Post on 25-Mar-2020
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
--------------- STCS5024ST 24 Port Gigabit SFP+4 Port Gigabit Tx Layer 3 routing switch
--------------- STCS5024TF 24 Port Gigabit TX + 4 Port Gigabit SFP Layer 3 routing switch
STCS5024 Series Gigabit Layer 3 Routing Switches User Guide (Version: 1.0.1)
Stephen Technologies Co.,Limted
All Rights Reserved
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
PREFACE
Release Notes
This manual applies to STCS5024 Series Routing Switch.
Related Manuals
The related manuals are listed in the following table.
� 《STCS5024 Series Routing Switches Installation Guide Manu》
� 《STCS5024 Series Routing Switches Configuration Guide Manu》
Intended Audience
The manual is intended for the following readers:
� Network engineers
� Network administrators
� Customers who are familiar with network fundamentals
Conventions
The manual uses the following conventions:
I. General conventions
Convention Description
Arial Normal paragraphs are in Arial.
Arial Narrow Warnings, Cautions, Notes and Tips are in Arial Narrow.
Univers-Condensed Bold Headings are in Univers-CondensedBold.
Courier New Terminal Display is in Courier New.
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
II. Command conventions
Convention
Description
Univers-CondensedBold The keywords of a command line are in
Univers-CondensedBold.
Univers-CondensedBold Command arguments are in Univers-CondensedBold.
[ ]
Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by
vertical bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets and
separated by vertical bars. One or none is selected.
III. GUI conventions
Convention
Description
< >
Button names are inside angle brackets. For example, click the <OK> button.
[ ]
Window names, menu items, data table and field names are inside square brackets. For
example, pop up the [New User] window.
/
Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].
IV. Keyboard operation
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
Format
Description
<Key>
Press the key with the key name inside angle brackets. For example, <Enter>, <Tab>,
<Backspace>, or <A>.
<Key1+Key2>
Press the keys concurrently. For example, <Ctrl+Alt+A>
means the three keys should be pressed concurrently.
<Key1, Key2>
Press the keys in turn. For example, <Alt, A> means the two
keys should be pressed in turn.
V. Mouse operation
Action
Description
Click
Press the left button or right button quickly (left button bydefault).
Double
Click
Press the left button twice continuously and quickly.
Drag
Press and hold the left button and drag it to a certain position.
VI. Symbols
Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation.
They are
defined as follows:
Caution: Means reader be extremely careful during the operation.
����Note: Means a complementary description.
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
1 Product Overview .............................................................................. - 1 -
1.1 Product Overview ............................................................................... - 1 - 1.2 Function Features ............................................................................... - 1 -
2 Logging in Switch ............................................................................... - 3 -
2.1 Setting up Configuration Environment via the Console Port .............. - 3 - 2.2 Setting up Configuration Environment through Telnet ...................... - 5 -
2.2.1 Connecting a PC to the Switch through Telnet .................................. - 5 - 2.2.2 Telneting a Switch through another Switch ....................................... - 6 -
3 Command Line Interface ................................................................... - 7 -
3.1 Command Line Interface .................................................................... - 7 - 3.2 Command Line configure mode ......................................................... - 8 - 3.3 Features and Functions of Command Line ......................................... - 9 -
3.3.1 Online Help of Command Line ............................................................ - 9 - 3.3.2 Displaying Characteristics of Command Line ................................... - 10 - 3.3.3 History Command of Command Line ............................................... - 11 -
3.3.4 Common Command Line Error Messages ........................................ - 11 - 3.3.5 Editing Characteristics of Command Line ......................................... - 12 -
4 Basic Configuration ......................................................................... - 13 -
4.1 Console Connection .......................................................................... - 13 - 4.2 Setting Console Baud Rate ................................................................ - 13 - 4.3 Creating user and setting password ................................................. - 14 - 4.4 Setting system clock .......................................................................... - 14 - 4.5 Setting system service ...................................................................... - 15 - 4.6 Setting system contact/name/location information for SNMP ........ - 15 - 4.7 Management firmware ..................................................................... - 16 -
4.8 Management configuration file ........................................................ - 16 - 4.9 Saving configuration file ................................................................... - 17 - 4.10 Restore system to default configuration .......................................... - 17 - 4.11 Reboot system .................................................................................. - 17 -
5 Port Configuration ........................................................................... - 18 -
5.1 Ethernet Port Overview .................................................................... - 18 - 5.2 Ethernet Port Configuration ............................................................. - 18 -
5.2.1 Enabling/Disabling an Ethernet Port ................................................ - 18 - 5.2.2 Setting the Duplex Attribute and speed of the Ethernet Port ......... - 19 -
5.2.3 Setting the type of combo port ........................................................ - 19 - 5.2.4 Enabling/Disabling Flow Control for the Ethernet Port ................... - 20 - 5.2.5 Setting the Ethernet Port Broadcast Suppression ............................ - 20 - 5.2.6 Setting the Ethernet Port multicast Suppression ............................. - 21 - 5.2.7 Setting the Ethernet Port dlf Suppression ........................................ - 21 - 5.2.8 Setting Port Mirroring ....................................................................... - 22 - 5.2.9 Setting rate limits.............................................................................. - 23 -
6 Link Aggregation Configuration ....................................................... - 24 -
6.1 Overview ........................................................................................... - 24 -
6.2 Statically Configuring a Trunk ........................................................... - 24 -
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
7 VLAN Configuration ......................................................................... - 25 -
7.1 VLAN Overview ................................................................................. - 25 - 7.2 Configuring VLAN .............................................................................. - 26 -
7.2.1 Creating/Deleting a VLAN ................................................................. - 26 - 7.2.2 Setting vlan port pvid ....................................................................... - 26 - 7.2.3 Specifying/removing a VLAN port .................................................... - 27 -
7.3 VLAN Configuration Example ............................................................ - 27 -
8 GVRP Configuration ......................................................................... - 28 -
8.1 GVRP Overview ................................................................................. - 28 -
8.2 Enabling/Disabling Global GVRP ....................................................... - 29 - 8.3 Enabling/Disabling Port GVRP .......................................................... - 29 - 8.4 GVRP Configuration Example ............................................................ - 29 -
9 STP Configuration ............................................................................ - 30 -
9.1 STP Overview .................................................................................... - 30 - 9.2 Spanning-Tree Topology and BPDUs ................................................. - 31 - 9.3 Bridge ID, Switch Priority, and Extended System ID ......................... - 33 - 9.4 Spanning-Tree Interface States ......................................................... - 34 -
9.4.1 Blocking State ................................................................................... - 35 - 9.4.2 Listening State .................................................................................. - 36 - 9.4.3 Learning State ................................................................................... - 36 - 9.4.4 Forwarding State .............................................................................. - 36 - 9.4.5 Disabled State ................................................................................... - 37 -
9.5 How a Switch or Port Becomes the Root Switch or Root Port ......... - 37 - 9.6 Spanning Tree and Redundant Connectivity .................................... - 38 - 9.7 Spanning-Tree Address Management .............................................. - 38 - 9.8 Accelerated Aging to Retain Connectivity ........................................ - 39 - 9.9 Configuring STP Features .................................................................. - 39 -
9.9.1 Configure the mode of the spanning-tree ........................................ - 39 - 9.9.2 Configure the Bridge Priority for a Switch ........................................ - 39 - 9.9.3 Configure the Time Parameters of a Switch ..................................... - 40 - 9.9.4 Configure Port Priority ...................................................................... - 42 - 9.9.5 Enable/Disable STP on the Device .................................................... - 42 - 9.9.6 Enable/Disable STP on a Port ........................................................... - 43 -
9.10 Configuring RSTP Features ................................................................ - 43 - 9.10.1 Configure the mode of the spanning-tree ........................................ - 43 - 9.10.2 Configure the Bridge Priority for a Switch ........................................ - 44 - 9.10.3 Configure the Time Parameters of a Switch ..................................... - 44 - 9.10.4 Configure Port Priority ...................................................................... - 46 - 9.10.5 Enable/Disable STP on the Device .................................................... - 46 - 9.10.6 Enable/Disable STP on a Port ........................................................... - 47 -
10 IP Address Configuration ................................................................. - 47 -
10.1 IP Address Overview ......................................................................... - 47 - 10.1.1 IP Address Classification and Indications ......................................... - 47 -
10.1.2 Subnet and Mask .............................................................................. - 50 - 10.2 Configuring IP Address ...................................................................... - 50 -
10.2.1 Configuring the AUX port IP Address................................................ - 51 -
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
10.2.2 Configuring the IP Address of the VLAN Interface ........................... - 51 - 10.3 IP Address Configuration Example .................................................... - 51 - 10.4 Troubleshooting IP Address Configuration ....................................... - 52 -
11 ARP Configuration ........................................................................... - 53 -
11.1 Introduction to ARP .......................................................................... - 53 - 11.2 Configuring ARP ................................................................................ - 54 -
11.2.1 Manually Adding/Deleting Static ARP Mapping Entries ................... - 54 - 11.2.2 Clear up ARP Mapping Entries .......................................................... - 54 -
12 Configuring IP Routing ..................................................................... - 55 -
12.1 Introduction to IP Route and Routing Table ..................................... - 55 - 12.1.1 IP Route and Route Segment ............................................................ - 55 - 12.1.2 Route Selection through the Routing Table ..................................... - 56 -
12.2 Routing Management Policy ............................................................. - 58 - 12.2.1 Routing protocols and the preferences of the corresponding routes- 58 - 12.2.2 Supporting Load Sharing and Route Backup .................................... - 58 - 12.2.3 Routes Shared between Routing Protocols ...................................... - 59 -
12.3 Static Route Configuration ................................................................ - 60 - 12.3.1 Introduction to Static Route ............................................................. - 60 - 12.3.2 Static Route Configuration ............................................................... - 60 - 12.3.3 Typical Static Route Configuration Example .................................... - 62 - 12.3.4 Static Route Fault Diagnosis and Troubleshooting ........................... - 64 -
12.4 RIP Configuration .............................................................................. - 64 - 12.4.1 Brief Introduction to RIP ................................................................... - 64 -
12.4.2 RIP Configuration .............................................................................. - 65 - 12.4.3 Typical RIP Configuration Example ................................................... - 68 -
12.5 OSPF Configuration ........................................................................... - 69 - 12.5.1 OSPF Overview.................................................................................. - 69 - 12.5.2 OSPF Configuration ........................................................................... - 73 - 12.5.3 Displaying and Debugging OSPF ....................................................... - 84 - 12.5.4 Typical OSPF Configuration Example ................................................ - 84 - 12.5.5 OSPF Fault Diagnosis and Troubleshooting ...................................... - 85 -
13 IP Multicast Protocol ....................................................................... - 87 -
13.1 IP Multicast Overview ....................................................................... - 87 - 13.1.1 Problems with Unicast/Broadcast .................................................... - 87 - 13.1.2 Advantages of Multicast ................................................................... - 88 - 13.1.3 Application of Multicast ................................................................... - 89 -
13.2 Implementation of IP Multicast ........................................................ - 90 - 13.2.1 Multicast Addresses.......................................................................... - 90 - 13.2.2 IP Multicast Protocols ....................................................................... - 92 -
13.3 IP Multicast Packet Forwarding ........................................................ - 93 - 13.4 IGMP Snooping Configuration .......................................................... - 94 -
13.4.1 IGMP Snooping Overview ................................................................. - 94 - 13.4.2 IGMP Snooping Configuration .......................................................... - 97 - 13.4.3 IGMP Snooping Configuration Example ........................................... - 99 -
13.4.4 Troubleshoot IGMP Snooping .......................................................... - 99 -
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
13.5 Static Multicast Group Configuration ............................................. - 100 - 13.5.1 Introduction to Static Multicast Group Configuration ................... - 100 - 13.5.2 Static Multicast Group Configuration ............................................. - 100 -
13.6 IGMP Configuration ........................................................................ - 101 - 13.6.1 IGMP Overview ............................................................................... - 101 -
13.6.2 IGMP Configuration ........................................................................ - 102 - 13.7 PIM-SM Configuration .................................................................... - 108 -
13.7.1 PIM-SM Overview ........................................................................... - 108 - 13.7.2 PIM-SM Configuration .................................................................... - 110 -
14 ACL Configuration .......................................................................... - 113 -
14.1 ACL Overview .................................................................................. - 113 - 14.2 configuring ACL ............................................................................... - 114 -
14.2.1 Defining ACL .................................................................................... - 114 - 14.2.2 Activating ACL ................................................................................. - 115 -
14.3 configuring Default ACL .................................................................. - 116 - 14.4 ACL Configuration Example ............................................................ - 116 -
15 QoS Configuration ......................................................................... - 117 -
15.1 Setting the Queue Mode ................................................................ - 118 - 15.2 Setting the Priority for Port ............................................................ - 119 - 15.3 Mapping IP Precedence .................................................................. - 119 - 15.4 Changing Priorities Based on ACL Rules ......................................... - 120 -
16 802.1x Configuration ..................................................................... - 121 -
16.1 802.1x Overview ............................................................................. - 121 - 16.1.1 802.1x Standard Overview ............................................................. - 121 - 16.1.2 802.1x System Architecture ............................................................ - 122 - 16.1.3 802.1x Authentication Process ....................................................... - 123 - 16.1.4 Implement 802.1x on Ethernet Switch ........................................... - 123 -
16.2 802.1x Configuration ...................................................................... - 123 - 16.2.1 Enabling/Disabling 802.1x .............................................................. - 123 - 16.2.2 Setting port authentication state ................................................... - 124 - 16.2.3 Setting Supplicant Number on a Port ............................................. - 124 -
16.3 802.1x Configuration Example ........................................................ - 125 -
17 RADIUS Protocol Configuration ..................................................... - 127 -
17.1 RADIUS Protocol Overview ............................................................. - 127 - 17.2 Implementing RADIUS on Ethernet Switch..................................... - 128 - 17.3 Configuring RADIUS Protocol .......................................................... - 128 -
17.3.1 Enable/disable radius client service ............................................... - 128 - 17.3.2 Setting radius client ip address ....................................................... - 128 -
17.3.3 Setting a Real-time Accounting Interval ......................................... - 129 - 17.3.4 Setting IP Address of RADIUS Server .............................................. - 129 - 17.3.5 Setting Port of RADIUS Server ........................................................ - 130 - 17.3.6 Setting RADIUS Packet Encryption Key ........................................... - 130 -
18 DHCP Protocol Configuration ........................................................ - 131 -
STCS5024 Full Gigabit Layer 3 switch User Manual
陈泽科技有限公司 www.stephen-tele.com
18.1 DHCP Relay configuration ............................................................... - 131 - 18.1.1 Brief Introduction to DHCP Relay ................................................... - 131 - 18.1.2 Configuring DHCP Relay .................................................................. - 132 -
18.2 DHCP Server configuration ............................................................. - 133 - 18.2.1 Configuring DHCP Relay .................................................................. - 134 -
18.3 DHCP Protocol Configuration Example ........................................... - 136 - 18.3.1 DHCP Relay Configuration Example................................................ - 136 - 18.3.2 DHCP Server Configuration Example .............................................. - 137 -
19 SNMP Configuration ...................................................................... - 138 -
19.1 SNMP Overview .............................................................................. - 138 - 19.2 SNMP Versions and Supported MIB ............................................... - 138 - 19.3 Configure SNMP .............................................................................. - 140 -
19.3.1 Setting Community Name .............................................................. - 140 - 19.3.2 Setting the Destination Address of Trap ........................................ - 140 - 19.3.3 Setting Trap Parameters ................................................................. - 141 -
19.4 SNMP Configuration Example ......................................................... - 141 -
20 VRRP Configuration ....................................................................... - 142 -
20.1 VRRP Overview ............................................................................... - 142 - 20.2 Configuring VRRP ............................................................................ - 143 -
20.2.1 Adding/Deleting a Virtual IP Address ............................................. - 144 - 20.2.2 Configuring the Priority of Switches in the Virtual Router ............. - 144 - 20.2.3 Configuring Preemption for a Switch within a Virtual Router ....... - 145 - 20.2.4 Configuring VRRP Timer.................................................................. - 145 -
20.2.5 Configuring Switch to Track a Specified Interface .......................... - 146 - 20.3 VRRP Configuration Example .......................................................... - 147 - 20.4 Troubleshoot VRRP ......................................................................... - 148 -
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 1 - - www.stephen-tele.com
1 PRODUCT OVERVIEW
1.1 Product Overview
STCS5024 series Ethernet Switches are types of box-shaped L2/L3 wire speed Ethernet Switches, applied on the convergence
layer of the medium- and small-sized enterprise networks, IP Metropolitan Area Network (MAN) and Ethernet residential
areas。
STCS5024 series routing switches support the following services:
� Internet broadband access
� MAN, enterprise/campus networking
� Providing multicast service and multicast routing and supporting multicast audioand video services.
1.2 Function Features
Features Implementation
VLAN
Supports VLAN compliant with IEEE 802.1Q Standard
Supports GARP VLAN Registration Protocol (GVRP)
STP protocol
Supports Spanning Tree Protocol (STP)
Flow control
Supports IEEE 802.3x flow control (full-duplex)
Supports back-pressure based flow control (half-duplex)
Broadcast
Suppression
Supports Broadcast Suppression
Multicast
Supports Internet Group Management Protocol Snooping (IGMP
Snooping)
Supports Internet Group Management Protocol (IGMP)
Supports Protocol-Independent Multicast-Sparse Mode (PIM-SM)
IP routing
Supports static routing
Supports Routing Information Protocol (RIP) v1/v2
Supports Open Shortest Path First (OSPF)
DHCP Supports Dynamic Host Configuration Protocol (DHCP) Relay
Supports Dynamic Host Configuration Protocol (DHCP) Server
Link
aggregation
Supports link aggregation
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 2 - - www.stephen-tele.com
Features Implementation
Mirror
Supports the port-based mirror
Supports the ACL-based mirror
Quality of
Service (QoS)
Supports traffic classification
Supports bandwidth control
Supports queues of different priority on the port
Queue scheduling: supports Strict Priority Queuing (SP),
Weighted Round Robin (WRR), and SP+WRR
Security
features
Supports Multi-level user management and password protect
Supports 802.1X authentication
Supports Packet filtering
Management
and
Maintenance
Supports Command Line Interface configuration
Supports local configuration via Console port and AUX port
Supports Local and remote configuration through Telnet on
Ethernet port
Supports SNMP management (SupportsRMON MIB Group 1, 2, 3 and 9)
Supports output of the debugging information
Supports PING
Supports the remote maintenance via Telnet
Loading and
updating
Supports to load and upgrade software via File Transfer Protocol
(FTP) and Trivial File Transfer Protocol (TFTP)
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 3 - - www.stephen-tele.com
2 Logging in Switch
2.1 Setting up Configuration Environment via the Console Port
Step 1: As shown in the figure below, to set up the local configuration environment,connect the serial port of a PC (or a
terminal) to the Console port of the switch with theConsole cable.
Figure 2-1 Setting up the local configuration environment via the Console port
Step 2: Run terminal emulator (such as Terminal on Windows 3X or the Hyper Terminal on Windows 9X) on the Computer. Set
the terminal communication parameters as follows: Set the baud rate to 19200, databit to 8, parity check to none, stopbit to 1,
flow control to none and select the terminal type as VT100.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 4 - - www.stephen-tele.com
Figure 2-2 Setting up new connection
Figure 2-3 Configuring the port for connection
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 5 - - www.stephen-tele.com
Figure 2-4 Setting communication parameters
Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the
command line prompt such as switch>.
Step 4: Input a command to configure the switch or view the operation state. Input a “?” for an immediate help. For details of
specific commands, refer to the following chapters.
2.2 Setting up Configuration Environment through Telnet
2.2.1 Connecting a PC to the Switch through Telnet
After you have correctly configured IP address of a VLAN interface for an switch via Console port, and added the port to this
VLAN (using port command in VLAN view), you can telnet this switch and configure it.
Step 1: Authenticate the Telnet user via the Console port before the user logs in by Telnet.
Step 2: To set up the configuration environment, connect the Ethernet port of the PC to that of the switch via the LAN.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 6 - - www.stephen-tele.com
Figure 2-5 Setting up configuration environment through telnet
Step 3: Run Telnet on the PC and input the IP address of the VLAN connected to the PC port.
Figure 2-6 Running Telnet
Step 4: The terminal displays “Login:” and prompts the user to input the logon user name and password. After you input the
correct user name and password, it displays the command line prompt (such as switch#).
Step 5: Use the corresponding commands to configure the switch or to monitor the running state. Enter “?” to get the
immediate help. For details of specific commands,refer to the following chapters.
2.2.2 Telneting a Switch through another Switch
After a user has logged into a switch, he or she can configure another switch through the switch via Telnet. The local switch
serves as Telnet client and the peer switch serves as Telnet server. If the ports connecting these two switches are in a same
local network, their IP addresses must beconfigured in the same network segment.
Otherwise, the two switches must establish a route that can reach each other.As shown in the figure below, after you telnet to
a switch, you can run telnet commandto log in and configure another switch.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 7 - - www.stephen-tele.com
Figure 2-7 Providing Telnet Client service
Step 1: Authenticate the Telnet user via the Console port on the Telnet Server (switch) before login.
Step 2: The user logs in the Telnet Client (switch). For the login process, refer to the section describing “Connecting a PC to the
Switch through Telnet”.
Step 3: Perform the following operations on the Telnet Client:
Step 4: Enter the preset login password and you will see the prompt such switch#.
Step 5: Use the corresponding commands to configure the switch or view it running state. Enter “?” to get the immediate help.
For details of specific commands, refer to the following chapters.
3 Command Line Interface
3.1 Command Line Interface
These series switches provide a series of configuration commands and command line interfaces for configuring and managing
the switch. The command line interface has the following characteristics:
� Local configuration via the Console port and AUX port.
� Local or remote configuration via Telnet.
� Hierarchy command protection to avoid the unauthorized users accessing switch.Enter a “?” to get immediate online
help.
� Provide network testing commands, such as Ping, to fast troubleshoot the network.
� Log in and manage other switch directly, using the Telnet command.
� Provide FTP service for the users to upload and download files.
� Provide the function similar to Doskey to execute a history command.
� The command line interpreter searches for target not fully matching the keywords.
It is ok for you to key in the whole keyword or part of it, as long as it is unique and not ambiguous.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 8 - - www.stephen-tele.com
3.2 Command Line configure mode
The command line provides the following configure mode:
� Normal EXEC mode
� privileged EXEC mode
� Global configuration mode
� VLAN interface configuration mode
� OSPF configuration mode
The following table describes the function features of different views and the ways to
enter or quit.
Table 3-1 Function feature of command configure mode.
Command
mode
Function
Prompt
Command to
enter
Command to
exit
Normal EXEC mode Show the basic
information
about operation
and statistics
Switch>
Enter right user
name and password
exit
privileged EXEC
mode
Show the basic
information
about operation
and statistics
Switch# Enter <enable> and
right password
Exit returns to
normal EXEC mode
Global
configuration mode
Configure
system
parameters
Switch(config)# Key in
config in
user user configure
mode
Exit returns to user
configure mode
VLAN interface
configure mode
Configure ospf area
parameters
Switch(config-if)# Key in
Interface vint x in
system configure
mode
Exit returns to
system configure
mode
OSPF configuration
mode
Configure OSPF
parameters
Switch(config-ospf)# Key in
Router ospf in
system configure
mode
Exit returns to
system configure
mode
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 9 - - www.stephen-tele.com
3.3 Features and Functions of Command Line
3.3.1 Online Help of Command Line
The command line interface provides the following online help modes.
� Full help
� Partial help
You can get the help information through these online help commands, which are described as follows.
Input “?” in any configure mode to get all the commands in it and corresponding descriptions.
switch#?
clear Clear the screen.
config Config system's setting.
debug Debugging functions
download Download file for software upgrade or load user config.
exit Exit current mode and shift to previous mode.
help Description of the interactive help system.
history Config history command.
kill Kill some unexpected things.
logout Disconnect from switch and quit.
no Negate a command or set its defaults.
ping Ping command to test if the net is correct.
quit Disconnect from switch and quit.
reboot Reboot the switch.
remove Remove system configuration.
sendmsg Send message to online user.
show Show running system information.
telnet Telnet to other host or switch.
terminal Set terminal line parameters.
upload Upload file for software upgrade or upload user config.
who Display who is connected to the switch.
write Save current running configuration to flash.
1) Input a command with a “?” separated by a space. If this position is for keywords,all the keywords and the corresponding
brief descriptions will be listed.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 10 - - www.stephen-tele.com
2) switch(config)# port ?
speed Set port speed.
state Set port state.
type Set port type.
3) Input a command with a “?” separated by a space. If this position is for parameters,all the parameters and their brief
descriptions will be listed.
switch(config)# router ?
hw-sync Dynamic route synchronize with hardware route table
ospf OSPF specific commands
rip Set Rip config parameters.
switch(config)# router ospf ?
<cr> Just Press <Enter> to Execute command!
<cr> indicates no parameter in this position. The next command line repeats the command, you can press <Enter> to execute
it directly.
4) Input a character string with a “?”, then all the commands with this character string as their initials will be listed.
switch(config)# a?
access-list Set access-list parameters.
arp Config system's setting.
authentication Config information of authentication.
5) Input a command with a character string and “?”, then all the key words with this character string as their initials in the
command will be listed.
switch# show ve?
version Display SPROS version.
6) Input the first letters of a keyword of a command and press <Tab> key. If no other keywords are headed by this letters, then
this unique keyword will be displayed automatically.
3.3.2 Displaying Characteristics of Command Line
Command line interface provides the following display characteristics:
� For users’ convenience, the instruction and help information can be displayed in both English and Chinese.
� For the information to be displayed exceeding one screen, pausing function is provided. In this case, users can have three
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 11 - - www.stephen-tele.com
choices, as shown in the table below.
Table 3-2 Functions of displaying
Key or Command
Function
Press <Q> when the display pauses Stop displaying and executing command.
Press any key when the display pauses
Continue to display the next screen of
information.
Press <Enter> when the display
pauses
Continue to display the next line of information.
3.3.3 History Command of Command Line
Command line interface provides the function similar to that of DosKey. The commands entered by users can be automatically
saved by the command line interface and you can invoke and execute them at any time later. History command buffer is
defaulted as 10. That is, the command line interface can store 10 history commands for each user.The operations are shown in
the table below.
Table 3-3 Retrieving history command
Operation
Key
Result
Display history
command
history
Display history command by user
inputting
Retrieve the previous
history command
Up cursor key <↑> or
<Ctrl+P>
command, if there is any.
