204-4142-00 - DmSwitch EDD SII - Configuration Guide

DmSwitch - EDD Configuration Guide
Revision History
Revision 1.0 2012/06/15
204.4087.02
Contact Information
In order to contact the DATACOM technical support, or sales department:
• Support:
• E-mail: [email protected]
• Phone: +55 51 3358-0122
• Fax: +55 51 3358-0101
• Sales:
• E-mail: [email protected]
• Phone: +55 51 3358-0100
• Fax: +55 51 3358-0101
• Internet:
• www.datacom.ind.br
• Address:
• DATACOM - Telemática
• Av. França, 735 - Porto Alegre, RS - Brasil
• CEP: 90230-220
Table of Contents
1. Introduction..........................................................................................................................................??
Switch Features and software Description.......................................................................................??
DmView presentation for Metro Ethernet Network Management ...................................................??
System Defaults ...............................................................................................................................??
2. General System Configuration ...........................................................................................................??
3. Managing Firmware and Configuration ...........................................................................................??
Firmware ..........................................................................................................................................??
Configuration ...................................................................................................................................??
Uploading Configuration Settings....................................................................................................??
Copying and Restoring Configuration Settings................................................................................??
4. DmView.................................................................................................................................................??
Installation........................................................................................................................................??
First Steps.........................................................................................................................................??
Navigation ........................................................................................................................................??
5. Equipment Settings..............................................................................................................................??
General configuration.......................................................................................................................??
Management configuration ..............................................................................................................??
Port operation (Configuration) .........................................................................................................??
Port Operation (Visualization) .........................................................................................................??
Backup Link .....................................................................................................................................??
CFM .................................................................................................................................................??
PWE3 TDM .....................................................................................................................................??
VLANs .............................................................................................................................................??
6. Device ....................................................................................................................................................??
General .............................................................................................................................................??
Ports .................................................................................................................................................??
Transceivers......................................................................................................................................??
Temperature / Fans ...........................................................................................................................??
Backup-Link.....................................................................................................................................??
Remote Devices ...............................................................................................................................??
CFM .................................................................................................................................................??
7. Fault Information.................................................................................................................................??
Managers information ......................................................................................................................??
MAC Address information...............................................................................................................??
Counters Information .......................................................................................................................??
8. Port Configuration...............................................................................................................................??
Displaying Port Information ............................................................................................................??
Configuring Interface Connections ..................................................................................................??
Port Broadcast Control.....................................................................................................................??
Configuring Port Monitoring ...........................................................................................................??
Configuring Rate Limits...................................................................................................................??
Displaying Port Statistics .................................................................................................................??
Address Table Settings .....................................................................................................................??
iii
9. SNTP .....................................................................................................................................................??
10. System Logs........................................................................................................................................??
11. Managing Security.............................................................................................................................??
Local User Management ..................................................................................................................??
Authentication Settings ....................................................................................................................??
HTTP and HTTPS Configuration ....................................................................................................??
Configuring the Secure Shell - SSH.................................................................................................??
Restricting Management Access ......................................................................................................??
12. SNMP ..................................................................................................................................................??
Configuring SNMP Community Access Strings..............................................................................??
Setting SNMP Traps.........................................................................................................................??
13. Link Aggregation ...............................................................................................................................??
Static Port-Channel Configuration ...................................................................................................??
LACP................................................................................................................................................??
14. VLAN ..................................................................................................................................................??
IEEE 802.1Q VLANs ......................................................................................................................??
Displaying VLAN Information ........................................................................................................??
VLAN Creation................................................................................................................................??
Adding VLAN Static Member Ports................................................................................................??
VLAN Interface Configuration ........................................................................................................??
15. Spanning Tree ....................................................................................................................................??
How STP Works...............................................................................................................................??
Differences Between RSTP and STP ...............................................................................................??
Displaying STA Information............................................................................................................??
Configuring STA ..............................................................................................................................??
16. Ethernet Automatic Protection Switching Configuration..............................................................??
Enabling EAPS Globally .................................................................................................................??
Disabling EAPS Globally ................................................................................................................??
Creating an EAPS Domain ..............................................................................................................??
Deleting an EAPS Domain ..............................................................................................................??
Enabling EAPS for Domain .............................................................................................................??
Disabling EAPS for Domain............................................................................................................??
Adding a Control VLAN..................................................................................................................??
Deleting a Control VLAN................................................................................................................??
Adding a Protected VLAN...............................................................................................................??
Deleting a Protected VLAN .............................................................................................................??
Configuring Failtime ........................................................................................................................??
Configuring Hellotime .....................................................................................................................??
Configuring EAPS Mode .................................................................................................................??
Configuring EAPS Port ....................................................................................................................??
Removing EAPS Port Configuration ...............................................................................................??
Configuring EAPS Name .................................................................................................................??
Displaying EAPS Summary.............................................................................................................??
Displaying EAPS Information .........................................................................................................??
iv
17. Class of Service Configuration .........................................................................................................??
Setting the Default Priority for Interfaces ........................................................................................??
Mapping CoS Values to Egress Queues ...........................................................................................??
Selecting the Queue Mode ...............................................................................................................??
Setting the Maximum Bandwidth for CoS Queues..........................................................................??
Loading Auto-QoS Configuration....................................................................................................??
18. Packet Filters......................................................................................................................................??
Displaying Filter Information ..........................................................................................................??
Creating and Editing Filters .............................................................................................................??
19. IGMP ..................................................................................................................................................??
Configuring IGMP ...........................................................................................................................??
20. Static Routing.....................................................................................................................................??
Router Interfaces ..............................................................................................................................??
Static Routes ....................................................................................................................................??
Hardware Tables...............................................................................................................................??
v
List of Tables
1-1. System Defaults..................................................................................................................................??
2-1. RJ45 Console Pin Out ........................................................................................................................??
2-2. Editing Commands .............................................................................................................................??
5-1. Level code description table ...............................................................................................................??
17-1. Mapping CoS Priority Values to Egress Queues ..............................................................................??
17-2. Priority Level Descriptions...............................................................................................................??
17-3. Traffic Types, Packet Labels and Egress Queues .............................................................................??
18-1. Mapping IP Precedence....................................................................................................................??
vi
Chapter 1. Introduction
Switch Features and software Description

DmSwitch - EDD have many features. Its default configuration will work for the most applications, but
they can be changed to best fit the application you want. For more information about this, please see the
DmSwitch catalogue.
1
DmView presentation for Metro Ethernet Network
Management
DmView is the Network Management Integrated System developed to supervise and configure DmSwitch
equipments, providing functions for managing and supervising, faults, configuration, performance, inven-
tory and security. DmView has functionalities to manage several types of networks (such as PDH, SDH,
Metro Ethernet). Centralized management is achieved through DmSwitch DmView Network Management
System, which offers a graphical user interface to monitoring the state and condition of the unit, network’s
conditions as well as configuration and inventory management functions.
This manual presents functionalities of the DmSwitch - EDD integrated with DmSwitch Management
System (DmView) and its configuration through it as well as via CLI’s equipment for Metro-Ethernet
networks.
1
System Defaults
Next table shows the DmSwitch System’s Defaults.
Table 1-1. System Defaults
Function Parameter Default

Console Port Baud Rate 9600
Connection
Data Bits 8
Stop Bits 1
Parity none
Local Console 0 (disabled)
Timeout
Authentication Privileged Exec Level Username = "admin"
Password =
"admin"
Normal Exec Level Username = "guest"
Password = "guest"
RADIUS Disabled
Authentication
TACACS Disabled
Authentication
802.1x Port Disabled
Authentication
Management IP Address 192.168.0.25/24
CLI Management Telnet Enabled
SSH Disabled
Web Management HTTP Server Enabled
HTTP Port Number80
HTTP Secure Enabled

Server
HTTP Secure Port 443
Number
SNMP Community Strings public (read only) private (read / write)
Traps Disabled
Server Enabled
1
Chapter 1. System Defaults
Function Parameter Default

Rate Limiting Input and Output Limits Disabled
Port Trunking Static Port-Channel None
LACP (all ports) Disabled

Broadcast Storm Status Enabled (all ports)
Protection
Broadcast Limit 500 packets per second
Rate
Multicast Storm Status Enabled (all ports)
Protection
Multicast Limit 500 packets per second
Rate
Unknown-Unicast Status Enabled (all ports)
Storm Protection
Unknown-Unicast 500 packets per second
Limit Rate
Spanning Tree Status Global: Enabled (all vlans)
Protocol
Ports: Enabled
Fast Forwarding Disabled (all ports)
(Edge Port)
Address Table Aging Time 300 seconds
Virtual LANs Default VLAN 1
Acceptable Frame All

Type
Ingress Filtering Enabled
Switchport Mode Hybrid: tagged/untagged frames
(Egress Mode)
2
Chapter 2. General System Configuration
To gain access to DmSwitch2104 via Console or DmView, an IP must be previously configured.
• Via Console
Pin Console Comunication: The physical interface CONSOLE accepts an RJ45 connector respecting
RS232 pattern; its pin out is showed below.
Table 2-1. RJ45 Console Pin Out
RJ45 Signal
1 Tx+
2 Tx-
3 Rx+
6 Rx-
4,5,7,8 Not connected
• Logging on CLI
You can loggin on CLI through a direct connection using a serial cable with the default parameters
shown on introduction chapter. If you want use a telnet connection, you need to configure an IP address
on your machine in the same subnet used by default on the switch.
• EXEC MODE - Lets you display configurations and do some general changes such as clock, files and
make debuging.
• CONFIG MODE - Lets you make configuration changes to the device for individual ports, VLANs,
routing and other configuration areas.
• Scroll Control
By default, the CLI uses a paginate mode to display text lines who exceed the limit your terminal
window can show and , if this is your case, you need to press <space> to show the next page or press
<enter> to show the next line . In some cases, this feature can be unnecessary and you can disable with
the next example in the CONFIG MODE.
DmSwitch2104#configure
DmSwitch2104(config)#no terminal paging
DmSwitch2104(config)#exit
DmSwitch2104#
• On-Line Help and Command Completion
3
• Word Help: When a "?" is placed in the middle of the word (show run?) in order to complete a
term.
• Syntax Command Help: When a "?" is placed after a space (configure ?) in order to complete
the syntax.
• Using the CLI, in any place you can enter <tab> or <?> to get help to comands available or complete
the current command as below.
DmSwitch2104#
DmSwitch2104(config)#interface vlan <?>
all All VLANS
range Range of VLANS
1-4094 VLAN ID
DmSwitch2104(config)#interface vlan 10
DmSwitch2104(config-if-vlan-10)#<?>
exit Exit from interface configuration mode
help Description of the interactive help system
interface Interface Configuration
ip IP Configuration
mac-address-table L2 address table configuration
name Set VLAN name
no Reverse a setting
set-member Set VLAN members
show Show running system information
shutdown Deactivate VLAN
vrrp VRRP Interface configuration commands
DmSwitch2104(config-if-vlan-10)#sh<Tab>
show shutdown
DmSwitch2104(config-if-vlan-10)#sh<?>
show Show running system information
shutdown Deactivate VLAN
DmSwitch2104(config-if-vlan-10)#end
DmSwitch2104#
If you enter enough characters of a command to avoid ambiguity, the switch understand what your
are triyng to do and accepts them. If you enter <tab> from an unique and partial name, the CLI
completes the command for you as the next example.
DmSwitch2104#show run<tab>
DmSwitch2104#show running-config
Table 2-2. Editing Commands
Ctrl+A Moves the cursor to the first character

Ctrl+B Moves the cursos back one caracter
Ctrl+C Escapes and terminates the current command
Ctrl+D Deletes the character at the cursor
Ctrl+E Moves to the end of the current command line
Ctrl+F Moves the cursor forward one character
Ctrl+K Deletes all characters from the cursos to the end of
the command line
Ctrl+L Repeates the current command on a new line
4
Ctrl+N Enters the next command line saved in the history

buffer
Ctrl+P Enters the previous command line saved in the
history buffer
Ctrl+U Deletes all characters from the cursor to the
beginning command line
Crtl+W Deletes the last word typed
Ctrl+Z Returns from any point to the beginning of the
EXEC MODE
Command Attributes
• Hostname - Sets the switch’s administrative name.
• Location - Sets the switch’s location name, used for SNMP purposes.
• Contact - Sets the switch’s contact name, used for SNMP purposes.
• System Up Time - The time elapsed from the last reboot.
• IP Address Mode - Choose whether the switch will use a static or dynamic IP address for manage-
ment access through VLAN 1.
• Gateway IP Address - Configure a gateway IP address if you want to access this switch from
different networks.
• MAC Address - The MAC address from the CPU.
• Reset- Choose this option to perform a warm reboot.
Note: Although the switch can be configured to be accessed by any other set of VLANs, the only one
that can use DHCP is the default VLAN 1.
• Registering new user
New users can be registered to gain access to the CLI and access-levels can be set to prevent non-
authorized people from accessing the equipment.
There are two access-levels to configure, being 0 the Normal Exec and 15 the Privileged Exec. Moreover
the password can be encrypted or in plain text. To register a new user to access the command line, follow
the steps below.
The following example configures the user netmgmt, password mgmtaccess in plain text and privileged
access mode.
5
Via CLI
DmSwitch2104(config)#username netmgmt password 0 mgmtaccess
DmSwitch2104(config)#username netmgmt access-level 15
DmSwitch2104#
In order to check the users previously configured, use the command show users. Checking logged users
can be done by using the command show managers. Inserting no as a prefix and followed by the user
will remove the user.
• Via telnet
The DmSwitch2104 management can also be executed via telnet through any one of its network inter-
faces. The equipment should be accessible on IP level before accessing it via telnet. The management
via telnet is identical to the one executed by DmSwitchs serial port.
• IP Configuration via CLI
An out-of-band management port (MGMT ETH) can be configured to give customer access. MGMT
ETH default IP is 192.168.0.25/24; MGMT IP can be changed using the following commands.
Example 2-1. MGMT Interface IP

DmSwitch2104(config)#interface mgmt-eth
DmSwitch2104(config-if-mgmt-eth)#ip address 201.0.0.1/24
DmSwitch2104#
To check the configuration above, use the command show ip. Inserting no as a prefix for this command
will remove mgmt-eth IP.
It is possible to configure an IP to any VLAN and grant in-band access via TELNET protocol. The
following figure shows VLAN 1 IP configuration.
Example 2-2. VLAN Interface IP

DmSwitch2104(config)#int vlan 1
DmSwitch2104(config-if-vlan-1)#ip address 192.168.10.1/24
DmSwitch2104(config-if-vlan-1)#set-member untagged ethernet 1
DmSwitch2104(config-if-vlan-1)#exit
DmSwitch2104(config)#
To visualize the configuration above, use the command show vlan.
6
ICMP packets (ping) can be sent to check connectivity, as well as a traceroute command can be executed
to verify the path of the link.
Ping:
DmSwitch2104#ping 172.16.10.206
PING 172.16.10.206 (172.16.10.206): 56 data bytes
64 bytes from 172.16.10.206: icmp_seq=0 ttl=128 time=1.1 ms
--- 172.16.10.206 ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.7/0.8/1.1 ms
Traceroute:
DmSwitch2104#traceroute 172.16.10.206
traceroute to 172.16.10.206 (172.16.10.206), 30 hops max, 40 byte
packets
1 172.16.10.206 1.31918e-315 ms * 6.36599e-314 ms
The next example shows how to configure an IP address to the default VLAN. Also, is showed how add
a default-gateway and a primary/secondary dns servers.
Example 2-3. VLAN Interface IP

DmSwitch2104(config)#int vlan 1
DmSwitch2104(config)#ip default-gateway 192.168.10.254
DmSwitch2104(config)#ip dns-server 192.168.10.250 192.168.10.251
DmSwitch2104(config)#end
DmSwitch2104#
You can see these configurations directly on the configuration file entering show running-config.
The next example shows how to add a dynamic ip address to the default VLAN. After is showed
renewing and releasing with the DHCP server.
Example 2-4. Renewing and Releasing with DHCP server

DmSwitch2104(config-if-vlan-1)#ip address dhcp
DmSwitch2104(config-if-vlan-1)#ip address dhcp renew
DmSwitch2104(config-if-vlan-1)#ip address dhcp release
DmSwitch2104(config-if-vlan-1)#end
DmSwitch2104#
Using DHCP configuration, you can’t see the addresses in use in the running configuration. So, you can
enter the commands below.
DmSwitch2104#show vlan id 1
VLAN: 1 [DefaultVlan]
7
Type: Static
Status: Active
IP Address: 192.168.10.1/24
Aging-time: 300 sec.
Learn-copy: Disabled
MAC maximum: Disabled
Proxy ARP: Disabled
Members: All Ethernet ports (static, untagged)
Forbidden: (none)
DmSwitch2104#show ip default-gateway
Default gateway: 192.168.10.254
DmSwitch2104#show ip dns-servers
DNS servers: 192.168.10.250
DmSwitch2104#
• Resetting the Switch via CLI
The next example shows how to perform a warm reboot via CLI.
Example 2-5. Resetting the Switch via CLI

DmSwitch2104#reboot
System will be restarted, continue <y/N>? y
8
Chapter 3. Managing Firmware and
Configuration
This chapter will help you dealing with firmware and storing/transfering configuration.
Firmware
You can upload firmware from a TFTP server. You can also set the switch to use new firmware without
overwriting the previous version.
Command Attributes
• TFTP Server IP Address - The IP address of a TFTP server.
• File Name - The file name should not contain slashes (\ or /), the leading letter of the file name
should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters
or 31 characters for file on the switch. (Valid characters: A-Z, a-z, 0-9, ".", "-", "_")
• Source/Destination Unit - Specifies the switch stack unit number.
• Destination/Startup File Name - Allows specification of filenames already in memory, or
the creation of a new filename. (Valid characters: A-Z, a-z, 0-9, ".", "-", "_")
• Source File Name - Allows you to specify the name of the chosen source file.
Uploading System Software from a TFTP Server

• When uploading to switch runtime code from a TFTP server, this file will be stored in a firmware
position other than the one used by the running firmware. This new firmware, after a complete upload,
will be set as the startup firmware. If some problem occurs during the transfer, the running firmware
will stay untouched and will remain as the startup firmware.
The next example shows how to upload firmware via CLI. Updating Equipment’s firmware:
Example 3-1. Uploading System Software from a TFTP Server via CLI.
DmSwitch2104#copy tftp 172.16.31.50 EDDfw1.im firmware
# After firmware update the system will be restarted. Continue? <y/N> y
# Fetching image...
DmSwitch2104#
Updating Equipment’s Bootloader via CLI:
9
Chapter 3. Uploading System Software from a TFTP Server
IP configuration above shows an untagged out going traffic, so it is not necessary to configure VLAN on
the terminal ethernet interface (computer). For a tagged out going traffic the command is set-member
tagged ethernet 1.
Terminal module is sensible for capital letters. The commands should be typed according to the form
showed in this manual.
Example 3-2. Uploading Bootloader from a TFTP Server via CLI.

DmSwitch2104#copy tftp 172.16.31.50 EDDbootl.im bootloader
# Fetching image...
DmSwitch2104#
10
Configuration
Copy config to TFTP
Uploading System Software from a TFTP Server
Besides copying firmware and bootloader to the equipment, it is possible to send pre-defined configura-
tions to TFTP server being them:
• Running-config:
Via CLI
# DmSwitch2104#copy running-config tftp 172.16.31.50 EDD_config1.im
# DmSwitch2104#
• Startup-config:
Via CLI
# DmSwitch2104#copy startup-config tftp 172.16.31.50 EDD_config2.im
# DmSwitch2104#
In order to initialize the equipment using a configuration from TFTP server use the command copy tftp
172.16.31.50 EDD_config2.im .
Copy config to Flash
DmSwitch - EDD’s flash has 2 indexes to place different configurations. The configurations that can be
stored in flash are the following:
• Running-config:
The following example will store running-config named runconfig into the first flash index:
Via CLI
# DmSwitch2104#copy running-config flash-config 1 runconfig
# Saving configuration in flash 1...
# Done.
# DmSwitch2104#
• Startup-config:
The following example will store startup-config named startconf into the first flash index, overwriting
the stored file above:
Via CLI
11
Chapter 3. Configuration
# DmSwitch2104#copy startup-config flash-config 1 startconf

# Copying flash 2 to 1
# DmSwitch2104#
Being the startup-config already stored in one of the indexes, the command above copied the flash index
2 to flash index 1. Checking flash-config can be done by using the command show flash-config <flash
index number> if config is available.
It is possible to write the startup-config into the running-config and vice versa. Use the command copy
<startup-config/running-config> <running-config/startup-config>.
By the time DmSwitch - EDD has its two indexes filled up with a configuration, it is possible to start
the equipment with one of them; use the command select startup-config <flash index number> to select
between them.
To erase a flash index use the command erase flash-config <index number>.
Before overwriting files, a comparison can be made between the chosen configurations using the
# DmSwitch2104#diff
# default-config Default configuration
# flash-config Flash configuration
# running-config Current system configuration
# startup-config Startup configuration
#
# DmSwitch2104#diff startup-config
# default-config Default configuration
# flash-config Flash configuration
# running-config Current system configuration
# startup-config Startup configuration
#
# DmSwitch2104#diff startup-config running-config
It is possible to restart the equipment, if necessary, by using the command reboot.
12
Uploading Configuration Settings
There are 2 memory positions in the switch where configurations can be stored.
• Uploading a configuration
The following example shows how to upload a configuration file into flash position 1 via CLI.
Example 3-3. Downloading a configuration via CLI.

DmSwitch2104#copy tftp 192.168.0.1 my_new_config.bin flash-config 1
DmSwitch2104#
• Uploading a configuration and setting it as startup
The next example show how to upload a configuration to switch via CLI and set it as the startup
configuration.
Example 3-4. Via CLI, downloading a configuration and setting it as startup.

DmSwitch2104#copy tftp 192.168.0.1 my_new_config.bin startup-config 1
DmSwitch2104#
• Uploading a configuration and applying it without storing in flash
Via web, it is possible to upload a configuration to the Running position of the switch and it will be
applied immediately but not saved.
The next example shows how to upload a configuration via CLI and apply it without storing in flash.
Example 3-5. Via CLI, downloading a configuration and applying it without storing in flash.
DmSwitch2104#copy tftp 192.168.0.1 my_new_config.bin running-config
DmSwitch2104#
13
Copying and Restoring Configuration Settings
• Downloading configuration
Via web, to download a configuration from the switch is as easy as clicking on the corresponding link
and selecting the place to save on your computer.
The next example shows how to dowload a configuration from the switch to a TFTP server by using the
CLI.
Example 3-6. Downloading a configuration to a TFTP server.

DmSwitch2104#copy flash-config 1 tftp 192.168.0.1 my_flash-config_1.bin
DmSwitch2104#
• Downloading running configuration
Via web, this operation is performed by clicking on the Running link and selecting the place where
to save.
The following example shows how to download a current configuration from the switch to a TFTP
server by using the CLI.
Example 3-7. Downloading a running configuration to a TFTP server.

