3 200 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 200 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 200 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-15 lists the related operation for setting the maximum response time to the general query.
Table 30-15 Related operation for setting the maximum response time to the general query To Restore the default maximum response time for the general query Run the Command undo igmp proxy router gen-response-time
30.14.5 Setting the Number of Specific Queries

This topic describes how to set the number of specific queries.
After receiving a leave packet from a user, the MA5600T sends a query packet to the user, as long as the attribute of such a leave packet is not "fast leave". With the set query number, the MA5600T considers that the user has left if no response is received after it has queried the user according to the set group-specific query count and has waited for a period equal to the maximum response time. By default, the set group-specific query count is 2.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp proxy router sp-query-number command to set the number of specific queries. Step 3 Run the display igmp config global command to display the number of specific queries. ----End
Example
To set the group-specific query count to 5, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy router sp-query-number 5 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 200 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 200 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 5 Specific query number : 5 V2 router present timeout(s) : 500 User action report switch : enable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 1 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200
30-44
Issue 02 (2008-04-25)
IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-16 lists the related operation for setting the number of specific queries. Table 30-16 Related operation for setting the number of specific queries To Restore the default number of specific queries Run the Command undo igmp proxy router sp-query-number
30.14.6 Setting the Group-Specific Query Interval

This topic describes how to set the group-specific query interval.
By default, the group-specific query interval is 10 in the unit of 0.1s, that is, 1s.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp proxy router sp-query-interval command to set the group-specific query interval. Step 3 Run the display igmp config global command to display the group-specific query interval. ----End
Example
To set the group-specific query interval to 2s, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy router sp-query-interval 20 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 20 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 05:00:00
Issue 02 (2008-04-25)
30-45
Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-17 lists the related operation for setting the group-specific query interval. Table 30-17 Related operation for setting the group-specific query interval To Restore the default group-specific query interval Run the Command undo igmp proxy router sp-query-interval
30.14.7 Setting the Maximum Response Time to the Group-Specific Query

This topic describes how to set the maximum response time to a group-specific query. After the system issues a group-specific query, the user must respond to the query within the maximum response time.
l
By default, the maximum response time to a group-specific query is 8 in the unit of 0.1s, that is, 0.8s. The maximum response time to a group-specific query must be smaller than the groupspecific query interval. You can set the maximum response time to the group-specific query of the IGMP V2 and V3 versions respectively.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp proxy router sp-response-time command to set the maximum response time to a group-specific query. Step 3 Run the display igmp config global command to display the maximum response time to a groupspecific query. ----End
Example
To set the maximum response time for a group-specific query to 5 (0.5s), do as follows:
huawei(config)#btv
30-46
Issue 02 (2008-04-25)
huawei(config-btv)#igmp proxy router sp-response-time V3 5 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 5 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 05:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-18 lists the related operation for setting the maximum response time for the groupspecific query. Table 30-18 Related operation for setting the maximum response time for the group-specific query To Restore the default maximum response time for the group-specific query Run the Command undo igmp proxy router sp-response-time
30.14.8 Setting the TTL for a V2 Router

This topic describes how to set the time to live (TTL) for a V2 router. After receiving the query packet of the V2 version from the upper layer router, the MA5600T enables an aging timer of V2 router to the upstream port. Before the timer expires, the upstream port sends the V2 report to the upstream.
l
The TTL for a V2 router refers to the period between the time of receiving a V2 query and sending an IGMP V2 report by the router. By default, the TTL for a V2 router is 400s.
Procedure
Step 1 Run the btv command to enter BTV mode.
Step 2 Run the igmp proxy router timeout command to set the TTL for a V2 router. Step 3 Run the display igmp config global command to query the TTL for the V2 router. ----End
Example
To set the TTL of the V2 router to 200s, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy router timeout v2 200 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 200 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 05:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operations
Table 30-19 lists the related operations for setting the TTL for a V2 router. Table 30-19 Related operations for setting the TTL for a V2 router To Restore the default TTL for a V2 router Run the Command undo igmp proxy router timeout
30.14.9 Setting the Preview Recognition Time

This topic describes how to set the preview recognition time. When the preview recognition time is set, any preview that is not exceeding this duration is not considered as valid, and is not saved. The invalid preview is not journalized.
By default, the recognition time is 30s.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp proxy recognition-time command to preview recognition time. Step 3 Run the display igmp config global command to display the preview recognition time. ----End
Example
To set the preview recognition time to 20s, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy recognition-time 20 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 200 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 200 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 5 Specific query number : 5 V2 router present timeout(s) : 500 User action report switch : enable Preview switch : enable Recognition time(s) : 20 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 1 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-20 lists the related operation for setting the preview recognition time. Table 30-20 Related operation for setting the preview recognition time To Restore the default preview recognition time Run the Command undo igmp proxy recognition-time
30.14.10 Enabling the User Action Report Function

This topic describes how to enable the user action report function.
By default, the action report function for the BTV user is disabled.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp user-action-report enable command to set the user action report function. Step 3 Run the display igmp config global command to display the status of the user action report function. ----End
Example
To enable the BTV user action report function, do as follows:
huawei(config)#btv huawei(config-btv)#igmp user-action-report enable huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 200 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 200 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 5 Specific query number : 5 V2 router present timeout(s) : 500 User action report switch : enable Preview switch : enable Recognition time(s) : 20 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 1 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-21 lists the related operation for enabling the user action report function. Table 30-21 Related operation for enabling the user action report function To Disable the user action report function Run the Command igmp user-action-report disable
30-50
Issue 02 (2008-04-25)
30.14.11 Set the Permitted Encapsulation Mode of IGMP Packets

This topic describes how to set the permitted encapsulation mode of IGMP packets.
l
By default, the default encapsulation mode of IGMP packets is all, that is, the permitted encapsulation modes of user-side packets are: PPPoE, IPoA and IPoE. When the permitted encapsulation mode of IGMP packets is PPP, the permitted encapsulation mode of user-side packets is PPPoE. When the permitted encapsulation mode of IGMP packets is IP, the permitted encapsulation mode of user-side packets is IPoA and IPoE.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp encapsulation command to set the permitted encapsulation mode of IGMP packets. Step 3 Run the display igmp config global command to query the permitted encapsulation mode of IGMP packets. ----End
Example
To set the permitted encapsulation mode of IGMP packets as ppp, do as follows:
huawei(config)#btv huawei(config-btv)#igmp encapsulation ppp huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 05:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : ppp IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
30.14.12 Enabling the IGMP Echo Function

This topic describes how to enable the IGMP echo function.
l l
By default, the IGMP echo function is disabled. The IGMP echo function takes effect only in snooping mode.
When the IGMP echo is enabled, the system sends IGMP over PPP message and IGMP over IP message to the upper layer device. When the IGMP echo is disabled, the system sends only IGMP over PPP message to the upper layer device.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp echo command to enable the IGMP echo function. Step 3 Run the display igmp config global command to query the state of the IGMP echo function. ----End
Example
To enable the IGMP echo function, do as follows:
huawei(config)#btv huawei(config-btv)#igmp echo enable huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 05:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : enable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
30.15 Configuring the IGMP VLAN Parameters

This topic describes how to configure the IGMP VLAN parameters. 30.15.1 Setting the IGMP Mode This topic describes how to set the IGMP mode, including IGMP proxy and IGMP snooping. 30.15.2 Configuring the IGMP Version
This topic describes how to configure the version of the IGMP protocol that runs on the multicast VLAN. The MA5600T supports IGMP V2 and IGMP V3. 30.15.3 Configuring the Multicast Program This topic describes how to add one or more programs to the program library. 30.15.4 Setting the Unsolicited Report Interval This topic describes how to set the unsolicited report interval. When the IGMP proxy works in unsolicited report mode, the report packet is sent to the upper layer router at the set interval. 30.15.5 Enabling the Proxy of the IGMP Leave Packet This topic describes how to enable the proxy of the IGMP leave packet. 30.15.6 Enabling the Proxy of the IGMP Report Packet This topic describes how to enable the proxy of the IGMP report packets. 30.15.7 Enabling the Function of Sending the Global-leave Packet This topic describes how to send the global-leave packet. 30.15.8 Setting the Priority of the IGMP Packet This topic describes how to set the priority of the IGMP packet. 30.15.9 Configuring the Multicast VLAN Member This topic describes how to configure the multicast VLAN member. 30.15.10 Enabling the Logging Function This topic describes how to enable the logging function of the multicast VLAN. 30.15.11 Setting the IP Address Range of the Multicast VLAN to Generate the Program Group Dynamically This topic describes how to set the address range of the multicast VLAN to generate the program group dynamically. 30.15.12 Enabling the Program Matching Mode of the Multicast VLAN This operations enables the program matching mode of the multicast VLAN. 30.15.13 Configuring the Virtual Upstream Port This topic describes how to configure the virtual upstream port of the multicast VLAN.
30.15.1 Setting the IGMP Mode

This topic describes how to set the IGMP mode, including IGMP proxy and IGMP snooping.
l
The configuration in IGMP snooping mode is the same as the configuration in IGMP proxy mode. The difference, however, lies in the internal protocol processing. In IGMP snooping mode, the host function, prejoin function, unsolicited report function, and the function of adding a program statically are not available.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp mode command to set the IGMP mode. Step 3 Run the display igmp config vlan command to query the current IGMP mode. ----End
Example
To set the IGMP mode as IGMP proxy, do as follows:
huawei(config)#multicast-vlan 30 huawei(config-mvlan30)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-mvlan30)#display igmp config vlan { all<K>|vlanid<1,4093> }:30 Command: display igmp config vlan 30 -----------------------------------------------------------IGMP mode : proxy IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : disable Leave proxy switch : disable Unsolicited report interval(s) : 10 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : ------------------------------------------------------------
Related Operation
Table 30-22 lists the related operation for configuring the IGMP mode. Table 30-22 Related operation for configuring the IGMP mode To... Query the IGMP global configuration Run the Command... display igmp config global
30.15.2 Configuring the IGMP Version

This topic describes how to configure the version of the IGMP protocol that runs on the multicast VLAN. The MA5600T supports IGMP V2 and IGMP V3.
By default, the multicast VLAN runs in IGMP V3version. The procedure for configuring the IGMP version is as follows:
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp version command to configure the IGMP version. Step 3 Run the display igmp config vlan command to query the IGMP version information about the multicast VLAN. ----End
Example
To configure the IGMP version of multicast VLAN 30 as V2, do as follows:
huawei(config)#multicast-vlan 30 huawei(config-mvlan30)#igmp version v2 huawei(config-mvlan30)#display igmp config vlan { all<K>|vlanid<1,4093> }:30 Command: display igmp config vlan 30 -----------------------------------------------------------IGMP mode : proxy IGMP version : IGMP V2 Log switch : enable Default uplink port : Report proxy switch : disable Leave proxy switch : disable Unsolicited report interval(s) : 10 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : ------------------------------------------------------------
Related Operation
Table 30-23 lists the related operation for configuring the IGMP version. Table 30-23 Related operation for configuring the IGMP version To... Query the IGMP global configuration Run the Command... display igmp config global
30.15.3 Configuring the Multicast Program

This topic describes how to add one or more programs to the program library.
l
When adding a program, configure the attributes of the program. The configurable attributes include the program name, the multicast IP address, the bandwidth and the index of a program, the index of the program preview profile, and the program source IP address. A program name contains up to 16 characters. The multicast IP address segment has the addresses ranging from 224.0.0.1 to 224.0.0.255. These private addresses are used for transmitting the local protocol packets. The IP address in this segment cannot be assigned to the multicast programs. The last 23 bits of the multicast IP address cannot be the same for different multicast programs. Otherwise, a conflict of the mapping MAC addresses of the IP addresses occurs.
l l
Issue 02 (2008-04-25)
30-55

NOTE
l l
If the IGMP version of the multicast VLAN is V2, the program source information need not be entered when you add a program in this VLAN. If the IGMP version of the multicast VLAN is V3, the program source information must entered when you add a program in this VLAN.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp program add command to add the multicast program. Step 3 Run the display igmp program command to query the multicast program information. ----End
Examples
l l l l l l l
Program name: BTV IP address of the program: 224.1.1.1 Source IP address: 20.20.20.20 Bandwidth of the program: 4 M Priority: 6 Preview profile number: 2 Other parameters: default settings
To add the program to multicast VLAN 10, do as follows:

huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp program add name BTV ip 224.1.1.1 sourceip 20.20.20.20 bandwidth 4096 priority 6 preview-profile 2 huawei(config-mvlan10)#display igmp program name BTV --------------------------------------------Program index : 2 Create mode : static Program name : BTV IP address : 224.1.1.1 VLAN ID : 10 Host attribute : enable Log attribute : enable Prejoin attribute : disable Unsolicited attribute : disable Priority : 6 Host IP : 0.0.0.0 Bandwidth(kbps) : 4096 SourceIP : 20.20.20.20 Preview Profile : 2 Numbers of watching : 0 ---------------------------------------------

l l l
IP address range of the program: 224.10.10.10-224.10.10.20 Source IP address: 10.10.10.10 Priority: 3

30-56

l l
Preview profile number: 0 Other parameters: default settings
To add the programs in batches to multicast VLAN 10, do as follows:

huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp program add batch ip 224.10.10.10 to-ip 224.10.10.20 sourceip 10.10.10.10 priority 3 preview-profile 0 Operation is running, please waiting... Success:11,failure:0 huawei(config-mvlan10)#display igmp program all -----------------------------------------------------------------------------Index| Create | IP | Program |User |VLAN |Prejoin|Prio| Flag | Address | name |num | ID | |rity -----------------------------------------------------------------------------0 S 224.1.1.1 zyy2 0 30 disable 7 1 S 224.2.2.2 BTV-1 0 10 disable 6 2 S 224.1.1.1 BTV 0 10 disable 6 3 S 224.10.10.10 PROGRAM-3 0 10 disable 3 4 S 224.10.10.11 PROGRAM-4 0 10 disable 3 5 S 224.10.10.12 PROGRAM-5 0 10 disable 3 6 S 224.10.10.13 PROGRAM-6 0 10 disable 3 7 S 224.10.10.14 PROGRAM-7 0 10 disable 3 8 S 224.10.10.15 PROGRAM-8 0 10 disable 3 9 S 224.10.10.16 PROGRAM-9 0 10 disable 3 10 S 224.10.10.17 PROGRAM-10 0 10 disable 3 11 S 224.10.10.18 PROGRAM-11 0 10 disable 3 12 S 224.10.10.19 PROGRAM-12 0 10 disable 3 13 S 224.10.10.20 PROGRAM-13 0 10 disable 3 -----------------------------------------------------------------------------Total: 14 program(s) (Static/Dynamic: 14/0) Note : # The program data is valid, but it is no license or the uplink port ID is beyond number of board port.
Related Operations
Table 30-24 lists the related operations for configuring the multicast program. Table 30-24 Related operations for configuring the multicast program To... Query the IGMP global configuration Query the configuration of the multicast VLAN Rename a program Delete a program Run the Command... display igmp config global Remarks -
display igmp config vlan
igmp program rename igmp program delete
A program name uniquely identifies a program in the program library. Deleting a program that a user is watching forces the user to go offline.
Issue 02 (2008-04-25)
30-57
To... Modify the program attributes
Run the Command... igmp program modify
Remarks
l
You can modify only one program attribute at a time. Batch modification of the program name and the modification of the program IP address are not allowed. Modifying the priority and the preview profile of a program causes the associated user to go offline.
30.15.4 Setting the Unsolicited Report Interval

This topic describes how to set the unsolicited report interval. When the IGMP proxy works in unsolicited report mode, the report packet is sent to the upper layer router at the set interval.
By default, the unsolicited report interval is 10s.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp unsolicited-report interval command to set the unsolicited report interval. Step 3 Run the display igmp config vlan command to query the value of the unsolicited report interval. ----End
Example
To set the unsolicited report interval of multicast VLAN 10 to 100s, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp unsolicited-report interval 100 huawei(config-mvlan10)#display igmp config vlan 10 -----------------------------------------------------------IGMP mode : off IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : disable Leave proxy switch : disable Unsolicited report interval(s) : 100 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : ------------------------------------------------------------
Related Operations
Table 30-25 lists the related operations for setting the unsolicited report interval.
Table 30-25 Related operations for setting the unsolicited report interval To... Restore the unsolicited report interval to the default value Query the IGMP global configuration Run the Command... undo igmp unsolicited-report interval
display igmp config global
30.15.5 Enabling the Proxy of the IGMP Leave Packet

This topic describes how to enable the proxy of the IGMP leave packet.
By default, the proxy of the IGMP leave packet in the multicast VLAN is disabled.
l
When the proxy is enabled, the MA5600T reconstructs and forwards the IPoE leave packets of the BTV user. When the proxy is disabled, the MA5600T forwards all the IPoE packets of the BTV user.
NOTE
l l
The proxy of the IGMP leave packet has no effect on the PPPoE packets. The proxy of the IGMP leave packet takes effect only in IGMP snooping mode.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp leave-proxy enable command to enable the proxy of the IGMP leave packet. Step 3 Run the display igmp config vlan command to query the proxy status of the IGMP leave packet. ----End
Example
To enable the proxy of the IGMP leave packet in multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp leave-proxy enable huawei(config-mvlan10)#display igmp config vlan 10 -----------------------------------------------------------IGMP mode : off IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : disable Leave proxy switch : enable Unsolicited report interval(s) : 100 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : ------------------------------------------------------------
Issue 02 (2008-04-25)
30-59
Related Operations
Table 30-26 lists the related operations for enabling the proxy of the IGMP leave packet. Table 30-26 Related operations for Enabling the proxy of the IGMP leave packet To... Disable the proxy of the IGMP leave packet Query the IGMP global configuration Run the Command... igmp leave-proxy disable display igmp config global
30.15.6 Enabling the Proxy of the IGMP Report Packet

This topic describes how to enable the proxy of the IGMP report packets.
l
By default, the proxy of the IGMP report packet is disabled. With the proxy of the IGMP report packet enabled, when the report packet of the user is sent, the system checks whether this user is the first to order the program.

If yes, the packet is forwarded to the upstream direction. If no, the packet is dropped.
When the proxy is enabled, the proxy substitutes the user to create the IGMP report packet in response to the upstream query packet, and only forwards the packet of adding the first user. When the proxy is disabled, all the legal user's IGMP report packets are forwarded to the upstream direction.
NOTE
l l
The proxy of the IGMP report packet takes effect only in IGMP snooping mode. The proxy can create and forward only the IPoE IGMP report packet.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp report-proxy enable command to enable the proxy of the IGMP report packet. Step 3 Run the display igmp config vlan command to query the proxy status of the IGMP report packet. ----End
Example
To enable the proxy of the IGMP report packet in multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp report-proxy enable huawei(config-mvlan10)#display igmp config vlan 10
30-60
Issue 02 (2008-04-25)
-----------------------------------------------------------IGMP mode : snooping IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : enable Leave proxy switch : enable Unsolicited report interval(s) : 100 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : ------------------------------------------------------------
Related Operations
Table 30-27 lists the related operations for enabling the proxy of the IGMP report packet. Table 30-27 Related operations for enabling the proxy of the IGMP report packet To... Disable the proxy of the IGMP report packet Query the IGMP global configuration Run the Command... igmp report-proxy disable display igmp config global
30.15.7 Enabling the Function of Sending the Global-leave Packet

This topic describes how to send the global-leave packet.
By default, the function of sending the global-leave packet is enabled.
l
With this function enabled, when the MA5600T detects that the network topology changes, the system sends the global-leave packet to the new upstream port. When this function is enabled and the multicast VLAN works in IGMP V2 version, if the MA5600T detects that the network topology changes, the system sends the global-leave packet to the new upstream port.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp send global-leave enable command to enable the function of sending the globalleave packet. Step 3 Run the display igmp config vlan command to query the status of the function of sending the global-leave packet. ----End
Example
To enable the function of sending the global-leave packet on multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp send global-leave enable huawei(config-mvlan10)#display igmp config vlan 10 -----------------------------------------------------------IGMP mode : off IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : enable Leave proxy switch : enable Unsolicited report interval(s) : 100 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : ------------------------------------------------------------
Related Operations
Table 30-28 lists the related operations for enabling the function of sending the global-leave packet. Table 30-28 Related operations for enabling the function of sending the global-leave packet To... Disable the function of sending the global-leave packet Query the IGMP global configuration Run the Command... igmp send global-leave disable
display igmp config global
30.15.8 Setting the Priority of the IGMP Packet

This topic describes how to set the priority of the IGMP packet.
The priority range of the IGMP packet in the multicast VLAN is from 0 to 7. The greater the value of the priority, the higher the priority level. By default, the priority of the IGMP packet in the multicast VLAN is 6.
NOTE
Only in IGMP proxy mode, the IGMP packet sent to the network by the MA5600T is processed based on the IGMP packet priority in the multicast VLAN. When the IGMP mode is IGMP snooping, the priority of the IGMP packet forwarded to the network by the MA5600T adopts that of the IGMP service flow.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode.
Step 2 Run the igmp priority command to set the priority of the IGMP packet. Step 3 Run the display igmp config vlan command to query the priority of the IGMP packet. ----End
Example
To set the priority of the IGMP packet in multicast VLAN 10 to 2, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp priority 2 huawei(config-mvlan10)#display igmp config vlan 10 -----------------------------------------------------------IGMP mode : off IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : enable Leave proxy switch : enable Unsolicited report interval(s) : 100 IGMP priority : 2 Send global leave switch : enable Program match mode : enable Program match group : ------------------------------------------------------------
Related Operation
Table 30-29 lists the related operation for setting the priority of the IGMP packet. Table 30-29 Related operation for setting the priority of the IGMP packet To... Query the IGMP global configuration Run the Command... display igmp config global
30.15.9 Configuring the Multicast VLAN Member

This topic describes how to configure the multicast VLAN member.
You can add a member to the multicast VLAN, only if the VLAN exists, and the user accessing the member port is a BTV user. You can delete a BTV user, only if the user is a multicast VLAN member.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp multicast-vlan member command to add the multicast VLAN member.
Step 3 Run the display igmp multicast-vlan member command to query the information about the multicast VLAN member. ----End
Example
To add BTV user 0/2/0 (GEM Port ID: 130) as the member of multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp multicast-vlan member port 0/2/0 gemport 130 huawei(config-mvlan10)#display igmp multicast-vlan member vlan 10 BTV user(s) join the multicast vlan : -----------------------------------------------------------------------0/2/0/130 -----------------------------------------------------------------------Total: 1
Related Operations
Table 30-30 lists the related operations for configuring the multicast VLAN member. Table 30-30 Related operations for configuring the multicast VLAN member To... Delete the multicast VLAN member Add a BTV user Run the Command... undo igmp multicast-vlan member igmp user add
30.15.10 Enabling the Logging Function

This topic describes how to enable the logging function of the multicast VLAN.
This function involves recording the online and offline information of the multicast user in the multicast VLAN. By default, the logging function is enabled.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp log enable command to enable the logging function. Step 3 Run the display igmp config vlan command to query the status of the logging function on the multicast VLAN. ----End
Example
To enable the logging function on multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp log enable huawei(config-mvlan10)#display igmp config vlan 10 -----------------------------------------------------------IGMP mode : off IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : enable Leave proxy switch : enable Unsolicited report interval(s) : 100 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : ------------------------------------------------------------
Related Operation
Table 30-31 lists the related operation for enabling the logging function. Table 30-31 Related operation for enabling the logging function To... Query the IGMP global configuration Run the Command... display igmp config global
30.15.11 Setting the IP Address Range of the Multicast VLAN to Generate the Program Group Dynamically
This topic describes how to set the address range of the multicast VLAN to generate the program group dynamically.
After the IP address range of the multicast VLAN is configured to generate the program group dynamically, only the multicast programs in this range can be generated dynamically when the dynamic program generation mode is enabled.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp match group command to set the IP address range of the multicast VLAN to generate the program group dynamically. Step 3 Run the display igmp config vlan command to query the IP address range of the multicast VLAN to generate the program group dynamically. ----End
Example
To set the IP address range of multicast VLAN 10 to generate the program group dynamically from 224.20.20.20 to 224.20.20.29, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp match group ip 224.20.20.20 to-ip 224.20.20.29 huawei(config-mvlan10)#display igmp config vlan 10 -----------------------------------------------------------IGMP mode : off IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : enable Leave proxy switch : enable Unsolicited report interval(s) : 100 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : 224.20.20.20 ~ 224.20.20.29 ------------------------------------------------------------
Related Operations
Table 30-32 lists the related operations for setting the IP address range of the multicast VLAN to generate the program group dynamically. Table 30-32 Related operations for setting the IP address range of the multicast VLAN to generate the program group dynamically To... Delete the IP address range of the multicast VLAN to generate the program group dynamically Disable the program matching mode of the multicast VLAN Run the Command... undo igmp match group
igmp match mode disable
30.15.12 Enabling the Program Matching Mode of the Multicast VLAN