Retrieve the next
history command
Down
Down cursor key <↓>
or <Ctrl+N>
Retrieve the next history
command, if there is any.
3.3.4 Common Command Line Error Messages
All the input commands by users can be correctly executed, if they have passed the grammar check. Otherwise, error
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 12 - - www.stephen-tele.com
messages will be reported to users. The common error messages are listed in the following table.
Table 3-4 Common command line error messages
Error messages
Causes
Unrecognized command
Cannot find the command.
Cannot find the keyword.
Wrong parameter type.
The value of the parameter exceeds the range.
Incomplete command
The input command is incomplete.
Too many parameters
Enter too many parameters.
Ambiguous command
The parameters entered are not specific.
3.3.5 Editing Characteristics of Command Line
Command line interface provides the basic command editing function and supports to edit multiple lines. A command cannot
longer than 256 characters. See the table below.
Table 3-5 Editing functions
Key
Function
Common keys
Insert from the cursor position and the cursor moves to
the
right, if the edition buffer still has free space.
Backspace
Move the cursor a character backward
Leftwards cursor key
<←> or <Ctrl+B>
Move the cursor a character backward
Rightwards cursor key
<→> or <Ctrl+F>
Move the cursor a character forward
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 13 - - www.stephen-tele.com
Up cursor key <↑> or
<Ctrl+P>
Down cursor key <↓>
or <Ctrl+N>
Retrieve the history command.
<Tab>
Press <Tab> after typing the incomplete key word and the
system will execute the partial help: If the key word
matching the typed one is unique, the system will replace
the typed one with the complete key word and display it
in a
new line; if there is not a matched key word or the
matched key word is not unique, the system will do no
modification but display the originally typed word in a
new line.
4 Basic Configuration
4.1 Console Connection
The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level
(Privileged Exec).
The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow
you to only display information and use basic utilities. To fully configure the switch parameters, you must access the CLI at the
Privileged Exec level. Access to both CLI levels are controlled by user names and passwords.
The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the
default user name and password, perform these steps:
1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.
2. At the <Login:> prompt, enter “admin.”
3. At the Password prompt, direct press “enter” (The default password not set.)
4. The session is opened and the CLI displays the “switch>” prompt indicating you have access at the Normal Exec level.
5. At the “switch>” prompt ,enter “enable” .
6 . At the Password prompt, direct press “enter” (The default password not set.)
7. The session is opened and the CLI displays the “switch#” prompt indicating you have access at the Privileged Exec level.
4.2 Setting Console Baud Rate
Beginning in privileged EXEC mode, follow these steps to set console baud rate.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 14 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 serial speed rate Setting console baud rate.
Rate : 19200、2400、38400、9600.
By default ,rate is 9600.
Step 3 exit Return to privileged EXEC mode.
Step 4 show serial Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
4.3 Creating user and setting password
When you create new user ,the default user is deleted automatically.
Beginning in privileged EXEC mode, follow these steps to create user and set password.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 user add user-name login-password login-password Create user and set login password.
Step 3 user login-password user-name <CR>
Input new login password for user abc please.
New Password:
Confirm Password:
(optional) Change login password.
Step 4 user enable-password user-name <CR>
Input new enable password for user abc please.
New Password:
Confirm Password:
(optional) Set or change enable password.
Step 5 user role user-name {NORMAL | ADMIN
enable-password enable-password}
(optional) Change user access level.
Step 6 exit Return to privileged EXEC mode.
Step 7 user list Verify your entries.
Step 8 write (Optional) Save your entries in the
configuration file.
4.4 Setting system clock
Beginning in privileged EXEC mode, follow these steps to set system clock.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 time year month date hour:minutes:seconds Setting system clock.
Step 3 exit Return to privileged EXEC mode.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 15 - - www.stephen-tele.com
Step 4 show system configuration Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
4.5 Setting system service
The system provide SNMP、telnet and webserver services, you can enable or disable these service.
Beginning in privileged EXEC mode, follow these steps to set system service.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 service snmp {enable | disable } Enabling/disabling SNMP service.
Step 3 service telnet {enable | disable } Enabling/disabling telnet service.
Step 4 webserver service {enable | disable}
Enabling/disabling webserver service.
When webserver service enabled , you can
management the switch through WEB.
Step 5 webserver password reset (optional) Reset web password to default.
By default the web login user name is
“admin”, login password is “password”.
You can change the password through
WEB.
Step 6 exit Return to privileged EXEC mode.
Step 7 show services Verify your entries.
Step 8 write (Optional) Save your entries in the
configuration file.
4.6 Setting system contact/name/location information for SNMP
Beginning in privileged EXEC mode, follow these steps to set system contact/name/location information.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 system contact string Setting system contact information for
SNMP.
Step 3 system name string Setting system name for SNMP.
Step 4 system location string Setting system location information for
SNMP.
Step 5 exit Return to privileged EXEC mode.
Step 6 show system config Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 16 - - www.stephen-tele.com
4.7 Management firmware
You can download firmware from a FTP or TFTP server. After download the new firmware, when the switch next start, the
system use the new firmware.
Caution:
Before you down load firmware from a FTP or TFTP server, you must confirm follow items:
� You have configured IP address for a VLAN interface or AUX port.
� The FTP or TFTP server can communicate with the Switch correctly.
� You have run the FTP or TFTP program on the FTP or TFTP server.
� You have set the correct user name and password for FTP server, and specified the correct
directory.
� You have specified the correct directory for TFTP server..
Beginning in privileged EXEC mode, follow these steps to download firmware from FTP or TFTP server.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 down ftp image ip-address user-name password
filename
Download firmware from FTP server.
Step 3 down tftp image ip-address filename Download firmware from FTP server.
Step 4 reboot (optional) Restart the system.
Step 5 exit Return to privileged EXEC mode.
Step 6 show version Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
4.8 Management configuration file
You can upload/download firmware to or from a FTP or TFTP server. After download the new configuration file, when the
switch next start, the system use the new configutation.
Beginning in privileged EXEC mode, follow these steps to upload/download configuration file to or from FTP or TFTP server.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 upload ftp config ip-address user-name password
filename
Up load configuration file to FTP server.
Up load configuration file to TFTP server. upload tftp config ip-address filename
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 17 - - www.stephen-tele.com
Step 3 down ftp config ip-address user-name password
filename
Download configuration file from FTP
server.
Download configuration file from TFTP
server.
down tftp config ip-address filename
Step 4 reboot (optional) Restart the system.
Step 5 exit Return to privileged EXEC mode.
Step 6 show version Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
4.9 Saving configuration file
Use the write command to save the current-configuration in the Flash Memory, and the configurations will become the
startup-configuration when the system is powered on for the next time.
Beginning in privileged EXEC mode, follow these steps to save configuration to the FLASH Memory.
Command Purpose
Step 1 write Save your entries in the configuration file.
4.10 Restore system to default configuration
You can use remove command to resume the startup-configuration to default configuration, after that you must reboot the
system. Beginning in privileged EXEC mode, follow these steps to restore system to default configuration.
Command Purpose
Step 1 remove Save your entries in the configuration file.
Step 2 reboot Reboot the system.
4.11 Reboot system
Beginning in privileged EXEC mode, follow these steps to restart the system.
Command Purpose
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 18 - - www.stephen-tele.com
Step 1 reboot Reboot the system.
5. Port Configuration
Ethernet Port Overview
STCS5024 Series Routing Switches Configurations include:
� STCS5024ST:24 SFP ports and 12 Ethernet 10/100/1000 combo ports
� STCS5024TS:24 Ethernet 10/100/1000 ports and 4 SFP combo ports
4.12 Ethernet Port Configuration
Ethernet port configuration includes:
� Enabling/disabling an Ethernet port
� Setting the duplex attribute for the Ethernet port
� Setting speed for the Ethernet port
� Setting the type of combo port
� Setting the Ethernet port broadcast suppression ratio
� Setting the Ethernet port multicast suppression ratio
� Setting the Ethernet port dlf suppression ratio
� Setting port mirror
� Setting rate Limits
4.12.1 Enabling/Disabling an Ethernet Port
The following command can be used for disabling or enabling the port.
Beginning in privileged EXEC mode, follow these steps to enable an Ethernet port.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 port state port-number enable Enable an Ethernet port.
Step 3 exit Return to privileged EXEC mode.
Step 4 show port port-number Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 19 - - www.stephen-tele.com
By default, the port is enabled.
4.12.2 Setting the Duplex Attribute and speed of the Ethernet Port
To configure a port to send and receive data packets at the same time, set it to full-duplex. To configure a port to either send
or receive data packets at a time, set it to half-duplex. If the port has been set to auto-negotiation mode, the local and peer
ports will automatically negotiate about the duplex mode. You can use the following command to set the speed on the
Ethernet port. If the speed is set to auto-negotiation mode, the local and peer ports will automatically negotiate about the
port speed.
Beginning in privileged EXEC mode, follow these steps to setting the duplex attribute and speed of the Ethernet port.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 port speed portnumber {1000|Auto} Setting the duplex attribute and speed for
Gigabit Ethernet port
Step 3 exit Return to privileged EXEC mode.
Step 4 show port port-number Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
Note that, The Gigabit electrical Ethernet port can operate in full duplex or auto-negotiation mode. When the port operates at
1000Mbps, the duplex mode can be set to full (full duplex) or auto (auto-negotiation).
The port defaults the auto (auto-negotiation) mode.
By default, the speed of the port is in auto mode.
4.12.3 Setting the type of combo port
By default, the combo ports type is copper, you can specify the combo port type is fibber use the following command.
Beginning in privileged EXEC mode, follow these steps to setting the type of combo port.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 port type por-tnumber {copper|fiber} Setting the type of combo port.
Port-number range is 21 to 24.
Step 3 exit Return to privileged EXEC mode.
Step 4 show port port-number Verify your entries.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 20 - - www.stephen-tele.com
Step 5 write (Optional) Save your entries in the
configuration file.
4.12.4 Enabling/Disabling Flow Control for the Ethernet Port
After enabling flow control in both the local and the peer switch, if congestion occurs in the local switch, the switch will inform
its peer to pause packet sending. Once the peer switch receives this message, it will pause packet sending, and vice versa. In
this way,packet loss is reduced effectively. The flow control function of the Ethernet port can be enabled or disabled through
the following command.
Beginning in privileged EXEC mode, follow these steps to enable flow control for the Ethernet port.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 control flow enable port port-number Enable Ethernet port flow control
Step 3 exit Return to privileged EXEC mode.
Step 4 show control flow Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable flow control, use the control flow disable port port-number global configuration command.
4.12.5 Setting the Ethernet Port Broadcast Suppression
You can use the following commands to restrict the broadcast traffic. Once the broadcast traffic exceeds the value set by the
user, the system will maintain an appropriate broadcast packet number by discarding the overflow traffic, so as to suppress
broadcast storm, avoid suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of
the broadcast traffic allowed on the port. The smaller the packet number is, the smaller the broadcast traffic is allowed.
Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port Broadcast Suppression
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 control rate broadcast port port-number speed
packets
Enable Broadcast Suppression
Packets indicate packet number per
second.
Step 3 exit Return to privileged EXEC mode.
Step 4 show control rate {port port-number |CR} Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 21 - - www.stephen-tele.com
To disable the Ethernet Port Broadcast Suppression, use the control rate broadcast port port-number disable global
configuration command.
4.12.6 Setting the Ethernet Port multicast Suppression
You can use the following commands to restrict the multicast traffic. Once the multicast traffic exceeds the value set by the
user, the system will maintain an appropriate multicast packet number by discarding the overflow traffic, so as to suppress
multicast storm, avoid suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of the
multicast traffic allowed on the port. The smaller the packet number is, the smaller the multicast traffic is allowed.
Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port multicast Suppression
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 control rate multicast port port-number speed
packets
Enable multicast Suppression
Packets indicate packet number per
second.
Step 3 exit Return to privileged EXEC mode.
Step 4 show control rate {port port-number |CR} Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable the Ethernet Port Broadcast/multicast/dlf Suppression, use the control rate multicast port port-number disable
global configuration command.
4.12.7 Setting the Ethernet Port dlf Suppression
You can use the following commands to restrict the dlf traffic. Once the dlf traffic exceeds the value set by the user, the
system will maintain an appropriate dlf packet number by discarding the overflow traffic, so as to suppress dlf storm, avoid
suggestion and ensure the normal service. The parameter is taken the maximum wire speed ratio of the dlf traffic allowed on
the port. The smaller the packet number is, the smaller the dlf traffic is allowed.
Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port dlf Suppression
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 control rate dlf port port-number speed packets Enable dlf Suppression
Packets indicate packet number per
second.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 22 - - www.stephen-tele.com
Step 3 exit Return to privileged EXEC mode.
Step 4 show control rate {port port-number |cr} Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable the Ethernet Port Broadcast/multicast/dlf Suppression, use the control rate dlf port port-number disable global
configuration command.
4.12.8 Setting Port Mirroring
Port mirroring duplicates data on the monitored port to the designated monitoring port, for purpose of data analysis and
supervision. The switch supports multiple-to-one mirroring, that is, you can duplicate packets from multiple ports to a
monitoring port.
Beginning in privileged EXEC mode, follow these steps to set port mirroring.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 mirror mirrored-to port-number Set target port
Step 3 mirror link-group set index port-list [both | ingress
| egress]
Create source port group.
Index is source port group index, range is
1 to 24.
Port-list is source port group member list,
format is port-number + m, such as 01m.
Step 4 mirror link-group enable index Enable mirroring.
Step 5 exit Return to privileged EXEC mode.
Step 6 show mirror all Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
To delete mirror source port group, use no mirror link-group index global configuration command.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 23 - - www.stephen-tele.com
Caution:
Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor
port.
All mirror sessions have to share the same destination port.
When mirroring port traffic, the target port must be included in the same VLAN as the source port.
4.12.9 Setting rate limits
This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface.
Rate limiting is configured on interfaces at the edge of a network to limit traffic into or outof the switch. Traffic that falls
within the rate limit is transmitted, while
packets that exceed the acceptable amount of traffic are dropped.
Rate limiting can be applied to individual ports or trunks. When an interface is configured with this feature, the traffic rate will
be monitored by the hardware to verify conformity. Non-conforming traffic is dropped, conforming traffic is forwarded
without any changes.
Beginning in privileged EXEC mode, follow these steps to set rate limits.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 traffic-limit link-group set group-id port-list ingress
[ingress-rate| default] [egress [egress-rate |
default]]
Create rate limits group.
Group-id is bandwidth management rule
index, range is 1 to 64.
Ingress-rate and egress-rate are
bandwidth granularity is 1M/s.
Default indicate no limit.
Step 3 traffic-limit link-group enable group-id Enable rate limits.
Step 4 exit Return to privileged EXEC mode.
Step 5 show traffic-limit link-group Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
To disable rate limits, use traffic-limit link-group disable group-id global configuration command.
To delete rate limits group, use no traffic-limit link-group group-id global configuration command.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 24 - - www.stephen-tele.com
5 Link Aggregation Configuration
This chapter describes how to configure trunk groups. Trunk groups are manually-configured aggregate links containing
multiple ports.
5.1 Overview
Link aggregation means aggregating several ports together to implement the outgoing/incoming payload balance among the
member ports and enhance the connection reliability. In terms of load sharing, link aggregation may be load sharing
aggregation and non-load sharing aggregation.
You can create multiple links between devices that work as one virtual,aggregate link. A port trunk offers a dramatic increase
in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices.
You can create up to six trunks at a time.
One switch can support up to six aggregation groups, with each group containing a maximum of eight ports.
Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port
in the trunk fails.
However, before making any physical connections between devices, use the web interface or CLI to specify the trunk on the
devices at both ends.
When using a port trunk, take note of the following points:
� Finish configuring port trunks before you connect the corresponding network cables between switches to avoid creating a
loop.
� You can create up to six trunks on the switch, with up to eight ports per trunk.
� The ports at both ends of a connection must be configured as trunk ports.
� The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed,
duplex mode and flow control), VLAN assignments, and CoS settings.
� All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN.
� STP, VLAN, and IGMP settings can only be made for the entire trunk.
5.2 Statically Configuring a Trunk
When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer’s
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 25 - - www.stephen-tele.com
implementation.
However, note that the static trunks on this switch are Cisco EtherChannel compatible.
To avoid creating a loop in the network, be sure you add a static trunk via the configuration interface before connecting the
ports, and also disconnect the ports before removing a static trunk via the configuration interface.
Beginning in privileged EXEC mode, follow these steps to configure a statically trunk.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 channel-group add group-number port-list [smac |
dmac | sdmac | sip | dip |sdip]
Configure a statically trunk.
Group-number range is 1 to 6.
Port-list is trunk member, format is
port-number+ m, such as 01m.
Step 3 exit Return to privileged EXEC mode.
Step 4 show channel-group Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete a statically trunk, use the channel-group delete group-number global configuration command.
6 VLAN Configuration
6.1 VLAN Overview
Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into segments to implement the
virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which was intended to standardize VLAN implementation
solutions.Through VLAN technology, network managers can logically divide the physical LAN into different broadcast domains.
Every VLAN contains a group of workstations with the same demands. The workstations of a VLAN do not have to belong to
the same physical LAN segment.
With VLAN technology, the broadcast and unicast traffic within a VLAN will not be forwarded to other VLANs, therefore, it is
very helpful in controlling network traffic,saving device investment, simplifying network management and improving security.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 26 - - www.stephen-tele.com
6.2 Configuring VLAN
VLAN configuration includes:
� Creating/deleting a VLAN
� Setting vlan port pvid
� Specifying/removing a VLAN port
To configure a VLAN, first create a VLAN according to the requirements.
6.2.1 Creating/Deleting a VLAN
You can use the following command to create/delete a VLAN.
Beginning in privileged EXEC mode, follow these steps to create a VLAN.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 vlan static add vid vid port-list Create a VLAN.
Vid:1~4096
Port-list: port-number+u|m, ‘u’ indicate
untag port and ‘m’ indicate tag port
Step 3 exit Return to privileged EXEC mode.
Step 4 show vlan table Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
6.2.2 Setting vlan port pvid
You can use the following command to setting vlan port pvid.
Beginning in privileged EXEC mode, follow these steps to set VLAN port PVID.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 vlan port pvid port-number pvid Setting VLAN port PVID.
pvid:1~4096
Step 3 exit Return to privileged EXEC mode.
Step 4 show vlan port Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 27 - - www.stephen-tele.com
6.2.3 Specifying/removing a VLAN port
You can use the following command to specifying/removing a vlan port.
Beginning in privileged EXEC mode, follow these steps to set VLAN port PVID.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 vlan static set vid vid port-list Specifying/removing a VLAN port
Step 3 exit Return to privileged EXEC mode.
Step 4 show vlan table Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
6.3 VLAN Configuration Example
I. Networking requirements
Remove port1,port2,port3,port4 from vlan1;Create VLAN2 and VLAN3. Add port1 and port2 to VLAN2 and add Port3 and port4
to VLAN3.
II. Networking diagram
Figure 7-1 VLAN configuration example
III. Configuration procedure
# Remove port1,port2,port3,port4 from default VLAN (VLAN1).
switch(config)#vlan static set vid 1 01-02-03-04-
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 28 - - www.stephen-tele.com
# Create VLAN 2
switch(config)#vlan static add vid 2 01u02u
# setting vlan port pvid of port1 and port2
switch(config)#vlan port pvid 1 2
switch(config)#vlan port pvid 2 2
# Create VLAN 3
switch(config)#vlan static add vid 3 03u04u
# setting vlan port pvid of port3 and port4
switch(config)#vlan port pvid 3 3
switch(config)#vlan port pvid 4 3
7 GVRP Configuration
7.1 GVRP Overview
GARP VLAN Registration Protocol (GVRP) is a GARP application. Based on GARP operating mechanism, GVRP provides
maintenance of the dynamic VLAN registration information in the switch and propagates the information to other switches. All
the GVRP-supporting switches can receive VLAN registration information from other switches and dynamically update the
local VLAN registration information including the active members and through which port those members can be reached. All
the GVRP-supporting switches can propagate their local VLAN registration information to other switches so that the VLAN
information can be consistent on all GVRP-supporting devices in one switching network. The VLAN registration information
propagated by GVRP includes both the local static registration information configured manually and the dynamic registration
information from other switches.
GVRP is described in details in the IEEE 802.1Q standard. SPEED series switches fully support the GARP compliant with the IEEE
standards.
Main GVRP configuration includes:
� Enabling/disabling global GVRP
� Enabling/disabling port GVRP
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 29 - - www.stephen-tele.com
7.2 Enabling/Disabling Global GVRP
You can use the following command to enable/disable global GVRP.
Beginning in privileged EXEC mode, follow these steps to enable global GVRP.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 system gvrp enable Enable global GVRP.
Step 3 exit Return to privileged EXEC mode.
Step 4 show system configuration Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
By default, global GVRP is disabled.
To disable global GVRP, use system gvrp disable global configuration command.
7.3 Enabling/Disabling Port GVRP
You can use the following command to enable/disable the GVRP on a port.
Beginning in privileged EXEC mode, follow these steps to enable port GVRP.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 vlan port gvrp port-number enable Enable port GVRP.
Step 3 exit Return to privileged EXEC mode.
Step 4 show vlan port Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
By default, port GVRP is enabled.
To disable port GVRP, use vlan port gvrp port-number disable global configuration command.
7.4 GVRP Configuration Example
I. Networking requirements
To dynamically register and update VLAN information among switches, GVRP needs to be enabled on the switches.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 30 - - www.stephen-tele.com
II. Networking diagram
Figure 8-1 GVRP configuration example
III. Configuration procedure
Configure Switch A:
# Enable GVRP globally.
Switch(config)#system gvrp enable
Configure Switch B:
# Enable GVRP globally.
Switch(config)#system gvrp enable
8. STP Configuration
STP Overview
The switch supports STP (spanning tree protocol).STP is a Layer 2 link management protocol that provides path
redundancy while preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active
path can exist between any two stations. Multiple active paths among end stations cause loops in the network. If a loop
exists in the network, end stations might receive duplicate messages. Switches might also learn end-station MAC
addresses on multiple Layer 2 interfaces. These conditions result in an unstable network.Spanning-tree operation is
transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN
of multiple segments.
The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning
tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port
based on the role of the port in the active topology:
� Root—A forwarding port elected for the spanning-tree topology
� Designated—A forwarding port elected for every switched LAN segment
� Alternate—A blocked port providing an alternate path to the root port in the spanning tree
� Backup—A blocked port in a loopback configuration
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 31 - - www.stephen-tele.com
Switches that have ports with these assigned roles are called root or designated switches.
Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a
redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path.
Switches send and receive spanning-tree frames,called bridge protocol data units (BPDUs), at regular intervals. The switches
do not forward these frames but use them to construct a loop-free path. BPDUs contain information about the sending switch
and its ports, including switch and MAC addresses, switch priority, port priority, and path cost. Spanning tree uses this
information to elect the root switch and root port for the switched network and the root port and designated port for each
switched segment.
When two ports on a switch are part of a loop, the spanning-tree port priority and path cost settings control which port is put
in the forwarding state and which is put in the blocking state. The spanning-tree port priority value represents the location of a
port in the network topology and how well it is located to pass traffic. The path cost value represents the media speed.
7.5 Spanning-Tree Topology and BPDUs
The stable, active spanning-tree topology of a switched network is controlled by these elements:
� The unique bridge ID (switch priority and MAC address) associated with each VLAN on each switch. In a switch stack, all
switches use the same bridge ID for a given spanning-tree instance.
� The spanning-tree path cost to the root switch.
� The port identifier (port priority and MAC address) associated with each Layer 2 interface.
When the switches in a network are powered up, each functions as the root switch. Each switch sends a configuration BPDU
through all of its ports. The BPDUs communicate and compute the spanning-tree topology. Each configuration BPDU contains
this information:
� The unique bridge ID of the switch that the sending switch identifies as the root switch
� The spanning-tree path cost to the root
� The bridge ID of the sending switch
� Message age
� The identifier of the sending interface
� Values for the hello, forward delay, and max-age protocol timers
When a switch receives a configuration BPDU that contains superior information (lower bridge ID,lower path cost, and so
forth), it stores the information for that port. If this BPDU is received on the root port of the switch, the switch also forwards it
with an updated message to all attached LANs for which it is the designated switch.
If a switch receives a configuration BPDU that contains inferior information to that currently stored for that port, it discards
the BPDU. If the switch is a designated switch for the LAN from which the inferior BPDU was received, it sends that LAN a
BPDU containing the up-to-date information stored for that port. In this way, inferior information is discarded, and superior
information is propagated on the network.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 32 - - www.stephen-tele.com
A BPDU exchange results in these actions:
� One switch in the network is elected as the root switch (the logical center of the spanning-tree topology in a switched
network). In a switch stack, one stack member is elected as the stack root switch. The stack root switch contains the
outgoing root port (Switch 1), as shown in Figure 9-1.
For each VLAN, the switch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. If
all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the
root switch. The switch priority value occupies the most significant bits of the bridge ID, as shown in Table 9-1.
� A root port is selected for each switch (except the root switch). This port provides the best path (lowest cost) when the
switch forwards packets to the root switch.
When selecting the root port on a switch stack, spanning tree follows this sequence:
– Selects the lowest root bridge ID
– Selects the lowest path cost to the root switch
– Selects the lowest designated bridge ID
– Selects the lowest designated path cost
– Selects the lowest port ID
Only one outgoing port on the stack root switch is selected as the root port. The remaining switches in the stack become its
designated switches (Switch 2 and Switch 3) as shown in the follow Figure.
� The shortest distance to the root switch is calculated for each switch based on the path cost.
� A designated switch for each LAN segment is selected. The designated switch incurs the lowest pathcost when forwarding
packets from that LAN to the root switch. The port through which the designated switch is attached to the LAN is called
the designated port.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 33 - - www.stephen-tele.com
Figure 9-1 Spanning-Tree Port States in a Switch Stack
All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree
blocking mode.
7.6 Bridge ID, Switch Priority, and Extended System ID
The IEEE 802.1D standard requires that each switch has an unique bridge identifier (bridge ID), which controls the selection of
the root switch. Because each VLAN is considered as a different logical bridge with PVST+ and rapid PVST+, the same switch
must have as many different bridge IDs as VLANs configured on it. Each VLAN on the switch has a unique 8-byte bridge ID. The
two most-significant bytes are used for the switch priority, and the remaining six bytes are derived from the switch MAC
address.
