
ON-LINE SUPPORT OFFERING TECHNICAL AND SERVICE SUPPORT IN TIME
FAQ
GARP VLAN registration protocol (GVRP) can exchange VLAN configuration information dynamically. When the switch receives VLAN information and GARP VLAN Registration Protocol, the receiving interface joins that VLAN. If an interface VLAN does not exist , the switch will creates the VLAN automatically.
The GVRP max member of automatically creates the VLAN is 256.
Support Models
ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS5520 series, ECS4530 series, ECS2100 series, ECS2110 series, ECS3510 series
4100 switch1 config:
Console#configure
Console(config)#vlan database
Console(config-vlan)#vlan 10,20,30
Console(config-vlan)#exit
Console(config)#interface vlan 10
Console(config-if)#interface vlan 20
Console(config-if)#interface vlan 30
Console(config-if)#exit
Console(config)#bridge-ext gvrp
Console(config)#interface ethernet 1/1
Console(config-if)#switchport gvrp
Console(config-if)#exit
Console(config)#interface ethernet 1/11
Console(config-if)#switchport allowed vlan add 10,20,30
4100 switch2 config:
Console#configure
Console(config)#bridge-ext gvrp
Console(config)#interface ethernet 1/1
Console(config-if)#switchport gvrp
Show ip interface to check VLAN on 4100 switch1 :
VLAN 10,20,30 Administrative up must be Link Up status
Show vlan on 4100 switch1 :
VLAN 10,20,30 type should be static
Show vlan on 4100 switch2 :
VLAN 10,20,30 type should be Dynamic
The BGP(Border Gateway Protocol) is to exchange network reachability information with other BGP systems.This network reachability information includes information on the list of Autonomous Systems (ASes).
IBGP(Internal BGP) means the connection between internal peer that is in the same Autonomous System as the local system. EBGP(External BGP) means the connection between external peer that is in a different Autonomous System than the local system.
Scenario:
Procedure:
Switch_01 Configuration:
Step 1: BGP global config. Apply VLAN on port and configure VLAN's IP address.
sw1#
sw1#configure
sw1(config)#router bgp 65000
sw1(config-router)#network 192.168.1.0 255.255.255.0
sw1(config-router)#neighbor 2.2.2.2 remote-as 65001
sw1(config-router)#exit
sw1(config)#vlan database
sw1(config-vlan)#vlan 2
sw1(config-vlan)#exit
sw1(config)#interface vlan 1
sw1(config-if)#ip address 192.168.1.254/24
sw1(config-if)#exit
sw1(config)#interface vlan 2
sw1(config-if)#ip address 2.2.2.1/24
sw1(config-if)#
sw1(config-if)#exit
sw1(config)#interface ethernet 1/11
sw1(config-if)#switchport allowed vlan add 2
sw1(config-if)#switchport native vlan 2
sw1(config-if)#
Switch_02 Configuration:
Step 1: BGP global config. Apply VLAN on port and configure VLAN's IP address.
sw2#
sw2#configre
sw2(config)#router bgp 65001
sw2(config-router)#network 2.2.2.0 255.255.255.0
sw2(config-router)#network 3.3.3.0 255.255.255.0
sw2(config-router)#neighbor 2.2.2.1 remote-as 65000
sw2(config-router)#neighbor 3.3.3.2 remote-as 65002
sw2(config-router)#exit
sw2(config)#vlan database
sw2(config-vlan)#vlan 2,3
sw2(config-vlan)#exit
sw2(config)#interface vlan 2
sw2(config-if)#ip address 2.2.2.2/24
sw2(config)#interface vlan 3
sw2(config-if)#ip address 3.3.3.1/24
sw2(config-if)#
sw2(config-if)#exit
sw2(config)#interface ethernet 1/11
sw2(config-if)#switchport allowed vlan add 2
sw2(config-if)#switchport native vlan 2
sw2(config-if)#
sw2(config)#interface ethernet 1/23
sw2(config-if)#switchport allowed vlan add 3
sw2(config-if)#switchport native vlan 3
sw2(config-if)#
Switch_03 Configuration:
Step 1: BGP global config. Apply VLAN on port and configure VLAN's IP address.
sw3#
sw3#configre
sw3(config)#router bgp 65002
sw3(config-router)#network 192.168.2.0 255.255.255.0
sw3(config-router)#neighbor 3.3.3.1 remote-as 65001
sw3(config-router)#exit
sw3(config)#vlan database
sw3(config-vlan)#vlan 3,4
sw3(config-vlan)#exit
sw3(config)#interface vlan 3
sw3(config-if)#ip address 3.3.3.2/24
sw3(config-if)#exit
sw3(config)#interface vlan 4
sw3(config-if)#ip address 192.168.2.254/24
sw3(config-if)#
sw3(config-if)#exit
sw3(config)#interface ethernet 1/1
sw3(config-if)#switchport allowed vlan add 4
sw3(config-if)#switchport native vlan 4
sw3(config)#interface ethernet 1/23
sw3(config-if)#switchport allowed vlan add 3
sw3(config-if)#switchport native vlan 3
sw3(config-if)#
bgp status:
SW1:
display the AS number and neighbor
display the routing table
SW2:
display the AS number and neighbor
display the routing table
SW3:
display the AS number and neighbor
display the routing table
Scenario:
Configuration on SW1:
Setup VLAN
SW1#configure
SW1(config)#interface ethernet 1/1
SW1(config-if)#switchport allowed vlan add 10 untagged
SW1(config-if)#switchport native vlan 10
SW1(config-if)#switchport allowed vlan remove 1
SW1(config-if)#interface ethernet 1/12
SW1(config-if)#switchport allowed vlan add 20 untagged
SW1(config-if)#switchport native vlan 20
SW1(config-if)#switchport allowed vlan remove 1
SW1(config-if)#interface vlan 10
SW1(config-if)#ip address 192.168.10.254/24
SW1(config-if)#interface vlan 20
SW1(config-if)#ip address 192.168.20.1/24
SW1(config-if)#end
Enable OSPF
SW1#configure
SW1(config)#router ospf 1
SW1(config-router)#network 192.168.10.0 255.255.255.0 area 0
SW1(config-router)#network 192.168.20.0 255.255.255.0 area 0
SW1(config-router)#end
Enable Multicast Routing and PIM
SW1#configure
SW1(config)#ip multicast-routing
Note: IPv6 multicast routing will also be enabled.
SW1(config)#router pim
SW1(config-router)#end
Enable IGMP and PIM Dense-Mode on VLAN
SW1#configure
SW1(config)#interface vlan 10
SW1(config-if)#ip igmp
SW1(config-if)#ip pim dense-mode
SW1(config-if)#interface vlan 20
SW1(config-if)#ip igmp
SW1(config-if)#ip pim dense-mode
SW1(config-if)#end
Configuration on SW2:
Setup VLAN
SW2#configure
SW2(config)#interface ethernet 1/1
SW2(config-if)#switchport allowed vlan add 30 untagged
SW2(config-if)#switchport native vlan 30
SW2(config-if)#switchport allowed vlan remove 1
SW2(config-if)#interface ethernet 1/12
SW2(config-if)#switchport allowed vlan add 20 untagged
SW2(config-if)#switchport native vlan 20
SW2(config-if)#switchport allowed vlan remove 1
SW2(config-if)#interface vlan 30
SW2(config-if)#ip address 192.168.30.254/24
SW2(config-if)#interface vlan 20
SW2(config-if)#ip address 192.168.20.2/24
SW2(config-if)#end
Enable OSPF
SW2#configure
SW2(config)#router ospf 1
SW2(config-router)#network 192.168.30.0 255.255.255.0 area 0
SW2(config-router)#network 192.168.20.0 255.255.255.0 area 0
SW2(config-router)#end
Enable Multicast Routing and PIM
SW2#configure
SW2(config)#ip multicast-routing
Note: IPv6 multicast routing will also be enabled.
SW2(config)#router pim
SW2(config-router)#end
Enable IGMP and PIM Dense-Mode on VLAN
SW2#configure
SW2(config)#interface vlan 30
SW2(config-if)#ip igmp
SW2(config-if)#ip pim dense-mode
SW2(config-if)#interface vlan 20
SW2(config-if)#ip igmp
SW2(config-if)#ip pim dense-mode
SW2(config-if)#end
Test Result:
SW1,
Display PIM status and PIM neighbor for the specified interface
SW1#show ip pim interface
PIM is enabled.
VLAN 1 is down.
PIM Mode : Unspecified
VLAN 10 is up.
PIM Mode : Dense Mode
IP Address : 192.168.10.254
Hello Interval : 30 sec
Hello HoldTime : 105 sec
Triggered Hello Delay : 5 sec
Join/Prune Holdtime : 210 sec
Lan Prune Delay : Disabled
Propagation Delay : 500 ms
Override Interval : 2500 ms
Graft Retry Interval : 3 sec
Max Graft Retries : 3
State Refresh Ori Int : 60 sec
VLAN 20 is up.
PIM Mode : Dense Mode
IP Address : 192.168.20.1
Hello Interval : 30 sec
Hello HoldTime : 105 sec
Triggered Hello Delay : 5 sec
Join/Prune Holdtime : 210 sec
Lan Prune Delay : Disabled
Propagation Delay : 500 ms
Override Interval : 2500 ms
Graft Retry Interval : 3 sec
Max Graft Retries : 3
State Refresh Ori Int : 60 sec
SW1#show ip pim neighbor
Neighbor Address VLAN Interface Uptime (sec.) Expiration Time (sec) DR
---------------- -------------- ------------- --------------------- ---
192.168.20.2/32 20 00:49:11 00:01:35 Yes
Display the multicast information for the specified interface
SW1#show ip igmp interface
VLAN 1 : down
IGMP : Disabled
IGMP Proxy : Disabled
IGMP Version : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable : 2
Query Interval : 125 sec
Query Max Response Time : 100 (resolution in 0.1 sec)
Last Member Query Interval : 10 (resolution in 0.1 sec)
Querier : 0.0.0.0
Joined Groups :
Static Groups :
VLAN 10 : up
IGMP : Enabled
IGMP Proxy : Disabled
IGMP Version : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable : 2
Query Interval : 125 sec
Query Max Response Time : 100 (resolution in 0.1 sec)
Last Member Query Interval : 10 (resolution in 0.1 sec)
Querier : 192.168.10.254
Joined Groups :
239.255.255.250
Static Groups :
VLAN 20 : up
IGMP : Enabled
IGMP Proxy : Disabled
IGMP Version : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable : 2
Query Interval : 125 sec
Query Max Response Time : 100 (resolution in 0.1 sec)
Last Member Query Interval : 10 (resolution in 0.1 sec)
Querier : 192.168.20.1
Joined Groups :
Static Groups :
SW1#show ip igmp groups
GroupAddress Interface Vlan Last Reporter Uptime Expire V1 Timer
--------------- --------------- --------------- -------- -------- ---------
239.255.255.250 10 192.168.10.1 0:56:7 0:2:59 0:0:0
Display the information in the routing table
SW1#show ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
C 192.168.10.0/24 is directly connected, VLAN10
C 192.168.20.0/24 is directly connected, VLAN20
O 192.168.30.0/24 [110/2] via 192.168.20.2, VLAN20, 00:02:43
Display the IPv4 multicast routing table
SW1#show ip mroute
IP Multicast Forwarding is enabled.
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, s - SSM Channel, C - Connected, P - Pruned,
F - Register flag, R - RPT-bit set, T - SPT-bit set, J - Join SPT
Interface state: F - Forwarding, P - Pruned, L - Local
(192.168.10.1, 224.1.1.1), uptime 00:27:09, stat expires 00:02:16
Owner: PIM-DM, Flags: DC
Incoming interface: VLAN 10
Outgoing interface list:
VLAN20 (F)
(192.168.30.1, 239.255.255.250), uptime 00:02:54
Owner: PIM-DM, Flags: D
Incoming interface: VLAN 20, RPF neighbor: 192.168.20.2
Outgoing interface list:
VLAN10 (F) ,
SW2,
Display PIM status and PIM neighbor for the specified interface
SW2#show ip pim interface
PIM is enabled.
VLAN 1 is down.
PIM Mode : Unspecified
VLAN 20 is up.
PIM Mode : Dense Mode
IP Address : 192.168.20.2
Hello Interval : 30 sec
Hello HoldTime : 105 sec
Triggered Hello Delay : 5 sec
Join/Prune Holdtime : 210 sec
Lan Prune Delay : Disabled
Propagation Delay : 500 ms
Override Interval : 2500 ms
Graft Retry Interval : 3 sec
Max Graft Retries : 3
State Refresh Ori Int : 60 sec
VLAN 30 is up.
PIM Mode : Dense Mode
IP Address : 192.168.30.254
Hello Interval : 30 sec
Hello HoldTime : 105 sec
Triggered Hello Delay : 5 sec
Join/Prune Holdtime : 210 sec
Lan Prune Delay : Disabled
Propagation Delay : 500 ms
Override Interval : 2500 ms
Graft Retry Interval : 3 sec
Max Graft Retries : 3
State Refresh Ori Int : 60 sec
SW2#show ip pim neighbor
Neighbor Address VLAN Interface Uptime (sec.) Expiration Time (sec) DR
---------------- -------------- ------------- --------------------- ---
192.168.20.1/32 20 00:52:26 00:01:23
Display the multicast information for the specified interface
SW2#show ip igmp interface
VLAN 1 : down
IGMP : Disabled
IGMP Proxy : Disabled
IGMP Version : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable : 2
Query Interval : 125 sec
Query Max Response Time : 100 (resolution in 0.1 sec)
Last Member Query Interval : 10 (resolution in 0.1 sec)
Querier : 0.0.0.0
Joined Groups :
Static Groups :
VLAN 20 : up
IGMP : Enabled
IGMP Proxy : Disabled
IGMP Version : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable : 2
Query Interval : 125 sec
Query Max Response Time : 100 (resolution in 0.1 sec)
Last Member Query Interval : 10 (resolution in 0.1 sec)
Querier : 192.168.20.1
Joined Groups :
Static Groups :
VLAN 30 : up
IGMP : Enabled
IGMP Proxy : Disabled
IGMP Version : 2
IGMP Unsolicited Report Interval : 400 sec
Robustness Variable : 2
Query Interval : 125 sec
Query Max Response Time : 100 (resolution in 0.1 sec)
Last Member Query Interval : 10 (resolution in 0.1 sec)
Querier : 192.168.30.254
Joined Groups :
224.1.1.1
239.255.255.250
Static Groups :
SW2#show ip igmp groups
GroupAddress Interface Vlan Last Reporter Uptime Expire V1 Timer
--------------- --------------- --------------- -------- -------- ---------
224.1.1.1 30 192.168.30.1 0:5:26 0:3:35 0:0:0
239.255.255.250 30 192.168.30.1 0:5:28 0:3:28 0:0:0
Display the information in the routing table
SW2#show ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
O 192.168.10.0/24 [110/2] via 192.168.20.1, VLAN20, 00:06:38
C 192.168.20.0/24 is directly connected, VLAN20
C 192.168.30.0/24 is directly connected, VLAN30
Display the IPv4 multicast routing table
SW2#show ip mroute
IP Multicast Forwarding is enabled.
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, s - SSM Channel, C - Connected, P - Pruned,
F - Register flag, R - RPT-bit set, T - SPT-bit set, J - Join SPT
Interface state: F - Forwarding, P - Pruned, L - Local
(192.168.10.1, 224.1.1.1), uptime 00:06:53
Owner: PIM-DM, Flags: D
Incoming interface: VLAN 20, RPF neighbor: 192.168.20.1
Outgoing interface list:
VLAN30 (F)
(192.168.30.1, 239.255.255.250), uptime 00:07:39, stat expires 00:02:42
Owner: PIM-DM, Flags: D
Incoming interface: VLAN 30
Outgoing interface list:
VLAN20 (F) ,
Port Trunking application scenario
Foreword
People often ask, why can't I achieve transmission theoretical value after enabling "Link Aggregation/Port-Channel" load balance ? Even, the packet traffic always was sent on port A?
We have to know: port channel load balance is based on the "Hash mechanism" to select which port to transmit packet.
Support Models
ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS5520 series, ECS4530 series, ECS2100 series, ECS2110 series, ECS3510 series
Edgecore valid load-balancing hash values are as follows
dst-ip distribution on the destination IP address
dst-mac distribution on the destination MAC address
src-dst-ip distribution on the source and destination IP address (SIP XOR DIP)
src-dst-mac distribution on the source and destination MAC address (SA XOR DA)
src-ip distribution on the source IP address
src-mac distribution on the source MAC address
Default hash value
src-dst-mac
CLI
Setup load balance to src-dst-mac mode:
Console#config
Console(config)#port-channel load-balance ?
dst-ip Selection based on destination IP address
dst-mac Selection based on destination MAC address
src-dst-ip Selection based on source and destination IP address
src-dst-mac Selection based on source and destination MAC address
src-ip Selection based on source IP address
src-mac Selection based on source MAC address
Console(config)#port-channel load-balance src-dst-mac
Console(config)#exit
Show load balance type of switch:
Console#show port-channel load-balance
Trunk Load Balance Mode: Source and destination MAC address
Hands-on
This is general application, client download file from server, we use TestCenter to simulate an experiment via port-channel load-balance “src-dst-mac” and “src-mac”, then compare the differences.
TestCenter Port 4/4
- Simulate file server A and B.
TestCenter Port 4/3
- Simulate 10 clients.
- Test default configuration “src-dst-mac”
- The packet flow is concentrated in one port, load balance result did not meet expectations. (TX: 200 Mbps; RX: 100 Mbps)
- Modify load balance configuration to “src-mac”
- The packet flow is distributed in two ports, load balance appear. (TX: 200 Mbps; RX: 200 Mbps)
Conclusion
The packet load balance depends on chip configuration, three bits (the LSBs) are used to index trunk table to choose one of port.
SIP and DIP criteria are used for IPv4 packets, for other packets the selection falls back to criteria based on the equivalent MAC address.
The usual way to do the load balance is “src-dst-mac”, so to test if the load balance is work, you must have a good SA or DA to XOR.
Of course in normal condition, we don’t have continuous MAC Address situation unless whole lot shipment. If load balance does not work well, you can try different hash to improve result as above experiment.
The article introduces ERPS with multiple instance.
(Click here for Basic ERPS configuration (single ring) with multiple instance.)
Support models and software version:
ECS4120 Series V1.2.2.18 and above.
ECS4100 Series V1.2.36.191 and above.
Overview
ERPS Version 2 supports multiple rings and ladder topology.
ERPS control packets can only be sent on one instance. The secondary(sub) ring needs to specify the major instance which will be used to send ERPS control packets.
In the multi-ring/ladder network scenario, a failure on a ring link between interconnection nodes of a sub-ring triggers the actions only on the Ethernet ring that the sub-ring is attached to. On the other hand, other ring link failures trigger the actions within the Ethernet ring that the failed ring link belongs to.
Topology
Configuration
SW1
SW1#configure
SW1(config)#interface ethernet 1/25
SW1(config-if)#switchport allowed vlan add 10,100,200 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#interface ethernet 1/26
SW1(config-if)#switchport allowed vlan add 30,300,400 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#interface ethernet 1/27
SW1(config-if)#switchport allowed vlan add 10,20,30,100,200,300,400 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#interface ethernet 1/28
SW1(config-if)#switchport allowed vlan add 10,20,30,100,200,300,400 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#erps
SW1(config)#erps vlan-group group1 add 10,20,100,200
SW1(config)#erps vlan-group group2 add 30,300,400
SW1(config)#erps ring Ring1
SW1(config-erps-ring)#ring-port west interface ethernet 1/25
SW1(config-erps-ring)#enable
SW1(config-erps-ring)#exit