This operations enables the program matching mode of the multicast VLAN.
l
The programs must be pre-configured when the program matching mode of the multicast VLAN is enabled. The programs need not be pre-configured when the program matching mode of the multicast VLAN is disabled. The programs are generated automatically once the user orders them.
NOTE
When the program matching mode of the multicast VLAN switches, all program data in the multicast VLAN are deleted. If a BTV user is online at that time, the user is forced to go offline.
30-66
Issue 02 (2008-04-25)
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp match mode command to enable the program matching mode of the multicast VLAN. Step 3 Run the display igmp config vlan command to query the status of the program matching mode of the multicast VLAN. ----End
Example
To enable the program matching mode on multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp match mode enable huawei(config-mvlan10)#display igmp config vlan 10 -----------------------------------------------------------IGMP mode : off IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : enable Leave proxy switch : enable Unsolicited report interval(s) : 100 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : 224.20.20.20 ~ 224.20.20.29 ------------------------------------------------------------
Related Operation
Table 30-33 lists the related operation for enabling the program matching mode of the multicast VLAN. Table 30-33 Related operation for enabling the program matching mode of the multicast VLAN To... Disable the program matching mode of the multicast VLAN Run the Command... igmp match mode disable
30.15.13 Configuring the Virtual Upstream Port

This topic describes how to configure the virtual upstream port of the multicast VLAN.
The multicast upstream port can belong to different multicast VLANs, and a multicast VLAN can be configured with multiple virtual upstream ports.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp uplink-port command to configure the virtual upstream port of the multicast VLAN. Step 3 Run the display igmp uplink-port command to query the information about the virtual upstream port of the multicast VLAN. ----End
Example
To configure port 0/9/0 as the virtual upstream port of multicast VLAN 10, do as follows:
huawei(config)#multicast-vlan 10 huawei(config-mvlan10)#igmp uplink-port 0/9/0 huawei(config-mvlan10)#display igmp uplink-port all --------------------------------------------Port | Vlan | IGMP | V2 Router Present | | version | Timer (s) --------------------------------------------0/9/0 10 IGMP V3 0 0/9/1 10 IGMP V3 0 --------------------------------------------Total: 2 Note: # The port ID is beyond number of board port.
Related Operations
Table 30-34 lists the related operations for configuring the virtual upstream port. Table 30-34 Related operations for configuring the virtual upstream port To... Delete the virtual upstream port of the multicast VLAN Configure the bandwidth of the upstream port Set the working mode of the upstream port Configure the default upstream port of the multicast VLAN Run the Command... undo igmp uplink-port Remarks -
igmp bandwidth uplink-port
igmp uplink-port-mode igmp default uplink-port
When the MA5600T is not enabled with the STP function or it functions as the root bridge device in the STP network, the default upstream port of the multicast VLAN applies to the upstream port of the MA5600T.
30-68
Issue 02 (2008-04-25)
30.16 Configuring the PIM-SSM Protocol Parameters

This topic describes how to configure the PIM-SSM protocol parameters. 30.16.1 Enabling the PIM-SSM Function This topic describes how to enable the PIM-SSM function on a VLAN L3 interface. 30.16.2 Setting the DR Priority of a PIM Router This topic describes how to set the DR priority of a PIM router in PIM mode or VLAN interface mode. 30.16.3 Setting the Interval for a PIM Router to Send Hello Messages This topic describes how to set the interval for a PIM router to send Hello messages in PIM mode or VLAN interface mode. 30.16.4 Setting the Holdtime for Receiving the Hello Messages This topic describes how to set the holdtime for receiving the Hello messages in PIM mode or VLAN interface mode. 30.16.5 Setting the Longest Delay for Triggering the Transmission of the Hello Message This topic describes how to set the longest delay for triggering the transmission of Hello message. 30.16.6 Setting the Specifications of the Join/Prune Messages This topic describes how to set the specifications of the Join/Prune messages. The specifications involve the packet length, and the number of (S, G) entries contained in the packets sent every second. 30.16.7 Setting the Interval for Sending the Join/Prune Messages This topic describes how to set the interval for sending the Join/Prune messages in PIM mode or VLAN interface mode. 30.16.8 Setting the Delay for a PIM Router to Perform Pruning This topic describes how to set the delay for a PIM router to perform pruning in PIM mode or VLAN interface mode. 30.16.9 Setting the Interval for a PIM Router to Override Pruning This topic describes how to set the interval for a PIM router to override pruning in PIM mode or VLAN interface mode. 30.16.10 Setting the Holdtime for a PIM Router to Maintain the Join Status of a Downstream Interface This topic describes how to set the holdtime for a PIM router to maintain the join status of a downstream interface in PIM mode or VLAN interface mode. 30.16.11 Setting the Range of the PIM-SSM Multicast Addresses This topic describes how to set the range of the PIM-SSM multicast addresses.
30.16.1 Enabling the PIM-SSM Function

This topic describes how to enable the PIM-SSM function on a VLAN L3 interface.
Prerequisite
l l
The multicast mode of the upstream port must be PIM-SSM. The multicast routing function must be enabled.
Issue 02 (2008-04-25)

l
The related VLAN must be created.
Context
By default, the PIM-SSM function is disabled on the MA5600T. The following describes the PIM-SSM function and its relationship with the PIM-SM function.
l
Protocol Independent Multicast-Source Specific Multicast (PIM-SSM) applies to the scenario where multiple multicast users share one multicast source, and the multicast users know the source IP address of the multicast source in advance. The designated router (DR) on the user side applies to the upper layer multicast router through the protocols such as IGMP V3 for joining the specified multicast group towards, and finally establishes the multicast distribution tree, namely the shortest path tree (SPT).
PIM-SSM is implemented based on the Protocol Independent Multicast-Sparse Mode (PIM-SM). PIM-SM is a multicast routing protocol in the sparse mode, and applies to the large-scale network where the distribution of group members is sparse. PIM-SSM adopts only part of the PIM-SM technologies. It does not need to maintain the rendezvous point (RP), establish the rendezvous point tree (RPT), or register the multicast source. For PIM-SSM, the SPT can be directly established between the multicast sources and the receivers. The MA5600T supports the PIM-SSM protocol, but it does not support the PIM-SM protocol.
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode. Step 2 Run the pim sm command to enable the PIM-SSM function on the VLAN L3 interface. ----End
Example
To enable the PIM-SSM function on VLAN interface 100, do as follows:
huawei(config)#interface vlanif 100 huawei(config-if-vlanif100)#pim sm
Related Operation
Table 30-35 lists the related operation for enabling the PIM-SSM function. Table 30-35 Related operation for enabling the PIM-SSM function To... Disable the PIM-SSM function Run the Command... undo pim sm
30.16.2 Setting the DR Priority of a PIM Router

This topic describes how to set the DR priority of a PIM router in PIM mode or VLAN interface mode.
Prerequisite
l l
Context
l
According to the PIM-SSM protocol, a DR must be elected from the shared-media LAN to manage the registration of local multicast sources and joining of receivers. A DR is elected based on the priority and the IP address. The routers mutually send Hello messages carrying the priority parameter for electing a DR. The router with the highest priority is elected as the DR. If the DR priority is the same, the router with the largest IP address is elected as the DR.
For a PIM router, the larger the DR priority value, the higher the priority. The DR priority value is in the range of 04294967295. By default, it is 1. The command used for configuring the priority of a router for DR election in PIM mode functions in the same way as the command used in VLAN interface mode. The difference is that the MA5600T prefers the DR priority set in VLAN interface mode. When the DR priority set in interface mode does not exist, the MA5600T uses the DR priority set in PIM mode.
Procedure
l In PIM mode, do as follows: 1. 2. 3. 4. l Run the pim command to enter PIM mode. Run the hello-option dr-priority command to set the DR priority of a PIM router in PIM mode. Run the quit command to exit PIM mode. Run the display pim interface command to query the PIM information on the interface. Run the interface vlanif command to enter VLAN interface mode. Run the pim hello-option dr-priority command to set the DR priority of a PIM router on a specified interface. Run the quit command to exit VLAN interface mode. Run the display pim interface command to query the PIM information on the interface.
In VLAN interface mode, do as follows: 1. 2. 3. 4.
----End
Examples
To set the DR priority of a PIM router to 3 in PIM mode, do as follows:
huawei(config)#pim huawei(config-pim)#hello-option dr-priority 3 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1
Issue 02 (2008-04-25)
30-71
PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 3 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
To set the DR priority of a PIM router to 4 on VLAN interface 500, do as follows:

huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim hello-option dr-priority 4 huawei(config-if-vlanif500)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 4 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
Related Operations
Table 30-36 lists the related operations for setting the DR priority of a PIM router. Table 30-36 Related operations for setting the DR priority of a PIM router To... Restore the DR priority of a PIM router to the default value in PIM mode
30-72
Run the Command... undo hello-option dr-priority
Issue 02 (2008-04-25)
To... Restore the DR priority of a PIM router to the default value in VLAN interface mode
Run the Command... undo pim hello-option dr-priority
30.16.3 Setting the Interval for a PIM Router to Send Hello Messages
This topic describes how to set the interval for a PIM router to send Hello messages in PIM mode or VLAN interface mode.
Prerequisite
l l
Context
l
The interval for a PIM router to send Hello messages must be less than the Hello holdtime which is transmitted with the Hello messages sent by the router. For how to set the holdtime for the PIM router to wait for the Hello messages, see "30.16.4 Setting the Holdtime for Receiving the Hello Messages." The interval is in the range of 121474836s. By default, it is 30s. The command used for setting the interval for a PIM router to send Hello messages in PIM mode functions in the same way as the command used in VLAN interface mode. The difference is that the MA5600T prefers the interval set in VLAN interface mode. When the interval set in VLAN interface mode does not exist, the MA5600T uses the interval set in PIM mode.
l l
Procedure
l In PIM mode, do as follows: 1. 2. 3. 4. l Run the pim command to enter PIM mode. Run the timer hello command to set the interval for a PIM router to send Hello messages in PIM mode. Run the quit command to exit PIM mode. Run the display pim interface command to query the PIM information on the interface. Run the interface vlanif command to enter VLAN interface mode. Run the pim timer hello command to set the interval for a PIM router to send Hello messages in PIM mode. Run the quit command to exit VLAN interface mode. Run the display pim interface command to query the PIM information on the interface.
----End
Examples
To set the interval for a PIM router to send Hello messages to 50s in PIM mode, do as follows:
huawei(config)#pim huawei(config-pim)#timer hello 50 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 50 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
To set the interval for a PIM router to send Hello messages to 80s on VLAN interface 500, do as follows:
huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim timer hello 80 huawei(config-if-vlanif500)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 80 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
30-74
Issue 02 (2008-04-25)
Related Operations
Table 30-37 lists the related operations for setting the interval for a PIM router to send Hello messages. Table 30-37 Related operations for setting the interval for a PIM router to send Hello messages To... Restore the interval for a PIM router to send Hello messages to the default value in PIM mode Restore the interval for a PIM router to send Hello messages to the default value in VLAN interface mode Run the Command... undo timer hello
undo pim timer hello
30.16.4 Setting the Holdtime for Receiving the Hello Messages

This topic describes how to set the holdtime for receiving the Hello messages in PIM mode or VLAN interface mode.
Prerequisite
l l
Context
l
The holdtime for receiving the Hello messages refers to the valid time for a PIM router to receive the Hello messages sent from a PIM neighbor. If no Hello messages are received before the holdtime times out, the PIM router considers that the neighbor fails or is unreachable. Note that the holdtime must be greater than the interval for a PIM router to send Hello messages. For how to set the interval for a PIM router to send Hello messages, see "30.16.3 Setting the Interval for a PIM Router to Send Hello Messages."
l l
The holdtime is in the range of 165535s. By default, it is 105s. The command used for setting the holdtime of the Hello messages sent from a PIM neighbor in PIM mode functions in the same way as the command used in VLAN interface mode. The difference is that the MA5600T prefers the holdtime set in VLAN interface mode. When the holdtime set in VLAN interface mode does not exist, the MA5600T uses the holdtime set in PIM mode.
Procedure
l In PIM mode, do as follows: 1. 2. Run the pim command to enter PIM mode. Run the hello-option holdtime command to set the holdtime for receiving the Hello messages.
Issue 02 (2008-04-25)
3. 4. l
Run the quit command to exit PIM mode. Run the display pim interface command to query the PIM information on the interface. Run the interface vlanif command to enter VLAN interface mode. Run the pim hello-option holdtime command to set the holdtime for receiving the Hello messages on a specified interface. Run the quit command to exit VLAN interface mode. Run the display pim interface command to query the PIM information on the interface.
----End
Examples
To set the holdtime for receiving the Hello messages to 160s in PIM mode, do as follows:
huawei(config)#pim huawei(config-pim)#hello-option holdtime 160 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 160 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
To set the holdtime for receiving the Hello messages to 240s on VLAN interface 500, do as follows:
huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim hello-option holdtime 240 huawei(config-if-vlanif500)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s
30-76
Issue 02 (2008-04-25)
PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 240 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
Related Operations
Table 30-38 lists the related operations for setting the holdtime for receiving the Hello messages. Table 30-38 Related operations for setting the holdtime for receiving the Hello messages To... Restore the holdtime for receiving the Hello messages to the default value in PIM mode Restore the holdtime for receiving the Hello messages to the default value in VLAN interface mode Run the Command... undo hello-option holdtime
undo pim hello-option holdtime
30.16.5 Setting the Longest Delay for Triggering the Transmission of the Hello Message
This topic describes how to set the longest delay for triggering the transmission of Hello message.
Prerequisite
l l
Context
l
The longest delay is used to prevent multiple PIM routers from concurrently sending Hello messages when they are powered on simultaneously. After the longest delay is set, the MA5600T selects a random value less than the set value to delay the transmission of Hello messages. After the delay, the MA5600T sends the Hello message. For example, if the longest delay is N seconds (s), the MA5600T selects a random value between 0Ns as the delay, and sends the Hello message to the neighbor after this delay.
The longest delay is in the range of 15s. By default, it is 5s.

Issue 02 (2008-04-25)
Procedure
Step 1 Run the interface vlanif command to enter VLAN interface mode. Step 2 Run the pim triggered-hello-delay command to set the longest delay for triggering the transmission of the Hello message. Step 3 Run the quit command to exit VLAN interface mode. Step 4 Run the display pim interface command to query the PIM information on the interface. ----End
Examples
To set the longest delay for triggering the transmission of the Hello message to 4s on VLAN interface 500, do as follows:
huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim triggered-hello-delay 4 huawei(config-if-vlanif500)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 4 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
Related Operation
Table 30-39 lists the related operation for setting the longest delay for triggering the transmission of the Hello message. Table 30-39 Related operation for setting the longest delay for triggering the transmission of the Hello message To... Restore the longest delay for triggering the transmission of the Hello message to the default value Run the Command... undo pim triggered-hello-delay
30-78
Issue 02 (2008-04-25)
30.16.6 Setting the Specifications of the Join/Prune Messages

This topic describes how to set the specifications of the Join/Prune messages. The specifications involve the packet length, and the number of (S, G) entries contained in the packets sent every second.
Prerequisite
l l
Context
l
The length of the Join/Prune messages is in the range of 1001500 bytes. By default, it is 1500 bytes. The number of (S, G) entries contained in the Join/Prune messages sent every second is in the range of 14096. By default, it is 1020.
Procedure
l Set the length of the Join/Prune messages to be sent. 1. 2. l 1. 2. ----End Run the pim command to enter PIM mode. Run the jp-pkt-size command to set the size of the Join/Prune messages to be sent. Run the pim command to enter PIM mode. Run the jp-queue-size command to set the number of (S, G) entries contained in the packets sent every second.
Set the number of (S, G) entries contained in the packets sent every second.
Examples
To set the size of the Join/Prune messages to be sent to 1100 bytes, do as follows:
huawei(config)#pim huawei(config-pim)#jp-pkt-size 1100
To set the number of (S, G) entries contained in the packets sent every second to 1000, do as follows:
huawei(config)#pim huawei(config-pim)#jp-queue-size 1000
Related Operations
Table 30-40 lists the related operations for setting the specifications of the Join/Prune messages.
Issue 02 (2008-04-25)
30-79
Table 30-40 Related operations for setting the specifications of the Join/Prune messages To... Restore the size of the Join/Prune messages to the sent to the default value Restore the number of (S, G) entries contained in the packets sent every second to the default value Set the interval for sending the Join/Prune messages in PIM mode Set the interval for sending the Join/Prune messages in VLAN interface mode Run the Command... undo jp-pkt-size
undo jp-queue-size
timer join-prune pim timer join-prune
30.16.7 Setting the Interval for Sending the Join/Prune Messages

This topic describes how to set the interval for sending the Join/Prune messages in PIM mode or VLAN interface mode.
Prerequisite
l l
Context
l l
The interval is in the range of 12147483647s. By default, it is 60s. The command used for setting the interval for sending the Join/Prune messages in PIM mode functions in the same way as the command used in VLAN interface mode. The difference is that the MA5600T prefers the interval set in VLAN interface mode. When the interval set in VLAN interface mode does not exist, the MA5600T uses the interval set in PIM mode.
Procedure
l In PIM mode, do as follows: 1. 2. 3. 4. l Run the pim command to enter PIM mode. Run the timer join-prune command to set the interval for sending the Join/Prune messages in PIM mode. Run the quit command to exit PIM mode. Run the display pim interface command to query the PIM information on the interface. Run the interface vlanif command to enter VLAN interface mode.
In VLAN interface mode, do as follows: 1.
30-80
2. 3. 4. ----End
Run the pim timer join-prune command to set the interval for sending the Join/Prune messages in VLAN interface mode. Run the quit command to exit VLAN interface mode. Run the display pim interface command to query the PIM information on the interface.
Examples
To set the interval for sending the Join/Prune messages to 100s in PIM mode, do as follows:
huawei(config)#pim huawei(config-pim)#timer join-prune 100 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 100 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
To set the interval for sending the Join/Prune messages to 120s on VLAN interface 500, do as follows:
huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim timer join-prune 120 huawei(config-if-vlanif500)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s
Issue 02 (2008-04-25)
30-81
PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 120 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
Related Operations
Table 30-41 lists the related operations for setting the interval for sending the Join/Prune messages. Table 30-41 Related operations for setting the interval for sending the Join/Prune messages To... Restore the interval for sending the Join/Prune messages to the default value in PIM mode Restore the interval for sending the Join/Prune messages to the default value in VLAN interface mode Run the Command... undo timer join-prune
undo pim timer join-prune
30.16.8 Setting the Delay for a PIM Router to Perform Pruning

This topic describes how to set the delay for a PIM router to perform pruning in PIM mode or VLAN interface mode.
Prerequisite
l l
Context
l
The Hello messages sent by a PIM router carry the lan-delay (message transmission delay) parameter and the override-interval (prune override interval) parameter. The lan-delay parameter indicates the delay for message transmission in a LAN. If the lan-delay values of all the routers along a link are different, the routers negotiate to select a maximum value. lan-delay + override-interval = PPT, where PPT indicates the delay for a current router to perform pruning after it receives the Prune message from a downstream router. Pruning suppresses the downstream interface forwarding. If the downstream Prune override message is received during the PPT, the router cancels the pruning. For how to configure the override-interval, see "30.16.9 Setting the Interval for a PIM Router to Override Pruning."
l l
The delay is in the range of 132767 ms. By default, it is 500 ms. The command used for setting the delay for a PIM router to perform pruning in PIM mode functions in the same way as the command used in VLAN interface mode. The difference is that the MA5600T prefers the delay set in VLAN interface mode.
30-82
When the delay set in VLAN interface mode does not exist, the MA5600T uses the delay set in PIM mode.
Procedure
l In PIM mode, do as follows: 1. 2. 3. 4. l Run the pim command to enter PIM mode. Run the hello-option lan-delay command to set the delay for a PIM router to perform pruning in PIM mode. Run the quit command to exit PIM mode. Run the display pim interface command to query the PIM information on the interface. Run the interface vlanif command to enter VLAN interface mode. Run the pim hello-option lan-delay command to set the delay for a PIM router to perform pruning on a specified interface. Run the quit command to exit VLAN interface mode. Run the display pim interface command to query the PIM information on the interface.
----End
Examples
To set the delay for a PIM router to perform pruning to 600 ms in PIM mode, do as follows:
NOTE
The delay set in this operation is the PIM LAN delay (configured) displayed in the response to the display pim interface command. The value is carried in the Hello messages for negotiation. After the routers along a link complete the negotiation, a negotiated value is obtained, which is the PIM LAN delay (negotiated) displayed in the response to the display pim interface command. This negotiated value is the lan-delay that takes effect. The rule for negotiation is to choose the maximum value among the delay values of all the PIM routers.
huawei(config)#pim huawei(config-pim)#hello-option lan-delay 600 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 600 ms PIM LAN delay (configured): 600 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s
Issue 02 (2008-04-25)
30-83
PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
To set the delay for a PIM router to perform pruning to 700 ms on VLAN interface 500, do as follows:
huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim hello-option lan-delay 700 huawei(config-if-vlanif500)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 700 ms PIM LAN delay (configured): 700 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
Related Operations
Table 30-42 lists the related operations for setting the delay for a PIM router to perform pruning. Table 30-42 Related operations for setting the delay for a PIM router to perform pruning To... Restore the delay for a PIM router to perform pruning to the default value in PIM mode Restore the delay for a PIM router to perform pruning to the default value in VLAN interface mode Run the Command... undo hello-option lan-delay
undo pim hello-option lan-delay
30.16.9 Setting the Interval for a PIM Router to Override Pruning

This topic describes how to set the interval for a PIM router to override pruning in PIM mode or VLAN interface mode.
Prerequisite
l l
Context
l
The Hello messages sent by a PIM router carry the message transmission delay (lan-delay) and the prune override interval (override-interval). The lan-delay parameter indicates the delay for message transmission in a LAN. The override-interval parameter indicates the interval for a downstream router to override pruning. If the override-interval values of all the routers along a link are different, the routers negotiate to select a maximum value.
lan-delay + override-interval = PPT, where PPT indicates the delay for a current router to perform pruning after it receives the Prune message from a downstream router. Pruning suppresses the downstream interface forwarding. If the downstream Prune override message is received during the PPT, the router cancels the pruning. For how to configure the lan-delay, see "30.16.8 Setting the Delay for a PIM Router to Perform Pruning."
When a router receives a Prune message on the upstream interface, it indicates that other downstream routers exist in this LAN. If this router still needs to receive the multicast data, it must send the Prune override message to the upstream router during the override-interval. The interval is in the range of 165535 ms. By default, it is 2500 ms. The command used for setting the delay for a PIM router to override pruning in PIM mode functions in the same way as the command used in VLAN interface mode. The difference is that the MA5600T prefers the interval set in VLAN interface mode. When the interval set in VLAN interface mode does not exist, the MA5600T uses the interval set in PIM mode.
l l
Procedure
l In PIM mode, do as follows: 1. 2. 3. 4. l Run the pim command to enter PIM mode. Run the hello-option override-interval command to set the delay for a PIM router to override pruning in PIM mode. Run the quit command to exit PIM mode. Run the display pim interface command to query the PIM information on the interface. Run the interface vlanif command to enter VLAN interface mode. Run the pim hello-option override-interval command to set the interval for a PIM router to override pruning on a specified interface. Run the quit command to exit VLAN interface mode. Run the display pim interface command to query the PIM information on the interface.
----End
Examples
To set the interval for a PIM router to override pruning to 2800 ms in PIM mode, do as follows:
NOTE
The interval set in this operation is presented as the PIM hello override interval (configured) in the display pim interface command. The value is carried in the Hello messages for negotiation. After the routers along a link complete the negotiation, a negotiated value is obtained, which is presented as the PIM hello override interval (negotiated) in the display pim interface command. This negotiated value is the override-interval that takes effect. The rule for negotiation is to choose the maximum value among the interval values of all the PIM routers.
huawei(config)#pim huawei(config-pim)#hello-option override-interval 2800 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2800 ms PIM hello override interval (configured): 2800 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
To set the interval for a PIM router to override pruning to 3000 ms on VLAN interface 500, do as follows:
huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#pim hello-option override-interval 3000 huawei(config-if-vlanif500)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 3000 ms PIM hello override interval (configured): 3000 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s
30-86
Issue 02 (2008-04-25)
PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
Related Operations
Table 30-43 lists the related operations for setting the delay for a PIM router to override pruning. Table 30-43 Related operations for setting the delay for a PIM router to override pruning To... Restore the delay for a PIM router to override pruning to the default value in PIM mode Restore the delay for a PIM router to override pruning to the default value in VLAN interface mode Run the Command... undo hello-option override-interval
undo pim hello-option override-interval
30.16.10 Setting the Holdtime for a PIM Router to Maintain the Join Status of a Downstream Interface
This topic describes how to set the holdtime for a PIM router to maintain the join status of a downstream interface in PIM mode or VLAN interface mode.
Prerequisite
l l
Context
l
The Join/Prune messages carry the holdtime. If a receiving router does not receive any Join messages within the holdtime, it deletes the downstream interfaces. In general, the holdtime is 3.5 times greater than the interval for sending the Join/Prune messages. For how to configure the interval for sending the Join/Prune messages, see "30.16.7 Setting the Interval for Sending the Join/Prune Messages."
l l
The holdtime is in the range of 165535s. By default, it is 210s. The command used for setting the holdtime for a PIM router to maintain the join status of a downstream interface in PIM mode functions in the same way as the command used in VLAN interface mode. The difference is that the MA5600T prefers the holdtime set in VLAN interface mode. When the holdtime set in VLAN interface mode does not exist, the MA5600T uses the holdtime set in PIM mode.
Issue 02 (2008-04-25)
30-87
Procedure
l In PIM mode, do as follows: 1. 2. 3. 4. l Run the pim command to enter PIM mode. Run the holdtime join-prune command to set the holdtime for a PIM router to maintain the joinf status of a downstream interface in PIM mode. Run the quit command to exit PIM mode. Run the display pim interface command to query the PIM information on the interface. Run the interface vlanif command to enter VLAN interface mode. Run the pim holdtime join-prune command to set the holdtime for a PIM router to maintain the join status of a downstream interface in VLAN interface mode. Run the quit command to exit VLAN interface mode. Run the display pim interface command to query the PIM information on the interface.
----End
Examples
To set the holdtime for a PIM router to maintain the join status of a downstream interface to 220s in PIM mode, do as follows:
huawei(config)#pim huawei(config-pim)#holdtime join-prune 220 huawei(config-pim)#quit huawei(config)#display pim interface verbose Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 220 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
To set the holdtime for a PIM router to maintain the join status of a downstream interface to 215s on VLAN interface 500, do as follows:
huawei(config)#interface vlanif 500 huawei(config-if-vlanif500)#holdtime join-prune 215 huawei(config-if-vlanif500)#quit
30-88
Issue 02 (2008-04-25)

huawei(config)#display pim interface verbose
Vpn-instance: public net Interface: vlanif500, 10.10.10.1 PIM version: 2 PIM mode: Sparse PIM DR: 10.10.10.1 (local) PIM DR Priority (configured): 1 PIM neighbor count: 0 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM hello override interval (negotiated): 2500 ms PIM hello override interval (configured): 2500 ms PIM neighbor tracking (configured): disabled PIM neighbor tracking (negotiated): disabled PIM generation ID: 0X212532C8 PIM hello hold interval: 105 s PIM hello assert interval: 454545 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 215 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 1
Related Operations
Table 30-44 lists the related operations for setting the holdtime for a PIM router to maintain the join status of a downstream interface. Table 30-44 Related operations for setting the holdtime for a PIM router to maintain the join status of a downstream interface To... Restore the holdtime for a PIM router to maintain the join status of a downstream interface to the default value in PIM mode Restore the holdtime for a PIM router to maintain the join status of a downstream interface to the default value in VLAN interface mode Run the Command... undo holdtime join-prune
undo pim holdtime join-prune
30.16.11 Setting the Range of the PIM-SSM Multicast Addresses