DmSwitch2104#copy running-config tftp 192.168.0.1 my_running-config.bin
DmSwitch2104#
• Copying a configuration inside the equipment
The next example shows how to copy a configuration from one position in flash to another via CLI.
Example 3-8. Copying a configuration inside the equipment.

DmSwitch2104#copy flash-config 1 flash-config 2
DmSwitch2104#
Note: This operation can’t be done through the web interface.
• Loading a stored configuration
The next example shows how to load a configuration stored in flash.
14
Chapter 3. Copying and Restoring Configuration Settings
Example 3-9. Loading a configuration via CLI.

DmSwitch2104#copy flash-config 1 running-config
DmSwitch2104#
Note: Via web, this can be done by selecting a startup configuration and rebooting the equipment.
15
Chapter 4. DmView
Installation
Execute the initialization program to install the software. Click next, accept the License Term and choose
a directory where the software will be installed. After that, a screen will appear as showed on Figure 4-1,
asking which DmView component will be installed.
Figure 4-1. DmView Component Selection
config/img/DmSwitchEDD-17_3.jpg
• Server (Standalone): DmView Server.

• Console (Standalone): DmView Console.
16
First Steps
The first step, after installation, is to add the network element on the application, allowing its management.
The element should be accessible via IP network to the management equipment, enabling to manage it
via DmView.
The DmView can be started through menu: Start - Program - DmView - DmView x.x* - DmView Login.
*x.x. indicates DmView version installed in the machine.
By selecting this item, DmView Poller and DmView Event Receiver will be automatically launched. The
firstone is responsible for the polling execution on the elements and the second one for the traps reception,
which were sent by the equipment. As soon as these two processes are initialized on the background, a
screen will appear as showed below.
Figure 4-2. DmView Login
As standard, the username is "administrator" and the application password is "administrator" too. For
login, just type them and click in Login. If there isn’t any typing error, a screen Network Browser will
appear (Figure 4-3). In such case, the elements will be registered and/or accessed.
Figure 4-3. DmView Network Browser
Initially the sites map opens empty in the root site. New sites and equipment can be added through the
Edit menu item: Add Location. Clicking with the mouse right button this option is also visualized. Specify
the name of the site that is being created and then click on the OK button.
17
Chapter 4. First Steps
At the site where one wants to add the equipment (Figure 4-3), click on Edit menu: Add Devices, or click
with the mouse right button on the map, where this option will be also available.
Figure 4-4. Window to add equipment in the management platform
With the Add Device window opened (Figure 4-4), the user should insert equipment IP in the Hostname
field and later click on Contact. If the element is with connectivity, the description will appear in the
Devices Found section, otherwise a message will be prompted that it was not possible to contact device.
18
Navigation
Equipment’s bayface
Accessing the bayface of the equipment can be done by right-clicking on the equipment on equipment
site’s map and choosing the option Navigate to... of the suspended menu or by a double clicking on the
chosen device.
• EDD’s bayface is showed below
Figure 4-5. DmSwitch - EDD’s bayface
• EDD’s bayface with PWE3 TDM functionality is showed below
Figure 4-6. DmSwitch - EDD’s bayface with PWE3 TDM functionality
19
Chapter 5. Equipment Settings
To configure the equipment, click on Configuration - Device config. The DmSwitch - EDD settings will
open (Figure 5-1).
General configuration
The General tab on the Device config window on DmView shows the following settings:
Figure 5-1. General tab on Configuration Window
• Hostname
Hostname: Sets the switch’s administrative name.
Figure 5-2. Hostname screen
Via CLI
DmSwitch2104(config)#hostname EDD-Switch
EDD-Switch(config)#
• Clock Timezone
Name: Configure name for timezone.
20
Chapter 5. General configuration
Timezone: Hours off set from UTC.
Minutes: Minutes off set from UTC.
Figure 5-3. Clock Timezone Screen
Via CLI
Setting clock, date and time zone can be done by the following commands:
DmSwitch2104#clock timezone BRA -3 0
• Authentication
First Method: Defines a first method for user authenticating in equipment (local/radius).
Second Method: In case of first method fails the switch tries a new method for authentication.
Figure 5-4. Authentication Screen
Via CLI
Setting clock, date and time zone can be done by the following commands:
DmSwitch2104(config)#authentication login
# local radius tacacs
21
# DmSwitch2104(config)#authentication login local radius

# DmSwitch2104(config)#
Define a Radius server IP address ( CLI only )

# DmSwitch2104(config)#radius-server
# acct-port RADIUS default server accounting port
# auth-port RADIUS default server authentication port
# host RADIUS server IP
# key RADIUS default server key
# retries RADIUS server retries
# timeout RADIUS server timeout
#
# DmSwitch2104(config)#radius-server host
# 1-5 Server index
#
# DmSwitch2104(config)#radius-server host 1
# accounting Enable RADIUS accounting
# acct-port Specify RADIUS server accounting port
# address Specify RADIUS server IP address
# authentication Enable RADIUS authentication
# auth-port Specify RADIUS server authentication port
# key Specify RADIUS server key
#
# DmSwitch2104(config)#radius-server host 1 address
# <paddress> IP address
#
# DmSwitch2104(config)#radius-server host 1 address 192.168.0.1
# <enter> no further known parameters
#
# DmSwitch2104(config)#radius-server host 1 address 192.168.0.1
• Logging
The embedded syslog agent allows the registering of system events. You can check the event logs in
order to debug or control user access. Depending on the type of event it can be saved to the system
RAM, flash, sent to a remote log server or to an e-mail address. There are few commands to configure
embedded syslog agent and they are listed below:
• Logging on;
• Logging facility;
• Logging history;
• Logging host;
• Logging sendmail;
• Logging trap;
The following table shows the possible codes to be used for the logging events.
22
Table 5-1. Level code description table
Level Code Description

0 panic kernel panic
1 alert condition needing immediate attention
2 crit critical conditions
3 error errors
4 warning warning messages
5 notice not an error, but may need attention
6 info informational messages
7 debug when debugging a system
• Logging Enable: Enable logging events.

• History RAM Level: Defines the type of logs are saved in RAM.
• History Flash Level: Defines the type of logs are saved in flash.
• Remote Log: Enable/Disable sending logs to remote management host.
• Trap Level: Sets level of traps sent to remote management host.
• Host: Remote host IP address.
• Facility: Defines different classes of log messages.
Figure 5-5. Logging Screen
• Logging on
The following command enables the logging of events. This example shows how to enable event log-
ging.
DmSwitch2104#logging on
Logging configuration can be checked by entering the command show logging. Inserting no as a prefix
for this command will disable the logging of events.
23
• Logging history
Configure the level of events to be stored in memory (Flash or RAM).
Flash: Configures log level for flash memory.
RAM: Configures log level for RAM memory.
Log-level: Defines the range of log levels that will be saved into the specified memory (from 0 to
7).
This example shows how to configure a range from 0 to 3 of log levels to be saved in flash memory.
# DmSwitch2104(config)#logging history
# flash Events stored in flash
# ram Events stored in RAM
# DmSwitch2104(config)#logging history flash
# 0-7 Log level
# DmSwitch2104(config)#logging history flash 3
To verify the logs from flash or RAM use the command show log <flash/ram>. In order to delete
logs from flash or RAM use the command clear logging <flash/ram>. Inserting no as a prefix for this
command will disable logging in the specified memory.
• Logging trap
Configure the level of events that will be sent to remote server.
Log-level: Defines the log range that will be sent by trap (from 0 to 7).
This example shows how to configure the range of log levels that will be sent by traps:
# DmSwitch2104(config)#logging trap
# 0-7 Events to be sent to remote server
#
# DmSwitch2104(config)#logging trap 3
The configuration above can be showed by entering the command show logging. Inserting no as a prefix
for this command will disable the sending of logs to a remote server.
• Logging host
24
Configure a remote syslog server.
Ip Address:Specifies the IP address of the remote syslog server.
This example shows how to specify the IP address of the remote syslog server.
# DmSwitch2104(config)# logging host
# <ipaddress> Destination host
#
# DmSwitch2104(config)#logging host 192.168.0.230
for this command will remove the configuration of a remote syslog server.
• Logging facility
The command below sets the facility type for remote logging. This example shows how to set the
facility type 18 for remote logging.
Facility type: Specifies the facility type (from 16 to 23).

# DmSwitch2104(config)# logging facility
# 16-23 Facility type
#
# DmSwitch2104(config)#logging facility 18
for this command will disable the facility type for remote logging.
• Send Mail
• Send Mail: Enable/Disable sending of log via e-mail.
• Server: Sets a SMTP server.
• Source: Sets a source e-mail address.
• Destination: Define a destination e-mail address.
• Level: Sets level for sent logs.
Figure 5-6. Send Mail Screen
25
• Logging sendmail
• Host ip-address: Specifies the IP address of the SMTP Server (Optional).
• Level log-level: Defines the range of log levels that will be sent by email (Optional/from
0-7).
• Source-email email address: Specifies the email address to use for the "from" field
(Optional).
• Destination-email email-address: Specifies the recipient email address of
messages(Optional).
This example shows how to configure an e-mail to use for the "from" field.
# DmSwitch2104(config)#logging sendmail
# destination-email Recipient of messages
# host SMTP server to use
# level Priority of events to send
# source-email Email address to use for the "from" field
# <enter> Enable SMTP event handling
#
# DmSwitch2104(config)#logging sendmail source-email [email protected]
The configuration above can be showed by entering the command show logging. Inserting no as a
prefix for this command will disable the sending of logs via e-mail or delete the specified configura-
tion used for sending e-mails.
• Monitor Destination
Monitor source configuration can be found in "Ports" tab.
Port: Set destination port for out packets monitoring.
Figure 5-7. Monitor destination Screen
26
Via CLI
# DmSwitch2104#monitor destination 4
27
Management configuration
Management tab in Device config window in DmView shows the following settings:
• Default Gateway: A default gateway can be configured for the Metro-Ethernet Network.
• CPU DoS Protect: A rate of packets per second that are sent to the CPU can be configured to
prevent the system from external attacks (flooding prevent).
• CPU Protocols Priorities: A priority can be set for the tunneling of protocols.
Figure 5-8. Management tab on Configuration Window
Configuration of the features above can be made using the CLI of the equipment, its commands are showed
below:
• Default-gateway
Monitor source configuration can be found in "Ports" tab.
Default Gateway: Configure the default gateway.
Figure 5-9. Default Gateway screen
Via CLI
# DmSwitch2104#ip default-gateway 172.16.255.254
28
Chapter 5. Management configuration
To visualize the default-gateway previously configured, use the command show ip default-gateway.
Inserting no as a prefix for this command will remove the default gateway.
• CPU DoS Protect

• Enable CPU-DoS-Protect: Enable the feature.
• Rate Limit: Configure rate limit for the packets that are sent to the CPU.
Figure 5-10. CPU DoS Protect screen
Via CLI
# DmSwitch2104#cpu-dos-protect rate-limit 1000
# Rate-limit misconfiguration may cause management loss and disrupt the
# operation of some protocols. Are you sure? y/N y and enter
To visualize the cpu dos rate previously configured, use the command show cpu-dos-protect. Inserting
no as a prefix for this command will disable the cpu-dos-protect.
• CPU Protocols Priorities
Tunnel: Select the priority for the tunneled protocols.
Figure 5-11. CPU Protocol Priorities screen
29
Via CLI
# DmSwitch2104#cpu protocol priority tunnel 5
To visualize cpu protocols priorities previously configured, use the command show cpu protocol priority
tunnel.
• DHCP
Obtain IP from DHCP Server: Enable DHCP client.
Figure 5-12. DHCP configuration screen
Via CLI
It is recommended to not configure neither a low rate, that can cause loss of management nor high rate
that can allow external packet flooding.
# DmSwitch2104#ip address dhcp
• VLAN
• QinQ: Enable Double Tagging.
• TPID: Configure Tag Protocol ID.
Figure 5-13. VLAN configuration screen
30
Via CLI
# DmSwitch2104(config)#vlan qinq
# DmSwitch2104(config)#vlan tpid 0x8100
To visualize tagging information previously configured, use the command show cpu-dos-protect.
Inserting no as a prefix for this command will remove tagging configuration.
• Remote Devices
# RDM Global: Enable Remote Devices Management globally.
Figure 5-14. Remote Devices configuration screen
Via CLI
It is recommended to not configure neither a low rate, that can cause loss of management nor high rate
that can allow external packet flooding.
# DmSwitch2104#remote-devices enable
To visualize remote-devices information previously configured, use the command show remote-devices.
Inserting no as a prefix for this command will disable remote management.
31
Port operation (Configuration)
The Port tab on Device Config window on DmView allows the configuration of each port general setting
as well as provisioning and protection for the Metro-Ethernet network. The screen shows the following
settings:
Figure 5-15. Port Configuration Window
Configuration
• Port: Shows which port is being configured.
Figure 5-16. Port Configuration Screen
General
• Operation: Enable/Disable port status.
• Auto-Negotiation: Enable/Disable auto-negotiation on the interface.
• Jumbo Frames: Enable/Disable jumbo frame processing by the interface.
• Description: A description can be used for the interface.
• Flow-Control: Configure flow-control on forced mode (no auto-negotiation).
• Capabilities: Configure interface capabilities during auto-negotiation.
• Speed: Shows the link speed configuration.
• Duplex Mode: Shows the duplex mode configuration.
• Native VLAN: Shows the VLAN tag that the untagged incoming packets will receive on that port.
• QinQ: Shows the double tagging mode for the packets, either internal or external.
32
Chapter 5. General
• Internal: Configures Double Tagging internal mode. VLAN tag is only inserted if packet doesn’t
have a TPID which matches the configured TPID for that interface.
• External: Configures Double Tagging external mode. VLAN tag is always inserted on received
packets.
Figure 5-17. Port General Configuration Screen
Via CLI
• Auto-negotiation
# DmSwitch2104(config)#interface ethernet 1
# DmSwitch2104(config-if-eth-1/1)#negotiation
# DmSwitch2104(config-if-eth-1/1)#
Inserting no as a prefix for this command will disable auto-negotiation.
• Jumbo Frames
# DmSwitch2104(config-if-eth-1/1)#switchport jumbo-frames
Inserting no as a prefix for this command will disable jumbo-frames.
• Description
# DmSwitch2104(config-if-eth-1/1)#description
# <text> Interface description
# DmSwitch2104(config-if-eth-1/1)#description Porto Alegre
Inserting no as a prefix for this command will remove the description..
• Flow control
# DmSwitch2104(config-if-eth-1/2)#flow-control
# receive Enable flow control reception
# transmit Enable flow control transmission
# <enter> Enable flow control reception and transmission
33
Chapter 5. General
# DmSwitch2104(config-if-eth-1/2)#flow-control receive
Inserting no as a prefix for this command will remove flow-control configuration.
• Capabilities
# DmSwitch2104(config-if-eth-1/1)#capabilities flow-control
# receive Advertise support of flow control reception
# transmit Advertise support of flow control transmission
# <enter> Advertise support of flow control reception andtransmission
# DmSwitch2104(config-if-eth-1/1)#capabilities flow-control transmit
Inserting no as a prefix for this command will remove capabilities configuration..
• Speed and Duplex Mode

# DmSwitch2104(config-if-eth-1/5)#speed-duplex
# 10full Force 10Mbit/s full-duplex operation
# 10half Force 10Mbit/s half-duplex operation
# 100full Force 100Mbit/s full-duplex operation
# 100half Force 100Mbit/s half-duplex operation
# DmSwitch2104(config-if-eth-1/5)#speed-duplex 100half
Speed and Duplex Mode settings are only available if auto-negotiation is off. Inserting no as a prefix
for this command will set speed-duplex to its default configuration (100MHalf).
• Native VLAN
# DmSwitch2104(config)#interface vlan 3
# DmSwitch2104(config-if-vlan-3)#interface ethernet 5
# DmSwitch2104(config-if-eth-1/5)#switchport native vlan 3
Inserting no as a prefix for this command will remove native VLAN configuration from the port.
• QinQ
# DmSwitch2104(config-if-eth-1/5)#switchport qinq
# external Configure Double Tagging external mode
# internal Configure Double Tagging internal mode
# DmSwitch2104(config-if-eth-1/5)#switchport qinq external
All the status above can be showed by using the command show interfaces status. In global configu-
ration, QinQ can be set to all ports by using the command vlan QinQ. Inserting no as a prefix for this
command will disable QinQ Vlan.
34
Chapter 5. General
• Vlan tpid
In global configuration, use vlan tpid command to configure Tag Protocol ID for all ethernet interfaces.
The TPID is the first two bytes in the VLAN tag which also corresponds to the Ethertype field on
untagged packets.
# DmSwitch2104(config)#vlan tpid
# 0x0000-0xFFFF Tag Protocol ID
# DmSwitch2104(config)#vlan tpid 0x9100
• Mac-Address-Table Static
A static entry can be set to the MAC address table. This will force packets with a specified destination
MAC address and VLAN to be always forwarded to the specified interface. This example shows how
to add a static MAC address on ethernet port 1 and VLAN 1:
# DmSwitch2104(config)#mac-address-table static 00-01-02-03-04-05 ethernet 1 vlan 1
To verify the configuration above use the command show mac-address-table. The no command form
removes a static entry from the MAC address table. A command can be use to clear mac-address-table
but only the learned entries; use the command clear mac-address-table.
• Mac-Address-Table Ageing-Time
It is possible to set the length of time before removing unused dynamic entries in the MAC address
table. This example shows how to changes the global ageing time to 1000 seconds.
# DmSwitch2104#mac-address-table ageing-time 1000
All the status above can be showed using the command show interfaces switchport. As pattern, all
ports are enabled for VLAN 1 on the switch. To verify the configuration above use the command show
mac-address-table ageing-time. The no command form returns the ageing time to the default value
<300sec>.
35
OAM
EDD enables managed access connections according to IEEE 802.3ah (Ethernet First Mile - Operations,
Administration and Maintenance). In general, OAM provides capacity of monitoring the physical net
integrity and quickly determines a link failure location. OAM configuration can be set by the following
commands:
Configuration:
• Port: Shows which port is being configured (for more details, see Figure 25).
oam
• OAM: Enable/Disable OAM.

• OAM Mode: It is possible to choose between Passive or Active OAM mode.
Figure 5-18. OAM Configuration Screen
Via CLI
OAM:
# DmSwitch2104(config-if-eth-1/3)#oam
The command above only enables OAM on the interface.
OAM Mode:
# DmSwitch2104(config-if-eth-1/3)#oam mode
# active Configure as an active port
# passive Configure as a passive port
# DmSwitch2104(config-if-eth-1/3)#oam mode active
36
Chapter 5. OAM
The status above can be showed using the command show oam detail. Inserting no as a prefix for this
command will remove OAM configuration.
• Storm Control
Configuration:
Storm Control:
• Broadcast: Enable/Disable broadcast storm-control..
• DLF (Multicast/Unicast): Enable/Disable DLF storm-control..
• Rate (kbit/s): Sets maximum bandwidth value in Kbps. (Range: 0-1048576).
Figure 5-19. Storm Control Configuration Screen
Via CLI
Storm Control:
# DmSwitch2104(config-if-eth-1/2)#switchport storm-control
# broadcast Enable broadcast storm-control
# dlf Enable storm-control for Destination Lookup Failure packets (unicast/multicast)
# multicast Configure multicast storm-control
#
# DmSwitch2104(config-if-eth-1/2)#switchport storm-control broadcast
The status above can be showed using the command show interfaces switchport. Inserting no as a
prefix for this command will remove storm-control configuration.
• Trap Enable
37
Chapter 5. OAM
It is possible to configure EDD to send traps when a status changes. Traps configuration can be set by
the following commands:
Configuration:
Trap enable:
• Link-Up/Link-Down: Enables sending trap when a link status changes.
• Non-Homologated-Transceiver: Enables sending trap when the SFP is non-homologated.
• Transceiver-Presence: Enables sending trap when a transceiver is inserted.
• Unidirectional Link Detected: Enables sending trap when a unidirectional link is de-
tected.
• Unidirecional Link Recovered: Enables sending trap when a unidirectional link is recov-
ered.
• All: Enables sending all type of traps.
Figure 5-20. Trap Enable configuration screen
Via CLI
Trap Enable:
# DmSwitch2104(config-if-eth-1/2)#trap-enable
# dying-gasp-received Issue dying gasp event received traps
# link-up-down Issue link-up or link-down traps
# non-homologated-transceiver Issue non-homologated-transceiver traps
# transceiver-presence Issue transceiver-presence traps
# unidir-link-detected Issue unidirectional link detected traps
# unidir-link-recovered Issue unidirectional link recovered traps
# <enter> Issue all traps
#
# DmSwitch2104(config-if-eth-1/2)#trap-enable
Inserting no as a prefix for this command will remove all types of trap sending.
38
Chapter 5. OAM
39
Port Operation (Visualization)
Port Operation tab has a View button, the view window shows everything previously configured for the
ports such as general settings, provisioning and protection.
Figure 5-21. Port Operation View Window
QoS Settings
EDD uses an internal Priority ID (PID) to classify the packets regarding its priority. The PID is not
retransmitted in any field of the packet in the outgoing traffic from the switch.
Figure 5-22. QoS Configuration Window
DmSwitch - EDD has the following methods for marking and rowing the packets:
• Sched-Mode;
• Port-Based;
• DSCP/802.1p;
• CoS Mapping;
• Sched-Mode Configuration
Sched mode is used to set the scheduling algorithm. Sched Mode Configuration window shows the
following settings:
40
Chapter 5. QoS Settings
• Mode:
WRR-Weighted Round Robin: This mode allows a priority configuration to each queue.
HQP-High Queue Preempt: This mode uses the same configuration as WRR to the first three
queues but the fourth is set as SP (Strict Priority). The other three queues will be analyzed only when
the SP queue is empty.
• Queue column: Shows the four traffic queues.

