GARP VLAN registration protocol (GVRP) can exchange VLAN configuration information dynamically. When the switch receives VLAN information and GARP VLAN Registration Protocol, the receiving interface joins that VLAN. If an interface VLAN does not exist , the switch will creates the VLAN automatically.

The GVRP max member of automatically creates the VLAN is 256.

Support Models

ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS5520 series, ECS4530 series, ECS2100 series, ECS2110 series, ECS3510 series

4100 switch1 config:

Console#configure
Console(config)#vlan database
Console(config-vlan)#vlan 10,20,30
Console(config-vlan)#exit
Console(config)#interface vlan 10
Console(config-if)#interface vlan 20
Console(config-if)#interface vlan 30
Console(config-if)#exit
Console(config)#bridge-ext gvrp
Console(config)#interface ethernet 1/1
Console(config-if)#switchport gvrp
Console(config-if)#exit
Console(config)#interface ethernet 1/11
Console(config-if)#switchport allowed vlan add 10,20,30

4100 switch2 config:

Console#configure
Console(config)#bridge-ext gvrp
Console(config)#interface ethernet 1/1
Console(config-if)#switchport gvrp

Show ip interface to check VLAN on 4100 switch1 : 

VLAN 10,20,30 Administrative up must be Link Up status

Show vlan on 4100 switch1 : 

VLAN 10,20,30 type should be static

Show vlan on 4100 switch2 : 

VLAN 10,20,30 type should be Dynamic

The BGP(Border Gateway Protocol) is to exchange network reachability information with other BGP systems.This network reachability information includes information on the list of Autonomous Systems (ASes). 

IBGP(Internal BGP) means the connection between internal peer that is in the same Autonomous System as the local system. EBGP(External BGP) means the connection between external peer that is in a different Autonomous System than the local system.

Scenario:

Procedure:

Switch_01 Configuration:

Step 1: BGP global config. Apply VLAN on port and configure VLAN's IP address.

sw1#
sw1#configure
sw1(config)#router bgp 65000
sw1(config-router)#network 192.168.1.0 255.255.255.0
sw1(config-router)#neighbor 2.2.2.2 remote-as 65001
sw1(config-router)#exit
sw1(config)#vlan database
sw1(config-vlan)#vlan 2
sw1(config-vlan)#exit
sw1(config)#interface vlan 1
sw1(config-if)#ip address 192.168.1.254/24
sw1(config-if)#exit
sw1(config)#interface vlan 2
sw1(config-if)#ip address 2.2.2.1/24
sw1(config-if)#
sw1(config-if)#exit
sw1(config)#interface ethernet 1/11
sw1(config-if)#switchport allowed vlan add 2
sw1(config-if)#switchport native vlan 2
sw1(config-if)#

sw2#
sw2#configre
sw2(config)#router bgp 65001
sw2(config-router)#network 2.2.2.0 255.255.255.0
sw2(config-router)#network 3.3.3.0 255.255.255.0
sw2(config-router)#neighbor 2.2.2.1 remote-as 65000
sw2(config-router)#neighbor 3.3.3.2 remote-as 65002
sw2(config-router)#exit
sw2(config)#vlan database
sw2(config-vlan)#vlan 2,3
sw2(config-vlan)#exit
sw2(config)#interface vlan 2
sw2(config-if)#ip address 2.2.2.2/24
sw2(config)#interface vlan 3
sw2(config-if)#ip address 3.3.3.1/24
sw2(config-if)#
sw2(config-if)#exit
sw2(config)#interface ethernet 1/11
sw2(config-if)#switchport allowed vlan add 2
sw2(config-if)#switchport native vlan 2
sw2(config-if)#
sw2(config)#interface ethernet 1/23
sw2(config-if)#switchport allowed vlan add 3
sw2(config-if)#switchport native vlan 3
sw2(config-if)#

sw3#
sw3#configre
sw3(config)#router bgp 65002
sw3(config-router)#network 192.168.2.0 255.255.255.0
sw3(config-router)#neighbor 3.3.3.1 remote-as 65001
sw3(config-router)#exit
sw3(config)#vlan database
sw3(config-vlan)#vlan 3,4
sw3(config-vlan)#exit
sw3(config)#interface vlan 3
sw3(config-if)#ip address 3.3.3.2/24
sw3(config-if)#exit
sw3(config)#interface vlan 4
sw3(config-if)#ip address 192.168.2.254/24
sw3(config-if)#
sw3(config-if)#exit
sw3(config)#interface ethernet 1/1
sw3(config-if)#switchport allowed vlan add 4
sw3(config-if)#switchport native vlan 4
sw3(config)#interface ethernet 1/23
sw3(config-if)#switchport allowed vlan add 3
sw3(config-if)#switchport native vlan 3
sw3(config-if)#

bgp status:

SW1:

display the AS number and neighbor 

display the routing table 

SW2:

display the AS number and neighbor 

display the routing table

SW3:

display the AS number and neighbor 

display the routing table

Scenario:

Configuration on SW1:

Setup VLAN

SW1#configure
SW1(config)#interface ethernet 1/1
SW1(config-if)#switchport allowed vlan add 10 untagged
SW1(config-if)#switchport native vlan 10
SW1(config-if)#switchport allowed vlan remove 1
SW1(config-if)#interface ethernet 1/12
SW1(config-if)#switchport allowed vlan add 20 untagged
SW1(config-if)#switchport native vlan 20
SW1(config-if)#switchport allowed vlan remove 1
SW1(config-if)#interface vlan 10
SW1(config-if)#ip address 192.168.10.254/24
SW1(config-if)#interface vlan 20
SW1(config-if)#ip address 192.168.20.1/24
SW1(config-if)#end

Enable OSPF

SW1#configure
SW1(config)#router ospf 1
SW1(config-router)#network 192.168.10.0 255.255.255.0 area 0
SW1(config-router)#network 192.168.20.0 255.255.255.0 area 0
SW1(config-router)#end

Enable Multicast Routing and PIM

SW1#configure
SW1(config)#ip multicast-routing
Note: IPv6 multicast routing will also be enabled.
SW1(config)#router pim
SW1(config-router)#end

Enable IGMP and PIM Dense-Mode on VLAN

SW1#configure
SW1(config)#interface vlan 10
SW1(config-if)#ip igmp
SW1(config-if)#ip pim dense-mode
SW1(config-if)#interface vlan 20
SW1(config-if)#ip igmp
SW1(config-if)#ip pim dense-mode
SW1(config-if)#end

Configuration on SW2:

Setup VLAN

SW2#configure
SW2(config)#interface ethernet 1/1
SW2(config-if)#switchport allowed vlan add 30 untagged
SW2(config-if)#switchport native vlan 30
SW2(config-if)#switchport allowed vlan remove 1
SW2(config-if)#interface ethernet 1/12
SW2(config-if)#switchport allowed vlan add 20 untagged
SW2(config-if)#switchport native vlan 20
SW2(config-if)#switchport allowed vlan remove 1
SW2(config-if)#interface vlan 30
SW2(config-if)#ip address 192.168.30.254/24
SW2(config-if)#interface vlan 20
SW2(config-if)#ip address 192.168.20.2/24
SW2(config-if)#end

Enable OSPF

SW2#configure
SW2(config)#router ospf 1
SW2(config-router)#network 192.168.30.0 255.255.255.0 area 0
SW2(config-router)#network 192.168.20.0 255.255.255.0 area 0
SW2(config-router)#end

Enable Multicast Routing and PIM

SW2#configure
SW2(config)#ip multicast-routing
Note: IPv6 multicast routing will also be enabled.
SW2(config)#router pim
SW2(config-router)#end

Enable IGMP and PIM Dense-Mode on VLAN

SW2#configure
SW2(config)#interface vlan 30
SW2(config-if)#ip igmp
SW2(config-if)#ip pim dense-mode
SW2(config-if)#interface vlan 20
SW2(config-if)#ip igmp
SW2(config-if)#ip pim dense-mode
SW2(config-if)#end

Test Result:

SW1,

Display PIM status and PIM neighbor for the specified interface

SW1#show ip pim interface
PIM is enabled.
VLAN 1 is down.
PIM Mode : Unspecified

VLAN 10 is up.
PIM Mode              : Dense Mode
IP Address            : 192.168.10.254
Hello Interval        : 30 sec
Hello HoldTime        : 105 sec
Triggered Hello Delay : 5 sec
Join/Prune Holdtime   : 210 sec
Lan Prune Delay       : Disabled
Propagation Delay     : 500 ms
Override Interval     : 2500 ms
Graft Retry Interval  : 3 sec
Max Graft Retries     : 3
State Refresh Ori Int : 60 sec

VLAN 20 is up.
PIM Mode              : Dense Mode
IP Address            : 192.168.20.1
Hello Interval        : 30 sec
Hello HoldTime        : 105 sec
Triggered Hello Delay : 5 sec
Join/Prune Holdtime   : 210 sec
Lan Prune Delay       : Disabled
Propagation Delay     : 500 ms
Override Interval     : 2500 ms
Graft Retry Interval  : 3 sec
Max Graft Retries     : 3
State Refresh Ori Int : 60 sec

SW1#show ip pim neighbor
Neighbor Address VLAN Interface Uptime (sec.) Expiration Time (sec)  DR
---------------- -------------- ------------- --------------------- ---
192.168.20.2/32  20             00:49:11                   00:01:35 Yes

Display the multicast information for the specified interface

SW1#show ip igmp interface
VLAN 1                           : down
IGMP                             : Disabled
IGMP Proxy                       : Disabled
IGMP Version                     : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable              : 2
Query Interval                   : 125 sec
Query Max Response Time          : 100 (resolution in 0.1 sec)
Last Member Query Interval       : 10 (resolution in 0.1 sec)
Querier                          : 0.0.0.0
Joined Groups :
Static Groups :
VLAN 10                          : up
IGMP                             : Enabled
IGMP Proxy                       : Disabled
IGMP Version                     : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable              : 2
Query Interval                   : 125 sec
Query Max Response Time          : 100 (resolution in 0.1 sec)
Last Member Query Interval       : 10 (resolution in 0.1 sec)
Querier                          : 192.168.10.254
Joined Groups :
239.255.255.250
Static Groups :
VLAN 20                          : up
IGMP                             : Enabled
IGMP Proxy                       : Disabled
IGMP Version                     : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable              : 2
Query Interval                   : 125 sec
Query Max Response Time          : 100 (resolution in 0.1 sec)
Last Member Query Interval       : 10 (resolution in 0.1 sec)
Querier                          : 192.168.20.1
Joined Groups :
Static Groups :
SW1#show ip igmp groups

GroupAddress     Interface Vlan  Last Reporter   Uptime   Expire   V1 Timer
--------------- --------------- --------------- -------- -------- ---------
239.255.255.250              10    192.168.10.1   0:56:7   0:2:59     0:0:0

Display the information in the routing table

SW1#show ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

C 192.168.10.0/24 is directly connected, VLAN10
C 192.168.20.0/24 is directly connected, VLAN20
O 192.168.30.0/24 [110/2] via 192.168.20.2, VLAN20, 00:02:43

Display the IPv4 multicast routing table

SW1#show ip mroute

IP Multicast Forwarding is enabled.