The switch supports the 802.1t spanning-tree extensions, and some of the bits previously used for the switch priority are now
used as the VLAN identifier. The result is that fewer MAC addresses are reserved for the switch, and a larger range of VLAN IDs
can be supported, all while maintaining the uniqueness of the bridge ID. As shown in Table 8-1, the two bytes previously used
for the switch priority are reallocated into a 4-bit priority value and a 12-bit extended system ID value equal to the VLAN ID.
Table 9-1 Switch Priority Value and Extended System ID
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 34 - - www.stephen-tele.com
Spanning tree uses the extended system ID, the switch priority, and the allocated spanning-tree MAC address to make the
bridge ID unique for each VLAN. Because the switch stack appears as a single switch to the rest of the network, all switches in
the stack use the same bridge ID for a given spanning tree. If the stack master fails, the stack members recalculate their bridge
IDs of all running spanning trees based on the new MAC address of the new stack master.
Support for the extended system ID affects how you manually configure the root switch, the secondary root switch, and the
switch priority of a VLAN. For example, when you change the switch priority value,you change the probability that the switch
will be elected as the root switch. Configuring a higher value decreases the probability; a lower value increases the probability.
7.7 Spanning-Tree Interface States
Propagation delays can occur when protocol information passes through a switched LAN. As a result,topology changes can
take place at different times and at different places in a switched network. When an interface transitions directly from
nonparticipation in the spanning-tree topology to the forwarding state, it can create temporary data loops. Interfaces must
wait for new topology information to propagate through the switched LAN before starting to forward frames. They must allow
the frame lifetime to expire for forwarded frames that have used the old topology.
Each Layer 2 interface on a switch using spanning tree exists in one of these states:
� Blocking—The interface does not participate in frame forwarding.
� Listening—The first transitional state after the blocking state when the spanning tree decides that the interface should
participate in frame forwarding.
� Learning—The interface prepares to participate in frame forwarding.
� Forwarding—The interface forwards frames.
� Disabled—The interface is not participating in spanning tree because of a shutdown port, no link on the port, or no
spanning-tree instance running on the port.
An interface moves through these states:
� From initialization to blocking
� From blocking to listening or to disabled
� From listening to learning or to disabled
� From learning to forwarding or to disabled
� From forwarding to disabled
The following Figure illustrates how an interface moves through the states.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 35 - - www.stephen-tele.com
Figure 9-2 Spanning-Tree Interface States
When you power up the switch, spanning tree is enabled by default, and every interface in the switch,VLAN, or network goes
through the blocking state and the transitory states of listening and learning.Spanning tree stabilizes each interface at the
forwarding or blocking state.
When the spanning-tree algorithm places a Layer 2 interface in the forwarding state, this process occurs:
1. The interface is in the listening state while spanning tree waits for protocol information to transition the interface to the
blocking state.
2. While spanning tree waits the forward-delay timer to expire, it moves the interface to the learning state and resets the
forward-delay timer.
3. In the learning state, the interface continues to block frame forwarding as the switch learns
end-station location information for the forwarding database.
4. When the forward-delay timer expires, spanning tree moves the interface to the forwarding state,where both learning and
frame forwarding are enabled.
7.7.1 Blocking State
A Layer 2 interface in the blocking state does not participate in frame forwarding. After initialization, a BPDU is sent to each
switch interface. A switch initially functions as the root until it exchanges BPDUs with other switches. This exchange
establishes which switch in the network is the root or root switch. If there is only one switch in the network, no exchange
occurs, the forward-delay timer expires, and the interface moves to the listening state. An interface always enters the blocking
state after switch initialization.
An interface in the blocking state performs these functions:
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 36 - - www.stephen-tele.com
� Discards frames received on the interface
� Discards frames switched from another interface for forwarding
� Does not learn addresses
� Receives BPDUs
7.7.2 Listening State
The listening state is the first state a Layer 2 interface enters after the blocking state. The interface enters this state when the
spanning tree decides that the interface should participate in frame forwarding.
An interface in the listening state performs these functions:
� Discards frames received on the interface
� Discards frames switched from another interface for forwarding
� Does not learn addresses
� Receives BPDUs
7.7.3 Learning State
A Layer 2 interface in the learning state prepares to participate in frame forwarding. The interface enters the learning state
from the listening state.
An interface in the learning state performs these functions:
� Discards frames received on the interface
� Discards frames switched from another interface for forwarding
� Learns addresses
� Receives BPDUs
7.7.4 Forwarding State
A Layer 2 interface in the forwarding state forwards frames. The interface enters the forwarding state from the learning state.
An interface in the forwarding state performs these functions:
� Receives and forwards frames received on the interface
� Forwards frames switched from another interface
� Learns addresses
� Receives BPDUs
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 37 - - www.stephen-tele.com
7.7.5 Disabled State
A Layer 2 interface in the disabled state does not participate in frame forwarding or in the spanning tree.An interface in the
disabled state is nonoperational.
A disabled interface performs these functions:
� Discards frames received on the interface
� Discards frames switched from another interface for forwarding
� Does not learn addresses
� Does not receive BPDUs
7.8 How a Switch or Port Becomes the Root Switch or Root Port
If all switches in a network are enabled with default spanning-tree settings, the switch with the lowest MAC address becomes
the root switch. In the following Figure, Switch A is elected as the root switch because the switch priority of all the switches is
set to the default (32768) and Switch A has the lowest MAC address. However, because of traffic patterns, number of
forwarding interfaces, or link types, Switch A might not be the ideal root switch. By increasing the priority (lowering the
numerical value) of the idealswitch so that it becomes the root switch, you force a spanning-tree recalculation to form a new
topology with the ideal switch as the root.
Figure9-3 Spanning-Tree Topology
When the spanning-tree topology is calculated based on default parameters, the path between source and destination end
stations in a switched network might not be ideal. For instance, connecting higher-speed links to an interface that has a higher
number than the root port can cause a root-port change. The goal is to make the fastest link the root port.
For example, assume that one port on Switch B is a Gigabit Ethernet link and that another port on Switch B (a 10/100 link) is
the root port. Network traffic might be more efficient over the Gigabit Ethernet link. By changing the spanning-tree port
priority on the Gigabit Ethernet port to a higher priority (lower numerical value) than the root port, the Gigabit Ethernet port
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 38 - - www.stephen-tele.com
becomes the new root port.
7.9 Spanning Tree and Redundant Connectivity
You can create a redundant backbone with spanning tree by connecting two switch interfaces to another device or to two
different devices, as shown in the following Figure. Spanning tree automatically disables one interface but enables it if the
other one fails. If one link is high-speed and the other is low-speed, the low-speed link is always disabled. If the speeds are the
same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value.
Figure 9-4 Spanning Tree and Redundant Connectivity
You can also create redundant links between switches by using Channel groups.
7.10 Spanning-Tree Address Management
IEEE 802.1D specifies 17 multicast addresses, ranging from 0x0180C2000000 to 0x0180C2000010, to be used by different
bridge protocols. These addresses are static addresses that cannot be removed.
Regardless of the spanning-tree state, each switch in the stack receives but does not forward packets destined for addresses
between 0x0180C2000000 and 0x0180C200000F.
If spanning tree is enabled, the CPU on each switch in the stack receives packets destined for
0x0180C2000000 and 0x0180C2000010. If spanning tree is disabled, each switch in the stack forwards those packets as
unknown multicast addresses.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 39 - - www.stephen-tele.com
7.11 Accelerated Aging to Retain Connectivity
The default for aging dynamic addresses is 5 minutes, the default setting of the mac address-table aging-time global
configuration command. However, a spanning-tree reconfiguration can cause many station locations to change. Because these
stations could be unreachable for 5 minutes or more during a reconfiguration, the address-aging time is accelerated so that
station addresses can be dropped from the address table and then relearned. The accelerated aging is the same as the
forward-delay parameter value when the spanning tree reconfigures.
7.12 Configuring STP Features
These sections describe how to configure spanning-tree features:
� Configure the mode of the spanning-tree
� Configure the Bridge priority for a switch
� Configure the time parameters of a switch
� Configure the priority of a port
� Enable/disable STP on the device
� Enable/disable STP on a port
7.12.1 Configure the mode of the spanning-tree
Beginning in privileged EXEC mode, follow these steps to configure the mode of spanning-tree for a switch.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 Spanning-tree mode [ stp | rstp ] Configure the mode of the spanning-tree.
Step 3 exit Return to privileged EXEC mode.
Step 4 show spanning-tree model Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
7.12.2 Configure the Bridge Priority for a Switch
Whether a switch can be elected as the spanning tree root depends on its Bridge priority. The switch configured with a smaller
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 40 - - www.stephen-tele.com
Bridge priority is more likely to become the root.
Beginning in privileged EXEC mode, follow these steps to configure the Bridge priority for a switch.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 spanning-tree bridge priority priority Configure the Bridge priority of the
Designated bridge.
Step 3 exit Return to privileged EXEC mode.
Step 4 show spanning-tree bridge Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
����Note:
For priority, the range is 1 to 65535; the default is 32768. The lower the number, the more likely the switch will be
chosen as the root switch.
����Note:
In the process of spanning tree root election, of two or more switches with the lowest Bridge priorities, the one has a
smaller MAC address will be elected as the root.
7.12.3 Configure the Time Parameters of a Switch
The switch has three time parameters, Forward Delay, Hello Time, and Max Age.Forward Delay is the switch state transition
mechanism. The spanning tree will be recalculated upon link faults and its structure will change accordingly. However, the
configuration BPDU recalculated cannot be immediately propagated throughout the network. The temporary loops may occur
if the new root port and designated port forward data right after being elected. Therefore the protocol adopts a state
transition mechanism. It takes a Forward Delay interval for the root port and designated port to transit from the learning state
to forwarding state. The Forward Delay guarantees a period of time during which the new configuration BPDU can be
propagated throughout the network.
The switch sends Hello packet periodically at an interval specified by Hello Time to check if there is any link fault.
Max Age specifies when the configuration BPDU will expire. The switch will discard the expired configuration BPDU.
You can use the following command to configure the time parameters for the switch.
Beginning in privileged EXEC mode, follow these steps to configure the Bridge priority for a switch.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 41 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 spanning-tree bridge forward centiseconds
Configure Forward Delay on the switch.
For forward delay, the range is 400 to
3000; the default is 1500.
Step 3 spanning-tree bridge hellotime centiseconds Configure Hello Time on the switch.
For hello time, the range is 100 to 1000;
the default is 200.
Step 4 spanning-tree bridge maxage centiseconds Configure Max Age on the switch.
For Max Age, the range is 10 to 1000000;
the default is 2000.
Step 5 exit Return to privileged EXEC mode.
Step 6 show spanning-tree bridge Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
Caution:
The Forward Delay configured on a switch depends on the switching network diameter.Generally, the Forward Delay is
supposed to be longer when the network diameter is longer. Note that too short a Forward Delay may redistribute
some redundant routes temporarily, while too long a Forward Delay may prolong the network connection resuming.
The default value is recommended.
A suitable Hello Time ensures the switch to detect the link fault on the network but occupy moderate network
resources. The default value is recommended. If you set too long a Hello Time, when there is packet dropped over a
link, the switch may consider it as link fault and the network device will recalculate the spanning tree
accordingly.However, for too short a Hello Time, the switch frequently sends configuration BPDU,which adds its burden
and wastes the network resources.
Too short a Max Age may cause the network device frequently calculate the spanning tree and mistake the congestion
as link fault. However, if the Max Age is too long, the network device may not be able to discover the link fault and
recalculate the spanning tree in time, which will weaken the auto-adaptation capacity of the network. The default value
is recommended.
To avoid frequent network flapping, the values of Hello Time, Forward Delay and Maximum Age should guarantee the
following formulas equal.
2 * (forward-delay - 1seconds) >= maximum-age
maximum-age >= 2 * (hello + 1.0 seconds)
You are recommended to use the stp root primary command to specify the network diameter and Hello Time of the switching
network, thus MSTP will automatically calculate and give the rather desirable values.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 42 - - www.stephen-tele.com
7.12.4 Configure Port Priority
If a loop occurs, spanning tree uses the port priority when selecting an interface to put into the
forwarding state. You can assign higher priority values (lower numerical values) to interfaces that you want selected first and
lower priority values (higher numerical values) that you want selected last. If all interfaces have the same priority value,
spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces.
Beginning in privileged EXEC mode, follow these steps to configure the port priority.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 spanning-tree port port-number priority priority Configure port priority
For priority, the range is 1 to 255; the
default is 128.
Step 3 exit Return to privileged EXEC mode.
Step 4 show spanning-tree bridge Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
7.12.5 Enable/Disable STP on the Device
You can use the following command to enable STP on the device.
Beginning in privileged EXEC mode, follow these steps to enable stp on the device.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 system span enable Enable STP on a device
Step 3 exit Return to privileged EXEC mode.
Step 4 show system config Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable STP on a device, use system span disable global configuration command.
Only if STP has been enabled on the device will other STP configurations take effect.
By default, STP is disabled.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 43 - - www.stephen-tele.com
7.12.6 Enable/Disable STP on a Port
You can use the following command to enable/disable STP on a port. You may disable STP on some Ethernet ports of a switch
to spare them from spanning tree calculation. This is a measure to flexibly control STP operation and save the CPU resources
of the switch.
Beginning in privileged EXEC mode, follow these steps to enable stp on a port.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 spanning-tree port port-number enable Enable STP on a device
Step 3 exit Return to privileged EXEC mode.
Step 4 show spanning-tree ports Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable STP on a port, use spanning-tree port port-number disable global configuration command.
Note that redundant route may be generated after STP is disabled.
By default, STP is enabled on all the ports after it is enabled on the device.
7.13 Configuring RSTP Features
These sections describe how to configure spanning-tree features:
� Configure the mode of the spanning-tree
� Configure the Bridge priority for a switch
� Configure the time parameters of a switch
� Configure the priority of a port
� Enable/disable STP on the device
7.13.1 Configure the mode of the spanning-tree
Beginning in privileged EXEC mode, follow these steps to configure the mode of spanning-tree for a switch.
Command Purpose
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 44 - - www.stephen-tele.com
Step 1 config terminal Enter global configuration mode.
Step 2 Spanning-tree mode [ stp | rstp ] Configure the mode of the spanning-tree.
Step 3 exit Return to privileged EXEC mode.
Step 4 show rstp model Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
7.13.2 Configure the Bridge Priority for a Switch
Whether a switch can be elected as the spanning tree root depends on its Bridge priority. The switch configured with a smaller
Bridge priority is more likely to become the root.
Beginning in privileged EXEC mode, follow these steps to configure the Bridge priority for a switch.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 rstp bridge priority priority Configure the Bridge priority of the
Designated bridge.
Step 3 exit Return to privileged EXEC mode.
Step 4 show rstp bridge Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
����Note:
For priority, the range is 1 to 61440; the default is 32768. The lower the number, the more likely the switch will be
chosen as the root switch.
����Note:
In the process of spanning tree root election, of two or more switches with the lowest Bridge priorities, the one has a
smaller MAC address will be elected as the root.
7.13.3 Configure the Time Parameters of a Switch
The switch has three time parameters, Forward Delay, Hello Time, and Max Age.Forward Delay is the switch state transition
mechanism. The spanning tree will be recalculated upon link faults and its structure will change accordingly. However, the
configuration BPDU recalculated cannot be immediately propagated throughout the network. The temporary loops may occur
if the new root port and designated port forward data right after being elected. Therefore the protocol adopts a state
transition mechanism. It takes a Forward Delay interval for the root port and designated port to transit from the learning state
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 45 - - www.stephen-tele.com
to forwarding state. The Forward Delay guarantees a period of time during which the new configuration BPDU can be
propagated throughout the network.
The switch sends Hello packet periodically at an interval specified by Hello Time to check if there is any link fault.
Max Age specifies when the configuration BPDU will expire. The switch will discard the expired configuration BPDU.
You can use the following command to configure the time parameters for the switch.
Beginning in privileged EXEC mode, follow these steps to configure the Bridge priority for a switch.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 rstp bridge forward centiseconds
Configure Forward Delay on the switch.
For forward delay, the range is 400 to
3000; the default is 1500.
Step 3 rstp bridge hellotime centiseconds Configure Hello Time on the switch.
For hello time, the range is 100 to 1000;
the default is 200.
Step 4 rstp bridge maxage centiseconds Configure Max Age on the switch.
For Max Age, the range is 10 to 1000000;
the default is 2000.
Step 5 exit Return to privileged EXEC mode.
Step 6 show rstp bridge Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
Caution:
The Forward Delay configured on a switch depends on the switching network diameter.Generally, the Forward Delay
is supposed to be longer when the network diameter is longer. Note that too short a Forward Delay may redistribute
some redundant routes temporarily, while too long a Forward Delay may prolong the network connection resuming.
The default value is recommended.
A suitable Hello Time ensures the switch to detect the link fault on the network but occupy moderate network
resources. The default value is recommended. If you set too long a Hello Time, when there is packet dropped over a
link, the switch may consider it as link fault and the network device will recalculate the spanning tree
accordingly.However, for too short a Hello Time, the switch frequently sends configuration BPDU,which adds its
burden and wastes the network resources.
Too short a Max Age may cause the network device frequently calculate the spanning tree and mistake the
congestion as link fault. However, if the Max Age is too long, the network device may not be able to discover the link
fault and recalculate the spanning tree in time, which will weaken the auto-adaptation capacity of the network. The
default value is recommended.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 46 - - www.stephen-tele.com
To avoid frequent network flapping, the values of Hello Time, Forward Delay and Maximum Age should guarantee the
following formulas equal.
2 * (forward-delay - 1seconds) >= maximum-age
maximum-age >= 2 * (hello + 1.0 seconds)
You are recommended to use the stp root primary command to specify the network diameter and Hello Time of the switching
network, thus MSTP will automatically calculate and give the rather desirable values.
7.13.4 Configure Port Priority
If a loop occurs, spanning tree uses the port priority when selecting an interface to put into the
forwarding state. You can assign higher priority values (lower numerical values) to interfaces that you want selected first and
lower priority values (higher numerical values) that you want selected last. If all interfaces have the same priority value,
spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces.
Beginning in privileged EXEC mode, follow these steps to configure the port priority.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 rstp port port-number priority priority Configure port priority
For priority, the range is 1 to 255; the
default is 128.
Step 3 exit Return to privileged EXEC mode.
Step 4 show rstp bridge Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
7.13.5 Enable/Disable STP on the Device
You can use the following command to enable STP on the device.
Beginning in privileged EXEC mode, follow these steps to enable stp on the device.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 system span enable Enable STP on a device
Step 3 exit Return to privileged EXEC mode.
Step 4 show system config Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 47 - - www.stephen-tele.com
To disable STP on a device, use system span disable global configuration command.
Only if STP has been enabled on the device will other STP configurations take effect.
By default, STP is disabled.
7.13.6 Enable/Disable STP on a Port
You can use the following command to enable/disable STP on a port. You may disable STP on some Ethernet ports of a switch
to spare them from spanning tree calculation. This is a measure to flexibly control STP operation and save the CPU resources
of the switch.
Beginning in privileged EXEC mode, follow these steps to enable stp on a port.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 rstp port port-number enable Enable STP on a device
Step 3 exit Return to privileged EXEC mode.
Step 4 show rstp ports Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable STP on a port, use rstp port port-number disable global configuration command.
Note that redundant route may be generated after STP is disabled.
By default, STP is enabled on all the ports after it is enable
8 IP Address Configuration
8.1 IP Address Overview
8.1.1 IP Address Classification and Indications
IP address is a 32-bit address allocated to the devices which access into the Internet. It consists of two fields: net-id field and
host-id field. There are five types of IP address. See the following figure.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 48 - - www.stephen-tele.com
Figure 10-1 Five classes of IP address
Where, Class A, Class B and Class C are unicast addresses, while Class D addresses are multicast ones and class E addresses are
reserved for special applications in future. The first three types are commonly used.
The IP address is in dotted decimal format. Each IP address contains 4 integers in dotted decimal notation. Each integer
corresponds to one byte, e.g.10.110.50.101.
When using IP addresses, it should also be noted that some of them are reserved for special uses, and are seldom used. The IP
addresses you can use are listed in the following table.
Table 10-1 IP address classes and ranges
Network class
Address range
IP network range
Note
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 49 - - www.stephen-tele.com
A
0.0.0.0 to
127.255.255.255
1.0.0.0 to
126.0.0.0
Host ID with all the digits being 0 indicates that the IP
address is the network address, and is used for network
routing.
Host ID with all the digits being 1 indicates the broadcast
address, i.e.broadcast to all hosts on the network.
IP address 0.0.0.0 is used for the host that is not put into use
after starting up.
The IP address with network number as 0 indicates the
current network and its network can be cited by the router
without knowing its network number.
Network ID with the format of 127.X.Y.Z is reserved for
self-loop test and the packets sent to this address will not
be output to the line. The
packets are processed internally and regarded as input
packets.
B
128.0.0.0 to
191.255.255.255
128.0.0.0 to
191.254.0.0
Host ID with all the digits being 0 indicates that the IP
address is the network address, and is used for network
routing.
Host ID with all the digits being 1 indicates the broadcast
address, i.e.broadcast to all hosts on the network.
C
192.0.0.0 to
223.255.255.255
192.0.0.0 to
223.255.254.0
Host ID with all the digits being 0 indicates that the IP
address is the network address, and is used for network
routing.
Host ID with all the digits being 1 indicates the broadcast
address, i.e.broadcast to all hosts on the network.
D
224.0.0.0 to
239.255.255.255
None
Addresses of class D are multicast addresses.
E
240.0.0.0 to
255.255.255.254
None
The addresses are reserved for futureuse.
Other
addresses
255.255.255.255
255.255.255.255
255.255.255.255 is used as LAN broadcast address.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 50 - - www.stephen-tele.com
8.1.2 Subnet and Mask
Nowadays, with rapid development of the Internet, IP addresses are depleting very fast.The traditional IP address allocation
method wastes IP addresses greatly. In order to make full use of the available IP addresses, the concept of mask and subnet is
proposed.
A mask is a 32-bit number corresponding to an IP address. The number consists of 1s and 0s. Principally, these 1s and 0s can
be combined randomly. However, the first consecutive bits are set to 1s when designing the mask. The mask divides the IP
address into two parts: subnet address and host address. The bits 1s in the address and the mask indicate the subnet address
and the other bits indicate the host address.If there is no sub-net division, then its sub-net mask is the default value and the
length of "1" indicates the net-id length. Therefore, for IP addresses of classes A, B and C, the default values of corresponding
sub-net mask are 255.0.0.0, 255.255.0.0 and 255.255.255.0 respectively.
The mask can be used to divide a Class A network containing more than 16,000,000 hosts or a Class B network containing
more than 60,000 hosts into multiple small networks. Each small network is called a subnet. For example, for the Class B
network address 138.38.0.0, the mask 255.255.224.0 can be used to divide the network into 8 subnets: 138.38.0.0,
138.38.32.0, 138.38.64.0, 138.38.96.0, 138.38.128.0, 138.38.160.0, 138.38.192.0 and 138.38.224.0 (Refer to the following
figure). Each subnet can contain more than 8000 hosts.
Figure 10-2 Subnet division of IP address
8.2 Configuring IP Address
The IP address configuration includes:
� Configuring the AUX port IP Address
� Configuring the IP Address of the VLAN Interface
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 51 - - www.stephen-tele.com
8.2.1 Configuring the AUX port IP Address
When you use the applications like telnet or http locally, you can use IP address
Beginning in privileged EXEC mode, follow these steps to configure the AUX port IP address.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 interface aux ipaddress set ip-address net-mask Configure the AUX port IP address.
By default AUX port IP address is
192.168.1.168.
Step 3 exit Return to privileged EXEC mode.
Step 4 show interface aux Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete AUX port IP address, use interface aux ipaddress delete ip-address global configuration commad.
8.2.2 Configuring the IP Address of the VLAN Interface
You can configure an IP address for every VLAN interface of the switch. Generally, it is enough to configure one IP address for
an interface. You can also configure thirty two IP addresses for an interface at most, so that it can be connected to several
subnets. Beginning in privileged EXEC mode, follow these steps to configure the IP address of the VLAN interface.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip address add vint interface-id ip-address net-mask
vid vlan-id [description string]
Configure the IP address of the VLAN
interface.
Interface-id is virtual interface number,
range is 0 to 32.
By default, the IP address of a VLAN
interface is null.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip address Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete the IP address of the VLAN interface, use ip address delete ip-address global configuration command.
8.3 IP Address Configuration Example
I. Networking requirements
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 52 - - www.stephen-tele.com
Configure the IP address as 129.2.2.1 and sub-net mask as 255.255.255.0 for the VLAN 1 of the switch.
II. Networking diagram
Figure 10-3 IP address configuration networking
III. Configuration procedure
Switch(config)#ip address add vint 1 129.2.2.1 255.255.255.0 vid 1
8.4 Troubleshooting IP Address Configuration
Fault 1: The switch cannot ping through a certain host in the LAN.
Troubleshooting can be performed as follows:
Check the configuration of the switch. Use show arp command to view the ARP entry table that the Switch maintains.
� Troubleshooting: First check which VLAN includes the port of the switch used to connect to the host.
� Check whether the VLAN has been configured with the VLAN interface. Then check whether the IP address of the VLAN
interface and the host is on the same network segment.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 53 - - www.stephen-tele.com
9 ARP Configuration
9.1 Introduction to ARP
I. Necessity of ARP
An IP address cannot be directly used for communication between network devices because network devices can only identify
MAC addresses. An IP address is only an address of a host in the network layer. To send the data packets transmitted through
the network layer to the destination host, physical address of the host is required. So the IP address must be resolved into a
physical address.
II. ARP implementation procedure
When two hosts on the Ethernet communicate, they must know the MAC addresses of each other. Every host will maintain
the IP-MAC address translation table, which is known as ARP mapping table. A series of maps between IP addresses and MAC
addresses of other hosts which were recently used to communicate with the local host are stored in the ARP mapping table.
When a dynamic ARP mapping entry is not in use for a specified period of time, the host will remove it from the ARP mapping
table so as to save the memory space and shorten the interval for switch to search ARP mapping table.
Suppose there are two hosts on the same network segment: Host A and Host B. The IP address of Host A is IP_A and the IP
address of Host B is IP_B. Host A will transmit messages to Host B. Host A checks its own ARP mapping table first to make sure
whether there are corresponding ARP entries of IP_B in the table. If the corresponding MAC address is detected, Host A will
use the MAC address in the ARP mapping table to encapsulate the IP packet in frame and send it to Host B. If the
corresponding MAC address is not detected, Host A will store the IP packet in the queue waiting for transmission, and
broadcast it throughout the Ethernet. The ARP request packet contains the IP address of Host B and IP address and MAC
address of Host A. Since the ARP request packet is broadcast, all hosts on the network segment can receive the request.