• Weight column: A weight to each queue can be configured (from 1 to 49).
Figure 5-23. Sched Mode Configuration Screen
Via CLI
WRR-Weighted Round Robin:

# DmSwitch2104(config)#qos queue sched-mode wrr queue-weights 2 3 5 sp
The status above can be showed using the command show qos queue sched-mode. Inserting no as a
prefix for this command will disable sched-mode configuration.
• Port Based
Enabling this option, the PID is set regarding its Ethernet port. It is a Global configuration where which
port can have an assigned PID. The Port-Based window shows the following settings:
• Port: Shows which port is being configured.
• Default Priority: Sets a priority from 0 to 7 to the selected port. (0 - Low priority, 7 - High
priority).
41
Figure 5-24. Port Based configuration Screen
Via CLI
Default-Priority:
# DmSwitch2104(config-if-eth-1/5)#switchport priority default 3
The status above can be showed using the command show interfaces switchport. Inserting no as a
prefix for this command will remove the default priority previously configured.
• DSCP / 802.1p
This window allows enabling DSCP and 802.1p classification, where the classification settings are
made per port. The DSCP / 802.1p window shows the following settings
• Port: Shows the port that is being configured.
• DSCP: Can be enabled by checking the checkbox.
• 802.1p: Can be enabled by checking the checkbox.
Figure 5-25. DSCP / 802.1p Configuration Screen
Via CLI
CLI commands for these features will be showed below.
42
• 802.1p to CoS
This option uses the VLAN tag to determine the PID. This mode allows a tag remapping, thus the
packet tagged with PID X will be managed as being tagged with a PID Y, this remapping only occur
internally so the outgoing packet will keep its first priority, PID X. The 802.1p to CoS window shows
the following settings:
• 802.1p column: Shows the eight priority levels of the 802.1p tagging.
• CoS Priority column: It is possible to choose the weight that each packet will receive inter-
nally (from 0 to 7).
Figure 5-26. 802.1p to CoS Configuration Screen
Via CLI
The following example shows how to map CoS priority 3 to queues 5, 6 and 7.
# DmSwitch2104(config)#qos map 802.1p-cos range 5 7 to 3
The status above can be showed using the command show qos map 802.1p-cos.
• DSCP to CoS
PID is classified regarding the DSCP field in the IP header. A mapping process is used to convert DSCP
into PID. The 802.1p to CoS window shows the following settings:
• CoS Priority column: Shows the eight priority levels that the DSCP marked packets are be-
ing classified.
• DSCP column: It is possible to configure a range of DSCP demarcation regarding the CoS priority
(ranges from 0 to 63).
43
Figure 5-27. DSCP to CoS Configuration Screen
Via CLI
The following example shows how to map DSCP range from 0 to 7 to queue 5.
# DmSwitch2104(config)#qos map dscp-cos range 0 7 to 5
The status above can be showed using the command show qos map dscp-coss.
• CoS Mapping
It is possible to configure which queue, in the CoS map, the PID is being placed to. CoS Mapping
window shows the following settings:
• Priority column: Shows the eight priority levels to be configured.
• Queue column: It shows which queue the PIDs will be placed into (from 0 to 3).
Figure 5-28. CoS Mapping Screen
Via CLI
The following example shows how to map CoS priorities 1, 4 and 5 to the queue 2.
# DmSwitch2104(config)#cfm enable
# DmSwitch2104(config)#qos queue cos-map 2 priority 1 4 5
44
The status above can be showed using the command show qos queue cos-map.
45
Backup Link
DmSwitch - EDD allows the configuration of backup links for the interfaces. As soon as the equipment
identifies a link down, backup interface takes over the traffic. The entire configuration above can be
showed by using the command show running-config. Backup-Link Mapping window shows the following
settings:
• Configuration/Visualization
• Main Port: Select/Show a unit/port to be the main port of a backup-link.
• Alternative Port: Select/Show the alternative unit/port to be part of a backup-link.
• Preemption Delay(s): Configure/Show the time that the equipment will wait until switching
to main port, when it returns from a fail status.
• Preemption Mode: Select the preemption mode between forced and off.
Figure 5-29. Backup-Link configuration window
Via CLI
The following instructions exemplify how to configure interface ethernet 6 as backup-link of interface
ethernet 5.
# DmSwitch2104(config-if-eth-1/5)#switchport backup-link
# interface Configure an interface to act as a backup link
# preemption Configure preemption properties
# DmSwitch2104(config-if-eth-1/5)#switchport backup-link interface ethernet 6
Inserting no asa prefix for this command will remove backup-link configuration.
46
CFM
Connectivity Fault Management protocol can be configured on equipment via DmView. CFM window
shows the following settings:
Figure 5-30. Connectivity Fault Management window
• Maintenance Domain (MD) Configuration

• MD name: Chooses the MD name.
• Level: Chooses the maintenance domain level.
• Fault Alarm Address: Configure a host IP to receive traps when a fail state occurs.
• Sender ID TLV: Configure the inclusion of Sender ID TLV transmitted by maintenance points.
Figure 5-31. Maintenance Domain configuration screen
Via CLI
This example shows how to configure a MD named MD_1 and level 7.

# DmSwitch2104(config)#cfm enable
# DmSwitch2104(config)#cfm md MD_1 level 7
# DmSwitch2104(config-cfm)#
Inserting no asa prefix for this command will remove maintenance domain configuration.
• Maintenance Association (MA) Configuration
47
Chapter 5. CFM
• MA name: Choose the MA name.

• VLAN List: Select a range of VLANs to be part of MA.
• Fault Alarm Address: Configure a host IP to receive traps when a fail state occurs.
• Sender ID TLV: Configure the inclusion of Sender ID TLV transmitted by maintenance points.
• CCM interval: Configure the time between Continuity Check Messages transmissions.
Figure 5-32. Maintenance Association configuration screen
Via CLI
This example shows how to configure a MA named MA_1 and a VLAN list range from VLAN 1 to
VLAN 16.
# DmSwitch2104(config)#cfm md MD_1
# DmSwitch2104(config-cfm)#ma MA_1 1 16
# DmSwitch2104(config-cfm-ma)#
Inserting no asa prefix for this command will remove maintenance association configuration.
• Alarm Indication Signal (AIS) Configuration

• AIS Operation: Enable AIS transmission.
• Alarm Suppression: Prevent remote AIS alarm from being alarmed in the local equipment.
• Level: Level for AIS transmission.
• Period: Receiving interval time of AIS frames.
• Priority: 802.1p for AIS frames.
• Recovery Limit (s): Control time for packet sending after recovery.
Figure 5-33. Alarm Indication Signal configuration screen
48
Chapter 5. CFM
Via CLI
The example below shows how to enable ais operation:

# DmSwitch2104(config-cfm-ma)#ais enable
Inserting no asa prefix for this command will command will disable AIS.
• Maintenance End Point (MEP) Configuration

• Direction: Configure the direction in which the MEP faces on the bridge port.
• Port: Configure a port within a bridge.
• Admin State: Enable/Disable MEP.
• Generate CCM: Enable MEP’s generation of Continuity Check Messages.
• Fault Alarm Address: Configure the IP address of the Fault Alarms recipient.
• Fault Alarm Priority: Configure the lowest priority defect that is allowed to generate a fault
alarm.
• Fault Alarm Time Present (ms): When a failure is detected, it is only alarmed if failure
persists for a given time (from 1 to 10000 ms).
• Fault Alarm Time Absent (ms): When a failure stops from being detected, a new alarm
is only detected if the failure keeps absent (from 1 to 2500 ms).
• Primary Vlan: Configure the primary VLAN ID of the MEP. Must be one of the MEP’s MA
VLAN IDs.
• Priority: Configure priority for CCMs and LTMs transmitted by the MEP.
Figure 5-34. Maintenance End Point configuration screen
Via CLI
# DmSwitch2104(config-cfm)#ma MA_1 1 16
# DmSwitch2104(config-cfm-ma)#mep-list 1 2
49
Chapter 5. CFM
# DmSwitch2104(config-cfm-ma)#mep id 1 direction up ethernet 5

# DmSwitch2104(config-cfm-ma)#enable
Inserting no asa prefix for this command will remove MEP configuration.
• Maintenance Intermediate Point (MIP) Configuration

• Port: Select an interface to work as a MIP.
Figure 5-35. Maintenance Intermediate Point configuration
Via CLI
# DmSwitch2104(config-cfm-ma)#mip ethernet 4
# DmSwitch2104(config-cfm-ma)#mip ethernet 5
Inserting no asa prefix for this command will remove MIP configuration.
50
PWE3 TDM
TDM configurations like line type, idle byte information, clock source, tests can be made via DmView.
Note: PWE3 TDM configuration can be seen in the window below: A few configurations for PWE3
TDM can be checked in this chapter, for more information about PWE3 please check chapter ?.
Figure 5-36. PWE3 TDM configuration window
E1/T1 Configuration and E1/T1 Frame

• Enable operation: Enable E1/T1 interface.
• Line type: Configure E1/T1 according to the following types.
• PCM31: 31 timeslots framed mode (G.704).
• PCM31-CRC: 31 timeslots framed mode with CRC (G.704).
• PCM30-CAS: 30 timeslots framed mode with CAS. (G.704).
• LPCM30-CAS-CRC: 30 timeslots framed mode with CAS and CRC (G.704).
• Unframed: 2.048Mbit/s unframed mode (G.703).
• PCM24-CRC: 24 timeslots framed mode with CRC (ESF).
• PCM24-CAS-CRC: 24 timeslots framed mode with CAS and CRC (ESF).
• Idle byte: Set the idle byte.
Figure 5-37. E1 configuration screen
51
Chapter 5. PWE3 TDM
Via CLI
The next example shows how to enable operation and configure Line Type:
# DmSwitch2104(config)#interface tdm 1
# DmSwitch2104(config-if-tdm-1/1)#enable tdm 1
# DmSwitch2104(config-if-tdm-1/1)#line-type e1 pcm31
The next example shows how to set Idle Byte:

# DmSwitch2104(config)#interface tdm 1
# DmSwitch2104(config-if-tdm-1/1)#idle 255
# DmSwitch2104(config-if-tdm-1/1)#
Inserting no as a prefix for line-type command will set line-type to its default, unframed.
Inserting no as a prefix for idle-byte command will set idle-byte to its default, 255.
• Sync Source
• Clock source type: Select equipment’s clock source.
• Interface: Select the interface (Default:1)
• Enable operation: Configure the maximum filters for PDV (Packet Delay Variation).
Figure 5-38. Sync Source config screen
Via CLI
# DmSwitch2104(config)sync-source transmit-clock-source internal
# DmSwitch2104(config-if-tdm-1/1)#
• Bundle Configuration
The equipment performs TDM tests, as shown below:
• TDM BERT: Performs a 2^9 bert test towards the TDM network.
• Ethernet BERT: Performs a 2^9 bert test towards the Ethernet network.
52
Chapter 5. PWE3 TDM
• Local digital loop: Performs an LDL test for TDM and ETH interface. (Loop for both
directions).
Figure 5-39. Bundle configuration screen
Via CLI
# DmSwitch2104(config-if-bundle-1/1)#test
# bert-error jitter rtd_eth tdm_bert_2^9
# eth_bert_2^9 ldl rtd_tdm
# DmSwitch2104(config-if-bundle-1/1)#test rtd_tdm
# RTD TDM: 820 us
# DmSwitch2104(config-if-bundle-1/1)#
53
VLANs
The following window shows VLAN group’s attributes. Tests can be set as configuration thus the test will
remain on even rebooting the equipment.
Figure 5-40. VLAN’s attributes window
54
Chapter 6. Device
DmSwitch - EDD Device information can be accessed via EDD’s View Window by clicking on Fault and
selecting Device Information option as showed below:
Figure 6-1. Port Information Menu
General
General information such as device, firmware and flash info can be checked as showed below:
• Device: Shows device information.

• Firmware: Shows firmware version, compile date and boot loader version.
• Flash: Shows flash configuration number, flag, name of the configuration file, date of modification and
used space for the file.
Figure 6-2. General Information Screen
• Via CLI
Device:
DmSwitch2104#show system
Firmware:
55
Chapter 6. General
DmSwitch2104#show firmware
DmSwitch2104#show firmware build
Flash:
DmSwitch2104#show flash
56
Ports
Port information such as general config, OAM status, negotiated status and peer information can be
checked as showed below:
• General: Shows interface name, model, MAC address, link and port administration status, speed and
duplex-mode as well as the capabilities.
• OAM: Shows local and remote discovery, local and remote events and its link status.
• Negotiated Capabilities: Shows link events, configured loopback status, unidirectional link support
status and variable retrieval.
• Peer Information: It shows peer vendor name, model as well as the operation mode.
Figure 6-3. Port information Window
• Via CLI
General and OAM:

DmSwitch2104#show interfaces status
Negotiated Capabilities and Peer Information:

DmSwitch2104#show oam detail
To see interface counters such as input/output octets, unicast, errors, use the command show interfaces
counters. Clearing this table can be done by using the command clear interface counters.
57
Transceivers
The following window shows transceivers information as well as the signal diagnosis.
• Vendor Information: Vendor screen shows the vendor name, transmission media type, standard of
connection and type of connector.
• Digital Diagnostic: Signal diagnosis shows the status of temperature, tension, current of the signal and
potency of transmission and reception.
Figure 6-4. Transceivers information Window
• Via CLI
Vendor information and Digital Diagnostic:

DmSwitch2104#show hardware-status transceivers
58
Temperature / Fans
Temperature and fans status are showed on the window bellow.
Figure 6-5. Temperature and Fan Status Screen
• Via CLI
If the selected port has a non-homologated transceiver, the port will be disabled. In order to show
equipment’s temperature and fan status use the command:
DmSwitch2104#show hardware-status
59
Backup-Link
Backup-Link information, such as Main port, Alternative port and its status are showed on the screen
below:
Figure 6-6. Backup-Link Screen
To visualize entire backup-link configuration use the command show backup-links.
60
Remote Devices
Remote devices information can be checked in the window below.
Figure 6-7. Remote devices information windo
• Configuration
• Global Enable: Status of Remote Devices configuration.
• Devices VLAN
• VLAN ID: VLAN used for the Remote management protocol.
• IP address: IP assigned by the remote equipment.
• Default Gateway: Default Gateway assigned by the remote equipment.
• Detected Devices
• Interface: Interface used for the link with the remote equipment.
• State: State of OAM protocol. Shows if the local equipment was identified by the remote equip-
ment.
• OUI: Remote’s Organizationally Unique Identifier.
• OID: Remote equipment’s model identification.
• Vendor Number: Remote equipment’s vendor number.
• MAC Adress: Remote equipment’s MAC address.
• Factory ID: Remote equipment’s factory ID.
• Remote Interface: Equipment remote’s interface.
61
CFM
Connectivity Fault Management information can be checked on the window below.
MEPs
• MD: Maintenance Domain name.
• MA: Maintenance Association name.
• MEP: Maintenance End Point ID.
Figure 6-8. Connectivity Fault Management information screen
• Via CLI
Vendor information and Digital Diagnostic:

DmSwitch2104#show cfm md MD7 ma MA7 mep id 1
# Maintenance Association End Point (MEPID 1):

# Configuration:
# Parent MD Level: 7
# Parent MA Name: MA7
# Port: 1/3
# MEP Direction: Up
# Primary VID: 10
# Administrative State: Enabled
# MEP MAC Address: 00:04:DF:13:C8:03
# Continuity Check (CC):
# CCM Generation: Enabled
# CCM/LTM Priority: 7
# Out of sequence received CCMs: 0
# Transmitted CCM: 25
# Loopback (LB):
# Last LB Transaction State: Pending
# Next LB Transaction ID: 0
# Valid in-order LBRs: 0
# Valid out of order LBRs: 0
# Total LBRs MAC didn’t match 0
# Total LBRs Transmitted: 0
# Link Trace (LT):
# Next LTM Transaction ID: 0
# Total unexpected LTRs received: 0
# Alarms and faults:
# Fault Alarm Address: Not specified
# Lowest Priority Defect: MAC Status, RemCCM, ErrCCM and XconCCM
# Alarm Start Time (ms): 2500.000000
62
Chapter 6. CFM
# Alarm Stop Time (ms): 10000.000000

# Fault Notification Generator State: Reset
# Highest Priority Defect Detected: DefNone
# RDI state: Not Present
# Defects:
# AIS defect condition: No
# RDI sent by some remote MEP: No
# Erroneous CCM received: No
# Cross-connect CCM received: No
# CCMs from some remote MEP were lost: No
#
# Remote MEPs:
# None
The configuration above is in sequence of steps being MD configuration the first and MEP configura-
tionthe last.
63
Chapter 7. Fault Information
It is possible to check the overall information of configuration, status and processing by accessing the
menu Fault in the bayface of the equipment. CPU processing information can be checked either via
DmView or via terminal. The access to this information is explained below:
Figure 7-1. CPU Information path window
All the processing can be checked in a list as showed below:
Figure 7-2. CPU processing information window
To visualize cpu’s free memory use the command show cpu memory.
To check active processes and its status use the command show cpu usage .
Via CLI
Processing information can be checked via CLI by entering the command below:
DmSwitch2104#show cpu usage
64
Chapter 7. Managers information
Managers information
Connected managers can be checked by accessing the following path:
Figure 7-3. Managers information path
The window below shows the username, uptime and process ID for the connected user.
Figure 7-4. Managers information window
Via CLI
This information can be checked via CLI as well as by entering the following command:
DmSwitch2104#show managers
65
MAC Address information
MAC address table information can be checked by accessing the following path:
Figure 7-5. MAC Address information path
Static and Learned MAC addresses as well as its configuration/information can be checked in the window
below.
Figure 7-6. MAC Address information window
Via CLI
This information can be accessed via CLI by entering the following command:
DmSwitch2104#show mac-address-table
66
Counters Information
Counters information for all interfaces can be seen by accessing the following path:
Figure 7-7. Counters information path
Counters for all interfaces are showed bellow:
Figure 7-8. Counters information window
Via CLI
This information can be checked via CLI by entering the following command:
DmSwitch2104#show interfaces counters detail
67
Chapter 8. Port Configuration
Displaying Port Information

You can use Port Information or Port-Channel Information pages to display the current connection status,
including link state, speed/duplex mode, flow control and autonegotiation.
Field Description
• Port - Interface number.
• Name - Displays interface label.
• Type - Indicates the port type.
• Admin Status - Displays whether the interface is administratively enabled or not.
• Oper Status - Indicates if the link is Up or Down.
• Speed Duplex Status - Displays the current speed and duplex status.
• Flow Control Status - Indicates the type of flow control currently in use.
• Autonegotiation - Displays whether autonegotiation is enabled or not.
• Port-Channel Member1 - Shows if port is a port-channel member.
• Creation2 - Shows if a port-channel is manually configured or dynamically set via LACP.
1 Port Information only.

2 Port-Channel Information only.
Displaying Port Information

• Open Caminho ???
Figure 8-1. Displaying Port Information
config/img/DmView.png
Displaying Port Information via CLI

• The next example illustrates how to display Port Information via CLI.
68
Chapter 8. Displaying Port Information
Example 8-1. Displaying Port Information via CLI

DmSwitch2104#show interfaces status ethernet 1
Information of Eth 1/1
Basic information:
Port type: 100TX
MAC address: 00:04:DF:00:31:01
Configuration:
Name:
Port admin: Up
Speed-duplex: Auto
Capabilities: 10half, 10full, 100half, 100full, 1000full
Flow-control: Disabled
MDIX: Auto
LACP: Disabled
OAM: Disabled - Passive
Current status:
Link status: Up
Operation speed-duplex: 1000M full
Flow control: Disabled
MDIX: Crossover
DmSwitch2104#
69
Configuring Interface Connections
You can use the Port Configuration or Port-Channel Configuration page to enable/disable and interface,
set autonegotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and
flow control.
Field Description
• Name - Fill in a label for the interface.
• Admin - Set the interface’s administrative status.
• Speed Duplex - Select the speed and duplex configuration. This option is only valid when autone-
gotiation is disabled.
• Flow Control - Set the forced flow control use in the interface. This option is only valid when
autonegotiation is disabled.
• Autonegotiation - Allows autonegotiation to be enabled or disabled. When auto-negotiation is
enabled, you need to specify the capabilities to be advertised. When autonegotiation is disabled, you
can force the settings for speed, mode, and flow control. The following capabilities are supported.
• 10half - Supports 10 Mbps half-duplex operation
• 10full - Supports 10 Mbps full-duplex operation
• 100half - Supports 100 Mbps half-duplex operation
• flowcontrol - Supports flowcontrol operation
• MTU - Set the maximum transfer unit for the interface. MAC frames with payloads larger than the MTU
will be discarded.
• LACP - Enables LACP in the interface.
• Port-Channel - Indicates if a port is a member of a port-channel.
Port Configuration via DmView

Figure 8-2. Port Configuration
Port Configuration via CLI
70
Chapter 8. Configuring Interface Connections
• The next example illustrates how to configure interfaces via CLI.
Example 8-2. Port Configuration via CLI

DmSwitch2104(config)#interface ethernet 1
DmSwitch2104(config-if-eth-1/1)#description RD
DmSwitch2104(config-if-eth-1/1)#shutdown
DmSwitch2104(config-if-eth-1/1)#no shutdown
DmSwitch2104(config-if-eth-1/1)#no negotiation
DmSwitch2104(config-if-eth-1/1)#speed-duplex 100half
DmSwitch2104(config-if-eth-1/1)#flowcontrol
DmSwitch2104(config-if-eth-1/1)#negotiation
DmSwitch2104(config-if-eth-1/1)#capabilities 100half
DmSwitch2104(config-if-eth-1/1)#capabilities 100full
DmSwitch2104(config-if-eth-1/1)#capabilities flowcontrol
DmSwitch2104(config-if-eth-1/1)#
71
Port Broadcast Control
Broadcast storms may occur when a device on your network is malfunctioning, or if application programs
are not well designed or properly configured. If there is too much broadcast traffic on your network,
performance can be severely degraded or everything can come to complete halt.
You can protect your network from broadcast storms by setting a threshold for broadcast traffic. Any
broadcast packets exceeding the specified threshold will then be dropped.
Field Description
• Port - Interface number.
• Type - Indicates the port type.
• Protect Status - Shows whether or not broadcast storm control has been enabled. (Default: En-
abled)
• Threshold - Threshold in packets per second. (Range: 0-262143 packets per second; Default: 500
packets per second)
• Port-Channel - Shows if port is configured as a port-channel.
Configuring Port Broadcast Control via DmView

Figure 8-3. Configuring Port Broadcast Control via Web
Configuring Port Broadcast Control via CLI

• The next example illustrates how to configure port broadcast control via CLI.
Example 8-3. Configuring Port Broadcast Control via CLI

DmSwitch2104(config)#interface ethernet 1/1
DmSwitch2104(config-if-eth-1/1)#no switchport broadcast
DmSwitch2104(config-if-eth-1/1)#exit
DmSwitch2104(config-if-eth-1/2)#switchport broadcast packet-rate 600
DmSwitch2104(config-if-eth-1/2)#end
DmSwitch2104#show interfaces switchport ethernet 1/2
Broadcast threshold: Enabled, 600 packets/second
MTU: 9198 bytes
Ingress rate limit: Disabled
Egress rate limit: Disabled
Ingress Rule: Disabled
72
Chapter 8. Port Broadcast Control
Acceptable frame type: All frames

Native VLAN: 1
Priority for untagged traffic: 0
GVRP status: Disabled
Protocol VLAN:
Allowed VLAN: 1(u)
Forbidden VLAN:
QinQ mode: External
TPID: 0x8100
DmSwitch2104#
73
Configuring Port Monitoring
You can mirror traffic from any source port to a target port for real-time analysis. You can then attach
a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a
completely unobtrusive manner.
Command Usage
• Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from
the monitor port.
• All monitor sessions have to share the same destination port.
• When monitoring port traffic, the target port must be included in the same VLAN as the source port.
Command Attributes
• Mirror Sessions - Displays a list of current mirror sessions.
• Source Unit - The unit whose port traffic will be monitored.
• Source Port - The port whose traffic will be monitored.
• Type - Allows you to select which traffic to mirror to the target port, Rx (receive), or Tx (transmit).
• Target Unit - The unit whose port will "duplicate" or "mirror" the traffic on the source port.
• Target Port - The port that will "duplicate" or "mirror" the traffic on the source port.
Monitoring a port via CLI

• This example shows how to monitor a port via CLI. Port 10 is specified as the destination where the
mirror will be made. Port 12 is the source and tx is the type of traffic to be monitored in this example.
Example 8-4. Monitoring a port via CLI.