IP Multicast Routing Table
Flags: D - Dense, S - Sparse, s - SSM Channel, C - Connected, P - Pruned,
F - Register flag, R - RPT-bit set, T - SPT-bit set, J - Join SPT
Interface state: F - Forwarding, P - Pruned, L - Local

(192.168.10.1, 224.1.1.1), uptime 00:27:09, stat expires 00:02:16
Owner: PIM-DM, Flags: DC
Incoming interface: VLAN 10
Outgoing interface list:
VLAN20 (F)
(192.168.30.1, 239.255.255.250), uptime 00:02:54
Owner: PIM-DM, Flags: D
Incoming interface: VLAN 20, RPF neighbor: 192.168.20.2
Outgoing interface list:
VLAN10 (F) ,

SW2,

Display PIM status and PIM neighbor for the specified interface

SW2#show ip pim interface
PIM is enabled.
VLAN 1 is down.
PIM Mode : Unspecified

VLAN 20 is up.
PIM Mode              : Dense Mode
IP Address            : 192.168.20.2
Hello Interval        : 30 sec
Hello HoldTime        : 105 sec
Triggered Hello Delay : 5 sec
Join/Prune Holdtime   : 210 sec
Lan Prune Delay       : Disabled
Propagation Delay     : 500 ms
Override Interval     : 2500 ms
Graft Retry Interval  : 3 sec
Max Graft Retries     : 3
State Refresh Ori Int : 60 sec

VLAN 30 is up.
PIM Mode              : Dense Mode
IP Address            : 192.168.30.254
Hello Interval        : 30 sec
Hello HoldTime        : 105 sec
Triggered Hello Delay : 5 sec
Join/Prune Holdtime   : 210 sec
Lan Prune Delay       : Disabled
Propagation Delay     : 500 ms
Override Interval     : 2500 ms
Graft Retry Interval  : 3 sec
Max Graft Retries     : 3
State Refresh Ori Int : 60 sec

SW2#show ip pim neighbor
Neighbor Address VLAN Interface Uptime (sec.) Expiration Time (sec)  DR
---------------- -------------- ------------- --------------------- ---
192.168.20.1/32  20             00:52:26                   00:01:23

Display the multicast information for the specified interface

SW2#show ip igmp interface
VLAN 1                           : down
IGMP                             : Disabled
IGMP Proxy                       : Disabled
IGMP Version                     : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable              : 2
Query Interval                   : 125 sec
Query Max Response Time          : 100 (resolution in 0.1 sec)
Last Member Query Interval       : 10 (resolution in 0.1 sec)
Querier                          : 0.0.0.0
Joined Groups :
Static Groups :
VLAN 20                          : up
IGMP                             : Enabled
IGMP Proxy                       : Disabled
IGMP Version                     : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable              : 2
Query Interval                   : 125 sec
Query Max Response Time          : 100 (resolution in 0.1 sec)
Last Member Query Interval       : 10 (resolution in 0.1 sec)
Querier                          : 192.168.20.1
Joined Groups :
Static Groups :
VLAN 30                          : up
IGMP                             : Enabled
IGMP Proxy                       : Disabled
IGMP Version                     : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable              : 2
Query Interval                   : 125 sec
Query Max Response Time          : 100 (resolution in 0.1 sec)
Last Member Query Interval       : 10 (resolution in 0.1 sec)
Querier                          : 192.168.30.254
Joined Groups :
224.1.1.1
239.255.255.250
Static Groups :
SW2#show ip igmp groups

GroupAddress     Interface Vlan  Last Reporter   Uptime   Expire   V1 Timer
--------------- --------------- --------------- -------- -------- ---------
224.1.1.1                    30    192.168.30.1   0:5:26   0:3:35     0:0:0
239.255.255.250              30    192.168.30.1   0:5:28   0:3:28     0:0:0

Display the information in the routing table

SW2#show ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

O 192.168.10.0/24 [110/2] via 192.168.20.1, VLAN20, 00:06:38
C 192.168.20.0/24 is directly connected, VLAN20
C 192.168.30.0/24 is directly connected, VLAN30

Display the IPv4 multicast routing table

SW2#show ip mroute

IP Multicast Forwarding is enabled.

IP Multicast Routing Table
Flags: D - Dense, S - Sparse, s - SSM Channel, C - Connected, P - Pruned,
F - Register flag, R - RPT-bit set, T - SPT-bit set, J - Join SPT
Interface state: F - Forwarding, P - Pruned, L - Local

(192.168.10.1, 224.1.1.1), uptime 00:06:53
Owner: PIM-DM, Flags: D
Incoming interface: VLAN 20, RPF neighbor: 192.168.20.1
Outgoing interface list:
VLAN30 (F)
(192.168.30.1, 239.255.255.250), uptime 00:07:39, stat expires 00:02:42
Owner: PIM-DM, Flags: D
Incoming interface: VLAN 30
Outgoing interface list:
VLAN20 (F) ,

Port Trunking application scenario

Foreword

People often ask, why can't I achieve transmission theoretical value after enabling "Link Aggregation/Port-Channel" load balance ? Even, the packet traffic always was sent on port A?

We have to know: port channel load balance is based on the "Hash mechanism" to select which port to transmit packet.

Support Models

ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS5520 series, ECS4530 series, ECS2100 series, ECS2110 series, ECS3510 series

Edgecore valid load-balancing hash values are as follows

dst-ip      distribution on the destination IP address

dst-mac    distribution on the destination MAC address

src-dst-ip   distribution on the source and destination IP address (SIP XOR DIP)

src-dst-mac  distribution on the source and destination MAC address (SA XOR DA)

src-ip      distribution on the source IP address

src-mac    distribution on the source MAC address

Default hash value

src-dst-mac

CLI

Setup load balance to src-dst-mac mode:

Console#config

Console(config)#port-channel load-balance ?

  dst-ip       Selection based on destination IP address

  dst-mac      Selection based on destination MAC address

  src-dst-ip   Selection based on source and destination IP address

  src-dst-mac  Selection based on source and destination MAC address

  src-ip       Selection based on source IP address

  src-mac      Selection based on source MAC address

Console(config)#port-channel load-balance src-dst-mac

Console(config)#exit

Show load balance type of switch:

Console#show port-channel load-balance

Trunk Load Balance Mode: Source and destination MAC address

Hands-on

This is general application, client download file from server, we use TestCenter to simulate an experiment via port-channel load-balance “src-dst-mac” and “src-mac”, then compare the differences.

TestCenter Port 4/4

• Simulate file server A and B.

TestCenter Port 4/3

• Simulate 10 clients.

1. Test default configuration “src-dst-mac”

• The packet flow is concentrated in one port, load balance result did not meet expectations. (TX: 200 Mbps; RX: 100 Mbps)

2. Modify load balance configuration to “src-mac”

• The packet flow is distributed in two ports, load balance appear. (TX: 200 Mbps; RX: 200 Mbps)

Conclusion

The packet load balance depends on chip configuration, three bits (the LSBs) are used to index trunk table to choose one of port.

SIP and DIP criteria are used for IPv4 packets, for other packets the selection falls back to criteria based on the equivalent MAC address.

The usual way to do the load balance is “src-dst-mac”, so to test if the load balance is work, you must have a good SA or DA to XOR.

Of course in normal condition, we don’t have continuous MAC Address situation unless whole lot shipment. If load balance does not work well, you can try different hash to improve result as above experiment.

The article introduces ERPS with multiple instance. 

(Click here for Basic ERPS configuration (single ring) with multiple instance.)

Support models and software version:
ECS4120 Series V1.2.2.18 and above.
ECS4100 Series V1.2.36.191 and above.

Overview
ERPS Version 2 supports multiple rings and ladder topology.
ERPS control packets can only be sent on one instance. The secondary(sub) ring needs to specify the major instance which will be used to send ERPS control packets.
In the multi-ring/ladder network scenario, a failure on a ring link between interconnection nodes of a sub-ring triggers the actions only on the Ethernet ring that the sub-ring is attached to. On the other hand, other ring link failures trigger the actions within the Ethernet ring that the failed ring link belongs to.

Topology

Configuration
SW1

SW1#configure
SW1(config)#interface ethernet 1/25
SW1(config-if)#switchport allowed vlan add 10,100,200 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#interface ethernet 1/26
SW1(config-if)#switchport allowed vlan add 30,300,400 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#interface ethernet 1/27
SW1(config-if)#switchport allowed vlan add 10,20,30,100,200,300,400 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#interface ethernet 1/28
SW1(config-if)#switchport allowed vlan add 10,20,30,100,200,300,400 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#erps
SW1(config)#erps vlan-group group1 add 10,20,100,200
SW1(config)#erps vlan-group group2 add 30,300,400
SW1(config)#erps ring Ring1
SW1(config-erps-ring)#ring-port west interface ethernet 1/25
SW1(config-erps-ring)#enable
SW1(config-erps-ring)#exit
SW1(config)#erps ring Ring2
SW1(config-erps-ring)#ring-port west interface ethernet 1/27
SW1(config-erps-ring)#ring-port east interface ethernet 1/28
SW1(config-erps-ring)#enable
SW1(config-erps-ring)#exit
SW1(config)#erps ring Ring3
SW1(config-erps-ring)#ring-port west interface ethernet 1/26
SW1(config-erps-ring)#enable
SW1(config-erps-ring)#exit
SW1(config)#erps instance inst2 id 2
SW1(config-erps-inst)#control-vlan 20
SW1(config-erps-inst)#rpl owner
SW1(config-erps-inst)#physical-ring Ring2
SW1(config-erps-inst)#inclusion-vlan group1
SW1(config-erps-inst)#inclusion-vlan group2
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#exit
SW1(config)#erps instance inst1 id 1
SW1(config-erps-inst)#control-vlan 10
SW1(config-erps-inst)#rpl owner
SW1(config-erps-inst)#physical-ring Ring1
SW1(config-erps-inst)#major-ring inst2
SW1(config-erps-inst)#inclusion-vlan group1
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#exit
SW1(config)#erps instance inst3 id 3
SW1(config-erps-inst)#control-vlan 30
SW1(config-erps-inst)#physical-ring Ring3
SW1(config-erps-inst)#major-ring inst2
SW1(config-erps-inst)#inclusion-vlan group2
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#end

SW2

SW2#configure
SW2(config)#interface ethernet 1/25
SW2(config-if)#switchport allowed vlan add 30,300,400 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#interface ethernet 1/26
SW2(config-if)#switchport allowed vlan add 10,100,200 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#interface ethernet 1/27
SW2(config-if)#switchport allowed vlan add 10,20,30,100,200,300,400 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#interface ethernet 1/28
SW2(config-if)#switchport allowed vlan add 10,20,30,100,200,300,400 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#erps
SW2(config)#erps vlan-group group1 add 10,20,100,200
SW2(config)#erps vlan-group group2 add 30,300,400
SW2(config)#erps ring Ring1
SW2(config-erps-ring)#ring-port west interface ethernet 1/26
SW2(config-erps-ring)#enable
SW2(config-erps-ring)#exit
SW2(config)#erps ring Ring2
SW2(config-erps-ring)#ring-port west interface ethernet 1/28
SW2(config-erps-ring)#ring-port east interface ethernet 1/27
SW2(config-erps-ring)#enable
SW2(config-erps-ring)#exit
SW2(config)#erps ring Ring3
SW2(config-erps-ring)#ring-port west interface ethernet 1/25
SW2(config-erps-ring)#enable
SW2(config-erps-ring)#exit
SW2(config)#erps instance inst2 id 2
SW2(config-erps-inst)#control-vlan 20
SW2(config-erps-inst)#physical-ring Ring2
SW2(config-erps-inst)#inclusion-vlan group1
SW2(config-erps-inst)#inclusion-vlan group2
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#exit
SW2(config)#erps instance inst1 id 1
SW2(config-erps-inst)#control-vlan 10
SW2(config-erps-inst)#physical-ring Ring1
SW2(config-erps-inst)#major-ring inst2
SW2(config-erps-inst)#inclusion-vlan group1
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#exit
SW2(config)#erps instance inst3 id 3
SW2(config-erps-inst)#control-vlan 30
SW2(config-erps-inst)#rpl owner
SW2(config-erps-inst)#physical-ring Ring3
SW2(config-erps-inst)#major-ring inst2
SW2(config-erps-inst)#inclusion-vlan group2
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#end

SW3

SW3#configure
SW3(config)#interface ethernet 1/25
SW3(config-if)#switchport allowed vlan add 10,100,200 tagged
SW3(config-if)#spanning-tree spanning-disabled
SW3(config-if)#exit
SW3(config)#interface ethernet 1/26
SW3(config-if)#switchport allowed vlan add 10,100,200 tagged
SW3(config-if)#spanning-tree spanning-disabled
SW3(config-if)#exit
SW3(config)#erps
SW3(config)#erps vlan-group group1 add 10,100,200
SW3(config)#erps ring Ring1
SW3(config-erps-ring)#ring-port west interface ethernet 1/25
SW3(config-erps-ring)#ring-port east interface ethernet 1/26
SW3(config-erps-ring)#enable
SW3(config-erps-ring)#exit
SW3(config)#erps instance inst1 id 1
SW3(config-erps-inst)#control-vlan 10
SW3(config-erps-inst)#physical-ring Ring1
SW3(config-erps-inst)#inclusion-vlan group1
SW3(config-erps-inst)#enable
SW3(config-erps-inst)#end

SW4

SW4#configure
SW4(config)#interface ethernet 1/25
SW4(config-if)#switchport allowed vlan add 30,300,400 tagged
SW4(config-if)#spanning-tree spanning-disabled
SW4(config-if)#exit
SW4(config)#interface ethernet 1/26
SW4(config-if)#switchport allowed vlan add 30,300,400 tagged
SW4(config-if)#spanning-tree spanning-disabled
SW4(config-if)#exit
SW4(config)#erps
SW4(config)#erps vlan-group group2 add 30,300,400
SW4(config)#erps ring Ring3
SW4(config-erps-ring)#ring-port west interface ethernet 1/26
SW4(config-erps-ring)#ring-port east interface ethernet 1/25
SW4(config-erps-ring)#enable
SW4(config-erps-ring)#exit
SW4(config)#erps instance inst3 id 1
SW4(config-erps-inst)#control-vlan 30
SW4(config-erps-inst)#physical-ring Ring3
SW4(config-erps-inst)#inclusion-vlan group2
SW4(config-erps-inst)#enable
SW4(config-erps-inst)#end

SW1 VLAN group configuration

SW1 ERPS ring configuration

SW1 ERPS instance configuration

SW2 VLAN group configuration

SW2 ERPS ring configuration

SW2 ERPS instance configuration

SW3 VLAN group configuration

SW3 ERPS ring configuration

SW3 ERPS instance configuration

SW4 VLAN group configuration

SW4 ERPS ring configuration

SW4 ERPS instance configuration

Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.