SW1(config)#erps ring Ring2
SW1(config-erps-ring)#ring-port west interface ethernet 1/27
SW1(config-erps-ring)#ring-port east interface ethernet 1/28
SW1(config-erps-ring)#enable
SW1(config-erps-ring)#exit
SW1(config)#erps ring Ring3
SW1(config-erps-ring)#ring-port west interface ethernet 1/26
SW1(config-erps-ring)#enable
SW1(config-erps-ring)#exit
SW1(config)#erps instance inst2 id 2
SW1(config-erps-inst)#control-vlan 20
SW1(config-erps-inst)#rpl owner
SW1(config-erps-inst)#physical-ring Ring2
SW1(config-erps-inst)#inclusion-vlan group1
SW1(config-erps-inst)#inclusion-vlan group2
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#exit
SW1(config)#erps instance inst1 id 1
SW1(config-erps-inst)#control-vlan 10
SW1(config-erps-inst)#rpl owner
SW1(config-erps-inst)#physical-ring Ring1
SW1(config-erps-inst)#major-ring inst2
SW1(config-erps-inst)#inclusion-vlan group1
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#exit
SW1(config)#erps instance inst3 id 3
SW1(config-erps-inst)#control-vlan 30
SW1(config-erps-inst)#physical-ring Ring3
SW1(config-erps-inst)#major-ring inst2
SW1(config-erps-inst)#inclusion-vlan group2
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#end
SW2
SW2#configure
SW2(config)#interface ethernet 1/25
SW2(config-if)#switchport allowed vlan add 30,300,400 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#interface ethernet 1/26
SW2(config-if)#switchport allowed vlan add 10,100,200 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#interface ethernet 1/27
SW2(config-if)#switchport allowed vlan add 10,20,30,100,200,300,400 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#interface ethernet 1/28
SW2(config-if)#switchport allowed vlan add 10,20,30,100,200,300,400 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#erps
SW2(config)#erps vlan-group group1 add 10,20,100,200
SW2(config)#erps vlan-group group2 add 30,300,400
SW2(config)#erps ring Ring1
SW2(config-erps-ring)#ring-port west interface ethernet 1/26
SW2(config-erps-ring)#enable
SW2(config-erps-ring)#exit
SW2(config)#erps ring Ring2
SW2(config-erps-ring)#ring-port west interface ethernet 1/28
SW2(config-erps-ring)#ring-port east interface ethernet 1/27
SW2(config-erps-ring)#enable
SW2(config-erps-ring)#exit
SW2(config)#erps ring Ring3
SW2(config-erps-ring)#ring-port west interface ethernet 1/25
SW2(config-erps-ring)#enable
SW2(config-erps-ring)#exit
SW2(config)#erps instance inst2 id 2
SW2(config-erps-inst)#control-vlan 20
SW2(config-erps-inst)#physical-ring Ring2
SW2(config-erps-inst)#inclusion-vlan group1
SW2(config-erps-inst)#inclusion-vlan group2
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#exit
SW2(config)#erps instance inst1 id 1
SW2(config-erps-inst)#control-vlan 10
SW2(config-erps-inst)#physical-ring Ring1
SW2(config-erps-inst)#major-ring inst2
SW2(config-erps-inst)#inclusion-vlan group1
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#exit
SW2(config)#erps instance inst3 id 3
SW2(config-erps-inst)#control-vlan 30
SW2(config-erps-inst)#rpl owner
SW2(config-erps-inst)#physical-ring Ring3
SW2(config-erps-inst)#major-ring inst2
SW2(config-erps-inst)#inclusion-vlan group2
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#end
SW3
SW3#configure
SW3(config)#interface ethernet 1/25
SW3(config-if)#switchport allowed vlan add 10,100,200 tagged
SW3(config-if)#spanning-tree spanning-disabled
SW3(config-if)#exit
SW3(config)#interface ethernet 1/26
SW3(config-if)#switchport allowed vlan add 10,100,200 tagged
SW3(config-if)#spanning-tree spanning-disabled
SW3(config-if)#exit
SW3(config)#erps
SW3(config)#erps vlan-group group1 add 10,100,200
SW3(config)#erps ring Ring1
SW3(config-erps-ring)#ring-port west interface ethernet 1/25
SW3(config-erps-ring)#ring-port east interface ethernet 1/26
SW3(config-erps-ring)#enable
SW3(config-erps-ring)#exit
SW3(config)#erps instance inst1 id 1
SW3(config-erps-inst)#control-vlan 10
SW3(config-erps-inst)#physical-ring Ring1
SW3(config-erps-inst)#inclusion-vlan group1
SW3(config-erps-inst)#enable
SW3(config-erps-inst)#end
SW4
SW4#configure
SW4(config)#interface ethernet 1/25
SW4(config-if)#switchport allowed vlan add 30,300,400 tagged
SW4(config-if)#spanning-tree spanning-disabled
SW4(config-if)#exit
SW4(config)#interface ethernet 1/26
SW4(config-if)#switchport allowed vlan add 30,300,400 tagged
SW4(config-if)#spanning-tree spanning-disabled
SW4(config-if)#exit
SW4(config)#erps
SW4(config)#erps vlan-group group2 add 30,300,400
SW4(config)#erps ring Ring3
SW4(config-erps-ring)#ring-port west interface ethernet 1/26
SW4(config-erps-ring)#ring-port east interface ethernet 1/25
SW4(config-erps-ring)#enable
SW4(config-erps-ring)#exit
SW4(config)#erps instance inst3 id 1
SW4(config-erps-inst)#control-vlan 30
SW4(config-erps-inst)#physical-ring Ring3
SW4(config-erps-inst)#inclusion-vlan group2
SW4(config-erps-inst)#enable
SW4(config-erps-inst)#end
SW1 VLAN group configuration
SW1 ERPS ring configuration
SW1 ERPS instance configuration
SW2 VLAN group configuration
SW2 ERPS ring configuration
SW2 ERPS instance configuration
SW3 VLAN group configuration
SW3 ERPS ring configuration
SW3 ERPS instance configuration
SW4 VLAN group configuration
SW4 ERPS ring configuration
SW4 ERPS instance configuration
Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
Support Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS5520 series, ECS4530 series, ECS2100 series, ECS2110 series, ECS3510 series
How to create Link Aggregation/Port-Channel on the switch ?
We have two methods to group the ports into an aggregate link, please refer to the following comparison table.
Link Aggregation/Port-Channel | |
Dynamic Mode | Manual Mode |
Link Aggregation Control Protocol (LACP) | Static Trunk |
LACP will automatically be assigned the next available port-channel ID. | Users have to create port-channel ID manually first. |
Console(config)#interface ethernet 1/x Console(config-if)#lacp |
Console(config)#interface ethernet 1/x Console(config-if)#channel-group channel-id |
*** Please note that LACP and static trunk can't be used together on the same interface.*** |
Topology:
1. Link Aggregation Control Protocol (LACP)
The configuration on the SW1 and SW2:
Console#configure
Console(config)#interface ethernet 1/1,2
Console(config-if)#lacp
Console(config-if)#end
The status of Port-channel:
Console#show interfaces status port-channel 1
Information of Trunk 1
Basic Information:
Port Type : 1000BASE-T
MAC Address : 04-F8-F8-5C-2D-23
Configuration:
Name :
Port Admin : Up
Speed-duplex : Auto
Capabilities : 10half, 10full, 100half, 100full, 1000full
Broadcast Storm : Disabled
Broadcast Storm Limit : 500 packets/second
Multicast Storm : Disabled
Multicast Storm Limit : 500 packets/second
Unknown Unicast Storm : Disabled
Unknown Unicast Storm Limit : 500 packets/second
Storm Threshold Resolution : 1 packets/second
Flow Control : Disabled
VLAN Trunking : Disabled
MAC Learning : Enabled
Link-up-down Trap : Enabled
Current Status:
Created By : LACP
Link Status : Up
Port Operation Status : Up
Operation Speed-duplex : 1000full
Up Time : 0w 0d 0h 3m 37s (217 seconds)
Flow Control Type : None
Max Frame Size : 1518 bytes (1522 bytes for tagged frames)
MAC Learning Status : Enabled
Member Ports : Eth1/1, Eth1/2
Active Member Ports : Eth1/1, Eth1/2
If you want to assign the LACP trunk link to the specific port-channel number, you need to use the admin-key.
Please refer to the FAQ: How to use admin-key to assign port-channel number ?
2. Static Trunk
The configuration on the SW1 and SW2:
Console#configure
Console(config)#interface port-channel 1
Console(config-if)#exit
Console(config)#interface ethernet 1/1,2
Console(config-if)#channel-group 1
Console(config-if)#end
The status of Port-channel:
Console#show interfaces status port-channel 1
Information of Trunk 1
Basic Information:
Port Type : 1000BASE-T
MAC Address : 04-F8-F8-5C-2D-23
Configuration:
Name :
Port Admin : Up
Speed-duplex : Auto
Capabilities : 10half, 10full, 100half, 100full, 1000full
Broadcast Storm : Disabled
Broadcast Storm Limit : 500 packets/second
Multicast Storm : Disabled
Multicast Storm Limit : 500 packets/second
Unknown Unicast Storm : Disabled
Unknown Unicast Storm Limit : 500 packets/second
Storm Threshold Resolution : 1 packets/second
Flow Control : Disabled
VLAN Trunking : Disabled
MAC Learning : Enabled
Link-up-down Trap : Enabled
Current Status:
Created By : User
Link Status : Up
Port Operation Status : Up
Operation Speed-duplex : 1000full
Up Time : 0w 0d 0h 0m 41s (41 seconds)
Flow Control Type : None
Max Frame Size : 1518 bytes (1522 bytes for tagged frames)
MAC Learning Status : Enabled
Member Ports : Eth1/1, Eth1/2
Active Member Ports : Eth1/1, Eth1/2
According to the current CPU utilization, CPU guard function sets the CPU utilization high and low watermarks in the percentage of CPU time utilized, and the CPU high and low thresholds in the number of packets being processed per second.
** Please note that the CPU guard will limit the packets transfer to CPU, but it will not limit the packets transmit to the egress port. **
Support Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS5520 series, ECS4530 series, ECS2100 series, ECS3510 series
Topology:
Step 1: The switch runs in the default configuration and we try to inject the 1000 packets per second.
The CPU utilization will rise to 55 ~ 58%.
Step 2: Enable the CPU guard function globally.
Console(config)#process cpu guard
At this moment, the CPU remains and doesn't fall.
Since the current CPU utilization does not exceed the value of high-watermark, it doesn't trigger the CPU guard.
Step 3: Modify "low-watermark" and "high-watermark".
For example, we configure "high-watermark" to be lower than the current CPU utilization.
Console(config)#process cpu guard low-watermark 40
Console(config)#process cpu guard high-watermark 50
After the modification, CPU utilization will be falling and the CPU can process 392 packets per second.
It's because the current CPU utilization is higher than the high-watermark, the switch limits the packets flow to the CPU until it falls below the low-watermark.
Step 4: Modify "low-watermark" and "high-watermark".
For example, we configure "low-watermark" to be higher than the current CPU utilization.
Console(config)#process cpu guard low-watermark 50
Console(config)#process cpu guard high-watermark 55
We can see the "Current Threshold" is increasing, and the maximum value is 500 (ECS4510 Series).
If the switch limits the packets flow to the CPU after exceeding the high-watermark, the normal flow will be restored after usage falls beneath the low-watermark.
Step 5: We can also modify the "Maximum Threshold" directly to specify the number of packets being processed per second by the CPU.
Console(config)#process cpu guard max-threshold 100
The ECS5520-18X has sixteen 10G SFP+ ports and two 40G QSFP+ uplink ports. The 10G/40G ports can be configured as a single port connected with 10G SFP+/40G QSFP+ fiber cable, 10G/40G DAC (direct attach) cable, or breakout cable that connects a 40G port to four 10G ports; 10G port can also group four ports to a single 40G port. It's flexible for the user to configure it.
Configuration (Support CLI/WEB GUI/SNMP)
This example shows the default 40G and 10G port settings on ECS5520-18X.
Console#show hardware profile portmode
40G 10G Config Oper
Interfaces Interfaces Mode Mode
---------- ---------- ------ ------
1/1 1/1-4 - 4x10g
1/5 1/5-8 - 4x10g
1/9 1/9-12 - 4x10g
1/13 1/13-16 - 4x10g
1/17 1/19-22 - 1x40g
1/18 1/23-26 - 1x40g
<A> CLI Command
- Configure port settings for 1x40G or 4x10G operation.
[CLI format]
hardware profile portmode ethernet 1/port { 1x40g | 4x10g | reset }
Warning: This command will not take effect until reload.
1x40g - Configures the port as a single 40G port.
4x10g - Configures the port as four 10G ports.
reset - Configures port mode to the default setting.
<A-1> Group four 10G ports to a single 40G port.
Eth1/1-4 will group to a single 40G port (Eth1/1).
Console#hardware profile portmode ethernet 1/1 1x40g
Warning: This command will not take effect until reload.
Console#reload
System will be restarted. Continue <y/n>? y
Console#show hardware profile portmode
40G 10G Config Oper
Interfaces Interfaces Mode Mode
---------- ---------- ------ ------
1/1 1/1-4 1x40g 1x40g
1/5 1/5-8 - 4x10g
1/9 1/9-12 - 4x10g
1/13 1/13-16 - 4x10g
1/17 1/19-22 - 1x40g
1/18 1/23-26 - 1x40g
Console#show interfaces brief
Interface Name Status PVID Pri Speed/Duplex Type Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1 Up 1 0 40Gfull 40GBASE QSFP None
Eth 1/ 5 Down 1 0 10Gfull 10GBASE SFP+ None
Eth 1/ 6 Down 1 0 10Gfull 10GBASE SFP+ None
<A-2> Breakout a single 40G port to four 10G ports.
Eth1/17 will breakout to four 10G ports (Eth1/19-22).
Console#hardware profile portmode ethernet 1/17 4x10g
Warning: This command will not take effect until reload.
Console#reload
System will be restarted. Continue <y/n>? y
Console#show hardware profile portmode
40G 10G Config Oper
Interfaces Interfaces Mode Mode
---------- ---------- ------ ------
1/1 1/1-4 - 4x10g
1/5 1/5-8 - 4x10g
1/9 1/9-12 - 4x10g
1/13 1/13-16 - 4x10g
1/17 1/19-22 4x10g 4x10g
1/18 1/23-26 - 1x40g
Console#show interfaces brief
Interface Name Status PVID Pri Speed/Duplex Type Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
...Omit
Eth 1/16 Down 1 0 10Gfull 10GBASE SFP+ None
Eth 1/18 Down 1 0 40Gfull 40GBASE QSFP None
Eth 1/19 Up 1 0 10Gfull 10GBASE SFP+ None
Eth 1/20 Up 1 0 10Gfull 10GBASE SFP+ None
Eth 1/21 Up 1 0 10Gfull 10GBASE SFP+ None
Eth 1/22 Up 1 0 10Gfull 10GBASE SFP+ None
<A-3> Configure port mode to the default setting.
Console#hardware profile portmode ethernet 1/1 reset
Warning: This command will not take effect until reload.
Console#hardware profile portmode ethernet 1/17 reset
Warning: This command will not take effect until reload.
Console#reload
System will be restarted. Continue <y/n>? y
Console#show hardware profile portmode
40G 10G Config Oper
Interfaces Interfaces Mode Mode
---------- ---------- ------ ------
1/1 1/1-4 - 4x10g
1/5 1/5-8 - 4x10g
1/9 1/9-12 - 4x10g
1/13 1/13-16 - 4x10g
1/17 1/19-22 - 1x40g
1/18 1/23-26 - 1x40g
<B> WEB GUI
- Configure port settings for 1x40G or 4x10G operation.
[WEB GUI]
Interface -> Port -> Hardware Profile -> Config Mode -> Apply
<B-1> Group four 10G ports to a single 40G port.
Eth1/1-4 will group to a single 40G port (Eth1/1).
<B-2> Breakout a single 40G port to four 10G ports.
Eth1/17 will breakout to four 10G ports (Eth1/19-22).
<C> SNMP
- Configure port settings for 1x40G or 4x10G operation.
[SNMPSET command format]
snmpwalk -v 2c -c private {switch ip} {hardwarePortModeOper}.{hardwarePortModeIfIndex}
snmpset -v 2c -c private {switch ip} {hardwarePortModeConfig}.{hardwarePortModeIfIndex} {integer} {value}
For hardwarePortModeOper, OID 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.2
The Hardware profile operational port mode. This setting is used to identify the active state of port mode.
The value mode4x10g(2) means the port operates a single 10G port.
The value mode1x40g(3) means the port operates a single 40G port.
For hardwarePortModeConfig, OID 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.3
This is used to configure hardware profile port mode settings. This action will reflect after the restart.
Set mode4x10g(2) to breakout a single 40G port to four 10G ports.
Set mode1x40g(3) to group four 10G ports to a single 40G port.
For hardwarePortModeIfIndex: The port interface of hardwarePortModeIfIndex.
The ifIndex value of the port or trunk.
<C-1> Group four 10G ports to a single 40G port.
C:\>snmpwalk -v 2c -c private 188.188.10.109 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.2.1
SNMPv2-SMI::enterprises.259.10.1.51.1.2.16.1.1.2.1 = INTEGER: 2
C:\>snmpset -v 2c -c private 188.188.10.109 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.3.1 i 3
SNMPv2-SMI::enterprises.259.10.1.51.1.2.16.1.1.3.1 = INTEGER: 3
Eth1/1-4 will group to a single 40G port (Eth1/1).
<C-2> Breakout a single 40G port to four 10G ports.
C:\>snmpwalk -v 2c -c private 188.188.10.109 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.2.17
SNMPv2-SMI::enterprises.259.10.1.51.1.2.16.1.1.2.17 = INTEGER: 3
C:\>snmpset -v 2c -c private 188.188.10.109 1.3.6.1.4.1.259.10.1.51.1.2.16.1.1.3.17 i 2
SNMPv2-SMI::enterprises.259.10.1.51.1.2.16.1.1.3.17 = INTEGER: 2
Eth1/17 will breakout to four 10G ports (Eth1/19-22).
- Enable the basic DHCPSNP function.
Console#con
Console(config)#ip dhcp snooping
Console(config)#ip dhcp snooping vlan 1
Console(config)#interface ethernet 1/28
Console(config-if)#ip dhcp snooping trust
Console(config-if)#end
- Enable DHCPSNP filter-only mode on port interface configuration.
ip dhcp snooping max-number { <max_num> | filter-only }
Console#con
Console(config)#interface ethernet 1/1
Console(config-if)#ip dhcp snooping max-number filter-only
Console(config-if)#end
Console#show ip dhcp snooping
Global DHCP Snooping Status: enabled
DHCP Snooping Information Option Status: disabled
DHCP Snooping Information Option Sub-option Format: extra subtype included
DHCP Snooping Information Option Remote ID: MAC Address (hex encoded)
DHCP Snooping Information Option Remote ID TR101 VLAN Field: enabled
DHCP Snooping Information Option TR101 Board ID: none
DHCP Snooping Information Policy: replace
DHCP Snooping is configured on the following VLANs:
1
Verify Source MAC-Address: enabled
DHCP Snooping Rate Limit: unlimited
Max Circuit-ID Circuit-ID Circuit-ID Carry To Vlan
Interface Trusted Num mode Value TR101 VLAN Client Flooding
--------- ------- ---- --------------- ----------- ---------- -------- --------
Eth 1/1 No filter-only VLAN-Unit-Port --- enabled disabled enabled
Eth 1/2 No 16 VLAN-Unit-Port --- enabled disabled enabled
Eth 1/3 No 16 VLAN-Unit-Port --- enabled disabled enabled
- Enable DHCPSNP filter-only mode on port interface configuration.