However, only the requested host (i.e., Host B) needs to process the request.Host B will first store the IP address and the MAC
address of the request sender (Host A) in the ARP request packet in its own ARP mapping table. Then Host B will generate an
ARP reply packet into which, it will add MAC address of Host B, and then send it to Host A. The reply packet will be directly
sent to Host A in stead of being broadcast. Receiving the reply packet, Host A will extract the IP address and the corresponding
MAC address of Host B and add them to its own ARP mapping table. Then Host A will send Host B all the packets standing in
the queue.
Normally, dynamic ARP executes and automatically searches for the resolution from the IP address to the Ethernet MAC
address without the administrator.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 54 - - www.stephen-tele.com
9.2 Configuring ARP
The ARP mapping table can be maintained dynamically or manually. Usually, the manually configured mapping from the IP
addresses to the MAC addresses is known as static ARP. The user can display, add or delete the entries in the ARP mapping
table through relevant manual maintenance commands.
The static ARP configuration includes:
� Manually adding/deleting static ARP Mapping Entries
� Clear up the ARP table.
9.2.1 Manually Adding/Deleting Static ARP Mapping Entries
Beginning in privileged EXEC mode, follow these steps to add static ARP mapping entries.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 arp add ip-address mac-address Add static ARP mapping entries.
Step 3 exit Return to privileged EXEC mode.
Step 4 show arp Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete static ARP mapping entries, use arp delete ip-address global configuration command.
By default, the ARP mapping table is empty and the address mapping is obtained through dynamic ARP.
9.2.2 Clear up ARP Mapping Entries
Beginning in privileged EXEC mode, follow these steps to clear up ARP mapping entries.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 arp flush Clear up ARP mapping entries.
Step 3 exit Return to privileged EXEC mode.
Step 4 show arp Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 55 - - www.stephen-tele.com
10 Configuring IP Routing
This chapter describes how to configure IP routing on the SPEED S3224A. A switch operates and appears as a single router to
the rest of the routers in the network. Basic routing functions, including static routing,the Routing Information Protocol (RIP)
and Open Shortest Path First protocol (OSPF).
10.1 Introduction to IP Route and Routing Table
10.1.1 IP Route and Route Segment
Routers are implemented for route selection in the Internet. A router works in the following way: It selects an appropriate
path (through a network) according to the destination address of its received packet and forwards the packet to the next
router. It works in this way hop by hop and the last router in the path is responsible for submitting the packet to the
destination host to complete the IP packet forwarding and the routing across network segments.
In a network, the router regards a path for sending a packet as a logical route unit, and calls it a Hop. For example, in the figure
below, a packet sent from Host A to Host C, a packet should go through 2 routers and the packet is transmitted through two
hops and router segments. Therefore, when a node is connected to another node through a network, there is a hop between
these two nodes and these two nodes are deemed as adjacent in the Internet. In the same principle, the adjacent routers refer
to two routers connected to the same network. The number of route segments between a router and hosts in the same
network counted as zero. In the following figure, the bold arrows represent the hops. A router can be connected to any
physical link that constitutes a route segment for routing packets via the network.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 56 - - www.stephen-tele.com
Figure 12-1 About hops
As the networks may have different sizes, the segment lengths connected between two different pairs of routers are also
different. The number of route segments multiplies a weighted coefficient can serve as a weighted measurement for the
actual length of the signal transmission path.
If a router in a network is regarded as a node and a route segment in the Internet is regarded as a link, message routing in the
Internet works in a similar way as the message routing in a conventional network. Message routed through the shortest route
may not always be the optimal way route. For example, routing through 3 LAN route segments may be much faster than that
through 2 WAN route segments.
10.1.2 Route Selection through the Routing Table
The key for a router to forward packets is the routing table. Each router saves a routing table in its memory, and each entry of
this table specifies the physical port of the router through which the packet is sent to a subnet or a host. Therefore, it can
reach the next router in via a particular path or reach a destination host via directly connected network.
A routing table has the following key entries:
� Destination address: It is used to identify the destination IP address or thedestination network of IP packet, which is 32
bits in length.
� Network mask: It is made up of several consecutive "1"s, which can be expressed either in the dotted decimal format or
by the number of the consecutive "1" s in the mask. Combining with the destination address, it is used to identify the
network address of the destination host or router. If the destination address is ANDed with the network mask, you will
get the address of the network segment where the destination host or router is located. For example, if the destination
address is 129.102.8.10, the address of the network where the host or the router with the mask 255.255.0.0 is located
will be 129.102.0.0.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 57 - - www.stephen-tele.com
� Output interface: It indicates an interface through which an IP packet should be forwarded.
� Next hop address: Indicates the next router that an IP packet will pass through.
� Priority added to the IP routing table for a route: There may be different next hops to the same destination. These routes
may be discovered by different routing protocols, or they can just be the static routes configured manually. The one with
the highest priority (the smallest numerical value) will be selected as the current optimal route.
According to different destinations, the routes can be divided into the following:
� Subnet route: The destination is a subnet.
� Host route: The destination is a host In addition, according to whether the network of the destination host is directly
connected to the router, there are the following types of routes:
� Direct route: The router is directly connected to the network where the destination locates.
� Indirect route: The router is not directly connected to the network where the destination locates.
In order to limit the size oft the routing table, an option is available to set a default route.All the packets that fail to find the
suitable entry will be forwarded through this default route.
In a complicated Internet as shown in the following figure, the number in each network is the network address. The router R8
is connected with three networks, so it has three IP addresses and three physical ports, and its routing table is shown in the
diagram below:
Figure 12-2 The routing table
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 58 - - www.stephen-tele.com
10.2 Routing Management Policy
This Series Routing Switches support the configuration of a series of dynamic routing protocols such as RIP, OSPF , as well as
the static routes. The static routes configured by the user are managed together with the dynamic routes as detected by the
routing protocol. The static routes and the routes learned or configured by different routing protocols can also be shared with
each other.
10.2.1 Routing protocols and the preferences of the corresponding routes
Different routing protocols (as well as the static configuration) may generate different routes to the same destination, but not
all these routes are optimal. In fact, at a certain moment, only one routing protocol can determine a current route to a specific
destination. Thus, each of these routing protocols (including the static configuration) is set a preference, and when there are
multiple routing information sources, the route discovered by the routing protocol with the highest preference will become
the current route. Routing protocols and the default preferences (the smaller the value, the higher the preference is) of the
routes learned by them are shown in the following table.
Table 12-1 Routing protocols and the default preferences for the routes learned by them
Routing protocol or route type The preference of the corresponding route
DIRECT 0
OSPF
10
STATIC
60
RIP 100
UNKNOWN
255
In the table, 0 indicates a direct route. 255 Indicates any route from unreliable source. Except for direct routing, the
preferences of various dynamic routing protocols can be manually configured to meet the user requirements. In addition, the
preferences for individual static routes can be different.
10.2.2 Supporting Load Sharing and Route Backup
I. Load sharing
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 59 - - www.stephen-tele.com
Load sharing: Support multi-route mode, permitting to configure multiple routes that reach the same destination and use the
same precedence. The same destination can be reached via multiple different paths, whose precedences are equal. When
there is no route that can reach the same destination with a higher precedence, the multiple routes will be adopted by IP,
which will forward the packets to the destination via these paths so as to implement load sharing.
For the same destination, a specified routing protocol may find multiple different routes.If the routing protocol has the highest
precedence among all active routing protocols,these multiple routes will be regarded as currently valid routes. Thus, load
sharing of IP traffic is ensured in terms of routing protocols.
II. Route backup
Route backup: Support route backup. When main route is in failure, the system will automatically switch to a backup route to
improve the network reliability.In order to achieve route backup, the user can configure multiple routes to the same
destination according to actual situation. One of the routes has the highest precedence and is called as main route. The other
routes have descending precedences and are called as backup routes. Normally, the router sends data via main route. When
the line is in failure, the main route will hide itself and the router will choose one from the left routes as a backup route whose
precedence is higher than others’ to send data. In this way, the switchover from the main route to the backup route is realized.
When the main route recovers, the router will restore it and re-select route. As the main route has the highest precedence,
the router will choose the main route to send data. This process is the automatic switchover from the backup route to the
main route.
10.2.3 Routes Shared between Routing Protocols
As the algorithms of various routing protocols are different, different protocols may generate different routes, thus bringing
about the problem of how to resolve the differences when different routes are generated by different routing protocols. The
SPEED series switches can import the information of another routing protocol.Each protocol has its own route redistribution
mechanism.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 60 - - www.stephen-tele.com
10.3 Static Route Configuration
10.3.1 Introduction to Static Route
10.3.1.1 Attributes and Functions of Static Route
A static route is a special route. You can set up an interconnecting network with the static route configuration. The problem
for such configuration is when a fault occurs to the network, the static route cannot change automatically to steer away from
the node causing the fault, if without the help of an administrator. In a relatively simple network, you only need to configure
the static routes to make the router work normally. The proper configuration and usage of the static route can improve the
network performance and ensure the bandwidth of the important
applications.
10.3.1.2 Default Route
A default route is a static route, too. A default route is a route used only when no suitable routing table entry is matched and
when no proper route is found, the default route is used. In a routing table, the default route is in the form of the route to the
network 0.0.0.0 (with the mask 0.0.0.0). You can see whether it has been set via the output of the command display ip
routing-table. If the destination address of a packet fails in matching any entry of the routing table, the router will select the
default route to forward this packet. If there is no default route and the destination address of the packet fails in matching any
entry in the routing table, this packet will be discarded, and an Internet Control Message Protocol (ICMP) packet will be sent to
the originating host to inform that the destination host or network is unreachable. Default route is very useful in the networks.
Suppose that there is a typical network, which consists of hundreds of routers. In that network, far from less bandwidth would
be consumed if you put all kinds of dynamic routing protocols into use without configuring a default route. Using the default
route could provide an appropriate bandwidth, even not achieving a high bandwidth, for communications between large
numbers of users.
10.3.2 Static Route Configuration
Static Route Configuration includes:
� Configuring a static route
� Configuring a default route
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 61 - - www.stephen-tele.com
10.3.2.1 Configuring a static route
Perform the following configurations in global configuration mode.
Beginning in privileged EXEC mode, follow these steps to configure a static route.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip route static add dst-ipaddress net-mask next-hop
[description string|usehw {yes|no}|gateway
{yes|no}|mac mac-address|port port-number|vid
vlan-id]
Configuring a static route.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip route static Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete a static route use ip route static delete dst-ipaddress global configuration command.
The parameters are explained as follows:
� dst-ipaddress and net-mask
The dst-ipaddress and net-mask are in a dotted decimal format. As "1"s in the 32-bit mask is required to be consecutive, the
dotted decimal mask can also be replaced by the mask-length (which refers to the digits of the consecutive "1"s in the mask).
� Next-hop address
When configuring a static route, you can specify the gateway-address to decide the next hop address, depending on the actual
conditions.
In fact, for all the routing items, the next hop address must be specified. When IP layer transmits a packet, it will first search
the matching route in the routing table according to the destination address of the packet. Only when the next hop address of
the route is specified can the link layer find the corresponding link layer address, and then forward the packet according to this
address.
10.3.2.2 Configuring a default route
Perform the following configurations in global configuration mode.
Beginning in privileged EXEC mode, follow these steps to configure a default route.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 62 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip route static add 0.0.0.0 0.0.0.0 next-hop
[description string|usehw {yes|no}|gateway
{yes|no}|mac mac-address|port port-number|vid
vlan-id]
Configuring default route.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip route static Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete a static route use ip route static delete 0.0.0.0 global configuration command.
The meanings of parameters in the command are the same as those of the static route.
10.3.3 Typical Static Route Configuration Example
I. Networking requirements
As shown in the figure below, the masks of all the IP addresses in the figure are 255.255.255.0. It is required that all the hosts
or Routing Switches can be interconnected in pairs by configuring static routes.
II. Networking diagram
Figure 12-3 Networking diagram of the static route configuration example
III. Configuration procedure
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 63 - - www.stephen-tele.com
# Setting switch A VLAN and specifying IP address for VLAN
switchA(config)#vlan static set vid 1 01-02-
switchA(config)#vlan static set vid 2 01u
switchA(config)#vlan static set vid 3 02u
switchA(config)#vlan port pvid 1 2
switchA(config)#vlan port pvid 2 3
switchA(config)#ip address add vint 1 1.1.1.2 255.255.255.0 vid 2
switchA(config)#ip address add vint 2 1.1.2.1 255.255.255.0 vid 3
# Setting default route for switch A
switchA(config)#ip route static add 0.0.0.0 0.0.0.0 1.1.2.2
# Setting switch B VLAN and specifying IP address for VLAN
switchB(config)#vlan static set vid 1 01-02-
switchB(config)#vlan static set vid 2 01u
switchB(config)#vlan static set vid 3 02u
switchB(config)#vlan port pvid 1 2
switchB(config)#vlan port pvid 2 3
switchB(config)#ip address add vint 1 1.1.4.1 255.255.255.0 vid 2
switchB(config)#ip address add vint 2 1.1.3.2 255.255.255.0 vid 3
# Setting default route for switch B
switchB(config)#ip route static add 0.0.0.0 0.0.0.0 1.1.3.1
# Setting switch C VLAN and specifying IP address for VLAN
switchC(config)#vlan static set vid 1 01-02-03-
switchC(config)#vlan static set vid 2 01u
switchC(config)#vlan static set vid 3 02u
switchC(config)#vlan static set vid 4 03u
switchC(config)#vlan port pvid 1 2
switchC(config)#vlan port pvid 2 3
switchC(config)#vlan port pvid 3 4
switchC(config)#ip address add vint 1 1.1.2.2 255.255.255.0 vid 2
switchC(config)#ip address add vint 2 1.1.3.1 255.255.255.0 vid 3
switchC(config)#ip address add vint 3 1.1.5.2 255.255.255.0 vid 3
# Setting static route for switch C
switchC(config)#ip route static add 1.1.1.0 255.255.255.0 1.1.2.1
switchC(config)#ip route static add 1.1.4.0 255.255.255.0 1.1.3.2
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 64 - - www.stephen-tele.com
10.3.4 Static Route Fault Diagnosis and Troubleshooting
By default the Switch is not configured with the dynamic routing protocol and both the physical status and the link layer
protocol status of the interface is UP, but the IP packets cannot be forwarded normally.
Troubleshooting:
� Use the show ip route static command to view whether the corresponding static route is correctly configured.
� Use the show ip route table command to view whether the corresponding route is valid.
10.4 RIP Configuration
10.4.1 Brief Introduction to RIP
Routing Information Protocol (RIP) is a relatively simple dynamic routing protocol, but it has a wide application. RIP is a kind of
Distance-Vector (D-V) algorithm-based protocol and exchanges routing information via UDP packets. It employs Hop Count to
measure the distance to the destination host, which is called Routing Cost. In RIP, the hop count from a router to its directly
connected network is 0, and that to a network which can be reached through another router is 1, and so on. To restrict the
time to converge, RIP prescribes that the cost value is an integer ranging 0 and 15. The hop count equal to or exceeding 16 is
defined as infinite, that is to say, the destination network or the host is unreachable.
RIP sends routing refreshing message every 30 seconds. If no routing refreshing message is received from one network
neighbor in 180 seconds, RIP will tag all routes of the network neighbor to be unreachable. If no routing refreshing message is
received from one network neighbor in 300 seconds, RIP will finally remove the routes of the network neighbor from the
routing table.
To improve the performances and avoid route loop, RIP supports Split Horizon, Poison Reverse and allows importing the
routes discovered by other routing protocols Each router running RIP manages a route database, which contains routing
entries to all the reachable destinations in the network. These routing entries contain the following information:
� Destination address: IP address of a host or network.
� Next hop address: The address of the next router that an IP packet will pass through for reaching the destination.
� Output interface: The interface through which the IP packet should be forwarded.
� Cost: The cost for the router to reach the destination, which should be an integer in the range of 0 to 16.
� Timer: Duration from the last time that the routing entry is modified till now. The timer is reset to 0 whenever a routing
entry is modified.
� Route tag: Discriminate whether the route is generated by an interior routing protocol or by an exterior routing protocol.
The whole process of RIP startup and running can be described as follows:
1) If RIP is enabled on a router for the first time, the router will broadcast or multicast the request packet to the adjacent
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 65 - - www.stephen-tele.com
routers. Upon receiving the request packet, the adjacent routers (on which, RIP should have been enabled) respond to
the request by returning the response packets containing information of their local routing tables.
2) After receiving the response packets, the router, which has sent the request, will modify its own routing table.
3) At the same time, RIP broadcasts its routing table to the adjacent routers every 30 seconds. The adjacent routers will
maintain their own routing table after receiving the packets and will select an optimal route, and then advertise the
modification information to their respective adjacent network so as to make the updated route globally known.
Furthermore, RIP uses the timeout mechanism to handle the out-timed routes so as to ensure the real-timeliness and
validity of the routes. With these mechanisms, RIP, an interior routing protocol, enables the router to learn the routing
information of the whole network.
RIP has become one of the actual standards of transmitting router and host routes by far. It can be used in most of the campus
networks and the regional networks that are simple yet extensive. For larger and more complicated networks, RIP is not
recommended.
10.4.2 RIP Configuration
The RIP configuration includes:
� Enabling RIP Interface
� Specifying RIP Version of the Interface
� Setting RIP Packet Authentication
� Setting Additional Routing Cost
� Enable/disable RIP protocol
10.4.2.1 Enabling RIP interface
To flexibly control RIP operation, you can specify the interface and configure the network where it is located to the RIP
network, so that these interfaces can send and receive RIP packets.
Beginning in privileged EXEC mode, follow these steps to enable rip interface.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 router rip network network-address Enable RIP on the specified network.
Step 3 exit Return to privileged EXEC mode.
Step 4 show router rip config Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 66 - - www.stephen-tele.com
To disable rip on the specified network, use router rip no network network-address global configuration commanc.
10.4.2.2 Specifying RIP Version of the Interface
RIP has two versions, RIP-1 and RIP-2. You can specify the version of the RIP packet processed by the interface.
RIP-1 broadcasts the packets. RIP-2 can transmit packets by both broadcast and multicast. By default, multicast is adopted for
transmitting packets. In RIP-2, the multicast address is 224.0.0.9. The advantage of transmitting packets in the multicast mode
is that the hosts not operating RIP in the same network can avoid receiving RIP broadcast packets. In addition, this mode can
also make the hosts running RIP-1 avoid incorrectly receiving and processing the routes with subnet mask in RIP-2. When an
interface is running RIP-2 broadcast, the RIP-1 packets can also be received.
Beginning in privileged EXEC mode, follow these steps to specify RIP version of the interface.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 router rip entry interface-id recvtype [rip1 | rip2
|rip1Orrip2 | doNotReceive ]
Specified receive message type of the
interface.
Step 3 router rip entry interface-id sendtype [ripVersion1 |
ripVersion2 | ripV1Demand | ripV2Demand |
rip1Compatible | doNotSend]
Specified send message type of the
interface.
Step 4 exit Return to privileged EXEC mode.
Step 4 show router rip config Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
10.4.2.3 Setting RIP-2 Packet Authentication
RIP-1 does not support packet authentication. But when the interface operates RIP-2, the packet authentication can be
configured.
RIP-2 supports two authentication modes: Simple authentication and MD5 authentication. MD5 authentication uses two
packet formats: One follows RFC2453 and another one follows the RFC2082.
The simple authentication does not ensure security. The authentication key not encrypted is sent together with the packet, so
the simple authentication cannot be applied to the case with high security requirements.
Beginning in privileged EXEC mode, follow these steps to set rip-2 packet authentication.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 67 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 router rip entry interface-id authtype [md5 |
simplePass | noAuth]
Setting authentication type.
Step 3 router rip entry interface-id password string Setting authentication password..
Step 4 exit Return to privileged EXEC mode.
Step 4 show router rip config Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
The usual packet format follows RFC2453 and nonstandard follows RFC2082.
10.4.2.4 Setting Additional Routing Metric
Additional routing metric is the input or output routing metric added to an RIP route. It does not change the metric value of
the route in the routing table, but adds a specified metric value when the interface receives or sends a route.
Beginning in privileged EXEC mode, follow these steps to set additional routing metric.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 router rip entry interface-id metric vlaue Setting additional routing metric.
Step 3 exit Return to privileged EXEC mode.
Step 4 show router rip config Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
By default, the additional routing metric added to the route when RIP sends the packet is 1. The additional routing metric
when RIP receives the packet is 0 by default.
10.4.2.5 Enable/disable RIP protocol
Beginning in privileged EXEC mode, follow these steps to enable RIP protocol.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 router rip enable Enabling RIP protocol.
By default the RIP protocol disabled.
Step 3 exit Return to privileged EXEC mode.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 68 - - www.stephen-tele.com
Step 4 show router rip config Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable RIP protocol, use router rip disable global configuration command.
10.4.3 Typical RIP Configuration Example
10.4.3.1 Networking requirements
As shown in the following figure, the Routing Switches C connects to the subnet 117.102.0.0 through the Ethernet port. The
Ethernet ports of Routing Switches A and Switch B are respectively connected to the network 155.10.1.0 and 196.38.165.0.
Switch C, Switch A and Switch B are connected via Ethernet 110.11.2.0. Correctly configure RIP to ensure that Switch C, Switch
A and Switch B can interconnect.
10.4.3.2 Networking diagram
Figure 12-4 RIP configuration networking
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 69 - - www.stephen-tele.com
10.4.3.3 Configuration procedure
�Note:
The following configuration only shows the operations related to RIP. Before performing the following
configuration, please make sure the Ethernet link layer can work normally.
# Configure Switch A
switchA(config)#router rip network 110.11.2.0
switchA(config)#router rip network 155.10.1.0
switchA(config)#router rip enable
# Configure Switch B
switchB(config)#router rip network 110.11.2.0
switchB(config)#router rip network 196.38.165.0
switchB(config)#router rip enable
# Configure Switch C
switchC(config)#router rip network 110.11.2.0
switchC(config)#router rip network 117.102.0.0
switchC(config)#router rip enable
10.5 OSPF Configuration
10.5.1 OSPF Overview
10.5.1.1 Introduction to OSPF
Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF. At present, OSPF
version 2 (RFC2328) is used, which is available with the following features:
� Applicable scope: It can support networks in various sizes and can support several hundred routers at maximum.
� Fast convergence: It can transmit the update packets instantly after the network topology changes so that the change is
synchronized in the AS.
� Loop-free: Since the OSPF calculates routes with the shortest path tree algorithm according to the collected link states, it
is guaranteed that no loop routes will be generated from the algorithm itself.
� Area partition: It allows the network of AS to be divided into different areas for the convenience of management so that
the routing information transmitted between the areas is abstracted further, hence to reduce the network bandwidth
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 70 - - www.stephen-tele.com
consumption.
� Equal-cost multi-route: Support multiple equal-cost routes to a destination.
� Routing hierarchy: OSPF has a four-level routing hierarchy. It prioritizes the routes to be intra-area, inter-area, external
type-1, and external type-2 routes.
� Authentication: It supports the interface-based packet authentication so as to guarantee the security of the route
calculation.
� Multicast transmission: Support multicast address to receive and send packets.
10.5.1.2 Process of OSPF Route Calculation
The routing calculation process of the OSPF protocol is as follows:
� Each OSPF-capable router maintains a Link State Database (LSDB), which describes the topology of the whole AS.
According to the network topology around itself, each router generates a Link State Advertisement (LSA). The routers on
the network transmit the LSAs among them by transmitting the protocol packets to each others. Thus, each router
receives the LSAs of other routers and all these LSAs compose its LSDB.
� LSA describes the network topology around a router, so the LSDB describes the network topology of the whole network.
Routers can easily transform the LSDB to a weighted directed graph, which actually reflects the topology architecture of
the whole network. Obviously, all the routers get a graph exactly the same.
� A router uses the SPF algorithm to calculate the shortest path tree with itself as the root, which shows the routes to the
nodes in the autonomous system. The external routing information is leave node. A router, which advertises the routes,
also tags them and records the additional information of the autonomous system. Obviously, the Routing tables obtained
by different routers are different.
Furthermore, suppose that the routers are directly connected without other in-between routing devices in a broadcast
network. To enable the individual routers to broadcast the information of their local statuses to the whole AS, any two routers
in the environment should establish adjacency between them. In this case, however, the changes that any router takes will
result in multiple transmissions, which are not only unnecessary but also waste the precious bandwidth resources. To solve
this problem,“Designated Router” (DR) is defined in the OSPF. Thus, all the routers only send information to the DR for
broadcasting the network link states in the network. Thereby,the number of router adjacent relations on the multi-access
network is reduced.OSPF supports interface-based packet authentication to guarantee the security of
route calculation. Also, it transmits and receives packets by IP multicast.
10.5.1.3 OSPF Packets
OSPF uses five types of packets:
� Hello Packet:
It is the commonest packet, which is periodically sent by a router to its neighbor. It contains the values of some timers, DR,
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 71 - - www.stephen-tele.com
BDR and the known neighbor.
� Database Description (DD) Packet:
When two routers synchronize their databases, they use the DD packets to describe their own LSDBs, including the digest of
each LSA. The digest refers to the HEAD of an LSA, which can be used to uniquely identify the LSA. Such reduces the traffic size
transmitted between the routers, since the HEAD of a LSA only occupies a small portion of the overall LSA traffic. With the
HEAD, the peer router can judge whether it already has had the LSA.
� Link State Request (LSR) Packet:
After exchanging the DD packets, the two routers know which LSAs of the peer routers are lacked in the local LSDBs. In this
case, they will send LSR packets requesting for the needed LSAs to the peers. The packets contain the digests of the needed
LSAs.
� Link State Update (LSU) Packet:
The packet is used to transmit the needed LSAs to the peer router. It contains a collection of multiple LSAs (complete
contents).
� Link State Acknowledgment (LSAck) Packet
The packet is used for acknowledging the received LSU packets. It contains the HEAD(s) of LSA(s) requiring acknowledgement.
10.5.1.4 Basic Concepts Related to OSPF
I. Router ID
To run OSPF, a router must have a router ID. If no ID is configured, the system will automatically select an IP address from the
IP addresses of the current interface as the Router ID. Way to choose a router ID: if the LoopBack interface address exists, the
system chooses the LoopBack address with the greatest IP address value as the router ID; if no LoopBack interface configured,
then the address of the physical interface with the greatest IP address value will be the router ID.