Support Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS5520 series, ECS4530 series, ECS2100 series, ECS2110 series, ECS3510 series

How to create Link Aggregation/Port-Channel on the switch ?
We have two methods to group the ports into an aggregate link, please refer to the following comparison table.

Topology:

1. Link Aggregation Control Protocol (LACP)
The configuration on the SW1 and SW2:

Console#configure
Console(config)#interface ethernet 1/1,2
Console(config-if)#lacp
Console(config-if)#end

The status of Port-channel:

Console#show interfaces status port-channel 1
Information of Trunk 1
 Basic Information:
 Port Type : 1000BASE-T
 MAC Address : 04-F8-F8-5C-2D-23
 Configuration:
 Name :
 Port Admin : Up
 Speed-duplex : Auto
 Capabilities : 10half, 10full, 100half, 100full, 1000full
 Broadcast Storm : Disabled
 Broadcast Storm Limit : 500 packets/second
 Multicast Storm : Disabled
 Multicast Storm Limit : 500 packets/second
 Unknown Unicast Storm : Disabled
 Unknown Unicast Storm Limit : 500 packets/second
 Storm Threshold Resolution : 1 packets/second
 Flow Control : Disabled
 VLAN Trunking : Disabled
 MAC Learning : Enabled
 Link-up-down Trap : Enabled
 Current Status:
 Created By : LACP
 Link Status : Up
 Port Operation Status : Up
 Operation Speed-duplex : 1000full
 Up Time : 0w 0d 0h 3m 37s (217 seconds)
 Flow Control Type : None
 Max Frame Size : 1518 bytes (1522 bytes for tagged frames)
 MAC Learning Status : Enabled
 Member Ports : Eth1/1, Eth1/2
 Active Member Ports : Eth1/1, Eth1/2

If you want to assign the LACP trunk link to the specific port-channel number, you need to use the admin-key.

Please refer to the FAQ: How to use admin-key to assign port-channel number ?

2. Static Trunk
The configuration on the SW1 and SW2:

Console#configure
Console(config)#interface port-channel 1
Console(config-if)#exit
Console(config)#interface ethernet 1/1,2
Console(config-if)#channel-group 1
Console(config-if)#end

The status of Port-channel:

Console#show interfaces status port-channel 1
Information of Trunk 1
 Basic Information:
 Port Type : 1000BASE-T
 MAC Address : 04-F8-F8-5C-2D-23
 Configuration:
 Name :
 Port Admin : Up
 Speed-duplex : Auto
 Capabilities : 10half, 10full, 100half, 100full, 1000full
 Broadcast Storm : Disabled
 Broadcast Storm Limit : 500 packets/second
 Multicast Storm : Disabled
 Multicast Storm Limit : 500 packets/second
 Unknown Unicast Storm : Disabled
 Unknown Unicast Storm Limit : 500 packets/second
 Storm Threshold Resolution : 1 packets/second
 Flow Control : Disabled
 VLAN Trunking : Disabled
 MAC Learning : Enabled
 Link-up-down Trap : Enabled
 Current Status:
 Created By : User
 Link Status : Up
 Port Operation Status : Up
 Operation Speed-duplex : 1000full
 Up Time : 0w 0d 0h 0m 41s (41 seconds)
 Flow Control Type : None
 Max Frame Size : 1518 bytes (1522 bytes for tagged frames)
 MAC Learning Status : Enabled
 Member Ports : Eth1/1, Eth1/2
 Active Member Ports : Eth1/1, Eth1/2

According to the current CPU utilization, CPU guard function sets the CPU utilization high and low watermarks in the percentage of CPU time utilized, and the CPU high and low thresholds in the number of packets being processed per second.

** Please note that the CPU guard will limit the packets transfer to CPU, but it will not limit the packets transmit to the egress port. **

Support Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS5520 series, ECS4530 series, ECS2100 series, ECS3510 series

Topology:

Step 1: The switch runs in the default configuration and we try to inject the 1000 packets per second.
The CPU utilization will rise to 55 ~ 58%.

Step 2: Enable the CPU guard function globally.

Console(config)#process cpu guard

At this moment, the CPU remains and doesn't fall.
Since the current CPU utilization does not exceed the value of high-watermark, it doesn't trigger the CPU guard.

Step 3: Modify "low-watermark" and "high-watermark".
For example, we configure "high-watermark" to be lower than the current CPU utilization.

Console(config)#process cpu guard low-watermark 40
Console(config)#process cpu guard high-watermark 50

After the modification, CPU utilization will be falling and the CPU can process 392 packets per second.
It's because the current CPU utilization is higher than the high-watermark, the switch limits the packets flow to the CPU until it falls below the low-watermark.

Step 4: Modify "low-watermark" and "high-watermark".
For example, we configure "low-watermark" to be higher than the current CPU utilization.

Console(config)#process cpu guard low-watermark 50
Console(config)#process cpu guard high-watermark 55

We can see the "Current Threshold" is increasing, and the maximum value is 500 (ECS4510 Series).
If the switch limits the packets flow to the CPU after exceeding the high-watermark, the normal flow will be restored after usage falls beneath the low-watermark.

Step 5: We can also modify the "Maximum Threshold" directly to specify the number of packets being processed per second by the CPU.

Console(config)#process cpu guard max-threshold 100

The ECS5520-18X has sixteen 10G SFP+ ports and two 40G QSFP+ uplink ports. The 10G/40G ports can be configured as a single port connected with 10G SFP+/40G QSFP+ fiber cable, 10G/40G DAC (direct attach) cable, or breakout cable that connects a 40G port to four 10G ports; 10G port can also group four ports to a single 40G port. It's flexible for the user to configure it.

Configuration (Support CLI/WEB GUI/SNMP)

This example shows the default 40G and 10G port settings on ECS5520-18X.

Console#show hardware profile portmode
40G         10G         Config  Oper
Interfaces  Interfaces  Mode    Mode
----------  ----------  ------  ------
1/1         1/1-4       -       4x10g
1/5         1/5-8       -       4x10g
1/9         1/9-12      -       4x10g
1/13        1/13-16     -       4x10g
1/17        1/19-22     -       1x40g
1/18        1/23-26     -       1x40g

<A> CLI Command

• Configure port settings for 1x40G or 4x10G operation.

[CLI format]

hardware profile portmode ethernet 1/port { 1x40g | 4x10g | reset }

Warning: This command will not take effect until reload.
1x40g - Configures the port as a single 40G port.
4x10g - Configures the port as four 10G ports.
reset - Configures port mode to the default setting.

<A-1> Group four 10G ports to a single 40G port.
Eth1/1-4 will group to a single 40G port (Eth1/1).

Console#hardware profile portmode ethernet 1/1 1x40g
Warning: This command will not take effect until reload.
Console#reload
System will be restarted. Continue <y/n>? y

Console#show hardware profile portmode
40G         10G         Config  Oper
Interfaces  Interfaces  Mode    Mode
----------  ----------  ------  ------
1/1         1/1-4       1x40g   1x40g
1/5         1/5-8       -       4x10g
1/9         1/9-12      -       4x10g
1/13        1/13-16     -       4x10g
1/17        1/19-22     -       1x40g
1/18        1/23-26     -       1x40g

Console#show interfaces brief
Interface Name              Status    PVID Pri Speed/Duplex  Type         Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1                    Up           1   0 40Gfull       40GBASE QSFP None
Eth 1/ 5                    Down         1   0 10Gfull       10GBASE SFP+ None
Eth 1/ 6                    Down         1   0 10Gfull       10GBASE SFP+ None

<A-2> Breakout a single 40G port to four 10G ports.
Eth1/17 will breakout to four 10G ports (Eth1/19-22).

Console#hardware profile portmode ethernet 1/17 4x10g
Warning: This command will not take effect until reload.
Console#reload
System will be restarted. Continue <y/n>? y

Console#show hardware profile portmode
40G         10G         Config  Oper
Interfaces  Interfaces  Mode    Mode
----------  ----------  ------  ------
1/1         1/1-4       -       4x10g
1/5         1/5-8       -       4x10g
1/9         1/9-12      -       4x10g
1/13        1/13-16     -       4x10g
1/17        1/19-22     4x10g   4x10g
1/18        1/23-26     -       1x40g

Console#show interfaces brief
Interface Name              Status    PVID Pri Speed/Duplex  Type         Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
...Omit
Eth 1/16                    Down         1   0 10Gfull       10GBASE SFP+ None
Eth 1/18                    Down         1   0 40Gfull       40GBASE QSFP None
Eth 1/19                    Up           1   0 10Gfull       10GBASE SFP+ None
Eth 1/20                    Up           1   0 10Gfull       10GBASE SFP+ None
Eth 1/21                    Up           1   0 10Gfull       10GBASE SFP+ None
Eth 1/22                    Up           1   0 10Gfull       10GBASE SFP+ None

<A-3> Configure port mode to the default setting.

Console#hardware profile portmode ethernet 1/1 reset
Warning: This command will not take effect until reload.
Console#hardware profile portmode ethernet 1/17 reset
Warning: This command will not take effect until reload.
Console#reload
System will be restarted. Continue <y/n>? y

Console#show hardware profile portmode
40G         10G         Config  Oper
Interfaces  Interfaces  Mode    Mode
----------  ----------  ------  ------
1/1         1/1-4       -       4x10g
1/5         1/5-8       -       4x10g
1/9         1/9-12      -       4x10g
1/13        1/13-16     -       4x10g
1/17        1/19-22     -       1x40g
1/18        1/23-26     -       1x40g

<B> WEB GUI

• Configure port settings for 1x40G or 4x10G operation.

[WEB GUI]
Interface -> Port -> Hardware Profile -> Config Mode -> Apply

<B-1> Group four 10G ports to a single 40G port.
Eth1/1-4 will group to a single 40G port (Eth1/1).

<B-2> Breakout a single 40G port to four 10G ports.
Eth1/17 will breakout to four 10G ports (Eth1/19-22).

<C> SNMP

• Configure port settings for 1x40G or 4x10G operation.

[SNMPSET command format]

snmpwalk -v 2c -c private {switch ip} {hardwarePortModeOper}.{hardwarePortModeIfIndex}

snmpset -v 2c -c private {switch ip} {hardwarePortModeConfig}.{hardwarePortModeIfIndex} {integer} {value}

For hardwarePortModeOper, OID 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.2
The Hardware profile operational port mode. This setting is used to identify the active state of port mode.
The value mode4x10g(2) means the port operates a single 10G port.
The value mode1x40g(3) means the port operates a single 40G port.

For hardwarePortModeConfig, OID 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.3
This is used to configure hardware profile port mode settings. This action will reflect after the restart.
Set mode4x10g(2) to breakout a single 40G port to four 10G ports.
Set mode1x40g(3) to group four 10G ports to a single 40G port.