- Enable DHCPSNP filter-only mode on port interface configuration.
snmpset -v 2c -c private {switch ip} {dhcpSnoopPortMaxNumber}.{dhcpSnoopPortIfIndex} {integer} {value}
C:\>snmpset -v 2c -c private 192.168.1.2 1.3.6.1.4.1.259.10.1.45.1.46.3.1.1.6.2 i 65535
SNMPv2-SMI::enterprises.259.10.1.45.1.46.3.1.1.6.2 = INTEGER: 65535

Dynamic ARP Inspection(DAI) is a security feature that validates the MAC Address bindings for Address Resolution Protocol packets. It provides protection against ARP traffic with invalid MAC-to-IP address bindings. This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination, dropping any invalid ARP packets.
ARP Inspection determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database – the DHCP snooping binding database or IP source guard binding database. ARP Inspection can also validate ARP packets against user-configured ARP access control lists (ACLs) for hosts with statically configured IP addresses.
Topology:
Basic Configuration via CLI command:
Step 1: Enable the DHCPSNP function on global and VLAN 1.
Console(config)#ip dhcp snooping
Console(config)#ip dhcp snooping vlan 1
Step 2: Enable the DHCPSNP trust port on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#ip dhcp snooping trust
Step 3: Enable the DAI function on global and VLAN 1.
Console(config)#ip arp inspection
Console(config)#ip arp inspection vlan 1
Console(config)#interface ethernet 1/1
Console(config-if)#ip arp inspection trust
Step 4: DHCP client gets the IP address from the DHCP server.
Step 5: The fake client sets the same IP address as the DHCP client and tries to send the ARP request packet.
Result: The switch will drop the ARP packet from the fake client.
Basic Configuration via SNMP:
[SNMPSET command format]
snmpset -v 2c -c private {switch ip} {daiGlobalStatus | daiVlanStatus | daiPortTrustStatus}.{daiVlanIndex | daiPortIfIndex} {integer} {value}
For daiGlobalStatus, OID 1.3.6.1.4.1.259.10.1.45.1.56.1.1
Set enabled(1) to enable dynamic ARP inspection globally.
Set disabled(2) to disable dynamic ARP inspection globally.
For daiVlanStatus, OID 1.3.6.1.4.1.259.10.1.45.1.56.2.1.1.2
This object indicates whether dynamic ARP inspection is enabled in this VLAN.
Set enabled(1) to enable dynamic ARP inspection on VLAN.
Set disabled(2) to disable dynamic ARP inspection on VLAN.
For daiVlanIndex,
This object indicates the VLAN ID on which dynamic ARP inspection is configured.
For daiPortTrustStatus, OID 1.3.6.1.4.1.259.10.1.45.1.56.3.1.1.2
This object indicates whether the port is trusted for dynamic ARP inspection.
Set enabled(1) to enable dynamic ARP inspection trust port.
Set disabled(2) to disable dynamic ARP inspection trust port.
For daiPortIfIndex,
The ifIndex value of the port.
Step 1: Enable the DAI function globally.
root@gavin:~# snmpset -v 2c -c private 192.168.1.1 .1.3.6.1.4.1.259.10.1.45.1.56.1.1.0 i 1
Check the configuration on CLI and SNMP:
SNMP:
CLI:
Step 2: Enable the DAI function on VLAN 1. (daiVlanIndex=1)
root@gavin:~# snmpset -v 2c -c private 192.168.1.1 .1.3.6.1.4.1.259.10.1.45.1.56.2.1.1.2.1 i 1
Check the configuration on CLI and SNMP:
SNMP:
CLI:
Step 3: Enable the DAI trust port on Port 1. (daiPortIfIndex=1)
root@gavin:~# snmpset -v 2c -c private 192.168.1.1 .1.3.6.1.4.1.259.10.1.45.1.56.3.1.1.2.1 i 1
Check the configuration on CLI and SNMP:
SNMP:
CLI:
Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link-state routing protocol to generate a shortest-path tree, then builds up its routing table based on this tree. OSPF produces a more stable network because the participating routers act on network changes predictably and simultaneously, converging on the best route more quickly than RIP. Moreover, when several equal-cost routes to a destination exist, traffic can be distributed equally among them. A separate routing area scheme is also used to further reduce the amount of routing traffic.
Topology:
Procedure:
Switch_01 Configuration:
Step 1: Apply VLAN on port and configure VLAN's IP address.
switch-01(config)#interface ethernet 1/23
switch-01(config-if)#switchport allowed vlan add 100
switch-01(config-if)#switchport native vlan 100
switch-01(config-if)#exit
switch-01(config)#interface ethernet 1/24
switch-01(config-if)#switchport allowed vlan add 200
switch-01(config-if)#switchport native vlan 200
switch-01(config-if)#exit
switch-01(config)#interface vlan 100
switch-01(config-if)#ip address 192.168.0.1/30
switch-01(config-if)#exit
switch-01(config)#interface vlan 200
switch-01(config-if)#ip address 192.168.0.5/30
switch-01(config-if)#exit
switch-01(config)#interface vlan 1
switch-01(config-if)#ip address 192.168.1.254/24
switch-01(config-if)#exit
Step 2: Disable spanning tree on port 23,24.
switch-01#con
switch-01(config)#interface ethernet 1/23,24
switch-01(config-if)#spanning-tree spanning-disabled
Step 3: Configure OSPF function.
switch-01(config)#router ospf 1
switch-01(config-router)#router-id 192.168.0.1
switch-01(config-router)#network 192.168.0.0 255.255.255.252 area 0
switch-01(config-router)#network 192.168.0.4 255.255.255.252 area 0
switch-01(config-router)#network 192.168.1.0 255.255.255.0 area 0
Switch_02 Configuration:
Step 1: Apply VLAN on port and configure VLAN's IP address.
switch-02(config)#interface ethernet 1/1
switch-02(config-if)#switchport native vlan 2
switch-02(config-if)#switchport allowed vlan add 2
switch-02(config-if)#exit
switch-02(config)#interface ethernet 1/23
switch-02(config-if)#switchport native vlan 100
switch-02(config-if)#switchport allowed vlan add 100
switch-02(config-if)#exit
switch-02(config)#interface ethernet 1/24
switch-02(config-if)#switchport native vlan 300
switch-02(config-if)#switchport allowed vlan add 300
switch-02(config-if)#exit
switch-02(config)#interface vlan 2
switch-02(config-if)#ip address 192.168.2.254/24
switch-02(config-if)#exit
switch-02(config)#interface vlan 100
switch-02(config-if)#ip address 192.168.0.2/30
switch-02(config-if)#exit
switch-02(config)#interface vlan 300
switch-02(config-if)#ip address 192.168.0.9/30
switch-02(config-if)#exit
Step 2: Disable spanning tree on port 23,24.
switch-01#con
switch-01(config)#interface ethernet 1/23,24
switch-01(config-if)#spanning-tree spanning-disabled
Step 3: Configure OSPF function.
switch-02(config)#router ospf 1
switch-02(config-router)#router-id 192.168.0.2
switch-02(config-router)#network 192.168.0.0 255.255.255.252 area 0
switch-02(config-router)#network 192.168.0.8 255.255.255.252 area 0
switch-02(config-router)#network 192.168.2.0 255.255.255.0 area 0
Switch_03 Configuration:
Step 1: Apply VLAN on port and configure VLAN's IP address.
switch-03(config)#interface ethernet 1/1
switch-03(config-if)#switchport native vlan 3
switch-03(config-if)#switchport allowed vlan add 3
switch-03(config-if)#exit
switch-03(config)#interface ethernet 1/23
switch-03(config-if)#switchport native vlan 200
switch-03(config-if)#switchport allowed vlan add 200
switch-03(config-if)#exit
switch-03(config)#interface ethernet 1/24
switch-03(config-if)#switchport native vlan 300
switch-03(config-if)#switchport allowed vlan add 300
switch-03(config-if)#exit
switch-03(config)#interface vlan 3
switch-03(config-if)#ip address 192.168.3.254/24
switch-03(config-if)#exit
switch-03(config)#interface vlan 200
switch-03(config-if)#ip address 192.168.0.6/30
switch-03(config-if)#exit
switch-03(config)#interface vlan 300
switch-03(config-if)#ip address 192.168.0.10/30
switch-03(config-if)#exit
Step 2: Disable spanning tree on port 23,24.
switch-01#con
switch-01(config)#interface ethernet 1/23,24
switch-01(config-if)#spanning-tree spanning-disabled
Step 3: Configure OSPF function.
switch-03(config)#router ospf 1
switch-03(config-router)#router-id 192.168.0.3
switch-03(config-router)#network 192.168.0.4 255.255.255.252 area 0
switch-03(config-router)#network 192.168.0.8 255.255.255.252 area 0
switch-03(config-router)#network 192.168.3.0 255.255.255.0 area 0
Result:
Check the routing table on all the switches.
Switch-01's routing table:
Switch-02's routing table:
Switch-03's routing table:
Display the information about neighboring routers on all the switches.
Switch-01's OSPF Neighbor Information
Switch-02's OSPF Neighbor Information
Switch-03's OSPF Neighbor Information
VLAN2-Client A(192.168.2.1) could ping to VLAN1-Client C(192.168.1.1).
Console#debug arp

Console#debug dhcp all





Console#debug igmpsnp-mvr all




Console# debug ip dhcp snooping all





Console#debug lacp config

Console#debug lacp event

Console#debug lacp packet

Console#debug mldsnp all




Console#debug mvr6 all



Console#debug spanning-tree all



Path Cost is used by the Spanning Tree Algorithm to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.
By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown below.
*The path cost of the STP is not configured by pathcost method short or long.
User can configure the spanning tree path cost for the specified interface by following command.
[CLI Command]
spanning-tree cost {cost}
cost - The path cost for the port.
(Range: 0 for auto-configuration, 1-65535 for short path cost method, 1-200,000,000 for long path cost method)
Calculate the spanning tree path cost on a port-channel.
1. Active Eth1/1 for port channel.
Console#show interfaces brief
Interface Name Status PVID Pri Speed/Duplex Type Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1 Up 1 0 Auto-1000full 1000BASE-T 1
The spanning tree path cost on Trunk 1 is 5000.
Console#show spanning-tree brief
Interface Pri Designated Designated Oper STP Role State Oper
Bridge ID Port ID Cost Status Edge
--------- --- --------------------- ---------- -------- ------ ---- ----- ----
Trunk 1 128 32768.8CEA1B8AC667 128.57 5000 EN ROOT FWD No
The spanning tree path cost for Trunk 1 is 10000 (1G) / 2 = 5000 (Trunk).
The spanning tree path cost on Trunk 1 is 5000 (Trunk) / 1 = 5000.
2. Active Eth1/1 & Eth1/2 for port channel.
Console#show interfaces brief
Interface Name Status PVID Pri Speed/Duplex Type Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1 Up 1 0 Auto-1000full 1000BASE-T 1
Eth 1/ 2 Up 1 0 Auto-1000full 1000BASE-T 1
The spanning tree path cost on Trunk 1 is 2500.
Console#show spanning-tree brief
Interface Pri Designated Designated Oper STP Role State Oper
Bridge ID Port ID Cost Status Edge
--------- --- --------------------- ---------- -------- ------ ---- ----- ----
Trunk 1 128 32768.8CEA1B8AC667 128.57 2500 EN ROOT FWD No
The spanning tree path cost on Trunk 1 is 5000 (Trunk) / 2 = 2500.
3. Active Eth1/1 & Eth1/2 & Eth1/3 for port channel.
Console#show interfaces brief
Interface Name Status PVID Pri Speed/Duplex Type Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1 Up 1 0 Auto-1000full 1000BASE-T 1
Eth 1/ 2 Up 1 0 Auto-1000full 1000BASE-T 1
Eth 1/ 3 Up 1 0 Auto-1000full 1000BASE-T 1
The spanning tree path cost on Trunk 1 is 1666.
Console#show spanning-tree brief
Interface Pri Designated Designated Oper STP Role State Oper
Bridge ID Port ID Cost Status Edge
--------- --- --------------------- ---------- -------- ------ ---- ----- ----
Trunk 1 128 32768.8CEA1B8AC667 128.57 1666 EN ROOT FWD No
The spanning tree path cost on Trunk 1 is 5000 (Trunk) / 3 = 1666.
4. Active Eth1/1 & Eth1/2 & Eth1/3 & Eth1/4 for port channel.
Console#show interfaces brief
Interface Name Status PVID Pri Speed/Duplex Type Trunk
--------- ----------------- --------- ---- --- ------------- ------------ -----
Eth 1/ 1 Up 1 0 Auto-1000full 1000BASE-T 1
Eth 1/ 2 Up 1 0 Auto-1000full 1000BASE-T 1
Eth 1/ 3 Up 1 0 Auto-1000full 1000BASE-T 1
Eth 1/ 4 Up 1 0 Auto-1000full 1000BASE-T 1
The spanning tree path cost on Trunk 1 is 1250.
Console#show spanning-tree brief
Interface Pri Designated Designated Oper STP Role State Oper
Bridge ID Port ID Cost Status Edge
--------- --- --------------------- ---------- -------- ------ ---- ----- ----
Trunk 1 128 32768.8CEA1B8AC667 128.57 1250 EN ROOT FWD No
The spanning tree path cost on Trunk 1 is 5000 (Trunk) / 4 = 1250.
The switch can display diagnostic information for SFP modules which support the SFF-8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers. This information allows administrators to remotely diagnose problems with optical devices. This feature, referred to as Digital Diagnostic Monitoring (DDM) in the command display, provides information on transceiver parameters including temperature, supply voltage, laser bias current, laser power, received optical power, and related alarm thresholds.
transceiver-monitor
The setting for transceiver-monitor:
Console(config)#interface ethernet 1/X
Console(config-if)#transceiver-monitor
Use this command "transceiver-monitor" can monitor the current transceiver status, such as Temperature, TX power, RX power.
When any of the transceiver's operational values fall outside of specified thresholds, the switch will send the trap.
transceiver-threshold
The setting for transceiver-threshold:
Console(config)#interface ethernet 1/X
Console(config-if)#transceiver-threshold { current | rx-power | temperature | tx-power | voltage }
Use this command "transceiver-threshold" can set the default threshold from the transceiver to determine when an alarm or warning message should be sent.
Support Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS2100 series, ECS2110 series
Topology:
Insert the transceiver --- (25)ECS4620-28T(1) --- SNMP server
The procedure to monitor the transceiver status :
Step 1: Configure the switch's IP address and enable the SNMP trap.
Console#con
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.1/24
Console(config-if)#exit
Console(config)#snmp-server host 192.168.1.100 inform private version 2c
Step 2: Check the transceiver's information currently.
At this time, the RX power is not within the range of the default threshold of the Low Alarm/Waring.
Step 3: Enable the transceiver-monitor.
Console#con
Console(config)#interface ethernet 1/25
Console(config-if)#transceiver-monitor
Step 4: The switch will send out the SNMP trap (SFPThresholdAlarmWarnTrap).
The procedure to change the transceiver-threshold :
Step 1: Check the transceiver DDM Thresholds currently.
Step 2: Configure the threshold of the Temperature.
Console(config)#interface ethernet 1/25
Console(config-if)#no transceiver-threshold-auto
Console(config-if)#transceiver-threshold temperature high-warning 7500
Console(config-if)#transceiver-threshold temperature high-alarm 8500
Step 3: Check the modification of the transceiver's information.