This topic describes how to set the range of the PIM-SSM multicast addresses.
Prerequisite
l l
Issue 02 (2008-04-25)
Context
l
Perform this operation to specify the range of the PIM-SSM multicast addresses. All the interfaces enabled with the PIM-SSM protocol consider that the multicast groups within the range adopt the PIM-SSM mode. By default, the range of the PIM-SSM multicast addresses is 232.0.0.0/8.
Procedure
Step 1 Run the acl command to enter acl-basic mode.
NOTE
The ACL must be a basic ACL, which is in the range of 20002999.
Step 2 Run the rule permit source command to configure the ACL rule to define the permitted source IP addresses as the PIM-SSM multicast addresses. Step 3 Run the quit command to exit acl-basic mode. Step 4 Run the pim command to enter PIM mode. Step 5 Run the ssm-policy command to apply the configured ACL rule to specify the range of the PIMSSM multicast addresses. ----End
Example
To set the range of the PIM-SSM multicast addresses as 232.1.0.0/16, do as follows:
huawei(config)#acl 2000 huawei(config-acl-basic-2000)#rule permit source huawei(config-acl-basic-2000)#quit huawei(config)#pim huawei(config-pim)#ssm-policy 2000 232.1.0.0 0.0.255.255
Related Operation
Table 30-45 lists the related operation for setting the range of the PIM-SSM multicast addresses. Table 30-45 Related operation for setting the range of the PIM-SSM multicast addresses To... Restore the range of the PIM-SSM multicast addresses to the default value Run the Command... undo ssm-policy
30.17 Managing Multicast Bandwidth

This topic describes how to manage multicast bandwidth. 30.17.1 Enabling the Bandwidth Management Function This topic describes how to enable multicast bandwidth management.
30.17.2 Setting the Program Bandwidth This topic describes how to set the program bandwidth. For details, see "30.15.3 Configuring the Multicast Program."
30.17.1 Enabling the Bandwidth Management Function

This topic describes how to enable multicast bandwidth management.
l
Only when the bandwidth management function is enabled that the bandwidth can be managed. If the used bandwidth exceeds the allocated one, the system checks as follows.
If the number of the programs being watched exceeds the maximum value, the system delivers the group-specific query message to all the programs being watched. If there are some programs which are not being watched (while the MA5600T has regarded them being watched), the system deletes them from the user program list. In this case, the number of programs being watched can be released. If the user's residual bandwidth is not enough, the system delivers the group-specific query message to all the programs being watched. If there are some programs which are not being watched while the MA5600T has regarded them being watched for some reason, the system deletes them from the user program list. In this case, some occupied bandwidth can be released.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp bandwidthCAC command to enable the bandwidth management function. Step 3 Run the display igmp config global command to display the bandwidth management function. ----End
Example
To enable bandwidth management of IGMP proxy, do as follows:
huawei(config)#btv huawei(config-btv)#igmp bandwidthcac enable huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 05:00:00 Auto create log interval(h) : 2
Issue 02 (2008-04-25)
30-91
Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : enable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-46 lists the related operation for enabling the bandwidth management function. Table 30-46 Related operation for enabling the bandwidth management function To Disable IGMP proxy bandwidth management Run the Command igmp bandwidthCAC disable
30.17.2 Setting the Program Bandwidth

This topic describes how to set the program bandwidth. For details, see "30.15.3 Configuring the Multicast Program."
30.18 Configuring an Authority Profile

This topic describes how to configure an authority profile. 30.18.1 Modifying an Authority Profile This topic describes how to modify an authority profile. 30.18.2 Renaming an Authority Profile This topic describes how to rename an authority profile.
30.18.1 Modifying an Authority Profile

This topic describes how to modify an authority profile.
l l
By default, the system names the 2000 profiles as profile 1, profile 2, , and profile N. The program authority can only be any one of watch, preview, forbidden and idle.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp profile command to add the authority to watch program BTV-1 to profile 1. Step 3 Run the display igmp profile command to display the configuration of the authority profile. ----End
Example
To add program BTV-1 with authority of watch to profile 1, do as follows:
huawei(config)#btv huawei(config-btv)#igmp profile profile-name profile1 program-name BTV-1 watch huawei(config-btv)#display igmp profile profile-name profile1 Profile index : 1 Profile name : Profile1 Program number : 1 User Reference Number : 0 ----------------------------------------------Program name IP address Right ----------------------------------------------BTV-1 224.1.1.1 watch ----------------------------------------------Total:1
Related Operation
Table 30-47 lists the related operation for modifying an authority profile. Table 30-47 Related operation for modifying an authority profile To... Set the priority for user authorities Run the Command... igmp right-priority
30.18.2 Renaming an Authority Profile

This topic describes how to rename an authority profile.
l l
The new authority profile name cannot be identical to an existing one. The authority profile name is not case sensitive.
Procedure
Step 1 Run the igmp profile rename command to rename an authority profile. Step 2 Run the display igmp profile command to display the authority profile. ----End
Example
To rename profile 1 as "VIP-channel", do as follows:
huawei(config-btv)#igmp profile rename profile1 VIP-channel huawei(config-btv)#display igmp profile all ---------------------------------------------------------------------index Profile name Program number User Reference Number ---------------------------------------------------------------------0 Profile0 1 0 1 VIP-channel 0 0 2 Profile2 0 0
Issue 02 (2008-04-25)
30-93

3 Profile3 4 Profile4 5 Profile5 6 Profile6 7 Profile7 8 Profile8 9 Profile9 10 Profile10 11 Profile11 12 Profile12 13 Profile13 14 Profile14 15 Profile15 16 Profile16 17 Profile17 18 Profile18 19 Profile19 ---- More ( Press 'Q' to break ) ----

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
30.19 Configuring Multicast Users

This topic describes how to configure multicast users. 30.19.1 Adding a BTV User This topic describes how to add a BTV user. 30.19.2 Modifying the Attributes of a User This topic describes how to modify the attributes of a user. 30.19.3 Blocking a BTV User This topic describes how to block a BTV user. A blocked user cannot watch a program until the user is unblocked. 30.19.4 Binding a User with an Authority Profile This topic describes how to bind an auth user with an authority profile. An auth user can watch programs of an authority profile only when the user is bound with the profile in authority profile mode. 30.19.5 Enabling the Switch of Monitoring the BTV User This topic describes how to enable the switch of monitoring the BTV user.
30.19.1 Adding a BTV User

This topic describes how to add a BTV user.
l l
When adding a BTV user, you must specify a PVC for carrying IGMP packets for this user. Each BTV user can watch up to eight programs at the same time. By default, a BTV user can watch eight programs at the same time. An authentication (auth) user must be bound with some authority profiles to watch the programs. The user who does not need authentication (no-auth) can watch all programs in the multicast server. In this case, no authority needs to be configured for the user. You can add a user only when both the PVC for carrying IGMP packets and the PVC for carrying the program stream exist.
30-94
Issue 02 (2008-04-25)
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp user add command to add a BTV user. Step 3 Run the display igmp user command to display the BTV user. ----End
Example
To add a user under port 0/11/0 as a BTV user (no-auth user), do as follows: To add a user (GEM Port ID: 150) under port 0/11/0 as a BTV user (no-auth user), with quick leave function, do as follows:
huawei(config)#btv huawei(config-btv)#igmp user add port 0/11/0 no-auth huawei(config-btv)#igmp user add port 0/11/0 gemport 150 user-vlan 10 no-auth quickleave enable huawei(config-btv)#display igmp user port 0/11/0 gemport 150 { <cr>|grant-program-list<K> }: Command: display igmp user port 0/11/0 gemport 150 User : 0/11/0 State : offline Authentication : no-auth Quick leave : enable IGMP Interface : 150 IGMP flow Type : vlan IGMP flow Parameter : 10 Video Interface : Video flow Type : Video flow Parameter : Log switch : enable Bind profiles : IGMP version : Available programs : 1 Mode : snooping Process After Auth Fail : forward Used bandwidth(kbps) : 0 The percentage of used bandwidth to port rate(%) : 0 Gpon Max-bandwidth(kbps) : 10240 quick leave time(0.1s) : 0 Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID. The 'auto' means VPI/VCI autosense.
Related Operations
Table 30-48 lists the related operations for adding a BTV user. Table 30-48 Related operations for adding a BTV user To... Delete a BTV user Modify a BTV user Run the Command... igmp user delete igmp user modify
Issue 02 (2008-04-25)
30-95
30.19.2 Modifying the Attributes of a User

This topic describes how to modify the attributes of a user.
The user attributes include authorization, quick leave, log switch, and maximum number of channel programs to be watched. You can modify only one attribute of a user at a time.
Procedure
Step 1 Run the btv to enter BTV mode. Step 2 Run the igmp user modify command to modify the attributes of a user. Step 3 Run the display igmp user command to query the multicast user information. ----End
Example
To modify user 0/2/0 as a user who needs authorization, do as follows:
huawei(config)#btv huawei(config-btv)#igmp user modify port 0/11/0 auth Are you sure to modify user by port?(y/n)[n]:y Operation is running, please waiting... huawei(config-btv)#display igmp user all Operation is running, please waiting... ---------------------------------------------------------------------------User Bind State Auth Quick IGMP Log Available profiles leave Interface switch programs ---------------------------------------------------------------------------0/11/0 0 offline auth enable auto enable 8 ---------------------------------------------------------------------------Total: 1 Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID. huawei(config-btv)#display igmp user all Operation is running, please waiting... ----------------------------------------------------------------------------User Bind State Auth Quick IGMP Video Log Available profiles leave Interface Interface switch programs ----------------------------------------------------------------------------0/2/0/0 0 block auth enable 150 enable 1 0/2/1/0 1 offline auth enable 150 enable no-limit ----------------------------------------------------------------------------Total: 2 Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID. The 'auto' means VPI/VCI autosense.
Related Operations
Table 30-49 lists the related operations for modifying the attributes of a user.
30-96
Issue 02 (2008-04-25)
Table 30-49 Related operations for modifying the attributes of a user To Add a BTV user Delete a BTV user Run the Command igmp user add igmp user delete
30.19.3 Blocking a BTV User

This topic describes how to block a BTV user. A blocked user cannot watch a program until the user is unblocked.
After a BTV user is blocked, the user is disconnected from the program that the user is watching.
l
If the IP address or index of the program being watched is not specified, the system blocks the user port. In addition, the user's access requests for any program after the user goes offline are denied until the user is unblocked. If the IP address or index of the program being watched is specified, the system only blocks the specified program. After the user gets offline, the user still can demand any program except the blocked one.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp user block command to block a BTV user. Step 3 Run the display igmp user command to display the information on the BTV user. ----End
Example
To block user 0/11/0, do as follows: To block a user (GEM Port ID: 150) under port 0/11/0, do as follows:
huawei(config)#btv huawei(config-btv)#igmp user block port 0/11/0 huawei(config)#btv huawei(config-btv)#igmp user block port 0/2/0 gemport 150 Are you sure to block user by port?(y/n)[n]:y huawei(config-btv)#display igmp user port 0/11/0 gemport 150 { <cr>|grant-program-list<K> }: Command: display igmp user port 0/11/0 gemport 150 User : 0/11/0/0 State : block Authentication : no-auth Quick leave : enable IGMP Interface : 150 IGMP flow Type : vlan IGMP flow Parameter : 10 Video Interface :
Issue 02 (2008-04-25)
30-97
Video flow Type : Video flow Parameter : Log switch : enable Bind profiles : IGMP version : Available programs : 1 Mode : snooping Process After Auth Fail : forward Used bandwidth(kbps) : 0 The percentage of used bandwidth to port rate(%) : 0 Gpon Max-bandwidth(kbps) : 10240 quick leave time(0.1s) : 0 Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID. The 'auto' means VPI/VCI autosense.
Related Operation
Table 30-50 lists the related operation for blocking a BTV user. Table 30-50 Related operation for blocking a BTV user To Unblock a BTV user Run the Command undo igmp user block
30.19.4 Binding a User with an Authority Profile

This topic describes how to bind an auth user with an authority profile. An auth user can watch programs of an authority profile only when the user is bound with the profile in authority profile mode.
l
A user port can be bound with multiple profiles. However, "no-auth" user cannot be bound with any profile. Up to 128 profiles can be bound to a user.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp user bind-profile command to bind an authority profile. Step 3 Run the display igmp user command to display the authority profile bound with the user. ----End
Example
To bind user 0/11/0 with "profile0", do as follows:
huawei(config)#btv huawei(config-btv)#igmp user bind-profile port 0/11/0 profile-name profile0 huawei(config)#btv huawei(config-btv)#igmp user bind-profile port 0/11/0 gemport 150 profile-name profile0
30-98
Issue 02 (2008-04-25)
huawei(config-btv)#display igmp user port 0/11/0 gemport 150 { <cr>|grant-program-list<K> }: Command: display igmp user port 0/11/0 gemport 150 User : 0/11/0/0 State : offline Authentication : auth Quick leave : enable IGMP Interface : 150 IGMP flow Type : vlan IGMP flow Parameter : 10 Video Interface : Video flow Type : Video flow Parameter : Log switch : enable Bind profiles : 1 IGMP version : Available programs : no-limit Mode : snooping Process After Auth Fail : forward Used bandwidth(kbps) : 0 The percentage of used bandwidth to port rate(%) : 0 Gpon Max-bandwidth(kbps) : 10240 quick leave time(0.1s) : 0 Bind profile list --------------------------------------------index Profile name Program number --------------------------------------------0 Profile0 1 --------------------------------------------Total: 1 Note : IGMP Interface--VPI/VCI or VLAN ID or EPON ID or ETH and GEMPORT ID. The 'auto' means VPI/VCI autosense.
Related Operation
Table 30-51 lists the related operation for binding a user with an authority profile. Table 30-51 Related operation for binding a user with an authority profile To... Unbind an authority profile from a user Run the Command... undo igmp user bind-profile
30.19.5 Enabling the Switch of Monitoring the BTV User

This topic describes how to enable the switch of monitoring the BTV user.
Before enabling the switch of monitoring the BTV user, you must perform the following operations:
l l
Run the terminal debugging command to enable the debugging information output switch. Run the debugging igmp all command to enable all the debugging switches in the system.
Issue 02 (2008-04-25)
30-99
Procedure
Run the debugging igmp command to enable the switch of monitoring the BTV user. ----End
Example
To enable the switch of monitoring BTV user port 0/11/0, do as follows:
huawei(config)#debugging igmp port 0/11/0 gemport 150
Related Operation
Table 30-52 lists the related operation for enabling the switch of monitoring BTV users. Table 30-52 Related operation for enabling the switch of monitoring BTV users To Disable the switch of monitoring BTV users Run the Command undo debugging igmp
30.20 Configuring the Preview Function

This topic describes how to configure the preview function. 30.20.1 Configuring the Preview Profile This topic describes how to configure the preview profile. 30.20.2 Enabling the Preview Function This topic describes how to enable the preview function. 30.20.3 Setting the Preview Auto Reset Time This topic describes how to set the preview auto reset time. When the preview auto reset time is set, the system clears the preview count to zero at the specified time. 30.20.4 Clearing the Preview Records Manually This topic describes how to clear all preview records manually, including the record of the preview logout time and count.
30.20.1 Configuring the Preview Profile

This topic describes how to configure the preview profile.
All parameters of the default preview profile with the index of 0 adopts the default settings:
l l l
The maximum preview time is 120s. The maximum preview count is 8. The minimum preview interval is 120s.
30-100
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp preview-profile add command to configure the multicast preview profile. Step 3 Run the display igmp preview-profile command to query the multicast preview profile. ----End
Example
To add preview profile with the index of 2, do as follows:
huawei(config)#btv huawei(config-btv)#igmp preview-profile add index 2 interval 60 duration 200 times 8 huawei(config-btv)#display igmp preview-profile index 2 Preview profile Index: 2 Preview duration(s): 200 Preview interval(s): 60 Preview count: 8 Program reference number: 3
Related Operations
Table 30-53 lists the related operation for configuring the preview profile. Table 30-53 Related operation for configuring the preview profile To... Modify the preview profile Delete the preview profile Run the Command... igmp preview-profile modify igmp preview-profile delete
30.20.2 Enabling the Preview Function

This topic describes how to enable the preview function.
With the preview function disabled, users with preview authority cannot view any program.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp preview enable command to enable the IGMP preview function. Step 3 Run the display igmp config global command to check whether the preview function is enabled. ----End
Example
To enable the IGMP preview function, do as follows:
huawei(config)#btv huawei(config-btv)#igmp preview enable huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-54 lists the related operation for enabling the preview function. Table 30-54 Related operation for enabling the preview function To Disable the IGMP preview function Run the Command igmp preview disable
30.20.3 Setting the Preview Auto Reset Time

This topic describes how to set the preview auto reset time. When the preview auto reset time is set, the system clears the preview count to zero at the specified time.
By default, the preview auto reset time is 04:00:00 am each day.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp preview auto-reset-time command to set the preview auto reset time.
Step 3 Run the display igmp config global command to display the display the preview auto reset time. ----End
Example
To set the preview auto reset time as 05:00:00 am each day, do as follows:
huawei(config)#btv huawei(config-btv)#igmp preview auto-reset-time 05:00:00 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 05:00:00 Auto create log interval(h) : 2 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200 IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operations
Table 30-55 lists the related operations for setting the preview auto reset time. Table 30-55 Related operations for setting the preview auto reset time To Restore the default preview auto reset time Reset the record of the preview logout time manually Reset the record of the preview logout count manually Run the Command undo igmp preview auto-reset-time igmp preview reset record igmp preview reset count
30.20.4 Clearing the Preview Records Manually

This topic describes how to clear all preview records manually, including the record of the preview logout time and count.
The system records the previous preview logout time automatically. If a user previews a program at an interval smaller than the value preset by running the igmp preview program command, the user is not allowed to preview the program again.
Procedure
l Reset the record of the preview logout time manually. 1. 2. l Run the btv command to enter BTV mode. Run the igmp preview reset record command to clear all the records of the preview logout time manually. Run the btv command to enter BTV mode. Run the igmp preview reset count command to clear all the records of the preview logout count manually.
Reset the record of the preview logout count manually. 1. 2.
----End
Examples
To clear all the records of the preview logout time manually, do as follows:
huawei(config)#btv huawei(config-btv)#igmp preview reset record
To clear all the records of the preview logout count manually, do as follows:
huawei(config)#btv huawei(config-btv)#igmp preview reset record
Related Operation
Table 30-56 lists the related operation for resetting the preview record. Table 30-56 Related operation for resetting the preview record To... Set the preview auto reset time Run the Command... igmp preview auto-reset-time
30.21 Configuring the Logging Function

This topic describes how to configure the logging function. 30.21.1 Enabling the Logging Function on the Multicast VLAN This topic describes how to enable the logging function on the multicast VLAN. After the logging function on the multicast VLAN is enabled, the system can log the activities of the users on the multicast VLAN, including login time and logout time. 30.21.2 Setting the Logging Interval
This topic describes how to set the automatic log generation interval for a long-time online user. 30.21.3 Configuring the Log Reporting This topic describes how to configure the log reporting function. 30.21.4 Collecting the Log Statistics This topic describes how to collect the statistics on user logs for audience statistics.
30.21.1 Enabling the Logging Function on the Multicast VLAN

This topic describes how to enable the logging function on the multicast VLAN. After the logging function on the multicast VLAN is enabled, the system can log the activities of the users on the multicast VLAN, including login time and logout time.
By default, the logging function is enabled.
Procedure
Step 1 Run the multicast-vlan command to enter multicast VLAN mode. Step 2 Run the igmp log enable command to enable the logging function on the multicast VLAN. Step 3 Run the display igmp config vlan command to display the logging status on the multicast VLAN. ----End
Example
To enable the IGMP proxy logging function on multicast VLAN 1, do as follows:
huawei(config)#multicast-vlan 1 huawei(config-mvlan1)#igmp log enable huawei(config-btv)#display igmp config vlan { all<K>|vlanid<1,4093> }:1 -------------------------------------------------------------------IGMP mode : snooping IGMP version : IGMP V3 Log switch : enable Default uplink port : Report proxy switch : disable Leave proxy switch : disable Unsolicited report interval(s) : 10 IGMP priority : 6 Send global leave switch : enable Program match mode : enable Program match group : --------------------------------------------------------------------
Related Operations
Table 30-57 lists the related operations for enabling the logging function on the multicast VLAN.
Issue 02 (2008-04-25)
30-105
Table 30-57 Related operations for enabling the logging function on the multicast VLAN To Disable the IGMP proxy logging function Display the logs of IGMP users Run the Command igmp proxy log disable display igmp log
30.21.2 Setting the Logging Interval

This topic describes how to set the automatic log generation interval for a long-time online user.
The MA5600T can record the logs automatically. When a user watches a program for a long time, and the time exceeds the time interval for generating the log, the system generates a log automatically. This log can be used for billing in case that no log is generated when a user gets offline abnormally after watching a program for a long time. By default, the logging interval for the user is online of long duration is two hours.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp proxy log-interval command to set the logging interval. Step 3 Run the display igmp config global command to display the set logging interval. ----End
Example
To set the log generation interval as one hour, do as follows:
huawei(config)#btv huawei(config-btv)#igmp proxy log-interval 1 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 125 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 100 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 8 Specific query number : 2 V2 router present timeout(s) : 400 User action report switch : disable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 05:00:00 Auto create log interval(h) : 1 Uplink port mode : default Bandwidth management switch : enable CDR auto report interval(s) : 600 CDR auto report number : 200
30-106
Issue 02 (2008-04-25)
IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operation
Table 30-58 lists the related operation for setting the logging interval. Table 30-58 Related operation for setting the logging interval To Restore the default logging interval Run the Command undo igmp proxy log-interval
30.21.3 Configuring the Log Reporting

This topic describes how to configure the log reporting function.
The logs are reported based on the combination of port, program IP address, and time range.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the igmp log report command to configure the log report function. ----End
Example
To report the logs of program 225.1.1.1 under VLAN 1 generated during the period from 2006-1-10 9:00:00 to 2006-1-10 18:30:00, do as follows:
huawei(config)#btv huawei(config-btv)#igmp log report ip 225.1.1.1 vlan 1 time 2006-1-10 9:00:00 end 2006-1-10 18:30:00 Reporting log has finished Reported log number: 50
Related Operations
Table 30-59 lists the related operations for configuring the log reporting. Table 30-59 Related operations for configuring the log reporting To Stopping the log reporting Run the Command igmp log stop-report Remarks If the system is reporting the user log, the command stops the log reporting. If not, the system prompts errors.
30-107
Issue 02 (2008-04-25)
To Clear user logs Display the log statistics
Run the Command igmp log reset display igmp log statistic
Remarks -
30.21.4 Collecting the Log Statistics