For hardwarePortModeIfIndex: The port interface of hardwarePortModeIfIndex.
The ifIndex value of the port or trunk.

<C-1> Group four 10G ports to a single 40G port.

C:\>snmpwalk -v 2c -c private 188.188.10.109 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.2.1
SNMPv2-SMI::enterprises.259.10.1.51.1.2.16.1.1.2.1 = INTEGER: 2

C:\>snmpset -v 2c -c private 188.188.10.109 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.3.1 i 3
SNMPv2-SMI::enterprises.259.10.1.51.1.2.16.1.1.3.1 = INTEGER: 3

Eth1/1-4 will group to a single 40G port (Eth1/1).

<C-2> Breakout a single 40G port to four 10G ports.

C:\>snmpwalk -v 2c -c private 188.188.10.109 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.2.17
SNMPv2-SMI::enterprises.259.10.1.51.1.2.16.1.1.2.17 = INTEGER: 3

C:\>snmpset -v 2c -c private 188.188.10.109 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.3.17 i 2
SNMPv2-SMI::enterprises.259.10.1.51.1.2.16.1.1.3.17 = INTEGER: 2

Eth1/17 will breakout to four 10G ports (Eth1/19-22).

Dynamic ARP Inspection(DAI) is a security feature that validates the MAC Address bindings for Address Resolution Protocol packets. It provides protection against ARP traffic with invalid MAC-to-IP address bindings. This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination, dropping any invalid ARP packets.

ARP Inspection determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database – the DHCP snooping binding database or IP source guard binding database. ARP Inspection can also validate ARP packets against user-configured ARP access control lists (ACLs) for hosts with statically configured IP addresses.

Topology:

Basic Configuration via CLI command:

Step 1: Enable the DHCPSNP function on global and VLAN 1.

Console(config)#ip dhcp snooping
Console(config)#ip dhcp snooping vlan 1

Step 2: Enable the DHCPSNP trust port on port 1.

Console(config)#interface ethernet 1/1
Console(config-if)#ip dhcp snooping trust

Step 3: Enable the DAI function on global and VLAN 1.

Console(config)#ip arp inspection 
Console(config)#ip arp inspection vlan 1
Console(config)#interface ethernet 1/1
Console(config-if)#ip arp inspection trust

Step 4: DHCP client gets the IP address from the DHCP server.

Step 5: The fake client sets the same IP address as the DHCP client and tries to send the ARP request packet.

Result: The switch will drop the ARP packet from the fake client.

Basic Configuration via SNMP:

[SNMPSET command format]
snmpset -v 2c -c private {switch ip} {daiGlobalStatus | daiVlanStatus | daiPortTrustStatus}.{daiVlanIndex | daiPortIfIndex} {integer} {value}

For daiGlobalStatus, OID 1.3.6.1.4.1.259.10.1.45.1.56.1.1
Set enabled(1) to enable dynamic ARP inspection globally.
Set disabled(2) to disable dynamic ARP inspection globally.

For daiVlanStatus, OID 1.3.6.1.4.1.259.10.1.45.1.56.2.1.1.2
This object indicates whether dynamic ARP inspection is enabled in this VLAN.
Set enabled(1) to enable dynamic ARP inspection on VLAN.
Set disabled(2) to disable dynamic ARP inspection on VLAN.

For daiVlanIndex,
This object indicates the VLAN ID on which dynamic ARP inspection is configured.

For daiPortTrustStatus, OID 1.3.6.1.4.1.259.10.1.45.1.56.3.1.1.2
This object indicates whether the port is trusted for dynamic ARP inspection.
Set enabled(1) to enable dynamic ARP inspection trust port.
Set disabled(2) to disable dynamic ARP inspection trust port.

For daiPortIfIndex,
The ifIndex value of the port.

Step 1: Enable the DAI function globally.

root@gavin:~# snmpset -v 2c -c private 192.168.1.1 .1.3.6.1.4.1.259.10.1.45.1.56.1.1.0 i 1

Check the configuration on CLI and SNMP:

SNMP: 

CLI:

Step 2: Enable the DAI function on VLAN 1. (daiVlanIndex=1)

root@gavin:~# snmpset -v 2c -c private 192.168.1.1 .1.3.6.1.4.1.259.10.1.45.1.56.2.1.1.2.1 i 1

Check the configuration on CLI and SNMP:

SNMP: 

CLI:

Step 3: Enable the DAI trust port on Port 1. (daiPortIfIndex=1)

root@gavin:~# snmpset -v 2c -c private 192.168.1.1 .1.3.6.1.4.1.259.10.1.45.1.56.3.1.1.2.1 i 1 

Check the configuration on CLI and SNMP:

SNMP: 

CLI:

Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link-state routing protocol to generate a shortest-path tree, then builds up its routing table based on this tree. OSPF produces a more stable network because the participating routers act on network changes predictably and simultaneously, converging on the best route more quickly than RIP. Moreover, when several equal-cost routes to a destination exist, traffic can be distributed equally among them. A separate routing area scheme is also used to further reduce the amount of routing traffic.

Topology:

Procedure:

Switch_01 Configuration:

Step 1: Apply VLAN on port and configure VLAN's IP address.

switch-01(config)#interface ethernet 1/23
switch-01(config-if)#switchport allowed vlan add 100
switch-01(config-if)#switchport native vlan 100
switch-01(config-if)#exit
switch-01(config)#interface ethernet 1/24
switch-01(config-if)#switchport allowed vlan add 200
switch-01(config-if)#switchport native vlan 200
switch-01(config-if)#exit
switch-01(config)#interface vlan 100
switch-01(config-if)#ip address 192.168.0.1/30
switch-01(config-if)#exit
switch-01(config)#interface vlan 200
switch-01(config-if)#ip address 192.168.0.5/30
switch-01(config-if)#exit
switch-01(config)#interface vlan 1
switch-01(config-if)#ip address 192.168.1.254/24
switch-01(config-if)#exit

Step 2: Disable spanning tree on port 23,24.

switch-01#con 
switch-01(config)#interface ethernet 1/23,24 
switch-01(config-if)#spanning-tree spanning-disabled 

Step 3: Configure OSPF function.

switch-01(config)#router ospf 1
switch-01(config-router)#router-id 192.168.0.1
switch-01(config-router)#network 192.168.0.0 255.255.255.252 area 0
switch-01(config-router)#network 192.168.0.4 255.255.255.252 area 0 
switch-01(config-router)#network 192.168.1.0 255.255.255.0 area 0

Switch_02 Configuration:

Step 1: Apply VLAN on port and configure VLAN's IP address.

switch-02(config)#interface ethernet 1/1
switch-02(config-if)#switchport native vlan 2
switch-02(config-if)#switchport allowed vlan add 2
switch-02(config-if)#exit
switch-02(config)#interface ethernet 1/23 
switch-02(config-if)#switchport native vlan 100
switch-02(config-if)#switchport allowed vlan add 100
switch-02(config-if)#exit
switch-02(config)#interface ethernet 1/24 
switch-02(config-if)#switchport native vlan 300
switch-02(config-if)#switchport allowed vlan add 300
switch-02(config-if)#exit
switch-02(config)#interface vlan 2
switch-02(config-if)#ip address 192.168.2.254/24
switch-02(config-if)#exit
switch-02(config)#interface vlan 100 
switch-02(config-if)#ip address 192.168.0.2/30
switch-02(config-if)#exit
switch-02(config)#interface vlan 300
switch-02(config-if)#ip address 192.168.0.9/30
switch-02(config-if)#exit

Step 2: Disable spanning tree on port 23,24.

switch-01#con 
switch-01(config)#interface ethernet 1/23,24 
switch-01(config-if)#spanning-tree spanning-disabled 

Step 3: Configure OSPF function.

switch-02(config)#router ospf 1
switch-02(config-router)#router-id 192.168.0.2
switch-02(config-router)#network 192.168.0.0 255.255.255.252 area 0
switch-02(config-router)#network 192.168.0.8 255.255.255.252 area 0
switch-02(config-router)#network 192.168.2.0 255.255.255.0 area 0

Switch_03 Configuration:

Step 1: Apply VLAN on port and configure VLAN's IP address.

switch-03(config)#interface ethernet 1/1
switch-03(config-if)#switchport native vlan 3 
switch-03(config-if)#switchport allowed vlan add 3
switch-03(config-if)#exit
switch-03(config)#interface ethernet 1/23
switch-03(config-if)#switchport native vlan 200
switch-03(config-if)#switchport allowed vlan add 200
switch-03(config-if)#exit
switch-03(config)#interface ethernet 1/24
switch-03(config-if)#switchport native vlan 300
switch-03(config-if)#switchport allowed vlan add 300
switch-03(config-if)#exit
switch-03(config)#interface vlan 3
switch-03(config-if)#ip address 192.168.3.254/24
switch-03(config-if)#exit
switch-03(config)#interface vlan 200
switch-03(config-if)#ip address 192.168.0.6/30
switch-03(config-if)#exit
switch-03(config)#interface vlan 300
switch-03(config-if)#ip address 192.168.0.10/30
switch-03(config-if)#exit

Step 2: Disable spanning tree on port 23,24.

switch-01#con 
switch-01(config)#interface ethernet 1/23,24 
switch-01(config-if)#spanning-tree spanning-disabled 

Step 3: Configure OSPF function.

switch-03(config)#router ospf 1
switch-03(config-router)#router-id 192.168.0.3
switch-03(config-router)#network 192.168.0.4 255.255.255.252 area 0
switch-03(config-router)#network 192.168.0.8 255.255.255.252 area 0
switch-03(config-router)#network 192.168.3.0 255.255.255.0 area 0 

Result:

Check the routing table on all the switches.

Switch-01's routing table:

Switch-02's routing table:

Switch-03's routing table:

Display the information about neighboring routers on all the switches.

Switch-01's OSPF Neighbor Information

Switch-02's OSPF Neighbor Information

Switch-03's OSPF Neighbor Information

VLAN2-Client A(192.168.2.1) could ping to VLAN1-Client C(192.168.1.1).

Debug command could display the debugging information for some functions in Privileged Exec mode.

The messages included the function events, transmitted/received packets...etc.

It's convenience for administrators to troubleshoot the problem on the switch.

 

The user could also dump the debug messages and contact Edgecore support([email protected]), and send a detailed description of the problem, along with the file used to record your system settings(show tech-support command).

 

Command Mode: Exec mode

(1) Debug mode of the ARP:

When we enable ARP debug command, the switch will print out the ARP process information when it receives the ARP packets.

Console#debug arp

For example:

Console#debug dhcp all

(3) Debug mode of the IGMPSNP and MVR:

When we enable IGMPSNP/MVR debug command, the switch will print out the IGMP process information when it receives the IGMP control packets.

Console#debug igmpsnp-mvr all

Topology:

For example:

The switch receives the IGMP REPORT packet from the client.

 

The switch receives the IGMP LEAVE packet from the client.

 

The switch receives the IGMP QUERY packet from other device (ECS4120_2).

 

(4) Debug mode of the DHCPSNP:

When we enable DHCPSNP debug command, the switch will print out the DHCP process information when it receives the DHCP packets between the server and client.

Console# debug ip dhcp snooping all

Topology:

For example:

The switch receives the DHCP DISCOVER packet from the client.

dhcp_msg_type=1 means DHCP discover packet.

 

The switch receives the DHCP OFFER packet from the DHCP server.

dhcp_msg_type=2 means DHCP offer packet.

 

The switch receives the DHCP REQUEST packet from the client.

dhcp_msg_type=3 means DHCP request packet.

 

(5) Debug mode of the LACP:

When we enable LACP debug command, the switch will display the trunk ID to which port member belongs.

Topology:

 

For example:

Console#debug lacp config

The switch will display the LACP function status is enable or disable during the configuration.

 

Console#debug lacp event

If the LACP trunk is active, the switch will display the port member belongs to which trunk id.

 

Console#debug lacp packet

The switch will display the information when it receives/transmits the LACP packets.

 

(6) Debug mode of the MLDSNP:

When we enable MLDSNP debug command, the switch will print out the MLD process information when it receives the MLD packets(ICMPv6).

Console#debug mldsnp all

For example:

The switch receives the MLD message packet from the client.

 

The switch sends out the specific query from the port which receives the leave message.

 

The switch sends out the IPv6 General Query.