As the scenario shown below, there are two links between SW1 and SW4 and therefore two loops:
1. Loop A: SW1, SW2, SW3 and SW4
2. Loop B: SW1 and SW4.
It causes problems such as a waste of CPU utilization if more than one loop exists. In order to prevent loop, Port 26 and 27 of SW1 and Port 26 and 28 of SW4 should be trunked as a group. In this way, two links between Switch 1 and 4 will be logically identified as one link by the system and only one loop exists with port 27 of SW3 blocked.

Use the following commands to enable LACP on port 26 and 27 of SW1.
SW_1#config
SW_1(config)#interface e 1/26
SW_1(config-if)#lacp
SW_1(config-if)#int e 1/27
SW_1(config-if)#lacp
Use the command "show interface status port-channel 1" to check trunk group members. As shown below, port 26 and 27 of SW1 are member ports of trunk group 1.
SW_1#sh int status port-channel 1
Information of Trunk 1
Basic Information:
Port Type : 1000BASE-T
MAC Address : 70-72-CF-58-F9-25
Configuration:
Name :
Port Admin : Up
Speed-duplex : Auto
Capabilities : 10half, 10full, 100half, 100full, 1000full
Broadcast Storm : Enabled
Broadcast Storm Limit : 64 Kbits/second
Multicast Storm : Disabled
Multicast Storm Limit : 64 Kbits/second
Unknown Unicast Storm : Disabled
Unknown Unicast Storm Limit : 64 Kbits/second
Flow Control : Disabled
VLAN Trunking : Disabled
Current Status:
Created By : LACP
Link Status : Up
Port Operation Status : Up
Operation Speed-duplex : 1000full
Up Time : 0w 0d 0h 3m 45s (225 seconds)
Flow Control Type : None
Max Frame Size : 1518 bytes (1522 bytes for tagged frames)
Member Ports : Eth1/26, Eth1/27
Use the command "show spanning-tree port-channel 1" to check information such as role and state of each port.
SW_1#sh spanning-tree port-channel 1
Trunk 1 Information
---------------------------------------------------------------
Admin Status : Enabled
Role : Designate
State : Forwarding
Admin Path Cost : 0
Oper Path Cost : 2500
Priority : 128
Designated Cost : 0
Designated Port : 128.33
Designated Root : 4096.7072CF58F90B
Designated Bridge : 4096.7072CF58F90B
Forward Transitions : 24
Admin Edge Port : Auto
Oper Edge Port : Disabled
Admin Link Type : Auto
Oper Link Type : Point-to-point
Flooding Behavior : Enabled
Spanning-Tree Status : Enabled
Loopback Detection Status : Enabled
Loopback Detection Release Mode : Auto
Loopback Detection Trap : Disabled
Loopback Detection Action : Block
Root Guard Status : Disabled
BPDU Guard Status : Disabled
BPDU Guard Auto Recovery : Disabled
BPDU Guard Auto Recovery Interval : 300
BPDU Filter Status : Disabled
1. To prevent loop
As shown in the figure above, there are 3 traffic paths from VLC server to PC2:
Path 1(red): from SW1 port 26 to SW4 port 26;
Path 2(blue): from SW1 port 27 to SW4 port 28;
Path 3(green): from SW1 port 28 to SW2 port 27, from SW2 port 28 to SW3 port 27, from SW3 port 28 to SW4 port 27 then to SW4 port 1.
Therefore, there are two loops in the topology:
As shown in the figures above, when the switch receives a broadcast, multicast or unknown unicast packet from VCL Server, packet will flood to port 26(packet 2 yellow) and 27 (packet 2 green). When SW4 receives the packet from port 26, the packet will flood to port 1 (packet 3 yellow) and port 28 (packet 3 yellow). When SW4 receives the packet from port 28, the packet will flood to port 1(packet 3 green) and port 26 (packet 3 green). In this way, packets will occupy every port that connected to switch and it results in a failure to serving normal packets and sometimes a waste of CPU utilization.
Spanning Tree Protocol is a mechanism that automatically detects loops in the network and blocks the redundant paths to keep only one path for two nodes in the network. Rapid Spanning Tree Protocol (RSTP) is an enhancement of STP and provides faster spanning tree convergence. RSTP uses path cost, bridge ID and port priority/port ID of BPDU to prioritize the paths and then to establish a spanning tree.
2. To Provide Redundant path
Sometimes users create a loop intentionally in order to build up a redundant path in case the path is failed to link. Traffic dynamically switches to the redundant path and maintain network operation when the default path is failed to link.
When the link between SW1 port 26 and SW4 port 26 is down, SW1 port 27 which is in blocking state (Alternate Role) automatically forwards. Therefore, traffic from VLC server switches to the link between SW1 port 27 and SW4 port 28.
Use command "show log ram" to see the change log.
SW_1#sh log ram
[3] 08:59:45 2011-12-08
'STA topology change happened on Eth 1/27.'
level : 6, module : 5, function : 1, and event no. : 1
[2] 08:59:45 2011-12-08
'STP port state: MSTID 0, Eth 1/27 becomes forwarding.'
level : 6, module : 5, function : 1, and event no. : 1
[1] 08:59:45 2011-12-08
'STP port state: MSTID 0, Eth 1/26 becomes non-forwarding.'
level : 6, module : 5, function : 1, and event no. : 1
[0] 08:59:45 2011-12-08
'Unit 1, Port 26 link-down notification.'
level : 6, module : 5, function : 1, and event no. : 1
SW_4-0#sh log ram
[2] 08:28:56 2011-12-08
'STA topology change happened on Eth 1/27.'
level : 6, module : 5, function : 1, and event no. : 1
[1] 08:28:54 2011-12-08
'STP port state: MSTID 0, Eth 1/26 becomes non-forwarding.'
level : 6, module : 5, function : 1, and event no. : 1
[0] 08:28:54 2011-12-08
'Unit 1, Port 26 link-down notification.'
level : 6, module : 5, function : 1, and event no. : 1
SW_2-0#sh log ram
[1] 09:00:39 2011-12-08
'User(admin/Telnet) (192.168.1.1), login successful.'
level : 6, module : 5, function : 1, and event no. : 1
[0] 08:58:43 2011-12-08
'192.168.1.1 VTY user admin, logout from PRIV. EXEC mode.'
level : 6, module : 1, function : 0, and event no. : 1
SW_3-0#sh log ram
[2] 08:28:51 2011-12-08
'User(admin/Telnet) (192.168.1.1), login successful.'
level : 6, module : 5, function : 1, and event no. : 1
[1] 08:27:48 2011-12-08
'STA topology change happened on Eth 1/27.'
level : 6, module : 5, function : 1, and event no. : 1
[0] 08:27:12 2011-12-08
'192.168.1.1 VTY user admin, logout from PRIV. EXEC mode.'
level : 6, module : 1, function : 0, and event no. : 1
SW_4(config)#interface ethernet 1/27
SW_4(config-if)#spanning-tree port-priority ?
<0-240> Spanning-tree port priority value in steps of 16
Please note that the port priority value is steps of 16 in range of 0-240.
SW_4(config-if)#spanning-tree port-priority 16

A switch is configured as root if it has the smallest priority ID. Therefore, by changing the priority ID to the smallest ID, users could configure any switch as root. For example, use the following commands to change the priority of SW1 to 4096:
SW_1(config)#spanning-tree priority?
<0-61440> Spanning-tree priority value in steps of 4096
Please note that the priority ID value can only be changed in steps of 4096, from 0 to 61440.
SW_1(config)# spanning-tree priority 4096
After changing priority ID of SW1 to 4096, SW1 is configured as the Root and the blocking port is changed to SW4 port 28 and SW3 port 27.

Received Octets :
1.3.6.1.2.1.31.1.1.1.6 (ifHCInOctets, 64-bit version)
1.3.6.1.2.1.2.2.1.10 (ifInOctets, 32-bit version)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.6.1
IF-MIB::ifHCInOctets.1 = Counter64: 1751607
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.10.1
IF-MIB::ifInOctets.1 = Counter32: 1751607
Transmitted Octets :
1.3.6.1.2.1.31.1.1.1.10 (ifHCOutOctets, 64-bit version)
1.3.6.1.2.1.2.2.1.16 (ifOutOctets, 32-bit version)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.10.1
IF-MIB::ifHCOutOctets.1 = Counter64: 1045353
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.16.1
IF-MIB::ifOutOctets.1 = Counter32: 1045353
Received Errors :
1.3.6.1.2.1.2.2.1.14 (ifInErrors)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.14.1
IF-MIB::ifInErrors.1 = Counter32: 0
Transmitted Errors :
1.3.6.1.2.1.2.2.1.20 (ifOutErrors)
ECS2100 series didn’t support this counter.
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.20.1
IF-MIB::ifOutErrors.1 = No Such Instance currently exists at this OID
Received Unicast Packets :
1.3.6.1.2.1.31.1.1.1.7 (ifHCInUcastPkts, 64-bit version)
1.3.6.1.2.1.2.2.1.11 (ifInUcastPkts, 32-bit version)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.7.1
IF-MIB::ifHCInUcastPkts.1 = Counter64: 79
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.11.1
IF-MIB::ifInUcastPkts.1 = Counter32: 79
Transmitted Unicast Packets :
1.3.6.1.2.1.31.1.1.1.11 (ifHCOutUcastPkts, 64-bit version)
1.3.6.1.2.1.2.2.1.17 (ifOutUcastPkts, 32-bit version)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.11.1
IF-MIB::ifHCOutUcastPkts.1 = Counter64: 1684
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.17.1
IF-MIB::ifOutUcastPkts.1 = Counter32: 1684
Received Discarded Packets :
1.3.6.1.2.1.2.2.1.13 (ifInDiscards)
ECS2100 series didn’t support this counter, always return the value as 0.
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.13.1
IF-MIB::ifInDiscards.1 = Counter32: 0
Transmitted Discarded Packets :
1.3.6.1.2.1.2.2.1.19 (ifOutDiscards)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.19.1
IF-MIB::ifOutDiscards.1 = Counter32: 0
Received Multicast Packets :
1.3.6.1.2.1.31.1.1.1.8 (ifHCInMulticastPkts, 64-bit version)
1.3.6.1.2.1.31.1.1.1.2 (ifInMulticastPkts, 32-bit version)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.8.1
IF-MIB::ifHCInMulticastPkts.1 = Counter64: 20
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.2.1
IF-MIB::ifInMulticastPkts.1 = Counter32: 20
Transmitted Multicast Packets :
1.3.6.1.2.1.31.1.1.1.12 (ifHCOutMulticastPkts, 64-bit version)
1.3.6.1.2.1.31.1.1.1.4 (ifOutMulticastPkts, 32-bit version)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.12.1
IF-MIB::ifHCOutMulticastPkts.1 = Counter64: 2134
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.4.1
IF-MIB::ifOutMulticastPkts.1 = Counter32: 2134
Received Broadcast Packets :
1.3.6.1.2.1.31.1.1.1.9 (ifHCInBroadcastPkts, 64-bit version)
1.3.6.1.2.1.31.1.1.1.3 (ifInBroadcastPkts, 32-bit version)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.9.1
IF-MIB::ifHCInBroadcastPkts.1 = Counter64: 18069
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.3.1
IF-MIB::ifInBroadcastPkts.1 = Counter32: 18069
Transmitted Broadcast Packets :
1.3.6.1.2.1.31.1.1.1.13 (ifHCOutBroadcastPkts, 64-bit version)
1.3.6.1.2.1.31.1.1.1.5 (ifOutBroadcastPkts, 32-bit version)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.13.1
IF-MIB::ifHCOutBroadcastPkts.1 = Counter64: 5833
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.31.1.1.1.5.1
IF-MIB::ifOutBroadcastPkts.1 = Counter32: 5833
Received Unknown Packets :
1.3.6.1.2.1.2.2.1.15 (ifInUnknownProtos)
ECS2100 series didn’t support this counter.
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.15.1
IF-MIB::ifInUnknownProtos.1 = No Such Instance currently exists at this OID
QLen Output - the length of the output packet queue (in packets) :
1.3.6.1.2.1.2.2.1.21 (ifOutQLen)
ECS2100 series didn’t support this counter.
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.2.2.1.21.1
IF-MIB::ifOutQLen.1 = No Such Instance currently exists at this OID

Single Collision Frames :
1.3.6.1.2.1.10.7.2.1.4 (dot3StatsSingleCollisionFrames)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.4.1
SNMPv2-SMI::transmission.7.2.1.4.1 = Counter32: 0
Multiple Collision Frames :
1.3.6.1.2.1.10.7.2.1.5 (dot3StatsMultipleCollisionFrames)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.5.1
SNMPv2-SMI::transmission.7.2.1.5.1 = Counter32: 0
Late Collisions :
1.3.6.1.2.1.10.7.2.1.8 (dot3StatsLateCollisions)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.8.1
SNMPv2-SMI::transmission.7.2.1.8.1 = Counter32: 0
Excessive Collisions :
1.3.6.1.2.1.10.7.2.1.9 (dot3StatsExcessiveCollisions)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.9.1
SNMPv2-SMI::transmission.7.2.1.9.1 = Counter32: 0
Deferred Transmissions :
1.3.6.1.2.1.10.7.2.1.7 (dot3StatsDeferredTransmissions)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.7.1
SNMPv2-SMI::transmission.7.2.1.7.1 = Counter32: 0
Frames Too Long :
1.3.6.1.2.1.10.7.2.1.13 (dot3StatsFrameTooLongs)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.13.1
SNMPv2-SMI::transmission.7.2.1.13.1 = Counter32: 0
Symbol Errors :
1.3.6.1.2.1.10.7.2.1.18 (dot3StatsSymbolErrors)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.18.1
SNMPv2-SMI::transmission.7.2.1.18.1 = Counter32: 0
Pause Frames Input :
1.3.6.1.2.1.10.7.10.1.3 (dot3InPauseFrames)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.10.1.3.1
SNMPv2-SMI::transmission.7.10.1.3.1 = Counter32: 0
Pause Frames Output :
1.3.6.1.2.1.10.7.10.1.4 (dot3OutPauseFrames)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.10.1.4.1
SNMPv2-SMI::transmission.7.10.1.4.1 = Counter32: 0
Alignment Errors :
1.3.6.1.2.1.10.7.2.1.2 (dot3StatsAlignmentErrors)
ECS2100 series didn’t support this counter.
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.2.1
SNMPv2-SMI::transmission.7.2.1.2.1 = No Such Instance currently exists at this OID
FCS Errors :
1.3.6.1.2.1.10.7.2.1.3 (dot3StatsFCSErrors)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.3.1
SNMPv2-SMI::transmission.7.2.1.3.1 = Counter32: 0
SQE Test Errors :
1.3.6.1.2.1.10.7.2.1.6 (dot3StatsSQETestErrors)
ECS2100 series didn’t support this counter.
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.6.1
SNMPv2-SMI::transmission.7.2.1.6.1 = No Such Instance currently exists at this OID
Carrier Sense Errors :
1.3.6.1.2.1.10.7.2.1.11 (dot3StatsCarrierSenseErrors)
ECS2100 series didn’t support this counter.
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.11.1
SNMPv2-SMI::transmission.7.2.1.11.1 = No Such Instance currently exists at this OID
Internal MAC Receive Errors :
1.3.6.1.2.1.10.7.2.1.16 (dot3StatsInternalMacReceiveErrors)
ECS2100 series didn’t support this counter.
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.16.1
SNMPv2-SMI::transmission.7.2.1.16.1 = No Such Instance currently exists at this OID
Internal MAC Transmit Errors :
1.3.6.1.2.1.10.7.2.1.10 (dot3StatsInternalMacTransmitErrors)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.10.7.2.1.10.1
SNMPv2-SMI::transmission.7.2.1.10.1 = Counter32: 0