II. DR and BDR
� Designated Router (DR)
In multi-access networks, if any two routers are neighbors, the same LSA will be transmitted repeatedly, wasting bandwidth
resources. To solve this problem, the OSPF protocol regulates that a DR must be elected in a multi-access network and only
the DR (and the BDR in the following content) can be the neighbor of other routers in this network. Two non-DR routers or
BDR routers cannot be neighbors and exchange routing information. Which router can be the DR in its segment is not
manually specified. Instead, DR is elected by all the routers in the segment.
� Backup Designated Router (BDR)
If the DR fails for some faults, a new DR must be elected and synchronized with the other routers on the segment. This process
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 72 - - www.stephen-tele.com
will take a relatively long time, during which, the route calculation is incorrect. To shorten the process, BDR is brought forth in
OSPF.In fact, BDR is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are also established between
the BDR and all the routers on the segment, and routing information is also exchanged between them. After the existing DR
fails, the BDR will become a DR immediately.
III. Area
The network size grows increasingly larger. If all the routers on a huge network are running OSPF, the large number of routers
will result in an enormous LSDB, which will consume an enormous storage space, complicate the SPF algorithm, and add the
CPU load as well. Furthermore, as a network grows larger, the topology becomes more likely to take changes. Hence, the
network will always in “turbulence”, and a great deal of OSPF packets will be generated and transmitted in the network. This
will lower the network bandwidth utility. In addition, each change will cause all the routes on the network to recompute the
route.
OSPF solves the above problem by partition an AS into different areas. Areas logically group the routers. The borders of areas
are formed by routers. Thus, some routers may belong to different areas. A router connects the backbone area and a
non-backbone area is called Area Border Router (ABR). An ABR can connect to the backbone area physically or logically.
IV. Backbone area and virtual link
� Backbone Area
After the area division of OSPF, not all the areas are equal. In which, an area is different from all the other areas. Its area-id is 0
and it is usually called the backbone area.
� Virtual link
Since all the areas should be connected to the backbone area, virtual link is adopted so that the physically separated areas can
still maintain the logic connectivity to the backbone area.
V. Route summary
AS is divided into different areas that are interconnected via OSPF ABRs. The routing information between areas can be
reduced through route summary. Thus, the size of routing table can be reduced and the calculation speed of the router can be
improved.After calculating an intra-area route of an area, the ABR summarizes multiple OSPF routes into an LSA and sends it
outside the area according to the configuration of summary.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 73 - - www.stephen-tele.com
10.5.2 OSPF Configuration
In various configurations, you must first enable OSPF, specify the interface and area ID before configuring other functions. But
the configuration of the functions related to the interface is not restricted by whether the OSPF is enabled or not. It should be
noted that after OSPF is disabled, the OSPF-related interface parameters also become invalid.
OSPF configuration includes:
� Entering the OSPF configuration mode
� Enabling OSPF Process
� Specifying Interface
� Configuring the Cost for Sending Packets on an Interface
� Setting the Interface Priority for DR Election
� Setting the Interval of Hello Packet Transmission
� Setting a dead timer for the neighboring routers
� Configuring an Interval required for sending LSU packets
� Setting an Interval for LSA Retransmission between Neighboring Routers
� Setting a Shortest Path First (SPF) Calculation Interval for OSPF
� Configuring STUB Area of OSPF
� Configuring the Route Summarization of OSPF Area
� Configuring OSPF Virtual Link
� Configuring OSPF Packet Authentication
� Disabling the Interface to Send OSPF Packets
10.5.2.1 Enter OSPF Configuration Mode
Beginning in privileged EXEC mode, follow these steps to enter OSPF configuration mode.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 router ospf Enter OSPF configuration mode.
10.5.2.2 Enabling OSPF Process
Beginning in OSPF configuration mode, follow these steps to enable OSPF Process.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 74 - - www.stephen-tele.com
Command Purpose
Step 1 service enable Enable OSPF Process.
By default, OSPF is not enabled.
Step 2 exit Return to global configuration mode.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip ospf Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable OSPF process, use service disable OSPF configuration command.
10.5.2.3 Specifying interface
OSPF further divides the AS into different areas. An area logically groups the routers.Some routers belong to different areas
(such routers are called ABRs), but one segment can only belong to an area. In other words, you must specify each OSPF
interface to belong to a particular area identified by area ID. The areas transfer routing information between them via the
ABRs.
In addition, parameters of all the routers in the same area should be identical. Therefore, when configuring the routers in the
same area, please note that most configurations should be based upon the area. Wrong configuration may disable the
neighboring routers to transmit information between them, and even lead to congestion or self-loop of the routing
information.
Beginning in OSPF configuration mode, follow these steps to specify interface.
Command Purpose
Step 1 network ip-address ip-mask area area-id Specify interface to run OSPF
Step 2 exit Return to global configuration mode.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip ospf Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete specified network, use no network ip-address ip-mask area area-id OSPF configuration command.
You must specify the segment to which the OSPF will be applied after enabling the OSPF.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 75 - - www.stephen-tele.com
10.5.2.4 Configuring the Cost for Sending Packets on an Interface
The user can control the network traffic by configuring different message sending costs for different interfaces. Otherwise,
OSPF will automatically calculate the cost according to the baud rate on the current interface.
Beginning in privileged EXEC mode, follow these steps to configure the cost for sending packets on an interface.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 interface vint interface-id Enter interface configuration mode.
Step3 ip ospf cost value Configure the cost for sending packets on
Interface
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show ip ospf interface [vint interface-id] Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
To restore the default cost for packet transmission on the Interface, use no ip ospf cost OSPF configuration command.
By default, the interface automatically calculates the costs for running OSPF protocol according to the current Baud rate. The
calculation formula is: 100 Mbps/ Interface current baud rate.
10.5.2.5 Setting the Interface Priority for DR Election
The priority of the router interface determines the qualification of the interface in DR election, and the router of higher
priority will be considered first if there is a collision in the election.
DR is not designated manually; instead, it is elected by all the routers on the segment. Routers with the priorities > 0 in the
network are eligible “candidates”. Among all the routers self-declared to be the DR, the one with the highest priority will be
elected. If two routers have the same priority, the one with the highest router ID will be elected as the DR. Votes are the hello
packets. Each router writes the expected DR in the packet and sends it to all the other routers on the segment. If two routers
attached to the same segment concurrently declare themselves to be the DR, choose the one with higher priority. If the
priorities are the same, choose the one with greater router ID. If the priority of a router is 0, it will not be elected as DR or
BDR.If DR fails due to some faults, the routers on the network must elect a new DR and synchronize with the new DR. The
process will take a relatively long time, during which, the route calculation is incorrect. In order to speed up this process, OSPF
puts forward the concept of BDR. In fact, BDR is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are
also established between the BDR and all the routers on the segment, and routing information is also exchanged between
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 76 - - www.stephen-tele.com
them. When the DR fails, the BDR will become the DR instantly. Since no re-election is needed and the adjacencies have
already been established, the process is very short. But in this case,a new BDR should be elected. Although it will also take a
quite long period of time, it will not exert any influence upon the route calculation.
But please note:
� The DR on the network is not necessarily the router with the highest priority. Likewise, the BDR is not necessarily the
router with the second highest priority. If a new router is added after DR and BDR election, it is impossible for the router
to become the DR even if it has the highest priority.
� DR is based on the router interface in a certain segment. Maybe a router is a DR on one interface, but can be a BDR or DR
Other on the other interface.
Beginning in privileged EXEC mode, follow these steps to set the Interface Priority for DR Election.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 interface vint interface-id Enter interface configuration mode.
Step 3 ip ospf priority priority_num Configure the interface with a priority for
DR election.
By default, the priority of the Interface is
1 in the DR election. The value can be
taken from 0 to 255.
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show ip ospf interface [vint interface-id] Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
To restore the default interface priority, use no ip ospf priority interface configuration command.
10.5.2.6 Setting the Interval of Hello Packet Transmission
Hello packets are a kind of most frequently used packets, which are periodically sent to the adjacent router for discovering and
maintaining the adjacency, and for electing DR and BDR. The user can set the hello timer.
According to RFC2328, the consistency of hello intervals between network neighbors should be kept. The hello interval value is
in inverse proportion to the route convergence rate and network load.
Beginning in privileged EXEC mode, follow these steps to set the interval of hello packet transmission.
Command Purpose
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 77 - - www.stephen-tele.com
Step 1 config terminal Enter global configuration mode.
Step 2 Interface vint interface-id Enter interface configuration mode.
Step 3 ip ospf hello-interval seconds Set the hello interval of the interface
By default, send Hello packets every 10
seconds.
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show ip ospf interface [vint interface-id] Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
To restore the default hello of the interface, use no ip ospf hello-interval interface configuration command.
10.5.2.7 Setting a dead timer for the neighboring routers
The dead timer of neighboring routers refers to the interval in which a router will regard the neighboring router as dead if no
Hello packet is received from it. The user can set a dead timer for the neighboring routers.
Beginning in privileged EXEC mode, follow these steps to set a dead timer for the neighboring routers.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 interface vint interface-id Enter interface configuration mode.
Step 3 ip ospf dead-interval seconds Configure a dead timer for the
neighboring routers
By default, the dead interval for the
neighboring routers is 40 seconds.
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show ip ospf interface [vint interface-id] Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
To restore the default dead interval of the neighboring routers, use no ip ospf hello-interval interface configuration command.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 78 - - www.stephen-tele.com
10.5.2.8 configuring an Interval required for sending LSU packets
Trans-delay seconds should be added to the aging time of the LSA in an LSU packet.Setting the parameter like this mainly
considers the time duration that the interface requires for transmitting the packet.
The user can configure the interval of sending LSU message. Obviously, more attention should be paid on this item over low
speed network.
Beginning in privileged EXEC mode, follow these steps to configure an Interval required for sending LSU packets.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 interface vint interface-id Enter interface configuration mode.
Step 3 ip ospf transmit-delay seconds
Configure an interval for sending LSU
packets
By default, the LSU packets are
transmitted per second.
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show ip ospf interface [vint interface-id] Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
To restore the default interval of sending LSU packets, use no ip ospf transmit-delay interface configuration command.
10.5.2.9 Setting an Interval for LSA Retransmission between Neighboring Routers
If a router transmits an LSA (Link State Advertisements) to the peer, it requires the acknowledgement packet from the peer. If
it does not receive the acknowledgement packet within the retransmit, it will retransmit this LSA to the neighbor. The value of
retransmit is user-configurable.
Beginning in privileged EXEC mode, follow these steps to set an Interval for LSA Retransmission between Neighboring Routers.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 interface vint interface-id Enter interface configuration mode.
Step 3 ip ospf retransmit-interval seconds
Configure the interval of LSA
retransmission for the neighboring
routers
By default, the interval for neighboring
routers to retransmit LSAs is five
seconds.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 79 - - www.stephen-tele.com
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show ip ospf interface [vint interface-id] Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
To restore the default LSA retransmission interval for the neighboring routers, use no ip ospf retransmit-interval interface
configuration command.
The value of interval should be bigger than the interval in which a packet can be transmitted and returned between two
routers.
Note that you should not set the LSA retransmission interval too small. Otherwise, unnecessary retransmission will be caused.
10.5.2.10 Setting a Shortest Path First (SPF) Calculation Interval for OSPF
Whenever the LSDB of OSPF takes changes, the shortest path requires recalculation. Calculating the shortest path upon
change will consume enormous resources as well as affect the operation efficiency of the router. Adjusting the SPF calculation
interval, however, can restrain the resource consumption due to frequent network changes.
Beginning in OSPF configuration mode, follow these steps to set a Shortest Path First (SPF) Calculation Interval for OSPF.
Command Purpose
Step 1 timers spf delay-seconds hold-seconds
Set the SPF calculation interval
By default, the interval of SPF
recalculation is 5 seconds.
Step 2 exit Return to global configuration mode.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip ospf Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To restore the SPF calculation interval, use no timers spf OSPF configuration command.
10.5.2.11 Configuring STUB Area of OSPF
STUB areas are some special LSA areas, in which the ABRs do not propagate the learned external routes of the AS. In these
areas, the routing table sizes of routers and the routing traffic are significantly reduced.
The STUB area is an optional configuration attribute, but not every area conforms to the configuration condition. Generally,
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 80 - - www.stephen-tele.com
STUB areas, located at the AS boundaries, are those non-backbone areas with only one ABR. Even if this area has multiple
ABRs, no virtual links are established between these ABRs.
To ensure that the routes to the destinations outside the AS are still reachable, the ABR in this area will generate a default
route (0.0.0.0) and advertise it to the non-ABR routers in the area.
Please pay attention to the following items when configuring a STUB area:
� The backbone area cannot be configured to be the STUB area and the virtual link cannot pass through the STUB area.
� If you want to configure an area to be the STUB area, then all the routers in this area should be configured with this
attribute.
� No ASBR can exist in a STUB area. In other words, the external routes of the AS cannot be propagated in the STUB area.
Beginning in OSPF configuration mode, follow these steps to configure STUB Area of OSPF.
Command Purpose
Step 1 area area-id stub [cr|no-summary] Configure an area to be the STUB area
Step 2 area area-id default-cost value Configure the cost of the default route
transmitted by OSPF to the STUB area
Step 3 exit Return to global configuration mode.
Step 4 exit Return to privileged EXEC mode.
Step 5 show ip ospf Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
To remove the configured STUB area, use no area area-id stub [cr|no-summary] OSPF configuration command.
To remove the cost of the default route to the STUB area, use no area area-id default-cost value OSPF configuration
command.
By default, the STUB area is not configured, and the cost of the default route to the STUB area is 1.
10.5.2.12 Configuring the Route Summarization of OSPF Area
Route summary means that ABR can aggregate information of the routes of the same prefix and advertise only one route to
other areas. An area can be configured with multiple aggregate segments, thereby OSPF can summarize them. When the ABR
transmits routing information to other areas, it will generate Sum_net_Lsa (type-3 LSA) per network. If some continuous
networks exist in this area, you can use the abr-summary command to summarize these segments into one segment. Thus, the
ABR only needs to send an aggregate LSA, and all the LSAs in the range of the aggregate segment specified by the command
will not be transmitted separately.
Once the aggregate segment of a certain network is added to the area, all the internal routes of the IP addresses in the range
of the aggregate segment will no longer be separately advertised to other areas. Only the route summary of the whole
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 81 - - www.stephen-tele.com
aggregate network will be advertised. But if the range of the segment is restricted by the keyword "not-advertise", the route
summary of this segment will not be advertised. This segment is represented by IP address and mask.Route summarization can
take effect only when it is configured on ABRs.
Beginning in OSPF configuration mode, follow these steps to configure the Route Summarization of OSPF Area.
Command Purpose
Step 1 summary-address ip-address mask
[cr|not-advertise|tag value]
Configure the Route Summarization of
OSPF Area
Step 2 exit Return to global configuration mode.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip ospf Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To cancel route summarization of OSPF Area, use no summary-address ip-address mask OSPF configuration command.
By default, the inter-area routes will not be summarized.
10.5.2.13 Configuring OSPF Virtual Link
According to RFC2328, after the area division of OSPF, not all the areas are equal. In which, an area is different from all the
other areas. Its area-id is 0.0.0.0 and it is usually called the backbone Area. The OSPF routes between non-backbone areas are
updated with the help of the backbone area. OSPF stipulates that all the non-backbone areas should maintain the connectivity
with the backbone area. That is, at least one interface on the ABR should fall into the area 0.0.0.0. If an area does not have a
direct physical link with the backbone area 0.0.0.0, a virtual link must be created.
If the physical connectivity cannot be ensured due to the network topology restriction, a virtual link can satisfy this
requirement. The virtual link refers to a logic channel set up through the area of a non-backbone internal route between two
ABRs. Both ends of the logic channel should be ABRs and the connection can take effect only when both ends are configured.
The virtual link is identified by the ID of the remote router. The area, which provides the ends of the virtual link with a
non-backbone area internal route, is called the transit area. The ID of the transit area should be specified when making
configuration.
The virtual link is activated after the route passing through the transit area is calculated,which is equivalent to a p2p
connection between two ends. Therefore, similar to the physical interfaces, you can also configure various interface
parameters on this link, such as hello timer.
The "logic channel" means that the multiple routers running OSPF between two ABRs only take the role of packet forwarding
(the destination addresses of the protocol packets are not these routers, so these packets are transparent for them and the
routers forward them as common IP packets). The routing information is directly transmitted between the two ABRs. The
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 82 - - www.stephen-tele.com
routing information herein refers to the type-3 LSAs generated by the ABRs, for which the synchronization mode of the routers
in the area will not be changed.
Beginning in OSPF configuration mode, follow these steps to configure OSPF Virtual Link.
Command Purpose
Step 1 area area-id virtual-link router-id [cr |
hello-interval seconds | retransmit-interval
seconds | transmit-delay seconds | dead-interval
seconds |
authentication-simple password |
authentication-md5 keyid key ]
Create and configure a virtual link
Step 2 exit Return to global configuration mode.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip ospf Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To remove the created virtual link, use no area area-id virtual-link router-id [cr | hello-interval seconds | retransmit-interval
seconds | transmit-delay seconds | dead-interval seconds | authentication-simple password | authentication-md5 keyid key ]
OSPF configuration command.
area-id and router-id have no default value. By default, hello timer is 10 seconds, retransmit 5 seconds, trans-delay 1 second,
and the dead 40 seconds.
10.5.2.14 Configuring OSPF Packet Authentication
OSPF supports simple authentication or MD5 authentication between neighboring routers.
All the routers in one area must use the same authentication mode (no authentication,simple text authentication or MD5
cipher text authentication). If the mode of supporting authentication is configured, all routers on the same segment must use
the same authentication key. To configure a simple text authentication key, use the ospf authentication-mode simple
command. And, use the ospf authentication-mode md5 command to configure the MD5 cipher text authentication key if the
area is configured to support MD5 cipher text authentication mode.
Beginning in privileged EXEC mode, follow these steps to configure OSPF Packet Authentication.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 interface vint interface-id Enter interface configuration mode.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 83 - - www.stephen-tele.com
Step 3 ip ospf authentication-simple password Specify a password for OSPF simple text
authentication
Step 4 ip ospf authentication-md5 key_id key Specify the key-id and key for OSPF MD5
authentication
Step 5 exit Return to global configuration mode.
Step 6 exit Return to privileged EXEC mode.
Step 7 show ip ospf interface [vint interface-id] Verify your entries.
Step 8 write (Optional) Save your entries in the
configuration file.
To Cancel simple authentication on the interface, use no ip ospf authentication-simple interface configuration command.
To Cancel the interface to use MD5 authentication, use no ip ospf authentication-md5 interface configuration command.
By default, the interface is not configured with either simple authentication or MD5 authentication.
10.5.2.15 Disabling the Interface to Send OSPF Packets
To prevent OSPF routing information from being acquired by the routers on a certain network, use the passive command to
disable the interface to transmit OSPF packets.
Beginning in privileged EXEC mode, follow these steps to disable the Interface to Send OSPF Packets.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 interface vint interface-id Enter interface configuration mode.
Step 3 ip ospf passive Disable the interface to send OSPF
packets
Step 4 exit Return to global configuration mode.
Step 5 exit Return to privileged EXEC mode.
Step 6 show ip ospf interface [vint interface-id] Verify your entries.
Step 7 write (Optional) Save your entries in the
configuration file.
To enable the interface to send OSPF packets, use no ip ospf passive interface configuration mode.
By default, all the interfaces are allowed to transmit and receive OSPF packets.
After an OSPF interface is set to be in silent status, the interface can still advertise its direct route. However, the OSPF hello
packets of the interface will be blocked, and no neighboring relationship can be established on the interface. Thereby, the
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 84 - - www.stephen-tele.com
capability for OSPF to adapt to the networking can be enhanced, which will hence reduce the consumption of system
resources. On a switch, this command can disable/enable the specified VLAN interface to send OSPF packets.
10.5.3 Displaying and Debugging OSPF
After the above configuration, execute show command in any view to display the running of the OSPF configuration, and to
verify the effect of the configuration.
Table 12-2 Displaying and debugging OSPF
Operation Command
Display the brief information of
the OSPF routing process
show ip ospf
Display OSPF neighbor information show ip ospf neighbor
Display OSPF routing table show ip ospf routing
Display OSPF virtual links
show ip ospf virtual-links
Display OSPF statistics
show ip ospf database
Display LSDB information of
OSPF
show ip ospf lsa
Display OSPF interface
information
show ip ospf interface
10.5.4 Typical OSPF Configuration Example
I. Networking requirements
In the following figure, Area 2 and Area 0 are not directly connected. Area 1 is required to be taken as transit area for
connecting Area 2 and Area 0.Enable OSPF service on switch and Correctly configure a virtual link between Switch B and
Switch C in Area 1.
II. Networking diagram
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 85 - - www.stephen-tele.com
Figure 12-6 OSPF virtual link configuration networking
III. Configuration procedure
10.5.5 OSPF Fault Diagnosis and Troubleshooting
Fault 1: OSPF has been configured in accordance with the above-mentioned steps, but OSPF on the router cannot run
normally.
Troubleshooting: Please check according to the following procedure.
Troubleshooting locally:
Check whether the protocol between two directly connected routers is in normal operation. The normal sign is the peer state
machine between the two routers reaches the FULL state. (Note: On a broadcast or NBMA network, if the interfaces for two
routers are in DROther state, the peer state machine for the two routers are in 2-way state, instead of FULL state. The peer
state machine between DR/BDR and all the other routers is in FULL state.
� Execute the show ip ospf neighbour command to view neighbours.
� Execute the show ip ospf interface command to view OSPF information in the interface.
� Check whether the physical connections and the lower level protocol operate normally. You can execute the ping
command to test. If the local router cannot ping the peer router, it indicates that faults have occurred to the physical link
and the lower level protocol.
� If the physical link and the lower layer protocol are normal, please check the OSPF parameters configured on the interface.
The parameters should be the same parameters configured on the router adjacent to the interface. The same area ID
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 86 - - www.stephen-tele.com
should be used, and the networks and the masks should also be consistent. (The p2p or virtually linked segment can have
different segments and masks.) Ensure that the dead timer on the same interface is at least four times the value of the
hello timer.
� If the network type is broadcast or NBMA, there must be at least one interface with a priority greater than zero.
� If an area is set as the STUB area, to which the routers are connected. The area on these routers must be also set as the
STUB area.
� The same interface type should be adopted for the neighboring routers.
� If more than two areas are configured, at least one area should be configured as the backbone area (that is to say, the
area ID is 0).
� Ensure the backbone area to connect with all the areas.
� The virtual links cannot pass through the STUB area.
Troubleshooting globally:
If OSPF cannot discover the remote routes yet in the case that the above steps are correctly performed, proceed to check the
following configurations.
� If more than two areas are configured on a router, at least one area should be configured as the backbone area.
As shown in the following figure: RTA and RTD are configured to belong to only one area, whereas RTB (area0 and area1) and
RTC (area1 and area 2) are configured to belong to two areas. In which, RTB also belongs to area0, which is compliant with the
requirement. However, none of the areas to which RTC belongs is area0. Therefore, a virtual link should be set up between
RTC and RTB. Ensure that area2 and area0 (backbone area) is connected.
Figure 12-7 OSPF areas
� The backbone area (area 0) cannot be configured as the STUB area and the virtual link cannot pass through the STUB area.
That is, if a virtual link has been set up between RTB and RTC, neither area1 nor area0 can be configured as a stub area. In
the above figure, only area 2 can be configured as stub area.
� Routers in the STUB area cannot redistribute the external routes.
� Backbone area must guarantee the connectivity of all nodes.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 87 - - www.stephen-tele.com
11 IP Multicast Protocol
11.1 IP Multicast Overview
11.1.1 Problems with Unicast/Broadcast
The constant development of the Internet and increasing interaction of versatile data,voice and vedio information over the
network, has promoted the emergence of new services like e-commerce, network conference, online auction, vedio on
demand (VoD),and tele-education. These services require higher information security and greater rewards.
I. Unicast
In unicast mode, every user that needs the inforamtion receives a copy through the channels the system separately
establishes for them. See Figure 13-1.
Figure 13-1 Data transmission in unicast mode
Suppose that Users B, D, and E need the information, the information source Server establishes transmision channels with
every of them. Since the traffic in transmission increases with the number of users, excessive copies of the information would
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 88 - - www.stephen-tele.com
spread over the network if the there is a large number of users in need of this infomration. As the bandwidth would turn short,
the unicast mode is incapable of massive transmission.
II. Broadcast
In broadcast mode, every user on the network receives the information regardless of their needs. See Figure 13-2 Data
transmission in broadcast mode.
Figure 13-2 Data transmission in broadcast mode
Suppose the Users B, D, and E need the information, the information source Server broadcasts the information through the
router; User A and User C can also receive the information. In that case, information security and rewards to services are not
guaranteed. Moreover, bandwidth is terribly wasted when only a few part of users are in need of the information.
In short, the unicast mode is useful in networks with scattered users, and the multicast mode is suitable for networks with
dense users. When the number of users is uncertain, the adoption of unicast or multicast mode results in low efficiency.
11.1.2 Advantages of Multicast
I. Multicast
IP multicast technology solves those problems. It allows the multicast source to send the information once only, and ensures
that the information will not be duplicated or distributed unless it reaches a fork in the tree route established by the multicast
routing protocol. See Figure 13-3 Data transmission in multicast mode.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 89 - - www.stephen-tele.com
Figure 13-3 Data transmission in multicast mode
Suppose the Users B, D, and E need the information, they need to be organized into a receiver group to ensure that the
information can reach them smoothly. The routers on the network duplicate and forward the information according to the
distribution of these users in the group.
In multicast mode, the information sender is called the "multicast source", the receiver is called the "multicast group", and the
routers for multicast information transmission are called "multicast routers". Members of a multicast group can scatter around
the network; the multicast group therefore has no geographical limitation. It should be noted that a multicast source does not
necessarily belong to a multicast group. It sends data to multicast groups but is not necessarily a receiver. Multiple sources can
send packets to a multicast group simultaneously.
II. Advantages
The main advantages of multicast are:
� Enhanced efficiency: It reduces network traffic and relieves server and CPU of loads.
� Optimized performance: It eliminates traffic redundancy.
� Distributed application: It enables multipoint application.