 

The switch receives the IPv6 General Query from other device.

 

(7) Debug mode of the MVR6:

When we enable MVR6 debug command, the switch will print out the MVR6 process information when it receives the ICMPv6 packets.

Console#debug mvr6 all

For example:

The switch receives the MVR6 join message from the client.

 

The switch receives the MVR6 leave message from the client.

 

The switch sends out the IPv6 General Query.

 

(8) Debug mode of the STP:

When we enable STP debug command, the switch will print out the STP process information when it's running STP protocol.

Console#debug spanning-tree all

Topology:

For example:

The switch port 1 (Root port) receives the BPDU packet from the Root Bridge.

 

If the switch port 1 (Root port) status is changing to block, then the port 2 (Alternate port) status will become forwarding(Root port) and receive the BPDU packet from the Root Bridge.

Path Cost is used by the Spanning Tree Algorithm to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.

By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown below.

*The path cost of the STP is not configured by pathcost method short or long.

User can configure the spanning tree path cost for the specified interface by following command.

[CLI Command]
spanning-tree cost {cost}
cost - The path cost for the port.
(Range: 0 for auto-configuration, 1-65535 for short path cost method, 1-200,000,000 for long path cost method)

Calculate the spanning tree path cost on a port-channel.

1. Active Eth1/1 for port channel.

Console#show interfaces brief
Interface Name              Status    PVID Pri Speed/Duplex  Type         Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1                    Up           1   0 Auto-1000full 1000BASE-T   1

The spanning tree path cost on Trunk 1 is 5000.

Console#show spanning-tree brief
Interface Pri Designated            Designated Oper     STP    Role State Oper
              Bridge ID             Port ID    Cost     Status            Edge
--------- --- --------------------- ---------- -------- ------ ---- ----- ----
Trunk 1   128 32768.8CEA1B8AC667    128.57         5000 EN     ROOT FWD   No

The spanning tree path cost for Trunk 1 is 10000 (1G) / 2 = 5000 (Trunk).
The spanning tree path cost on Trunk 1 is 5000 (Trunk) / 1 = 5000.

2. Active Eth1/1 & Eth1/2 for port channel.

Console#show interfaces brief
Interface Name              Status    PVID Pri Speed/Duplex  Type         Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1                    Up           1   0 Auto-1000full 1000BASE-T   1
Eth 1/ 2                    Up           1   0 Auto-1000full 1000BASE-T   1

The spanning tree path cost on Trunk 1 is 2500.

Console#show spanning-tree brief
Interface Pri Designated            Designated Oper     STP    Role State Oper
              Bridge ID             Port ID    Cost     Status            Edge
--------- --- --------------------- ---------- -------- ------ ---- ----- ----
Trunk 1   128 32768.8CEA1B8AC667    128.57         2500 EN     ROOT FWD   No

The spanning tree path cost on Trunk 1 is 5000 (Trunk) / 2 = 2500.

3. Active Eth1/1 & Eth1/2 & Eth1/3 for port channel.

Console#show interfaces brief
Interface Name              Status    PVID Pri Speed/Duplex  Type         Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1                    Up           1   0 Auto-1000full 1000BASE-T   1
Eth 1/ 2                    Up           1   0 Auto-1000full 1000BASE-T   1
Eth 1/ 3                    Up           1   0 Auto-1000full 1000BASE-T   1

The spanning tree path cost on Trunk 1 is 1666.

Console#show spanning-tree brief
Interface Pri Designated            Designated Oper     STP    Role State Oper
              Bridge ID             Port ID    Cost     Status            Edge
--------- --- --------------------- ---------- -------- ------ ---- ----- ----
Trunk 1   128 32768.8CEA1B8AC667    128.57         1666 EN     ROOT FWD   No

The spanning tree path cost on Trunk 1 is 5000 (Trunk) / 3 = 1666.

4. Active Eth1/1 & Eth1/2 & Eth1/3 & Eth1/4 for port channel.

Console#show interfaces brief
Interface Name              Status    PVID Pri Speed/Duplex  Type         Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1                    Up           1   0 Auto-1000full 1000BASE-T   1
Eth 1/ 2                    Up           1   0 Auto-1000full 1000BASE-T   1
Eth 1/ 3                    Up           1   0 Auto-1000full 1000BASE-T   1
Eth 1/ 4                    Up           1   0 Auto-1000full 1000BASE-T   1

The spanning tree path cost on Trunk 1 is 1250.

Console#show spanning-tree brief
Interface Pri Designated            Designated Oper     STP    Role State Oper
              Bridge ID             Port ID    Cost     Status            Edge
--------- --- --------------------- ---------- -------- ------ ---- ----- ----
Trunk 1   128 32768.8CEA1B8AC667    128.57         1250 EN     ROOT FWD   No

The spanning tree path cost on Trunk 1 is 5000 (Trunk) / 4 = 1250.

The switch can display diagnostic information for SFP modules which support the SFF-8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers. This information allows administrators to remotely diagnose problems with optical devices. This feature, referred to as Digital Diagnostic Monitoring (DDM) in the command display, provides information on transceiver parameters including temperature, supply voltage, laser bias current, laser power, received optical power, and related alarm thresholds.

transceiver-monitor
The setting for transceiver-monitor:

Console(config)#interface ethernet 1/X
Console(config-if)#transceiver-monitor

Use this command "transceiver-monitor" can monitor the current transceiver status, such as Temperature, TX power, RX power.
When any of the transceiver's operational values fall outside of specified thresholds, the switch will send the trap.

transceiver-threshold
The setting for transceiver-threshold:

Console(config)#interface ethernet 1/X
Console(config-if)#transceiver-threshold { current | rx-power | temperature | tx-power | voltage }

Use this command "transceiver-threshold" can set the default threshold from the transceiver to determine when an alarm or warning message should be sent.

Support Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS2100 series, ECS2110 series

Topology:

Insert the transceiver --- (25)ECS4620-28T(1) --- SNMP server

The procedure to monitor the transceiver status :

Step 1: Configure the switch's IP address and enable the SNMP trap.

Console#con
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.1/24
Console(config-if)#exit
Console(config)#snmp-server host 192.168.1.100 inform private version 2c

Step 2: Check the transceiver's information currently.

At this time, the RX power is not within the range of the default threshold of the Low Alarm/Waring.

Step 3: Enable the transceiver-monitor.

Console#con
Console(config)#interface ethernet 1/25
Console(config-if)#transceiver-monitor

Step 4: The switch will send out the SNMP trap (SFPThresholdAlarmWarnTrap).

The procedure to change the transceiver-threshold :

 Step 1: Check the transceiver DDM Thresholds currently.

Step 2: Configure the threshold of the Temperature.

Console(config)#interface ethernet 1/25
Console(config-if)#no transceiver-threshold-auto 
Console(config-if)#transceiver-threshold temperature high-warning 7500 
Console(config-if)#transceiver-threshold temperature high-alarm 8500 

Step 3: Check the modification of the transceiver's information.

1. To prevent loop

As shown in the figure above, there are 3 traffic paths from VLC server to PC2:
Path 1(red): from SW1 port 26 to SW4 port 26;
Path 2(blue): from SW1 port 27 to SW4 port 28;
Path 3(green): from SW1 port 28 to SW2 port 27, from SW2 port 28 to SW3 port 27, from SW3 port 28 to SW4 port 27 then to SW4 port 1.

Therefore, there are two loops in the topology:

As shown in the figures above, when the switch receives a broadcast, multicast or unknown unicast packet from VCL Server, packet will flood to port 26(packet 2 yellow) and 27 (packet 2 green). When SW4 receives the packet from port 26, the packet will flood to port 1 (packet 3 yellow) and port 28 (packet 3 yellow). When SW4 receives the packet from port 28, the packet will flood to port 1(packet 3 green) and port 26 (packet 3 green). In this way, packets will occupy every port that connected to switch and it results in a failure to serving normal packets and sometimes a waste of CPU utilization.

Spanning Tree Protocol is a mechanism that automatically detects loops in the network and blocks the redundant paths to keep only one path for two nodes in the network. Rapid Spanning Tree Protocol (RSTP) is an enhancement of STP and provides faster spanning tree convergence. RSTP uses path cost, bridge ID and port priority/port ID of BPDU to prioritize the paths and then to establish a spanning tree.

2. To Provide Redundant path

Sometimes users create a loop intentionally in order to build up a redundant path in case the path is failed to link. Traffic dynamically switches to the redundant path and maintain network operation when the default path is failed to link.

When the link between SW1 port 26 and SW4 port 26 is down, SW1 port 27 which is in blocking state (Alternate Role) automatically forwards. Therefore, traffic from VLC server switches to the link between SW1 port 27 and SW4 port 28.

Use command "show log ram" to see the change log.

SW_1#sh log ram
[3] 08:59:45 2011-12-08
   'STA topology change happened on Eth 1/27.'
   level : 6, module : 5, function : 1, and event no. : 1
[2] 08:59:45 2011-12-08
   'STP port state: MSTID 0, Eth 1/27 becomes forwarding.'
   level : 6, module : 5, function : 1, and event no. : 1
[1] 08:59:45 2011-12-08
   'STP port state: MSTID 0, Eth 1/26 becomes non-forwarding.'
   level : 6, module : 5, function : 1, and event no. : 1
[0] 08:59:45 2011-12-08
   'Unit 1, Port 26 link-down notification.'
   level : 6, module : 5, function : 1, and event no. : 1

SW_4-0#sh log ram
[2] 08:28:56 2011-12-08
   'STA topology change happened on Eth 1/27.'
   level : 6, module : 5, function : 1, and event no. : 1
[1] 08:28:54 2011-12-08
   'STP port state: MSTID 0, Eth 1/26 becomes non-forwarding.'
   level : 6, module : 5, function : 1, and event no. : 1
[0] 08:28:54 2011-12-08
   'Unit 1, Port 26 link-down notification.'
   level : 6, module : 5, function : 1, and event no. : 1

SW_2-0#sh log ram
[1] 09:00:39 2011-12-08
   'User(admin/Telnet) (192.168.1.1), login successful.'
   level : 6, module : 5, function : 1, and event no. : 1
[0] 08:58:43 2011-12-08
   '192.168.1.1 VTY user admin, logout from PRIV. EXEC mode.'
   level : 6, module : 1, function : 0, and event no. : 1

SW_3-0#sh log ram
[2] 08:28:51 2011-12-08
   'User(admin/Telnet) (192.168.1.1), login successful.'
   level : 6, module : 5, function : 1, and event no. : 1
[1] 08:27:48 2011-12-08
   'STA topology change happened on Eth 1/27.'
   level : 6, module : 5, function : 1, and event no. : 1
[0] 08:27:12 2011-12-08
   '192.168.1.1 VTY user admin, logout from PRIV. EXEC mode.'
   level : 6, module : 1, function : 0, and event no. : 1

A switch is configured as root if it has the smallest priority ID. Therefore, by changing the priority ID to the smallest ID, users could configure any switch as root. For example, use the following commands to change the priority of SW1 to 4096:

SW_1(config)#spanning-tree priority?
  <0-61440>  Spanning-tree priority value in steps of 4096

Please note that the priority ID value can only be changed in steps of 4096, from 0 to 61440.

SW_1(config)# spanning-tree priority 4096

After changing priority ID of SW1 to 4096, SW1 is configured as the Root and the blocking port is changed to SW4 port 28 and SW3 port 27.

1. Topology:

2. Switch configure:

1. Reset switch to default.

? y

 

2. Set line console/vty password

Console#config
Console(config)#line console
Console(config-line-console)#password 0 support
Console(config-line-console)#login
Console(config-line-console)#exit
Console(config)#line vty
Console(config-line-vty)#password 0 support
Console(config-line-vty)#login
Console(config-line-vty)#


 

3. Verify

Now the user login via console or vty only needs to enter the password.
 
 
When the user logs in with the password set for console/vty, the user’s privilege level is 0. The user needs to use the command “enable” to get privilege level -15.
Default enable password is “super”.
 