Drop Events :
1.3.6.1.2.1.16.1.1.1.3 (etherStatsDropEvents)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.3.1
SNMPv2-SMI::mib-2.16.1.1.1.3.1 = Counter32: 0
Jabbers :
1.3.6.1.2.1.16.1.1.1.12 (etherStatsJabbers)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.12.1
SNMPv2-SMI::mib-2.16.1.1.1.12.1 = Counter32: 0
Fragments :
1.3.6.1.2.1.16.1.1.1.11 (etherStatsFragments)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.11.1
SNMPv2-SMI::mib-2.16.1.1.1.11.1 = Counter32: 0
Collisions :
1.3.6.1.2.1.16.1.1.1.13 (etherStatsCollisions)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.13.1
SNMPv2-SMI::mib-2.16.1.1.1.13.1 = Counter32: 0
Received Octets :
1.3.6.1.2.1.16.1.1.1.4 (etherStatsOctets)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.4.1
SNMPv2-SMI::mib-2.16.1.1.1.4.1 = Counter32: 2796960
Received Packets :
1.3.6.1.2.1.16.1.1.1.5 (etherStatsPkts)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.5.1
SNMPv2-SMI::mib-2.16.1.1.1.5.1 = Counter32: 23320
Broadcast Packets :
1.3.6.1.2.1.16.1.1.1.6 (etherStatsBroadcastPkts)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.6.1
SNMPv2-SMI::mib-2.16.1.1.1.6.1 = Counter32: 23902
Multicast Packets :
1.3.6.1.2.1.16.1.1.1.7 (etherStatsMulticastPkts)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.7.1
SNMPv2-SMI::mib-2.16.1.1.1.7.1 = Counter32: 2154
CRC Align Errors :
1.3.6.1.2.1.16.1.1.1.8 (etherStatsCRCAlignErrors)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.8.1
SNMPv2-SMI::mib-2.16.1.1.1.8.1 = Counter32: 0
Undersize Packets :
1.3.6.1.2.1.16.1.1.1.9 (etherStatsUndersizePkts)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.9.1
SNMPv2-SMI::mib-2.16.1.1.1.9.1 = Counter32: 0
Oversize Packets :
1.3.6.1.2.1.16.1.1.1.10 (etherStatsOversizePkts)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.10.1
SNMPv2-SMI::mib-2.16.1.1.1.10.1 = Counter32: 0
64 Byte Packets :
1.3.6.1.2.1.16.1.1.1.14 (etherStatsPkts64Octets)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.14.1
SNMPv2-SMI::mib-2.16.1.1.1.14.1 = Counter32: 4522
65-127 Byte Packets :
1.3.6.1.2.1.16.1.1.1.15 (etherStatsPkts65to127Octets)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.15.1
SNMPv2-SMI::mib-2.16.1.1.1.15.1 = Counter32: 21524
128-255 Byte Packets :
1.3.6.1.2.1.16.1.1.1.16 (etherStatsPkts128to255Octets)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.16.1
SNMPv2-SMI::mib-2.16.1.1.1.16.1 = Counter32: 887
256-511 Byte Packets :
1.3.6.1.2.1.16.1.1.1.17 (etherStatsPkts256to511Octets)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.17.1
SNMPv2-SMI::mib-2.16.1.1.1.17.1 = Counter32: 827
512-1023 Byte Packets :
1.3.6.1.2.1.16.1.1.1.18 (etherStatsPkts512to1023Octets)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.18.1
SNMPv2-SMI::mib-2.16.1.1.1.18.1 = Counter32: 53
1024-1518 Byte Packets :
1.3.6.1.2.1.16.1.1.1.19 (etherStatsPkts1024to1518Octets)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.2.1.16.1.1.1.19.1
SNMPv2-SMI::mib-2.16.1.1.1.19.1 = Counter32: 6

Input Octets in kbits per second :
1.3.6.1.4.1.259.10.1.43.1.2.6.1.2 (portInOctetRate)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.4.1.259.10.1.43.1.2.6.1.2.1
SNMPv2-SMI::enterprises.259.10.1.43.1.2.6.1.2.1 = Counter64: 0
Input Packets per second :
1.3.6.1.4.1.259.10.1.43.1.2.6.1.3 (portInPacketRate)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.4.1.259.10.1.43.1.2.6.1.3.1
SNMPv2-SMI::enterprises.259.10.1.43.1.2.6.1.3.1 = Counter64: 0
Input Utilization :
1.3.6.1.4.1.259.10.1.43.1.2.6.1.4 (portInUtil)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.4.1.259.10.1.43.1.2.6.1.4.1
SNMPv2-SMI::enterprises.259.10.1.43.1.2.6.1.4.1 = INTEGER: 0
Output Octets in kbits per second :
1.3.6.1.4.1.259.10.1.43.1.2.6.1.5 (portOutOctetRate)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.4.1.259.10.1.43.1.2.6.1.5.1
SNMPv2-SMI::enterprises.259.10.1.43.1.2.6.1.5.1 = Counter64: 0
Output Packets per second :
1.3.6.1.4.1.259.10.1.43.1.2.6.1.6 (portOutPacketRate)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.4.1.259.10.1.43.1.2.6.1.6.1
SNMPv2-SMI::enterprises.259.10.1.43.1.2.6.1.6.1 = Counter64: 0
Output Utilization :
1.3.6.1.4.1.259.10.1.43.1.2.6.1.7 (portOutUtil)
C:\>snmpwalk -v 2c -c private 10.2.28.216 1.3.6.1.4.1.259.10.1.43.1.2.6.1.7.1
SNMPv2-SMI::enterprises.259.10.1.43.1.2.6.1.7.1 = INTEGER: 0
Model Name: ECS4620 series
Firmware Version: v1.2.2.19
1. Set privilege-8, privilege-15 accounts and enable password in tacacs Server

2. Then, set following command:
Console(config)#tacacs-server 1 host [tacacs server ip] key [tacacs server's key]
Console(config)#authentication login tacacs local
Console(config)#authentication enable tacacs local
Console(config)#line console
Console(config-line-console)#authorization exec default

3. Use privilege-8 account login to switch, and use enable to access privilege-15

PS. If you want use telnet login, you need to use “authorization exec default” in line vty, too.
Console#show privilege
Current privilege level is 15
Console#configure
Console(config)#line vty
Console(config-line-vty)#authorization exec default

When the user changes the default login method to use no username, the user will only need to enter the password.
- Topology:

- Switch configure:
- Reset switch to default.
Console(config)#boot system config:Factory_Default_Config.cfg
Console(config)#
Console#reload
System will be restarted. Continue

- Set line console/vty password
Console(config)#line console
Console(config-line-console)#password 0 support
Console(config-line-console)#login
Console(config-line-console)#exit
Console(config)#line vty
Console(config-line-vty)#password 0 support
Console(config-line-vty)#login
Console(config-line-vty)#

- Verify

When the user logs in with the password set for console/vty, the user’s privilege level is 0. The user needs to use the command “enable” to get privilege level -15.
Default enable password is “super”.

Model: AS5710-54X-EC
Console(config-router)#neighbor x.x.x.x description Edge-Core
Failed to set neighbor description.
Console(config-router)#
Solution:
Users have to set “neighbor remote-as”. After that, users are able to set the BGP neighbor description.
Console#con
Console(config)#router bgp 1
Console(config-router)#neighbor 192.168.1.2 remote-as 2
Console(config-router)#neighbor 192.168.1.2 description Edge-Core
Console(config-router)#
Answer: The AS5710-54X-EC supports 3 BGP log messages.
- BGP_NEIGHBOR_CHANGE_MESSAGE "BGP: %s"
- BGP_ESTABLISHED_NOTIFICATION_MESSAGE "BGP established, ip: %s, last err: 0x%04x, state: %s"
- BGP_BACKWARD_TRANS_NOTIFICATION_MESSAGE "BGP backward trans, ip: %s, last err: 0x%04x, state: %s"
No, all the Edgecore switches unit ID start from 1.
For some stackable switches (ex, ECS4510, ECS4620), which may have 4 units in a stack for management. Then the unit ID is from 1 to 4.
For example:
If the client connects on port2 of second unit in stack, the interface would be "eth 2/2".
Scenario:

Procedures:
1. Upload the firmware to the TFTP server and specify the file name to “ECS4100-series.bix”.

2. Configure the IP address on switch. (The management IP address is 192.168.2.10/24 by default.)
Console#configure
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.199.10/24
3. Enable the auto-upgrade function on global mode.
Console(config)#upgrade opcode auto
Console(config)#upgrade opcode reload
4. Configure the directory path of TFTP server.
Console(config)#upgrade opcode path tftp://192.168.199.2/

5. Save the configuration file.
Console#copy running-config startup-config

6. Reboot the switch.

7. The switch will look for newer firmware version after rebooting. If there is a newer firmware, the switch will auto upgrade and restart the system.

8. Now, the switch boots up with newer version.

Scenario:

Introduction:
When the switch obtains the IP address from the DHCP server, it will download the configuration from TFTP server and apply the configuration automatically.
Procedures:
1. Put the configuration file to the TFTP server.
2. The DHCP server must setup the option 66(TFTP server name) and 67 (Bootfile name).
For Example:
Serva32.exe is a free software tool which contain DHCP and TFTP server. (http://www.vercot.com/~serva/)

3. DHCP options is disable by default. The user has to enable the “DHCP Dynamic Provision” on global mode.
Console#configure
Console(config)#ip dhcp dynamic-provision
4. Configure the switch to obtain management IP address from the DHCP server.
Console(config)#interface vlan 1
Console(config-if)#ip address dhcp
5. The switch sends the DHCP discover packet to acquire an IP address.

6. When switch obtain the IP address, it will start to download the configuration file from the TFTP server and apply the configuration automatically.

*The configuration file will be set to the startup file automatically.

Cable Diagnostic supports either (A) cable failures, as well as the status and approximate distance to a fault or (B) the approximate cable length if no fault is found.



System info:
Ubuntu 16.04.2 LTS (Desktop, amd64)

Package info:
- snmpd v5.7.3
- mrtg v2.17.4
- apache2 v2.4.18

Install and configure steps:
0. Update the source package list
sudo apt-get update

1. snmpd
1-1 Install packages
sudo apt-get install snmp
sudo apt-get install snmpd


1-2 Creat snmp community word
echo 'rocommunity public' > /etc/snmp/snmpd.conf
1-3 Restart the snmpd service
service snmpd restart

1-4 Test snmpd (Can get OIDs)
snmpwalk localhost –v 1 –c public

Reference:
http://www.debianhelp.co.uk/snmp.htm
http://www.net-snmp.org/docs/readmefiles.html
2. mrtg
2-1 Install mrtg
sudo apt-get install mrtg

2-2 Configure mrtg.cfg
sudo vi /etc/mrtg.cfg

3. apache2
3-1 Install apache2
sudo apt-get install apache2

3-2 Configure apache2.cfg
sudo vi /etc/apache2/apache2.cfg

In the end of this file, add Alias /mrtg “/var/www/mrtg”to link URL to file.
Syntax: Alias URL-path file-path/directory-path
3-3 Creat new folder to save MRTG data
sudo mkdir /var/www/mrtg
3-4 Creat MRTG data (Need execute 3 times)
sudo env LANG=C /usr/bin/mrtg /etc/mrtg.cfg

If success, you can find the data under /var/www/mrtg/
3-5 Link test.html to index.html
sudo ln –s /var/www/mrtg/test.html /var/www/mrtg/index.html
This command can use http://192.168.1.20/mrtg to access the MRTG page.
No need to use http://192.168.1.20/mrtg/test.html to access this page.
3-6 Restart apache web service
service apache2 restart

Result:
Now can access the MRTG statistic page ( http:// Ubuntu_server 's IP/mrtg )
This page will refresh per 5 min.


Firmware Version: 1.5.1.18
IEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs.
QinQ tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy, preserving the customer’s original tagged packets, and adding SPVLAN tags to each frame (also called double tagging).
At SW 1 and SW4
1. Configure access mode
Console(config)#interface ethernet 1/1
Console(config-if)#switchport mode access
Console(config-if)#switchport native vlan 2
Console(config-if)#switchport allowed vlan remove 1
2. Configure trunk mode
Console(config)#interface ethernet 1/9
Console(config-if)#switchport mode trunk
Console(config-if)#switchport allowed vlan add 2 tagged
Console(config-if)#switchport allowed vlan remove 1
At SW2 and SW3
1. Enable QinQ
Console(config)#dot1q-tunnel system-tunnel-control
2. Configure Q-in-Q access port
Console(config)interface ethernet 1/1
Console(config-if)#switchport allowed vlan add 20 untagged
Console(config-if)#switchport native vlan 20
Console(config-if)#switchport allowed vlan remove 1
Console(config-if)#switchport dot1q-tunnel mode access
3. Configure Q-in-Q uplink port
Console(config)interface ethernet 1/5
Console(config-if)#switchport allowed vlan add 20 tagged
Console(config-if)#switchport dot1q-tunnel mode uplink
Check the status on the switch
Console#show dot1q-tunnel
802.1Q Tunnel Status : Enabled
Port Mode TPID (Hex) Priority Mapping
-------- ------ ---------- ----------------
Eth 1/ 1 Access 8100 Disabled
Eth 1/ 2 Normal 8100 Disabled
Eth 1/ 3 Normal 8100 Disabled
Eth 1/ 4 Normal 8100 Disabled
Eth 1/ 5 Uplink 8100 Disabled
Eth 1/ 6 Normal 8100 Disabled
Eth 1/ 7 Normal 8100 Disabled
Eth 1/ 8 Normal 8100 Disabled
Eth 1/ 9 Normal 8100 Disabled
Eth 1/ 10 Normal 8100 Disabled
The packet, captured from SW1 to SW2.

The packet, captured from SW2 to SW3.

The packet, captured from SW3 to SW4.

However, user may enable/disable PoE function via standard MIB - POWER-ETHERNET-MIB.
SNMPSET command format:
snmpset -v 2c -c public <switch ip> <pethPsePortAdminEnable>.<pethPsePortGroupIndex>.<pethPsePortIndex> <integer> <value>
pethPsePortAdminEnable = true(1), false(2)
For example:
Disabled PoE function on eth1/3.
(1) pethPsePortAdminEnable (Integer 2 : false)
C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.2.1.105.1.1.1.3.1.3 i 2
SNMPv2-SMI::mib-2.105.1.1.1.3.1.3 = INTEGER: 2
Result

Support model: ECS4620 Series, ECS4510 Series, ECS4120 Series, ECS4100 Series, ECS4110 Series, ECS4210, ECS3500 Series, ECS2100 Series,
When Traffic segmentation is enabling, then
- Ping from 192.168.1.101 to 192.168.1.102 will fail. (downlink port to downlink port)
- Ping from 192.168.1.101 to 192.168.1.112 will pass. (downlink port to uplink port)

Setting traffic-segmentation
Console(config)#traffic-segmentation uplink ethernet 1/12
Console(config)#traffic-segmentation downlink ethernet 1/1-2
Console(config)#traffic-segmentation
Console(config)#end
Console#show traffic-segmentation
Traffic segmentation Status : Enabled
Uplink-to-Uplink Mode : Blocking
Session Uplink Ports Downlink Ports
--------- ------------------------------ -----------------------------
1 Ethernet 1/12 Ethernet 1/1
Ethernet 1/2
Test:
When Traffic segmentation Status shows Enabled,
- Ping from 192.168.1.101 to 192.168.1.102 will fail.
- Ping from 192.168.1.101 to 192.168.1.112 will pass.


When Traffic segmentation Status shows Disable,
- Ping from 192.168.1.101 to 192.168.1.102 will pass.
- Ping from 192.168.1.101 to 192.168.1.112 will pass too.







The Key difference for those two are the multicast data received on the clients.
For example, please find the basic MVR configuration on the switch.

L2 MVR design
When the switch enables MVR function and the status becomes "Active", the MVR receiver port will join the MVR VLAN as member automatically.
Once the client joins the multicast group, the client could receive the multicast data with MVR VLAN tagged (trunk mode) or untagged (hybrid mode).

Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS4110 series, ECS4210 series, ECS3510-28T/52T, ES3528Mv2, ES3510MA
L3 MVR design
MVR receiver port will NOT join the MVR VLAN as member automatically when the MVR function is active.
When the client joins the multicast group, the multicast data with MVR VLAN will replace the VLAN tag to client VLAN and forward to the port.

Models: ECS4660-28F, ECS4610-24F, ECS4610-26T/50T

Console#switch stacking-port option ?
<1-2> the option of stacking port
(option 1 is front 10G ports such as port 25-26 in ECS4510-28T or ECS4620-28T )
Console#switch stacking-port option 1 ?
<1-8> unit number
Console#switch stacking-port option 1 1
After setting, please reload the switch.
You can check the setting by using “show stacking-port option” command.

rear 10G ports

Console#switch stacking-port option ?
<1-2> the option of stacking port
(option 2 is rear 10G ports such as port 27-28 in ECS4510-28T or ECS4620-28T )
Console#switch stacking-port option 2 ?
<1-8> unit number
Console#switch stacking-port option 2 1
After setting, please reload the switch.
You can check the setting by using “show switch stacking-port option” command.

A config example show as below,
ECS4510 series
==== Create the class-map for VLAN classification ====
ECS4510(config)# class-map test
ECS4510(config-cmap)# match vlan 1
========================================
==== policy-map for traffic limation ====
ECS4510(config)# policy-map VLAN1_limit
ECS4510(config-pmap)# class test
ECS4510(config-pmap-c)# police flow 10000 1600000 conform-action transmit
violate-action drop (Restricted to 10 Mbps, and drop packets if exceeded)
================================================================
==== Apply this policy-map to the ports (input for ingress, output for egress)====
ECS4510(config)# interface ethernet 1/1
ECS4510(config-if)# service-policy input VLAN1_limit
==============================================
==== Check the configuration ====
ECS4510# show policy-map
Policy Map VLAN1_limit
Description:
class test
police flow 10000 1600000 conform-action transmit violate-action drop
ECS4510# show policy-map interface 1/1 input
Service-policy VLAN1_limit
============================
Topology shows as below:

Major Ring (Domain): Switch A is RPL Owner for major ring.

Sub Ring (Domain): Switch E is RPL owner for sub ring.