This topic describes how to collect the statistics on user logs for audience statistics.
The log statistics mainly include the programs ordered and related time parameters, can be regarded as the dynamic on-demand information. You can collect the statistics based on a pot, an IP address, or all users.
Procedure
Step 1 Run the btv command to enter BTV mode. Step 2 Run the display igmp log command to display the logs. ----End
Example
To collect the statistics on all user logs, do as follows:
huawei(config)#btv huawei(config-btv)#display igmp log all -----------------------------------------------------------------------------Port Program-IP Vlan Mode Join-time Leave-time -----------------------------------------------------------------------------0/14/0 224.1.1.1 N 2007-04-10 21:11:06 2007-04-10 21:11:06 0/14/0 224.1.1.1 N 2007-04-10 21:10:54 2007-04-10 21:10:54 0/14/0 239.255.255.250 20 W 2007-04-10 10:57:38 2007-04-10 11:13:26 0/14/0 224.1.1.1 20 W 2007-04-10 11:06:45 2007-04-10 11:13:24 0/14/0 224.1.1.1 20 W 2007-04-10 11:05:25 2007-04-10 11:06:35 0/14/0 224.1.1.1 20 W 2007-04-10 10:57:38 2007-04-10 11:04:18 -----------------------------------------------------------------------------Total: 6 Note: P(Mode) indicates preview, W(Mode) indicates watch, N(Mode) indicates no authority
30.22 Setting the Automatic CDR Reporting

This topic describes how to collect audience statistics by setting the auto call detailed record (CDR) reporting.
The system can keep up to 10,240 multicast CDRs. When configuring the servers, configure the primary server first. Make sure that the IP addresses of the primary and secondary servers are different.
Automatic CDR reporting is enabled when either of the following conditions is met:
l
No CDR is reported during the set time period (603600s), and there are some CDRs in the system which need to be reported. The number of the CDRs in the system reaches the reporting threshold (100200).
Procedure
Step 1 Run the backup-server cdr primary command to configure the primary server. Step 2 Run the backup-server cdr secondary command to configure the secondary server. Step 3 Run the btv command to enter BTV mode. Step 4 Run the igmp cdr-interval command to set the interval threshold for automatic CDR reporting. Step 5 Run the igmp cdr-number command to set the quantity threshold for automatic CDR reporting. Step 6 Run the display igmp config global command to display the thresholds for automatic CDR reporting. ----End
Example
l l l l l l
The IP address of the primary server: 10.10.10.1 The IP address of the secondary server: 10.10.10.2 The user name: user1 The password: no password 321 The interval threshold for automatic CDR reporting: 500s The quantity threshold for auto CDR reporting: 140
To enable the automatic CDR reporting function, do as follows:

huawei(config)#backup-server cdr primary 10.10.10.1 ftp user1 nopassword huawei(config)#backup-server cdr secondary 10.10.10.2 ftp user1 nopassword huawei(config)#btv huawei(config-btv)#igmp cdr-interval 500 huawei(config-btv)#igmp cdr-number 140 huawei(config-btv)#display igmp config global -------------------------------------------------------Program number of license : 1024 Authorization : enable Robustness variable : 2 General query interval(s) : 200 V2 General query response time(0.1s) : 100 V3 General query response time(0.1s) : 200 Specific query interval(0.1s) : 10 V2 Specific query response time(0.1s) : 8 V3 Specific query response time(0.1s) : 5 Specific query number : 5 V2 router present timeout(s) : 500 User action report switch : enable Preview switch : enable Recognition time(s) : 30 The time of reset preview-count : 04:00:00 Auto create log interval(h) : 1 Uplink port mode : default Bandwidth management switch : enable
Issue 02 (2008-04-25)
30-109
CDR auto report interval(s) : 500 CDR auto report number : 140 CDR switch : enable IGMP Packet encapsulation : all IGMP ECHO switch : disable V3 packet snooping process policy : firstmatch ---------------------------------------------------------
Related Operations
Table 30-60 lists the related operations for setting the automatic CDR reporting. Table 30-60 Related operations for setting the automatic CDR reporting To Delete a server Display the configuration of the server Restore the default quantity threshold for automatic CDR reporting Restore the default interval threshold for automatic CDR reporting Run the Command undo backup-server display backup-server cdr undo igmp cdr-number Remarks By default, the quantity is 200.
undo igmp cdr-interval
By default, the interval is 600s.
30-110
Issue 02 (2008-04-25)
31 Triple Play Service Configuration
31
NOTE
Triple Play Service Configuration
About This Chapter

This topic describes how to configure the triple play service supported by the MA5600T.
31.1 Overview This topic describes the description and specifications of the triple play service. 31.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services This topic provides an example for configuring the triple play service - multiple PVCs for multiple services. Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services. 31.3 Configuration Example of Triple Play This topic provides an example for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN). Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services. 31.4 Configuration Example of Triple Play - Based on 802.1p This operation shows how to configure the triple play - single PVC for multiple services (based on 802.1p). Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services. 31.5 Configuration Example of Triple Play - Based on the Service Encapsulation Type This operation shows how to configure the triple play service - single PVC for multiple services (based on service encapsulation type). Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services. 31.6 Configuration Example of Triple Play
This topic describes how to configure the triple play service. Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services.
31-2
Issue 02 (2008-04-25)
31.1 Overview
This topic describes the description and specifications of the triple play service.
Service Description
With the rapid development of the broadband services, more and more users demand high bandwidth for abundant services such as video service, voice service, and data service. For details on the triple play service, refer to "Triple Play" in the MA5600T Feature Description.
The MA5600T can support the triple play service. In the triple play application, the VoIP, IPTV, and Internet services are transmitted over one cable to the MA5600T through the home gateway or the optical access modem in a centralized manner.
l
The VoIP and IPTV services adopt DHCP method. The DHCP option60 domain is used to identify different terminals. The MA5600T can identify different DHCP option60 domains, and transmit packets of different terminals to different DHCP servers. In this way, the terminals can obtain IP addresses from the corresponding DHCP servers. Point-to-Point over Ethernet (PPPoE) is used for Internet service access.
Table 31-1 shows the modes supported by the MA5600T to provide the triple player service. Table 31-1 Modes to provide the triple play service Mode Multiple PVC for multiple services Single PVC for multiple services Description It needs to configure the existing modem. It adopts different PVCs to differentiate the service traffic. It is unnecessary to configure the existing modem. The PVC resources are saved.
l
When it differentiates the service traffic based on user-side VLAN: It differentiates the service traffic based on the VLAN ID contained in the packets sent from the user port PVC. The user packets are labeled with different upstream VLAN IDs, and the previous VLAN IDs in the user packets are removed.
When it differentiates the service traffic based on user-side encapsulation type: It differentiates the service traffic based on the encapsulation type (IPoE/PPPoE) of the user packets sent from the user port PVC. The user packets are labeled with different upstream VLAN IDs.
Issue 02 (2008-04-25)
31-3
31.2 Configuration Example of Triple Play - Multiple PVCs for Multiple Services
This topic provides an example for configuring the triple play service - multiple PVCs for multiple services. Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services.
Prerequisites
l l
The network devices and lines must be in the normal state. All kinds of boards of the device run in the normal state.
Networking
Figure 31-1 shows an example network for configuring the triple play service - multiple PVCs for multiple services. Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking. Internet, VoIP and IPTV services are borne on one PVC of the service port respectively. Internet service adopts PPPoE mode. VoIP and IPTV services adopt DHCP mode and obtain IP address in DHCP standard mode from the DHCP server. After different service streams access to the MA5600T, the device provides different QoS guarantee for service streams based on the traffic priority in the PVC.
31-4
Issue 02 (2008-04-25)
Figure 31-1 Example network for configuring the triple play service - multiple PVCs for multiple services
Muticast source OSS & RADIUS Server/RADIUS Proxy NMS GW IPTV DHCP Server BRAS LSW
A A D D L L F F GE 0/9/0
CON ETH ESC
Router
VoIP DHCP Server
SCU Home gateway 1
MA5600T
Home gateway 2
DHCP
PPPoE DHCP STB
DHCP
PPPoE DHCP STB
Ephone
PC
TV
Ephone
PC
TV
Data Plan
Table 31-2 provides the data plan for configuring the triple play service - multiple PVCs for multiple services. Table 31-2 Data plan for configuring the triple play service Item ADLF board Data Downstream ports 0/11/0 and 0/12/0. The ports use the default line profile. Internet: VPI/VCI 0/37 VoIP: VPI/VCI 0/36 IPTV: VPI/VCI 0/35 in the traffic profile Internet: 1 Mbit/s VoIP: 1 Mbit/s
Item
Data IPTV: no restriction
Upstream port VLAN
0/9/0 Internet: smart VLAN 2 VoIP: smart VLAN 3 IPTV: smart VLAN 4
DHCP
VoIP: obtaining IP address in standard DHCP mode, gateway 10.1.1.1 IP addresses of DHCP server group 1: 20.1.1.2 and 20.1.1.3 IPTV: obtaining IP address in standard DHCP mode, gateway 10.2.2.1 IP addresses of DHCP server group 2: 20.2.2.2 and 20.2.2.3
Program library
Authority profile
Profile 0. Profile 0 has the authority to watch BTV-1.
IGMP user
User 1 connected to port 0/11/0 can watch all programs. User 2 connected to port 0/12/0 can watch program BTV-1 only.
Priority
802.1p priority:
l l l
VoIP: 6 IPTV: 5 Internet: 1
Figure 31-2 shows the flowchart for configuring the triple play service-multiple PVCs for multiple services.
31-6
Issue 02 (2008-04-25)
Figure 31-2 Flowchart for configuring the triple play service-multiple PVCs for multiple services
Start Internet VoIP Configure the VLAN and its upstream port Configure the traffic profile Configure the VLAN and its upstream port Configure the traffic profile Configure the VLAN and its upstream port Configure the traffic profile IPTV
Configure DHCP Relay Configure IGMP Proxy
End
Procedure
l Configure Internet service. 1. Configure the VLAN and its upstream port.
2.
Configure the traffic profile. Because VoIP, IPTV and Internet services are transmitted through the same port, it is necessary to set the 802.1p priority for each service. In general, the VoIP service has the highest priority, and the Internet service has the lowest priority. In this example, set the traffic profile index as 7, and the priority of the Internet service as 1.
huawei(config)#traffic table ip index 7 cir 1024 priority 1 prioritypolicy local-Setting
3.
Configure the service port. Add the service port to the VLAN and use the traffic profile created in the previous step.
huawei(config)#service-port vlan 2 adsl 0/11/0 vpi 0 vci 37 rx-cttr 7 txcttr 7 huawei(config)#service-port vlan 2 adsl 0/12/0 vpi 0 vci 37 rx-cttr 7 txcttr 7
4.
Save the data.

huawei(config)#save
Issue 02 (2008-04-25)
31-7
Configure VoIP service. 1. Create the VLAN and its upstream port.
2.
Configure the traffic profile. Set the traffic profile index as 8, and the priority of the VoIP service as 6.
3.
Configure the service port. Add the service port to the VLAN, and use the traffic profile created in the previous step.
huawei(config)#service-port vlan 3 adsl 0/11/0 vpi 0 vci 36 rx-cttr 8 txcttr 8 huawei(config)#service-port vlan 3 adsl 0/12/0 vpi 0 vci 36 rx-cttr 8 txcttr 8
4.
Configure DHCP relay.

huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3 huawei(config)#interface vlanif 3 huawei(config-if-vlanif3)#ip address 10.1.1.1 24 huawei(config-if-vlanif3)#dhcp-server 1 huawei(config-if-vlanif3)#quit
5. l
Save the data.

huawei(config)#save
Configure IPTV service. 1. Create the VLAN and its upstream port.
2.
Configure the traffic profile. In this example, set the traffic profile index as 9 and the priority of IPTV service as 5.
huawei(config)#traffic table ip index 9 cir off priority 5 priority-policy local-Setting
3.
Configure the service port.
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast packets borne by the PVC takes no effect. Add the service port to the VLAN and use traffic profile 9.
huawei(config)#service-port 100 vlan 4 adsl 0/11/0 vpi 0 vci 35 rx-cttr 9 tx-cttr 9 huawei(config)#service-port 101 vlan 4 adsl 0/12/0 vpi 0 vci 35 rx-cttr 9 tx-cttr 9
4.

huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3
31-8
Issue 02 (2008-04-25)
huawei(config)#interface vlanif 4 huawei(config-if-vlanif4)#ip address 10.2.2.1 24 huawei(config-if-vlanif4)#dhcp-server 2
5. ----End
Save the data.

huawei(config)#save
Result
After the configuration, the triple play service (Internet, VoIP and IPTV) is available.
l l l
The Internet user can realize dial-up access to the Internet in the PPPoE mode. The VoIP user can make VoIP phones. IPTV user: The user connected to port 0/11/0 can watch all programs, and the user connected to port 0/12/0 can watch program BTV-1 only.
31.3 Configuration Example of Triple Play This topic provides an example for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN). Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services.
Prerequisites
l l
Networking
Figure 31-3 shows an example network for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN). Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking. Internet, VoIP and IPTV service streams are borne on one PVC together. After different service streams access to the MA5600T, the services are classified based on the user-side VLAN ID, and the MA5600T provides different QoS guarantee for service streams based on the traffic priority in the PVC. Internet service adopts PPPoE mode. VoIP and IPTV services adopt DHCP mode and obtain IP addresses in DHCP standard mode from the DHCP server.
Issue 02 (2008-04-25)
31-9
Figure 31-3 Example network for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN)
Muticast source
OSS & RADIUS Server/RADIUS Proxy NMS
GW IPTV DHCP Server BRAS LSW

CON ETH ESC
Router
VoIP DHCP Server
SCU Home gateway 1
MA5600T
Home gateway 2
DHCP
PPPoE DHCP STB
DHCP
PPPoE DHCP STB
Ephone
PC
TV
Ephone
PC
TV
Data Plan
Table 31-3 provides the data plan for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN). Table 31-3 Data plan for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN) Item ADLF board Data Service ports 0/11/0 and 0/12/0. The ports use the default line profile. VPI/VCI: 0/35 in the traffic profile Internet: 1 Mbit/s VoIP: 1 Mbit/s IPTV: no restriction Upstream port
31-10
0/9/0
Item Upstream VLAN
Data Internet: smart VLAN 102 VoIP: smart VLAN 103 IPTV: smart VLAN 104
User-side VLAN
Internet: smart VLAN 2 VoIP: smart VLAN 3 IPTV: smart VLAN 4
DHCP
Program library
Authority profile IGMP user
Sets profile 0 with the authority to watch program BTV-1. User 1 connected to port 0/11/0 can watch all programs. User 2 connected to port 0/12/0 can watch program BTV-1 only.
Priority
802.1p priority:
l l l
Figure 31-4 shows the flowchart for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN).
Issue 02 (2008-04-25)
31-11
Figure 31-4 Flowchart for configuring the triple play service - single PVC for multiple services (based on the user-side VLAN)
End
Procedure
2.
Configure the traffic profile. Because the VoIP, IPTV, and Internet services are transmitted through the same port, it is necessary to set the 802.1p priority for each service. In general, the VoIP service has the highest priority, and the Internet service has the lowest priority. In this example, set the traffic profile index as 7, and the priority of the Internet service as 1.
3.
huawei(config)#service-port vlan 102 adsl 0/11/0 vpi 0 vci 35 multiservice user-vlan 2 rx-cttr 7 tx-cttr 7 huawei(config)#service-port vlan 102 adsl 0/12/0 vpi 0 vci 35 multiservice user-vlan 2 rx-cttr 7 tx-cttr 7
4.
Save the data.

huawei(config)#save
31-12
Issue 02 (2008-04-25)
Configure VoIP service. 1. Configure the VLAN and its upstream port.
2.
Configure the traffic profile. Set the traffic profile index as 8 and the priority of the VoIP service as 6.
3.
huawei(config)#service-port service user-vlan 3 rx-cttr huawei(config)#service-port service user-vlan 3 rx-cttr vlan 103 adsl 0/11/0 vpi 0 vci 35 multi8 tx-cttr 8 vlan 103 adsl 0/12/0 vpi 0 vci 35 multi8 tx-cttr 8
4.

5. l
Save the data.

huawei(config)#save
Configure IPTV service. 1. Configure the VLAN and its upstream port.
2.
Configure the traffic profile. In this example, set the traffic profile index as 9, the priority of IPTV service as 5.
3.
huawei(config)#service-port 100 vlan 104 adsl 0/11/0 vpi 0 vci 35 multiservice user-vlan 4 rx-cttr 9 tx-cttr 9 huawei(config)#service-port 101 vlan 104 adsl 0/12/0 vpi 0 vci 35 multiservice user-vlan 4 rx-cttr 9 tx-cttr 9
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast packets borne by the PVC takes no effect. 4. Configure DHCP relay.
huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3
Issue 02 (2008-04-25)
31-13
huawei(config)#interface vlanif 104 huawei(config-if-vlanif104)#ip address 10.2.2.1 24 huawei(config-if-vlanif104)#dhcp-server 2
5. ----End
Save the data.

huawei(config)#save
Result
l l l
The Internet user can realize dial-up access to the Internet in PPPoE mode. The VoIP user can make VoIP phones. IPTV user: The user connected to port 0/11/0 can watch all programs, and the user connected to port 0/12/0 can watch program BTV-1 only.
31.4 Configuration Example of Triple Play - Based on 802.1p

This operation shows how to configure the triple play - single PVC for multiple services (based on 802.1p). Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services.
Prerequisites
l l
The network devices and the lines must be in the normal state. All boards must be in the normal state.
Networking
Figure 31-5 shows an example network for configuring the triple play service by means of single PVC for multiple services. Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking. Internet, VoIP and IPTV service streams are borne on one PVC together. After different service streams access to the MA5600T, the services are classified based on 802.1p, and the MA5600T provides different QoS guarantee for service streams based on 802.1p. Internet service adopts PPPoE mode. VoIP and IPTV services adopt DHCP mode and obtain IP addresses in DHCP standard mode from the DHCP server.
31-14
Issue 02 (2008-04-25)
Figure 31-5 Example network for configuring the triple play service - single PVC for multiple services (based on 802.1p)
Muticast source

CON ETH ESC
Router
VoIP DHCP Server
SCU Home gateway 1
MA5600T
Home gateway 2
DHCP
PPPoE DHCP STB
DHCP
PPPoE DHCP STB
Ephone
PC
TV
Ephone
PC
TV
Data Plan
Table 31-4 provides the data plan for configuring the triple play service - single PVC for multiple services (based on 802.1p). Table 31-4 Data plan for configuring the triple play service - single PVC for multiple services (based on 802.1p) Item ADLF Data Service ports 0/11/0 and 0/12/0 apply the default line profile. VPI/VCI: 0/35 in the traffic profile Internet service: 1 Mbit/s VoIP service: 1 Mbit/s IPTV: no restriction Upstream port 0/9/0
Issue 02 (2008-04-25)
31-15
Item Upstream VLAN
Data Internet service: smart VLAN 102 VoIP service: smart VLAN 103 IPTV service: smart VLAN 104
User-side 802.1p
Internet service: 2 VoIP service: 3 IPTV service: 4
DHCP
Program library
Sets profile 0 with the authority to watch program BTV-1. User 1 connected to port 0/11/0 can watch all programs. User 2 connected to port 0/12/0 can watch program BTV-1 only.
Priority
802.1p priority:
l l l
Figure 31-6 shows the flowchart for configuring the triple play service - single PVC for multiple services (based on 802.1p).
31-16
Issue 02 (2008-04-25)
Figure 31-6 Flowchart for configuring the triple play service - single PVC for multiple services (based on 802.1p)
End
Procedure
2.
3.
huawei(config)#service-port vlan 102 adsl 0/11/0 vpi 0 vci 35 multiservice user-8021p 2 rx-cttr 7 tx-cttr 7 huawei(config)#service-port vlan 102 adsl 0/12/0 vpi 0 vci 35 multiservice user-8021p 2 rx-cttr 7 tx-cttr 7
4.
Save the data.

huawei(config)#save
Issue 02 (2008-04-25)
31-17
2.
3.
huawei(config)#service-port vlan 103 adsl 0/11/0 vpi 0 vci 35 multiservice user-8021p 3 rx-cttr 8 tx-cttr 8 huawei(config)#service-port vlan 103 adsl 0/12/0 vpi 0 vci 35 multiservice user-8021p 3 rx-cttr 8 tx-cttr 8
4.
Set DHCP relay.

5. l
Save the data.

huawei(config)#save
2.
3.
huawei(config)#service-port 100 vlan 104 adsl 0/11/0 vpi 0 vci 35 multiservice user-8021p 4 rx-cttr 9 tx-cttr 9 huawei(config)#service-port 101 vlan 104 adsl 0/12/0 vpi 0 vci 35 multiservice user-8021p 4 rx-cttr 9 tx-cttr 9
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast packets borne by the PVC takes no effect.
31-18
Issue 02 (2008-04-25)
4.
Set DHCP relay.

huawei(config)#dhcp mode layer-3 standard huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3 huawei(config)#interface vlanif 104 huawei(config-if-vlanif104)#ip address 10.2.2.1 24 huawei(config-if-vlanif104)#dhcp-server 2
5. ----End
Save the data.

huawei(config)#save
Result
After the configuration, the triple play service (Internet, VoIP, and IPTV) is available.
l l l
Internet users can access the Internet through PPPoE dial-up. VoIP users can set conversation to each other. IPTV users: The user connected on port 0/11/0 can watch all the programs, and the user connected on port 0/12/0 can watch program BTV-1 only.
31.5 Configuration Example of Triple Play - Based on the Service Encapsulation Type
This operation shows how to configure the triple play service - single PVC for multiple services (based on service encapsulation type). Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services.
Prerequisite
l l
Networking
Figure 31-7 shows an example network for configuring the triple play service - single PVC for multiple services (based on service encapsulation type). Both user 1 (home gateway 1) and user 2 (home gateway 2) adopt the triple play networking. Internet, VoIP and IPTV service streams are borne on one PVC together. After different service streams access to the MA5600T, the services are classified based on service encapsulation type, and the MA5600T provides different QoS guarantee for service streams based on the traffic priority in the PVC. Internet service adopts PPPoE mode. VoIP and IPTV services adopt DHCP mode and obtain IP addresses in DHCP option60 mode from the DHCP server.
Issue 02 (2008-04-25)
31-19
Figure 31-7 Example network for configuring the triple play service - single PVC for multiple services (based on service encapsulation type)
Muticast source

CON ETH ESC
Router
VoIP DHCP Server
SCU Home gateway 1
MA5600T
Home gateway 2
DHCP
PPPoE DHCP STB
DHCP
PPPoE DHCP STB
Ephone
PC
TV
Ephone
PC
TV
Data Plan
Table 31-5 shows a data plan for configuring the triple play service - single PVC for multiple services (based on service encapsulation type). Table 31-5 Data plan for configuring the triple play service - single PVC for multiple services (based on service encapsulation type) Item ADLF Data Service ports 0/11/0 and 0/12/0 apply the default line profile. VPI/VCI: 0/35 in the traffic profile Internet service: 1 Mbit/s VoIP service: 1 Mbit/s IPTV: no restriction Upstream port
31-20
0/9/0
Issue 02 (2008-04-25)
Item Upstream VLAN Service encapsulatio n type DHCP
Data Internet service: smart VLAN 102 VoIP/IPTV service: smart VLAN 104 Internet service: PPPoE VoIP service: IPoE IPTV service: IPoE VoIP: DHCP option60 domain: voice Gateway: 10.1.1.1 IP address of DHCP server group 1: 20.1.1.2 and 20.1.1.3 IPTV: DHCP option60 domain for STB: video Gateway: 10.2.2.1 IP address of DHCP server group 2: 20.2.2.2 and 20.2.2.3
Program library Authority profile IGMP user Sets profile 0 with the authority to watch program BTV-1. User 1 connected to port 0/11/0 can watch all programs. User 2 connected to port 0/12/0 can watch program BTV-1 only. Priority 802.1p priority:
l l l
Figure 31-8 shows a flowchart for configuring the triple play service - single PVC for multiple services (based on service encapsulation type).
Issue 02 (2008-04-25)
31-21
Figure 31-8 Flowchart for configuring the triple play service - single PVC for multiple services (based on service encapsulation type)
End
Procedure
2.
3.
Add the service port. Add the service port to the VLAN, and use the traffic profile created in the previous step.
huawei(config)#service-port vlan 102 adsl service user-encp pppoe rx-cttr 7 tx-cttr huawei(config)#service-port vlan 102 adsl service user-encp pppoe rx-cttr 7 tx-cttr 0/11/0 vpi 0 vci 35 multi7 0/12/0 vpi 0 vci 35 multi7
4.
Save the data.

huawei(config)#save
31-22
Issue 02 (2008-04-25)
2.
Configure traffic profiles. In this example, set the traffic profile index as 8 and the priority of the VoIP service as 6.
3.
huawei(config)#service-port vlan service user-encp ipoe rx-cttr 8 huawei(config)#service-port vlan service user-encp ipoe 3 rx-cttr 104 adsl 0/11/0 vpi 0 vci 35 multitx-cttr 8 104 adsl 0/12/0 vpi 0 vci 35 multi8 tx-cttr 8
4.
Configure DHCP relay. The voice and the video services adopt DHCP access mode, and use the DHCP option60 domain to classify different service types. In this example, set the DHCP domain of the VoIP service as voice.
huawei(config)#dhcp mode layer-3 option-60 huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3 huawei(config)#dhcp domain voice huawei(config-dhcp-domain-voice)#dhcp-server 1 huawei(config-dhcp-domain-voice)#quit huawei(config)#interface vlanif 104 huawei(config-if-vlanif104)#ip address 10.1.1.1 24 huawei(config-if-vlanif104)#dhcp domain voice gateway 10.1.1.1 huawei(config-if-vlanif104)#quit
5. l
Save the data.