 

1. BGP_NEIGHBOR_CHANGE_MESSAGE   "BGP: %s"
2. BGP_ESTABLISHED_NOTIFICATION_MESSAGE   "BGP established, ip: %s, last err: 0x%04x, state: %s"
3. BGP_BACKWARD_TRANS_NOTIFICATION_MESSAGE   "BGP backward trans, ip: %s, last err: 0x%04x, state: %s"

1. Ping from 192.168.1.101 to 192.168.1.102 will fail. (downlink port to downlink port)
2. Ping from 192.168.1.101 to 192.168.1.112 will pass. (downlink port to uplink port)

1. Ping from 192.168.1.101 to 192.168.1.102 will fail.
2. Ping from 192.168.1.101 to 192.168.1.112 will pass.

1. Ping from 192.168.1.101 to 192.168.1.102 will pass.
2. Ping from 192.168.1.101 to 192.168.1.112 will pass too.

1. Major Ring

2. Sub Ring

• Need to assign major domain by “major-domain” command.
• Assign only one ring-port.

1. Add the VID (VLAN ID) to the port interface. In this example, the traffic will tag VLAN 2.
   
   Console#configure
   Console(config)#interface ethernet 1/1
   Console(config-if)#switchport allowed vlan add 2 tagged
   Console(config-if)#exi
   Console(config)#interface ethernet 1/47
   Console(config-if)#switchport allowed vlan add 2 tagged

2. Create a class map to classify the specified traffic. In this example, it will match to the traffic of CoS 0.
   
   Console(config)#class-map CoS
   Console(config-cmap)#match cos 0
   
   Console#show class-map
   Class Map match-any CoS
   Description:
    Match CoS 0

3. Create a policy map and use the class command to configure policies for traffic which match the criteria defined in a class map. In this example, the value of CoS will be modified to “7” if the traffic match to the class map.
   
   Console(config)#policy-map CoS-test
   Console(config-pmap)#class CoS
   Console(config-pmap-c)#set cos 7
   
   Console#show policy-map
   Policy Map CoS-test
   Description:
    class CoS
     set CoS 7

4. Apply the policy map to the ingress or egress side of a particular interface. In this example, the policy map will be applied to ingress of port 1.
   
   Console#configure
   Console(config)#interface ethernet 1/1
   Console(config-if)#service-policy ?
     input   Input direction
     output  Output  direction
   Console(config-if)#service-policy input CoS-test
   
   Console#show running-config interface ethernet 1/1
   interface ethernet 1/1
    switchport allowed vlan add 2 tagged
    service-policy input CoS-test
   
   !

1. Exec mode: configure
2. Configure mode: interface ethernet 1/1
3. Configure mode: interface vlan 1
4. Interface-eth mode: shutdown
5. Interface-vlan mode: ip address

1. Setup FreeRadius Server
2. Configure client
3. Configure switch
4. Verify

1. Setup FreeRadius Server

0. Install freeradius server to Ubuntu((Ubuntu 14.04) as follow command:
   FreeRadius ~ # apt-get install freeradius -y
1. Configure “users” and “clients.conf” file

• Username “tsCommonName”.  It must be as same as commonName in the client.cnf (refer to step 3)
• “Tunnel-Private-Group-ID” parameter is for dynamically adding VLAN

2. Download the FreeRadius source code from https://freeradius.org/

3. Modify ca files: server.cnf / client.cnf 
   server.cnf: modify output_password (path: /etc/freeradius/certs/server.cnf)
   

• commonName need same as “Username” in users file

4. Launch bootstrap script (path: /etc/freeradius/certs/bootstrap )
   FreeRadius certs # ./bootstrap
5. Copy “ca.pem”, “client.key” and “[email protected]” (which is as same as “emailAddress” parameter) to Client.

6. Modify eap.conf file (path: /etc/freeradius/eap.conf)

1. Change default_eap_type to tls

2. Remove(delete or comment) the make_cert_command

3. Change “private_key_password” value as same as server.cnf’s output_password.

7. After all Server side configuration is finished, restart the FreeRadius server.

1. FreeRadius freeradius # Service freeradius start => start server normally or
2. FreeRadius freeradius # Freeradius -X => start server with debug mode.

2. Configure client

1. Get the three files at configure server, please refer to “Setup FreeRadius Server” step 5

3. Configure Client’s network configure

3. Configure switch

1. Switch IP:
   Console#configure
   Console(config)#interface vlan 1
   Console(config-if)#ip address 192.168.2.46/20

2. Switch Vlan:
   Console(config)#vlan database
   Console(config-vlan)#vlan 3

4. Verify

1. Prepare two types of ARP packets.
   A. The sender MAC address of ARP header is different from source MAC address of Ethernet header.
   
   B. The sender MAC address of ARP header is the same as source MAC address of Ethernet header.
2. Configure MAC ACL to permit the source MAC address of ARP packet and deny other packets.
   Console(config)#access-list mac test
   Console(config-mac-acl)#permit host 0C-C4-7A-06-FB-11 any
   Console(config-mac-acl)#deny any any
    
3. Apply this MAC ACL to ingress of port 1.
   Console(config)#interface ethernet 1/1
   Console(config-if)#mac access-group test in
    
4. Inject these two ARP packets to the port 1. Thus, the switch forwards B-ARP packet but filter A-ARP packet by MAC ACL. 

1. Topology

2. VRRP Master(ECS4620_Master) configuration:

• Basic configuration (detail configuration please refer to Appendix)

1. Create VLAN 11-13
2. Configure VLAN IP address
3. Set each port allow VLAN

4. Disable Spanning-tree on downlink port(#1, #2)
5. Set default route to VLAN 13

• VRRP configuration(virtual IP addresses for VLAN 11 and VLAN 12)

3. VRRP Backup(ECS4620_Back_up) configuration

• Basic configuration (detail configuration please refer to Appendix)

1. Create VLAN 11-13
2. Configure VLAN IP address
3. Set each ports’ allow VLAN

4. Disable Spanning-tree at downlink port(#1, #2)
5. Set default route to VLAN 13

• VRRP configuration(virtual IP addresses for VLAN 11 and VLAN 12)

4. Check VRRP status on VRRP Master and Backup

1. Show VRRP [ID]

2. Show VRRP brief

5. Server/Client configure

Server Side	Client Side

• Basic configure

• Basic configure

1. Create VLAN 11-13

5. Set default route to vlan 13

1. Port 1 enable sticky MAC, and connect a PC on it. The PC's MAC address was learned on port 1.

2. Disconnect the PC’s link which connect to the hub, and move to port 2. Then the PC will fail to access the network through the port2 due to the MAC address was already learned on port1.

1. LACP enable port
2. Spanning Tree enabled port

1.PPPoE IA - Circuit ID and Remote ID

2.DHCP Relay Agent Information Option

ECS2100 series firmware version v1.2.2.12 and above has a new software enhancement which support Layer 2 / Layer 3 DHCP Relay function. And the user may choose to use the L2 or L3 DHCP Relay by following commands (Default is L3). 

The setting for Layer 2 DHCP Relay
 

Console(config)#ip dhcp l2 relay

The setting for Layer 3 DHCP Relay
 

Console(config)#ip dhcp l3 relay

When the client and DHCP server are in the same VLAN and subnet, the client may obtain the IP address from DHCP server directly. However, in practical network, clients might be in the different subnet and VLAN, then DHCP Relay function can help to get the IP address from DHCP server which is in the different subnet.

- L2 DHCP Relay

The L2 DHCP Relay function can be used to add the suboption information (DHCP Option 82.) and the DHCP server may refer it to assigns the corresponding IP address.

Topology:

Configuration on ECS2100-28T:

1) Configure the port 2 to VLAN 2.
 

Console(config)#interface ethernet 1/2
Console(config-if)#switchport native vlan 2
Console(config-if)#switchport mode access

2) Set IP address on VLAN interface.
 

Console(config)#int vlan 1
Console(config-if)#ip address 192.168.1.1/24
Console(config-if)#exit

3) Enable the L2 DHCP relay and configure the IP address of DHCP server.
 

Console(config)#ip dhcp l2 relay
Console(config)#ip dhcp relay information option
Console(config)#ip dhcp relay server 192.168.1.254

L2 DHCP Relay packet forwarding procedures:

In this example, the client will get the IP address in the range of 192.168.2.240~192.168.250 from the DHCP server. 

==================================================================

- L3 DHCP Relay

The L3 DHCP Relay function will convent the DHCP broadcast packet into the unicast packet and add the DHCP Relay agent IP address. Then DHCP server can refer to the Relay agent IP address to assigns the corresponding IP address.

Topology:

Configuration on ECS2100-28T:

1) Configure the port 2 to VLAN 2 and port 3 to VLAN 3.
 

Console(config)#interface ethernet 1/2
Console(config-if)#switchport native vlan 2
Console(config-if)#switchport mode access
Console(config-if)#exit
Console(config)#interface ethernet 1/3
Console(config-if)#switchport native vlan 3
Console(config-if)#switchport mode access
Console(config-if)#exit

2) Set IP address on VLAN interface.
 

Console(config)#int vlan 1
Console(config-if)#ip address 192.168.1.1/24
Console(config-if)#exit
Console(config)#int vlan 2
Console(config-if)#ip address 192.168.2.1/24
Console(config-if)#exit
Console(config)#int vlan 3
Console(config-if)#ip address 192.168.3.1/24
Console(config-if)#exit

3) Enable the L3 DHCP relay and configure DHCP relay server on VLAN interface.
 

Console(config)#ip dhcp l3 relay
Console(config)#int vlan 2
Console(config-if)#ip dhcp relay server 192.168.1.254
Console(config-if)#exit
Console(config)#int vlan 3
Console(config-if)#ip dhcp relay server 192.168.1.254
Console(config-if)#exit

L3 DHCP Relay packet forwarding procedures:

Example of client B.

In this example, 
Client A can get the IP address in the range of 192.168.2.240-250 the DHCP server.
Client B can get the IP address in the range of 192.168.3.240-250 the DHCP server.

How to upgrade ECS4120 loader version to extend the ECC (Error Correcting code) support?

The ECS4120 Loader version 0.0.3.1 support ECC (Error Correcting code).

Environment and Preparation:

1. The ECS4120 switch MUST with the loader version 0.0.2.6 or 0.0.3.0. Check it by the command "show version". (If your version is not 0.0.2.6 or 0.0.3.0, please DO NOT run the script.)
2. Windows PC(Win7, Win8 or Win10) with one Serial COM port
3. Script - ECS4120_uboot_upgrade_v2.0.0.zip

Configuration: Modify config.ini

• [serial] section: Serial COM port

Caution: DO NOT modify [product] section's "type" parameter in the config.ini

Example:

How to check Serial COM port on the PC?

In Device Manager (Start -> Run -> devmgmt.msc)

Caution:

Before running the script, please turn OFF all the terminals on the PC and power OFF the Switch.

Upgrade loader:

Step 1: Run the script “uboot_upgarde.exe”.

Double click “uboot_upgrade.exe” to run the script.

Step 2: Power ON the switch

The script will execute automatically.

After upgrading, uboot_upgrade.exe will close by itself.

Caution:

When running the script, please DO NOT remove the console cable and unplug the power cord.

If it failed to upgrade, please send your request and log file to [email protected].

Supported models: ECS4120 series (V1.2.2.13)

SNMPSET command format.

snmpset -v 2c -c private {switch IP Address} {inetCidrRouteStatus}.{IPv4 or IPv6}.{Destination network segment}.{mask}.{IPv4 or IPv6}.{Next hop} {integer} {value}

{inetCidrRouteStatus}

• OID: 1.3.6.1.2.1.4.24.7.1.17

{IPv4 or IPv6} 

• IPv4 OID: 1.4    -->  1 = IPv4 , 4 = IPv4 address is 4 byte.
• IPv6 OID: 2.16  -->  2 = IPv6 , 16 = IPv6 address is 16 byte. (Please indicate in decimal. e.g. 2002::1 = 32.2.0.0.0.0.0.0.0.0.0.0.0.0.0.1)

{value}

• 4 = Active 
• 6 = Destroy

Configure IPv4 static route via SNMP.

• Adding a IPv4 static route as follow: 

  ip route 192.168.87.0 255.255.255.0 192.168.2.11

• NET-SNMP command: 

  snmpset -v 2c -c private 192.168.2.10 1.3.6.1.2.1.4.24.7.1.17.1.4.192.168.87.0.24.1.4.192.168.2.11 i 4

The basic DHCPSNP topology and configuration on the switch as below.

Original Behavior: (Not support “vlan-flooding” command or “vlan-flooding” enabled.)