Blocking port

Configuration:
- Major Ring
Switch A:
A(config)#erps
A(config)#erps domain major
A(config-erps)#control-vlan 10
A(config-erps)#ring-port east interface ethernet 1/1
A(config-erps)#ring-port west interface ethernet 1/2
A(config-erps)#rpl owner
A(config-erps)#enable

Switch B: (The configuration of Switch C & Switch D are the same as Switch B)
B(config)#erps
B(config)#erps domain major
B(config-erps)#control-vlan 10
B(config-erps)#ring-port east interface ethernet 1/1
B(config-erps)#ring-port west interface ethernet 1/2
B(config-erps)#enable

- Sub Ring
- Need to assign major domain by “major-domain” command.
- Assign only one ring-port.
C(config)#erps
C (config)#erps domain sub
C (config-erps)#major-domain major
C (config-erps)#control-vlan 20
C (config-erps)#ring-port west interface ethernet 1/3
C (config-erps)#enable


Switch E:
E(config)#erps
E(config)#erps domain sub
E(config-erps)#control-vlan 20
E(config-erps)#ring-port east interface ethernet 1/1
E(config-erps)#ring-port west interface ethernet 1/3
E(config-erps)#rpl owner
E(config-erps)#enable

Switch F:
F(config)#erps
F(config)#erps domain sub
F(config-erps)#control-vlan 20
F(config-erps)#ring-port east interface ethernet 1/1
F(config-erps)#ring-port west interface ethernet 1/3
F(config-erps)#enable

Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS4110 series, ECS4210 series, ECS3510-28T/52T, ES3528Mv2, ES3510MA, ECS2100 series
When users try to get the current operational state of the interface by SNMP, the OID should be ifOperStatus (1.3.6.1.2.1.2.2.1.8).
There are two kind of results, “lowerLayerDown(7)” and “down(2)”.
IF-MIB::ifOperStatus.25 = INTEGER: lowerLayerDown(7)
IF-MIB::ifOperStatus.1001 = INTEGER: down(2)
What's the difference between "lowerLayerDown" and "down" status?
(1) lowerLayerDown: If “operstatus” is not able to change to UP, and the cause is due to PHY link is down, it will display lowerlayerdown.
For example, no cable connected or admin down/manual shutdown. (In current design, it will shut down PHY) or shut down by the specific functions below.

(2) down: If the operstatus is not able to change to UP and the cause is NOT due to the PHY link is down, it will display down.
For example, vlan adminstatus down.
Console#sh ip int
VLAN 1 is Administrative Up - Link Down
Address is CC-37-AB-94-80-20
Index: 1001, MTU: 1500
Address Mode is User specified
IP Address: 192.168.2.10 Mask: 255.255.255.0
Proxy ARP is disabled
DHCP Client Vendor Class ID (text): ECS2100-10T
DHCP Relay Server:
Console#
support model: ECS4620 Series, ECS4510 Series, ECS4120 Series, ECS4100 Series, ECS4110 Series, ECS4210, ECS3500 Series, ECS2100 Series, ECS2110 Series
Switch Clustering:
Switch Clustering is a method of grouping switches together to enable centralized management through a single unit.
What’s Cluster Commander and Cluster Member?
A switch cluster has a primary unit called the “Commander” which is used to manage all other “Member” switches in the cluster.

The steps to configure on ECS2100-28T and ECS4110-52P:
ECS2100-28T(config)#cluster (enables clustering on the switch.)
ECS4110-52P(config)#cluster
The steps to configure on ECS2100-52T:
ECS2100-52T(config)#int vlan 1
ECS2100-52T (config-if)#ip address 192.168.1.1/24
ECS2100-52T (config)#cluster
ECS2100-52T (config)#cluster ip-pool 10.1.2.1
(IP pool is used to assign IP addresses to Member switches in the cluster. Cluster IP addresses are in the form 10.x.x.x)
ECS2100-52T (config)#cluster commander (enables the switch as a cluster Commander.)
ECS2100-52T (config)#exit
ECS2100-52T#show cluster candidates
Cluster Candidates:
Role MAC Address Description
--------------- ----------------- -----------------------------------------
Candidate 00-E0-0C-11-CC-00 ECS2100-28T
Candidate CC-37-AB-42-6F-B8 ECS4110-52P
ECS2100-52T#configure
ECS2100-52T(config)#cluster member mac-address 00-E0-0C-11-CC-00 id 1
(configures a Candidate switch as a cluster Member.)
ECS2100-52T(config)#cluster member mac-address CC-37-AB-42-6F-B8 id 2
ECS2100-52T(config)#exit
After setting, you can check the member by using “show cluster members” command.

Test via telnet.


Test via web:



Test via console:


Scenario:

Procedures:
- Add the VID (VLAN ID) to the port interface. In this example, the traffic will tag VLAN 2.
Console#configure
Console(config)#interface ethernet 1/1
Console(config-if)#switchport allowed vlan add 2 tagged
Console(config-if)#exi
Console(config)#interface ethernet 1/47
Console(config-if)#switchport allowed vlan add 2 tagged
- Create a class map to classify the specified traffic. In this example, it will match to the traffic of CoS 0.
Console(config)#class-map CoS
Console(config-cmap)#match cos 0
Console#show class-map
Class Map match-any CoS
Description:
Match CoS 0
- Create a policy map and use the class command to configure policies for traffic which match the criteria defined in a class map. In this example, the value of CoS will be modified to “7” if the traffic match to the class map.
Console(config)#policy-map CoS-test
Console(config-pmap)#class CoS
Console(config-pmap-c)#set cos 7
Console#show policy-map
Policy Map CoS-test
Description:
class CoS
set CoS 7
- Apply the policy map to the ingress or egress side of a particular interface. In this example, the policy map will be applied to ingress of port 1.
Console#configure
Console(config)#interface ethernet 1/1
Console(config-if)#service-policy ?
input Input direction
output Output direction
Console(config-if)#service-policy input CoS-test
Console#show running-config interface ethernet 1/1
interface ethernet 1/1
switchport allowed vlan add 2 tagged
service-policy input CoS-test
!
Result:
When the switch received the packet of CoS “0” from port 1, this CoS will be modified to “7” then be sent out from the port 47.


Models: ECS4620 series, ECS4510 series, ECS4120 series, ECS4100 series, ECS4110 series, ECS3510-28T/52T, ES3528MV2, ES3510MA
According to the RFC4649, the format of the DHCPv6 Relay Agent Remote-ID option show as below:

Enable DHCPv6 snooping remote-id option on switch, and capture a packet as example below.

1) Correspond to the format of the DHCPv6 Relay Agent Remote-ID option.
option-code | 00 25 |
option-length | 00 1a |
enterprise-number | 00 00 01 03 |
remote-id value | 00 01 00 05 01 03 00 0e 00 01 00 01 52 4e 62 c3 00 12 cf fc 54 92 |
2)
remote-id value | 00 01 00 05 01 03 00 0e 00 01 00 01 52 4e 62 c3 00 12 cf fc 54 92 |
remote-id type | 00 01 |
VLAN ID | 00 05 |
Unit | 01 |
Port | 03 |
Length of DUID | 00 0e |
DUID | 00 01 00 01 52 4e 62 c3 00 12 cf fc 54 92 |
3) There are four different definition for DUID (DHCP Unique Identifier) as below, the first one is used on Edgecore switches.
1. Link-layer address plus time (DUID-LLT) – RFC3315
2. Vendor-assigned unique ID based on Enterprise Number (DUID-EN) – RFC3315
3. Link-layer address (DUID-LL) – RFC3315
4. UUID-Based DUID (DUID-UUID) – RFC6355
※1. Link-layer address plus time (DUID-LLT) – RFC3315

Support models:
ECS4620 series, Version: 1.2.2.34
ECS4510 series, Version: 1.5.2.34
ECS4120 series, Version: 1.0.2.33
ECS4100 series, Version: 1.2.4.173
ECS4110 series, Version: 1.2.3.12
ECS4210 series, Version: 1.0.0.56
ECS3500 series, Version: 1.5.2.8
ECS2100 series, Version: 1.2.2.9
Introduction:
Users with privilege 0~14 is not allowed to execute all commands on Edgecore switches.
The picture as shown below is the default setting for privilege level 2.
User with privilege level 2 is not allowed to enter configure mode (command “configure”).
P.S There is no configure command.

Solution:
We’re able to assign specific commands for those users with privilege 0~14 by command “privilege”.
Example:
ECS4620 series, Version: 1.2.2.34
User who belongs privilege level 2 is capable of shutdown the port and configure the IP address.
Before configuration, you have to know how many commands you need for setting.
For example:
- Exec mode: configure
- Configure mode: interface ethernet 1/1
- Configure mode: interface vlan 1
- Interface-eth mode: shutdown
- Interface-vlan mode: ip address
Configuration:
Step 1: Assign “configure” command to level 2
privilege exec level 2 configure
Step 2: Assign “interface ethernet & interface vlan” command to level 2.
privilege configure level 2 interface
privilege configure level 2 interface Ethernet
privilege configure level 2 interface vlan
Step 3: Assign “shutdown” command to level 2.
privilege interface-eth level 2 shutdown
Step 4: Assign “ip address” command to level 2.
privilege interface-vlan level 2 ip address

Step:
- Setup FreeRadius Server
- Configure client
- Configure switch
- Verify
- Setup FreeRadius Server
- Install freeradius server to Ubuntu((Ubuntu 14.04) as follow command:
FreeRadius ~ # apt-get install freeradius -y - Configure “users” and “clients.conf” file
Users (path: /etc/freeradius/users)
- Username “tsCommonName”. It must be as same as commonName in the client.cnf (refer to step 3)
- “Tunnel-Private-Group-ID” parameter is for dynamically adding VLAN

Clients.conf (path: /etc/freeradius/clients.conf)

- Download the FreeRadius source code from https://freeradius.org/
After decompress the source file, use files “~/freeradius-server-3.0.15/raddb/certs” to replace “/etc/freeradius/certs”
Reference commands:
FreeRadius certs # pwd
/etc/freeradius/certs
FreeRadius certs # rm -rf *
FreeRadius certs # cp -Rf ~/freeradius-server-3.0.15/raddb/certs/* .
- Modify ca files: server.cnf / client.cnf
server.cnf: modify output_password (path: /etc/freeradius/certs/server.cnf)
client.cnf: modify output_password, emailAddress and commonName
(path: /etc/freeradius/certs/client.cnf )
- commonName need same as “Username” in users file

- Launch bootstrap script (path: /etc/freeradius/certs/bootstrap )
FreeRadius certs # ./bootstrap - Copy “ca.pem”, “client.key” and “ts@example.org.pem” (which is as same as “emailAddress” parameter) to Client.
/etc/freeradius/certs/ca.pem
/etc/freeradius/certs/client.key
/etc/freeradius/certs/ts@example.org.pem
- Modify eap.conf file (path: /etc/freeradius/eap.conf)
- Change default_eap_type to tls

- Remove(delete or comment) the make_cert_command

- Change “private_key_password” value as same as server.cnf’s output_password.

- After all Server side configuration is finished, restart the FreeRadius server.
- FreeRadius freeradius # Service freeradius start => start server normally or
- FreeRadius freeradius # Freeradius -X => start server with debug mode.
- Configure client
- Get the three files at configure server, please refer to “Setup FreeRadius Server” step 5
2. Add CA to client and update CA
Commands:
root@ts:/home/ts/Desktop# cp ca.pem /usr/local/share/ca-certificates/ca.pem.crt
root@ts:/home/ts/Desktop# update-ca-certificates
- Configure Client’s network configure

- Configure switch
- Switch IP:
Console#configure
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.2.46/20
- Switch Vlan:
Console(config)#vlan database
Console(config-vlan)#vlan 3
Global Configuration:
Console(config)#dot1x system-auth-control
Interface Configuration:
Console(config)#interface eth 1/3
Console(config-if)#dot1x port-control auto
- Verify

After authentication, port #3 allows the traffic which belong to vlan 1(u) and 3(t)


In show vlan, you can see port #3 dynamic add to vlan 3

Scenario:

Configuration on ECS4120-28P:
Example for periodic time and date
ECS4120-28P#con
ECS4120-28P(config)#time-range TEST
ECS4120-28P(config-time-range)#periodic daily 8 0 to daily 21 0
ECS4120-28P(config-time-range)#exit
ECS4120-28P(config)#interface ethernet 1/1
ECS4120-28P(config-if)#power inline time-range TEST
ECS4120-28P(config-if)#end
ECS4120-28P#
[CLI Command]
time-range name
periodic
{daily | friday | monday | saturday | sunday | thursday | tuesday | wednesday | weekdays | weekend} hour minute
to
{daily | friday | monday | saturday | sunday | thursday | tuesday | wednesday | weekdays | weekend } hour minute
[SNMPSET command format]
1. Enable time-range
snmpset -v 2c -c private {switch ip} {timeRangeStatus}.{timeRangeIndex} {integer} {value}
For timeRangeStatus, OID 1.3.6.1.4.1.259.10.1.45.1.61.1.1.3
Set OID 1.3.6.1.4.1.259.10.1.45.1.61.1.1.3 to valid(1) to create an entry.
Set OID 1.3.6.1.4.1.259.10.1.45.1.61.1.1.3 to invalid(2) to destroy an entry.
For timeRangeIndex: The index for time-range
Identified starts from 0.
2. Create time-range
snmpset -v 2c -c private {switch ip} {timeRangeName}.{timeRangeIndex} {string} {name}
For timeRangeName, OID 1.3.6.1.4.1.259.10.1.45.1.61.1.1.2
Configure as string, user should give a name to the time-range.
3. Configure time range rule
snmpset -v 2c -c private {switch ip} {timeRangePeriodic}.{timeRangeIndex}.{PeriodicType}.{startHour}.{startMinute}.{PeriodicType}.{endHour}.{endMinute}
{integer} {value}
For timeRangePeriodic, OID 1.3.6.1.4.1.259.10.1.45.1.61.2.1.8
Set OID 1.3.6.1.4.1.259.10.1.45.1.61.2.1.8 to valid(1) to create an entry and periodic execute.
Set OID 1.3.6.1.4.1.259.10.1.45.1.61.2.1.8to invalid(2) to destroy an entry.
For PeriodicType, {sunday(0),monday(1),tuesday(2),wednesday(3),thursday(4),friday(5),saturday(6),daily(7),weekdays(8),weekend(9)}
For startHour and startMinute: Integer.
For endHour and endMinute: Integer.
4. Assign time-range to power inline
snmpset -v 2c -c private {switch ip} {PSE_Port_TimeRange_Name}.{UnitID}.{PortID} {string} {TimeRange_Name}
For PSE_Port_TimeRange_Name, OID 1.3.6.1.4.1.259.10.1.45.1.28.6.1.11
Configure as string, user should assign a specific time-range.
For UnitID and PortID,
Specify the port that apply the time-range.
Example for configure via SNMP:
(1) timeRangeStatus, OID 1.3.6.1.4.1.259.10.1.45.1.61.1.1.3 ; timeRangeIndex = 0 (Integer 1 : valid)

(2) timeRangeName, OID 1.3.6.1.4.1.259.10.1.45.1.61.1.1.2 ; timeRangeIndex = 0 (String “TEST”: the profile name is TEST)

(3) timeRangePeriodic, OID 1.3.6.1.4.1.259.10.1.45.1.61.2.1.8 ; timeRangeIndex = 0 ; PeriodicType = daily(7) ;
startHour = 8 ; startMinute = 0 ; PeriodicType = daily(7) ; endHour = 21 ; endMinute = 0 (Integer 1 : valid)

(String “TEST”: Apply the profile TEST)

Result:
Time range table in ECS4120-28P.

When the system is operating in the time-range (8:00 to 21:00), AP will power on.


.png)
When the system is out of the time-range, PSE will not supply the power.



Model:
ECS4100 series
Firmware version:
ECS4100 series V1.2.4.173
Simulation scenario:
- Prepare two types of ARP packets.
A. The sender MAC address of ARP header is different from source MAC address of Ethernet header.
B. The sender MAC address of ARP header is the same as source MAC address of Ethernet header. - Configure MAC ACL to permit the source MAC address of ARP packet and deny other packets.
Console(config)#access-list mac test
Console(config-mac-acl)#permit host 0C-C4-7A-06-FB-11 any
Console(config-mac-acl)#deny any any
- Apply this MAC ACL to ingress of port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#mac access-group test in
- Inject these two ARP packets to the port 1. Thus, the switch forwards B-ARP packet but filter A-ARP packet by MAC ACL.
This is chipset behavior. MAC ACL inspect sender MAC address of ARP header instead of source MAC address of Ethernet header for ARP packets.
Support models:
ECS4620 series, Version: 1.2.2.34
ECS4510 series, Version: 1.5.2.34
ECS4120 series, Version: 1.0.2.33
ECS4100 series, Version: 1.2.4.173
ECS4110 series, Version: 1.2.3.12
ECS3500 series, Version: 1.5.2.8
Here’s the sample: (use ECS4620-28F)
Topology:

Maintenance End Point (MEP): generates and responds to CFM PDUs
Maintenance Intermediate Points (MIP): Forwarding CFM PDUs as intermediate maintenance points
SW1 configuration:
SW1#con
SW1(config)#ethernet cfm domain index 1 name Test level 5
(create maintenance domain [MD], the index is 1, name is character string “Test”, the MD level 5)
SW1(config-ether-cfm)#ma index 1 name Test_MA vlan 1
(create maintenance association [MA] service in MD, the index is 2, name is “Test_MA” and service VLAN identifier is “1.”)
SW1(config-ether-cfm)#mep crosscheck mpid 20 ma Test_MA
(Configure MEP crosscheck with mpid 20 on SW 3 ma “Test_MA.” The Cross Check List for a MD contains a list of MEPID (Maintenance End Point Identifier) which are configured in a MA)
SW1(config-ether-cfm)#exit
SW1(config)#interface ethernet 1/1
SW1(config-if)#ethernet cfm mep mpid 10 md Test ma Test_MA
(Create mep mpid 10 on port 1)
SW2 configuration:
SW2#con
SW2(config)#ethernet cfm domain index 1 name Test level 5
SW2(config-ether-cfm)#ma index 1 name Test_MA vlan 1
SW2(config-ether-cfm)#end
SW3 configuration:
SW3#con
SW3(config)#ethernet cfm domain index 1 name Test level 5
SW3(config-ether-cfm)#ma index 1 name Test_MA vlan 1
SW3(config-ether-cfm)#mep crosscheck mpid 10 ma Test_MA
SW3(config-ether-cfm)#exit
SW3(config)#interface ethernet 1/1
SW3(config-if)#ethernet cfm mep mpid 20 md Test ma Test_MA
The Link trace SW1 port1 to SW3 port 1.