huawei(config)#save
2.
Configure traffic profiles. In this example, set the traffic profile index as 9 and the priority of the VoIP service as 5.
3.
huawei(config)#service-port 100 vlan 104 service user-encp ipoe rx-cttr 9 tx-cttr huawei(config)#service-port 101 vlan 104 service user-encp ipoe rx-cttr 9 tx-cttr adsl 0/11/0 vpi 0 vci 35 multi9 adsl 0/12/0 vpi 0 vci 35 multi9
Issue 02 (2008-04-25)
31-23
CAUTION
On the MA5600T, if the PVC is configured with priority, the priority of the multicast packets borne by the PVC takes no effect. 4. Configure DHCP relay. Set the DHCP relay data of the video service and set the DHCP option60 domain as video.
huawei(config)#dhcp mode layer-3 option-60 huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3 huawei(config)#dhcp domain video huawei(config-dhcp-domain-video)# dhcp-server 2 huawei(config)#interface vlanif 104 huawei(config-if-vlanif104)#ip address 10.2.2.1 24 huawei(config-if-vlanif104)#dhcp domain video gateway 10.2.2.1
5. ----End
Save the data.

huawei(config)#save
Result
l l l
The Internet user can access Internet in PPPoE dial-up mode. The VoIP user can make and receive a phone call. IPTV users: The user connected to port 0/11/0 can watch all the programs, and the user connected to port 0/12/0 can watch program BTV-1 only.
31.6 Configuration Example of Triple Play

This topic describes how to configure the triple play service. Users connects to multiple terminals through the home gateway to implement multiple services, such as Internet, VoIP and IPTV services.
Prerequisites
l l
The network devices and lines must be in the normal state. The service boards and the upstream board of the device are added correctly.
Networking
Figure 31-9 shows an example network for configuring the triple play service. The ONT accesses the Internet, VoIP and IPTV services through the FE port. Traffic of different services is transmitted to the MA5600T and then the MA5600T provides different QoS guarantee to the traffic based on the service types. The priority of the VoIP service is the highest (with the priority of 6), that of the IPTV service is the second highest (with the priority of 5), and that of the Internet service is the lowest (with the priority of 0).
Figure 31-9 Example network for configuring the triple play service
OSS & RADIUS server/RADIUS proxy NMS
Video
IPTV DHCP server TG BRAS LSW

G P B C
CON ETH ESC
Router
VoIP DHCP server
GE 0/19/0
SCU Optical splitter ONT DHCP PPPoE DHCP STB
MA5600T
Ephone
PC
TV
Data Plan
Table 31-6 provides the data plan for configuring the triple play service. Table 31-6 Data plan for configuring the triple play service Item GPON service board Data Port: 0/11/1 User-side VLAN: 10 (Internet), 11 (VoIP), 12 (IPTV) Upstream port Upstream VLAN 0/9/0 Smart VLAN: 100 (Internet) Smart VLAN: 101 (VoIP)
Issue 02 (2008-04-25)
31-25
Item
Data Smart VLAN: 102 (IPTV), with the Interface IP address of 10.2.2.1/16
Traffic profile
Internet: Index: 5 (default profile) CIR2Mbit/s Priority: 0 VoIP: Index: 0 (default profile) CIR: 1 Mbit/s Priority: 6 IPTV: Downstream: Index: 8 CIR: no restriction Priority: 5 Upstream: Index: 9 CIR: 2 Mbit/s Priority: 5
DBA profile
Index: 6 (the default DBA profile) Profile type: type1 Fixed bandwidth: 100 Mbit/s
ONT
l l

l l l l
ONT profile: 2 (the default capability set profile) ONT FE port 0: Internet service ONT FE port 1: VoIP service ONT FE port 2: IPTV service
GEM port
T-CONT ID: 1 (Internet), 2 (VoIP), 3 (IPTV) GEM port ID: 150 (Internet), 151 (VoIP), 152 (IPTV)
DHCP
VoIP: DHCP option60 domain: voice Gateway: 10.1.1.1 IP address of DHCP server group 1: 20.1.1.2 and 20.1.1.3
31-26
Issue 02 (2008-04-25)
Item
Data IPTV: DHCP option60 domain for STB: video Gateway: 10.2.2.1 IP address of DHCP server group 2: 20.2.2.2 and 20.2.2.3
Program library
Program BTV-1: Multicast address: 224.1.1.1 Program source IP address: 10.10.10.10 Program BTV-2: Multicast address: 224.1.1.2 Program source IP address: 10.10.10.10
Sets profile 0 with the authority to watch program 1 (224.1.1.1) and program 2 (224.1.1.2). User is bound with authority profile 0.
l
DHCP option60 domain value of the Set Top Box (STB) and Ethernet Phone (Ephone) varies with the terminals. In the actual application, refer to the user guides of the STB and the Ephone. Run the dhcp domain command to set the DHCP domain name. The configured domain name is a character string containing no space.
NOTE
The MA5600T supports the delivery of the OMCI configuration. The configuration and management information on the MA5600T can be delivered to the ONT through OMCI. If the ONT does not support OMCI function, you need to configure the ONT.
Figure 31-10 shows the flowchart for configuring the triple play service.
Issue 02 (2008-04-25)
31-27
Figure 31-10 Flowchart for configuring the triple play service

Start Internet VoIP Create a VLAN Add the upstream port Add an ONT Bind the T-CONT profile Specify VLANs for ONT Configure a GEM port Bind the GEM port with ONT T-CONT Map the GEM port to the service stream Create a VLAN Add the upstream port Configure traffic profiles Bind the T-CONT profile Specify VLANs for ONT Configure a GEM port Bind the GEM port with ONT T-CONT Map the GEM port to the service stream Add the service port Configure the DHCP relay Configure the DHCP relay Configure the IGMP proxy Create a VLAN Add the upstream port Configure traffic profiles Bind the T-CONT profile Specify VLANs for ONT Configure a GEM port Bind the GEM port with ONT T-CONT Map the GEM port to the service stream Add the service port IPTV
Add the service port
End
Procedure
Step 1 Configuring Internet service. 1. 2. 3. Create a VLAN.
Add the upstream port to the VLAN.

Add an ONT.
huawei(config)#interface gpon 0/2 huawei(config-if-gpon-0/2)#ont add 1 0 hwhw-10101010 password-auth huawei profile-id 2
31-28
Issue 02 (2008-04-25)
4. 5.
Bind a DBA profile.

Specify a VLAN for the ONT port.

6. 7. 8. 9.
Add a GEM port.

huawei(config-if-gpon-0/2)#gemport add 1 gemport-id 150 eth
Map the GEM port to the T-CONT on the ONT.

Map the GEM port to the service stream on the ONT port.

Step 2 Configuring VoIP service. 1. 2. 3. Create a VLAN.


Bind the DBA profile.

huawei(config)#interface gpon 0/2 huawei(config-if-gpon-0/2)#tcont bind-profile 1 0 2 profile-id 6
4.

5. 6. 7. 8.
Add a GEM Port.

huawei(config-if-gpon-0/2)#gemport add 1 gemport-id 151 eth


9.
Configure DHCP relay. In this example, set the DHCP domain of VoIP service as voice.
huawei(config)#dhcp mode layer-3 option60 huawei(config)#dhcp-server 1 ip 20.1.1.2 20.1.1 3 huawei(config)#dhcp domain voice //Refer to the actual DHCP option 60 domain value setting
Issue 02 (2008-04-25)
31-29
huawei(config-dhcp-domain-voice)#dhcp-server 1 huawei(config-dhcp-domain-voice)#quit huawei(config)#interface vlanif 101 huawei(config-if-vlanif101)#ip address 10.1.1.1 24 huawei(config-if-vlanif101)#dhcp domain voice gateway 10.1.1.1
Step 3 Configuring IPTV service. 1. Create a VLAN and specify the IP address of the interface.
huawei(config)#vlan 102 smart huawei#interface vlanif 102 huawei(config-if-vlanif102)#ip address 10.2.2.1 16 huawei(config-if-vlanif102)#quit
2. 3.

Configure traffic profiles.

huawei(config)#traffic table ip index 8 cir 1024 priority 5 priority-policy tag-In-Package huawei(config)#traffic table ip index 9 cir 5128 priority 5 priority-policy tag-In-Package
4.
Bind a DBA profile.

huawei(config)#interface gpon 0/2 huawei(config-if-gpon-0/2)#tcont bind-profile 1 0 3 profile-id 6
5.

6. 7. 8. 9.
Add a GEM Port.

huawei(config-if-gpon-0/2)#gemport add 1 0 1 gemportid 152 eth


huawei(config-if-gpon-0/2)#quit huawei(config)#service-port 100 vlan 102 gpon 0/11/1 gemport 152 multi-service user-vlan 12 rx-cttr 8 tx-cttr 9
10. Configure DHCP relay. In this example, set the DHCP option60 domain as video.
huawei(config)#dhcp mode layer-3 option60 huawei(config)#dhcp-server 2 ip 20.2.2.2 20.2.2.3 huawei(config)#dhcp domain video huawei(config-dhcp-domain-video)#dhcp-server 2 huawei(config-dhcp-domain-video)#quit huawei(config)#interface vlanif 102 huawei(config-if-vlanif102)#ip address 10.2.2.1 24 huawei(config-if-vlanif102)#dhcp domain video gateway 10.2.2.1 huawei(config-if-vlanif102)#quit
11. Set multicast data.

huawei(config)#multicast-vlan 102 huawei(config-mvlan102)#igmp mode proxy Are you sure to change IGMP mode?(y/n)[n]:y huawei(config-mvlan102)#igmp uplink-port 0/9/0 huawei(config-mvlan102)#quit huawei(config)#btv huawei(config-btv)#igmp uplink-port-mode default Are you sure to change the uplink port mode?(y/n)[n]:y huawei(config-btv)#quit huawei(config)#multicast-vlan 102
31-30
Issue 02 (2008-04-25)
huawei(config-mvlan102)#igmp program add name program1 ip 224.1.1.1 sourceip 10.10.10.10 huawei(config-mvlan102)#igmp program add name program2 ip 224.1.1.2 sourceip 10.10.10.10 huawei(config-mvlan102)#quit huawei(config)#btv huawei(config-btv)#igmp profile profile-name profile0 program-name program1 watch huawei(config-btv)#igmp profile profile-name profile0 program-name program2 watch huawei(config-btv)#igmp policy service-port 100 normal huawei(config-btv)#igmp user add port 0/2/0 gemport 152 user-vlan 10 auth maxprogram 8 huawei(config-btv)#igmp user bind-profile port 0/2/0 gemport 152 profile-name profile0 huawei(config-btv)#quit huawei(config)#multicast-vlan 102 huawei(config-mvlan102)#igmp multicast-vlan member port 0/2/0 gemport 152 huawei(config-mvlan102)#quit
12. Save the data.

huawei(config)#save
----End
Result
l l l
The Internet user can access Internet in PPPoE dial-up mode. The VoIP user can make and receive a phone call. The IPTV user can watch programs BTV-1 and BTV-2.
Issue 02 (2008-04-25)
31-31
32 ONT Management
32
About This Chapter
NOTE
ONT Management
This topic describes how to configure and manage GPON ONTs through the MA5600T.
32.1 Overview This topic describes how to manage and configure an ONT on the MA5600T side. 32.2 Configuration Example of the GPON ONT This topic provides an example for performing the basic configuration on the ONT on the MA5600T side. The configuration information can be delivered to the ONT through OMCI. 32.3 Configuring an GPON ONT Capability Set Profile This topic describes how to configure an ONT capability set profile to specify the capability of the ONT. 32.4 Configuring the Attributes of a GPON ONT Port This topic describes how to configure the attributes of an ONT port. 32.5 Binding an ONT T-CONT with GEM Ports This topic describes how to bind an ONT T-CONT with GEM ports on the OLT side. 32.6 Configuring the Mapping Between ONT Services and GEM Ports This topic describes how to map the ONT services to GEM ports, so that the ONT services is borne on the specified GEM port and then goes upstream. 32.7 Configuring a VLAN for a GPON ONT Port This topic describes how to configure the Ethernet port on the ONT, specify the port to the specified VLAN and configure the native VLAN for the port. 32.8 Managing the IP Address of a GPON ONT
32 ONT Management
This topic describes how to configure the IP address of an ONT. The IP address of an ONT can be a static one or you can configure the device to obtain the IP address dynamically through the DHCP protocol.
32-2
Issue 02 (2008-04-25)
32 ONT Management
32.1 Overview
This topic describes how to manage and configure an ONT on the MA5600T side.
Service Description
The MA5600T supports the ONT management to control the network and provision services. The ONT Management and Control Interface (OMCI) protocol is applied to the OLT to support the ONT management. OMCI is a configuration and transmission channel that is defined in the GPON standard. It establishes dedicated GEM ports between the OLT and ONTs to transmit the OMCI messages. The OMCI channel is established after the ONT completes the process of registration. The OLT controls the connected ONTs through the OMCI channel. OMCI supports ONT configuration offline and the ONT configuration need not be saved in the local server. Therefore, the service provisioning gets easier. For details on the GPON terminal management, refer to "GPON Terminal Management" in the MA5600T Feature Description.
Figure 32-1 shows the ONT management architecture of the MA5600T. The configuration commands are delivered to CLI/NMS, the SCU ONT management module, the OMCI module on the GPB board, the OMCI module on the ONT and finally to the ONT. In this way, the configuration on the ONT is complete. The ONT status and alarm information is reported to the MA5600T in the reverse direction. Figure 32-1 ONT management architecture
SCU control board C L I GPB interface board
User
ONT management Upper-layer protocol N module M S
OMCI management module
OMCI message OMCI module ONT
32.2 Configuration Example of the GPON ONT

This topic provides an example for performing the basic configuration on the ONT on the MA5600T side. The configuration information can be delivered to the ONT through OMCI.
Issue 02 (2008-04-25)
32-3
32 ONT Management
Prerequisites
l l
The network devices and the lines must be in the normal state. Boards of the MA5600T must have been added correctly.
Networking
Figure 32-2 shows an example network for configuring an ONT. The GPON port (0/2/1) on the MA5600T is connected to 64 ONTs through a 2-level splitter. On the MA5600T, you can configure ONTs at different locations in a centralized way. Here, the basic configuration of one ONT (with ONT ID as 0) is taken as example. Figure 32-2 Example network for configuring an ONT
Data Plan
Table 32-1 provides the data plan for configuring an ONT. Table 32-1 Data plan for configuring an ONT Item Service port DBA Data 0/11/1 Index: 12 Profile type: type1 Fixed bandwidth: 10240 kbit/s
32 ONT Management
Item ONT capability set profile
Data
l l l l l
Index: 20 Number of POTS port: 1 Number of FE port: 4 Number of GE port: 1 Number of T-CONTs: 8
Alarm threshold profile ONT
Index: 30
l l

l l
IP address: 192.168.1.3/24 Port VLANs: FE port-VLAN 20, GE port-VLAN 30
Figure 32-3 shows the flowchart for configuring an ONT. Figure 32-3 Flowchart for configuring an ONT
Start Add an ONT
Is there a right ONT capability set profile? Yes
No Configure an ONT capability set profile
Bind the alarm profile
Bind the DBA profile Configure the IP address of the ONT Specify VLANs for ONT ports
Is there a right T-CONT profile? Yes
No
Configure a DBA profile Save the data
Is there a right alarm profile? Yes
No
End Configure an alarm profile
Issue 02 (2008-04-25)
32-5
32 ONT Management
Procedure
Step 1 Configure an ONT capability set profile. The profile configuration must be compatible with the hardware capacity of the ONT that is to be bound.
huawei(config)#ont-profile add gpon profile-id 20 { <cr>|profile-name<K> }: Command: > > > > > > > > > > > > > > > > > > > > > > > > > ont-profile add gpon profile-id 20 Press 'Q' or 'q' to quit input Number of uplink PON ports<1-2> [1]: IP config mode<0-Nonsupport, 1-Support, 2-DHCP only, 3-Static only> [1]: The type of MAC bridge<1-Single,2-Multi> [1]: Number of GEM ports<1-32> [32]:32 Is UNI configuration concerned?<1-not concern, 2-concern> [2]: Number of POTS ports<0-16> [0]:1 Number of FE ports<0-32> [0]:4 Number of GE ports<0-8> [0]:1 TDM port type<1-E1,2-T1> [1]: TDM service type<1-TDMoGEM> [1]: Number of TDM ports<0-8> [0]: Number of MOCA ports<0-8> [0]: Number of CATV ANI ports<0-2> [0]: Number of CATV UNI ports<0-16> [0]: Mapping mode<1-VLANID, 2-802_1pPRI, 3-VLANID_802_1pPRI> [1]: Number of T-CONTs<1-8> [1]:8 The type of flow control<1-PQ,2-CAR> [1]: Number of PQs in T-CONT 0<1-8> [4]: Number of PQs in T-CONT 1<1-8> [4]: Number of PQs in T-CONT 2<1-8> [4]: Number of PQs in T-CONT 3<1-8> [4]: Number of PQs in T-CONT 4<1-8> [4]: Number of PQs in T-CONT 5<1-8> [4]: Number of PQs in T-CONT 6<1-8> [4]: Number of PQs in T-CONT 7<1-8> [4]: Adding an ONT profile succeeded Profile-ID : 20 Profile-Name : ont-profile_20
Step 2 Configure a DBA profile. The fixed bandwidth and attributes of the DBA profile must be compatible with the service to be borne.
huawei(config)#DBA-profile add profile-id 12 type1 fix 10240
Step 3 Configure an alarm profile. The alarm of the profile must be set according to the line quality requirements and actual line conditions.
huawei(config)#gpon alarm-profile add profile-id 30 <cr>|profile-name<K> }: Command: > > > > > > > > > > > gpon alarm-profile add profile-id 30 GEM port loss of packets threshold (0~100)[0]: GEM port misinserted packets threshold (0~100)[0]: GEM port impaired blocks threshold (0~100)0[0]: Ethernet FCS errors threshold (0~100)[0]: Ethernet excessive collision count threshold (0~100)[0]: Ethernet late collision count threshold (0~100)[0]: Too long Ethernet frames threshold (0~100)[0]: Ethernet buffer (Rx) overflows threshold (0~100)[0]: Ethernet buffer (Tx) overflows threshold (0~100)[0]: Ethernet single collision frame count threshold (0~100)[0]: Ethernet multiple collisions frame count threshold (0~100)[0]: 30 30 30 30 30 30 30 30 30 30 30
32-6
Issue 02 (2008-04-25)

> > > > > > > > > > > > > > >
32 ONT Management
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30
Ethernet SQE count threshold (0~100)[0]: Ethernet deferred transmission count threshold (0~100)[0]: Ethernet internal MAC Tx errors threshold (0~100)[0]: Ethernet carrier sense errors threshold (0~100)[0]: Ethernet alignment errors threshold (0~100)[0]: Ethernet internal MAC Rx errors threshold (0~100)[0]: PPPOE filtered frames threshold (0~100)[0]: MAC bridge port discarded frames due to delay threshold (0~100)[0]: MAC bridge port MTU exceeded discard frames threshold (0~100)[0]: MAC bridge port received incorrect frames threshold (0~100)[0]: CES error time threshold(0~100)[0]: CES severely time threshold(0~100)[0]: CES bursty time threshold(0~100)[0]: CES controlled slip threshold(0~100)[0]: CES unavailable time threshold(0~100)[0]:
Step 4 Add an ONT and bind the ONT with capability set profile 20.
Step 5 Bind the alarm profile.

huawei(config-if-gpon-0/2)#ont alarm-profile 1 0 profile-id 30
Step 6 Bind the DBA profile. The ONT capacity profile contains eight T-CONTs and these T-CONTs are available only after the binding operation. Different T-CONTs are recommended for services of different types.
Step 7 Configure the IP address of the ONT. The IP address is used for ONT management and the default IP address is 192.168.1.1/24.
huawei(config-if-gpon-0/2)#ont ipconfig 1 0 static ip-address 192.168.1.3 mask 255.255.255.0

huawei(config-if-gpon-0/2)#ont port vlan 1 0 fe 20 0-3 huawei(config-if-gpon-0/2)#ont port vlan 1 0 ge 30 0

huawei(config-if-gpon-0/2)#quit huawei(config)#save
----End
32.3 Configuring an GPON ONT Capability Set Profile

This topic describes how to configure an ONT capability set profile to specify the capability of the ONT.
l
All ONTs must be bound with a capability set profile and the bound profile is specified in the case of adding the ONT offline or confirming the auto discovery. By default, the system supports up to 16 capability set profiles. The profiles can be MDU type, ONT type or others. The profile index ranges from 1 to 16. Currently, seven default ONT profiles are built and fixed in the system.
Issue 02 (2008-04-25)
32 ONT Management
l
The contents of the capability set profile restrict the port number that is referenced in commands for GEM port mapping, T-CONT/PQ mapping and the ONT VLAN management.
To add an ONT capability profile, you should configure the capability attributes of the ONT. The attributes include:
l l l l l l l l l l l l l l l l l l
Number of uplink PON ports IP config mode The type of MAC bridge Number of GEM ports Is UNI configuration concerned? Number of POTS ports Number of FE ports Number of GE ports TDM port type TDM service type Number of TDM ports Number of MOCA ports Number of CATV ANI ports Number of CATV UNI ports Mapping mode Number of T-CONTs The type of flow control Number of PQs in T-CONT
For details, see Table 32-2. Table 32-2 Attributes of an ONT capability set profile Attribute Number of uplink PON ports IP config mode The type of MAC bridge Description Options are: 1 and 2. By default, it is 1. Options are: 0-Nonsupport, 1-Support, 2-DHCP only, and 3-Static only. By default, it is 1-Support. Options are: Single and Multi. By default, it is Single. The mapping of service stream to GEM ports varies with the bridge modes. It ranges from 1 to 32. By default, it is 32. It is a hardware capacity.
Number of GEM ports
32-8
Issue 02 (2008-04-25)
32 ONT Management
Attribute Is UNI configuration concerned?
Description Options are: not-concern and concern. By default, it is concern. It is a hardware capacity. To ease the MDU management, you can set this attribute to not-concern. Then, you are not required to confirm the number and type of various ports, and the configuration of commands that is related to the ports is prohibited, such as commands for the GEM port mapping configuration and the ONT VLAN management. It ranges from 0 to 16. By default, it is 0. It is a hardware capacity. It ranges from 0 to 32. By default, it is 0. It is a hardware capacity. It ranges from 0 to 8. By default, it is 0. It is a hardware capacity. Options are: E1 and T1. By default, it is E1. It supports only TDMoGEM. It ranges from 0 to 8. By default, it is 0. It is a hardware capacity. It ranges from 0 to 8. By default, it is 0. It is a hardware capacity. It ranges from 0 to 2. By default, it is 0. It is a hardware capacity. It ranges from 0 to 16. By default, it is 0. It is a hardware capacity. It indicates the mapping mode of data service stream to GEM ports. If the type of MAC bridge is Single, the available options are:
l l l
Number of POTS ports Number of FE ports Number of GE ports TDM port type TDM service type Number of TDM ports Number of MOCA ports Number of CATV ANI ports Number of CATV UNI ports Mapping mode
VLANID 802_1PPRI VLANID+802_1PPRI
By default, it is VLANID. If the type of MAC bridge is Multi, you can select the port ID mapping mode. It is a hardware capacity. Each ONT can be configured with only one mapping mode. Number of T-CONTs The number of T-CONTs supported by the ONT. It ranges from 1 to 8. By default, it is 1. It is a hardware capacity.
Issue 02 (2008-04-25)
32-9
32 ONT Management
Attribute The type of flow control
Description The type of the ONT flow control. Options are:

l l
PQ CAR
Number of PQs in T-CONT
It indicates the number of priority queues (PQs) that are supported by a T-CONT. It ranges from 1 to 8. By default, it is 4. It is a hardware capacity. When multiple T-CONTs exist, you can configure each T-CONT separately.
Procedure
Step 1 Run the ont-profile add command to configure an ONT capability set profile. Step 2 Run the display ont-profile command to query the ONT capability set profile. ----End
Example
To configure a certain type of ONT capability set profile with the profile index as 20, do as follows:
huawei(config)#ont-profile add profile-id 20 { <cr>|profile-name<K> }: Command: > > > > > > > > > > > > > > > > > > > ont-profile add profile-id 20 Press 'Q' or 'q' to quit input Number of uplink PON ports<1-2> [1]: IP config mode<0-Nonsupport, 1-Support, 2-DHCP only, 3-Static only> [1]:1 The type of MAC bridge<1-Single,2-Multi> [1]: Number of GEM ports<1-32> [32]: Is UNI configuration concerned?<1-not concern, 2-concern> [2]: Number of POTS ports<0-16> [0]:2 Number of FE ports<0-32> [0]:4 Number of GE ports<0-8> [0]:1 TDM port type<1-E1,2-T1> [1]: TDM service type<1-TDMoGEM> [1]: Number of TDM ports<0-8> [0]: Number of MOCA ports<0-8> [0]:1 Number of CATV ANI ports<0-2> [0]:1 Number of CATV UNI ports<0-16> [0]:1 Mapping mode<1-VLANID, 2-802_1pPRI, 3-VLANID_802_1pPRI> [1]:3 Number of T-CONTs<1-8> [1]:2 The type of flow control<1-PQ,2-CAR> [1]: Number of PQs in T-CONT 0<1-8> [4]:3 Number of PQs in T-CONT 1<1-8> [4]:3 Adding an ONT profile succeeded Profile-ID : 20 Profile-Name : ont-profile_20
huawei(config)#display ont-profile profile-id 20 -------------------------------------------------------------------------profile-id : 20 profile-name: ont-profile_20 -------------------------------------------------------------------------Number of uplink PON ports: 1 IP configuration: Support
32-10
Issue 02 (2008-04-25)
32 ONT Management
MAC Bridge Type: Single-Bridge Number of GEM ports: 32 UNI configuration concerned or not: Concerned Number of POTS ports: 2 Number of FE ports: 4 Number of GE ports: 1 TDM port type: E1 TDM service type: TDMoGem Number of TDM ports: 0 Number of MOCA ports: 1 Number of CATV ANI ports: 1 Number of CATV UNI ports: 1 Mapping mode: VLAN ID + 802.1p PRI Number of T-CONTs: 2 The type of flow control: PQ Number of PQs in T-CONT 0: 3 Number of PQs in T-CONT 1: 3 -------------------------------------------------------------------------Binding times: 0 --------------------------------------------------------------------------
Related Operations
Table 32-3 lists the related operations for configuring an ONT capability set profile. Table 32-3 Related operations for configuring an ONT capability set profile To... Query the capability of an ONT Delete an ONT capability set profile Run the Command... display ont capability ont-profile delete Remarks You can query the ONT capability only when the ONT is online.
l
Default profiles cannot be deleted. An ONT capability set profile that is bound with others cannot be deleted.
Modify an ONT capability set profile
ont-profile modify
An ONT capability set profile that is bound with others cannot be deleted.
32.4 Configuring the Attributes of a GPON ONT Port