DmSwitch2104(config)#monitor destination 1/1
DmSwitch2104(config-if-eth-1/2)#monitor source tx
74
Configuring Rate Limits
This function allows the network manager to control the maximum rate for traffic transmitted or received
on a port. Rate limiting is configured on ports at the edge of a network to limit traffic coming into or out of
the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable
amount of traffic are dropped.
Rate limiting can be applied to individual ports or port-channel. When an interface is configured with this
feature, the traffic rate will be monitored by the hardware to verify conformity. Non-conforming traffic is
dropped, conforming traffic is forwarded without any changes.
Rate Limit Configuration
Use the rate limit configuration pages to apply rate limiting.

Command Usage
• Input and output rate limit can be set for individual interfaces.
Command Attribute
• Port/Port-Channel - Displays the port number.
• Rate - Sets the rate limit in kilobits per second. Must be multiple of 64. (Range: 64-1000000)
• Burst - Sets the maximum burst size in kilobits. Must be power of 2. (Range: 32-4096)
Setting the Rate Limit

• This example shows how to set the rate limit via CLI for input and output traffic passing through port
3.
Example 8-5. Setting the Rate Limit via CLI.

DmSwitch2104(config-if-eth-1/3)#rate-limit input rate 256 burst 128
DmSwitch2104(config-if-eth-1/3)#rate-limit output rate 128 burst 64
75
Displaying Port Statistics
You can display standard statistics on network traffic from the interfaces. Interfaces and Ethernet-like
statistics display errors on the traffic passing through each port. This information can be used to identify
potential problems with the switch (such as a faulty port or unusually heavy loading). All values displayed
have been accumulated since the last system reboot, and are shown as counts per second.
Displaying Port Statistics via DmView
Figure 8-4. Displaying Port Statistics
Displaying Port Statistics via CLI

• The next example shows detailed port statistics for interface ethernet 13 via CLI.
Example 8-6. Displaying Port Statistics via CLI

DmSwitch2104#show interfaces counters ethernet 1/13 detail
Eth 1/13
Iftable stats:
Octets input : 1823448
Octets output : 3454001
Unicast input : 12257
Unicast output : 9764
Discard input : 0
Discard output : 0
Error input : 0
Error output : 0
Unknown protos input : 0
QLen : 0
Extended iftable stats:

Multi-cast input : 0
Multi-cast output : 231
Broadcast input : 81
Broadcast output : 451
Ether-like stats:
Alignment errors : 0
FCS errors : 0
Single Collision frames : 0
Multiple collision frames : 0
SQE Test errors : 0
Deferred transmissions : 0
Late collisions : 0
Excessive collisions : 0
Internal mac transmit errors : 0
Internal mac receive errors : 0
76
Chapter 8. Displaying Port Statistics
Frame too longs : 0

Carrier sense errors : 3
Symbol errors : 0
RMON stats:
Drop events : 0
Octets : 5277449
Packets : 22784
Broadcast packets : 532
Multi-cast packets : 231
Undersize packets : 0
Oversize packets : 1242
Fragments : 0
Jabbers : 0
CRC align errors : 0
Collisions : 0
Packet size <= 64 octets : 1129
Packet size 65 to 127 octets : 15352
Packet size 1024 to 1518 octets: 479
DmSwitch2104#
77
Address Table Settings
Switches store the addresses for all known devices. This information is used to pass traffic directly between
the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic
address table. You can also manually configure static addresses that are bound to a specific port.
Setting Static Addresses
A static address can be assigned to a specific interface on this switch. Static addresses are bound to the
assigned interface and will not be moved. When a static address is seen on another interface, the address
will be ignored and will not be written to the address table.
Command Attributes
• Static Address Counts* - The number of manually configured addresses.
• Current Static Address Table - Lists all the static addresses.
• Interface - Port or Port-Channel associated with the device assigned a static address.
• MAC Address - Physical address of a device maped to this interface.
• VLAN - ID of configured VLAN (1-4094).
Displaying Static Addresses via DmView

Figure 8-5. Displaying Static Addresses via Web
Adding a static entry to the address table via CLI

• The next example adds an address to the static address table via CLI.
Example 8-7. Adding a static entry to the address table via CLI.
DmSwitch2104(config)#mac-address-table static 00-e0-29-94-24-de ethernet 1/1 vlan 1
78
Displaying the Address Table
The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for
traffic entering the switch. when the destination address for inbound traffic is found in the database, the
packets intended for that address are forwarded directly to the associated port. Otherwise, the traffic is
flooded to all ports.
Command Attributes
• Interface - Indicates a port or port-channel.
• MAC Address - Physical address associated with this interface.
• VLAN - ID of configured VLAN (1-4094).
• Address Table Sort Key - You can sort the information displayed based on MAC address,
VLAN or interface (port or port-channel).
Displaying the Address Table via DmView

• Open Caminho ???.
Figure 8-6. Displaying Static Addresses
Displaying the Address Table entries for port 1 via CLI

• The next example show how to display the Address Table entries for port 1 via CLI.
Example 8-8. Displaying the Address Table entries for port 1 via CLI.
DmSwitch2104#show mac-address-table interface ethernet 1
# Total MAC Addresses for this criterion: 1
#
# 802.1p
# Interface MAC Address VLAN Priority Type
# ---------- ----------------- ---- -------- -------
# Eth 1/ 1 00:E0:52:B8:10:79 1 - Learned
DmSwitch2104#
79
Clearing the Address Table
With the following commands, it is possible to delete entries in the switch MAC Address Table.
Command Attributes
• Ethernet - Indicates a ethernet interface where MAC addresses will be deleted.
• VLAN - ID of configured VLAN. All its MAC addresses will be deleted.
• Port-channel - All MAC address belonging to a port-channel will be deleted.
Deleting MAC Addresses

• This example shows how to delete MAC addresses via CLI. In the example, we delete MAC addresses
from Ethernet 12, from VLAN 1, from Port-Channel 3 and then, with the last command, we deleted all
MAC addresses registered in the switch.
Example 8-9. Deleting MAC Addresses

DmSwitch2104#clear mac-address-table ethernet 1/1
DmSwitch2104#clear mac-address-table vlan 1
DmSwitch2104#clear mac-address-table port-channel 3
DmSwitch2104#clear mac-address-table
DmSwitch2104#
80
Changing Aging Time
You can set the aging time for entries in the dynamic address table.
Command Attributes
• Aging Status - Enables/disables the function.
• Aging Time - The time after which a learned entry is discarded. (Range: 10-1000000 seconds; De-
fault: 300 seconds)
Setting the Address Aging via DmView

Figure 8-7. Setting the Address Aging
Setting the Address Aging via CLI

• This example shows how to set Address Aging via CLI.
Example 8-10. Setting the Address Aging via CLI.

DmSwitch2104(config)#mac-address-table aging-time 400
81
Chapter 9. SNTP
The task of manual adjusting and maintaining of internal system clocks in a large or wide spread net-
work of devices can become difficult. In this context, the use of Simple Network Time Protocol (SNTP)
can be very helpful. SNTP is a simple distributed protocol intended to synchronize clocks of network
devices. Using the UDP port 123, a SNTP client contacts a time server and synchronize its clock and date
automatically. Remember that the system logs use the configured clock for generating the logs date and
time.
Command Attributes
• SNTP Client - Sets the state of the SNTP client.
• SNTP Polling Interval (16-16384) - The interval between 2 synchronization polls.
• SNTP Server - The IP address of a SNTP server.
• Current Time - The time and date currently used by the switch .
• Time Zone - Displays the name of time zone used, with the respective time offset.
• Clock Set - Use this option when the SNTP client is disabled, to configure a local time and date.
• Time Zone Set - Choose this option to configure a time zone and offset for your location.
• Name - the name of your time zone, any string will be accepted. Do not use spaces.
• Hours - offset in hours of your location.
• Minutes - offset in minutes of your location.
Configuring the SNTP Client via DmView

Figure 9-1. Configuring SNTP Client
Configuring SNTP Client via CLI

• The next example enables the SNTP client, configures the SNTP Polling Interval and the SNTP Server
address.
82
Chapter 9. SNTP
Example 9-1. Configuring SNTP Client via CLI

DmSwitch 3000(config)#sntp client
DmSwitch 3000(config)#sntp poll 16
DmSwitch 3000(config)#sntp server 200.218.160.160
DmSwitch 3000(config)#
Configuring the Clock Time Zone via Web

* Note: When the SNTP client is enabled, the local (Clock Set) options will always be overwritten on the next SNTP synchroniza-
tion polling.
Figure 9-2. Configuring the Clock Time Zone via DmView
Configuring the Clock Time Zone via CLI

• The next example configures a new timezone called "BrazilSP", with time offset of -3 hours and shows
the resulting configuration.
Example 9-2. Configuring the Clock Time Zone via CLI

DmSwitch 3000(config)#clock timezone BrazilSP -3 0
DmSwitch 3000(config)#show sntp
Current time: Mon Aug 22 17:28:48 2005
SNTP Status: enabled

SNTP poll interval: 16
SNTP server 1: 200.218.160.160
Last successful update: 0 s ago.

Server used: 200.218.160.160
Next attempt: in 16 s.
DmSwitch 3000(config)#show clock
Mon Aug 22 17:29:26 2005
83
Chapter 10. System Logs
The embedded syslog agent allows the registering of system events. You can check the event logs in order
to debug problems or control user access, for example. Depending on the type of event, it can be saved to
the system RAM, flash, sent to a remote log server or destination e-mail address.
Level Code Description

LOG_EMERG 0 kernel panic
LOG_ALERT 1 condition needing immediate
attention
LOG_CRIT 2 critical conditions
LOG_ERR 3 errors
LOG_WARNING 4 warning messages
LOG_NOTICE 5 not an error, but may need
attention
LOG_INFO 6 informational messages
LOG_DEBUG 7 when debugging a system
Command Attributes
• Ram Logs - Displays the logs saved in RAM.
• Flash Logs - Displays the logs saved in flash.
• System Log Status - Check Enabled to start processing system logs.
• Flash Level (0-7) - Sets the range of log severity that will be saved to flash.
• Ram Level (0-7) - Sets the range of log severity that will be saved to RAM.
• Remote Log Status - Check Enabled to enable the sending of logs to a remote log server.
• Remote Facility (16-23) - Sets the remote facility type.
• Remote Level (0-7) - Sets the range of log severity that will be sent to the remote log server.
• SMTP Status - Check Enabled to enable the sending of log messages by e-mail.
• SMTP Level (0-7) - Sets the range of log severity that will be sent to the destination e-mail.
• Source e-mail - Sets the source e-mail address inserted in messages.
• Destination e-mail - Sets the destination e-mail address.
• SMTP Servers - Sets a new SMTP server IP address.
Displaying System Logs via DmView

84
Figure 10-1. Displaying System Logs
Displaying System Logs via CLI

• The next example shows the logs from RAM and flash.
Example 10-1. Displaying System Logs via CLI

DmSwitch2104#show log ram
Jan 15 21:02:36 DmSwitch2104 : Equipment DmSwitch2104 started, configuration applied
Jan 15 21:02:38 DmSwitch2104 : Interface Ethernet 1/8 changed state to up
Jan 15 21:02:38 DmSwitch2104 : Unidirectional link detected or link down on port 1/1, blocking
Jan 15 21:13:06 DmSwitch2104 : User admin authenticated by internal database
Jan 15 14:14:37 DmSwitch2104 : Session opened from console, user admin, Process ID 273
Jan 15 15:39:42 DmSwitch2104 : FAN is not working
Jan 15 15:41:19 DmSwitch2104 : FAN started working
DmSwitch2104#show log flash

Jan 15 13:27:56 DmSwitch2104 : CPU usage > 90.00% (tun_tx 29.08%; interrupt 19.79%; rx_pkt 17)
Jan 15 13:28:14 DmSwitch2104 : CPU usage < 90.00%
DmSwitch2104#
Configuring System Logs via DmView

Figure 10-2. Configuring System Logs
Configuring System Logs via CLI

• The next example enables the logging of events, sets the range to be saved in RAM from 0 to 6 and in
flash from 0 to 3.
85
Example 10-2. IP Configuration via CLI

DmSwitch2104(config)#logging on
DmSwitch2104(config)#logging history ram 6
DmSwitch2104(config)#logging history flash 3
DmSwitch2104(config)#show logging
Syslog logging: Enabled
Local logging:
FLASH level: error (3)
RAM level: info (6)
SMTP logging:
Status: Disabled
Level: warn (4)
Source email:
Remote logging:
Status: Enabled
Facility: 23
Level: info (6)
Configuring Remote Logs via DmView

Figure 10-3. Configuring Remote Logs
Configuring Remote Logs via CLI

• The next example enables the use of remote logging, defines a server IP address, facility type and range
of log severity that will be sent to the remote log server from 0 to 6.
Example 10-3. Resetting the Switch via CLI

DmSwitch2104(config)#logging trap 6
DmSwitch2104(config)#logging host 192.168.10.160
DmSwitch2104(config)#logging facility 23
DmSwitch2104(config)#sh logging trap
REMOTELOG status: Enabled
REMOTELOG facility type: 23
86
REMOTELOG level type: info (6)

REMOTELOG server IP address: 192.168.10.160
Configuring SMTP Logs via DmView

Figure 10-4. Configuring SMTP Logs
Configuring SMTP Logs via CLI

• The next example enables the use of SMTP logging, defines a SMTP server IP address, source and
destination e-mail and range of log severity that will be sent to destination by e-mail.
Example 10-4. Configuring SMTP Logs via CLI

DmSwitch2104(config)#logging sendmail
DmSwitch2104(config)#logging sendmail level 4
DmSwitch2104(config)#logging sendmail source-email [email protected]
DmSwitch2104(config)#logging sendmail destination-email [email protected]
DmSwitch2104(config)#logging sendmail host 192.168.10.1
DmSwitch2104(config)#show logging
Local logging:
FLASH level: error (3)
RAM level: info (6)
SMTP logging:
Status: Enabled
Level: warn (4)
Source email: [email protected]
Destination email:
Address 1: [email protected]
Servers:
Server 1: 192.168.10.1
Remote logging:
Status: Enabled
Facility: 23
Level: info (6)
87
88
Chapter 11. Managing Security
Security is a very important issue in networks. This switch has a complete set of features that allows you
to improve the security of your network:
• Local User Management: This switch maintains a local user database so a user can be authenticated
locally on the switch.
• Remote User Authentication: An user can be authenticated using a Remote Authentication Dial-in User
Service (RADIUS) or Terminal Access Controller Access Control System Plus (TACACS+) server.
• Secure Web Access: By using the Secure Hypertext Transfer Protocol (HTTPS), a secure encrypted
session is established between a manager and the switch.
• Secure Shell: The Secure Shell (SSH) is a protocol that provides encrypted connections to a remote host.
The use of this protocol allows to establish a secure connection between your host computer and this
switch.
• Secure Network Access: By implementing the IEEE 802.1x port authentication this switch allows to
restrict the access to the network for authorized users only.
• Management Restricted Access: A network filter can be configured in order to avoid access to manage-
ment interfaces from any undesired network IP address.
This switch supports the following Security Features:

• Local User Management
• RADIUS authentication
• TACACS+ authentication
• HTTPS server
• SSH access
• IEEE 802.1x
• Management IP Filter
Local User Management

By using this option a user can be authenticated locally on the switch. Due to its easier configuration, this
feature is often used when few users need access to the switch management interface.
Command Attributes
• User Name - A unique text string that identifies the user (Case Sensitive).
• Access Level - Choose whether the user will be given a normal or privileged mode.
• Password - Enter the password for this user (Case Sensitive).
• Enabled - By enabling this option a password will always be required for this user.
89
Chapter 11. Local User Management
Configuring Local User Accounts via DmView

Figure 11-1. Configuring Local User Accounts
Configuring Local User Accounts via CLI

• The next example creates a new privileged user "John" with password "S19ma_p!", and removes a
normal user.
Example 11-1. Configuring Local User Accounts via CLI

DmSwitch2104(config)#username John access-level 15
DmSwitch2104(config)#username John password 0 S19ma_p!
DmSwitch2104(config)#no username Peter
DmSwitch2104#show running-config
Building configuration...
!
terminal timeout 0
!
username admin access-level 15
username admin password 7
username guest access-level 0
username guest password 7
username shell access-level 0
username shell nopassword
username John access-level 15
username John password 7
DmSwitch2104#
Note: The use of strong passwords is highly recommended. In order to create a strong password you
have to use strings that are a combination of letters, numbers and symbols (@, #, $, %, etc.). Pass-
words are case-sensitive, a strong password should contain letters in both uppercase and lowercase.
Strong passwords do not contain words found in a dictionary.
90
Authentication Settings
This switch allows you to configure multiple authentication methods in order to improve security, avail-
ability and scalability. By default, the local users database is used to configure access rights. You can also
use a remote authentication server using RADIUS or TACACS+ protocols to execute the authentication
task. A remote authentication server maintains a database with authorized usernames and passwords and
is accessed by the switch when an user tries to log in to the switch’s management interface (via Web
access, SSH, Telnet and console port).
Figure 11-2. Using Remote Authentication Servers
You can also configure multiple authentication servers in order to increase availability in case of server
failure. The servers will be contacted by the switch in the same order specified by the configuration
parameters. You can choose up to three different methods (Local, RADIUS and TACACS+).
Command Attributes
• Login - Choose the order of searching for users. The Local option will only be skipped when a user-
name entered is not present in the local database. RADIUS and TACACS+ options will only be skipped
when the respective servers are down.
91
Chapter 11. Authentication Settings
* (Note that an ACCESS REJECT message received from a authentication server does not generate a skip action and will always
result in authentication denial)
.
• RADIUS Settings - Options used when RADIUS authentication takes place.

• Global - Global RADIUS options.
• ServerIndex - This server index is used in the server search order. The authentication process
stops with a ACCESS ACCEPT or ACCESS REJECT response.
• Server IP Host - Specify an IP address from a RADIUS server.
• Server Port Number (1-65535) - Specify the port number which the RADIUS server will
be contacted. The default RADIUS server service port number is UDP 1812.
• Secret Text String - Messages exchanged between the switch and RADIUS server are au-
thenticated through the use of this secret text string.
• Number of Server Transmits (1-30) - Number of times the switch will try to authenti-
cate before proceeding to the next server.
• Timeout for a reply (1-65535) - The time interval the switch waits for a response from
the RADIUS server without sending another request.
• TACACS Settings - Options used when TACACS+ authentication takes place.

• Server IP Host - Specify an IP address from a TACACS+ server.
• Server Port Number (1-65535) - Specify the port number which the TACACS+ server
will be contacted. The default TACACS+ server service port number is TCP 49.
• Secret Text String - Messages exchanged between the switch and TACACS+ server are au-
thenticated through the use of this secret text string.
Configuring Authentication Settings via DmView

Figure 11-3. Configuring Authentication Settings
Configuring Authentication Settings via CLI
92
Chapter 11. Authentication Settings
• The next example demonstrates how to select an authentication method, configure two different RA-
DIUS servers (for fail-over purposes) and a TACACS+ server.
Example 11-2. Configuring Authentication Settings via CLI

DmSwitch2104(config)#authentication login radius tacacs local
DmSwitch2104(config)#radius-server host 1 address 192.168.10.1
DmSwitch2104(config)#radius-server host 1 auth-port 1812
DmSwitch2104(config)#radius-server host 1 key secret1
DmSwitch2104(config)#radius-server host 2 address 192.168.10.2
DmSwitch2104(config)#radius-server host 2 auth-port 1812
DmSwitch2104(config)#radius-server host 2 key secret2
DmSwitch2104(config)#tacacs-server host 192.168.10.3
DmSwitch2104(config)#tacacs-server auth-port 49
DmSwitch2104(config)#tacacs-server key secret3
DmSwitch2104#show radius-server
RADIUS authentication configuration:
Default Key: ********
Default Port: 1812
Timeout: 5
Retries: 2
Host 1:
Address: 192.168.10.1
Port: 1812
Key: ********
Host 2:
Address: 192.168.10.2
Port: 1812
Key: ********
Host 3:
Host 4:
Host 5:
DmSwitch2104#show tacacs-server
TACACS authentication configuration:
Server: 192.168.10.3
Key: ********
Port: 49
DmSwitch2104#
93
HTTP and HTTPS Configuration
The HTTPS server embedded in this switch allows the establishment of a secure encrypted web connection
between an authenticated (privileged) manager and the switch’s web configuration interface. Both the
secure HTTPS and the conventional HTTP server can be used simultaneously, in order to access the
secure interface use https://switch[:port_number] instead of http://switch in your web
browser. Note that when an encrypted connection is established a locked padlock should appear in your
web browser bar. The web browsers recommended for use with the web interface are Internet Explorer
6.x or above and Mozilla Firefox 1.03 and above.
Command Attributes
• HTTP Status - Choose whether the web server will be enabled or not.
• HTTP Port Number (1-65535) - Enter a valid port number or leave the default value. (Default:
80)
• HTTPS Status - Choose weather the secure web server will be enabled or not.
• HTTPS Port Number (1-65535) - Enter a valid port number or leave the default value. (Default:
443)
• HTTP and HTTPS Connections Maximum Number (1-32) - Enter a limit number of pos-
sible simultaneous connections. (Default: 8)
Configuring HTTP and HTTPS via DmView

Figure 11-4. Configuring HTTP and HTTPS
Configuring HTTP and HTTPS via CLI

• The next example enables the HTTP and HTTPS servers using port numbers 80 and 443 respectively.
It also limits the number of possible simultaneous connections in 8.
Example 11-3. Configuring HTTP and HTTPS via CLI

DmSwitch2104(config)#ip http server
DmSwitch2104(config)#ip http port 80
DmSwitch2104(config)#ip http secure-server
DmSwitch2104(config)#ip http secure-port 443
DmSwitch2104(config)#ip http max-connections 8
94
Chapter 11. Replacing the Secure Certificate
Replacing the Secure Certificate
The replacement of the default SSL Secure Certificate is highly recommended for security reasons. In
order to replace this certificate you must generate or obtain an unique certificate (preferably from a rec-
ognized certification authority), private key and password and save them in a tftp server.
Replacing the Secure Certificate via CLI
• The next example shows how to replace the default secure certificate by the new certificate file "Certifi-
cateFileName" with the private key file "PrivateKeyFileName" and password "passwd" from a TFTP
server 192.168.10.160. Note that the switch must be rebooted in order to the new certificate become
available.
Example 11-4. Replacing the Secure Certificate via CLI