The MAC listed as below are the port MAC
8C-EA-1B-57-9B-24 (SW2 port 1/1 MAC)
8C-EA-1b-57-9B-25 (SW2 port 1/2 MAC)
70-72-CF-FD-AE-DA (SW3 port 1/1 MAC)
- Topology

- VRRP Master(ECS4620_Master) configuration:
- Basic configuration (detail configuration please refer to Appendix)
- Create VLAN 11-13
- Configure VLAN IP address
- Set each port allow VLAN
Port #2: PVID = 12, VID = 12(u)
Port #3: PVID = 13, VID = 13(u)
- Disable Spanning-tree on downlink port(#1, #2)
- Set default route to VLAN 13
- VRRP configuration(virtual IP addresses for VLAN 11 and VLAN 12)
Master(config)#interface vlan 11
Master(config-if)#vrrp 1 ip 172.16.11.254
Master(config-if)#vrrp 1 priority 200
Master(config-if)#interface vlan 12
Master(config-if)#vrrp 2 ip 172.16.12.254
Master(config-if)#vrrp 2 priority 200
- VRRP Backup(ECS4620_Back_up) configuration
- Basic configuration (detail configuration please refer to Appendix)
- Create VLAN 11-13
- Configure VLAN IP address
- Set each ports’ allow VLAN
Port #2: PVID = 12, VID = 12(u)
Port #3: PVID = 13, VID = 13(u)
- Disable Spanning-tree at downlink port(#1, #2)
- Set default route to VLAN 13
- VRRP configuration(virtual IP addresses for VLAN 11 and VLAN 12)
BackUp(config-if)#vrrp 1 ip 172.16.11.254
BackUp(config-if)#interface vlan 12
BackUp(config-if)#vrrp 2 ip 172.16.12.254
- Check VRRP status on VRRP Master and Backup
- Show VRRP [ID]

- Show VRRP brief

- Server/Client configure
Server Side | Client Side |
![]() |
![]() |
When server or client sends packet to gateway, the format of destination MAC address is 00-00-5E-00-01-[VRRP-ID]
Client send packet

Server send packet

Appendix
Details of VRRP Master(ECS4620_Master) configuration:
- Basic configure
Master#configure
Master(config)#vlan database
Master(config-vlan)#vlan 11-13
Configure VLAN IP address
Master#configure
Master(config)#interface vlan 11
Master(config-if)#ip address 172.16.11.1/24
Master(config-if)#interface vlan 12
Master(config-if)#ip address 172.16.12.1/24
Master(config-if)#interface vlan 13
Master(config-if)#ip address 172.16.13.1/24
2. Set each port allow VLAN
Master#configure
Master(config)#interface ethernet 1/1
Master(config-if)#switchport allowed vlan add 11 untagged
Master(config-if)#switchport native vlan 11
Master(config-if)#switchport allowed vlan remove 1
Master(config-if)#interface ethernet 1/2
Master(config-if)#switchport allowed vlan add 12 untagged
Master(config-if)#switchport native vlan 12
Master(config-if)#switchport allowed vlan remove 1
Master(config-if)#interface ethernet 1/3
Master(config-if)#switchport allowed vlan add 13 untagged
Master(config-if)#switchport native vlan 13
Master(config-if)#switchport allowed vlan remove 1
3. Disable Spanning-tree at downlink port(#1, #2)
Master#configure
Master(config)#interface ethernet 1/1
Master(config-if)#spanning-tree spanning-disabled
Master(config-if)#interface ethernet 1/2
Master(config-if)#spanning-tree spanning-disabled
4. Set default route to vlan 13
Master#configure
Master(config)#ip default-gateway 172.16.13.2
Details of VRRP Backup (ECS4620_Back_up) configuration
- Basic configure
- Create VLAN 11-13
BackUp (config)#vlan database
BackUp(config-vlan)#vlan 11-13
2. Configure VLAN IP address
BackUp#configure
BackUp(config)#interface vlan 11
BackUp(config-if)#ip address 172.16.11.2/24
BackUp(config-if)#interface vlan 12
BackUp(config-if)#ip address 172.16.12.2/24
BackUp(config-if)#interface vlan 13
BackUp(config-if)#ip address 172.16.13.2/24
3. Set each port allow vlan
BackUp#configure
BackUp(config)#interface ethernet 1/1
BackUp(config-if)#switchport allowed vlan add 11 untagged
BackUp(config-if)#switchport native vlan 11
BackUp(config-if)#switchport allowed vlan remove 1
BackUp(config-if)#interface ethernet 1/2
BackUp(config-if)#switchport allowed vlan add 12 untagged
BackUp(config-if)#switchport native vlan 12
BackUp(config-if)#switchport allowed vlan remove 1
BackUp(config-if)#interface ethernet 1/3
BackUp(config-if)#switchport allowed vlan add 13 untagged
BackUp(config-if)#switchport native vlan 13
BackUp(config-if)#switchport allowed vlan remove 1
4.Disable Spanning-tree at downlink port(#1, #2)
BackUp#configure
BackUp(config)#interface ethernet 1/1
BackUp(config-if)#spanning-tree spanning-disabled
BackUp(config-if)#interface ethernet 1/2
BackUp(config-if)#spanning-tree spanning-disabled
- Set default route to vlan 13
BackUp (config)#ip default-gateway 172.16.13.1
Scenario:

Configuration on ECS4620-28T_SW1:
SW1#con
SW1(config)#interface ethernet 1/23
SW1(config-if)#switchport allowed vlan add 10 untagged
SW1(config-if)#switchport native vlan 10
SW1(config-if)#switchport allowed vlan remove 1
SW1(config-if)#exit
SW1(config)#interface ethernet 1/24
SW1(config-if)#switchport allowed vlan add 20 untagged
SW1(config-if)#switchport native vlan 20
SW1(config-if)#switchport allowed vlan remove 1
SW1(config-if)#exit
SW1(config)#interface vlan 10
SW1(config-if)#ip address 192.168.10.1/24
SW1(config-if)#ip igmp
SW1(config-if)#ip pim sparse-mode
SW1(config-if)#exit
SW1(config)#interface vlan 20
SW1(config-if)#ip address 192.168.20.1/24
SW1(config-if)#ip igmp
SW1(config-if)#ip pim sparse-mode
SW1(config-if)#exit
SW1(config)#ip multicast-routing
SW1(config)#router pim
SW1(config)#ip pim rp-address 192.168.10.1
SW1(config)#router ospf
SW1(config-router)#network 192.168.10.0 255.255.255.0 area 0
SW1(config-router)#network 192.168.20.0 255.255.255.0 area 0
SW1(config-router)#end
Configuration on ECS4620-28T_SW2:
SW2#con
SW2(config)#interface ethernet 1/23
SW2(config-if)#switchport allowed vlan add 30 untagged
SW2(config-if)#switchport native vlan 30
SW2(config-if)#switchport allowed vlan remove 1
SW2(config-if)#exit
SW2(config)#interface ethernet 1/24
SW2(config-if)#switchport allowed vlan add 20 untagged
SW2(config-if)#switchport native vlan 20
SW2(config-if)#switchport allowed vlan remove 1
SW2(config-if)#exit
SW2(config)#interface vlan 20
SW2(config-if)#ip address 192.168.20.2/24
SW2(config-if)#ip igmp
SW2(config-if)#ip pim sparse-mode
SW2(config-if)#exit
SW2(config)#interface vlan 30
SW2(config-if)#ip address 192.168.30.1/24
SW2(config-if)#ip igmp
SW2(config-if)#ip pim sparse-mode
SW2(config-if)#exit
SW2(config)#ip multicast-routing
SW2(config)#router pim
SW2(config)#ip pim rp-address 192.168.10.1
SW2(config)#router ospf
SW2(config-router)#network 192.168.20.0 255.255.255.0 area 0
SW2(config-router)#network 192.168.30.0 255.255.255.0 area 0
SW2(config-router)#end
Display the information about interfaces configured for PIM.




Display the multicast information for the specified interface.




Display the information in the routing table.


Display the information about PIM neighbors.


Display the active RPs and associated multicast routing entries.


Display the information for IGMP groups.

Display the IPv4 multicast routing table.


The basic MVR topology and configuration on the switches as below.

Original Behavior: (Not support “transmit-filter” command or “transmit-filter” disabled.)
When the switch enabled MVR function and the status becomes "Active", once the client joins/leaves the multicast group by sending out the report to MVR receiver port.
This report will be forwarded to All the Active Source ports as below.

The MVR member of ES3528MV2_SW1 and ES3528MV2_SW2 as below.


Enabled Transmit-Filter Behavior: (Transmit-filter is disabled on switch by default.)
The mechanism is the same, but this report will not be forwarded to the port which enable transmit-filter as below.
The user could easily configure how the report forward on MVR source ports.

The MVR member of ES3528MV2_SW1 and ES3528MV2_SW2 as below.


Display transmit-filter per port configuration.


Support models and software version:
ECS4210 series v1.0.0.61
ES3528MV2 v1.5.2.14
ECS3510-28T/52T v1.5.2.14
ES3510MA v1.5.2.14
[SNMPSET command format]
snmpwalk -v 2c -c private {switch ip} { amtrMacAddrDynamicCount | amtrMacAddrStaticCount | amtrMacAddrTotalCount }
For amtrMacAddrDynamicCount, OID 1.3.6.1.4.1.259.10.1.43.1.1.8.4
The number of dot1dTpFdbTable entries in the BRIDGE-MIB.
For amtrMacAddrStaticCount, OID 1.3.6.1.4.1.259.10.1.43.1.1.8.5
The number of dot1dStaticTable entries in the BRIDGE-MIB.
For amtrMacAddrTotalCount, OID 1.3.6.1.4.1.259.10.1.43.1.1.8.6
The sum of dot1dTpFdbTable and dot1dStaticTable entries.
For example, the following are current mac-address table entries and mac-address count display by CLI command.


The following are the number of Dynamic/Static/Total MAC address count display by SNMP.
(1) amtrMacAddrDynamicCount, OID 1.3.6.1.4.1.259.10.1.43.1.1.8.4
Number of Dynamic MAC Address : 5

(2) amtrMacAddrStaticCount, OID 1.3.6.1.4.1.259.10.1.43.1.1.8.5
Number of Static MAC Address : 2

(3) amtrMacAddrTotalCount, OID 1.3.6.1.4.1.259.10.1.43.1.1.8.6
Total Number of MAC Address : 7

Support Model Name: ECS4620 series
Software Version: v1.2.2.39
If enable network-access aging then the switch's secure MAC address table will be removed when the aging time expires or detect the MAC address on new ports.
So we enhance Sticky MAC function on ECS4620 series. When you connect the interface to your network, you can enable the sticky MAC feature and ensure that MAC-address is only learned on this port and protect MAC-address is not learned by other ports even port move or any attack.
Topology:
- Port 1 enable sticky MAC, and connect a PC on it. The PC's MAC address was learned on port 1.

- Disconnect the PC’s link which connect to the hub, and move to port 2. Then the PC will fail to access the network through the port2 due to the MAC address was already learned on port1.

Procedure:
Step1:
Enable port security and sticky MAC on port 1.
Enable network-access aging on global.

Step2:
Connect the PC to port 1. And check the MAC address was learned on port 1
.png)
Step3:
Disconnect the PC's link which connect to the hub, and move to port 2
Confirm the PC's MAC address still be learned on port 1, and fail to learn on port 2.

Step 4:
Port 2 enable port security and set intrusion action as shutdown.
(Suggest set max-mac-count > 1)

Disconnect the PC’s link which connect to the hub, and move to port 2.
Confirm the port is shut down by the sticky secure MAC address intrude into other port security enabled port.

Support models: ECS4100 series
Scenario:

Concept:
CLI Configuration:
Step 1) Disable spanning-tree on each port
Dut1:
Dut1#configure
Dut1(config)#interface ethernet 1/9,10,11
Dut1(config-if)#spanning-tree spanning-disabled
Dut2:
Dut2#configure
Dut2(config)#interface ethernet 1/10,12
Dut2(config-if)#spanning-tree spanning-disabled
Dut3:
Dut3#configure
Dut3(config)#interface ethernet 1/9,11,12
Dut3(config-if)#spanning-tree spanning-disabled
*Note: Smart Pair can’t be configured as one of these port types.
- LACP enable port
- Spanning Tree enabled port
Step 2) Set the smart pair configuration on Dut3
Dut3:
Dut3#configure
Dut3(config)#smart-pair 1
Dut3(config-smart-pair)#primary-port ethernet 1/11
Dut3(config-smart-pair)#backup-port ethernet 1/12
Step 3) Check the smart pair configuration is correct
Dut3:
Dut3#show smart-pair 1
Primary Port : Eth 1/11 (forwarding)
Backup Port : Eth 1/12 (blocking)
Wait-To-Restore Delay : 30 seconds
*Default WTR time is 30 seconds
Step 4) Client A keep pinging Clint B

The traffic is normal
Step 5) Client A keep pinging Clint B and then unplug Dut3_Port1/11

Since the traffic failover to the backup port (Port1/12), the ICMP traffic will still work.

Step 6) Check the smart pair status
Dut3:
Dut3#show smart-pair 1
Primary Port : Eth 1/11 (blocking)
Backup Port : Eth 1/12 (forwarding)
Wait-To-Restore Delay : 30 seconds
Step 7) Plug in Dut3_Port1/11 and wait for 30 seconds

The ICMP traffic will still work when the traffic transfer back to the primary port
Step 8) Check the smart pair status
Dut3:
Dut3#show smart-pair 1
Primary Port : Eth 1/11 (forwarding)
Backup Port : Eth 1/12 (blocking)
Wait-To-Restore Delay : 30 seconds
WEB Configuration:
Step 1) Set the management IP on each switch
Dut1:
Dut1#configure
Dut1(config)#interface vlan 1
Dut1(config-if)#ip address 192.168.1.1/24
Dut2:
Dut2#configure
Dut2(config)#interface vlan 1
Dut2(config-if)#ip address 192.168.1.2/24
Dut3:
Dut3#configure
Dut3(config)#interface vlan 1
Dut3(config-if)#ip address 192.168.1.3/24
Step 1) Log in the switch by Web GUI
Dut1:


Step 2) Disable the spanning tree

![]() |


Step 3) Disable the spanning tree
Dut2: Follow the same steps as Dut1
![]() |

Step 4) Disable the spanning tree
Dut3: Follow the same steps as Dut1



Step 5) Set the smart pair configuration on Dut3







Step 6) Check the smart pair status
.png)

The status is normal
Client A keep pinging Clint B

The traffic is normal
Client A keep pinging Clint B and then unplug in Dut3_Port1/11

Since the traffic failover to the backup port (Port1/12), the ICMP traffic will still work.

Step 9) Check the smart pair status

Step 10) Plug in Dut3_Port1/11 and wait for 30 seconds

The ICMP traffic will still work when the traffic transfer back to the primary port
Step 11) Check the smart pair status
.png)
Support Model and Firmware version:
ECS4100 Series (Firmware version 1.2.30.183 and above)
ECS4120 Series (Firmware version 1.2.2.5 and above)
Summary:
Agent settings | Length for string |
PPPoEIA Circuit-id | 57 characters |
PPPoEIA Remote-id | 63 characters |
DHCPSNP option82 Circuit-id | 246 characters *1 |
DHCPSNP option82 Remote-id | 246 characters *2 |
1.PPPoE IA - Circuit ID and Remote ID
The Access-Node MUST encode and send the Circuit ID and Remote ID as a TAG in PPPoE discoveryPacket in the format described as below:

According to TR101, we append the capability of setting PPPoE IA sub-tags as following.
PPPoEIA Circuit-id string length to 57
PPPoEIA Remote-id string to 63
At the maximum length setting string with Circuit-id, the sub-tag of the packet will be
Type: 01
Length: 3f (63)
Value: node id (1 byte minimum) + "eth" (occupy 5 bytes) + string (57 bytes remain)
At the maximum length setting string with Remote-id, the sub-tag of the packet will be
Type: 02
Length: 3f (63)
Value: string (63 bytes remain)
2.DHCP Relay Agent Information Option

The length N gives the total number of octets in the Agent Information Field. The Agent Information field consists of a sequence of SubOpt/Length/Value tuples for each sub-option, encoded in the following manner:

The initial assignment of DHCP Relay Agent Sub-options is as follows:
DHCP Agent Sub-Option Description
Sub-option Code
--------------- ---------------------------------
1 Agent Circuit ID Sub-option
According to RFC3046 and TR101, we append the capability of setting DHCPSNP option82 as following.
DHCPSNP option82 Circuit-id string length to 246.
DHCPSNP option82 Remote-id string to 246.
Note: DHCPSNP option82 total length is 255 bytes, both Circuit-id and Remote-id share this space.
At the max length setting string with Circuit-id while the Remote-id manually configured 1 byte string.
The space for Circuit-id string is 255-4-4-1=246 bytes.
Type: 01 (sub-option 1 circuit-id)
Length: f8 (248)
Type: 01 (string)
Length: f6 (246)
Value: string (246 bytes remain)
At the max length setting string with Remote-id while the Circuit-id manually configured 1 byte string.
The space for Remote-id string is 255-4-4-1=246 bytes
Type: 02 (sub-option 2 remote-id)
Length: f8 (248)
Type: 04 (string)
Length: f6 (246)
Value: string (246 bytes remain)
Note: When DHCPSNP option82 function enabled on an Edge-Core switch, the default setting of Circuit-id and Remote-id will have a format as following.