This topic describes how to configure the attributes of an ONT port.
l l
By default, the coding mode of an E1 port is HDB3, and the status of a CATV port is on. The attributes of an ONT port can be configured only when the capability set profile bound with the ONT has been configured with E1 or CATV ports.
Procedure
Step 1 Run the interface gpon command to enter GPON mode.
32 ONT Management
Step 2 Run the ont port attribute command to configure the attributes of the ONT port. Step 3 Run the display ont port attribute command to query the attributes of the ONT port. ----End
Example
To configure the attributes of E1 port 0 on ONT 0 which is connected to GPON port0/2/0, do as follows:
huawei(config)#interface gpon 0/2/0 huawei(config-if-gpon-0/2/0)#ont port attribute 0 0 e1 0 AMI huawei(config-if-gpon-0/2/0)# Setting E1 port attribute succeeded huawei(config-if-gpon-0/2/0)#display ont port attribute 0 0 e1 0 -----------------------------------------------------ont-portid code 0 AMI ------------------------------------------------------
32.5 Binding an ONT T-CONT with GEM Ports

This topic describes how to bind an ONT T-CONT with GEM ports on the OLT side.
l
If the T-CONT is set to SP scheduling mode, the PQ serial number stands for the SP priority in ascending order with 0 as the lowest priority. Before the configuration, the ONT must have been added and the T-CONT has been bound with a capability set profile. The MA5600T supports the rate limitation of the GEM port on the ONT side, provided that the ONT supports this function and the bound ONT capability set profile is configured.
Procedure
Step 1 Run the ont gemport bind command to bind the GEM port and the T-CONT. Step 2 Run the display ont gemport command to query the binding of the ONT GEM port. ----End
Examples
To bind T-CONT 1 on ONT 0 of port 0/11/0 with GEM ports 151 and 152, and set the priorityqueue to 0, do as follows:
huawei(config-if-gpon-0/2)#ont gemport bind 0 0 151,152 1 priority-queue 0 huawei(config-if-gpon-0/2)#display ont gemport 0 ontid 0 { <cr>|tcont-id<K> }: Command: display ont gemport 0 ontid 0 ---------------------------------------------------------------------------F/S/P GEM port ONT T-CONT Service Encrypt Prio Average Max band ID ID ID type queue band(kpbs) (kpbs) ---------------------------------------------------------------------------0/11/0 151 0 1 ETHERNET off 0 0/11/0 152 0 1 ETHERNET off 0 -
32-12
Issue 02 (2008-04-25)
32 ONT Management
---------------------------------------------------------------------------The number of GEM ports is: 2
To bind T-CONT 1 on ONT 1 of port 0/11/0 with GEM port 130, and set the average and the maximum bandwidth to 1 Mbit/s and 2 Mbit/s respectively, do as follows:
huawei(config-if-gpon-0/2)#ont gemport bind 0 1 130 1 car 1024 2048 The GEM port(s) bind the T-CONT successfully huawei(config-if-gpon-0/2)#display ont gemport 0 ontid 1 { <cr>|tcont-id<K> }: Command: display ont gemport 0 ontid 1 ---------------------------------------------------------------------------F/S/P GEM port ONT T-CONT Service Encrypt Prio Average Max band ID ID ID type queue band(kpbs) (kpbs) ---------------------------------------------------------------------------0/11/0 130 1 1 ETHERNET off 1024 2048 ---------------------------------------------------------------------------The number of GEM ports is: 1
Related Operations
Table 32-4 lists the related operations for binding an ONT T-CONT with GEM ports. Table 32-4 Related operations for binding an ONT T-CONT with GEM ports To... Cancel the binding between an ONT T-CONT and GEM ports Configure the mapping between ONT service and GEM ports Run the Command... undo ont gemport bind ont gemport mapping
32.6 Configuring the Mapping Between ONT Services and GEM Ports
This topic describes how to map the ONT services to GEM ports, so that the ONT services is borne on the specified GEM port and then goes upstream.
l
Before the configuration, the binding between the GEM ports and the ONT T-CONT must have been established. To map the TDM E1 port to a specified GEM port, the GEM port attribute must be TDM.
The exact mapping rule is related to the hardware capacity of the ONT. The MA5600T supports four types of mapping rules:
l
In ONT single bridge mode,

Mapping by VLAN ID Mapping by 802.1p priority

Issue 02 (2008-04-25)
32 ONT Management
l
Mapping by VLAN ID + 802.1p priority Mapping by port ID
In ONT multi-bridge mode,
Procedure
Step 1 Run the ont gemport mapping command to configure the mapping between ONT services and GEM ports. Step 2 Run the display ont gemport mapping command to query the GEM port mapping of the ONT. ----End
Example
To map the service stream with VLAN ID 1 to GEM port 150 on ONT 0 that is connected to port 0/11/0, do as follows:
huawei(config-if-gpon-0/2)#ont gemport mapping 0 0 150 vlan 1 huawei(config-if-gpon-0/2)#display ont gemport mapping 0 ontid 0 ---------------------------------------------------------------------------F/S/P GEM port-ID ONT-ID ONT port-type ONT Port-ID Vlan-ID Vlan-Priority ---------------------------------------------------------------------------0/11/0 150 0 1 ---------------------------------------------------------------------------The number of mappings: 1
Related Operations
Table 32-5 lists the related operations for configuring the mapping between ONT services and GEM ports. Table 32-5 Related operations for configuring the mapping between ONT services and GEM ports To... Configure the mapping between ONT services and GEM ports Configure the mapping between GEM ports and PQ or T-CONT Run the Command... undo ont gemport mapping ont gemport bind
32.7 Configuring a VLAN for a GPON ONT Port

This topic describes how to configure the Ethernet port on the ONT, specify the port to the specified VLAN and configure the native VLAN for the port.
l
Currently, the MA5600T supports the configuration of VLANs on the FE, GE, MoCA and VoIP ports.
32-14

l l l
32 ONT Management
Before configuring the Native VLAN, the port must have been added to the VLAN. If you configure the Native VLAN repeatedly, the configuration of the last time takes effect. When the native VLAN of an ONT port is configured, if the ingress data packets do not have the VLAN tag, the ONT adds the VLAN tag to the untag packets; if the egress data packets have the native VLAN tag, the ONT extracts the VLAN tag from the packets. If a VLAN added with ports is configured as the Native VLAN, the VLAN cannot be deleted.
Procedure
Step 1 Run the ont port vlan command to add a VLAN to an ONT port. Step 2 Run the ont port native-vlan command to configure the Native VLAN for the ONT port. Step 3 Run the display ont port vlan command to query the configuration information on the ONT port. ----End
Example
To add VLAN 100 to FE ports 1 and 2 on ONT 0 that is connected to port 0/11/0, and specify the Native VLAN 100 for port 1, do as follows:
huawei(config-if-gpon-0/2)#ont port vlan 0 0 fe 100 1,2 huawei(config-if-gpon-0/2)#ont port native-vlan 0 0 fe 1 vlan 100 huawei(config-if-gpon-0/2)#display ont port vlan 0 0 byport fe 1 -----------------------------------------------------port-type: FE ont-portid: 1 vlan-list: 1,100 native-vlan: 100 priority: 0 ------------------------------------------------------
Related Operation
Table 32-6 lists the related operation for configuring a VLAN on a GPON ONT port. Table 32-6 Related operation for configuring a VLAN on a GPON ONT port To... Delete an ONT port from a VLAN Run the Command... undo ont port vlan
32.8 Managing the IP Address of a GPON ONT

This topic describes how to configure the IP address of an ONT. The IP address of an ONT can be a static one or you can configure the device to obtain the IP address dynamically through the DHCP protocol.
Issue 02 (2008-04-25)
32-15
32 ONT Management
l
You can configure the static IP address, mask, gateway, and IP addresses of primary and secondary DNS servers. It is recommended that you configure the device to obtain the IP address dynamically through the DHCP protocol to save the IP address resource.
Procedure
Step 1 Run the ont ipconfig command to configure the IP address of an ONT. Step 2 Run the display ont ipconfig command to query the IP address of the ONT. ----End
Example
To configure the ONT 0 that is connected to port 0/11/0 to obtain IP address dynamically through the DHCP protocol, do as follows:
huawei(config-if-gpon-0/2)#ont ipconfig 0 0 dhcp huawei(config-if-gpon-0/2)#display ont ipconfig 0 0 ONT 0 IP query result ONT config type : DHCP
32-16
Issue 02 (2008-04-25)
33 Ethernet OAM Configuration
33
About This Chapter
NOTE
Ethernet OAM Configuration
This topic describes the Ethernet OAM technology and the method of configuring the Ethernet OAM feature on the MA5600T.
33.1 Overview This topic describes Ethernet Operation Administration & Maintenance (OAM) and its application on the MA5600T. 33.2 Configuration Example of Ethernet OAM This topic provides an example for configuring the Ethernet OAM on the MA5600T. 33.3 Creating an MD This topic describes how to create an Maintenance Domain (MD). 33.4 Creating an MA This topic describes how to create a Maintenance Association (MA). 33.5 Creating an MEP This topic describes how to create an Maintenance association End Point (MEP). 33.6 Creating an RMEP This topic describes how to create a Remote Maintenance association End Point (RMEP). 33.7 Enabling the CFM Globally This topic describes how to enable the Connectivity Fault Management (CFM) globally. 33.8 Enabling the CFM Alarm Globally This topic describes how to enable the CFM alarm globally.
33.9 Enabling the Administration Function of an MEP This topic describes how to enable the administration function of an MEP. 33.10 Enabling the CC Transmission of an MEP This topic describes how to enable the Continuity Check (CC) transmission of an MEP. 33.11 Enabling the Global Detection Function of an RMEP This topic describes how to enable the global detection function of a Remote Maintenance association End Point (RMEP). 33.12 Enabling the RMEP Detection Function This topic describes how to enable the detection function of the RMEP. 33.13 Configuring Priorities for Transmitting CCMs/LTMs This topic describes how to configure priorities for transmitting Continuity Check Messages (CCMs)/LinkTrace Messages (LTMs) of an MEP. 33.14 Configuring the Interval for an MA to Transmit a CC This topic describes how to configure the interval for an MA to transmit a CC. 33.15 Configuring the Base Address of Multicast Destination MAC Addresses of CCMs/LTMs This topic describes how to configure the base address of multicast destination MAC addresses of CCMs/LTMs. To send CCMs/LTMs, an MEP must be specified with a multicast address. Because the protocol does not specify the format of it, the multicast address is configurable to enhance the intercommunication and compatibility of the MA5600T. 33.16 Configuring the Loop Detection Function Loopback Message (LBM) helps an MEP to locate a fault in an MA. This topic describes how to configure the loop detection function. 33.17 Configuring the Link Trace Function LTMs are used to detect the Maintenance domain Intermediate Point (MIP) path between two MEPs. This topic describes how to configure an LTM.
33-2
Issue 02 (2008-04-25)
33.1 Overview
This topic describes Ethernet Operation Administration & Maintenance (OAM) and its application on the MA5600T.
Service Description
OAM is a significant method for reducing the cost of network maintenance. The Ethernet OAM technology provides end-to-end methods for monitoring, diagnosing and locating the faults on the Ethernet links. The OAM management packets are initiated or terminated on the upstream port of the MA5600T. When any Ethernet link fault is detected, an alarm is generated. You can locate the fault based on the alarm information. You can also perform OAM configuration management through the NMS. The NMS maintains the network based on the reported information on OAM status and alarms. For details on the Ethernet OAM protocol, refer to "Ethernet OAM" in the MA5600T Feature Description.
IEEE P802.1ag CFM provides an end-to-end fault detection method. CFM defines the process for diagnosing a fault in an Ethernet domain. CFM is a multipoint-tomultipoint application scenario and it provides end-to-end fault detection and diagnosis for the entire Ethernet network. The MA5600T supports the Ethernet OAM mechanism of CFM protocol, including fault detection and diagnosis methods, including connectivity check, loop detection and link trace.
33.2 Configuration Example of Ethernet OAM

This topic provides an example for configuring the Ethernet OAM on the MA5600T.
Networking
Figure 33-1 shows an example network for configuring Ethernet OAM. In this example network, the Ethernet OAM mechanism is adopted for the link between MA5600T_A and MA5600T_B for detecting link faults. The local MEP and remote MEP are configured on both MA5600T_A and MA5600T_B. The ID of the local MEP on MA5600T_B is the same as the ID of the remote MEP on MA5600T_A, and the ID of the remote MEP on MA5600T_B is the same as the ID of the local MEP on MA5600T_A.
Issue 02 (2008-04-25)
33-3
Figure 33-1 Example network for configuring Ethernet OAM

Router
0 / 19 / 0 MA5600T_A
0 / 19 / 1 MA5600T_B
Data Plan
Table 33-1 provides the data plan for configuring Ethernet OAM. Table 33-1 Data plan for configuring Ethernet OAM Item MA5600T_A Data Port: 0/9/0 Smart VLAN: 100 MEP: 2/6/0 MEP-id: 260 RMEP-id: 2260 CC-interval: 1m MA5600T_B Port: 0/9/1 Smart VLAN: 200 MEP: 2/6/0 MEP-id: 2260 RMEP-id: 260 CC-interval: 1m
Before configuring the Ethernet OAM, make sure that:
l l
The network devices and lines must be in the normal state. The router supports Ethernet OAM.
Figure 33-2 shows the flowchart for configuring Ethernet OAM.
Figure 33-2 Flowchart for configuring Ethernet OAM

Start
Create and configure a VLAN
Configure an MD
Configure an MA
Configure an MEP
Configure an RMEP
Set the interval for the MA to transmit CCMs (Optional)
Enable the local CFM globally
Enable the remote CFM globally
Save the data
End
Procedure
Step 1 Create and configure a VLAN.
Step 2 Configure an MD.

huawei(config)#cfm md 2 name-format string huawei level 3
Step 3 Configure an MA.

huawei(config)#cfm ma 2/6 name-format string huawei-6 vlan 100
Step 4 Configure an MEP.

huawei(config)#cfm mep 2/6/0 mepid 260 direction outward port 0/9/0 priority 7
Step 5 Configure an RMEP.

huawei(config)#cfm remote-mep 2/6/0 remote-mepid 2260
Issue 02 (2008-04-25)
33-5
Step 6 (Optional) Set the interval for the MA to transmit CCMs.

huawei(config)#cfm ma 2/6 cc-interval 1m
Step 7 Enable the local CFM globally.

huawei(config)#cfm enable
Step 8 Enable the remote MEP detection globally.

huawei(config)#cfm remote-mep-detect enable

huawei(config)#save
NOTE
Configuration on MA5600T_B is the same as that on MA5600T_A and it is not repeated here.
----End
Result
After the configuration, run the display cfm statistics mep command on MA5600T_A or MA5600T_B and you can find packet statistics. Of the statistics, neither "CCM Sent Pkt Num" nor "CCM Received Pkt Num" values zero.
33.3 Creating an MD
This topic describes how to create an Maintenance Domain (MD).
l
Ethernet CFM provides a fault diagnosis process in an Ethernet domain. It divides the network into up to eight levels. Multiple levels can exist on a bridge simultaneously to manage different MDs. Up to three MDs can be created in the system. The administration domain of CFM comprises bridges while the maintenance domain is combined by bridges and maintenance levels.
TIP
l l
It is recommended to classify the administrator domain into three levels: customer domain (levels 75), provider domain (levels 43), and operator domain (levels 20).
Procedure
Step 1 Run the cfm md command to create an MD. Step 2 Run the display cfm md command to query the configuration state of the MD. ----End
Example
l l
MD index: 2 Name type: string

33-6

l l
Name: huawei Level: 3
To create the MD, do as follows:

huawei(config)#cfm md 2 name-format string huawei level 3 huawei(config)#display cfm md { <cr>|mdindex<0,2> }: Command: display cfm md ----------------------------------------------------------------------MD MD MD MD Index NameType Name Level ----------------------------------------------------------------------0 dns 1 7 1 dns feifei 6 2 string huawei 3 ----------------------------------------------------------------------Total: 3
Related Operation
Table 33-2 lists the related operation for creating an MD. Table 33-2 Related operation for creating an MD To... Delete an MD Run the Command... undo cfm md Remarks The deleted MD must not be configured with any MA.
33.4 Creating an MA
This topic describes how to create a Maintenance Association (MA).
l
The created MA must belong to an existing MD and associate with an existing VLAN. The VLAN must not associate with any other MA. By default, the interval for sending the Continuity Check (CC) protocol packets is one minute. By default, the remote MEP detection of an MA is enabled, and the global remote MEP detection is disabled. The MA5600T supports up to 48 MAs, and each MD can be configured with up to 48 MAs.
Procedure
Step 1 Run the cfm ma command to create an MA. Step 2 Run the display cfm ma command to query the configuration state of the MA. ----End
Example
l l l l
MA index: 2/47 MA name type: string MA name: huawei-ma-10 MA VLAN ID: 20
To create the MA, do as follows:

huawei(config)#cfm ma 2/10 name-format string huawei-ma-10 vlan 20 huawei(config)#display cfm ma 2/10 MA Index : 2/10 MA NameType : string MA Name : huawei-ma-10 MA VlanID : 20 MA CC Interval : 1m MA Remote-mep-detect : enable
Related Operations
Table 33-3 lists the related operations for creating an MA. Table 33-3 Related operations for creating an MA To... Delete an MA Run the Command... undo cfm ma Remarks The deleted MA must not be configured with any MEP or RMEP. You can configure only the created MA.
Configure the interval for an MA to send CCMs Enable the detection of remote MEP in an MA
cfm ma cc-interval cfm ma remote-mep-detect enable
33.5 Creating an MEP

This topic describes how to create an Maintenance association End Point (MEP).
l
MA consists of Maintenance Points (MPs) and MP is defined to be on bridge ports. Therefore, MP is a combination of bridge port, VLAN and maintenance level. MP can be an MEP or an MIP. MEP initiates and responds to CFM messages while MIP does not initiate CFM messages but transparently transmits or responds to CFM messages. Currently, ports on the MA5600T can function only as MEP. Only one MEP can be created within an MA. By default, the administrative state of MEP is enabled, the priority of CFM message is 7 and the transmission of CCMs is enabled.
l l
33-8

l
To create an MEP, the associated MD and MA must be created successfully. Moreover, on the VLAN that associates with the MA, there must be a port to be associated with the created MEP.
Procedure
Step 1 Run the cfm mep command to create an MEP. Step 2 Run the display cfm mep command to query the configuration state of the MEP. ----End
Example
l l l l l
MEP index: 2/4/0 MEP ID: 100 MEP direction: outward MEP port: 0/15/0 MEP priority: 5
To create the MEP, do as follows:

huawei(config)#cfm mep 2/4/0 mepid 100 direction outward port 0/9/0 priority 5 huawei(config)#display cfm mep 2/4/0 Command: display cfm mep 2/4/0 MEP Index : 2/4/0 MEP ID : 100 MEP Direction : outward MEP Port : 0/9/0 MEP Admin Status : enable MEP CC Status : enable MEP Priority : 5 MEP Alarm Status : -
Related Operation
Table 33-4 lists the related operation for creating an MEP. Table 33-4 Related operation for creating an MEP To... Delete an MEP Run the Command... undo cfm mep
33.6 Creating an RMEP

This topic describes how to create a Remote Maintenance association End Point (RMEP).
l
Unique MEP IDs must exist in an MA.