DmSwitch2104(config)#fetch tftp https-certificate 192.168.10.160
CertificateFileName PrivateKeyFileName passwd
DmSwitch2104#reboot
95
Configuring the Secure Shell - SSH
The Secure Shell (SSH) is a protocol designed for logging into and executing commands on a remote
network host.The SSH protocol can be considered a secure alternative to telnet because its connections
are encrypted. Due to its higher security, you should consider the use of SSH instead of telnet whenever
possible.
This switch has an embedded SSH server that allows you to remotely log in and execute commands
(just like a telnet connection, but in a secure way). It is also possible to log in using a public/private key
mechanism instead of entering an user and password.
* Note: In order to use the SSH remote login you will need first to generate a public key.
SSH Server Settings
Command Attributes
• SSH Server Status - Choose whether the SSH server will be enabled or not.
• SSH Authentication Timeout (0-600) - The amount of time in seconds the SSH server
will wait for a response from a client during authentication. (Default: 120 seconds)
• SSH Server-Key Size (512-896)[ - Specifies the SSH server key size. (Range: 512-896 bits).
Server key is a private key that is never shared outside the switch. Host key is shared with the SSH client,
and is fixed at 1024 bits.]
• SSH Connections Maximum Number (1-32) - Enter a limit number of possible simultaneous
connections. (Default: 8)
Configuring SSH Server Settings via DmView

Figure 11-5. Configuring SSH Server Settings
Configuring SSH Server Settings via CLI
96
Chapter 11. SSH Server Settings
• The next example enables the SSH server using a timeout of 120 seconds and server key size of 768
bits. It also limits the number of possible simultaneous connections in 8.
Example 11-5. Configuring SSH Server Settings via CLI

DmSwitch2104(config)#ip ssh server
DmSwitch2104(config)#ip ssh server timeout 120
DmSwitch2104(config)#ip ssh server-key size 768
DmSwitch2104(config)#ip ssh max-connections 8
97
SSH Host-Key Settings
Command Attributes
• Public-Key of Host-Key - A 512 bits value that will be used by the client in order to establish
an encrypted terminal connection to the switch’s SSH server.
• RSA - Hexadecimal RSA fingerprint value.
• DSA - Hexadecimal DSA fingerprint value.
Configuring SSH Host-Key Settings via DmView

• Open Caminho ???.
Figure 11-6. Configuring SSH Host-Key Settings via Web
Configuring SSH Host-Key Settings via CLI

• The next example generates a RSA key and deletes a previous DSA key. It also fetches from the tftp
server 192.168.10.160 and enables the SSH server using a timeout of 120 seconds and server key size
of 768 bits.
Example 11-6. Configuring SSH Host-Key Settings via CLI

DmSwitch2104(config)#ip ssh host-key generate rsa
DmSwitch2104(config)#ip ssh host-key clear dsa
DmSwitch2104(config)#fetch tftp public-key 192.168.10.160 File User
98
Restricting Management Access
By default, this switch allows access to the management interface to any authenticated user. In order to
improve security, it is very interesting to restrict access only to management machines. This task can be
accomplished by creating an IP filter entry that allows only some network clients to access the manage-
ment interfaces. You can create IP filters for any management interface, including Web Configuration,
SNMP, Telnet and SSH.
Command Attributes
• HTTP IP Filter List - The current list of IPs allowed to access the Web Configuration interface.
• SNMP IP Filter List - The current list of IPs allowed to access the SNMP Configuration inter-
face.
• Telnet IP Filter List - The current list of IPs allowed to access the Telnet Configuration
interface.
• SSH IP Filter List - The current list of IPs allowed to access the SSH Configuration interface
• IP Address - An IP address in the format A.B.C.D/M, where M is the network mask that establishes
a sequence of allowed machines (one or more).
Restricting Management Access via DmView

• Open Caminho.
Figure 11-7. Restricting Management Access via DmView
Restricting Management Access via CLI

• The next example creates a new HTTP IP filter entry that grants access to the Web Configuration
Interface for the hosts from 192.168.10.1 to 192 .168.10.254. It also creates a specific entry for the host
192.168.11.1
Example 11-7. Restricting Management Access via CLI

DmSwitch2104(config)#management http-client 192.168.10.0/24
DmSwitch2104(config)#management http-client 192.168.11.1/32
99
Chapter 12. SNMP
The Simple Network Management Protocol (SNMP) is a widely used communication protocol built for
remote management and monitoring of network equipment (e.g. switches, routers, modems, etc.). A Net-
work Management Station (NMS) running an SNMP application accesses the built-in SNMP agent of the
remote managed device by reading from and writing to a called community. The community access string
act as a password for the NMS, allowing read-only or read-write access rights. Only network devices that
have configured community access strings can be managed/monitored via SNMP. Some SNMP network
devices can also be configured to automatically send information (called traps) about special events (e.g.
interface status up/down) to the NMS. This switch incorporates an onboard SNMP agent that regularly
monitors its hardware and software modules as well as its interfaces, allowing a NMS to manage/monitor
it via SNMP. It can also be configured to send SNMP traps to a remote NMS.
Configuring SNMP Community Access Strings

This switch can be configured with up to five SNMP community access strings. You must set the proper
name and access mode for each entry. Remember that community access strings act as passwords for
SNMP purposes, so you should replace the default entries by your own.
Command Attributes
• Community String - The string to be used by the NMS to manage this switch. Maximum 32
characters, case sensitive.
• Access Mode:
Read/Write - NMS is authorized to change and retrieve SNMP MIB objects from the switch.
Read-Only - NMS is authorized only to retrieve SNMP MIB objects from the switch.
• SNMP Community Capability - Display the maximum number of community strings supported
by the switch.
Configuring via DmView

Figure 12-1. Configuring SNMP Community Access Strings
100
Chapter 12. Configuring SNMP Community Access Strings
Configuring via CLI

• The next example illustrates how to add the community string "user" with read-only access.
Example 12-1. Configuring SNMP Community Access Strings via CLI:

DmSwitch 3000(config)#ip snmp-server community user ro
101
Setting SNMP Traps
A Trap is a notification sent by a SNMP agent to a NMS indicating that an important event has occurred.
In order to implement this functionality, you must set the NMS IP addresses and community names as
well as the SNMP trap version format to be sent.
This switch can send several types of traps and up to five NMS can be configured to handle this traps. The
traps the switch can send are:
• Power-On
• Link-Up/Link-Down
• Authentication
• Cold and Warm Start
• Configuration change or save
• Fan status change
• Forbidden access
• Login fail and success
• SFP presence
• Stack attach and detach
• Alarm status change
• Traps lost
Command Attributes
• Network Management Station Capability - Display the maximum number of NMS trap
receivers supported by the switch.
• Trap Receiver IP Address - The IP address of a NMS that will receive the traps sent by this
switch.
• Trap Receiver Community String - Traps will be sent to the NMS pertaining to this com-
munity string.
• Trap Version - Choose whether to send traps as SNMP v1 or 2c.
• Enable Power-On Traps - Send a trap when the switch is Powered-On.
• Enable Link-Up/Link-Down Traps - Send a trap when a link becomes Up or Down.
• Enable Authentication Traps - Send a trap each time a invalid SNMP community string is
submitted during the SNMP authentication procedure.
• Current - This box displays the already configured trap managers.

102
Chapter 12. Setting SNMP Traps
Figure 12-2. Configuring SNMP Trap Receivers
Configuring via CLI

• The following example illustrates how to add a trap receiver and enable traps.
Example 12-2. Configuring SNMP Trap Receivers via CLI:

DmSwitch2104(config)#ip snmp-server host 192.168.10.103 private version 2c
DmSwitch2104(config)#ip snmp-server enable link traps
DmSwitch2104(config)#ip snmp-server enable poweron traps
DmSwitch2104(config)#ip snmp-server enable authentication traps
103
Chapter 13. Link Aggregation
The link aggregation feature allows you to create resilient logical links on the network, improving avail-
ability and performance. A link aggregation port acts as a single link for management purposes, though
being generally composed of more than one physical link. By combining multiple links into one logical
link, Link Aggregation can drastically improve the bandwidth available. It can be used to fix bottlenecks
on the network, alleviate traffic exchanged among switches or even improve availability and bandwidth
for access servers.
Figure 13-1. Link Aggregation Use Cases
The most common types of link aggregation are static port-channels and dynamic port-channels. Static
port-channels have to be manually configured at both ends of the port-channel, and the switch or network
interface must comply with the Cisco EtherChannel standard. Dynamic port-channels use Link Aggre-
gation Control Protocol (LACP), defined by IEEE 802.3ad standard. Ports configured with LACP auto-
matically create port-channels with other LACP devices. When more than eight ports constitute a single
port-channel (static or dynamic) each new added port will be stated as standby, i.e, will only be used in
case one of the 8 ports fail.
104
Figure 13-2. Port-Channel with Active and Standby Ports
* Notes:
* - You must configure and treat port-channels as point-to-point links. Multipoint Aggregations (aggregations among more than two
systems) will not work properly.
* - A Port can only be assigned to one port-channel.
* - Link Aggregation is supported only on point-to-point links operating in full duplex mode. Use of half duplex operation is not
recommended.
* - All links in a port-channel must operate at the same data rate (e.g. 10 Mb/s,100 Mb/s, or 1000 Mb/s).
* - In order to prevent a network loop creation, first configure the port-channel member ports and then connect the cables. In order to
prevent data loss while removing a port from a port-channel, remove the cable first, then remove the port via management software.
* - RSTP, VLAN, IGMP, GVRP settings are made for the entire port-channel.
This switch supports the following Link Aggregation features:
• Cisco EtherChannel for static port-channels
• IEEE 802.3ad LACP - Link Aggregation Control Protocol
• Maximum port-channels per stack: 32
• Maximum forwarding ports per port-channel: 8
• Maximum standby ports per port-channel: unlimited
105
Chapter 13. Static Port-Channel Configuration
Static Port-Channel Configuration

Configuring Static Port-Channel Membership via DmView
Figure 13-3. Configuring Static Port-Channel Membership
Configuring Static Port-Channel Membership via CLI

• The next example creates a new port-channel 1, add/removes member ports, and removes port-channel
2 via CLI.
Example 13-1. Configuring Static Port-Channel Membership via CLI

DmSwitch2104(config)#interface port-channel 1
DmSwitch2104(config-if-port-ch-1)#set-member ethernet 1
DmSwitch2104(config-if-port-ch-1)#set-member ethernet range 2 3
DmSwitch2104(config-if-port-ch-1)#exit
DmSwitch2104(config)#no interface port-channel 2
DmSwitch2104#show interfaces status port-channel 1
Information of Port-Channel 1
Basic information:
Port type: 100TX
MAC address: 00:04:DF:00:31:01
Configuration:
Name:
Port admin: Up
Speed-duplex: Auto
Capabilities: 10M half, 10M full, 100M half, 100M full
Flow-control: Disabled
MDIX: Auto
Current status:
Created by: User
Link status: Down
Members: Eth1/1 to Eth1/3
DmSwitch2104#
106
Chapter 13. Static Port-Channel Configuration
* Note: A new Port-Channel uses the configuration from the first port that is added to it. The following added ports will use the
port-channel active configuration. When removed from the port-channel, ports will use the default configuration.
107
LACP
Configuring LACP
Command Attributes
• Admin Key - A unique key shared among ports on the same port-channel. Different port-channels
should have different keys.
• Port Priority - When more than 8 ports are constituting an aggregate, the lower the value, the
more likely that the port will be in the active state.
• Enabled - Enable this option so this port will be able to automatically negotiate port-channels with
LACP.
LACP Port Configuration via DmView

Figure 13-4. Configuring LACP
LACP Port Configuration via CLI

• The next example configures administrative key, port priority values and enables LACP on the interface.
Example 13-2. Configuring LACP via CLI

DmSwitch2104(config-if-eth-1/1)#lacp actor admin-key 255
DmSwitch2104(config-if-eth-1/1)#lacp actor port-priority 1
DmSwitch2104(config-if-eth-1/1)#lacp
108
Displaying LACP Information
Displaying LACP Port Counters

Field Description
• LACPDUs Sent - Number of LACPDUs sent from this port-channel.
• LACPDUs Received - Number of LACPDUs received on this port-channel.
• Marker Response - Number of Marker PDUs transmitted from this port-channel .
• Marker Received - Number of Marker PDUs received by this port-channel .
• LACPDUs Pkts Err - Number of LACPDUs received with error.
Displaying LACP Port Counters via DmView

Figure 13-5. Displaying LACP Port Counters
Displaying LACP Port Counters via CLI

• The next example illustrates how to display LACP Port Counters via CLI.
Example 13-3. Displaying LACP Port Counters via CLI:

DmSwitch2104#show lacp counters
-------------------------------------------------------------------
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
-------------------------------------------------------------------
Aggregator id 1 (channel-group 1)
eth 1/25 156 76 0 0 0 0 0

DmSwitch2104#
109
Displaying LACP Port Internal Information
Field Description
• Oper Key - Value of the operational key for the port-channel.
• Admin Key - Value of the administrative key for the port-channel.
• LACP Port Priority - Value of the LACP port priority within this port-channel.
• Flags - Flags indicating the port’s mode.
• Port State - Set of actor’s state parameters.
Displaying LACP Port Internal Information via DmView

Figure 13-6. Displaying LACP Port Internal Information
Displaying LACP Port Internal Information via CLI

• The next example illustrates how to display LACP Port Internal Information via CLI.
Example 13-4. Displaying LACP Port Internal Information via CLI:

DmSwitch2104#show lacp internal
Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs
A - Device is in Active Mode P - Device is in Passive mode
Port state: A - LACP_Activity T - LACP_Timeout G - Aggregation E - Expired

S - Synchronization D - Distributing C - Collecting F - Defaulted
LACP port Admin Oper Port Port

Port Flags Priority Key Key Number State
eth 1/5 SA 32768 0x100 0x103 5 AGSCD
DmSwitch2104#
110
Displaying LACP Port Neighbors Information
Field Description
• System ID - System ID used by the neighbor.
• Flags - Flags indicating the neighbor port mode.
• LACP Port Priority - LACP port priority assigned to this interface within the channel group.
• Oper Key - Value of the neighbor operational key for the port-channel.
• Port Number - Port number of the neighbor peer.
• Port State - Set of neighbor port state parameters.
Displaying LACP Port Neighbors Information via DmView

Figure 13-7. Displaying LACP Port Neighbors Information
Displaying LACP Port Neighbors Information via CLI

• The next example illustrates how to display LACP Port Neighbors Information via CLI.
Example 13-5. Displaying LACP Port Neighbors Information via CLI:

DmSwitch2104#show lacp neighbor
Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs
A - Device is in Active Mode P - Device is in Passive mode
Port state: A - LACP_Activity T - LACP_Timeout G - Aggregation E - Expired

S - Synchronization D - Distributing C - Collecting F - Defaulted
Partner’s information:
System LACP port Oper Port Port

Port ID Flags Priority Key Number State
eth 1/1 32768,0030.f1cc.3dc0 SA 32768 0x3 13 AGSCD
DmSwitch2104#
111
Chapter 14. VLAN
Virtual Local Area Networks (VLANs) are logical groups of network nodes implementing separate Layer
2 broadcast domains. Each VLAN is considered a unique broadcast domain, i.e., each network node will
only be able to communicate with other nodes that are contained inside the VLAN. A Layer 3 device (e.g,
a router) will be necessary in order to establish a connection between different VLANs. In large networks,
VLANs help to contain broadcast traffic, optimizing the network resources usage. By Isolating network
groups into VLANs you can also improve network security.
This switch supports the following VLAN features:
• Maximum of 4094 VLANs
• Port Overlapping
• Multiple VLAN membership
• Bridging between VLAN aware and VLAN unaware equipment
• Port-and-Protocol based VLAN
• MAC-Based VLAN
• Q-in-Q
IEEE 802.1Q VLANs

The IEEE 802.1Q Virtual Bridged Local Area Networks standard proposes a way for marking MAC
layer frames allowing a switch to propagate VLAN information among other vendor-specific compliant
switches. A 802.1Q VLAN works adding a mark called Tag to ethernet frames across switches. This tag
carries an identifier called VLAN Identifier - VID that contains information about the VLAN membership
of the frame, allowing switches to forward frames only to ports that are members of the specified VID.
When the switch receives a frame it checks the presence of the 802.1Q tag on it. If present (tagged), the
frame is forwarded directly to the remaining member ports of the VLAN ID. If absent (untagged), the
frame is forwarded to all remaining member ports from the default VID of the receiving port.
A Tagged Trunk is a port that is usually connected to another switch and multiplexes two or more VLAN
frames across the network. In order to create a tagged trunk, you must add a port as a tagged member of
the VLANs that you want traffic passing through.
A Port-Based non-overlapping VLAN is the most simple way to implement VLANs. For each switch port
is assigned one Port VLAN ID that identifies the port group membership. For example, you can create
VLANs Marketing and Engineering (IDs 2 and 3 respectively), so people from Marketing department
will not be able to communicate via Layer 2 with people from Engineering department. Then you can
112
Chapter 14. IEEE 802.1Q VLANs
assign the ports 1-10 for Marketing VLAN and 11-20 to Engineering VLAN. The main advantages using
this method are the easy start-up configuration and centralized administration. However, with the growing
number of VLANs and port utilization/reassignment, this technique becomes harder to manage.
Figure 14-1. A Port-Based non-overlapping VLAN
Example 14-1. Port-Based non-overlapping Design
The next table exemplifies a network design based on Port-Based non-overlapping VLAN. In this scenario,
both Marketing and Engineering personnel will have granted access to is own servers and printers but will
not be able to communicate to each other.
Port 1-10 (Engineering) 11-20 (Marketing)

VID 2 3
VLAN 2 Table Untagged Not Member
VLAN 3 Table Not Member Untagged
Port-based non-overlapping VLANs also have problems extending along other switches, because requires
using an exclusive port for each VLAN connection to another switch. This scenario can become a problem
when using the Spanning-Tree Algorithm, because it will probably block all redundant paths between
switches.
113
Chapter 14. IEEE 802.1Q VLANs
Figure 14-2. Extending a Port-Based non-overlapping VLAN
The use of 802.1Q VLANs allows the Port-Overlapping use. This mean that ports can belong to more
than one VLAN, allowing, for example, printers or servers to be shared among separate VLANs. The
only requirement is that the device’s network card using port-overlapping must be 802.1Q compliant.
Figure 14-3. Using 802.1Q VLAN Port-Overlapping
114
Example 14-2. Port-Overlapping VLAN Design
The next table exemplifies a network design based on Port-Overlapping VLAN feature. In this scenario,
both Marketing and Engineering personnel will have granted access to the shared printer and server but
will not be able to communicate to each other. Note that the shared resources (server, printer, etc..) must
have 802.1Q network interface cards (VLAN-aware devices).
Port 1-10 (Engineering) 11-20 (Marketing) 21-22 (Server, Printer)

VID 2 3 Do not care
VLAN 2 Table Untagged Not Member Tagged
VLAN 3 Table Not Member Untagged Tagged
Q-in-Q
Usually, the service provider costumer has specific VLANs on its network and want to communicate with
its other remote VLANs through the provider network . One way to resolve this problem is to directly
forward the costumer tagged traffic into the provider network. This solution brings one problem: with the
growing demand of VLANs by the clients, the 4094 VLANs address space would be quicly exausted.
Another way to resolve this issue is by using the Q-in-Q feature.
Figure 14-4. Q-in-Q frame tagging
115
Chapter 14. Q-in-Q
Q-in-Q is an encapsulation method that allows a service provider to offer transparent tunneling of client
VLANs data through its core network. This is done by adding a second outer VLAN tag, also called Metro
Tag. All client VLAN-tagged frames are marked with its specific Metro Tag (assigned transparently by the
service provider) and then switched through the provider network until reach its destination (the remote
client interconnection point), where the Metro Tag is extracted and the original tagged frame is forwarded.
Figure 14-5. Q-in-Q framework
116
When to Create 802.1Q VLANs
Use 802.1Q tagged VLANs only when connecting VLAN aware devices (e.g 802.1Q compliant
switches/network cards). Setting a port as tagged for a specific VLAN means that the switch will always
forward a tagged frame out this port when receiving a frame for this VLAN in another member port.
Access ports connected to hosts that are VLAN unaware must be set to untagged.
117
Rules for Creating 802.1Q VLANs
When creating 802.1Q VLANs keep in mind that:
• Each VLAN has its own unique VID;
• One port can belong to any tagged or untagged 802.1Q VLAN;
• One port must belong to at least one VLAN (either tagged or untagged);
• When the interface Acceptable Frame Type parameter is set to tagged, the PVID value is ig-
nored.
118
Three Basic Steps to Configure 802.1Q VLANs
Follow this three basic steps to successfully configure VLANs
• Create one VLAN ID for each VLAN you need;
• Add ports to created VLANs: each port must be configured as tagged, untagged, forbidden or not
member, respecting the mentioned rules;
• Configure each port separately: assign a PVID and the acceptable frame format to be received by the
port.
119
Displaying VLAN Information
Displaying Current VLAN Configuration
Use the VLAN Configuration page to see separate information for each VLAN on the switch.
Field Description
• VLAN ID - Displays all the currently configured VLAN IDs (static or dynamic learnt).
• IP Address - Displays the IP Address currently configured (optional).
• Type - Displays how the VLAN was added to the switch:
Dynamic: Automatically learnt by GVRP.
Static: Statically configured by an administrator.
• Egress Ports - The current set, type and tagging type of member ports.
Displaying via DmView

Figure 14-6. Displaying VLAN Configuration
Displaying via CLI

• The next example illustrates how to display Current VLAN Information via CLI.
Example 14-3. Displaying Current VLAN Information via CLI:

DmSwitch2104#show vlan id 1
VLAN ID: 1
Type: Static
Name: DefaultVlan
Status: Active
IP Address: 192.168.25.189/24
Members: Eth1/2 to Eth1/28 (static, untagged)
DmSwitch2104#
120
VLAN Creation
The VLAN Configuration page allows you to create a VLAN by specifying a valid VID. You can also
configure a VLAN name up to 32 characters. You must set the VLAN status to Active if you want it to
forward frames. You can edit a VLAN status by selecting the desired VLAN and changing its status box.
You can also create an IP address for accessing the management interface from this VLAN.
Command Attributes
• VLAN ID - Choose a valid VLAN ID (range: from 2 to 4094).
• IP Address - Fill in a valid IP address and Subnet Mask (optional) This address will be used in order
to access the management interface from this VLAN.
• State - Select whether to Activate or Suspend the frame forwarding for this VLAN.
• Remove - Destroy the selected VLAN. All ports which are using this PVID will be transferred to the
DefaultVlan PVID 1.
* Notes:
* - Only the PVID of the ports which were using the destroyed VLAN ID will be changed to PVID 1. Ports which were exclusively
egress members (either tagged or untagged) of the destroyed VLAN will be also automatically set to untagged member of VLAN 1.
* - The VLAN 1 (DefaultVlan ), Dynamic VLANs entries and Static VLANs with dynamic member ports can not be removed or
disabled.
* - By changing a Dynamic VLAN entry, it will be automatically changed to a static type.