When the switch enabled DHCPSNP function globally, the client will request the IP address by sending out the DHCP packets (Discover/Request) to untrust port.

This DHCP packet belongs to the vlan which includes in DHCPSNP enable vlan list, the switch will forward it to trust port only which is also the vlan member.

If this DHCP packet belongs to the vlan which doesn’t include in DHCPSNP enable vlan list, the switch will forward/flood it to ALL other ports which are also the vlan member.

Disabled DHCPSNP vlan-flooding Behavior: (vlan-flooding is enabled on switch by default.)

The mechanism is the same when the DHCP packet belongs to the vlan which includes in DHCPSNP enable vlan list.

However, if this DHCP packet belongs to the vlan which doesn’t include in DHCPSNP enable vlan list, the switch will NOT forward/flood it to any other port which is also the vlan member.

The user could easily configure how the DHCP packets forward on switch ports.

[Result]
When the DHCP packets - Discover/Request from the clients is received.
​

Configuration via CLI/WEB/SNMP.

CLI command

Default is vlan-flooding enabled.

Console#con

Console(config)#interface ethernet 1/1

Console(config-if)#ip dhcp snooping vlan-flooding             ---> Enabled

or

Console(config-if)#no ip dhcp snooping vlan-flooding          ---> Disabled

WEB

Security > DHCP Snooping > Step: 3. Configure Interface > Enabled/Disabled Vlan Flooding

SNMP

[SNMPSET command format]

snmpset -v 2c -c private {switch ip} {dhcpSnoopPortVlanFlooding}.{dhcpSnoopPortIfIndex} {integer} {value}

For dhcpSnoopPortVlanFlooding, OID 1.3.6.1.4.1.259.10.1.45.1.46.3.1.1.7

 Set OID 1.3.6.1.4.1.259.10.1.45.1.46.3.1.1.7 to enabled(1) vlan flooding.

 Set OID 1.3.6.1.4.1.259.10.1.45.1.46.3.1.1.7 to disabled(2) vlan flooding.

For dhcpSnoopPortIfIndex: The port interface of dhcpSnoopPortIfIndex

 The ifIndex value of the port or trunk.

Enabled vlan flooding.

Disabled vlan flooding.

Support models and software version:

ECS4120 series v1.2.2.23 and above

• Enable IPv6 source guard or IPv6 prefix guard on port interface configuration and set maximum binding number.

ipv6 source-guard { sip | sdp | max-binding }

Console#con
Console(config)#interface ethernet 1/1
Console(config-if)#ipv6 source-guard sdp
Console(config-if)#ipv6 source-guard max-binding 3
Console(config-if)#end
Console#show ipv6 source-guard
Interface   Filter-type   Max-binding
---------   -----------   -----------
Eth 1/1     SDP                     3
Eth 1/2     DISABLED                5
Eth 1/3     DISABLED                5

• Add static IPv6 source guard or IPv6 prefix guard binding entry on global configuration mode.

ipv6 source-guard binding Mac-Address vlan VLAN_ID { IPv6-Address | IPv6-Prefix } interface ethernet Unit/Port

Console#con
Console(config)#ipv6 source-guard binding 90-E6-BA-63-96-CD vlan 1 2001:b000:2::/64 interface ethernet 1/21
Console(config)#end
Console#show ipv6 source-guard binding
DHCPV6SNP:
 DHCP - Stateful address
NDSNP:
 ND - Stateless address
STA - Static IPv6 source guard binding

MAC Address    IPv6 Address/IPv6 Prefix                VLAN Interface Type
-------------- --------------------------------------- ---- --------- ----
90E6-BA63-96CD                        2001:b000:2::/64    1  Eth 1/21  STA

• Enable IPv6 source guard or IPv6 prefix guard on port interface configuration and set maximum binding number.

• Add static ipv6 source guard or ipv6 prefix guard binding entry on the switch.

• Enable IPv6 source guard or IPv6 prefix guard on port interface configuration and set maximum binding number.

C:\>snmpwalk -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.1.1.2.24
SNMPv2-SMI::enterprises.259.10.1.45.1.74.1.1.2.24 = INTEGER: 1

C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.1.1.2.24 i 3
SNMPv2-SMI::enterprises.259.10.1.45.1.74.1.1.2.24 = INTEGER: 3

C:\>snmpwalk -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.1.1.2.24
SNMPv2-SMI::enterprises.259.10.1.45.1.74.1.1.2.24 = INTEGER: 3

C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.1.1.3.24 i 3
SNMPv2-SMI::enterprises.259.10.1.45.1.74.1.1.3.24 = INTEGER: 3

Console#show ipv6 source-guard
Interface   Filter-type   Max-binding
---------   -----------   -----------
Eth 1/23    DISABLED                5
Eth 1/24    SDP                     3
Eth 1/25    DISABLED                5

• Add a static IPv6 source guard or IPv6 prefix guard binding entry on the switch.

Console#show ipv6 source-guard binding
DHCPV6SNP:
 DHCP - Stateful address
NDSNP:
 ND - Stateless address
STA - Static IPv6 source guard binding

MAC Address    IPv6 Address/IPv6 Prefix                VLAN Interface Type
-------------- --------------------------------------- ---- --------- ----
382C-4A77-DD37                      2001:db8:2222::/64    1  Eth 1/24 DHCP

C:\>snmpwalk -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.4.2.56.44.74.119.221.55.32.1.13.184.34.34.0.0.0.0.0.0.0.0.0.0.64.2 = Gauge32: 1  -> VLAN=1
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.5.2.56.44.74.119.221.55.32.1.13.184.34.34.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 24  -> Port=Eth1/24
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.6.2.56.44.74.119.221.55.32.1.13.184.34.34.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 1  -> Status=Active(1)

C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1.6.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 i 5
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.6.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 5

C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1.4.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 u 1
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.4.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 = Gauge32: 1

C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1.5.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 i 21
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.5.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 21

C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1.6.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 i 1
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.6.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 1

SW1#configure
SW1(config)#interface ethernet 1/1
SW1(config-if)#switchport allowed vlan add 100,200,300 tagged
SW1(config-if)#exit
SW1(config)#interface ethernet 1/25
SW1(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#interface ethernet 1/26
SW1(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#erps
SW1(config)#erps vlan-group group1 add 10,100
SW1(config)#erps vlan-group group2 add 20,200
SW1(config)#erps ring Ring
SW1(config-erps-ring)#ring-port west interface ethernet 1/25
SW1(config-erps-ring)#ring-port east interface ethernet 1/26
SW1(config-erps-ring)#enable
SW1(config-erps-ring)#exit
SW1(config)#erps instance inst1 id 1
SW1(config-erps-inst)#control-vlan 10
SW1(config-erps-inst)#rpl owner
SW1(config-erps-inst)#physical-ring Ring
SW1(config-erps-inst)#inclusion-vlan group1
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#exit
SW1(config)#erps instance inst2 id 2
SW1(config-erps-inst)#control-vlan 20
SW1(config-erps-inst)#physical-ring Ring
SW1(config-erps-inst)#inclusion-vlan group2
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#end

SW2#configure
SW2(config)#interface ethernet 1/1
SW2(config-if)#switchport allowed vlan add 100,200,300 tagged
SW2(config-if)#exit
SW2(config)#interface ethernet 1/25
SW2(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#interface ethernet 1/26
SW2(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#erps
SW2(config)#erps vlan-group group1 add 10,100
SW2(config)#erps vlan-group group2 add 20,200
SW2(config)#erps ring Ring
SW2(config-erps-ring)#ring-port west interface ethernet 1/25
SW2(config-erps-ring)#ring-port east interface ethernet 1/26
SW2(config-erps-ring)#enable
SW2(config-erps-ring)#exit
SW2(config)#erps instance inst1 id 1
SW2(config-erps-inst)#control-vlan 10
SW2(config-erps-inst)#physical-ring Ring
SW2(config-erps-inst)#inclusion-vlan group1
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#exit
SW2(config)#erps instance inst2 id 2
SW2(config-erps-inst)#control-vlan 20
SW2(config-erps-inst)#physical-ring Ring
SW2(config-erps-inst)#inclusion-vlan group2
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#end

SW3#configure
SW3(config)#interface ethernet 1/1
SW3(config-if)#switchport allowed vlan add 100,200,300 tagged
SW3(config-if)#exit
SW3(config)#interface ethernet 1/25
SW3(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW3(config-if)#spanning-tree spanning-disabled
SW3(config-if)#exit
SW3(config)#interface ethernet 1/26
SW3(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW3(config-if)#spanning-tree spanning-disabled
SW3(config-if)#exit
SW3(config)#erps
SW3(config)#erps vlan-group group1 add 10,100
SW3(config)#erps vlan-group group2 add 20,200
SW3(config)#erps ring Ring
SW3(config-erps-ring)#ring-port west interface ethernet 1/25
SW3(config-erps-ring)#ring-port east interface ethernet 1/26
SW3(config-erps-ring)#enable
SW3(config-erps-ring)#exit
SW3(config)#erps instance inst1 id 1
SW3(config-erps-inst)#control-vlan 10
SW3(config-erps-inst)#physical-ring Ring
SW3(config-erps-inst)#inclusion-vlan group1
SW3(config-erps-inst)#enable
SW3(config-erps-inst)#exit
SW3(config)#erps instance inst2 id 2
SW3(config-erps-inst)#control-vlan 20
SW3(config-erps-inst)#rpl owner
SW3(config-erps-inst)#physical-ring Ring
SW3(config-erps-inst)#inclusion-vlan group2
SW3(config-erps-inst)#enable
SW3(config-erps-inst)#end

SW1(config)#erps vlan-group group3 add 300
SW1(config)#erps ring Ring
SW1(config-erps-ring)#no enable
SW1(config-erps-ring)#exclusion-vlan group3
SW1(config-erps-ring)#enable

SW2(config)#erps vlan-group group3 add 300
SW2(config)#erps ring Ring
SW2(config-erps-ring)#no enable
SW2(config-erps-ring)#exclusion-vlan group3
SW2(config-erps-ring)#enable

SW4(config)#erps vlan-group group3 add 300
SW4(config)#erps ring Ring
SW4(config-erps-ring)#no enable
SW4(config-erps-ring)#exclusion-vlan group3
SW4(config-erps-ring)#enable

The management agent of Edgecore switches support SNMP (Simple Network Management Protocol).
This SNMP agent permits the switch to be managed from any system in the network using network management software.

Zabbix:

Zabbix is an open-source tool for monitoring the status of the server and device (switch, router...etc).

Available platforms:

OS: Ubuntu, CentOS, MAC

Necessary tool: Docker 

Install the Zabbix procedure:

Step 1: Make sure the Docker is installed on this device.

Step 2: Get the repository on the GitHub. (https://github.com/zabbix/zabbix-docker.git)

git clone https://github.com/zabbix/zabbix-docker.git

Step 3: Enter the folder of the zabbix-docker

cd zabbix-docker

Step 4: Install and start up the Zabbix service.

docker-compose -f docker-compose_v3_alpine_mysql_latest.yaml up -d

Step 5: Open the web browser. (http://Your Server IP Address)

Username: Admin

Password: zabbix

Create the template for Edgecore switch:

This example is monitoring the temperature of the ECS4120-28T.

Procedure:

Step 1: Create the template

Configuration -> Templates -> Create template

Step 2: Create the host

Configuration -> Hosts -> Create host

Step 3: Create an application on the host.

ECS4120-28T -> Application -> Create application

Step 4: Create an item on the host.

ECS4120-28T -> Item -> Create item

Step 5: On the home page, create a graph of temperature on the Dashboard.

Zabbix -> edit dashboard -> Add widget

Step 6: Now, you can monitor the temperature of the ECS4120 Series via the Zabbix.

Topology

A. Configuration

B. Check ERPS status

ERPS status on S1 (RPL Owner)

ERPS status on S3

ERPS status on S5

C. Disconnect the link between Agg2 and S5.

With ERPS recovery procedure, the RPL owner node detects a failed link when it receives R-APS (SF - signal fault) messages from nodes adjacent to the failed link. The RPL owner then enters protection state by unblocking the West port. However, using this standard recovery procedure may cause a non-EPRS device to become isolated when the ERPS device adjacent to it detects a continuity check message (CCM) loss event and blocks the link between the non-ERPS device and ERPS device.