11.1.3 Application of Multicast
IP multicast technology effectively implements point to multi-point forwarding with high speed, as saves network bandwidth a
lot and can relieve network loads. It facilitates also the development of new value-added services in the Internet information
service area that include online live show, Web TV, tele-education, telemedicine, network radio station and real-time
audio/video conferencing. It takes a positive role in:
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 90 - - www.stephen-tele.com
� Multimedia and streaming media application
� Occasional communication for training and cooperation
� Data storage and finance (stock) operation
� Point-to-multipoint data distribution
With the increasing popularity of multimedia services over IP network, multicast is gaining its marketplace.
11.2 Implementation of IP Multicast
11.2.1 Multicast Addresses
In multicast mode, there are questions about where to send the information, how to locate the destination or know the
receiver. All these questions can be narrowed down to multicast addressing. To guarantee the communication between a
multicast source and a multicast group, the network layer multicast address (namely the IP multicast address) is required,
along with the technique to correlate it with the link layer MAC multicast address. Following is the introduction to these two
kinds of addresses.
I. IP Multicast Addresses
According to the definition in Internet Assigned Number Authority (IANA), IP addresses fall into four types: Class A, Class B,
Class C and Class D. Unicast packets use IP addresses of Class A, Class B or Class C, depending on specific packet
scales.Multicast packets use IP addresses of Class D as their destination addresses, but Class D IP addresses cannot be
contained in the source IP field of IP packets.
During unicast data transmission, a packet is transmitted "hop-by-hop" from the source address to the destination address.
However, in IP multicast environment, a packet has more than one destination address, or a group of addresses. All the
information receivers are added to a group. Once a receiver joins the group, the data for this group of addresses start flowing
to this receiver. All members in the group can receive the packets.
Membership here is dynamic, and a host can join or leave the group at any time. A multicast group can be permanent or
temporary. Some multicast group addresses are allocated by IANA, and the multicast group is called permanent multicast
group. The IP addresses of a permanent multicast group are unchangeable, but its membership is changeable, and the number
of members is arbitrary. It is quite possible for a permanent group to not a single member. Those not reserved for permanent
multicast groups can be used by temporary multicast groups. Class D multicast addresses range from 224.0.0.0 to
239.255.255.255. More information is listed in Table 13-1 Ranges and meanings of Class D addresses.
Table 13-1 Ranges and meanings of Class D addresses
Class D address range Description
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 91 - - www.stephen-tele.com
224.0.0.0∼224.0.0.255 Reserved multicast addresses (addresses of
permanent groups). All but 224.0.0.0 can be
allocated by routing protocols.
224.0.1.0∼238.255.255.255 Multicast addresses available for users (addresses of
temporary groups). They are valid in the entire
network.
239.0.0.0∼239.255.255.255 Multicast addresses for local management. They are
valid only in the specified local range.
Reserved multicast addresses that are commonly used are described in the following table.
Table 13-2 Reserved multicast address list
Class D address range Description
224.0.0.0
Base Address (Reserved)
224.0.0.1
Addresses of all hosts
224.0.0.2
Addresses of all multicast routers
224.0.0.3
Not for allocation
224.0.0.4
DVMRP routers
224.0.0.5
OSPF routers
224.0.0.6
OSPF DR
224.0.0.7
ST routers
224.0.0.8
ST hosts
224.0.0.9
RIP-2 routers
224.0.0.10
IGRP routers
224.0.0.11
Active agents
224.0.0.12
DHCP server/Relay agent
224.0.0.13 All PIM routers
224.0.0.14
RSVP encapsulation
224.0.0.15
All CBT routers
224.0.0.16 Specified SBM
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 92 - - www.stephen-tele.com
224.0.0.17
All SBMS
224.0.0.18
VRRP
II. Ethernet Multicast MAC Addresses
When a unicast IP packet is transmitted on the Ethernet, the destination MAC address is the MAC address of the receiver.
However, for a multicast packet, the destination is no longer a specific receiver but a group with unspecific members.
Therefore, the multicast MAC address should be used.
As Internet Assigned Number Authority (IANA) provisions, the high 24 bits of a multicast MAC address are 0x01005e and the
low 23 bits of a MAC address are the low 23 bits of a multicast IP address.
Figure 13-4 Mapping between a multicast IP address and an Ethernet MAC address
The first four bits of the multicast address are 1110, representing the multicast identifier. Among the rest 28 bits, only 23 bits
are mapped to the MAC address, and the other five bits are lost. This may results in that 32 IP addresses are mapped to the
same MAC address.
11.2.2 IP Multicast Protocols
Multicast involves multicast group management protocols and multicast routing protocols. Their application positions are
shown in Figure 1-5 Application positions of multicast-related protocols.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 93 - - www.stephen-tele.com
Figure 13-5 Application positions of multicast-related protocols
I. Multicast group management protocol
Multicast groups use Internet group management protocol (IGMP) as the management protocols. IGMP runs between the
switch and multicast router and defines the membership establishment and maintenance mechanism between them.
II. Multicast routing protocols
A multicast routing protocol runs between multicast routers to create and maintain multicast routes for correct and efficient
forwarding of multicast packet. The multicast routing creates a loop-free data transmission path from one source to multiple
receivers.The task of multicast routing protocols is to build up the distribution tree architecture. A multicast router can use
multiple methods to build up a path for data transmission, that is, a distribution tree.
As in unicast routing, the multicast routing can also be intra-domain or inter-domain. Intra-domain multicast routing is rather
mature and protocol independent multicast (PIM) is the most wildly used intra-domain protocol, which can work in
collaboration with unicast routing protocols. The inter-domain routing first needs to solve how to transfer routing information
between ASs. Since the ASs may belong to different telecom carriers, the inter-domain routing information must contain
carriers’ policies, in addition to distance information. Currently, inter-domain routing protocols include multicast source
discovery protocol (MSDP) and MBGP multicast extension.
11.3 IP Multicast Packet Forwarding
To ensure that multicast packets reach a router along the shortest path, the multicast router must check the receiving
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 94 - - www.stephen-tele.com
interface of multicast packets depending on the unicast routing table or a unicast routing table independently provided for
multicast. This check mechanism is the basis for most multicast routing protocols to perform multicast forwarding, and is
known as Reverse Path Forwarding (RPF) check. A multicast router uses the source address of a received multicast packet to
query the unicast routing table or the independent multicast routing table to determine that the receiving interface is on the
shortest path from the receiving station to the source. If a source tree is used, the source address is the address of the source
host sending the multicast packet. If a shared tree is used, the source address is the RP address of the shared tree. A multicast
packet arriving at the router will be forwarded according to the multicast forwarding entry if it passes the RPF check, or else, it
will be discarded.
11.4 IGMP Snooping Configuration
11.4.1 IGMP Snooping Overview
11.4.1.1 IGMP Snooping Principle
IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2
Ethernet switch and it is used for multicast group management and control.
IGMP Snooping runs on the link layer. When receiving the IGMP messages transmitted between the host and router, the Layer
2 Ethernet switch uses IGMP Snooping to analyze the information carried in the IGMP messages. If the switch hears IGMP host
report message from an IGMP host, it will add the host to the corresponding multicast table. If the switch hears IGMP leave
message from an IGMP host, it will remove the host from the corresponding multicast table. The switch continuously listens to
the IGMP messages to create and maintain MAC multicast address table on Layer 2. And then it can forward the multicast
packets transmitted from the upstream router according to the MAC multicast address table.
When IGMP Snooping is disabled, the packets are multicast on Layer 2. See the following figure:
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 95 - - www.stephen-tele.com
Figure 13-6 Multicast packet transmission without IGMP Snooping
When IGMP Snooping runs, the packets are not broadcast on Layer 2. See the following figure:
Figure 13-7 Multicast packet transmission when IGMP Snooping runs
11.4.1.2 Implement IGMP Snooping
I. Related concepts of IGMP Snooping
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 96 - - www.stephen-tele.com
To facilitate the description, this section first introduces some related switch concepts of IGMP Snooping:
� Router Port: The port of the switch, directly connected to the multicast router.
� Multicast member port: The port connected to the multicast member.The multicast member refers to a host joined a
multicast group.
� MAC multicast group: The multicast group is identified with MAC multicast address and maintained by the Ethernet
switch.
� Router port aging time: Time set on the router port aging timer. If the switch has not received any IGMP general query
message before the timer times out, it considers the port no longer as a router port.
� Multicast group member port aging time: When a port joins an IP multicast group,the aging timer of the port will begin
timing. The multicast group member port aging time is set on this aging timer. If the switch has not received any IGMP
report message before the timer times out, it transmits IGMP specific query message to the port.
� Maximum response time: When the switch transmits IGMP specific query message to the multicast member port, the
Ethernet switch starts a response timer,which times before the response to the query. If the switch has not received any
IGMP report message before the timer times out, it will remove the port from the multicast member ports
II. Implement Layer 2 multicast with IGMP Snooping
The Ethernet switch runs IGMP Snooping to listen to the IGMP messages and map the host and its ports to the corresponding
multicast group address. To implement IGMP Snooping, the Layer 2 Ethernet switch processes different IGMP messages in the
way illustrated in the figure below:
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 97 - - www.stephen-tele.com
Figure 13-8 Implement IGMP Snooping
1) IGMP general query message: Transmitted by the multicast router to the multicast group members to query which
multicast group contains member. When an IGMP general query message arrives at a router port, the Ethernet switch will
reset the aging timer of the port. When a port other than a router port receives the IGMP general query message, the
Ethernet switch will notify the multicast router that a port is ready to join a multicast group and starts the aging timer for
the port.
2) IGMP specific query message: Transmitted from the multicast router to the multicast members and used for querying if a
specific group contains any member. When received IGMP specific query message, the switch only transmits the
specific query message to the IP multicast group which is queried.
3) IGMP report message: Transmitted from the host to the multicast router and used for applying to a multicast group or
responding to the IGMP query message. When received the IGMP report message, the switch checks if the MAC multicast
group, corresponding to the IP multicast group the packet is ready to join exists.
If the corresponding MAC multicast group does not exist, the switch only notifies the router that a member is ready to
join a multicast group, creates a new MAC multicast group, adds the port received the message to the group, starts the
port aging timer, and then adds all the router ports in the native VLAN of the port into the MAC multicast forwarding
table, and meanwhile creates an IP multicast group and adds the port received the report message to it. If the
corresponding MAC multicast group exists but does not contains the port received the report message, the switch adds
the port into the multicast group and starts the port aging timer.
And then the switch checks if the corresponding IP multicast group exists. If it does not exist, the switch creates a new IP
multicast group and adds the port received the report message to it. If it exists, the switch adds the port to it. If the MAC
multicast group corresponding to the message exists and contains the port received the message, the switch will only
reset the aging timer of the port.
4) IGMP leave message: Transmitted from the multicast group member to the multicast router to notify that a router host
left the multicast group. When received a leave message of an IP multicast group, the Ethernet switch transmits the
specific query message concerning that group to the port received the message, in order to check if the host still has
some other member of this group and meanwhile starts a maximum response timer. If the switch has not receive any
report message from the multicast group, the port will be removed from the corresponding MAC multicast group. If the
MAC multicast group does not have any member, the switch will notify the multicast router to remove it from the
multicast tree.
11.4.2 IGMP Snooping Configuration
The main IGMP Snooping configuration includes:
� Enabling/disabling IGMP Snooping
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 98 - - www.stephen-tele.com
� Configuring the aging time of multicast group member port
Among the above configuration tasks, enabling IGMP Snooping is required, while others are optional for your requirements.
11.4.2.1 Enabling/Disabling IGMP Snooping
You can use the following commands to enable/disable IGMP Snooping to control whether MAC multicast forwarding table is
created and maintained on Layer 2.
Beginning in privileged EXEC mode, follow these steps to enable IGMP snooping.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 system igmp-snooping enable Enable IGMP Snooping
Step 3 exit Return to privileged EXEC mode.
Step 4 show system config Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable IGMP snooping, use system igmp-snooping disable global configuration command.
By default, IGMP Snooping is disabled.
11.4.2.2 Configuring Aging Time of Multicast Group Member
This task is to manually set the aging time of the multicast group member port. If the switch receives no multicast group report
message during the member port aging time, it will transmit the specific query message to that port and starts a maximum
response timer.
Beginning in privileged EXEC mode, follow these steps to configure Aging Time of Multicast Group Member.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 igmp-snooping timeout seconds Configure aging time
Step 3 exit Return to privileged EXEC mode.
Step 4 show igmp-snooping timeout Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 99 - - www.stephen-tele.com
By default, the aging time of the multicast member is 300 seconds.
11.4.3 IGMP Snooping Configuration Example
11.4.3.1 Enable IGMP Snooping
I. Networking requirements
To implement IGMP Snooping on the switch, first enable it. The switch is connected with the router via the router port, and
with user PC through the non-router ports.
II. Networking diagram
Figure 13-9 IGMP Snooping configuration networking
III. Configuration procedure
# Enable IGMP snooping on switch
switch(config)#system igmp-snooping enable
11.4.4 Troubleshoot IGMP Snooping
Fault: Multicast function cannot be implemented on the switch.
Troubleshooting:
1) IGMP Snooping is disabled.
� Input the display current-configuration command to display the status of IGMP Snooping.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 100 - - www.stephen-tele.com
� If the switch disabled IGMP Snooping, check whether the IGMP Snooping is not nabled globally or it is not enabled in the
VLAN. If it is not enabled globally, first nput the igmp-snooping enable command in system view and then in VLAN iew. If
it is not enabled in the VLAN, input the same command in VLAN view.
2) Multicast forwarding table set up by IGMP Snooping is wrong.
� Input the display igmp-snooping group command to display if the multicast roup is the expected one.
� If the multicast group created by IGMP Snooping is not correct, turn to rofessional maintenance personnel for help.
� Continue with diagnosis 3 if the second step is completed.
3) Multicast forwarding table set up on the bottom layer is wrong.
� Enable IGMP Snooping group in user view and then input the command display gmp-snooping group to check if MAC
multicast forwarding table in the bottom ayer and that created by IGMP Snooping is consistent. You may also input the
isplay mac vlan command in any view to check if MAC multicast forwarding able under vlanid in the bottom layer and that
created by IGMP Snooping is onsistent.
� If they are not consistent,please contact the maintenance personnel for help.
11.5 Static Multicast Group Configuration
11.5.1 Introduction to Static Multicast Group Configuration
The static multicast group configuration is a mode of the multicast group management, it specified the multicast forwarding
table, etc.
11.5.2 Static Multicast Group Configuration
Static multicast group configuration includes:
� Add/delete static multicast group.
Beginning in privileged EXEC mode, follow these steps to add static multicast group.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 multicast-group static add vid vlan-id mac-address
port-list
Add static multicast group.
Mac-address is multicast group address.
Port-list is port member list, format is
port-number+m,such as 01m
Step 3 exit Return to privileged EXEC mode.
Step 4 show multicast-group Verify your entries.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 101 - - www.stephen-tele.com
Step 5 write (Optional) Save your entries in the
configuration file.
To delete a static multicast group, use multicast-group static add vid vlan-id mac-address global configuration command.
11.6 IGMP Configuration
11.6.1 IGMP Overview
11.6.1.1 Introduction to IGMP
Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite responsible for management of IP multicast
members. It is used to establish and maintain multicast membership among IP hosts and their directly connected neighboring
routers. IGMP excludes transmitting and maintenance of membership information among multicast routers, which are
completed by multicast routing protocols. All hosts participating in multicast must implement IGMP.
Hosts participating in IP multicast can join and leave a multicast group at any time. The number of members of a multicast
group can be any integer and the location of them can be anywhere. A multicast router does not need and cannot keep the
membership of all hosts. It only uses IGMP to learn whether receivers (i.e., group members) of a multicast group are present
on the subnet connected to each interface. A host only needs to keep which multicast groups it has joined.
IGMP is not symmetric on hosts and routers. Hosts need to respond to IGMP query messages from the multicast router, i.e.,
report the group membership to the router. The router needs to send membership query messages periodically to discover
whether hosts join the specified group on its subnets according to the received response messages. When the router receives
the report that hosts leave the group, the router will send a group-specific query packet (IGMP Version 2) to discover whether
no member exists in the group.
Up to now, IGMP has three versions, namely, IGMP Version 1 (defined by RFC1112), IGMP Version 2 (defined by RFC2236) and
IGMP Version 3. At present, IGMP Version 2 is the most widely used version.
IGMP Version 2 boasts the following improvements over IGMP Version 1:
I. Election mechanism of multicast routers on the shared network segment
A shared network segment means that there are multiple multicast routers on a network segment. In this case, all routers
running IGMP on the network segment can receive the membership report from hosts. Therefore, only one router is necessary
to send membership query messages. In this case, the router election mechanism is required to specify a router as the querier.
In IGMP Version 1, selection of the querier is determined by the multicast routing protocol. While IGMP Version 2 specifies
that the multicast router with the lowest IP address is elected as the querier when there are multiple multicast routers on the
same network segment.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 102 - - www.stephen-tele.com
II. Leaving group mechanism
In IGMP Version 1, hosts leave the multicast group quietly without informing the multicast router. In this case, the multicast
router can only depend on the timeout of the response time of the multicast group to confirm that hosts leave the group. In
Version 2, when a host is intended to leave, it will send a leave group message if it is the host who responds to the latest
membership query message.
III. Specific group query
In IGMP Version 1, a query of a multicast router is targeted at all the multicast groups on the network segment, which is
known as General Query. In IGMP Version 2, Group-Specific Query is added besides general query. The destination IP address
of the query packet is the IP address of the multicast group. The group address domain in the packet is also the IP address of
the multicast group. This prevents the hosts of members of other multicast groups from sending response messages.
IV. Max response time
The Max Response Time is added in IGMP Version 2. It is used to dynamically adjust the allowed maximum time for a host to
response to the membership query message.
11.6.2 IGMP Configuration
1) IGMP basic configuration includes:
� Enabling multicast routing
� Enabling IGMP on an interface
2) IGMP advanced configuration includes:
� Configuring the IGMP version
� Configuring the interval of sending IGMP Group-Specific Query packet
� Configuring the times of sending IGMP Group-Specific Query packet
� Configuring the limit of IGMP groups on an interface
� Configuring a router to join specified multicast group
� Controlling the access to IP multicast groups
� Configuring the IGMP query message interval
� Configuring the IGMP querier present timer
� Configuring the maximum query response time
� Deleting IGMP Groups Joined on an Interface
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 103 - - www.stephen-tele.com
11.6.2.1 Enabling Multicast routing
Enable multicast first before enabling IGMP and the multicast routing protocol.
Beginning in privileged EXEC mode, follow these steps to enable IP multicast routing.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip multicast-routing enable Enable IP multicast routing.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip mroute Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
By default, multicast is disabled.
To disable multicast routing, use the ip multicast-routing disable global configuration command.
11.6.2.2 Enabling Igmp on a interface
Only multicast function is enabled can the ip multicast-routing enable command be executed. After this, you can initiate IGMP
feature configuration.
Beginning in privileged EXEC mode, follow these steps to enable igmp on a interface.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip pim interface interface-id sparse-mode enable Enable IP multicast routing.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip igmp interface interface-id Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
By default, multicast is disabled.
To disable multicast routing, use the ip pim interface interface-id sparse-mode disable global configuration command.
11.6.2.3 Configuring the IGMP Version
Beginning in privileged EXEC mode, follow these steps to configuring the igmp version.
Command Purpose
Step 1 config terminal Enter global configuration mode.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 104 - - www.stephen-tele.com
Step 2 ip igmp interface interface-id
version { 1 | 2 }
Specify the IGMP version that the switch
uses.
Note:
If you change to Version 1, you cannot
configure the ip igmp query-interval or
the ip igmp query-max-response-time
interface configuration commands.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip igmp interface interface-id Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
By default, IGMP Version 2 is used.
�Note:
All routers on a subnet must support the same version of IGMP. After detecting the presence of IGMP Version 1
system, a router cannot automatically switch to Version 1.
11.6.2.4 Configuring the Interval to Send IGMP Query Message
Multicast routers send IGMP query messages to discover which multicast groups are present on attached networks. Multicast
routers send query messages periodically to refresh their knowledge of members present on their networks.
Beginning in privileged EXEC mode, follow these steps to configuring the Interval to Send IGMP Query Message.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip igmp query-interval seconds Configure the interval to send IGMP query
message
By default, the interval is 60 seconds.
Seconds is range from 1 to 65535.
Step 3 exit Return to privileged EXEC mode.
Step 4 write (Optional) Save your entries in the
configuration file.
When there are multiple multicast routers on a network segment, the querier is responsible for sending IGMP query messages
to all hosts on the LAN.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 105 - - www.stephen-tele.com
11.6.2.5 Configuring the Interval of Querying IGMP Packets
On the shared network, it is the query router (querier) that maintains IGMP membership on the interface. When an IGMP
querier receives an IGMP Leave Group message from a host, the last member query interval can be specified for
Group-Specific Queries.
� The host sends the IGMP Leave message.
� Upon receiving the message, IGMP querier sends the designated group IGMP query message for specified times (defined
by the robust-value in igmp robust-count, with the default value as 1 second) and at a time interval (defined by the
seconds in igmp lastmember-queryinterval, with the default value as 2).
� When other hosts reciver the message from the IGMP querier and are interested in this group, they return the IGMP
Memberhsip Report message within the defined maximum response time.
� If IGMP querier receives the report messges from other hosts within the period equal to robust-value × seconds, it
continues memberhship maintenance for this group.
� If it receives no report message from any other host within this peroid, it reckens
this as timeout and ends mebership maintenance for this group.
This command can be used only when the querier runs IGMP version 2, since a host running IGMP Version 1 does not send
IGMP Leave Group message when it leaves a group.
Beginning in privileged EXEC mode, follow these steps to configuring the Interval of Querying IGMP Packets
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip igmp last-query-interval senconds Configure interval for querying IGMP
packets
By default, the interval is 1 seconds.
Seconds is range from 1 to 65.
Step 3 exit Return to privileged EXEC mode.
Step 4 write (Optional) Save your entries in the
configuration file.
11.6.2.6 Changing the IGMP Query Timeout for IGMPv2
If you are using IGMPv2, you can specify the period of time before the switch takes over as the querier for the interface. By
default, the switch waits twice the query interval controlled by the ip igmp query-interval interface configuration command.
After that time, if the switch has received no queries,it becomes the querier.
You can configure the query interval by entering the show ip igmp interface interface-id privileged EXEC command.
Beginning in privileged EXEC mode, follow these steps to change the IGMP query timeout. This procedure is optional.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 106 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip igmp querier-timeout senconds Specify the IGMP query timeout.
The default is 60 seconds (twice the query
interval). The range is 60 to 300.
Step 3 exit Return to privileged EXEC mode.
Step 4 write (Optional) Save your entries in the
configuration file.
11.6.2.7 Changing the Maximum Query Response Time for IGMPv2
If you are using IGMPv2, you can change the maximum query response time advertised in IGMP queries. The maximum query
response time enables the switch to quickly detect that there are no more directly connected group members on a LAN.
Decreasing the value enables the switch to prune groups faster.
Beginning in privileged EXEC mode, follow these steps to change the maximum query response time.This procedure is
optional.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip igmp query-max-response seconds Change the maximum query response
time advertised in IGMP queries.
The default is 10 seconds. The range is 1
to 25.
Step 3 exit Return to privileged EXEC mode.
Step 4 write (Optional) Save your entries in the
configuration file.
11.6.2.8 Configuring a Router to Join Specified Multicast Group
Usually, the host operating IGMP will respond to IGMP query packet of the multicast router. In case of response failure, the
multicast router will consider that there is no multicast member on this network segment and will cancel the corresponding
path. Configuring one interface of the router as multicast member can avoid such problem. When the interface receives IGMP
query packet, the router will respond, thus ensuring that the network segment where the interface is connected can normally
receive multicast packets.
For an ethernet switch, you can configure a port in a VLAN interface to join a multicast group.
Beginning in privileged EXEC mode, follow these steps to configure a router to join specified multicast group.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 107 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip igmp interface interface-id join-group
group-address
Configure a router to join specified
multicast group
By default, a router joins no multicast
group.
Step 3 exit Return to privileged EXEC mode.
Step 4 write (Optional) Save your entries in the
configuration file.
To leave a group , use ip igmp interface interface-id leave-group group-address global configuration command.
11.6.2.9 Configuring the Switch as a Statically Connected Member
Sometimes there is either no group member on a network segment or a host cannot report its group membership by using
IGMP. However, you might want multicast traffic to go to that network segment. These are ways to pull multicast traffic down
to a network segment:
� Use the ip igmp interface interface-id join-group Globle configuration command. With this method, the switch accepts
the multicast packets in addition to forwarding them. Accepting the multicast packets prevents the switch from fast
switching.
� Use the ip igmp interface interface-id static-group globle configuration command. With this method, the switch does not
accept the packets itself, but only forwards them. This method enables fast switching. The outgoing interface appears in
the IGMP cache, but the switch itself is not a member, as evidenced by lack of an L (local) flag in the multicast route entry.
Beginning in privileged EXEC mode, follow these steps to configure the switch itself to be a statically connected member of a
group (and enable fast switching). This procedure is optional.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip igmp interface interface-id static-group add
group-address
Configure the switch as a statically
connected member of a group.
By default, this feature is disabled.
Step 3 exit Return to privileged EXEC mode.
Step 4 write (Optional) Save your entries in the
configuration file.
To remove the switch as a member of the group, use ip igmp interface interface-id static-group delete group-address globle
configuration command.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 108 - - www.stephen-tele.com
11.7 PIM-SM Configuration
11.7.1 PIM-SM Overview
11.7.1.1 Introduction to PIM-SM
PIM-SM (Protocol Independent Multicast, Sparse Mode) belongs to sparse mode multicast routing protocols. PIM-SM is mainly
applicable to large-scale networks with broad scope in which group members are relatively sparse.
Different from the flood & prune principle of the dense mode, PIM-SM assumes that all hosts do not need to receive multicast
packets, unless there is an explicit request for the packets.
PIM-SM uses the RP (Rendezvous Point) and the BSR (Bootstrap Router) to advertise multicast information to all PIM-SM
routers and uses the join/prune information of the router to build the RP-rooted shared tree (RPT), thereby reducing the
bandwidth occupied by data packets and control packets and reducing the process overhead of the router. Multicast data
flows along the shared tree to the network segments the multicast group members are on. When the data traffic is sufficient,
the multicast data flow can switch over to the SPT (Shortest Path Tree) rooted on the source to reduce network delay. PIM-SM
does not depend on the specified unicast routing protocol but uses the present unicast routing table to perform the RPF
check.