• Open Caminho
Figure 14-7. Creating a VLAN via DmView
Configuring via CLI

• The next example illustrates how to create a VLAN with ID 2 named "engineering" and add a IP address
via CLI.
121
Chapter 14. VLAN Creation
Example 14-4. Creating a VLAN via CLI:

DmSwitch2104(config-if-vlan-2)#name engineering
122
Adding VLAN Static Member Ports
The Static Table Page allows you to add/remove/change the static VLAN port membership. Add ports
as tagged if there are only VLAN-aware devices connected to this VLAN. If there are VLAN-unaware
devices connected choose the untagged option. Configure a VLAN as Forbidden to avoid the port to learn
this VLAN by GVRP.
Command Attributes
• VLAN ID - ID of the VLAN. (1-4094)
• VLAN Name (optional) - Display the VLAN name for administrative-only purposes. (1-32 characters)
• Status - Select Active to begin forwarding of frames or Suspended to stop forwarding for the
specific VLAN
• Port - Port Number
• Membership - Select the appropriate VLAN membership for each port or port-channel. Note that you
can not change separately ports grouped into port-channels. You can configure port-channels by using
the last table on this page.
* Note: Although you are not allowed to remove a dynamic member port, you can change it to a static type.

Figure 14-8. Configuring VLAN membership
Configuring via CLI

• The next example illustrates how change the VLAN membership type for interfaces via CLI.
Example 14-5. Configuring VLAN membership via CLI:

DmSwitch2104(config-if-vlan-2)#set-member tagged ethernet 1
DmSwitch2104(config-if-vlan-2)#set-member untagged ethernet 3
DmSwitch2104(config-if-vlan-2)interface vlan 3
DmSwitch2104(config-if-vlan-3)#set-member forbidden ethernet 3
DmSwitch2104(config-if-vlan-3)#no set-member ethernet 1 2
123
Chapter 14. Adding VLAN Static Member Ports
124
VLAN Interface Configuration
The VLAN Interface Configuration Page allows you to configure VLAN-related properties for switch
ports. Port-Channel member ports are configured on the VLAN Port-Channel Configuration page.
Command Attributes
• PVID - The Port VLAN ID must be set to a already created VID and is assigned only to untagged
frames received on this port. . If the port is configured to accept tagged frames only, there is no sense
to configure this parameter, so any change to it will be ignored.
• Acceptable Frame Type - The frame type the port will accept to receive. Choose All to accept
both tagged and untagged frames. Selecting Tagged will force the switch to discard received untagged
frames.
• Ingress Filtering - Enable this option to make the switch discard incoming tagged frames from
VLANs that the port is not member. Disable this option to make the switch flood non-member incoming
frames (note that frames from forbidden VLANs will always be discarded).
• Port-Channel Member - Displays the port aggregation membership. Note that port-channel mem-
ber ports are configured on the VLAN Port-Channel Configuration page.

Figure 14-9. VLAN Interface Configuration Page
Configuring via CLI

• The next example illustrates how to configure VLAN characteristics for a interface via CLI.
Example 14-6. Configuring VLAN Interface via CLI:

DmSwitch2104(config-if-eth-1/1)#switchport native vlan 2
125
Chapter 15. Spanning Tree
In a bridged network the use of a Spanning Tree Algorithm (STA) is usually vital to improve network
dependability and resiliency. The main purpose of this algorithm is to avoid the creation of network loops
while guaranteeing end-user availability. In fact, active network loops in a bridged network are highly un-
desired because they bring problems like Broadcast Storms and Duplicate Unicast Frame Transmissions.
However, network managers usually need to implement redundant links in order to improve dependability.
By allowing the assignment of network backup links, a STA can also improve network resiliency. Being
implemented on the Layer 2, the first standard for a Spanning Tree Protocol (STP) was released by the
IEEE committee 802.1D. The next standard, Rapid Spanning Tree Protocol (RSTP) was released under
the 802.1W IEEE specification and it is a major improve to the old and slow STP. You should consider
using the RSTP protocol implementation whenever possible.
This switch supports the following STA features:
• IEEE 802.1D STP - Spanning Tree Protocol (per VLAN)
• IEEE 802.1w RSTP - Rapid Spanning tree Protocol (per VLAN)
• IEEE 802.1s MSTP - Multiple Spanning Tree Protocol
How STP Works

STP is a distributed algorithm that create a loop-free bridged network. It achieves this by creating a
spanning tree structure on the network. Initially, by exchanging Bridge Protocol Data Units - BPDUs, a
single root bridge is selected among all connected participating bridges. Based on this information, each
remaining bridge selects a root port, i.e., a port with the lowest cost that leads to the root bridge. Next, each
bridge determines which ports will be designated for their corresponding LANs. Both root and designated
ports will be put in the forwarding state. All remaining ports will be put in the blocked state. By blocking
all redundant paths STP guarantees a loop-free topology.
126
Chapter 15. How STP Works
Figure 15-1. Maintaining a Loop-Free Topology by Using STP
127
Differences Between RSTP and STP
RSTP is a improvement to the legacy STP. It is able to reduce the time until convergence and reconfig-
uration of the topology occurs by implementing alternate and backup type ports, reducing port states,
enabling explicit proposal/agreement sequences on new designated ports and enabling instant forward-
ing on edge ports. The topology change mechanism was also improved, allowing a rapid propagation of
topology change information along the network.
RSTP is fully compatible with legacy STP bridges. Whenever a STP bridge is detected by a RSTP bridge,
the later will automatically start to send STP compatible BPDUs, guaranteeing a stable and loop-free
network.
128
Displaying STA Information
The STA Information pages allow you to see the parameters and states related to STA.
Displaying STA Global Properties
The following STA Global Properties can be displayed:

Command Attributes
• Spanning Tree Mode - Whether the STA is RSTP (recommended), STP (legacy STP compatibil-
ity mode) or MSTP.
• MST Name - Dislay the MST region name.
• MST Revision Version - The MST region revision number.
Displaying via CLI

• The next example illustrates how to display Spanning Tree Global Information via CLI.
Example 15-1. Displaying Spanning Tree Information via CLI:

DmSwitch 3000#show spanning-tree
Spanning-tree information
-------------------------
Spanning tree mode: RSTP
MST name: test
MST revision: 1
DmSwitch 3000#
129
Displaying STA Instance Information
Use the STA Instance Information page to see the STA instance parameters configured on the switch.
Field Description
• Spanning Tree Mode - Whether the STA instance is RSTP (recommended), STP (legacy STP
compatibility mode) or MSTP.
• Spanning Tree State - The STA instance State.
• Bridge ID - The bridge ID of the instance. (Will be submitted by this switch in the next root bridge
election). It is the concatenation of the configured bridge priority and the bridge MAC address.
• Max Age - When the Max Age timer expires on a port, this port starts the process to become a Desig-
nated Port for its segment. If it is the root port, a new root port election will be executed.
• Hello Time - The time interval between two consecutive configuration messages sent by the root
bridge.(Or by this bridge, when it becomes the root bridge).
• Forward Delay - In a worst case scenario, the STA instance waits the expiration of this timer to
transit a port from blocking state to learning state, and from learning state to forwarding state.
• Designated Root -The root bridge ID of the spanning tree instance topology. (When STA is not
enabled for an instance, this value is equal to the bridge ID of it).
• Root port - The bridge port number that leads to the root bridge.
• Root path Cost - The path cost to reach the root bridge.
• Number of Topology Changes - Number of reconfigurations of the spanning tree instance
topology.
• Last Topology Change - Time elapsed since the last Topology Change.
• Members - The VLAN IDs of the spanning tree instance.
Displaying via CLI

• The next example illustrates how to display Spanning Tree Instance Information via CLI.
Example 15-2. Displaying Spanning Tree Information choosing an Instance via CLI:
DmSwitch 3000#show spanning-tree 1
Spanning-tree 1 information
---------------------------------------------------------------
Spanning tree mode: RSTP
Spanning tree state: Enabled
Priority: 0
Bridge Hello Time (sec.): 2
Bridge Max Age (sec.): 20
Bridge Forward Delay (sec.): 15
Root Hello Time (sec.): 2
Root Max Age (sec.): 20
Root Forward Delay (sec.): 15
Designated Root: 0.0004df0000eb
Current root port: 0
Current root cost: 0
Number of topology changes: 0
Last topology changes time (sec.) 5201
Members: VLAN 1
---------------------------------------------------------------
130
Chapter 15. Displaying STA Instance Information
131
Displaying STA Instance Port Information
Use the STA Instance Port Information page to see the STA instance port parameters configured.
Field Description
• STA Admin State - Displays weather the STA instance is enabled on the port or not.
• Role - Shows the port role: Designated (when it transmits traffic to/from this LAN segment through
this bridge to the root bridge), Root (a port that is part of the active topology that leads to the root
bridge), Alternate or Backup (a port that provides a redundant path on this switch or to another switch
in case a active root or designated port fails) and Disabled when the port does not participate in the
spanning tree instance.
• State - Shows the port state: Blocking (the port does not forward frames), Learning (the port does not
forward frames but learns MAC addresses), Forwarding (the port is forwarding frames).
• Designated Cost - In order to select the best path possible that leads to the root bridge, the STA
uses this parameter to calculate the cost along a port to the root bridge. The port with the lowest des-
ignated cost will be selected. This is the cost reported by the designated port on the LAN segment this
port is attached to.
• Priority - In case the designated cost being equal or greater on more than one port on the switch, the
port with the lowest priority value (highest priority) will be selected as member of the active topology.
Whenever more than one port present the same designated cost and priority, the port with lowest number
will be selected.
• Path Cost - Faster ports should be configured with lower path costs than slower ports.
• Designated Port - Priority and number of the designated port on the LAN segment this port is
attached to.
• Designated Root - Root bridge ID received from the designated bridge of the LAN this port is
attached to.
• Designated Bridge - Bridge ID of the designated bridge of the LAN segment this port is attached
to.
• Admin Edge Port - If enabled, the port is considered not to be attached to another bridge, so fast
transition to forwarding state will be achieved.
• Admin Link Type - Choose Point-to-Point if this port is directly attached to another bridge.
Choose Shared if this port is connected to a shared LAN segment (a segment with three or more
bridges, connected by a Hub). Leaving the Auto option will result in a point-to-point type link when
the port is forced (or auto-negotiates) to full-duplex communication and results in a shared type link
when half-duplex mode is operational.
• Oper Edge Port - The operational status of the edge (fast forwarding) mode.
• Oper Link Type - The operational link type of the port (see the Admin Link Type parameter above
for a detailed description of this filed)
Displaying via CLI

• The next example illustrates how to display Spanning Tree Instance Port Information via CLI.
132
Chapter 15. Displaying STA Instance Port Information
Example 15-3. Displaying Spanning Tree Port Information by selecting an Instance via CLI:
DmSwitch 3000#show spanning-tree 1 ethernet 1/1
Eth 1/ 1 information
---------------------------------------------------------------
STA admin state: Enabled
Role: Disabled
State: Disabled
Path cost: 200000
Priority: 128
Designated cost: 0
Designated port: 128.1
Designated Root: 0.000000000000
Designated Bridge: 0.000000000000
Admin edge port: Disabled
Admin Link type: auto
Oper edge port: Disabled
Oper Link type: point-to-point
DmSwitch 3000#
133
Configuring STA
Configuring STA Global Properties
You can configure the following STA Global Properties:

Command Attributes
• Spanning Tree Type - Choose whether the instance will use STP (802.1D STP), RSTP (802.1w
RSTP) or MSTP format BPDUs (RSTP is the default, STP is a compatibility mode).
• Revision Version - The MST region revision number.
• Name - The MST region name.
Configuring via CLI

• The next example illustrates how to select the spanning tree mode to RSTP, via CLI.
Example 15-4. Configuring the STA mode

DmSwitch 3000(config)#spanning-tree mode rstp
• To configure the MST revision to 1 and set its name to "test", the next example illustrates it:
Example 15-5. Configuring the MST revision and its name

DmSwitch 3000(config)#spanning-tree mst revision 1
DmSwitch 3000(config)#spanning-tree mst name test
134
Configuring STA Instance Properties
Use the STA Instance Configuration page to configure each instance of the STA parameters such as state
and timers.
Command Attributes
• Spanning Tree State - Enables/Disables the spanning tree instance state.
• Priority - Set the desired Bridge Priority of the instance. This value will be used by STA in order to
elect the spanning tree root bridge. Lower values represents higher priorities to become the root bridge.
If all devices on the network use the same priority, the one with the lowest MAC address will be elected
the root bridge.
- Default: 32768 - Range: 0-61440, in steps of 4096. - Options: 0, 4096, 8192, 12288, 16384, 20480,
24576, 28672, 32768, 36864,40960, 45056, 49152, 53248, 57344, 61440
• Hello Time - Set the time interval (in seconds) used by the STA instance (only while being the root
bridge) between sending BPDUs.
• Maximum Age - Set the Maximum Age parameter (in seconds) for this instance that will be sent on
BPDUs by this switch while being the root bridge.
• Forward Delay - Set the Forward Delay parameter (in seconds) for this instance that will be sent
on BPDUs by this switch while being the root bridge.
• VLAN Members - Set the VLAN IDs to add it to a spanning tree instance.
Configuring via CLI

• The next example illustrates how to change the instance 1 of spanning tree bridge priority to 61440 and
enable this STA instance via CLI.
* Note: Timer values are selected by default and can be changed as required.
Example 15-6. Configuring the Instance 1 of STA Properties

DmSwitch 3000(config)#spanning-tree 1 priority 61440
DmSwitch 3000(config)#spanning-tree 1 hello-time 2
DmSwitch 3000(config)#spanning-tree 1 forward-delay 15
DmSwitch 3000(config)#spanning-tree 1 max-age 20
DmSwitch 3000(config)#spanning-tree 1
• To add VLAN 1 to spanning tree instance 1, the next example illustrates it:
Example 15-7. Adding VLAN 1 to Spanning Tree Instance 1

DmSwitch 3000(config)#spanning-tree 1 vlan 1
135
Configuring STA Instance Port Properties
The STA Instance Port Configuration allows you to set specific STA Port parameters for an instance.
Command Attributes
• Spanning Tree - Enables/Disables the STA on this port for an specific instance. Default: Enabled
• Priority - Set the priority of the port in steps of 16. Default: 128
• Path Cost - Set the path cost. Recommended values are: For 10 Mb/s links - Path Cost 2.000.000
For 100 Mb/s links - Path Cost 200.000 For 1 Gb/s links - Path Cost 20.000 For 10 Gb/s links - Path
Cost 2.000
• Admin Link Type - Choose Point-to-Point when the port is connected to only one bridge
partner. Choose Shared when the port is connected to more than one bridge partner (e.g a port con-
nected to a Hub with 3 bridges ). Choose Auto to let the switch choose the Admin Link Type based on
the link duplex state from the port. Default: Auto
• Admin Edge Port (Fast Forwarding) - Enable this option whenever the port is attached to
a end-station (not a bridge). Default: Disabled
Configuring via CLI

• The next example illustrates how to set, for a spanning tree instance, path cost, link type, port priority
and STA administrative state on a interface via CLI.
Example 15-8. Configuring a Port, by choosing the Instance 1 of STA

DmSwitch 3000(config)#interface ethernet 1/1
DmSwitch 3000(config-if-eth-1/1)#spanning-tree 1 cost 200000
DmSwitch 3000(config-if-eth-1/1)#spanning-tree 1 link-type point-to-point
DmSwitch 3000(config-if-eth-1/1)#spanning-tree 1 port-priority 128
DmSwitch 3000(config-if-eth-1/1)#spanning-tree 1
DmSwitch 3000(config-if-eth-1/1)#no spanning-tree 1 edge-port
DmSwitch 3000(config-if-eth-1/1)#exit
136
Chapter 16. Ethernet Automatic Protection
Switching Configuration
The EAPS protocol provides fast protection switching to layer 2 switches interconnected in an Ethernet
ring topology, such as a metropolitan area network (MAN) or large campuses. EAPS protection switching
is similar to what can be achieved with the Spanning Tree Protocol (STP), but offers the advantage of
converging in less than a second when a link in the ring breaks.
To take advantage of the Spatial Reuse technology and broaden the use of the ring’s bandwidth, EAPS
supports multiple EAPS domains running on the ring at the same time.
EAPS operates by declaring an EAPS domain on a single ring. Any VLAN that warrants fault protection
is configured on all ring ports in the ring, and is then assigned to an EAPS domain. On that ring domain,
one switch, or node, is designated the master node, while all other nodes are designated as transit nodes.
One port of the master node is designated the master node’s primary port (P) to the ring; another port
is designated as the master node’s secondary port (S) to the ring. In normal operation, the master node
blocks the secondary port for all non-control traffic belonging to this EAPS domain. If the master node
detects a break in the ring, it unblocks its secondary port and allows data traffic to be transmitted and
received through it.
EAPS fault detection on a ring is based on a single control VLAN per EAPS domain. This EAPS domain
provides protection to one or more data-carrying VLANs called protected VLANs. The control VLAN is
used only to send and receive EAPS messages; the protected VLANs carry the actual data traffic.As long
as the ring is complete, the EAPS master node blocks the protected VLANs from accessing its secondary
port.
A master node detects a ring fault in either of two ways:
• Failed response to a periodic health-check packet on the control VLAN

• "Link down" trap message send by a transit node on the control VLAN
When the master node detects a failure, it declares a "failed" state and opens its logically blocked sec-
ondary port on all the protected VLANs. The master node also flushes its forwarding database (FDB)
and sends a message on the control VLAN to all of its associated transit nodes to flush their forwarding
databases.
Enabling EAPS Globally

Enabling EAPS Globally via Web
137
Chapter 16. Enabling EAPS Globally
• Open LAYER 2 - EAPS - EAPS Global Configuration. Mark EAPS globally

enabled for the switch. Click Apply.
Figure 16-1. Enabling an EAPS Globally via Web
Enabling EAPS Globally via CLI

• The next example illustrates how to enable an EAPS globally via CLI.
Example 16-1. Enabling EAPS Globally via CLI

DmSwitch 3000(config)#eaps
138
Disabling EAPS Globally
Disabling EAPS Globally via Web
• Open LAYER 2 - EAPS - EAPS Global Configuration. Unmark EAPS globally
enabled for the switch. Click Apply.
Disabling EAPS Globally via CLI

• The next example illustrates how to disable an EAPS globally via CLI.
Example 16-2. Disabling EAPS Globally via CLI

DmSwitch 3000(config)#no eaps
139
Creating an EAPS Domain
The name parameter is a character string of up to 32 characters that identifies the EAPS domain to be
created. EAPS domain names and VLAN names must be unique. Do not use the same name string to
identify both an EAPS domain and a VLAN.
Creating an EAPS via Web
• Open LAYER 2 - EAPS - EAPS Domain Configuration. Mark Create a new
domain and put the name of the new domain in the text box. Click Apply.
Creating an EAPS via CLI

• The next example illustrates how to create an EAPS via CLI.
Example 16-3. Creating an EAPS via CLI

DmSwitch 3000(config)#eaps Datacom
140
Deleting an EAPS Domain
Using the following command you will be able to delete EAPS.
Deleting an EAPS via Web
• Open LAYER 2 - EAPS - EAPS Domain Configuration. Select the domain to remove,
mark Remove this domain and click Apply.
Deleting an EAPS via CLI

• The next example illustrates how to delete an EAPS via CLI.
Example 16-4. Deleting an EAPS via CLI

DmSwitch 3000(config)#no eaps Datacom
141
Enabling EAPS for Domain
Using the following command you will be able to enable EAPS. EDP must be enabled on the switch and
EAPS ring ports.
Enabling EAPS for Domain via Web
• Open LAYER 2 - EAPS - EAPS Domain Configuration. Select the domain you want to
enable, mark Enabled for Domain Operation. Click Apply.
Enabling EAPS for Domain via CLI

• The next example illustrates how to enable EAPS for domain via CLI.
Example 16-5. Enabling EAPS for Domain via CLI

DmSwitch 3000(config)#eaps Datacom enable
142
Disabling EAPS for Domain
Using the following command you will be able to disable EAPS for domain. Select the domain you want
to disable, unmark Enabled for Domain Operation. Click Apply.
Disabling EAPS for Domain via Web
disable, unmark Enabled for Domain Operation. Click Apply.
Disabling EAPS for Domain via CLI

• The next example illustrates how to disable EAPS for Domain via CLI.
Example 16-6. Disabling EAPS for Domain via CLI

DmSwitch 3000(config)#eaps Datacom disable
143
Adding a Control VLAN
You must configure one control VLAN for each EAPS domain. The control VLAN is used only to send
and receive EAPS messages.
The VLAN that will act as the control VLAN must be configured as follows:
• The VLAN must NOT be assigned an IP address, to avoid loops in the network.
• Only ring ports may be added as members of the control VLAN.
• The ring ports of the control VLAN must be tagged. This ensures that EAPS control VLAN traffic is
serviced before any other traffic and that control VLAN messages reach their intended destinations.
• The control VLAN must be assigned a QoS profile of QP8 with the QoS profile priority setting
HighHi.
A control VLAN cannot belong to more that one EAPS domain.