Issue 02 (2008-04-25)

l l
A local MEP can be associated with up to six RMEPs. MEPs that are mutually remote to each other must be in the same MA.
Procedure
Step 1 Run the cfm remote-mep command to create an RMEP. Step 2 Run the display cfm ma command to query the configuration state of the MA. ----End
Example
To create RMEP 2/4/5 with remote-mepid of 200 for local MEP 2/4/0, do as follows:
huawei(config)#cfm remote-mep 2/4/5 remote-mepid 200 huawei(config)#display cfm ma 2/4 MA Index : 2/4 MA NameType : string MA Name : huawei-ma-4 MA VlanID : 50 MA CC Interval : 1m MA Remote-mep-detect : enable ----------------------------------------------------------------------MEP MEP MEP Admin CC Alarm Index MEPID Direction Port Status Status Priority Status ----------------------------------------------------------------------2/4/0 100 outward 0/9/0 enable enable 5 ----------------------------------------------------------------------Total: 1 ----------------------------------------------------------------------Remote MEP Remote MEP Remote MEP Index MEPID Mac-address ----------------------------------------------------------------------2/4/5 200 ----------------------------------------------------------------------Total: 1
Related Operation
Table 33-5 lists the related operation for creating an RMEP. Table 33-5 Related operation for creating an RMEP To... Delete an RMEP Run the Command... undo cfm remote-mep
33.7 Enabling the CFM Globally

This topic describes how to enable the Connectivity Fault Management (CFM) globally.
l
When the CFM is enabled, the CFM packets are to be captured and the functions of Continuity Check, loop detection and link trace are enabled.
33-10

l
When the CFM is disabled, the CFM packets should not be captured and the functions of Continuity Check, loop detection and link trace are enabled. By default, the CFM is disabled.
Procedure
Step 1 Run the cfm enable command to enable the CFM globally. Step 2 Run the display cfm command to query the configuration state of the CFM. ----End
Example
To enable the CFM globally, do as follows:
huawei(config)#cfm enable huawei(config)#display cfm { <cr>|md<K>|ma<K>|mep<K>|statistics<K> }: Command: display cfm CFM Global Status Remote-mep-detect Status Alarm Status CC/LT Base-mac-address : : : : enable disable enable 0180-c200-0100
Related Operation
Table 33-6 lists the related operation for enabling the CFM globally. Table 33-6 Related operation for enabling the CFM globally To... Disable CFM switch globally Run the Command... cfm disable
33.8 Enabling the CFM Alarm Globally

This topic describes how to enable the CFM alarm globally.
l l l
When the CFM alarm is enabled, alarms detected by the CFM are reported. When the CFM is disabled, alarms detected by the CFM are not reported. By default, the CFM alarm is disabled globally.
Procedure
Step 1 Run the cfm alarm enable command to enable the CFM alarm globally. Step 2 Run the display cfm command to query the configuration state of the CFM. ----End
Example
To enable the CFM alarm globally, do as follows:
huawei(config)#cfm alarm enable huawei(config)#display cfm { <cr>|md<K>|ma<K>|mep<K>|statistics<K> }: Command: display cfm CFM Global Status Remote-mep-detect Status Alarm Status CC/LT Base-mac-address : : : : enable disable enable 0180-c200-0100
Related Operation
Table 33-7 lists the related operation for enabling CFM alarm globally Table 33-7 Related operation for enabling CFM alarm globally To... Disable the CFM alarm globally Run the Command... cfm alarm disable
33.9 Enabling the Administration Function of an MEP

This topic describes how to enable the administration function of an MEP.
l
MEP administrative state identifies the availability of MEP function. When the administrative function of an MEP is disabled, the MEP is unable to send and receive CCMS. The loop detection and link trace functions are not permitted. By default, the administration function of an MEP is enabled.
Procedure
Step 1 Run the cfm mep enable command to enable the administration function of an MEP. Step 2 Run the display cfm mep command to query the configuration state of the MEP. ----End
Example
To enable the administration function of MEP 2/4/0, do as follows:
huawei(config)#cfm mep 2/4/0 enable huawei(config)#display cfm mep 2/4/0 Command: MEP MEP MEP MEP display cfm mep 2/4/0 Index : 2/4/0 ID : 100 Direction : outward Port : 0/9/0
33-12
Issue 02 (2008-04-25)

MEP MEP MEP MEP Admin Status CC Status Priority Alarm Status : : : : enable enable 5 -
Related Operation
Table 33-8 lists the related operation for enabling the administration function of an MEP. Table 33-8 Related operation for enabling the administration function of an MEP To... Disable the administration function of an MEP Run the Command... cfm mep disable
33.10 Enabling the CC Transmission of an MEP

This topic describes how to enable the Continuity Check (CC) transmission of an MEP.
By default, the CC transmission of an MEP is enabled.
Procedure
Step 1 Run the cfm mep cc enable command to enable the CC transmission of an MEP. Step 2 Run the display cfm mep command to query the configuration state of the MEP. ----End
Example
To enable the CC transmission of MEP 2/4/0, do as follows:
huawei(config)#cfm mep huawei(config)#display MEP Index MEP ID MEP Direction MEP Port MEP Admin Status MEP CC Status MEP Priority MEP Alarm Status 2/4/0 cc enable cfm mep 2/4/0 : 2/4/0 : 100 : outward : 0/9/0 : enable : enable : 5 : -
Related Operation
Table 33-9 lists the related operation for enabling the CC transmission of an MEP.
Issue 02 (2008-04-25)
33-13
Table 33-9 Related operation for enabling the CC transmission of an MEP To... Disable the CC transmission of an MEP Run the Command... cfm mep cc disable
33.11 Enabling the Global Detection Function of an RMEP

This topic describes how to enable the global detection function of a Remote Maintenance association End Point (RMEP).
l
The global detection function of an RMEP is used to prevent unnecessary alarm at the period of network CFM configuration, due to that the CFM function is enabled on each node at different times. By default, the global detection function of an RMEP is disabled. The system detects the RMEP configured in the MA of the MEP, and generates alarm on the CC packet loss and RDI, when the following four conditions are met:

l l
CFM is enabled globally. The global detection function of the RMEP is enabled. MEP of each administrative state is enabled. The detection function of the remote MEP of the MA corresponding to each administrative state is enabled.
Procedure
Step 1 Run the cfm remote-mep-detect enable command to enable the global detection function of an RMEP. Step 2 Run the display cfm command to query the configuration of the CFM. ----End
Example
To enable the global detection function of an RMEP, do as follows:
huawei(config)#cfm remote-mep-detect enable huawei(config)#display cfm { <cr>|md<K>|ma<K>|mep<K>|statistics<K> }: Command: display cfm CFM Global Status Remote-mep-detect Status Alarm Status CC/LT Base-mac-address : : : : disable enable enable 0180-c200-0100
Related Operation
Table 33-10 lists the related operation for enabling the global detection function of an RMEP.
Table 33-10 Related operation for enabling the global detection function of an RMEP To... Disable the global detection function of an RMEP Run the Command... cfm remote-mep-detect disable
33.12 Enabling the RMEP Detection Function

This topic describes how to enable the detection function of the RMEP.
l
When the detection function of the RMEP is enabled, the RMEP configured in the MA is detected. Alarms are generated when the CC loss or RDI error occurs. When the detection function of the RMEP is disabled, the RMEP configured in the MA is not detected. By default, the detection function of the RMEP is enabled.
Procedure
Step 1 Run the cfm ma remote-mep-detect enable command to enable the detection function of the RMEP. Step 2 Run the display cfm ma command to query the configuration state of the MA. ----End
Example
To enable the detection function of MA 2/4, do as follows:
huawei(config)#cfm ma 2/4 remote-mep-detect enable huawei(config)#display cfm ma 2/4 MA Index : 2/4 MA NameType : string MA Name : huawei-ma-4 MA VlanID : 50 MA CC Interval : 1m MA Remote-mep-detect : enable ----------------------------------------------------------------------MEP MEP MEP Admin CC Alarm Index MEPID Direction Port Status Status Priority Status ----------------------------------------------------------------------2/4/0 100 outward 0/9/0 enable enable 5 ----------------------------------------------------------------------Total: 1 ----------------------------------------------------------------------Remote MEP Remote MEP Remote MEP Index MEPID Mac-address ----------------------------------------------------------------------2/4/5 200 ----------------------------------------------------------------------Total: 1
Issue 02 (2008-04-25)
33-15
Related Operation
Table 33-11 lists the related operation for enabling the detection function of the RMEP. Table 33-11 Related operation for enabling the detection function of the RMEP To... Disable the detection of the RMEP Run the Command... cfm ma remote-mep-detect disable
33.13 Configuring Priorities for Transmitting CCMs/LTMs

This topic describes how to configure priorities for transmitting Continuity Check Messages (CCMs)/LinkTrace Messages (LTMs) of an MEP.
The priority for transmitting CCMs/LTMs of an MEP ranges 0-7. The smaller the priority value, the higher priority. By default, the priority for transmitting CCMs/LTMs of an MEP is 7.
Procedure
Step 1 Run the cfm mep priority command to configure the priorities for transmitting CCMS/LTMs of an MEP. Step 2 Run the display cfm mep command to query the configuration state of the MEP. ----End
Example
To set the priorities for transmitting CCMs/LTMs of MEP 2/4/0 to 3, do as follows:
huawei(config)#cfm mep huawei(config)#display MEP Index MEP ID MEP Direction MEP Port MEP Admin Status MEP CC Status MEP Priority MEP Alarm Status 2/4/0 priority 3 cfm mep 2/4/0 : 2/4/0 : 100 : outward : 0/9/0 : enable : enable : 3 : -
Related Operation
Table 33-12 lists the related operation for configuring the priorities for transmitting CCMs/ LTMs of an MEP.
33-16
Issue 02 (2008-04-25)
Table 33-12 Related operation for configuring the priorities for transmitting CCMs/LTMs of an MEP To... Enable the administration function of an MEP Run the Command... cfm mep enable
33.14 Configuring the Interval for an MA to Transmit a CC

This topic describes how to configure the interval for an MA to transmit a CC.
Prerequisite
Before you configure the interval, the CC transmission state of MEPs in the MA must be disabled.
l l
By default, the interval for an MA management entity to transmit a CC is 1 minute. At present, the MA5600T supports intervals of 1 minute and 10 minutes.
Procedure
Step 1 Run the cfm ma cc-interval command to configure the interval for an MA to transmit a CC. Step 2 Run the display cfm ma command to query the configuration state of the MA. ----End
Example
To set the interval for an MA to send a CC to 10 minutes, do as follows:
huawei(config)#cfm ma 2/4 cc-interval 10m huawei(config)#display cfm ma 2/4 MA Index : 2/4 MA NameType : string MA Name : huawei-ma-4 MA VlanID : 50 MA CC Interval : 10m MA Remote-mep-detect : enable ----------------------------------------------------------------------MEP MEP MEP Admin CC Alarm Index MEPID Direction Port Status Status Priority Status ----------------------------------------------------------------------2/4/0 100 outward 0/9/0 enable disable 3 ----------------------------------------------------------------------Total: 1 ----------------------------------------------------------------------Remote MEP Remote MEP Remote MEP Index MEPID Mac-address ----------------------------------------------------------------------2/4/5 200 ----------------------------------------------------------------------Total: 1
Issue 02 (2008-04-25)
33-17
Related Operation
Table 33-13 lists the related operation for configuring the interval for an MA to transmit a CC. Table 33-13 Related operation for configuring the interval for an MA to transmit a CC To... Configure CC transmission state of an MEP Run the Command... cfm mep cc
33.15 Configuring the Base Address of Multicast Destination MAC Addresses of CCMs/LTMs
This topic describes how to configure the base address of multicast destination MAC addresses of CCMs/LTMs. To send CCMs/LTMs, an MEP must be specified with a multicast address. Because the protocol does not specify the format of it, the multicast address is configurable to enhance the intercommunication and compatibility of the MA5600T.
l l
By default, the base multicast destination MAC address is 0180-C200-0000. Currently, the format of the base MAC address is 0180-C2XX-XXX0. The part of 0180C2 is specified in the protocol and the "X"s in the part of C2XX-XX cannot be all 0s.
NOTE
The base address of multicast destination MAC addresses refers to the addresses of MEPs in different MDs. The multicast addresses used for sending the CCMs/LTMs are derived from the base multicast destination MAC address by changing the last digit of it. The last digit of the multicast address used by MEP to send CCMs should be consistent with the MD level (07)to which it belongs, while that used by the MEP to LTMS match the MD level plus 8 (8F).
Procedure
Step 1 Run the cfm base-mac-address command to configure the base multicast destination MAC address. Step 2 Run the display cfm command to query the configuration status of the CFM. ----End
Example
To configure the base multicast destination MAC address as 0180-C211-1110, do as follows:
huawei(config)#cfm base-mac-address 0180-C211-1110 huawei(config)#display cfm { <cr>|md<K>|ma<K>|mep<K>|statistics<K> }: Command: display cfm CFM Global Status Remote-mep-detect Status Alarm Status CC/LT Base-mac-address : : : : enable disable enable 0180-c211-1110
33-18
Issue 02 (2008-04-25)
33.16 Configuring the Loop Detection Function

Loopback Message (LBM) helps an MEP to locate a fault in an MA. This topic describes how to configure the loop detection function.
Prerequisite
Before enabling the MEP loop detection function, you must enable the CFM function globally and enable the administrative state of the corresponding MEP.
l
LBM is a unicast message and the unicast MAC address is the address of MEP or MIP discovered by CC or link trace (LT). The MEP at the source end generates an LBM and the index of destination MEP is added into the LBM. By generating an LBM, the MEP activates the timer to calculate the time. When the destination MEP receives the LBM, it sends a Loopback Reply (LBR) to the source MEP. The loopback is successful. By default, the count of LBMs to be sent is 4; the interval for sending LBMs is 1 x 100 ms; the priority of LBM is the same as that of CCM.
Procedure
Step 1 Run the cfm loopback command to configure the loop detection function. Step 2 Run the display cfm statistics command to query the statistics of CFM. ----End
Example
l l l
Count of LBMs: 5 Interval: 1000 ms Priority: 6
To configure that LBM from MEP 2/4/0 is sent to the equipment with the MAC address 0000-0000-0009, do as follows:
huawei(config)#cfm loopback mep 2/4/0 dst-mac-address 0000-0000-0009 count 5 interval 10 priority 6 LBR Lost : Sequence-Num = 1 LBR Lost : Sequence-Num = 2 LBR Lost : Sequence-Num = 3 LBR Lost : Sequence-Num = 4 LB Operation: LBM-Sent = 4 , LBR-Received = 0 , LBR-Lost = 4 huawei(config)#display cfm statistics mep 2/4/0 Command: display cfm statistics mep 2/4/0 CCM Sent Pkt Num : 5037 CCM Received Pkt Num : 0 CCM Xcon Pkt Received Num : 0 CCM Error Pkt Received Num : 0 CCM Wrong Pattern Drop Num : 0 LBM Sent Pkt Num : 9 LBM Received Pkt Num : 0 LBM Wrong Pattern Drop Num : 0
Issue 02 (2008-04-25)
33-19

LBM DstMac Mismatch Drop Num : LBR Sent Pkt Num : LBR Received Pkt Num : LBR Out of Order Num : LBR Wrong Pattern Drop Num : LBR Not Work Drop Num : LBR DstMAC Mismatch Drop Num : LBR SrcMAC Mismatch Drop Num : LBR Wrong TransID Drop Num : LBR Level Mismatch Drop Num : LTM Sent Pkt Num : LTM Received Pkt Num : ---- More ( Press 'Q' to break ) ----

0 0 0 0 0 0 0 0 0 0 0 0
Related Operations
Table 33-14 lists the related operations for configuring the loop detection function. Table 33-14 Related operations for configuring the loop detection function To... Configure the link trace function Enable the administration function of CFM globally Enable the administration of an MEP Run the Command... cfm link-trace cfm enable cfm mep enable
33.17 Configuring the Link Trace Function

LTMs are used to detect the Maintenance domain Intermediate Point (MIP) path between two MEPs. This topic describes how to configure an LTM.
Prerequisite
Before enabling the loop detection of an MEP, you must enable the CFM function globally and enable the administration of the corresponding MEP.
l
An LTM is the message with a known multicast address. But LTM is not multicasted and additional information on the message indicates the destination MAC address of the MEP. When the LTM is forwarded by MPs to the destination MEP in a unicast way, each MP along the path responds an LTR to the source MEP. In this way, the source MEP obtains the information on MPs along the transmission path and records the MAC addresses of these MPs. By default, the priority of an LTM is the same as that of a CCM.
Procedure
Step 1 Run the cfm link-trace command to configure the Link trace function. Step 2 Run the display cfm statistics command to query the statistics of CFM packets. ----End
Example
To set that LT packet from MEP 0/2/4 is sent to the equipment with MAC address 0000-0000-0001 and the priority is 6, do as follows:
huawei(config)#cfm link-trace mep 2/4/0 dst-mac-address 0000-0000-0001 priority 6 huawei(config)#display cfm statistics mep 2/4/0 Command: display cfm statistics mep 2/4/0 CCM Sent Pkt Num : 5037 CCM Received Pkt Num : 0 CCM Xcon Pkt Received Num : 0 CCM Error Pkt Received Num : 0 CCM Wrong Pattern Drop Num : 0 LBM Sent Pkt Num : 9 LBM Received Pkt Num : 0 LBM Wrong Pattern Drop Num : 0 LBM DstMac Mismatch Drop Num : 0 LBR Sent Pkt Num : 0 LBR Received Pkt Num : 0 LBR Out of Order Num : 0 LBR Wrong Pattern Drop Num : 0 LBR Not Work Drop Num : 0 LBR DstMAC Mismatch Drop Num : 0 LBR SrcMAC Mismatch Drop Num : 0 LBR Wrong TransID Drop Num : 0 LBR Level Mismatch Drop Num : 0 LTM Sent Pkt Num : 1 LTM Received Pkt Num : 0 ---- More ( Press 'Q' to break ) ----
Related Operations
Table 33-15 lists the related operations for configuring the Link trace function. Table 33-15 Related operations for configuring the Link trace function To... Configure the loop detection function Enable the administration of CFM globally Enable the administration of an MEP Run the Command cfm loopback cfm enable cfm mep enable
Issue 02 (2008-04-25)
33-21
34 Environment Monitoring Configuration
34
Environment Monitoring Configuration
About This Chapter

This topic describes how to configure the environment monitoring units (EMUs) supported by the MA5600T.
NOTE
34.1 Overview This topic describes environment monitoring application on the MA5600T. 34.2 Configuration Example of the H801ESC The example shows how to configure the built-in analog parameters and digital parameters of the H801ESC. 34.3 Configuration Example of FAN The example shows how to configure a FAN. 34.4 Adding an EMU This topic describes how to add an EMU. 34.5 Configuring a POWER4845 EMU This topic describes how to configure the environment and the power environment parameters of a POWER4845 EMU. 34.6 Configuring the H801ESC Analog Parameters This topic describes how to configure the extended analog parameters or modify the default analog parameters. 34.7 Configuring H801ESC Digital Parameters This topic describes how to configure the extended digital parameters or modify the default digital parameters.
34.8 Configuring the FAN Alarm Report This topic describes how to enable the report of the FAN running alarms to the EMU. 34.9 Setting the FAN Speed Adjustment Mode This topic describes how to set the fan speed adjustment mode. 34.10 Configuring the FAN Speed Level This topic describes how to configure the FAN speed level.
34-2
Issue 02 (2008-04-25)
34.1 Overview
This topic describes environment monitoring application on the MA5600T.
Service Description
The MA5600T provides an environment monitor serial port to connect the serial port on a monitored device. By running master-slave node protocol or access network protocol between the two serial ports, you can monitor the environment of the device from a remote end. The environment parameters such as temperature, humidity, and power supply can be monitored to guarantee that the MA5600T can work reliably in a suitable environment. To perform environment monitoring on a device, the environment monitoring functional modules must be provided, such as H801ESC. These functional modules are referred to as environment monitor unit (EMU), no matter whether they are built in or not.
Monitoring the environment of a device involves two aspects:
l
Environment parameters: Environment parameters refer to factors that may cause failure or even damage to the device. The parameters include: temperature, humidity, door-status switch, smoke, water, MDF, and door status sensor.
Power supply status: Power supply status covers the status of the mains input, the DC distribution, the rectifier module, and the battery.
The environment monitor module of the MA5600T comprises multiple EMUs, such as:
l
Environment monitoring board H801ESC: It monitors the environment parameters such as the ambient temperature, humidity, smog, water penetration, fire, voltage, and power supply alarms through various sensors. FAN EMU (FAN): It monitors the running of the fans, and adjusts the running speed of the fans.
Hardware Connection Between the H801ESC and the Shelf

NOTE
Before the delivery, the EMU has been connected to the shelf. Do not change the connection. To install the EMU into other shelves or to connect EMU again, refer to the following description.
Figure 34-1 shows the connection between the H801ESC and the shelf. The H801ESC connects to the environment monitoring serial port (ESC) on the board through its COM2. The environmental information collected by the H801ESC is reported to the control board through the CITA board.
Issue 02 (2008-04-25)
34-3
Figure 34-1 Connection between the H801ESC and the shelf

COM1 COM2
DC distribution box
H801ESC RS-485 serial port cable
CON ETH ESC
SCU
MA5600T
CAUTION
The H801ESC and the MA5600T shelf communicate with each other in master/salve node mode. The slave node setting must be the same as the DIP switch setting of the EMU. The slave node is numbered 031 but cannot be 30. By default, the slave node is numbered 15. Table 34-1 depicts the correspondence between the H801ESC DIP switch and the slave node number. ON means 0 and OFF means 1. Table 34-1 Correspondence between the H801ESC DIP switch and the slave node number DIP Switch Setting SW101-5 ON ON ON OFF OFF SW101-4 ON ON ON OFF OFF SW101-3 ON ON ON OFF OFF SW101-2 ON ON OFF OFF OFF SW101-1 ON OFF ON ON OFF Meaning Slave Node Number 0 1 2 30 31
34-4
Issue 02 (2008-04-25)
Hardware Connection Between the FAN and the Shelf

NOTE
The FAN connects to the backplane through the RS-485 interface on the rear panel and communicates with the control board through the backplane.
CAUTION
The FAN and the MA5600T shelf communicate with each other in master/salve node mode. The slave node setting must be the same as the DIP switch setting of the EMU. The slave node is numbered 0-7. Table 34-2 depicts the correspondence between the FAN DIP switch and the slave node number. On means 0 and OFF means 1. Table 34-2 Correspondence between the FAN DIP switch and the slave node number DIP Switch Setting SW2-3 ON ON ON ON OFF OFF OFF OFF SW2-2 ON ON OFF OFF ON ON OFF OFF SW2-1 ON OFF ON OFF ON OFF ON OFF Meaning Slave Node Number 0 1 2 3 4 5 6 7
Hardware Connection Between the POWER4845 and the Shelf

NOTE
Figure 34-2 shows the connection between the POWER4845 and the shelf. The COM port of the POWER4845 is connected to the ESC port of the board. The environmental information collected by the POWER4845 is reported to the control board.
Issue 02 (2008-04-25)
34-5
Figure 34-2 Connection between the POWER4845 and the shelf

COM
POWER4845 RS-232 serial port cable

CON ETH ESC
SCU
MA5600T
CAUTION
The POWER4845 and the shelf communicate with each other in master/salve node mode. The setting of the slave node must be the same as that of the DIP switch of the EMU. The slave node ranges from 0 to 31. By default, the slave node is numbered 0. Table 34-3 depicts the correspondence between the POWER4845 DIP switch and the slave node number. On means 1 and OFF means 0. Table 34-3 Correspondence between the POWER4845 and the slave node number DIP Switch Setting S1-4 OFF OFF OFF ON S1-3 OFF OFF OFF ON S1-2 OFF OFF ON ON S1-1 OFF ON OFF ON Meaning Slave Node Number 0 1 2 15
34.2 Configuration Example of the H801ESC

The example shows how to configure the built-in analog parameters and digital parameters of the H801ESC.
Prerequisites
l l
The ESC board communicates with the host through an RS485 serial port cable. The setting of the H801ESC DIP switch is consistent with that of the slave node of EMU. The baud rate is set as 19200 bit/s.
Data Plan
Table 34-4 provides the data plan for configuring the H801ESC. Table 34-4 Data plan for configuring the H801ESC Item EMU Data Type: H801ESC Serial number: 0 Slave node: 15 Remarks It corresponds to the DIP switch setting of the H801ESC, and cannot be identical with the slave node of the FAN or POWER4845. The built-in analog parameters, monitoring the environmental temperature when the device is running. For other parameters, use the default. The built-in digital parameters, monitoring the door sensor. For other parameters, use the default.
Analog parameters
ID: 0
Alarm threshold (upper limit): 54 Alarm threshold (lower limit): 6 Digital parameters ID: 1
Actual level: high
Figure 34-3 shows the flowchart for configuring the H801ESC.
Issue 02 (2008-04-25)
34-7
Figure 34-3 Flowchart for configuring the H801ESC

Start
Add an H801ESC EMU
Configure the analog environment parameters Configure the digital environment parameters
Save the data
End
Procedure
Step 1 Add an EMU. Add an EMU with the type of H801ESC.
huawei(config)#emu add 0 h801esc 0 15
Step 2 Configure the analog environment parameters.

huawei(config)#interface emu 0 huawei(config-if-h801esc-0)#esc analog 0 alarm-upper-limit 54 alarm-lower-limit 6
Step 3 Configure the digital environment parameters.

huawei(config-if-h801esc-0)#esc digital 1 available-level high-level
Step 4 Query the configured environment information.

huawei(config-if-h801esc-0)#display esc environment info EMU ID: 0 ESC environment state ---------------------------Analog environment info-------------------------ID Name State Value AlmUpper AlmLower Unit 0 Temperature Normal 27.00 54 6 C 1 Input_-48V_0 Normal 38.00 57 38 Volt 2 Input_-48V_1 Normal 38.00 57 38 Volt 3 Input_-48V_1 Normal 38.00 57 38 Volt 4 Input_-48V_2 Normal 38.00 57 38 Volt 5 Normal -128.00 127 -128 6 Normal -128.00 127 -128 7 Normal -128.00 127 -128 8 Normal -128.00 127 -128 ---------------------------Digital environment info--------------------------ID Name State Value |ID Name State Value 0 Wiring Normal 1 |1 Door0 Normal 1 2 Normal 1 |3 Normal 1 4 Normal 1 |5 Normal 1 6 Normal 1 |7 Normal 1 8 Normal 1 |9 Water_Alarm Normal 1 10 Arrester 0 Normal 0 |11 Arrester 1 Normal 0 12 Arrester 2 Normal 0 |13 Arrester 3 Normal 0 14 SW_A1 Normal 0 |15 SW_A2 Normal 0
34-8
Issue 02 (2008-04-25)
16 SW_B1 Normal 0 |17 SW_B2 Normal 0 18 SW_C1 Normal 0 |19 SW_C2 Normal 0 20 SW_D1 Normal 0 |21 SW_D2 Normal 0 22 Outer Sensor Power Normal 0 ----------------------------------------------------------------------------

huawei(config-if-h801esc-0)#quit huawei(config)#save
----End
Result
After the configuration, the H801ESC works in the normal state.
34.3 Configuration Example of FAN

The example shows how to configure a FAN.
Prerequisite
The DIP switch setting of FAN is consistent with that of the slave node of EMU. The baud rate is set as 19200 bit/s.
Data Plan
Table 34-5 provides the data plan for configuring the FAN. Table 34-5 Data plan for configuring the FAN Item EMU Data Type: FAN Serial number: 1 Slave node: 6 Remarks It corresponds to the DIP switch setting of the FAN, and cannot be identical with the slave node of the H801ESC. By default, the alarms are reported.
Name: test FAN FAN speed adjustment mode: automatic FAN alarm: permit
Figure 34-4 shows the flowchart for configuring the FAN.
Figure 34-4 Flowchart for configuring a FAN

Start
Add a FAN EMU Automatic
Set the FAN speed adjustment mode
Manual Set the fan speed
Configure the FAN alarm switch Save the data
End
Procedure
Step 1 Add a FAN EMU.
huawei(config)#emu add 1 fan 0 6 test
Step 2 Configure the FAN speed adjustment mode.

huawei(config)#interface emu 1 huawei(config-if-fan-1)#fan speed mode automatic
Step 3 Configure the FAN alarm switch.

huawei(config-if-fan-1)#fan huawei(config-if-fan-1)#fan huawei(config-if-fan-1)#fan huawei(config-if-fan-1)#fan alarmset alarmset alarmset alarmset block permit read-tem-fault permit tem-high permit fault permit
Step 4 Query the information about the FAN.

huawei(config-if-fan-1)#display fan system parameter EMU ID: 1 FAN configration parameter: ---------------------------------------------------------------FAN timing mode: Auto timing ---------------------------------------------------------------Alarm_name Permit/Forbid Read temperature fault Permit Fan block Permit Temperature high Permit Power fault Permit ----------------------------------------------------------------

huawei(config-if-fan-1)#quit huawei(config)#save
----End
Result
After the configuration, the Fan EMU can work in the normal state.
34.4 Adding an EMU