Running PIM-SM needs to configure candidate RPs and BSRs. The BSR is responsible for collecting the information from the
candidate RP and advertising the information.
11.7.1.2 PIM-SM Working Principle
The PIM-SM working process is as follows: neighbor discovery, building the RP-rooted shared tree (RPT), multicast source
registration and SPT switchover etc. The neighbor discovery mechanism is the same as that of PIM-DM, which will not be
described any more.
I. Build the RP shared tree (RPT)
When hosts join a multicast group G, the leaf routers that directly connect with the hosts send IGMP messages to learn the
receivers of multicast group G. In this way, the leaf routers calculate the corresponding rendezvous point (RP) for multicast
group G and then send join messages to the node of a higher level toward the rendezvous point (RP). Each router along the
path between the leaf routers and the RP will generate (*, G) entries in the forwarding table, indicating that all packets sent to
multicast group G are applicable to the entries no matter from which source they are sent. When the RP receives the packets
sent to multicast group G, the packets will be sent to leaf routers along the path built and then reach the hosts. In this way, an
RP-rooted tree (RPT) is built as shown in the following figure.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 109 - - www.stephen-tele.com
Figure 13-10 RPT schematic diagram
II. Multicast source registration
When multicast source S sends a multicast packet to the multicast group G, the PIM-SM multicast router directly connected to
S will encapsulate the received packet into a registration packet and send it to the corresponding RP in unicast form. If there
are multiple PIM-SM multicast routers on a network segment, the Designated Router (DR) will be responsible for sending the
multicast packet.
11.7.1.3 Preparations before Configuring PIM-SM
I. Configuring candidate RPs
In a PIM-SM network, multiple RPs (candidate-RPs) can be configured. Each Candidate-RP (C-RP) is responsible for forwarding
multicast packets with the destination addresses in a certain range. Configuring multiple C-RPs is to implement load balancing
of the RP. These C-RPs are equal. All multicast routers calculate the RPs corresponding to multicast groups according to the
same algorithm after receiving the C-RP messages that the BSR advertises.
It should be noted that one RP can serve multiple multicast groups or all multicast groups. Each multicast group can only be
uniquely correspondent to one RP at a time rather than multiple RPs.
II. Configuring BSRs
The BSR is the management core in a PIM-SM network. Candidate-RPs send announcement to the BSR, which is responsible
for collecting and advertising the information about all candidate-RPs. It should be noted that there can be only one BSR in a
network but you can configure multiple candidate-BSRs. In this case, once a BSR fails, you can switch over to another BSR. A
BSR is elected among the C-BSRs automatically. The C-BSR with the highest priority is elected as the BSR. If the priority is the
same, the C-BSR with the largest IP address is elected as the BSR.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 110 - - www.stephen-tele.com
III. Configuring static RP
The router that serves as the RP is the core router of multicast routes. If the dynamic RP elected by BSR mechanism is invalid
for some reason, the static RP can be configured to specify RP. As the backup of dynamic RP, static RP improves network
robusticity and enhances the operation and management capability of multicast network.
11.7.2 PIM-SM Configuration
1) PIM-SM basic configuration includes:
� Enabling Multicast
� Enabling PIM-SM
� Configuring the PIM-SM domain border
� Configuring candidate-BSRs
� Configuring candidate-RPs
� Configuring static RP
2) PIM-SM advanced configuration includes:
� Configuring the sending interval for the Hello packets of the interface
� Configuring the filtering of multicast source/group
� Configuring the filtering of PIM neighbor
� Configuring the maximum number of PIM neighbor on an interface
� Configuring RP to filter the register messages sent by DR
� Clearing multicast route entries from PIM routing table
� Clearing PIM neighbor
It should be noted that at least one router in an entire PIM-SM domain should be configured with Candidate-RPs and
Candidate-BSRs.
11.7.2.1 Enabling Multicast
Refer to 13.6.2.1
11.7.2.2 Enabling PIM-SM
This configuration can be effective only after multicast is enabled.
Beginning in privileged EXEC mode, follow these steps to enable PIM-SM.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 111 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip pim interface interface-id sparse-mode enable Enable IP multicast routing.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip igmp interface interface-id Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
Repeat this configuration to enable PIM-SM on other interfaces. Only one multicast routing protocol can be enabled on an
interface at a time.
11.7.2.3 Configuring Candidate-BSRs
In a PIM domain, one or more candidate BSRs should be configured. A BSR (Bootstrap Router) is elected among candidate
BSRs. The BSR takes charge of collecting and advertising RP information.
The automatic election among candidate BSRs is described as follows:
One interface which has started PIM-SM must be specified when configuring the router as the candidate BSR.
At first, each candidate BSR considers itself as the BSR of the PIM-SM domain, and sends Bootstrap message by taking the IP
address of the interface as the BSR address.
When receiving Bootstrap messages from other routers, the candidate BSR will compare the BSR address of the newly
received Bootstrap message with that of itself. Comparison standards include priority and IP address. The bigger IP address is
considered better when the priority is the same. If the new BSR address is better, the candidate BSR will replace its BSR
address and stop regarding itself as the BSR.
Otherwise, the candidate BSR will keep its BSR address and continue to regard itself as the BSR.
Beginning in privileged EXEC mode, follow these steps to configure Candidate-BSRs.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip pim bsr-candidate interface-id [ priority priority ] Configure a candidate-BSR
By default, no BSR is set. The default
priority is 0.
Priority range is 0 to 255.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip pim bsr-router Verify your entries.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 112 - - www.stephen-tele.com
Step 5 write (Optional) Save your entries in the
configuration file.
Candidate-BSRs should be configured on the routers in the network backbone
Caution:
One router can only be configured with one candidate-BSR. When a candidate-BSR is configured on another
interface, it will replace the previous configuration.
11.7.2.4 Configuring Candidate-RPs
In PIM-SM, the shared tree built by the multicast routing data is rooted at the RP. There is a mapping from a multicast group
to an RP. A multicast group can be mapped to an RP. Different groups can be mapped to one RP.
Beginning in privileged EXEC mode, follow these steps to configure Candidate-RPs.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip pim rp-candidate interface-id [ priority priority ] Configure a candidate-RP
The default priority is 0.Priority range is 0 to
255.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip pim rp Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
When configuring RP, if the range of the served multicast group is not specified, the RP will serve all multicast groups.
Otherwise, the range of the served multicast group is the multicast group in the specified range. It is suggested to configure
Candidate RP on the backbone router.
11.7.2.5 Configuring Static RP
Static RP serves as the backup of dynamic RP, so as to improve network robusticity.
Beginning in privileged EXEC mode, follow these steps to configure static RP.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip pim rp-address set ip-address Configure static RP
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 113 - - www.stephen-tele.com
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip pim rp Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
If static RP is in use, all routers in the PIM domain must adopt the same configuration. If the configured static RP address is the
interface address of the local router whose state is UP, the router will function as the static RP. It is unnecessary to enable PIM
on the interface that functions as static RP.
When the RP elected from BSR mechanism is valid, static RP does not work.
11.7.2.6 Modifying the PIM Router-Query Message Interval
PIM routers and multilayer switches send PIM router-query messages to find which device will be the DR for each LAN
segment (subnet). The DR is responsible for sending IGMP host-query messages to all hosts on the directly connected LAN.
With PIM SM operation, the DR is the device that is directly connected to the multicast source. It sends PIM register messages
to notify the RP that multicast traffic from a source needs to be forwarded down the shared tree. In this case, the DR is the
device with the highest IP address.
Beginning in privileged EXEC mode, follow these steps to modify the router-query message interval. This procedure is optional.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 ip pim query-interval seconds
Configure the frequency at which the
switch sends PIM router-query messages.
The default is 30 seconds. The range is 1
to 65535.
Step 3 exit Return to privileged EXEC mode.
Step 4 show ip igmp interface interface-id
Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
12 ACL Configuration
12.1 ACL Overview
A series match rules must be configured to recognize the packets before they are filtered. Only when packets are identified,
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 114 - - www.stephen-tele.com
can the network take corresponding actions, allowing or prohibiting them to pass, according to the preset policies. Access
control list (ACL) is targeted to achieve these functions.
ACLs classify packets using a series of matching rules, which can be source addresses, destination addresses and port IDs. ACLs
can be used globally on the switch or just at a port, through which the switch determines whether to forward or drop the
packets.
The matching rules defined in ACLs can also be imported to differentiate traffic in other situations, for example, defining traffic
classification rules in QoS.
An ACL rule can include many sub-rules, which may be defined for packets of different size. Matching order involves in
matching an ACL.
12.2 configuring ACL
The ACL configuration tasks include:
� Define ACL
� Activate ACL
You are recommended to run the configuration tasks in order, that is, first define ACL and last activate the ACL.
12.2.1 Defining ACL
The switch supports several types of ACLs, which are described in this section. Follow these steps to define an ACL.
1) Enter the corresponding ACL configuration mode.
2) Define ACL sub-rules.
�Note:
� The ACL will be effective at any time after being activated.
� You can define multiple rules for the ACL by using the rule command several times.
� The switch does not support the explicit “deny any any” rule for the egress IP ACL or the egress MAC ACLs.
Beginning in privileged EXEC mode, follow these steps to define ACL.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 access-list ruleid rule-id [deny | permit] priority
priority [port-list | default]
Enter the corresponding ACL configuration
mode.
Rule-id range is 1 to 999.
Priority range is 0 to 8, 8 is the highest
level.
Port-list indicate the rule binding port
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 115 - - www.stephen-tele.com
member, format is port-number + m, such
as 01m.
Default indicate all ports.
Step 3 subset ip {any | source-add source-mask} [dst-add
dst-mask]
Setting based ip ACL rule.
Setting based MAC ACL rule.
Setting based protocol ACL rule.
Setting based VLAN ID ACL rule.
subset mac {any | dst-mac} {any | source-mac}
subset protocol {type-number | igmp | ipinip |
ospf | pim | icmp | tcp [src-port src-port |
dst-port dst-port | established [src-port src-port |
dst-port dst-port]] | udp [src-port src-port |
dst-port dst-port ]}
subset vlan-id vlan-id
Step 4 exit Return to privileged EXEC mode.
Step 4 show access-list ruleid rule-id Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete a ACL, use no access-list ruleid rule-id global configuration command.
Command Attributes:
� Source-add/Dest-add – Specifies the source or destination IP address. Use “Any” to match any address.
� Source-mask/dst-mask – Source or destination address of rule must match this subnet mask. When source or destination
IP address is a host, the mask must be 255.255.255.255; when source or destination IP address is network address, the
mask must be corresponding subnet mask.
� Source-mac/dst-mac – Source or destination MAC address, Use “Any” to include all possible addresses
� Type-number - indicates a specific protocol number (0-255).
� Source-port/Dest-Port – Source/destination port number for the specified protocol type. (Range: 0-65535)
12.2.2 Activating ACL
After activating an ACL, you must activate it. This configuration activates those ACLs to filter or classify the packets forwarded
by hardware.
Beginning in privileged EXEC mode, follow these steps to active ACLs.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 116 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 packet-filter enable ruleid rule-id Activating ACL.
Step 3 exit Return to privileged EXEC mode.
Step 4 show access-list ruleid rule-id Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To inactive a ACL, use packet-filter disable ruleid rule-id global configuration command.
12.3 configuring Default ACL
When you configured a ACL on a port, the system auto create a default ACL on the port and the default ACL’s rule permit any
packet. So when you need the switch deny any packet on a port you should configure the default ACL manually.
Beginning in privileged EXEC mode, follow these steps to configure default ACL.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 access-list default set port-list {deny | permit} Configuring default ACL.
Step 3 exit Return to privileged EXEC mode.
Step 4 show access-list default Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
12.4 ACL Configuration Example
I. Networking requirement
The intranet is connected through 100 Mbps ports between departments. The server of the financial department is connected
through the port 1 (subnet address 129.110.1.2). With proper ACL configuration, the CEO’s office can access the server, but
other departments can not access it.
II. Networking diagram
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 117 - - www.stephen-tele.com
Figure 14-1 Networking for advanced ACL configuration
III. Configuration procedure
13 QoS Configuration
Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch
due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high-priority
queue will be transmitted before those in the lower-priority queues. You can set the priority for each interface, and configure
the mapping of frame priority tags to the switch’s priority queues.
Mapping CoS Values to Egress Queues
This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service
schedules based on strict or Weighted Round Robin (WRR). Up to eight separate traffic priorities are defined in IEEE 802.1p.
The default priority levels are assigned according to recommendations in the IEEE 802.1p standard as shown in the following
table.
Table 15-1 Egress Queue Priority Mapping
Queue 0 1 2 3 4 5 6 7
Priority 0 1 2 3 4 5 6 7
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 118 - - www.stephen-tele.com
The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in the following
table.
Table 15-2 CoS Priority Levels
0 Best Effort
1 Background
2 (Spare)
3 Excellent Effort
4 Controlled Load
5 Video, less than 100 milliseconds latency and jitter
6 Voice, less than 10 milliseconds latency and jitter
7 Network Control
13.1 Setting the Queue Mode
You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be
processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative
weight of each queue. WRR uses a predefined relative weight for each queue that determines the percentage of service time
the switch services each queue before moving on to the next queue. This prevents the head-of-line blocking that can occur
with strict priority queuing.
Beginning in privileged EXEC mode, follow these steps to set the Queue mode.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 traffic-policy running-mode {strict-queue |
weighted-queue }
Setting the Queue running mode.
Step 3 exit Return to privileged EXEC mode.
Step 4 show traffic-policy all Verify your entries.
Step 5 write (Optional) Save your entries in the configuration
file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 119 - - www.stephen-tele.com
13.2 Setting the Priority for Port
You can specify the port priority for each port on the switch. All untagged packets entering the switch are tagged with the
specified port priority, and then sorted into the appropriate priority queue at the output port.
This switch provides four priority queues for each port. It uses Weighted Round Robin to prevent head-of-queue blockage.
The t priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both untagged and
tagged frames). This priority does not apply to IEEE 802.1Q VLAN tagged frames. If the incoming frame is an IEEE 802.1Q VLAN
tagged frame, the IEEE 802.1p User Priority bits will be used.
If the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to
transmission.
Beginning in privileged EXEC mode, follow these steps to set port priority.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 traffic-policy link-group set group-id port –list
local-precedence priority
Creating the link-group to set priority for
the port.
Group-id - range is 1 to 26.
Port-list – format is port-number + m, such
as 01m.
Priority – range is 0 to 7, 7 is the highest
precedence.
Step 3 traffic-policy link-group enable group-id Enable the traffic policy to set priority for
the port.
Step 4 exit Return to privileged EXEC mode.
Step 5 show traffic-policy all Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
To delete the link-group, use no traffic-policy link-group group-id global configuration command.
To disable traffic policy to set the priority for the port, use traffic-policy link-group disable group-id global configuration
command.
13.3 Mapping IP Precedence
The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging
from highest priority for network control packets to lowest priority for routine traffic. The default IP Precedence values are
mapped one-to-one to Class of Service values (i.e., Precedence value 0 maps to CoS value 0, and so forth). Bits 6 and 7 are
used for network control, and the other bits for various application types. ToS bits are defined in the following table.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 120 - - www.stephen-tele.com
Table 15-3 Mapping IP Precedence
Priority Level Traffic Type
0 Routine
1 Priority
2 Immediate
3 Flash
4 Flash Override
5 Critical
6 Internetwork Control
7 Network Control
Beginning in privileged EXEC mode, follow these steps to enable IP precedence to map to local precedence.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 traffic-policy tos set default [port-list] Creating IP precedence one-to-one map
to local precedence policy for port.
Port-list – format is port-number + m,
such as 01m.
Step 3 traffic-policy tos enable Enable the traffic policy of mapping IP
precedence.
Step 4 exit Return to privileged EXEC mode.
Step 5 show traffic-policy all Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
To disable traffic policy of mapping IP precedence, use traffic-policy tos disable global configuration command.
13.4 Changing Priorities Based on ACL Rules
You can change traffic priorities for frames matching the defined ACL rule.
�Note:
Before initiating any of these QoS configuration tasks, you should first define the corresponding ACL. Then you can
achieve packet filtering just by activating the right ACL.
Beginning in privileged EXEC mode, follow these steps to change priorities Based on ACL rules.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 121 - - www.stephen-tele.com
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 traffic-policy acl-group set group-id access-list
ruleid rule-id local-precedence precedence
Creating Based on ACL rules traffic policy.
Group-id – Based on ACL rules traffic
policy group ID (range: 0 to 999).
Precedence – range : 0 to 7, 7 is the
highest precedence.
Step 3 traffic-policy acl-group enable group-id Enable the traffic policy Based on ACL
rules.
Step 4 exit Return to privileged EXEC mode.
Step 5 show traffic-policy all Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
To disable traffic policy Based on ACL rules, use traffic-policy acl-group disable group-id global configuration command.
14 802.1x Configuration
14.1 802.1x Overview
14.1.1 802.1x Standard Overview
IEEE 802.1x (hereinafter simplified as 802.1x) is a Port Based Network Access Control protocol. IEEE issued it in 2001 and
suggested the related manufacturers should use the protocol as the standard protocol for LAN user access authentication. The
802.1x originated from the IEEE 802.11 standard, which is the standard for wireless LAN user access. The initial purpose of
802.1x was to implement the wireless LAN user access authentication. Since its principle is commonly applicable to all the
LANs complying with the IEEE 802 standards, the protocol finds wide application in wired LANs.In the LANs complying with the
IEEE 802 standards, the user can access the devices and share the resources in the LAN through connecting the LAN access
control device like the LAN Switch. However, in telecom access, commercial LAN (a typical example is the LAN in the office
building) and mobile office etc., the LAN providers generally hope to control the user’s access. In these cases, the requirement
on the above-mentioned “Port Based Network Access Control” originates.
As the name implies, “Port Based Network Access Control” means to authenticate and control all the accessed devices on the
port of LAN access control device. If the user’s device connected to the port can pass the authentication, the user can access
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 122 - - www.stephen-tele.com
the resources in the LAN. Otherwise, the user cannot access the resources in the LAN. It equals that the user is physically
disconnected.
802.1x defines port based network access control protocol and only defines the point-to-point connection between the access
device and the access port. The port can be either physical or logical. The typical application environment is as follows: Each
physical port of the LAN Switch only connects to one user workstation (based on the physical port) and the wireless LAN
access environment defined by the IEEE 802.11 standard (based on the logical port), etc.
14.1.2 802.1x System Architecture
The system using the 802.1x is the typical C/S (Client/Server) system architecture. It contains three entities, which are
illustrated in the following figure: Supplicant System,Authenticator System and Authentication Sever System.
The LAN access control device needs to provide the Authenticator System of 802.1x.The devices at the user side such as the
computers need to be installed with the 802.1x client Supplicant software, for example, the 802.1x client provided by CHIMA
(or by Microsoft Windows XP). The 802.1x Authentication Sever system normally stays in the carrier’s AAA center.
Authenticator and Authentication Sever exchange information through EAP (Extensible Authentication Protocol) frames. The
Supplicant and the Authenticator exchange information through the EAPoL (Extensible Authentication Protocol over LANs)
frame defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame, which is to be encapsulated in the
packets of other AAA upper layer protocols (e.g. RADIUS) so as to go through the complicated network to reach the
Authentication Server. Such procedure is called EAP Relay.
There are two types of ports for the Authenticator. One is the Uncontrolled Port, and the other is the Controlled Port. The
Uncontrolled Port is always in bi-directional connection state. The user can access and share the network resources any time
through the ports.The Controlled Port will be in connecting state only after the user passes the authentication. Then the user
is allowed to access the network resources.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 123 - - www.stephen-tele.com
Figure 16-1 802.1x system architecture
14.1.3 802.1x Authentication Process
802.1x configures EAP frame to carry the authentication information. The Standard defines the following types of EAP frames:
� EAP-Packet: Authentication information frame, used to carry the authentication information.
� EAPoL-Start: Authentication originating frame, actively originated by the Supplicant.
� EAPoL-Logoff: Logoff request frame, actively terminating the authenticated state.
� EAPoL-Key: Key information frame, supporting to encrypt the EAP packets.
� EAPoL-Encapsulated-ASF-Alert: Supports the Alerting message of Alert Standard Forum (ASF).
The EAPoL-Start, EAPoL-Logoff and EAPoL-Key only exist between the Supplicant and the Authenticator. The EAP-Packet
information is re-encapsulated by the Authenticator System and then transmitted to the Authentication Server System. The
EAPoL-Encapsulated-ASF-Alert is related to the network management information and terminated by the Authenticator.
802.1x provides an implementation solution of user ID authentication. However, 802.1x itself is not enough to implement the
scheme. The administrator of the access device should configure RADIUS or local authentication so as to assist 802.1x to
implement the user ID authentication.
14.1.4 Implement 802.1x on Ethernet Switch
This Series Ethernet Switches not only support the port access authentication method regulated by 802.1x, but also extend
and optimize it in the following way:
� Support to connect several End Stations in the downstream via a physical port.
� The access control (or the user authentication method) can be based on MAC address.
In this way, the system becomes much securer and easier to manage.
14.2 802.1x Configuration
The Main 802.1x configuration includes:
� Enabling/Disabling 802.1x
� Setting port authentication state
� Setting maximum number of users via each port
14.2.1 Enabling/Disabling 802.1x
The following command can be used to enable/disable the 802.1x on globally.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 124 - - www.stephen-tele.com
Beginning in privileged EXEC mode, follow these steps to enable/disable 802.1x.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dot1x system-auth-control enable Enable 802.1x.
Step 3 exit Return to privileged EXEC mode.
Step 4 show dot1x system-auth-control Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable 802.1x ,use dot1x system-auth-control disable global configuration command.
14.2.2 Setting port authentication state
The following command can be used to set port authentication state.
Beginning in privileged EXEC mode, follow these steps to set port authentication state.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dot1x ports port-list Set port authentication state.
Port-list: format is port-number+”m/-“;
“m” indicate member,”-“ indicate not a
member.
Step 3 exit Return to privileged EXEC mode.
Step 4 show dot1x ports Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
14.2.3 Setting Supplicant Number on a Port
The following commands are used for setting number of users allowed by 802.1x on specified port. When no port is specified,
all the ports accept the same number of supplicants.
Beginning in privileged EXEC mode, follow these steps to set maximum number of users via each port.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dot1x multiple-host-num number Set maximum number of users via each
port.
Number range is 1 to 256.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 125 - - www.stephen-tele.com
Step 3 exit Return to privileged EXEC mode.
Step 4 show dot1x ports Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
14.3 802.1x Configuration Example
I. Networking requirements
As shown in the following figure, the workstation of a user is connected to the port 1 of the Switch.
The switch administrator will enable 802.1x on all the ports to authenticate the supplicants so as to control their access to the
Internet. The access control mode is configured as based on the MAC address.
A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2 respectively, is connected to the switch. The
former one acts as the primary-authentication/accounting server. The latter one acts as the secondary-authentication/
ccounting server. Set the encryption key as “test” when the system exchanges packets with the RADIUS server.
Configure the system to transmit a real-time accounting packet to the RADIUS server every 15 minutes.
The user name of the local 802.1x access user is local user and the password is local pass (input in plain text).
II. Networking diagram
Figure 16-2 Enabling 802.1x and RADIUS to perform AAA on the supplicant
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 126 - - www.stephen-tele.com
III. Configuration procedure
�Note:
The following examples concern most of the RADIUS configuration commands.
For details, refer to the chapter RADIUS Protocol Configuration.
# Configure 802.1x
switch(config)#dot1x system-auth-control enable
switch(config)#dot1x ports 01m
# Configure radius client service
switch(config)#radiusclient ipaddress 10.1.1.254
switch(config)#radiusclient service enable
switch(config)#radiusclient accounting interval 1
#Configure radius server
switch(config)#radiusserver master_ipaddress 10.1.1.1
switch(config)#radiusserver slave_ipaddress 10.1.1.2
switch(config)#radiusserver master_port 1812 1813
switch(config)#radiusserver slave_port 1812 1813
switch(config)#radiusserver master_key test
switch(config)#radiusserver slave_key test
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 127 - - www.stephen-tele.com
15 RADIUS Protocol Configuration
15.1 RADIUS Protocol Overview
I. What is RADIUS
Remote Authentication Dial-In User Service, RADIUS for short, is a kind of distributed information switching protocol in
Client/Server architecture. RADIUS can prevent the network from interruption of unauthorized access and it is often used in
the network environments requiring both high security and remote user access. For example, it is often used for managing a
large number of scattering dial-in users who use serial ports and modems. RADIUS system is the important auxiliary part of
Network Access Server (NAS).
After RADIUS system is started, if the user wants to have right to access other network or consume some network resources
through connection to NAS (dial-in access server in PSTN environment or Ethernet switch with access function in Ethernet
environment), NAS, namely RADIUS client end, will transmit user AAA request to the RADIUS server.RADIUS server has a user
database recording all the information of user authentication and network service access. When receiving user’s request from
NAS, RADIUS server performs AAA through user database query and update and returns the configuration information and
accounting data to NAS. Here, NAS controls supplicant and corresponding connections, while RADIUS protocol regulates how
to transmit configuration and accounting information between NAS and RADIUS.
NAS and RADIUS exchange the information with UDP packets. During the interaction,both sides encrypt the packets with keys
before uploading user configuration information (like password etc.) to avoid being intercepted or stolen.
II. RADIUS operation
RADIUS server generally uses proxy function of the devices like access server to perform user authentication. The operation
process is as follows: First, the user send request message (the client username and encrypted password is included in the
message ) to RADIUS server. Second, the user will receive from RADIUS server various kinds of response messages in which the
ACCEPT message indicates that the user has passed the authentication, and the REJECT message indicates that the user has
not passed the authentication and needs to input username and password again, otherwise he will be rejected to access.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 128 - - www.stephen-tele.com
15.2 Implementing RADIUS on Ethernet Switch
By now, we understand that in the above-mentioned RADIUS framework, SPEED Series Ethernet Switches, serving as the user
access device or NAS, is the client end of RADIUS. In other words, the RADIUS concerning client-end is implemented on SPEED
Series Ethernet Switches.
15.3 Configuring RADIUS Protocol
RADIUS protocol configuration includes:
� Enable/disable radius client service
� Setting radius client ip address
� Setting a real-time accounting interval
� Setting IP Address of RADIUS Server
� Setting Port Number of RADIUS Server
� Setting RADIUS packet encryption key
15.3.1 Enable/disable radius client service
Beginning in privileged EXEC mode, follow these steps to enable radius client service.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 radiusclient service enable Enable radius client service.