Adding a Control VLAN via Web
configure. Choose a VLAN in Control VLAN. Click Apply.
Adding a Control VLAN via CLI

• The next example illustrates how to add a control VLAN via CLI.
Example 16-7. Adding a Control VLAN via CLI

DmSwitch 3000#configure
DmSwitch 3000(config)#interface vlan 10
DmSwitch 3000(config-if-vlan-10)#exit
DmSwitch 3000(config)#eaps Datacom
DmSwitch 3000(config)#eaps Datacom control-vlan id 10
144
Deleting a Control VLAN
Using the following command you will be able to delete a control VLAN.
Deleting a Control VLAN via Web
configure. Choose (none) in Control VLAN. Click Apply.
Deleting a Control VLAN via CLI

• The next example illustrates how to delete a Control VLAN via CLI.
Example 16-8. Deleting a Control VLAN via CLI

DmSwitch 3000(config)#no eaps Datacom control-vlan
145
Adding a Protected VLAN
You must configure one or more protected VLANs for each EAPS domain. The protected VLANs are the
data-carrying VLANs.
When you configure the VLAN that will act as a protected VLAN, the ring ports of the protected VLAN
must be tagged (except in the case of the default VLAN). As long as the ring is complete, the master node
blocks the protected VLANs on its secondary port.
Adding a Protected VLAN via Web
configure. Choose a VLAN ID in Protected VLANs. Click Add.
Adding a Protected VLAN via CLI

• The next example illustrates how to add a Protected VLAN via CLI.
Example 16-9. Adding a Protected VLAN via CLI

DmSwitch 3000(config)#eaps Datacom protected-vlans id 11
DmSwitch 3000(config)#eaps Datacom protected-vlans id 12
146
Deleting a Protected VLAN
Using the following command you will be able to delete a protected VLAN.
Deleting a Protected VLAN via Web
configure. Choose a VLAN ID in Protected VLANs. Click Remove.
Deleting a Protected VLAN via CLI

• The next example illustrates how to delete a Protected VLAN via CLI.
Example 16-10. Deleting a Protected VLAN via CLI

DmSwitch 3000(config)#no eaps Datacom protected-vlans id 11
147
Configuring Failtime
Use the failtime keyword and its associated seconds parameter to specify the amount of time the
master node waits before declaring a failed state and opens the logically blocked VLANs on the secondary
port. seconds must be greater than the configured value for hellotime. The default value is three
seconds.
Increasing the failtime value provides more protection against frequent "flapping" between the com-
plete state and the failed state by waiting long enough to receive a health-check packet when the network
is congested.
When the master node declared a failed state, it also flushes its forwarding database (FDB) and sends a
"flush FDB" message to all the transit switches on the ring by way of the control VLAN. The reason for
flushing the FDB is so that the switches can relearn the new directions to reach layer 2 end stations via
the reconfigured topology.
Configuring Failtime via Web
configure. Put the new value in Fail timer interval and click Apply.
Configuring Failtime via CLI

• The next example illustrates how to configure failtime via CLI.
Example 16-11. Configuring Failtime via CLI

DmSwitch 3000(config)#eaps Datacom failtime 5
148
Configuring Hellotime
Use hellotime keyword and its associated seconds parameter to specify the amount of time the
master node waits between transmissions of health-check packets on the control VLAN. Increasing the
hellotime value keeps the processor from sending and processing too many health-check packets.
Increasing the hellotime value should not affect the network convergence time, because transit nodes
are already sending "link down" notifications.
This command applies only to the master node. If you configure the polling timers for a transit node, they
will be ignored. If you later reconfigure that transit node as the master node, the polling timer values will
be used as the current values.
Configuring Hellotime via Web
configure. Put the new value in Hello timer interval and click Apply.
Configuring Hellotime via CLI

• The next example illustrates how to configure hellotime via CLI.
Example 16-12. Configuring Hellotime via CLI

DmSwitch 3000(config)#eaps Datacom hellotime 2
149
Configuring EAPS Mode
Using the following command you will be able to set the EAPS mode of the node.
Configuring EAPS Mode via Web
configure. Mark Master or Transit for Mode for the domain and click Apply.
Configuring EAPS Mode as Master via CLI

• The next example illustrates how to configure EAPS mode via CLI.
Example 16-13. Configuring EAPS Mode as Master via CLI

DmSwitch 3000(config)#eaps Datacom mode master
Configuring EAPS Mode as Transit via CLI

• The next example illustrates how to configure EAPS mode via CLI.
Example 16-14. Configuring EAPS Mode as Transit via CLI

DmSwitch 3000(config)#eaps Datacom mode transit
150
Configuring EAPS Port
Each node on the ring connects through two ring ports. One port must be configured as the primary port;
the other must be configured as the secondary port.
Configuring EAPS Port via Web
configure. For both ports, select in Primary Port and Secondary Port the Unit and Port or
Port-Channel. Click Apply.
Configuring EAPS Port via CLI

• The next example illustrates how to configure EAPS port via CLI.
Example 16-15. Configuring EAPS Port via CLI

DmSwitch 3000(config)#eaps Datacom port primary ethernet 15
DmSwitch 3000(config)#eaps Datacom port secondary ethernet 16
151
Removing EAPS Port Configuration
Unconfiguring an EAPS port sets its internal configuration state to INVALID, which causes the port to
appear in the Idle state with a port status of Unknown when you use the show eaps detail command
to display the status information about the port.
Removing EAPS Port Configuration via Web
• Open LAYER 2 - EAPS - EAPS Domain Configuration. Select the domain you want
to configure. For both ports, just select (none) for Port and Port-Channel in Primary Port or
Secondary Port to remove the configuration.
Removing EAPS Port Configuration via CLI

• The next example illustrates how to remove EAPS Port configuration via CLI.
Example 16-16. Removing EAPS Port Configuration via CLI

DmSwitch 3000(config)#no eaps Datacom port primary
DmSwitch 3000(config)#no eaps Datacom port secondary
152
Configuring EAPS Name
Using the following command you will be able to rename an existing EAPS domain.
Configuring EAPS Name via Web
configure. Mark Rename the domain and insert the new domain name in the text box.
Configuring EAPS Name via CLI

• The next example illustrates how to configure EAPS name via CLI.
Example 16-17. Configuring EAPS Name via CLI

DmSwitch 3000(config)#eaps Datacom name Datacom2
153
Displaying EAPS Summary
Displays EAPS domains and associated info such as Domain Name, Domain State, EAPS Mode, Enabled
State, Control VLAN and VLAN ID and the Number of Protect VLANs in the domain. This is helpful
when viewing the status info for large number of EAPS domains quickly.
Displaying EAPS Summary via CLI
• The next example illustrates how to Display EAPS Summary via CLI.
Example 16-18. Displaying EAPS Summary via CLI

DmSwitch 3000(config)#show eaps
EAPS Enabled: Yes
Domain State M E Pri Sec Ctrl Protected#

--------------- --------------- --- --- ----- ----- ------ -----------
Datacom Idle T N - - 10 2
154
Displaying EAPS Information
If you enter show eaps command without a keyword, the command displays less than with the detail
keyword.
Use the optional domain name parameter to display status information for a specific EAPS domain.
The output displayed by this command depends on whether the node is a transit node or a master node.
The display for a transit node contains information fields that are not shown for a master node. Also, some
state values are different on a transit node than on a master node.
Displaying EAPS Information via Web
• Open LAYER 2 - EAPS - EAPS Domain Configuration. Select the Domain Name to see
the configuration.
Displaying EAPS Information via CLI

• The next example illustrates how to display EAPS information via CLI.
Example 16-19. Displaying EAPS Information via CLI

DmSwitch 3000(config)#show eaps detail
EAPS Enabled: Yes
Domain Name: Datacom

State: Idle
Enabled: No Mode: Transit
Hello Timer interval: 1 sec
Fail Timer interval: 3 sec
Pre-forwarding Timer: 6 sec (learned) Remaining: 0 sec
Last update from: (none)
Primary port: (not configured)
Secondary port: (not configured)
Control VLAN ID: 10
Protected VLANs IDs: 11-12
155
Chapter 17. Class of Service Configuration
Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is
buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each
port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority
queues. You can set the default priority for each interface, and configure the mapping of frame priority
tags to the switch’s priority queues.
Setting the Default Priority for Interfaces

You can specify the default port priority for each interface on the switch. All untagged packets entering
the switch are tagged with the specified default port priority, and are sorted into the appropriate priority
queue at the output port.
Command Usage
• This switch provides eight priority queues for each port. It uses Weighted Round Robin to prevent
head-of-queues blockage.
• The default priority applies for an untagged frame received on a port set to accept all frame types (i.e,
receives both untagged frames). This priority does not apply to IEEE 802.1Q VLAN tagged frames. If
the incoming frame is an IEEE 802.1Q VLAN tagged frame, the IEEE 802.1p User Priority bits will
be used.
• If the output port is an untagged member of the associated VLAN, these frames are stripped of all
VLAN tags prior to transmission.
Command Attributes
• Default Priority * - The priority that is assigned to untagged frames received on the specified
interface. (Range: 0-7; Default: 0)
• Number of Egress Traffic Classes - The number of queue buffers provided for each port.
* CLI displays this information as "Priority for untagged traffic."
Setting the Default Port Priority via Web

• Open Priority - Default Port Priority, modify the default priority for any interface and
then click Apply.
156
Chapter 17. Setting the Default Priority for Interfaces
Figure 17-1. Setting the Default Port Priority via Web
Setting the Default Port Priority via CLI

• The next example show how to set the default port priority of 5 to port 2 via CLI.
Example 17-1. Setting the Default Port Priority via CLI

DmSwitch 3000(config)#interface ethernet 1/2
DmSwitch 3000(config-if-eth-1/2)#switchport priority default 5
DmSwitch 3000(config-if-eth-1/2)#end
DmSwitch 3000#show interfaces switchport ethernet 1/2
Broadcast threshold: Enabled, 500 packets/second
MTU: 9198 bytes
Ingress rate limit: Disabled
Egress rate limit: Disabled
Ingress Rule: Disabled
Acceptable frame type: All frames
Native VLAN: 1
Priority for untagged traffic: 5
GVRP status: Disabled
Protocol VLAN:
Allowed VLAN: 1(u)
Forbidden VLAN:
QinQ mode: External
TPID: 0x8100
DmSwitch 3000#
157
Mapping CoS Values to Egress Queues
This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each
port, with service schedules based on Strict Priority(SP), Round Robin (a exception of WRR), Weighted
Round Robin (WRR) and Weighted Fair Queuing (WFQ). Up to eight separate traffic priorities are defined
in IEEE 802.1p. The default priority levels are assigned according to recommendations in the IEEE 802.1p
standard as shown in the following table.
Table 17-1. Mapping CoS Priority Values to Egress Queues
Queue 1 2 3 4 5 6 7 8
Priority 0 1 2 3 4 5 6 7
The priority levels recommended in the IEEE 802.1p standard for various network applications are shown
in the following table. However, you can map the priority levels to the switch’s output queues in any way
that benefits application traffic for your own network.
Table 17-2. Priority Level Descriptions
Priority Level Traffic Type

1 Background
2 (Spare)
0 (default) Best Effort
3 Excellent Effort
4 Controlled Load
5 Video, less than 100 milliseconds latency and jitter
6 Voice, less than 10 milliseconds latency and jitter
7 Network Control
Command Attributes
• Priority - CoS value. (Range: 0-7, where 7 is the highest priority)
• Traffic Class * - Output queue buffer. (Range: 1-8, where 8 is the highest CoS priority queue)
* CLI shows Queue ID.
Mapping CoS Values to Egress Queues via Web

• Open Priority - Traffic Classes. Assign priorities to the traffic classes and then click Ap-
ply.
158
Chapter 17. Mapping CoS Values to Egress Queues
Figure 17-2. Mapping CoS Values to Egress Queues via Web
Mapping CoS Values to Egress Queues via CLI

• The next example shows how to change the CoS assignments via CLI.
Example 17-2. Mapping CoS Values to Egress Queues via CLI

DmSwitch 3000(config)#qos cos-map 6 priority 2 3 4 5 6
DmSwitch 3000#show qos cos-map
-------+-----------------+
Queue | 802.1P Priority |
-------+-----------------+
1 | 0 |
2 | 1 |
3 | |
4 | |
5 | |
6 | 2 3 4 5 6 |
7 | |
8 | 7 |
-------+-----------------+
DmSwitch 3000#
159
Selecting the Queue Mode
Once packets are mapped into CoS queues, they are forwarded depending upon the scheduling algorithm
selected. The five possible configurations are:
• Strict Priority (SP)

• Round-Robin (RR)
• Weighted Round-Robin (WRR)
• Weighted Fair Queuing (WFQ)
• Combination Queuing:
• SP + RR
• SP + WRR
• SP + WFQ
• SP - Strict Priority services the egress queues in sequential order. Any packets residing in the higher
priority queues are transmitted first. Only when these queues are empty, packets of the next lower
priority are allowed to be transmitted.
• RR - Round-Robin is a particular case from the Weighted Round-Robin mode (all the queues with
weight one ). In this configuration packets in each of the CoS queues have an equal opportunity to
send packets. Even though several packets may be available in a higher-priority queue, it will only be
allowed to send a packet after all the other queues get their chance.
• WRR - Weighted Round-Robin shares bandwidth at the egress ports by using the queue configured
weights. All queues are programmed with weights according to desired packet distribution. The unit
of the weights is one packet, not depending the packet size. The bandwidth distribution between two
queues weighted by one and nine is not, necessarily, 10% and 90%. The distribution will be one packet
to the first queue for nine packets to the second queue.
• WFQ - Weighted Fair Queuing scheduler mode provides a certain bandwidth minimum to all queues.
Configured guaranteed bandwidth is first supplied per queue and any ramaining badwidth up to the
configured maximum bandwidth is distributed in round-robin fashion.
In any schedule mode, one or more queues can be seted as strict priority queue (Combination Queuing).
This queues always will have their packets transmitted first, until it get empty. After that others queues
will have their chance according to the schedule mode rules.
Selecting the Queue Mode via CLI
• The next examples shows how to select the schedule mode via CLI.
160
Chapter 17. Selecting the Queue Mode
Example 17-3. Selecting the WRR Schedule Mode via CLI

DmSwitch 3000(config)#qos sched-mode wrr unit 1 ethernet 1to8 queue-weights 1
4 sp 2 6 8 sp 14
DmSwitch 3000(config)#exit
DmSwitch 3000(config)#show qos config ethernet 1/1
------+-------+------+--------+--------+--------+----------+-----------+
PORT | QUEUE | MODE | MAX-BW | MIN-BW | WEIGHT | SP-QUEUE | WFQ-PRIOS |
------+-------+------+--------+--------+--------+----------+
1/ 1 | 1 | WRR | unlimi | ------ | 1 | NO |
1/ 1 | 2 | WRR | unlimi | ------ | 4 | NO |
1/ 1 | 3 | WRR | unlimi | ------ | 0 | YES |
1/ 1 | 4 | WRR | unlimi | ------ | 2 | NO |
1/ 1 | 5 | WRR | unlimi | ------ | 6 | NO |
1/ 1 | 6 | WRR | unlimi | ------ | 8 | NO |
1/ 1 | 7 | WRR | unlimi | ------ | 0 | YES |
1/ 1 | 8 | WRR | unlimi | ------ | 14 | NO |
------+-------+------+--------+--------+--------+----------+
Example 17-4. Selecting the WFQ Schedule Mode via CLI

DmSwitch 3000(config)#qos sched-mode wfq unit 1 ethernet 9to16 min-bw sp
2000 3000 4000 5000 sp 7000 8000
DmSwitch 3000(config)#show qos config ethernet 1/9
------+-------+------+--------+--------+--------+----------+
PORT | QUEUE | MODE | MAX-BW | MIN-BW | WEIGHT | SP-QUEUE |
------+-------+------+--------+--------+--------+----------+
1/ 9 | 1 | WFQ | unlimi | ------ | -- | YES |
1/ 9 | 2 | WFQ | unlimi | 2048 | -- | NO |
1/ 9 | 3 | WFQ | unlimi | 3008 | -- | NO |
1/ 9 | 4 | WFQ | unlimi | 4032 | -- | NO |
1/ 9 | 5 | WFQ | unlimi | 5056 | -- | NO |
1/ 9 | 6 | WFQ | unlimi | ------ | -- | YES |
1/ 9 | 7 | WFQ | unlimi | 7040 | -- | NO |
1/ 9 | 8 | WFQ | unlimi | 8000 | -- | NO |
------+-------+------+--------+--------+--------+----------+
161
Setting the Maximum Bandwidth for CoS Queues
This switch can limit the bandwidth in the egress port queues. This setting, unlike the port schedule mode
that must be configured by groups, can assume diferentre values per port per queue. This value is always
respected independent of the selected schedule mode or minimum bandwidth.
Setting the Maximum Bandwidth for CoS queues via CLI
• The next example shows how to set the maximum bandwidth to a port via CLI.
Example 17-5. Setting the Service Weight for Traffic Classes via CLI
DmSwitch 3000(config)#qos max-bw 10000 unlimited 30000 40000 50000 60000
unlimited unlimited ethernet 1/20
DmSwitch 3000(config)#show qos config ethernet 20
------+-------+------+--------+--------+--------+----------+
PORT | QUEUE | MODE | MAX-BW | MIN-BW | WEIGHT | SP-QUEUE |
------+-------+------+--------+--------+--------+----------+
1/20 | 1 | WRR | 10048 | ------ | 1 | NO |
1/20 | 2 | WRR | unlimi | ------ | 2 | NO |
1/20 | 3 | WRR | 30016 | ------ | 4 | NO |
1/20 | 4 | WRR | 40000 | ------ | 6 | NO |
1/20 | 5 | WRR | 50048 | ------ | 8 | NO |
1/20 | 6 | WRR | 60032 | ------ | 10 | NO |
1/20 | 7 | WRR | unlimi | ------ | 12 | NO |
1/20 | 8 | WRR | unlimi | ------ | 14 | NO |
------+-------+------+--------+--------+--------+----------+
DmSwitch 3000#
162
Loading Auto-QoS Configuration
This switch uses the Strict Priority (SP) algorithm as the schedule mode of auto-QoS. Enabling auto-QoS,
filters are created and CoS Precedences assigned based on DSCP label on the ingress packets to reproduce
in the egress queues a behavior as described in the following table.
Table 17-3. Traffic Types, Packet Labels and Egress Queues
Traffic Flow DSCP CoS Precedence Egress Queue

STP BPDU 56 7 7
Routing Protocol 48 6 6
VoIP Data 46 5 5
Real-Time Video 32 4 4
VoIP Control 24, 26 3 3
All Other - 2, 1, 0 2, 1, 0
Enabling Auto-QoS via CLI

• The next example shows how to load the Auto-QoS configuration via CLI.
Example 17-6. Enabling Auto-QoS via CLI

DmSwitch 3000(config)#queue auto-qos
DmSwitch 3000(config)#filter new remark auto_qos match dscp 0 action 802.1p 0
ingress ethernet all priority 14
Filter 1 created.
Filter 2 created.
Filter 3 created.
Filter 4 created.
Filter 5 created.
Filter 6 created.
Filter 7 created.
Filter 8 created.
Filter 9 created.
DmSwitch 3000(config)#queue cos-map 0 0
163
Chapter 17. Loading Auto-QoS Configuration

DmSwitch 3000(config)#queue mode strict
DmSwitch 3000(config)#queue auto-qos
DmSwitch 3000#
164
Chapter 18. Packet Filters
In this chapter will be shown how to create packet filters. Some examples will be given showing that are
more than one way to create the same filter because some parameters have no order of precedence. This
chapter purpose is to give you an overview of what can be done to control packet flow through the switch.
Note: This switch can work with at most 1280 filters.
165
Figure 18-1. This figure gives an idea of the protocol parts that are analysed by the filters.
Displaying Filter Information

Command Attributes
• Action Type - Show filters by action type.
• Monitor - Show filters with monitoring actions.
166
Chapter 18. Displaying Filter Information
• QoS - Show filters with QoS actions.

• Security - Show filters with security actions.
• VLAN - Show filters with VLAN actions.
• Ingress - Show filters by ingress port.
• ID - Show filter selecting by their ID.
• Sort Remark - Show filters sorted by their remark.
• State - Show filters enabled or disabled.
Displaying Filter Information via CLI

• The next example shows a few commands used to display filter information via CLI.
Example 18-1. Displaying Filter Information via CLI

DmSwitch 3000#show filter action-type monitor
Filter 7: enabled, priority 8
Actions: monitor
Matches: All packets
Ingress:

Actions: monitor
Ingress: Eth1/10
DmSwitch 3000#show filter action-type qos

Actions: 802.1p 2
Ingress:
Filter 15: disabled, priority 8

Actions: 802.1p-from-tos
Ingress:

Actions: drop-precedence
Ingress:
DmSwitch 3000#show filter action-type security

Actions: permit
Matches: source-ip 192.168.10.0 255.255.255.0
Ingress:

Actions: permit
Matches: source-mac 00-01-00-00-01-00 00-FF-00-00-FF-00
Ingress:

Actions: permit
Matches: source-port 22
Ingress:
DmSwitch 3000#show filter action-type vlan

167
Chapter 18. Displaying Filter Information
Actions: vlan 5
Ingress:
DmSwitch 3000#show filter id 20

Actions: dscp 60
Ingress:
DmSwitch 3000#show filter ingress ethernet 10

Actions: deny
Ingress: Eth1/10
DmSwitch 3000#show filter state disabled

Actions: monitor
Ingress:

Actions: 802.1p 2
Ingress:
DmSwitch 3000#
168
Creating and Editing Filters
Command Attributes
• New - Creates a new filter.
• ID - Selects a filter to edit by its ID.
Filter Matching
Command Attributes
• 802.1p - Make the switch find matches by 802.1p priority.
• All - Matches all traffic. (Default option for new filters)
• Destination IP - Find matches by packet destination IP address.
• Destionation MAC - Find matches by packet destination MAC address.
• Destionation Port - Find matches by packet destination Port.
• DSCP - Matches by IP DSCP field.
• Ethertype - Selects packets by EtherType field.
• Protocol - Matches by L4 protocol from IP type field.
• Source IP - Find matches by packet source IP address.
• Source MAC - Find matches by packet source MAC address.
• Source Port - Find matches by packet source Port.
• ToS Bits - Selects packets by IP ToS lower bits value.
• ToS Precedence - Matches by IP ToS Precedence.
• VLAN - The switch will find matches based on the VLAN ID specified.
Matching by 802.1p priority value

Creating a filter via CLI which matches packets with 802.1p priority
• The next example show how to create a filter via CLI which matches packets with 802.1p priority.
Example 18-2. Creating a filter via CLI which matches packets with 802.1p priority.
DmSwitch 3000(config)#filter new match 802.1p 3 action permit
Filter 1 created.
169
Matching all packets
Creating a filter via CLI which matches all packets
• The next example show how to create a filter via CLI which matches all packets.
Example 18-3. Creating a filter via CLI which matches all packets.
DmSwitch 3000(config)#filter new match all action permit
Filter 2 created.
170
Matching by destination IP
Creating a filter via CLI which matches packets by their destination/source IP
• The next example show how to create a filter via CLI which matches packets by their destination IP.
Example 18-4. Creating a filter via CLI which matches packets by their destination IP.
DmSwitch 3000(config)#filter new match destination-ip 192.168.10.0 255.255.255.0 action permit
Filter 3 created.
171
Matching by destination/source MAC address
Creating a filter via CLI which matches packets by their destination MAC address
• The next example show how to create a filter via CLI which matches packets by their destination MAC
address. Followed by the MAC address, a bitmask must be supplied. In this example, all traffic from
the products of DATACOM manufacturer (00-04-DF) will be accepted by the switch.
Example 18-5. Matching by destination MAC address.

DmSwitch 3000(config)#filter new match source-mac 00-04-DF-00-00-00 FF-FF-FF-00-00-00
action permit ingress ethernet all
Filter 4 created.
172
Matching by destination/source port
Creating a filter via CLI which matches packets by their destination port
• The next example show how to create a filter via CLI which matches packets by their destination port.
Example 18-6. Creating a filter via CLI which matches packets by their destination port.
DmSwitch 3000(config)#filter new match destination-port 0-22 action permit
Filter 5 created.
173
Matching by IP DSCP field
Creating a filter via CLI which matches packets by their IP DSCP field
• The next example show how to create a filter via CLI which matches packets by their IP DSCP field
Example 18-7. Creating a filter via CLI which matches packets by their IP DSCP field
DmSwitch 3000(config)#filter new match dscp 60 action permit
Filter 6 created.
174
Selecting packets by EtherType field
Creating a filter via CLI that selects packets by EtherType field
• The next example show how to create a filter via CLI that selects packets by EtherType field. This filter
permits IPv6 (0x86DD) traffic.
Example 18-8. Creating a filter via CLI that selects packets by EtherType field.
DmSwitch 3000(config)#filter new match ethertype 0x86DD action permit
Filter 7 created.
175
Matching by L4 protocol
Creating a filter via CLI that matches by L4 protocol
• The next example show how to create a filter via CLI that matches by L4 protocol. In this filter, the IP
type field will be used to match.
Example 18-9. Creating a filter via CLI that matches by L4 protocol.