This topic describes how to add an EMU.
There are several types of EMUs, such as H801ESC and FAN.
l l l l l l
The slave nodes of the H801ESC ranges from 0 to 31. The slave node of the FAN is numbered 0-7. The slave node of the POWER4845 ranges from 0 to 31. The slave node of the H801ESC cannot be the same as that of FAN. The serial port of the H801ESC and FAN is RS485. The serial port of the POWER4845 is RS232.
Procedure
Step 1 Run the emu add command to add an EMU. Step 2 Run the display emu command to query the EMU state. ----End
Example
To add an H801ESC, do as follows:
huawei(config)#emu add 0 h801esc 0 15 test huawei(config)#display emu 0 EMU ID: 0 -------------------------------------------------------EMU name : test EMU type : H801ESC Used or not : Used EMU state : Normal Frame ID : 0 Subnode : 15 -------------------------------------------------------NOTE
If the EMU state is fault, follow the steps to check the configuration:
l l l
Make sure that the EMU is normal. Make sure that the physical connection is correct. Make sure that the EMU type, frame ID, slave node and the serial port are correct.
Related Operation
Table 34-6 lists the related operation for adding an EMU.
Table 34-6 Related operation for adding an EMU To... Delete an EMU Run the Command... emu del Remarks
l
The EMU type cannot be changed after you configure it. If you need to change the EMU type, first delete the EMU, and then add a new one. If an EMU in the shelf is replaced, delete the EMU, and then add a new EMU.
34.5 Configuring a POWER4845 EMU

This topic describes how to configure the environment and the power environment parameters of a POWER4845 EMU.
Table 34-7 lists the commands for configuring a POWER4845 EMU. Table 34-7 Commands for configuring a POWER4845 EMU To... Set the POWER4845 battery parameters Run the Command... power battery parameter Remarks This command is used to set the battery charging current-limit coefficient, equalized-charging time, the number of the battery group and the battery capacity. This command is used to set the upper/lower alarm thresholds and upper/lower test limits for the environment humidity or temperature, to ensure the power to generate an alarm when it works in an environment that does not match the set conditions. Power 4845 supports up to 3 rectifier modules. This command is used to set the switch-on and switch-off control of the POWER4845 module. By default, the power modules are switched on, which means the modules supply power for the system.
Set the POWER4845 environment parameters
power environment
Set the number of the POWER4845 modules Set the POWER4845 module parameters
power module-num power module-parameter
34-12
Issue 02 (2008-04-25)
To... Set the POWER4845 power-off parameters
Run the Command... power off
Remarks This command is used to configure the load/battery power off threshold.
l
Power off occurs in two cases: load power off and battery power off. When the mains input stops working, the batteries provide the power for the shelves. When the output voltage from the batteries drops below the load power off threshold, the system stops providing the power for the loads. When the output voltage from the batteries drops below the battery power off threshold, the power supply stops providing the power for the batteries.
Set the POWER4845 supply parameters
power supply-parameter
This command is used to enable the rectifier module to power off automatically when the AC voltage or DC voltage is abnormal. The power supply parameters are as follows:
l
AC over-voltage alarm threshold AC under-voltage alarm threshold DC over-voltage alarm threshold DC under-voltage alarm threshold
Set the extended digital parameters of the POWER4845
power outside-digital
This command is used to set such extended digital parameters as valid level, name to identify the digit and self-defined alarm to monitor the device digits timely. This command is used to set the charging mode and charging voltage for batteries connected to POWER4845.
Set the battery charging parameters
power charge
Issue 02 (2008-04-25)
34-13
To... Set the POWER4845 test parameters
Run the Command... power battery-test
Remarks This command is used to set the battery auto-test period parameters and the discharging end-voltage to implement the battery auto-discharging test. This command is used to set the load or battery high temperature power-off parameters and then to protect the load or battery.
Set the high temperature power-off parameter
power temperature-off
Make sure that these conditions are met in the configuration:

l
DC overvoltage > battery even charging voltage > battery float charging voltage > DC undervoltage > loading power-off voltage > battery power-off voltage. DC overvoltage > (float charging voltage + 2 V). Float charging voltage > (DC undervoltage + 2 V).
NOTE
l l
You can run the following commands to configure the parameters:

l l l
Run the power charge command to set the battery equalized-charging voltage or the battery float charging voltage. Run the power battery parameter command to set the DC undervoltage or the DC overvoltage. Run the power temperature-off command to set the battery power-off voltage or the battery group power-off voltage.
Procedure
Step 1 Run the interface emu command to enter POWER4845 mode. Step 2 Run the commands listed in Table 34-7 to configure a POWER4845 EMU. ----End
Example
To run the power battery parameter command to set the battery charging current-limit coefficient as 0.2, the equalized-charging time as 60d, the number of the battery group as 1, and the battery capacity as 130 AH, do as follows:
huawei(config)#interface emu 3 huawei(config-if-power4845-3)#power battery parameter 0.2 60 1 130
Related Operations
Table 34-8 lists the related operations for configuring a POWER4845 EMU.
34-14
Issue 02 (2008-04-25)
Table 34-8 Related operations for configuring a POWER4845 EMU To... Query the POWER4845 alarms Query the POWER4845 environment information Query the POWER4845 environment configuration Query the POWER4845 running information Query the POWER4845 configuration Query the POWER4845 battery test parameters Run the Command... display power alarm display power environment info display power environment parameter display power run info display power system parameter display power battery-test info
34.6 Configuring the H801ESC Analog Parameters

This topic describes how to configure the extended analog parameters or modify the default analog parameters.
The MA5600T is installed with the internal analog sensor to monitor the temperature and the power. The analog parameters related to the internal analog sensor are the default configurations in the system and they do not need to be configured. The analog parameters need modification only when they do not meet the requirements. The MA5600T provides the extended analog monitoring port for connecting the analog sensor externally if users have special requirements for monitoring. The analog parameters related to the external sensor must be configured by the user. When you set the extended analog parameters, you must get the information about the hardware relationship between the extended monitoring port and the sensor related to the analog parameters. Because one extended analog parameter ID corresponds to one monitoring port that the sensor is connected to.
Prerequisite
The H801ESC EMU is in the position and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter H801ESC mode. Step 2 Run the esc analog command to configure the extended analog parameters of the H801ESC or modify the default analog parameters of the H801ESC. Step 3 Run the display esc system parameter command to query the ESC parameters settings. ----End
Examples
To set the temperature thresholds of the default analog parameter (with analog ID as 0) to 55 (upper limit) and 5 (lower limit), do as follows:
huawei(config)#interface emu 0 huawei(config-if-h801esc-0)#esc analog 0 alarm-upper-limit 55 alarm-lower-limit 5 huawei(config-if-h801esc-0)#display esc system parameter EMU ID: 0 ESC system parameter ---------------------------------------------------------------------------AnalogID Name AlmUpper AlmLower TestUpper TestLower Unit Type 0 Temperature 55 5 127 -128 C Voltage 1 Input_-48V_0 72 38 127 -128 Volt Voltage 2 Input_-48V_1 72 38 127 -128 Volt Voltage 3 Input_-48V_2 72 38 127 -128 Volt Voltage 4 Input_-48V_3 72 38 127 -128 Volt Voltage 5 127 -128 127 -128 Voltage 6 127 -128 127 -128 Voltage 7 127 -128 127 -128 Voltage 8 127 -128 127 -128 Voltage ---------------------------------------------------------------------------DigitalID Name Level |DigitalID Name Level 0 Wiring 1 | 1 Door0 0 2 1 | 3 1 4 1 | 5 1 6 1 | 7 1 8 1 | 9 Water_Alarm 1 10 Arrester 0 0 | 11 Arrester 1 0 12 Arrester 2 0 | 13 Arrester 3 0 14 SW_A1 0 | 15 SW_A2 0 16 SW_B1 0 | 17 SW_B2 0 18 SW_C1 0 | 19 SW_C2 0 20 SW_D1 0 | 21 SW_D2 0 22 Outer Sensor Power 0 ----------------------------------------------------------------------------
Assume that the analog parameter name is Power, the upper limit threshold is 72 V, the lower limit threshold is 38 V and the (voltage) alarm index is 3. To configure an extended analog parameter (with the analog ID as 5) to monitor the power supply, do as follows:
huawei(config)#interface emu 0 huawei(config-if-h801esc-0)#esc analog 5 alarm-upper-limit 72 alarm-lower-limit 38 analog-alarm 3 name power huawei(config-if-h801esc-0)#display esc system parameter EMU ID: 0 ESC system parameter ---------------------------------------------------------------------------AnalogID Name AlmUpper AlmLower TestUpper TestLower Unit Type 0 Temperature 55 5 127 -128 C Voltage 1 Input_-48V_0 72 38 127 -128 Volt Voltage 2 Input_-48V_1 72 38 127 -128 Volt Voltage 3 Input_-48V_2 72 38 127 -128 Volt Voltage 4 Input_-48V_3 72 38 127 -128 Volt Voltage 5 Power 72 38 127 -128 Voltage 6 127 -128 127 -128 Voltage 7 127 -128 127 -128 Voltage 8 127 -128 127 -128 Voltage ---------------------------------------------------------------------------DigitalID Name Level |DigitalID Name Level 0 Wiring 1 | 1 Door0 0 2 1 | 3 1 4 1 | 5 1 6 1 | 7 1 8 1 | 9 Water_Alarm 1 10 Arrester 0 0 | 11 Arrester 1 0 12 Arrester 2 0 | 13 Arrester 3 0 14 SW_A1 0 | 15 SW_A2 0
34-16
Issue 02 (2008-04-25)
16 SW_B1 0 | 17 SW_B2 0 18 SW_C1 0 | 19 SW_C2 0 20 SW_D1 0 | 21 SW_D2 0 22 Outer Sensor Power 0 ----------------------------------------------------------------------------
Related Operations
Table 34-9 shows the related operations for configuring H801ESC analog parameters. Table 34-9 Related operations for configuring H801ESC analog parameters To... Query the environment information Query alarm information Query use defined analog alarms Query H801ESC version number Run the Command... display esc environment info display esc alarm display outside-analog private-alarm display version Remarks H801ESC environment monitor mode H801ESC environment monitor mode H801ESC environment monitor mode H801ESC environment monitor mode
34.7 Configuring H801ESC Digital Parameters

This topic describes how to configure the extended digital parameters or modify the default digital parameters.
The MA5600T is installed with the internal digital sensor to monitor the door status sensor and water penetration. The digital parameters related to the internal digital sensor are the default configurations in the system and they do not need to configured. The digital parameters need modification only when they do not meet the requirements. The MA5600T provides the extended digital monitoring port to connect the external digital sensor if users have special requirements for monitoring. The digital parameters related to the external sensor must be configured by the user. When you set the extended digital parameters, you must get the information about the hardware relationship between the extended monitoring port and the sensor related to the digital parameters. Because one extended digital parameter ID corresponds to one monitoring port that the sensor is connected to.
Prerequisite
The H801ESC EMU is in the position and works in the normal state.
Issue 02 (2008-04-25)
34-17
Procedure
Step 1 Run the interface emu command to enter H801ESC mode. Step 2 Run the esc digital command to configure the extended digital parameters or modify the default digital parameters. Step 3 Run the display esc system parameter command to query the ESC parameter settings. ----End
Example
l l l l
Digital parameter ID: 2 Digital parameter name: room_door Valid level: high level Alarm index: 9 (door status sensor in the equipment room)
To set such an extended digital parameter for monitoring the door status sensor, do as follows:
huawei(config)#interface emu 0 huawei(config-if-h801esc-0)#esc digital 2 available-level high-level digital-alarm 9 name room_door huawei(config-if-h801esc-0)#display esc system parameter EMU ID: 0 ESC system parameter -------------------------------------------------------------------------------AnalogID Name AlmUpper AlmLower TestUpper TestLower Unit Type 0 Temperature 35 5 127 -128 C Voltage 1 Input_-48V_0 57 38 127 -128 Volt Voltage 2 Input_-48V_1 57 38 127 -128 Volt Voltage 3 Input_-48V_1 57 38 127 -128 Volt Voltage 4 Input_-48V_2 57 38 127 -128 Volt Voltage 5 127 -128 127 -128 Voltage 6 127 -128 127 -128 Voltage 7 127 -128 127 -128 Voltage 8 127 -128 127 -128 Voltage -------------------------------------------------------------------------------DigitalID Name Level |DigitalID Name Level 0 Wiring 1 | 1 Door0 0 2 room_door 1 | 3 1 4 1 | 5 1 6 1 | 7 1 8 1 | 9 Water_Alarm 1 10 Arrester 0 0 | 11 Arrester 1 0 12 Arrester 2 0 | 13 Arrester 3 0 14 SW_A1 0 | 15 SW_A2 0 16 SW_B1 0 | 17 SW_B2 0 18 SW_C1 0 | 19 SW_C2 0 20 SW_D1 0 | 21 SW_D2 0 22 Outer Sensor Power 0 --------------------------------------------------------------------------------
Related Operations
Table 34-10 lists the related operations for configuring H801ESC digital parameters.
34-18
Issue 02 (2008-04-25)
Table 34-10 Related operations for configuring H801ESC digital parameters To... Query the environment information Query the alarm information Query the user defined digital alarms Query H801ESC version number Run the Command... display esc environment info display esc alarm display outside-digital private-alarm display version Remarks H801ESC environment monitor mode H801ESC environment monitor mode H801ESC environment monitor mode H801ESC environment monitor mode
34.8 Configuring the FAN Alarm Report

This topic describes how to enable the report of the FAN running alarms to the EMU.
Prerequisite
The FAN EMU has existed and works in the normal state.
Procedure
Step 1 Run the interface emu command to enter FAN mode. Step 2 Run the fan alarmset command to configure the FAN alarm report. Step 3 Run the display fan system parameter command to query information about FAN alarm. ----End
Example
To disable the report of FAN block alarm, do as follows:
huawei(config)#interface emu 1 huawei(config-if-fan-1)#fan alarmset block forbid huawei(config-if-fan-1)#display fan system parameter EMU ID: 0 FAN configration parameter: -------------------------------------------------------FAN timing mode: Manual timing FAN speed level: 4 -------------------------------------------------------Alarm_name Permit/Forbid Read temperature fault Permit Fan block Forbid Temperature high Permit Power fault Permit --------------------------------------------------------
Related Operations
Table 34-11 lists the related operations for configuring the FAN alarm report.
Table 34-11 Related operations for configuring the FAN alarm report To... Query the running information about the fans Query the alarm information about the fans Run the Command... display fan environment info display fan alarm Remarks FAN environment monitor mode FAN environment monitor mode
34.9 Setting the FAN Speed Adjustment Mode

This topic describes how to set the fan speed adjustment mode.
Prerequisite
The FAN EMU is in the position and works in the normal state.
There are two fan speed adjustment modes:
l l
Automatic Manual
By default, the mode is manual with the fan speed level of 5. It is recommended that you change the mode to automatic. If the mode is not set to automatic, a large amount of redundant air is generated at low or normal temperature.
Procedure
Step 1 Run the interface emu command to enter FAN mode. Step 2 Run the fan speed command to set the fan speed adjustment mode. Step 3 Run the display fan system parameter command to query the parameter setting. ----End
Example
To set the fan speed adjustment mode as automatic, do as follows:
huawei(config)#interface emu 0 huawei(config-if-fan-0)#fan speed mode automatic huawei(config-if-fan-0)#display fan system parameter EMU ID: 0 FAN configration parameter: ---------------------------------------------------------------FAN timing mode: Auto timing ---------------------------------------------------------------Alarm_name Permit/Forbid Read temperature fault Permit Fan block Permit
34-20
Issue 02 (2008-04-25)
Temperature high Permit Power fault Permit ----------------------------------------------------------------
Related Operations
Table 34-12 lists the related operations for setting the fan speed adjustment mode. Table 34-12 Related operations for setting the fan speed adjustment mode To... Set the fan speed Set the fan alarm report to EMU Query the alarm information about fans Run the command... fan speed adjust fan alarmset display fan alarm Remarks Set the fan speed in manual mode, use this command. -
34.10 Configuring the FAN Speed Level

This topic describes how to configure the FAN speed level.
Prerequisite
The FAN EMU has existed and works in the normal state.
FAN speed level ranges from 0 to 5. Level 0 refers to the lowest and level 5 refers to the highest fan speed level.
l
The nominated fan speed is enough for heat dissipation when the system works in the permitted highest temperature. Low-speed running of fans can prolong the lifetime of the fans. When abnormality occurs or one of the fans fails, other fans can run at high speed to compensate the air flow. Low-speed running of fans can reduce dust concentration in the air filter. Set the fan speed in manual mode.
l l
l l
Procedure
Step 1 Run the interface emu command to enter FAN mode. Step 2 Run the fan speed command to configure the FAN speed level. Step 3 Run the display fan system parameter command to query the setting of the FAN speed. ----End
Example
To set the FAN speed level as 3, do as follows:
huawei(config)#interface emu 0 huawei(config-if-fan-0)#fan speed adjust 3 huawei(config-if-fan-0)#display fan system parameter EMU ID: 0 FAN configration parameter: -------------------------------------------------------FAN timing mode: Manual timing FAN speed level: 3 -------------------------------------------------------Alarm_name Permit/Forbid Read temperature fault Permit Fan block Forbid Temperature high Permit Power fault Permit -------------------------------------------------------
Related Operations
Table 34-13 lists the related operations for setting the FAN speed level. Table 34-13 Related operations for setting the FAN speed level To... Set the fan speed adjustment mode Set the fan alarm report to EMU Query the alarm information about fans Run the Command... fan speed mode fan alarmset display fan alarm
34-22
Issue 02 (2008-04-25)
35 Acronyms and Abbreviations
35
A AAA ABR ACL ADSL AES AG ARP AS ASBR ATM B BDR BGP BMS BPDU BRAS BTV C CAR CBS
Acronyms and Abbreviations
Authentication, Authorization and Accounting Area Border Router Access Control List Asymmetrical Digital Subscriber Line Advanced Encryption Standard Access Gateway Address Resolution Protocol Autonomous System Autonomous System Border Router Asynchronous Transfer Mode
Backup Designated Router Border Gateway Protocol HUAWEI iManager N2000 broadband integrated network management system Bridge Protocol Data Unit Broadband Remote Access Server Broadcast TV
Committed Access Rate Committed Burst Size
Issue 02 (2008-04-25)
35-1
CC CFM CIDR CIR CIST CLI CoS CPE CRC D DES DHCP DHCP option82 DNS DoD DoS DR DSLAM DSP DTMF DU D-V E EMU ES F FE FEC FoIP FSK FTP
Connection Confirm Connectivity Fault Management Classless Inter-Domain Routing Committed Information Rate Common and Internal Spanning Tree Command Line Interface Class of Service Customer Premises Equipment Cyclic Redundancy Code
Data Encryption Standard Dynamic Host Configuration Protocol DHCP relay agent option 82 Domain Name Server Downstream on Demand Denial of Service Designated Router Digital Subscriber Line Access Multiplexer Digital Signal Processor Dual-Tone Multifrequency Downstream Unsolicited Distance Vector Routing Algorithm
Environment Monitoring Unit End System
Fast Ethernet Forward Error Correction Fax over IP Frequency Shift Keying File Transfer Protocol
35-2
Issue 02 (2008-04-25)
FIFO G GE GEM GPON I ICMP IGMP IGP IP IPoA IPoE IS IS-IS ISP IST L LAN LDP LSA LSDB LSP M MA MAC MBS MD MD5 MDU MED
First In First Out
Gigabit Ethernet GPON Encapsulation Method Gigabit-capable Passive Optical Networks
Internet Control Message Distribution Protocol
Protocol
Label
Internet Group Management Protocol Interior Gateway Protocol Internet Protocol Internet Protocol Over ATM IP over Ethernet Intermediate System Intermediate System-to-Intermediate System Internet Service Provider Internal Spanning Tree
Local Area Network Label Distribution Protocol Link State Advertisement Link State Database Label Switched Path
Maintenance Association Medium Access Control Maximum Burst Size Maintenance Domain Message-Digest Algorithm 5 Multi-dwelling unit Multi-Exit-Disc
Issue 02 (2008-04-25)
35-3
MEP MG MGC MGCP MIB MIP MoIP MRU MSAN MSTP MTU N NAS NBMA NGN NHLFE NIC NPDU NMS NSAP O OAM OLT ONT ONU OMCI OSPF P PBS PIR PITP
Maintenance association End Point Media Gateway Media Gateway Controller Media Gateway Control Protocol Management Information Base Maintenance association Interspace Point modem over IP Maximum Receive Unit Multi-service Access Node Multiple Spanning Tree Protocol Maximum Transmission Unit
Network Access Server Non Broadcast MultiAccess Next Generation Network Next Hop Label Forwarding Entry Network Information Center Network Protocol Data Unit Network Management System Network Service Access Point
Operation And Maintenance Optical Line Terminal Optical Network Terminal Optical Network Unit ONT Management and Control Interface Open Shortest Path First
Peek Burst Size Peek Information Rate Policy Information Transfer Protocol
35-4
Issue 02 (2008-04-25)
POTS PPPoA PPPoE PQ PPP PSN PSTN Q QoS R RADIUS RARP RD RFC RIP RMON RSVP RTP RTCP S SHDSL SNMP SSH STB STP T T-CONT TCP/IP TFTP TOS TTL
Issue 02 (2008-04-25)
Plain Old Telephone Service Point-to-Point Protocol Over ATM Point-to-Point Protocol Over Ethernet Priority Queuing Peer-Peer Protocol Packet Switched Network Public Switched Telephone Network
Quality of Service
Remote Authentication Dial in User Service Reverse Address Resolution Protocol Routing Domain Remote Feature Control Routing Information Protocol Remote Network Monitoring Resource Reservation Protocol Real Time Protocol Real Time Control Protocol
Single-pair High-speed Digital Subscriber Line Simple Network Management Protocol Secure Shell Set Top Box Spanning Tree Protocol
Transmission Container Transmission Control Protocol/Internet Protocol Trivial File Transfer Protocol Type of Service Time To Live
U UDP V VAG VDSL VLAN VOD VoIP VT VTP VTY W WRR X xDSL x Digital Subscriber Line Weighted Round Robin Virtual Access Gateway Very High Speed DSL Virtual LAN Video On Demand Voice over IP Virtual Terminal VLAN Trunk Protocol Virtual Type Terminal User Datagram Protocol
35-6
Issue 02 (2008-04-25)

00367766-MA5600T Configuration Guide - (V800R005C06 - 02)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

00367766-MA5600T Configuration Guide - (V800R005C06 - 02)

Uploaded by

Copyright:

Available Formats

SmartAX MA5600T Multi-service Access Module V800R005C06 Configuration Guide

Issue Date Part Number

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

Huawei Technologies Co., Ltd.

Trademarks and Permissions

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module

2 Getting Started With CLI..........................................................................................................2-1

3 Network Management Configuration....................................................................................3-1

4 Log Host Configuration............................................................................................................4-1

5 User Management...................................................................................................................... 5-1

SmartAX MA5600T Multi-service Access Module

7 Remote User Authentication Configuration.........................................................................7-1

9 DHCP Relay Configuration.....................................................................................................9-1

10 ARP & ARP Proxy Configuration.......................................................................................10-1

SmartAX MA5600T Multi-service Access Module

11 RIP Routing Protocol Configuration..................................................................................11-1

12 OSPF Routing Protocol Configuration..............................................................................12-1

13 IS-IS Routing Protocol Configuration...............................................................................13-1

SmartAX MA5600T Multi-service Access Module

14 BGP Routing Protocol Configuration................................................................................14-1

SmartAX MA5600T Multi-service Access Module

SmartAX MA5600T Multi-service Access Module

17 System Clock Configuration................................................................................................17-1

18 MAC Address Management.................................................................................................18-1

19 TCP/IP Connection Configuration......................................................................................19-1

SmartAX MA5600T Multi-service Access Module

22 User Security Configuration................................................................................................22-1

23 System Security Configuration...........................................................................................23-1

SmartAX MA5600T Multi-service Access Module

24 P2P Fiber Access Service Configuration............................................................................24-1

25 GPON Service Configuration..............................................................................................25-1

26 Protection Configuration for Upstream Link...................................................................26-1

27 Device Subtending Configuration......................................................................................27-1

SmartAX MA5600T Multi-service Access Module

28 VLAN Stacking Wholesale Service Configuration......................................................... 28-1

29 QinQ VLAN Private Line Service Configuration............................................................29-1

30 Multicast Service Configuration.........................................................................................30-1

SmartAX MA5600T Multi-service Access Module

31 Triple Play Service Configuration......................................................................................31-1

33 Ethernet OAM Configuration..............................................................................................33-1

SmartAX MA5600T Multi-service Access Module

34 Environment Monitoring Configuration ..........................................................................34-1

35 Acronyms and Abbreviations..............................................................................................35-1

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module

SmartAX MA5600T Multi-service Access Module

SmartAX MA5600T Multi-service Access Module

SmartAX MA5600T Multi-service Access Module

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

SmartAX MA5600T Multi-service Access Module