Step 3 exit Return to privileged EXEC mode.
Step 4 show radiusclient service Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable radius client service ,use radiusclient service disable global configuration command.
15.3.2 Setting radius client ip address
Beginning in privileged EXEC mode, follow these steps to setting radius client ip address.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 radiusclient ipaddress ip-address Setting radius client ip address.
Ip-address is vlan interface ip address.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 129 - - www.stephen-tele.com
Step 3 exit Return to privileged EXEC mode.
Step 4 show radiusclient ipaddress Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
15.3.3 Setting a Real-time Accounting Interval
To implement real-time accounting, it is necessary to set a real-time accounting interval.After the attribute is set, NAS will
transmit the accounting information of online users to the RADIUS server regularly.
You can use the following command to set a real-time accounting interval.
Beginning in privileged EXEC mode, follow these steps to setting a real-time accounting interval.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 radiusclient accounting interval minutes Setting a real-time accounting interval.
Minutes must be same as radius server
setting.
When minutes is set to 0 ,the radius client
does not sent update message to radius
server.
Step 3 exit Return to privileged EXEC mode.
Step 4 show radiusclient accounting interval Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
15.3.4 Setting IP Address of RADIUS Server
Set IP addresses for the RADIUS servers, including primary/second authentication/authorization servers and accounting
servers.
You can use the following commands to configure the IP address for RADIUS servers.
Beginning in privileged EXEC mode, follow these steps to setting ip address for radius server.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 radiusserver master_ipaddress ip-address Setting ip address for master radius
server.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 130 - - www.stephen-tele.com
Step 3 radiusserver slave_ipaddress ip-address (optional) Setting ip address for slave
radius server
Step 4 show radiusserver master_ipaddress Verify your entries.
Step 5 show radiusserver slave_ipaddress Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
By default, all the IP addresses of primary/second authentication/authorization and accounting servers are 0.0.0.0.
15.3.5 Setting Port of RADIUS Server
Set port for the RADIUS servers, including primary/second authentication/authorization servers and accounting servers.
You can use the following commands to configure the port number for RADIUS servers.
Beginning in privileged EXEC mode, follow these steps to setting port for radius server.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 radiusserver master_port authentication-port
account-port
Setting port for master radius server.
Step 3 radiusserver slave_port authentication-port
account-port
(optional) Setting port for slave radius
server
Step 4 show radiusserver master_port Verify your entries.
Step 5 show radiusserver slave_port Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
15.3.6 Setting RADIUS Packet Encryption Key
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the exchanged packets. The two ends verify
the packet through setting the encryption key.Only when the keys are identical can both ends to accept the packets from each
other end and give response.
You can use the following commands to set the encryption key for RADIUS packets.
Beginning in privileged EXEC mode, follow these steps to setting radius packet encryption key.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 radiusserver master_key string Setting encryption key for master radius
server.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 131 - - www.stephen-tele.com
Step 3 radiusserver slave_key string (optional) Setting encryption key for slave
radius server
Step 4 show radiusserver master_key Verify your entries.
Step 5 show radiusserver slave_key Verify your entries.
Step 6 write (Optional) Save your entries in the
configuration file.
By default, the keys of RADIUS authentication/authorization and accounting packets are all “test”.
16 DHCP Protocol Configuration
This chapter describes how to configure DHCP Server and DHCP Relay features on the switch.
16.1 DHCP Relay configuration
16.1.1 Brief Introduction to DHCP Relay
With the extension of network and improving of network complexity, network configuration is becoming more and more
complex. Dynamic Host Configuration Protocol (DHCP) is issued to ease user’s fast accessing and exiting the network and
improve utilization of the IP addresses in places where computers should be often moved (e.g., portable computer or wireless
network is used) or the host number exceeds the number of IP addresses which can be allocated. DHCP works in Client/Server
mode. With this protocol, the DHCP Client can dynamically request configuration information and the DHCP Server can
configure the information for the Client conveniently.
In the early days, the DHCP was only suitable for the case, when the DHCP Client and DHCP Server locate on the same subnet,
and could not work across the network segments. If the early DHCP is used to dynamically configure the host, each subnet
should be equipped with a DHCP Server, which is obviously uneconomical. The introduction of DHCP relay solves this difficulty.
The DHCP relay serves as relay between the DHCP Client and the DHCP Server located on different subnets. The DHCP packets
can be relayed to the destination DHCP Server (or Client) across network segments. Thereby, the DHCP clients on different
networks can use the same DHCP Server. This is economical and convenient for centralized management.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 132 - - www.stephen-tele.com
Figure 18-1 DHCP Relay typical application
DHCP Relay work on this principle:
� In the startup and DHCP initialization, DHCP Client advertises configuration request messages to the local network.
� If there is a DHCP Server in the local network, you can initiate DHCP configuration directly, with DHCP Relay unnecessary.
� Otherwise, when a device with DHCP Relay enabled which is connected with the local network receives the messages, it
will make necessary processing and forward them to the designated DHCP Server on other network.
� DHCP Server makes configurations according to the information from DHCP Client and sends the configuration result via
DHCP Relay back to DHCP Client.
In practice, several times of interaction behaviors may be required in the dynamic configuration of DHCP Client.
16.1.2 Configuring DHCP Relay
DHCP relay configuration includes:
� Specifying VLAN interface to forward DHCP packets.
� Configuring the IP Address of a DHCP Server.
� Enabling/disabling DHCP Relay service.
16.1.2.1 Specifying VLAN interface to forward DHCP packets
Beginning in privileged EXEC mode, follow these steps to specify VLAN interface to forward DHCP packets.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dhcpr listen add index vlan-interface Specifying VLAN interface to forward DHCP
packets
Vlan-interface format is vint+interface-id
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 133 - - www.stephen-tele.com
Step 3 exit Return to privileged EXEC mode.
Step 4 show dhcpr listen Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete VLAN interface of forwarding DHCP packets, use dhcpr listen delete index global configuration command.
16.1.2.2 Configuring the IP Address of a DHCP Server
Beginning in privileged EXEC mode, follow these steps to configure the IP Address of a DHCP Server.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dhcpr targetip add index server-ipaddress Configuring the IP address of a DHCP
Server.
Step 3 exit Return to privileged EXEC mode.
Step 4 show dhcpr targetip Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete the IP address of a DHCP Server, use dhcpr targetip del index global configuration command.
16.1.2.3 Enabling/disabling DHCP Relay service
Beginning in privileged EXEC mode, follow these steps to enable DHCP Relay service.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dhcpr service enable Enable DHCP Relay service.
Step 3 exit Return to privileged EXEC mode.
Step 4 show dhcpr service Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable DHCP Relay service, use dhcpr service disable global configuration command.
16.2 DHCP Server configuration
The switch can act as a DHCP server. This switch includes a Dynamic Host Configuration Protocol (DHCP) server that can assign
temporary IP addresses to any attached host requesting service. It can also provide other network settings such as the domain
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 134 - - www.stephen-tele.com
name, default gateway, Domain Name Servers (DNS) etc. Addresses can be assigned to clients from a common address pool
configured for a specific IP interface on this switch.
16.2.1 Configuring DHCP Relay
DHCP Server configuration includes:
� Specifying VLAN interface to forward DHCP packets.
� Enabling/disabling DHCP Server service.
� Add IP address pool .
� Setting DNS for DHCP Server (optional)
� Setting lease time for DHCP Server (optional).
16.2.1.1 Specifying VLAN interface to forward DHCP packets
Beginning in privileged EXEC mode, follow these steps to specify VLAN interface to forward DHCP packets.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dhcps listen add index vlan-interface Specifying VLAN interface to forward
DHCP packets
Vlan-interface format is vint+interface-id
Step 3 exit Return to privileged EXEC mode.
Step 4 show dhcps listen Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete VLAN interface of forwarding DHCP packets, use dhcps listen delete index global configuration command.
16.2.1.2 Enabling/disabling DHCP Server service
Beginning in privileged EXEC mode, follow these steps to enable DHCP Server service.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dhcps service enable Enable DHCP Relay service.
Step 3 exit Return to privileged EXEC mode.
Step 4 show dhcps service Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 135 - - www.stephen-tele.com
To disable DHCP Server service, use dhcps service disable global configuration command.
16.2.1.3 Add IP address pool
Beginning in privileged EXEC mode, follow these steps to add IP address pool.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dhcps addresspool add name start-ip end-ip gate-way
net-mask [dns1 dns1-ip | dns2 dns2-ip |leasetime
seconds | parameters string]
Add IP address pool
Step 3 exit Return to privileged EXEC mode.
Step 4 show dhcps addresspool Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete IP address pool, use dhcps addresspool del name global configuration command.
16.2.1.4 Setting DNS for DHCP Server (optional)
Beginning in privileged EXEC mode, follow these steps to set DNS for DHCP Server.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dhcps dns dns-ip Setting DNS for DHCP Server.
Step 3 exit Return to privileged EXEC mode.
Step 4 show dhcps dns Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
16.2.1.5 Setting lease time for DHCP Server (optional)
Beginning in privileged EXEC mode, follow these steps to set DNS for DHCP Server.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 dhcps leasetime seconds Setting lease time for DHCP Server.
By default seconds is 691200.
Step 3 exit Return to privileged EXEC mode.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 136 - - www.stephen-tele.com
Step 4 show dhcps dns Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
16.3 DHCP Protocol Configuration Example
16.3.1 DHCP Relay Configuration Example
I. Networking requirements
The segment address for DHCP Client is 10.110.0.0, which is connected to a port in the VLAN2 on the switch. The IP address of
DHCP Server is 202.38.1.2. The DHCP packets should be forwarded via the switch with DHCP Relay enabled. DHCP Client can
get IP address and other configuration information from DHCP Server.
II. Networking diagram
Figure 18-2 Networking diagram of configuring DHCP relay
III. Configuration procedure
# Configure VLAN and specify IP address for VLAN
switch(config)#vlan static set vid 1 01-
switch(config)#vlan static add vid 2 01u
switch(config)#vlan port pvid 1 2
switch(config)#ip address add vint 1 202.38.1.1 255.255.255.0 vid 1
switch(config)#ip address add vint 2 10.110.1.1 255.255.255.0 vid 2
# Configure DHCP Relay
switch(config)#dhcpr listen add 1 vint1
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 137 - - www.stephen-tele.com
switch(config)#dhcpr listen add 2 vint2
switch(config)#dhcpr targetip add 1 202.38.1.2
switch(config)#dhcpr service enable
16.3.2 DHCP Server Configuration Example
I. Networking requirements
The segment address for DHCP Client is 10.110.0.0, which is connected to a port in the VLAN2 on the switch. When DHCP
Server service enabled. DHCP Client can get IP address and other configuration information from DHCP Server.
II. Networking diagram
Figure18-3 Networking diagram of configuring DHCP Server
III. Configuration procedure
# Configure VLAN and specify IP address for VLAN
switch(config)#vlan static set vid 1 01-
switch(config)#vlan static add vid 2 01u
switch(config)#vlan port pvid 1 2
switch(config)#ip address add vint 2 10.110.1.1 255.255.255.0 vid 2
# Configure DHCP Server
switch(config)#dhcps listen add 1 vint2
switch(config)#dhcps service enable
switch(config)#dhcps addresspool add pool1 10.110.1.2 10.110.1.254 10.110.1.1 255.255.255.0 dns1 202.96.128.68 dns2
211.95.193.97
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 138 - - www.stephen-tele.com
17 SNMP Configuration
17.1 SNMP Overview
By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer
networks. SNMP has been put into use and widely accepted as an industry standard in practice. It is used for ensuring the
transmission of the management information between any two nodes. In this way,network administrators can easily search
and modify the information on any node on the network. In the meantime, they can locate faults promptly and implement the
fault diagnosis, capacity planning and report generating. SNMP adopts the polling mechanism and provides the most basic
function set. It is most applicable to the small-sized, fast-speed and low-cost environment. It only requires the unverified
transport layer protocol UDP; and is thus widely supported by many other products.
In terms of structure, SNMP can be divided into two parts, namely, Network Management Station and Agent. Network
Management Station is the workstation for running the client program. At present, the commonly used NM platforms include
Sun NetManager and IBM NetView. Agent is the server software operated on network devices. Network Management Station
can send GetRequest, GetNextRequest and SetRequest messages to the Agent. Upon receiving the requests from the Network
Management Station, Agent will perform Read or Write operation according to the message types, generate and return the
Response message to Network Management Station. On the other hand, Agent will send Trap message on its own initiative to
the Network Management Station to report the events whenever the device encounters any abnormalities such as new device
found and restart.
17.2 SNMP Versions and Supported MIB
To uniquely identify the management variables of a device in SNMP messages, SNMP adopts the hierarchical naming scheme
to identify the managed objects. It is like a tree.A tree node represents a managed object, as shown in the figure below. Thus
the object can be identified with the unique path starting from the root.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 139 - - www.stephen-tele.com
Figure 19-1 Architecture of the MIB tree
The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined
by the standard variables of the monitored network device. In the above figure, the managed object B can be uniquely
specified by a string of numbers {1.2.1.1}. The number string is the Object Identifier of the managed object.
The current SNMP Agent of Ethernet switch supports SNMP V1, V2C and V3. The MIBs supported are listed in the following
table.
Table 19-1 MIBs supported by the Ethernet Switch
MIB attribute
MIB content
References
Public MIB
MIB II based on TCP/IP network device
RFC1213
BRIDGE MIB
RFC1493
RFC2675
RIP MIB
RFC1724
RMON MIB
RFC2819
Ethernet MIB
RFC2665
OSPF MIB
RFC1253
IF MIB
RFC1573
Private MIB
VLAN MIB
Device management
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 140 - - www.stephen-tele.com
17.3 Configure SNMP
The main configuration of SNMP includes:
� Set community Name
� Set the Destination Address of Trap
� Set Trap parameters
17.3.1 Setting Community Name
SNMP V1 and SNMPV2C adopt the community name authentication scheme. The SNMP message incompliant with the
community name accepted by the device will be discarded. SNMP Community is named with a character string, which is called
Community Name. The various communities can have read-only or read-write access mode. The community with read-only
authority can only query the device information, whereas the community with read-write authority can also configure the
device. Beginning in privileged EXEC mode, follow these steps to set Community Name.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 snmp community set index string {read-only|
read-write }
Set community string.
Index: range is 1 to 8.
Step 3 exit Return to privileged EXEC mode.
Step 4 show snmp community Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete community string ,use snmp community delete index global configuration command.
17.3.2 Setting the Destination Address of Trap
You can use the following commands to set or delete the destination address of the trap.
Beginning in privileged EXEC mode, follow these steps to set the Destination Address of Trap.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 snmp traps host host-number hostaddr ip-address
[port udp-port]
Set the destination address of trap.
Host-number: range is 1 to 3.
Step 3 exit Return to privileged EXEC mode.
Step 4 show snmp traps Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 141 - - www.stephen-tele.com
17.3.3 Setting Trap Parameters
You can use the following commands to set trap parameters.
Beginning in privileged EXEC mode, follow these steps to set trap parameters.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 snmp traps parameters index mpmodel {v1 |v2c | v3}
securemodel {v1 | v2c | usm} securename string
securelevel {AuthNoPriv |AuthPriv |noAuthNoPriv }
Set trap parameters.
Step 3 exit Return to privileged EXEC mode.
Step 4 show snmp traps Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
17.4 SNMP Configuration Example
I. Networking requirements
Network Management Station and the Ethernet switch are connected via the Ethernet. The IP address of Network
Management Station is 129.102.149.23 and that of the VLAN interface on the switch is 129.102.0.1. Perform the following
configurations on the switch: setting the community name and set trap host address.
II. Networking diagram
Figure 19-2 SNMP configuration example
III. Configuration procedure
# Configure community string
switch(config)#snmp community set 1 public read-write
# Configure trap host
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 142 - - www.stephen-tele.com
switch(config)#snmp traps host 1 hostaddr 129.102.149.23
18 VRRP Configuration
18.1 VRRP Overview
Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route (for example, 10.100.10.1 as
shown in the following internetworking diagram) will be configured for every host on a network, so that the packets destined
to some other network segment from the host will go through the default route to the Layer 3 Switch1, implementing
communication between the host and the external network. If Switch1 is down, all the hosts on this segment taking Switch1 as
the next-hop on the default route will be disconnected to the external network.
VRRP, designed for LANs with multicast and broadcast capabilities (such as Ethernet) settles the above problem. The diagram
below is taken as an example to explain the implementation principal of VRRP. VRRP combines a group of LAN switches
(including a Master and several Backups) into a virtual router (a backup group).
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 143 - - www.stephen-tele.com
This virtual router has its own IP address: 10.100.10.1 (which can be the interface address of a switch within the virtual router).
The switches within the virtual router have their own IP addresses (such as 10.100.10.2 for the Master switch and 10.100.10.3
for the BACKUP switch). The host on the LAN only knows the IP address of this virtual router 10.100.10.1, but not the specific
IP addresses 10.100.10.2 of the Master switch and 10.100.10.3 of the BACKUP switch. They configure their own default routes
as the IP address of this virtual router: 10.100.10.1. Therefore, hosts within the network will communicate with the external
network through this virtual router. If a Master switch in the virtual group breaks down, another BACKUP switch will function
as the new Master switch to continue serving the host with routing to avoid interrupting the communication between the host
and the external networks.
18.2 Configuring VRRP
Note:
Before you configure VRRP, you must confirm the ARP PROXY service already enabled. Enabling ARPRPOXY service use
arp proxy service enable global configuration command.
VRRP configuration includes:
� Set Correspondence between Virtual IP Address and MAC Address
� Add/Remove virtual IP address
� Configure the priority of switches in the virtual router.
� Enable the preemption mode
� Configure timer of the virtual router
� Configure to track a specified interface
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 144 - - www.stephen-tele.com
18.2.1 Adding/Deleting a Virtual IP Address
The following command is used for assigning an IP address of the local segment to a virtual router or removing an assigned
virtual IP address of a virtual router from the virtual address list.
Beginning in privileged EXEC mode, follow these steps to add a Virtual IP address.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 vrrp add vrid virtual-router-ID
virtual-ip virtual-ipaddress interface-id
Adding a Virtual IP address.
Virtual-router-id range is 1 to 255;
Interface-id format is vint+number, such
as vint1.
Step 3 exit Return to privileged EXEC mode.
Step 4 show vrrp configuration interface-id Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To delete a virtual IP address, use the vrrp delete vrid virtual-router-ID virtual-ip virtual-ipaddress interface-id global
configuration command.
The virtual-router-ID covers the range from 1 to 255. The virtual-address can be an unused address in the network segment
where the virtual router resides, or the IP address of an interface in the virtual router. If the IP address is of the switch, it can
also be configured. In this case, the switch will be called an IP Address Owner. When adding the first IP address to a virtual
router, the system will create a new virtual router accordingly. When adding new address to this backup group thereafter, the
system will directly add it into the virtual IP address list.
After the last virtual IP address is removed from the virtual router, the whole virtual router will also be removed. That is, there
is no more virtual router on the interface any more and any configuration of it is invalid accordingly.
18.2.2 Configuring the Priority of Switches in the Virtual Router
The status of each switch in the virtual router will be determined by its priority in VRRP.The switch with the highest priority
will become the Master.
The priority ranges from 0 to 255 (the greater the number, the higher the priority). However the value can only be taken from
1 to 254. The priority 0 is reserved for special use and 255 is reserved for the IP address owner by the system.
Beginning in privileged EXEC mode, follow these steps to Configure the Priority of Switches in the Virtual Router.
Command Purpose
Step 1 config terminal Enter global configuration mode.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 145 - - www.stephen-tele.com
Step 2 vrrp set vrid virtual-router-ID priority priority Configure the priority of switches in the
virtual Router
By default, the priority is 100,it’s range is
1to 254
Step 3 exit Return to privileged EXEC mode.
Step 4 show vrrp configuration vrid virtual-router-ID Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
18.2.3 Configuring Preemption for a Switch within a Virtual Router
Once a switch in the virtual router becomes the Master switch, so long as it still functions properly, other switches, even
configured with a higher priority later, cannot become the Master switch unless they are configured to work in preemption
mode. The switch in preemption mode will become the Master switch, when it finds its own priority is higher than that of the
current Master switch. Accordingly, the former Master switch will become the BACKUP switch.
Beginning in privileged EXEC mode, follow these steps to Configure Preemption for a Switch within a Virtual Router.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 vrrp set vrid virtual-router-ID preempt enable Configure Preemption for a Switch within
a Virtual Router.
Step 3 exit Return to privileged EXEC mode.
Step 4 show vrrp configuration vrid virtual-router-ID Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
To disable Preemption for a Switch within a Virtual Router, use vrrp set vrid virtual-router-ID preempt disable global
configuration command.
18.2.4 Configuring VRRP Timer
The Master switch advertises its normal operation state to the switches within the VRRP virtual router by sending them VRRP
packets regularly (at adver-interval). If the Backup has not received any VRRP packet from the Master after a period of time
(specified by master-down-interval), it will consider the Master as down. It will then take his place and become the Master.
You can use the following command to set a timer and adjust the interval, adver-interval, between Master transmits VRRP
packets. The master-down-interval of the BACKUP switch is three times that of the adver-interval. The excessive network
traffic or the differences between different switch timers will result in master-down-interval timing out and state changing
abnormally. Such problems can be solved through prolonging the adver-interval and setting delay time. adver-interval is
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 146 - - www.stephen-tele.com
measured in seconds.
Beginning in privileged EXEC mode, follow these steps to Configure VRRP Timer.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 vrrp set vrid virtual-router-ID adv-interval adv-interval Configure VRRP Timer;
Adv-interval range is 1 to 255, by default is
1 scond
Step 3 exit Return to privileged EXEC mode.
Step 4 show vrrp configuration vrid virtual-router-ID Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
18.2.5 Configuring Switch to Track a Specified Interface
VRRP interface track function has expanded the backup function. Backup is provided not only to the interface where the
virtual router resides, but also to some other malfunctioning switch interface. By implementing the following command you
can track some interface. If the interface which is tracked is DOWN, the priority of the switch including the interface will
reduce automatically by the value specified by value-reduced, thus resulting in comparatively higher priorities of other
switches within the virtual router, one of which will turn to Master switch so as to track this interface.
Beginning in privileged EXEC mode, follow these steps to Configure Switch to Track a Specified Interface.
Command Purpose
Step 1 config terminal Enter global configuration mode.
Step 2 vrrp set vrid virtual-router-ID track interface-id reduce reduce-value
Configure Switch to Track a Specified
Interface;
By default, reduce-value is taken to 10.
Step 3 exit Return to privileged EXEC mode.
Step 4 show vrrp configuration interface-id Verify your entries.
Step 5 write (Optional) Save your entries in the
configuration file.
�Note:
When the switch is an IP address owner, its interfaces cannot be tracked.If the interface tracked is up again, the
corresponding priority of the switch, including the interface, will update automatically
You can only track up to eight interfaces in one backup group.
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 147 - - www.stephen-tele.com
1.3 Displaying and debugging VRRP
After the above configuration, execute show command in any view to display the running of the VRRP configuration, and to
verify the effect of the configuration. Execute debug command in user view to debug VRRP configuration.
Command Operation
show vrrp configuration interface-id Display VRRP state information information.
show vrrp statistics interface-id Display VRRP statistics information information.
show vrrp configuration vrid virtual-router-ID Display VRRP state information information
show vrrp statistics vrid virtual-router-ID Display VRRP statistics information information.
debug vrrp trace Debug VRRP trace information
TO cancel debug VRRP, use no debug vrrp trace global configuration command.
18.3 VRRP Configuration Example
I. Networking requirements
Host A uses the VRRP virtual router which combines switch A and switch B as its default gateway to visit host B on the Internet.
VRRP virtual router information includes: virtual router ID1, virtual IP address 202.38.160.111, switch A as the Master and
switch B as the BACKUP allowed preemption.
II. Networking diagram
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 148 - - www.stephen-tele.com
III. Configuration Procedure
18.4 Troubleshoot VRRP
As the configuration of VRRP is not very complicated, almost all the malfunctions can be found through viewing the
configuration and debugging information. Here are some possible failures you might meet and the corresponding
troubleshooting methods.
I. Fault 1: frequent prompts of configuration errors on the console
This indicates that an incorrect VRRP packet has been received. It may be because of the inconsistent configuration of another
switch within the virtual router, or the attempt of some devices to send out illegal VRRP packets. The first possible fault can be
solved through modifying the configuration. And as the second possibility is caused by the malicious attempt of some devices,
non-technical measures should be resorted to.
II. Fault 2: More than one Masters existing within the same virtual router
There are also 2 reasons. One is short time coexistence of many Master switches, which is normal and needs no manual
intervention. Another is the long time coexistence of many Master switches, which may be because several Masters cannot
STCS5024 Full Gigabit Layer 3 switch User Manual
- - 149 - - www.stephen-tele.com
receive VRRP packets from each other, or receive some illegal packets.
To solve such problems, an attempt should be made to ping among the many Master switches and if such an attempt fails, it
indicates that there are other problems in existence. If they can be pinged through, it indicates that the problems are caused
by inconsistent configuration. For the configuration of the same VRRP virtual router,
complete consistence for the number of virtual IP addresses, each virtual IP address, timer duration and authentication type
must be guaranteed.
III. Fault 3: frequent switchover of VRRP state
Such problem occurs when the virtual router timer duration is set too short. So the problem can be solved through prolonging
this duration or configuring the preemption delay.
Copyright Notice:
No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any
language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise without the
prior written permission of Stephen Technologies Co.,Limited.
Disclaimer Notice:
No license is granted, implied or otherwise, under any patent or patent rights of Stephen Technologies Co.,LTD. Stephen
Technologies Co.,LTD, makes no warranties, implied or otherwise, in regard to this document and to the products described in
this document. The information provided by this document is believed to be accurate and reliable to the publication date of
this document. However, Stephen Technologies Co.,LTD assumes no responsibility for any errors in this document.
Furthermore, Stephen Technologies Co.,LTD, assumes no responsibility for the use or misuse of the information in this
document and for any patent infringements that may arise from the use of this document. The information and product
specifications within this document are subject to change at any time, without notice and without obligation to notify any
person of such change.
STEPHEN TECHNOLOGIES CO.,LIMITED
1204, LiuXiuShengChuangYeDaSha, High Tech
Park Southern Area, Shenzhen , China , 518057
Tel: +86 755 83016956
Fax: +86 755 83016321
Website: www.stephen-tele.com
Email: support@stephen-tele.com