DmSwitch 3000(config)#filter new match protocol 22 action permit
Filter 8 created.
176
Selecting packets by IP ToS lower bits
Creating a filter via CLI that selects packets by IP ToS lower bits
• The next example show how to create a filter via CLI that selects packets by its IP ToS lower bits with
value 12.
Example 18-10. Creating a filter via CLI that selects packets by IP ToS lower bits.
DmSwitch 3000(config)#filter new match tos-bits 12 action permit
Filter 9 created.
177
Matching by IP ToS Precedence
Creating a filter via CLI that matches packets by IP ToS Precedence
• The next example show how to create a filter via CLI that matches packets by IP ToS Precedence.
Example 18-11. Creating a filter via CLI that matches packets by IP ToS Precedence.
DmSwitch 3000(config)#filter new match tos-precedence 5 action permit
Filter 10 created.
178
Selecting traffic by packet VLAN ID
Creating a filter via CLI which selects traffic by packet VLAN ID
• The next example show how to create a filter via CLI which selects traffic by packet VLAN ID.
Example 18-12. Creating a filter via CLI which selects traffic by packet VLAN ID.
DmSwitch 3000(config)#filter new match vlan 5 action permit
Filter 11 created.
179
Filtering Actions
Command Attributes
• Permit - Gives permission for some kind of traffic.
• Deny - Denies traffic.
• Monitor - Monitors packets.
• 802.1p - Sets a 802.1p priority value.
• 802.1p from ToS - Sets a 802.1p priority from IP ToS Precedence.
• Drop Precedence - Internally sets packet drop precedence.
• DSCP - Sets Differentiated Services Code Point.
• ToS - Sets IP ToS Precedence value.
• ToS from 802.1p - Sets IP ToS Precedence from 802.1p priority.
• VLAN - Sets the defined VLAN ID to the packet.
Giving Permission
Creating a filter via CLI that gives permission
• The next example show how to create a filter via CLI that gives permission.
Example 18-13. Creating a filter via CLI that gives permission.

DmSwitch 3000(config)#filter new match destination-ip 192.168.200.254 255.255.255.0 action
permit
Filter 12 created.
is the same as
DmSwitch 3000(config)#filter new enable match destination-ip 192.168.200.254 255.255.255.0
action permit
Filter 12 created.
and you can create it disabled with the following command

DmSwitch 3000(config)#filter new disable match destination-ip 192.168.200.254 255.255.255.0
action permit
Filter 12 created.
180
Revoking Access
Creating a filter via CLI that denies traffic
• The next example show how to create a filter via CLI that denies traffic.
Example 18-14. Creating a filter via CLI that denies traffic.

DmSwitch 3000(config)#filter new match 802.1p 3 action deny
Filter 13 created.
181
Monitoring Traffic
Creating a filter via CLI to monitor traffic
• The next example show how to create a filter via CLI to monitor traffic. In this example, packets coming
from ethernet 1 will me monitored to ethernet 12.
Example 18-15. Creating a filter via CLI to monitor traffic

DmSwitch 3000(config)#filter new action monitor ingress ethernet 1
Filter 14 created.
DmSwitch 3000(config)#monitor destination 12
182
Setting 802.1p Priority Value
Creating a filter via CLI with a 802.1p priority value
• The next example show how to create a filter via CLI with a 802.1p priority value.
Example 18-16. Creating a filter via CLI with a 802.1p priority value.
DmSwitch 3000(config)#filter match ethertype 0x0800 action 802.1p 2
Filter 15 created.
183
Setting 802.1p Priority from IP ToS Precedence
Creating a filter via CLI with a 802.1p priority from IP ToS Precedence
• The next example show how to create a filter via CLI which sets the 802.1p priority value derived from
the IP ToS Precedence table.
Example 18-17. Creating a filter via CLI with a 802.1p priority from IP ToS Precedence.
DmSwitch 3000(config)#filter new match destination-port 22 action 802.1p-from-tos
Filter 16 created.
184
Dropping Precedence
Creating a filter via CLI for packet drop precedence
• The next example show how to create a filter via CLI for packet drop precedence.
Example 18-18. Creating a filter via CLI for packet drop precedence.
DmSwitch 3000(config)#filter match dscp 33 new action drop-precedence
Filter 17 created.
185
Setting Differentiated Services Code Point
Creating a filter via CLI with Differentiated Services Code Point
• The next example show how to create a filter via CLI with Differentiated Services Code Point.
Example 18-19. Creating a filter via CLI with Differentiated Services Code Point.
DmSwitch 3000(config)#filter new match protocol tcp action dscp 60
Filter 18 created.
186
Setting IP ToS Precedence value
The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different
priority levels ranging from highest priority for network control packets to lowest priority for routine traf-
fic. The default IP Precedence values are mapped one-to-one to Class of Service values (i.e., Precedence
value 0 maps to CoS value 0, and so forth). Bits 6 and 7 are used for network control, and the other bits
for various application types. ToS bits are defined in the following table.
Table 18-1. Mapping IP Precedence
Priority Level Traffic Type

7 Network Control
6 Internetwork Control
5 Critical
4 Flash Override
3 Flash
2 Immediate
1 Priority
0 Routine
Creating a filter via CLI with IP ToS Precedence value

• The next example show how to create a filter via CLI with IP ToS Precedence value.
Example 18-20. Creating a filter via CLI with IP ToS Precedence value.
DmSwitch 3000(config)#filter new match source-port 80 action tos 2
Filter 19 created.
187
Setting IP ToS Precedence from 802.1p Priority
Creating a filter via CLI with IP ToS Precedence from 802.1p priority
• The next example show how to creating a filter via CLI with IP ToS Precedence from 802.1p priority.
Example 18-21. Creating a filter via CLI with IP ToS Precedence from 802.1p priority.
DmSwitch 3000(config)#filter new match 802.1p 1 action tos-from-802.1p
Filter 20 created.
188
Setting a VLAN ID to a packet
Creating a filter via CLI that sets packet VLAN ID
• The next example show how to create a filter via CLI that sets packet VLAN ID.
Example 18-22. Creating a filter via CLI that sets packet VLAN ID.
DmSwitch 3000(config)#filter new match vlan 2 action vlan 5
Filter 21 created.
189
Filtering Ingress
Command Attributes
• Ingress Ethernet - Defines from where the packets will come. (Default: none)
Creating a filter via CLI that gives permission to a packet selecting it by its ingress port
• The next example show how to create a filter via CLI that allows packets coming from ethernet 10.
Example 18-23. Creating a filter via CLI that selects packets by its ingress port.
DmSwitch 3000(config)#filter new action permit ingress ethernet 10
Filter 22 created.
Creating a filter via CLI that denies packets coming from a defined port
• The next example show how to create a filter via CLI that denies packets coming from ethernet 10.
Example 18-24. Creating a filter via CLI that selects packets by its ingress port.
DmSwitch 3000(config)#filter new action deny ingress ethernet 10
Filter 23 created.
190
Remarked Filters
Command Attributes
• Remark - Adds a remark or a descriptive text to the filter.
Creating a remarked filter via CLI

• The next example show how to create a remarked filter via CLI.
Example 18-25. Creating a remarked filter via CLI

DmSwitch 3000(config)#filter new remark my_new_filter action permit
Filter 24 created.
191
Setting Priorities to Filters
The act of setting priorities is basically used to solve problems with filters with the same matches and
conflicting actions. For example, if you have two filters with matches for an IP packet with actions of
deny and permit respectively then the only the filter with the higher priority will be applied. The range of
priorities varies between 0 and 14 and the higher value the higher will be the priority set to the filter.
Command Attributes
• Priority - Adds a priority to a filter.
Creating filters via CLI and setting their priority

• The next example show how to solve problems between filters with conflicting actions. The first created
filter will permit all traffic based on the IP protocol to be forwarded. The second filter will deny traffic
with IP destination address 192.168.0.1. A packet with this IP destination will match both filters and
there will be two conflicting actions for this packet. In this example, the conflict is solved by setting
priorities to these filters. The actions within the filter with the highest priority will be applied to this
packet.
Example 18-26. Creating a filter with a priority set via CLI

DmSwitch 3000(config)#filter new match ethertype 0x0800 action permit
Filter 25 created.
DmSwitch 3000(config)#filter new match destination-ip 192.168.0.1 255.255.255.255 action deny
Filter 26 created.
DmSwitch 3000(config)#filter 4 priority 12
DmSwitch 3000(config)#filter 3 priority 10
192
Chapter 19. IGMP
This chapter describes the advantages of using multicast and how to configure Internet Group Manage-
ment Protocol (IGMP) snooping and query on the DmSwitch 3000.
Multicast is a feature that allows a more efficient use of real-time applications such as streaming video
or videoconferecing on the network. There are typically three types of transmission techniques used to
implement this kind of applications: broadcast, unicast and multicast.
In the broadcast scenario, the streaming server sends only one copy of the stream to all hosts on the
network. In this case, traffic will be sent even to clients that are not interested in receiving the data stream,
generating waste of bandwidth.
Figure 19-1. Broadcast Traffic
193
Chapter 19. IGMP
In the unicast scenario, we usually have a streaming server that sends packets to all desired clients on the
network. In this case, multiple copies of the same data streaming are sent separately from the server to
each client. Note that this approach leads to a traffic overload on the server link as the number of clients
grows.
Figure 19-2. Replicated Unicast Traffic
In the multicast scenario, the streaming server does not have to establish a separate connection with each
client, it simply registers its multicast service with the local switch and starts to send the data stream.
The clients equally register with the local switch or router its multicast group and start to receive the data
stream. IGMP can be used in order to do the registration task on the network.
194
Figure 19-3. Multicast Traffic
The IGMP snooping feature allows the switch to snoop on multicast group membership reports sent
by multicast clients and servers to the multicast router, so it can forward traffic only to the registered
interfaces, alleviating the load on the server link and improving the overall network performance.
If there is no multicast routing on other router/switches in the network, this switch can also act as an
IGMP Snooping and Querier, in order to actively discover multicast clients on the network and establish
an efficient multicast topology. Acting as a querier, the switch sends IGMP queries in order to discover
where are the multicast clients. A static IGMP router interface can also be configured on a port, indicating
the presence of a multicast router/switch querier on the network. Static multicast entries can also be
entered, allowing a more strict control over the multicast registration procedure.
This switch supports the following IGMP features:
• IGMP versions 1, 2 and 3
• IGMP Snooping
• IGMP Snooping and Querier
195
Configuring IGMP
This switch can be configured to snoop IGMP membership report messages. You can additionally config-
ure it to act as a IGMP querier. Use the querier option when there is no other querier on the network or
when using a backup querier scheme.
Configuring IGMP Snooping and Querier
Command Attributes
• IGMP Status - Enables/Disables the IGMP Snooping option on the switch.
• Querier Status - Choose if the switch will act as a IGMP Snooping and Querier.
• IGMP Query Count (2-10) - Sets the number of queries without response the switch waits be-
fore removing the multicast entries from its forwarding table.
• IGMP Query Interval (60-125) - Sets the time interval between sending queries.
• IGMP Report Delay (5-25) - Set the maximum response time a host waits before replying with
a membership report to a querier.
• IGMP Query Timeout (300-500) - Sets the time interval the switch waits for a query before
removing the mrouter entry from its forwarding table.
• IGMP Version(1,2,3) - Sets the IGMP version used by the switch.
• IGMP Query IP Address - Sets the IP address used by the switch when sending IGMP queries.
* Note: In some cases where more than one switch is configured as querier on the network, the switch with the lowest IP address will
be elected as querier. When the IGMP IP is not configured, the switch will use the first available IP from its IP interfaces. IGMP
querier functions will not work without a source IP address.
IGMP Snooping and Querier Configuration via Web

• Open IGMP Snooping - IGMP Configuration , choose the IGMP mode (stand-alone snoop-
ing or snooping and querier) fill in the desired timers values and version. Click Apply to commit.
Figure 19-4. Configuring IGMP Snooping and Querier via Web
196
Chapter 19. Configuring IGMP Snooping and Querier
IGMP Configuration via CLI

• The next example configures the switch to use IGMP version 2 acting as a querier with an IP address
of 192.168.10.1
Example 19-1. Configuring IGMP Snooping and Querier via CLI

DmSwitch 3000(config)#ip igmp snooping version 2
DmSwitch 3000(config)#ip igmp snooping
DmSwitch 3000(config)#ip igmp snooping querier
DmSwitch 3000(config)#ip igmp snooping ip 192.168.10.1
197
Configuring IGMP Static Entries
In order to ensure that a multicast router or multicast group will be permanently registered on the switch,
you can configure static entries on the interfaces connected to routers or multicast clients. By doing this,
every port configured and connected to a multicast router will register all the multicast groups inside the
corresponding VLAN. This means that every membership report will be forwarded to the multicast router,
so it will be able to forward multicast traffic properly.
By configuring a static multicast IP entry on an interface, the switch will always forward multicast traffic
for this group on this port, independently on the reception of membership reports for this group.
Command Attributes
• Interface - Selects whether a port or a port-channel will be configured.
• VLAN ID - Choose the VLAN that will propagate the multicast traffic for this entry.
• Port or Port-Channel - Selects the interface that will be attached to a multicast router or multicast
group.
• Multicast IP Address - Sets the group multicast IP address that will be registered on the inter-
face.
Configuring IGMP Static Multicast Router Port via Web

• Open IGMP Snooping - Static Multicast Router Port Configuration , select
an interface and VLAN on wich the multicast router is connected. Click Apply to commit.
Figure 19-5. Configuring IGMP Static Multicast Router Port via Web
Configuring IGMP Static Multicast Router Port via CLI

• The next example configures a static multicast router entry on VLAN1, switch interface ethernet 1/1.
Example 19-2. Configuring IGMP Static Multicast Router Port via CLI
DmSwitch 3000(config)#ip igmp snooping vlan 1 mroute ethernet 1
198
Chapter 19. Configuring IGMP Static Entries
Configuring IGMP Static Multicast Group via Web

• Open IGMP Snooping - IGMP Member Port Table , select an interface, VLAN and set an
IP multicast address to be registered. Click Apply to commit.
Figure 19-6. Configuring IGMP Static Multicast Group via Web
Configuring IGMP Static Multicast Group via CLI

• The next example configures the switch to statically register the multicast group IP address 234.5.6.7
in the VLAN 1, interface ethernet 1/1.
Example 19-3. Configuring IGMP Static Multicast Group via CLI

DmSwitch 3000(config)#ip igmp snooping vlan 1 static 234.5.6.7 ethernet 1
199
Displaying IGMP Information
Displaying IGMP Global Information
Displaying IGMP Global Information via Web

• Open IGMP Snooping - IGMP Configuration
Figure 19-7. Displaying IGMP Global Information via Web
Displaying IGMP Global Information via CLI

• The next example illustrates how to display IGMP configuration parameters via CLI.
Example 19-4. Displaying IGMP Global Information via CLI:

DmSwitch 3000#show ip igmp snooping
Service status: Enabled
Querier status: Enabled
Query count: 2
Query interval: 60 sec
Query max response time: 10 sec
Router port expire time: 300 sec
IGMP snooping version: 2
DmSwitch 3000#
200
Displaying IGMP Static Information
Displaying IGMP Static Information via Web
• Open IGMP Snooping - Static Multicast Router Port Configuration or IGMP
Snooping - IGMP Member Port Table .
Figure 19-8. Displaying IGMP Static Information via Web
Displaying IGMP Static Information via CLI

• The next example illustrates how to display IGMP Static Information via CLI.
Example 19-5. Displaying IGMP Static Information via CLI

DmSwitch 3000(config)#show ip igmp snooping mroute
VLAN M’cast Router Ports Type
---- ------------------- -------
1 Eth1/ 1 Static
DmSwitch 3000#
DmSwitch 3000#show mac-address-table multicast
VLAN M’cast IP addr. Member ports Type
---- --------------- ------------ -------
1 234.5.6.7 Eth1/ 2 Static
DmSwitch 3000#
201
Chapter 20. Static Routing
This switch provides wire-speed layer 3 (IP) routing. It can work with static routes, and it can also ex-
change information with others routers on the network using RIP (Routing Information Protocol) and
OSPF (Open Shortest Path First) protocols, dynamically building and maintaining its routing table.
This chapter will focus on static routing only.
Router Interfaces
The switch routes packets between router interfaces. A router interface is simply a VLAN that has an IP
address assigned to it.
202
Static Routes
Static routes are manually entered into the routing table. They can be used to reach networks not advertised
by routers, or in simple configurations where it is not desirable to run routing protocols.
Command Attributes
• Subnet - Network subnet (IP address/prefix length).
• Gateway - IP address of gateway.
Static Route Configuration via CLI

• The next example creates two VLANs, with IPs 192.168.1.1 and 192.168.2.1, configures a static route
to reach 192.168.3.0/24 network via a gateway with IP address 192.168.1.10, and dumps the result:
Example 20-1. Adding Static Route via CLI

DmSwitch 3000(config-if-vlan-10)#ip address 192.168.1.1/24
DmSwitch 3000(config-if-vlan-10)#set-member untagged ethernet range 1 12
DmSwitch 3000(config-if-vlan-10)#interface vlan 20
DmSwitch 3000(config-if-vlan-20)#ip address 192.168.2.1/24
DmSwitch 3000(config-if-vlan-20)#set-member untagged ethernet range 13 24
DmSwitch 3000(config-if-vlan-20)#interface ethernet range 1 12
DmSwitch 3000(config-if-eth-1/1-to-1/12)#switchport native vlan 10
DmSwitch 3000(config-if-eth-1/1-to-1/12)#interface ethernet range 13 24
DmSwitch 3000(config-if-eth-1/13-to-1/24)#switchport native vlan 20
DmSwitch 3000(config-if-eth-1/13-to-1/24)#exit
DmSwitch 3000(config)#ip route 192.168.3.0/24 192.168.1.10
DmSwitch 3000(config)#show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF
C 127.0.0.0/8 is directly connected, loopback

C 192.168.1.0/24 is directly connected, vlan 10
S 192.168.3.0/24 [1/0] via 192.168.1.10, vlan 10
• The route can be removed adding no to the beggining of the command:
Example 20-2. Removing Static Route via CLI

DmSwitch 3000(config)#no ip route 192.168.3.0/24 192.168.1.10
DmSwitch 3000(config)#show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF
C 127.0.0.0/8 is directly connected, loopback

203
Hardware Tables
In this switch routing is done by hardware, using two tables:
Hardware Tables
• A host table, which maps directly connected hosts’ IP addresses to MAC/VLAN/Port.
• A longest prefix match (LPM) table, which maps subnets to gateway MAC/VLAN/Port.
Checking Hardware Tables via CLI

• These tables are mantained by the firmware running on the equipment, but their state can be checked
with the commands below:
Example 20-3. Checking Hardware Tables via CLI

DmSwitch 3000#show ip hardware host-table
IP address MAC VLAN Port Hit
--------------- ----------------- ---- ---- ---
192.168.1.10 00:04:DF:00:01:10 10 2 Y
192.168.2.10 00:04:DF:00:59:D7 20 14 Y
255.255.255.255 00:00:00:00:00:00 0 1 N
Total: 3 Free: 4093
DmSwitch 3000#show ip hardware lpm-table

Network address Next Hop MAC VLAN Port Hit
--------------- ----------------- ---- ---- ---
192.168.3.0 00:04:DF:00:01:10 10 2 N
Total: 1 Free: 16384

DmSwitch 3000#
204

204-4142-00 - DmSwitch EDD SII - Configuration Guide

Uploaded by

Copyright:

Available Formats

204-4142-00 - DmSwitch EDD SII - Configuration Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

204-4142-00 - DmSwitch EDD SII - Configuration Guide

Uploaded by

Copyright:

Available Formats

DmSwitch - EDD Configuration Guide

In order to contact the DATACOM technical support, or sales department:

Switch Features and software Description

Table 1-1. System Defaults

Function Parameter Default

HTTP Port Number80

HTTP Secure Enabled

Function Parameter Default

LACP (all ports) Disabled

Acceptable Frame All

Table 2-1. RJ45 Console Pin Out

• On-Line Help and Command Completion

Table 2-2. Editing Commands

Ctrl+A Moves the cursor to the first character

Ctrl+N Enters the next command line saved in the history

• Registering new user

• IP Configuration via CLI

Example 2-1. MGMT Interface IP

Example 2-2. VLAN Interface IP

To visualize the configuration above, use the command show vlan.

--- 172.16.10.206 ping statistics ---

Example 2-3. VLAN Interface IP

Example 2-4. Renewing and Releasing with DHCP server

• Resetting the Switch via CLI

Example 2-5. Resetting the Switch via CLI

Uploading System Software from a TFTP Server

Updating Equipment’s Bootloader via CLI:

Example 3-2. Uploading Bootloader from a TFTP Server via CLI.

Uploading System Software from a TFTP Server

Copy config to Flash

# DmSwitch2104#copy startup-config flash-config 1 startconf

It is possible to restart the equipment, if necessary, by using the command reboot.

Example 3-3. Downloading a configuration via CLI.

• Uploading a configuration and setting it as startup

Example 3-4. Via CLI, downloading a configuration and setting it as startup.

• Uploading a configuration and applying it without storing in flash

Example 3-6. Downloading a configuration to a TFTP server.

• Downloading running configuration

Example 3-7. Downloading a running configuration to a TFTP server.

• Copying a configuration inside the equipment

Example 3-8. Copying a configuration inside the equipment.

Note: This operation can’t be done through the web interface.

• Loading a stored configuration

The next example shows how to load a configuration stored in flash.

Example 3-9. Loading a configuration via CLI.

Figure 4-1. DmView Component Selection

• Server (Standalone): DmView Server.

Figure 4-2. DmView Login

Figure 4-3. DmView Network Browser

Figure 4-4. Window to add equipment in the management platform

Figure 4-5. DmSwitch - EDD’s bayface

• EDD’s bayface with PWE3 TDM functionality is showed below

Figure 4-6. DmSwitch - EDD’s bayface with PWE3 TDM functionality

Figure 5-1. General tab on Configuration Window

Hostname: Sets the switch’s administrative name.

Figure 5-2. Hostname screen

Name: Configure name for timezone.

Timezone: Hours off set from UTC.

Minutes: Minutes off set from UTC.

Figure 5-3. Clock Timezone Screen