ERPS domain status on S1

ERPS domain status on S5

D. Enable non-ERPS device protection

If non-ERPS device protection is enabled on the ring, the ring ports on the RPL owner node and non-owner nodes will not be blocked when signal loss is detected by CCM loss events. When non-ERPS device protection is enabled on a RPL owner node, it will send non-standard health-check packets to poll the ring health when it enters the protection state.

Enable non-ERPS device protection on S1 and S5.

When ERPS status was changed to protection mode, port 24 on S1 become forwarding, and non-ERPS device will not be isolated.

ERPS and domain status on S1

Topology:

Before we apply the ACL to switch, we can access to WEB/FTP service and ping.

1) Set ACL depend on IP address.
Configuration:
*Create ACL "aclip" and set rule. (Deny client access to the specific IP.)
Console(config)# access-list ip extended aclip
Console(config-ext-acl)# deny ip host 192.168.20.10 host 192.168.20.150
Console(config-ext-acl)# exit
*Apply the ACL to specific port on switch.
Console(config)# interface ethernet 1/2
Console(config-if)# ip access-group aclip in

 
Results:
Client (192.168.20.10) cannot ping and access to WEB and FTP (192.168.20.150), but available Ping to others IP address.

2) Set ACL depend on IP and TCP.
Configuration:
*Create ACL "acltcp" and set rule. (Deny client using TCP access to the specific IP.)
Console(config)#access-list ip extended acltcp
Console(config-ext-acl)#deny tcp host 192.168.20.10 host 192.168.20.150
Console(config-ext-acl)#exit
*Apply ACL to specific port on switch.
Console(config)#int ethernet 1/2
Console(config-if)#ip access-group acltcp in

Results:
Client (192.168.20.10) cannot access to WEB and FTP, but available Ping and access to TFTP (192.168.20.150).

3) Set ACL depend on IP and UDP.
Configuration:
*Create ACL "acludp" and set rule. (Deny client using UDP access to specific IP)
Console(config)#access-list ip extended acludp
Console(config-ext-acl)#deny udp host 192.168.20.10 host 192.168.20.150
Console(config-ext-acl)#exit
*Apply ACL to specific port on switch.
Console(config)#int ethernet 1/2
Console(config-if)#ip access-group acludp in

Results:
Client (192.168.20.10) cannot access to TFTP, but available Ping and access to the WEB/FTP (192.168.20.150).

4) Set the ACL depend on IP and port number.
Configuration:
*Create ACL "aclport" and set rule. (Deny client access specific IP address and port number.)
Console(config)#access-list ip extended aclport
Console(config-ext-acl)#deny host 192.168.20.10 host 192.168.20.150 destination-port 21
Console(config-ext-acl)#exit
*Apply the ACL to specific port on switch.
Console(config)#int ethernet 1/2
Console(config-if)#ip access-group aclport in

Results:
Client (192.168.20.10) cannot access FTP, but available Ping and access to WEB/TFTP (192.168.20.150).

1. Configure the freeRADIUS server

1. Set IP address on VLAN 1

1. Specifies the RADIUS servers and the corresponding secret key

1. Enables dot1x globally on the switch

1. Enables dot1x mode and dynamic QoS feature on port 1

1. Enables authentication methods with the MD5-Challenge on the TESTPC1's network card.

1. Connect the PC to the switch port 1 then click the pop-up message.
    
2. Enter the username and password.

1. Check the result.

Once a network system is set-up, administrators want to monitor and collect traffic if necessary. In the past, traffic is only allowed to be collected and analyzed in that DUT (Device under Testing). It would be much trouble if Duts are far away from office, for example, 100 miles away and distributed in several places.

RSPAN solves this problem. It is a remote control mechanism that does traffic-collecting not only on that Dut but those connected to Dut. Once testing switch is connected to remote switch, RSPAN copies the packages flowed in testing switch to the remote switch. In such way, administrators could monitor several different switches by just monitoring the traffic copied to the remote switch, and could stay in remote office without travelling hundred miles away.

ES3528MV2 is a newly launched Edgecore's L2 Fast Ethernet Standalone Switch. It supports RSPAN and speeds up traffic-collecting. Administrators could monitor the traffic by the following steps:

• How to monitor the traffic of PC1 in a different VLAN of a remote switch

On Switch 1
1. Create VLAN 2
SW1(config)#vlan database
SW1(config-vlan)#vlan 2 media ethernet

 2. Assign port 1 and port 2 to VLAN 2 access port
SW1(config)# interface ethernet 1/1-2
SW1(config-if)#switchport allowed vlan add 2
SW1(config)#switchport native vlan 2
SW1(config-if)#switchport allowed vlan remove 1
SW1(config)#exit

3. Enable RSPAN on VLAN 100
SW1(config)#vlan database
SW1(config-vlan)#vlan 100 media  ethernet rspan
SW1(config-vlan)#exit

4. RSPAN Source device setting
SW1(config)#rspan session 1 source interface ethernet 1/1
SW1(config)#rspan session 1 remote vlan 100 source uplink ethernet 1/27

On Switch 2
1. Enable RSPAN on VLAN 100
SW2(config)#vlan database
SW2(config-vlan)#vlan 100 media ethernet rspan
SW2(config-vlan)#ex

2. RSPAN Destiatnion device setting
SW2(config)#rspan session 1 destination interface ethernet 1/1 tagged
SW2(config)#$on 1 remote vlan 100 destination uplink ethernet 1/27

• How to verify the RSPAN function is working or not?

From Switch 1

SW1#sh rspan session 1
RSPAN Session ID                : 1
Source Ports (mirrored ports)
  RX Only                       : None
  TX Only                       : None
  BOTH                          : Eth 1/1
Destination Port (monitor port) : None
Destination Tagged Mode         : None
Switch Role                     : Source
RSPAN VLAN                      : 100
RSPAN Uplink Ports              : Eth 1/27
Operation Status                : Up

SW1#sh vlan

VLAN ID             : 1
Type                : Static
Name                : DefaultVlan
Status              : Active
Ports/Port Channels : Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S) Eth1/ 6(S) Eth1/ 7(S)
                      Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S) Eth1/11(S) Eth1/12(S)
                      Eth1/13(S) Eth1/14(S) Eth1/15(S) Eth1/16(S) Eth1/17(S)
                      Eth1/18(S) Eth1/19(S) Eth1/20(S) Eth1/21(S) Eth1/22(S)
                      Eth1/23(S) Eth1/24(S) Eth1/25(S) Eth1/26(S) Eth1/27(S)
                      Eth1/28(S)

VLAN ID             : 2
Type                : Static
Name                :
Status              : Active
Ports/Port Channels : Eth1/ 1(S) Eth1/ 2(S)

Remote SPAN VLANs
------------------------------------------------

VLAN ID             : 100
Type                : Static
Name                :
Status              : Active

SW1#
SW1#show interfaces switchport ethernet 1/1
Information of Eth 1/1
 Broadcast Threshold           : Enabled, 64 Kbits/second
 Multicast Threshold           : Disabled
 Unknown Unicast Threshold     : Disabled
 LACP Status                   : Disabled
 Ingress Rate Limit            : Disabled, 64 Kbits per second
 Egress Rate Limit             : Disabled, 100000 Kbits per second
 VLAN Membership Mode          : Hybrid
 Ingress Rule                  : Disabled
 Acceptable Frame Type         : All frames
 Native VLAN                   : 2
 Priority for Untagged Traffic : 0
 GVRP Status                   : Disabled
 Allowed VLAN                  :     2(u)
 Forbidden VLAN                :
 802.1Q Tunnel Status          : Disabled
 802.1Q Tunnel Mode            : Normal
 802.1Q Tunnel TPID            : 8100 (Hex)
 Layer 2 Protocol Tunnel       : None

SW1#show interfaces switchport ethernet 1/27
Information of Eth 1/27
 Broadcast Threshold           : Enabled, 64 Kbits/second
 Multicast Threshold           : Disabled
 Unknown Unicast Threshold     : Disabled
 LACP Status                   : Disabled
 Ingress Rate Limit            : Disabled, 64 Kbits per second
 Egress Rate Limit             : Disabled, 1000000 Kbits per second
 VLAN Membership Mode          : Hybrid
 Ingress Rule                  : Disabled
 Acceptable Frame Type         : All frames
 Native VLAN                   : 1
 Priority for Untagged Traffic : 0
 GVRP Status                   : Disabled
 Allowed VLAN                  :     1(u)
 Forbidden VLAN                :
 802.1Q Tunnel Status          : Disabled
 802.1Q Tunnel Mode            : Normal
 802.1Q Tunnel TPID            : 8100 (Hex)
 Layer 2 Protocol Tunnel       : None
SW1#

====================================================================
From Switch 2

SW2#sh rspan session 1
RSPAN Session ID                : 1
Source Ports (mirrored ports)   : None
  RX Only                       : None
  TX Only                       : None
  BOTH                          : None
Destination Port (monitor port) : Eth 1/1
Destination Tagged Mode         : Tagged
Switch Role                     : Destination
RSPAN VLAN                      : 100
RSPAN Uplink Ports              : Eth 1/27
Operation Status                : Up

SW2#show vlan

VLAN ID             : 1
Type                : Static
Name                : DefaultVlan
Status              : Active
Ports/Port Channels : Eth1/ 1(S) Eth1/ 2(S) Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S)
                      Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S)
                      Eth1/11(S) Eth1/12(S) Eth1/13(S) Eth1/14(S) Eth1/15(S)
                      Eth1/16(S) Eth1/17(S) Eth1/18(S) Eth1/19(S) Eth1/20(S)
                      Eth1/21(S) Eth1/22(S) Eth1/23(S) Eth1/24(S) Eth1/25(S)
                      Eth1/26(S) Eth1/27(S) Eth1/28(S)

Remote SPAN VLANs
------------------------------------------------

VLAN ID             : 100
Type                : Static
Name                :
Status              : Active

SW2#sh int sw e 1/1
Information of Eth 1/1
 Broadcast Threshold           : Enabled, 64 Kbits/second
 Multicast Threshold           : Disabled
 Unknown Unicast Threshold     : Disabled
 LACP Status                   : Disabled
 Ingress Rate Limit            : Disabled, 64 Kbits per second
 Egress Rate Limit             : Disabled, 100000 Kbits per second
 VLAN Membership Mode          : Hybrid
 Ingress Rule                  : Disabled
 Acceptable Frame Type         : All frames
 Native VLAN                   : 1
 Priority for Untagged Traffic : 0
 GVRP Status                   : Disabled
 Allowed VLAN                  :     1(u)
 Forbidden VLAN                :
 802.1Q Tunnel Status          : Disabled
 802.1Q Tunnel Mode            : Normal
 802.1Q Tunnel TPID            : 8100 (Hex)
 Layer 2 Protocol Tunnel       : None
SW2#sh int sw e 1/27
Information of Eth 1/27
 Broadcast Threshold           : Enabled, 64 Kbits/second
 Multicast Threshold           : Disabled
 Unknown Unicast Threshold     : Disabled
 LACP Status                   : Disabled
 Ingress Rate Limit            : Disabled, 64 Kbits per second
 Egress Rate Limit             : Disabled, 1000000 Kbits per second
 VLAN Membership Mode          : Hybrid
 Ingress Rule                  : Enabled
 Acceptable Frame Type         : All frames
 Native VLAN                   : 1
 Priority for Untagged Traffic : 0
 GVRP Status                   : Disabled
 Allowed VLAN                  :     1(u)
 Forbidden VLAN                :
 802.1Q Tunnel Status          : Disabled
 802.1Q Tunnel Mode            : Normal
 802.1Q Tunnel TPID            : 8100 (Hex)
 Layer 2 Protocol Tunnel       : None

1. Level 0 to 7 is for the normal user.
2. Level 8 to 14 is for the manager.  This level cannot configure several functions which belong to level 15. EX: DHCPSNP, IPSG, AAA.
3. Level 15 is the top level for the administrator.  And, this level can configure all  functions of the switch. Also, administrator may add/remove the commands to/from user privilege 0~14.

1. The ECS4620 or ECS4510 switch
2. Windows PC(Win7, Win8 or Win10) with one Serial COM port and one RJ45 port
3. Download and Unzip Script file 

• [serial] section: Serial COM port
• [tftp]section: tftp client and server's IP address