ECS2100 series firmware version v1.2.2.12 and above has a new software enhancement which support Layer 2 / Layer 3 DHCP Relay function. And the user may choose to use the L2 or L3 DHCP Relay by following commands (Default is L3).
The setting for Layer 2 DHCP Relay
Console(config)#ip dhcp l2 relay
The setting for Layer 3 DHCP Relay
Console(config)#ip dhcp l3 relay
When the client and DHCP server are in the same VLAN and subnet, the client may obtain the IP address from DHCP server directly. However, in practical network, clients might be in the different subnet and VLAN, then DHCP Relay function can help to get the IP address from DHCP server which is in the different subnet.
- L2 DHCP Relay
The L2 DHCP Relay function can be used to add the suboption information (DHCP Option 82.) and the DHCP server may refer it to assigns the corresponding IP address.
Topology:
Configuration on ECS2100-28T:
1) Configure the port 2 to VLAN 2.
Console(config)#interface ethernet 1/2
Console(config-if)#switchport native vlan 2
Console(config-if)#switchport mode access
2) Set IP address on VLAN interface.
Console(config)#int vlan 1
Console(config-if)#ip address 192.168.1.1/24
Console(config-if)#exit
3) Enable the L2 DHCP relay and configure the IP address of DHCP server.
Console(config)#ip dhcp l2 relay
Console(config)#ip dhcp relay information option
Console(config)#ip dhcp relay server 192.168.1.254
L2 DHCP Relay packet forwarding procedures:
In this example, the client will get the IP address in the range of 192.168.2.240~192.168.250 from the DHCP server.
==================================================================
- L3 DHCP Relay
The L3 DHCP Relay function will convent the DHCP broadcast packet into the unicast packet and add the DHCP Relay agent IP address. Then DHCP server can refer to the Relay agent IP address to assigns the corresponding IP address.
Topology:
Configuration on ECS2100-28T:
1) Configure the port 2 to VLAN 2 and port 3 to VLAN 3.
Console(config)#interface ethernet 1/2
Console(config-if)#switchport native vlan 2
Console(config-if)#switchport mode access
Console(config-if)#exit
Console(config)#interface ethernet 1/3
Console(config-if)#switchport native vlan 3
Console(config-if)#switchport mode access
Console(config-if)#exit
2) Set IP address on VLAN interface.
Console(config)#int vlan 1
Console(config-if)#ip address 192.168.1.1/24
Console(config-if)#exit
Console(config)#int vlan 2
Console(config-if)#ip address 192.168.2.1/24
Console(config-if)#exit
Console(config)#int vlan 3
Console(config-if)#ip address 192.168.3.1/24
Console(config-if)#exit
3) Enable the L3 DHCP relay and configure DHCP relay server on VLAN interface.
Console(config)#ip dhcp l3 relay
Console(config)#int vlan 2
Console(config-if)#ip dhcp relay server 192.168.1.254
Console(config-if)#exit
Console(config)#int vlan 3
Console(config-if)#ip dhcp relay server 192.168.1.254
Console(config-if)#exit
L3 DHCP Relay packet forwarding procedures:
Example of client B.
In this example,
Client A can get the IP address in the range of 192.168.2.240-250 the DHCP server.
Client B can get the IP address in the range of 192.168.3.240-250 the DHCP server.
How to upgrade ECS4120 loader version to extend the ECC (Error Correcting code) support?
The ECS4120 Loader version 0.0.3.1 support ECC (Error Correcting code).
Environment and Preparation:
- The ECS4120 switch MUST with the loader version 0.0.2.6 or 0.0.3.0. Check it by the command "show version". (If your version is not 0.0.2.6 or 0.0.3.0, please DO NOT run the script.)
- Windows PC(Win7, Win8 or Win10) with one Serial COM port
- Script - ECS4120_uboot_upgrade_v2.0.0.zip
Configuration: Modify config.ini
- [serial] section: Serial COM port
Caution: DO NOT modify [product] section's "type" parameter in the config.ini
Example:
How to check Serial COM port on the PC?
In Device Manager (Start -> Run -> devmgmt.msc)
Caution:
Before running the script, please turn OFF all the terminals on the PC and power OFF the Switch.
Upgrade loader:
Step 1: Run the script “uboot_upgarde.exe”.
Double click “uboot_upgrade.exe” to run the script.
Step 2: Power ON the switch
The script will execute automatically.
After upgrading, uboot_upgrade.exe will close by itself.
Caution:
When running the script, please DO NOT remove the console cable and unplug the power cord.
If it failed to upgrade, please send your request and log file to support@edge-core.com.
Supported models: ECS4120 series (V1.2.2.13)
SNMPSET command format.
snmpset -v 2c -c private {switch IP Address} {inetCidrRouteStatus}.{IPv4 or IPv6}.{Destination network segment}.{mask}.{IPv4 or IPv6}.{Next hop} {integer} {value}
{inetCidrRouteStatus}
- OID: 1.3.6.1.2.1.4.24.7.1.17
{IPv4 or IPv6}
- IPv4 OID: 1.4 --> 1 = IPv4 , 4 = IPv4 address is 4 byte.
- IPv6 OID: 2.16 --> 2 = IPv6 , 16 = IPv6 address is 16 byte. (Please indicate in decimal. e.g. 2002::1 = 32.2.0.0.0.0.0.0.0.0.0.0.0.0.0.1)
{value}
- 4 = Active
- 6 = Destroy
Configure IPv4 static route via SNMP.
- Adding a IPv4 static route as follow:
ip route 192.168.87.0 255.255.255.0 192.168.2.11
- NET-SNMP command:
snmpset -v 2c -c private 192.168.2.10 1.3.6.1.2.1.4.24.7.1.17.1.4.192.168.87.0.24.1.4.192.168.2.11 i 4
Configure IPv6 static route via SNMP.
- Adding a IPv6 static route as follow:
ipv6 route 2002:8787::/64 2002::1
- NET-SNMP command:
snmpset -v 2c -c private 192.168.2.10 1.3.6.1.2.1.4.24.7.1.17.2.16.32.2.135.135.0.0.0.0.0.0.0.0.0.0.0.0.64.2.16.32.2.0.0.0.0.0.0.0.0.0.0.0.0.0.1 i 4
Result:
!
interface vlan 1
ip address 192.168.2.10 255.255.255.0
!
interface craft
!
!
ip route 192.168.87.0 255.255.255.0 192.168.2.11
!
!
interface vlan 1
ipv6 address 2002::1/64
!
ipv6 route 2002:8787::/64 2002::1
!
The basic DHCPSNP topology and configuration on the switch as below.
Original Behavior: (Not support “vlan-flooding” command or “vlan-flooding” enabled.)
When the switch enabled DHCPSNP function globally, the client will request the IP address by sending out the DHCP packets (Discover/Request) to untrust port.
This DHCP packet belongs to the vlan which includes in DHCPSNP enable vlan list, the switch will forward it to trust port only which is also the vlan member.
If this DHCP packet belongs to the vlan which doesn’t include in DHCPSNP enable vlan list, the switch will forward/flood it to ALL other ports which are also the vlan member.
Disabled DHCPSNP vlan-flooding Behavior: (vlan-flooding is enabled on switch by default.)
The mechanism is the same when the DHCP packet belongs to the vlan which includes in DHCPSNP enable vlan list.
However, if this DHCP packet belongs to the vlan which doesn’t include in DHCPSNP enable vlan list, the switch will NOT forward/flood it to any other port which is also the vlan member.
The user could easily configure how the DHCP packets forward on switch ports.
[Result]
When the DHCP packets - Discover/Request from the clients is received.
Configuration via CLI/WEB/SNMP.
CLI command
Default is vlan-flooding enabled.
Console#con
Console(config)#interface ethernet 1/1
Console(config-if)#ip dhcp snooping vlan-flooding ---> Enabled
or
Console(config-if)#no ip dhcp snooping vlan-flooding ---> Disabled
WEB
Security > DHCP Snooping > Step: 3. Configure Interface > Enabled/Disabled Vlan Flooding
SNMP
[SNMPSET command format]
snmpset -v 2c -c private {switch ip} {dhcpSnoopPortVlanFlooding}.{dhcpSnoopPortIfIndex} {integer} {value}
For dhcpSnoopPortVlanFlooding, OID 1.3.6.1.4.1.259.10.1.45.1.46.3.1.1.7
Set OID 1.3.6.1.4.1.259.10.1.45.1.46.3.1.1.7 to enabled(1) vlan flooding.
Set OID 1.3.6.1.4.1.259.10.1.45.1.46.3.1.1.7 to disabled(2) vlan flooding.
For dhcpSnoopPortIfIndex: The port interface of dhcpSnoopPortIfIndex
The ifIndex value of the port or trunk.
Enabled vlan flooding.
Disabled vlan flooding.
Support models and software version:
ECS4120 series v1.2.2.23 and above
- Enable IPv6 source guard or IPv6 prefix guard on port interface configuration and set maximum binding number.
ipv6 source-guard { sip | sdp | max-binding }
Console#con
Console(config)#interface ethernet 1/1
Console(config-if)#ipv6 source-guard sdp
Console(config-if)#ipv6 source-guard max-binding 3
Console(config-if)#end
Console#show ipv6 source-guard
Interface Filter-type Max-binding
--------- ----------- -----------
Eth 1/1 SDP 3
Eth 1/2 DISABLED 5
Eth 1/3 DISABLED 5
- Add static IPv6 source guard or IPv6 prefix guard binding entry on global configuration mode.
ipv6 source-guard binding Mac-Address vlan VLAN_ID { IPv6-Address | IPv6-Prefix } interface ethernet Unit/Port
Console#con
Console(config)#ipv6 source-guard binding 90-E6-BA-63-96-CD vlan 1 2001:b000:2::/64 interface ethernet 1/21
Console(config)#end
Console#show ipv6 source-guard binding
DHCPV6SNP:
DHCP - Stateful address
NDSNP:
ND - Stateless address
STA - Static IPv6 source guard binding
MAC Address IPv6 Address/IPv6 Prefix VLAN Interface Type
-------------- --------------------------------------- ---- --------- ----
90E6-BA63-96CD 2001:b000:2::/64 1 Eth 1/21 STA
- Enable IPv6 source guard or IPv6 prefix guard on port interface configuration and set maximum binding number.


- Add static ipv6 source guard or ipv6 prefix guard binding entry on the switch.


- Enable IPv6 source guard or IPv6 prefix guard on port interface configuration and set maximum binding number.
C:\>snmpwalk -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.1.1.2.24
SNMPv2-SMI::enterprises.259.10.1.45.1.74.1.1.2.24 = INTEGER: 1
C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.1.1.2.24 i 3
SNMPv2-SMI::enterprises.259.10.1.45.1.74.1.1.2.24 = INTEGER: 3
C:\>snmpwalk -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.1.1.2.24
SNMPv2-SMI::enterprises.259.10.1.45.1.74.1.1.2.24 = INTEGER: 3
C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.1.1.3.24 i 3
SNMPv2-SMI::enterprises.259.10.1.45.1.74.1.1.3.24 = INTEGER: 3
Console#show ipv6 source-guard
Interface Filter-type Max-binding
--------- ----------- -----------
Eth 1/23 DISABLED 5
Eth 1/24 SDP 3
Eth 1/25 DISABLED 5
- Add a static IPv6 source guard or IPv6 prefix guard binding entry on the switch.
Console#show ipv6 source-guard binding
DHCPV6SNP:
DHCP - Stateful address
NDSNP:
ND - Stateless address
STA - Static IPv6 source guard binding
MAC Address IPv6 Address/IPv6 Prefix VLAN Interface Type
-------------- --------------------------------------- ---- --------- ----
382C-4A77-DD37 2001:db8:2222::/64 1 Eth 1/24 DHCP

C:\>snmpwalk -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.4.2.56.44.74.119.221.55.32.1.13.184.34.34.0.0.0.0.0.0.0.0.0.0.64.2 = Gauge32: 1 -> VLAN=1
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.5.2.56.44.74.119.221.55.32.1.13.184.34.34.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 24 -> Port=Eth1/24
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.6.2.56.44.74.119.221.55.32.1.13.184.34.34.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 1 -> Status=Active(1)
C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1.6.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 i 5
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.6.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 5
C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1.4.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 u 1
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.4.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 = Gauge32: 1
C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1.5.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 i 21
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.5.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 21
C:\>snmpset -v 2c -c private 192.168.1.1 1.3.6.1.4.1.259.10.1.45.1.74.2.1.6.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 i 1
SNMPv2-SMI::enterprises.259.10.1.45.1.74.2.1.6.1.144.230.186.99.150.205.32.1.176.0.0.2.0.0.0.0.0.0.0.0.0.0.64.2 = INTEGER: 1


SW1#configure
SW1(config)#interface ethernet 1/1
SW1(config-if)#switchport allowed vlan add 100,200,300 tagged
SW1(config-if)#exit
SW1(config)#interface ethernet 1/25
SW1(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#interface ethernet 1/26
SW1(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW1(config-if)#spanning-tree spanning-disabled
SW1(config-if)#exit
SW1(config)#erps
SW1(config)#erps vlan-group group1 add 10,100
SW1(config)#erps vlan-group group2 add 20,200
SW1(config)#erps ring Ring
SW1(config-erps-ring)#ring-port west interface ethernet 1/25
SW1(config-erps-ring)#ring-port east interface ethernet 1/26
SW1(config-erps-ring)#enable
SW1(config-erps-ring)#exit
SW1(config)#erps instance inst1 id 1
SW1(config-erps-inst)#control-vlan 10
SW1(config-erps-inst)#rpl owner
SW1(config-erps-inst)#physical-ring Ring
SW1(config-erps-inst)#inclusion-vlan group1
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#exit
SW1(config)#erps instance inst2 id 2
SW1(config-erps-inst)#control-vlan 20
SW1(config-erps-inst)#physical-ring Ring
SW1(config-erps-inst)#inclusion-vlan group2
SW1(config-erps-inst)#enable
SW1(config-erps-inst)#end
SW2#configure
SW2(config)#interface ethernet 1/1
SW2(config-if)#switchport allowed vlan add 100,200,300 tagged
SW2(config-if)#exit
SW2(config)#interface ethernet 1/25
SW2(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#interface ethernet 1/26
SW2(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW2(config-if)#spanning-tree spanning-disabled
SW2(config-if)#exit
SW2(config)#erps
SW2(config)#erps vlan-group group1 add 10,100
SW2(config)#erps vlan-group group2 add 20,200
SW2(config)#erps ring Ring
SW2(config-erps-ring)#ring-port west interface ethernet 1/25
SW2(config-erps-ring)#ring-port east interface ethernet 1/26
SW2(config-erps-ring)#enable
SW2(config-erps-ring)#exit
SW2(config)#erps instance inst1 id 1
SW2(config-erps-inst)#control-vlan 10
SW2(config-erps-inst)#physical-ring Ring
SW2(config-erps-inst)#inclusion-vlan group1
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#exit
SW2(config)#erps instance inst2 id 2
SW2(config-erps-inst)#control-vlan 20
SW2(config-erps-inst)#physical-ring Ring
SW2(config-erps-inst)#inclusion-vlan group2
SW2(config-erps-inst)#enable
SW2(config-erps-inst)#end
SW3#configure
SW3(config)#interface ethernet 1/1
SW3(config-if)#switchport allowed vlan add 100,200,300 tagged
SW3(config-if)#exit
SW3(config)#interface ethernet 1/25
SW3(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW3(config-if)#spanning-tree spanning-disabled
SW3(config-if)#exit
SW3(config)#interface ethernet 1/26
SW3(config-if)#switchport allowed vlan add 10,20,100,200,300 tagged
SW3(config-if)#spanning-tree spanning-disabled
SW3(config-if)#exit
SW3(config)#erps
SW3(config)#erps vlan-group group1 add 10,100
SW3(config)#erps vlan-group group2 add 20,200
SW3(config)#erps ring Ring
SW3(config-erps-ring)#ring-port west interface ethernet 1/25
SW3(config-erps-ring)#ring-port east interface ethernet 1/26
SW3(config-erps-ring)#enable
SW3(config-erps-ring)#exit
SW3(config)#erps instance inst1 id 1
SW3(config-erps-inst)#control-vlan 10
SW3(config-erps-inst)#physical-ring Ring
SW3(config-erps-inst)#inclusion-vlan group1
SW3(config-erps-inst)#enable
SW3(config-erps-inst)#exit
SW3(config)#erps instance inst2 id 2
SW3(config-erps-inst)#control-vlan 20
SW3(config-erps-inst)#rpl owner
SW3(config-erps-inst)#physical-ring Ring
SW3(config-erps-inst)#inclusion-vlan group2
SW3(config-erps-inst)#enable
SW3(config-erps-inst)#end














To prevent VLAN300 on ports of the logical line from being blocked by ERPS, the user can configure physical rings to form the line topology.
SW1(config)#erps vlan-group group3 add 300
SW1(config)#erps ring Ring
SW1(config-erps-ring)#no enable
SW1(config-erps-ring)#exclusion-vlan group3
SW1(config-erps-ring)#enable
SW2(config)#erps vlan-group group3 add 300
SW2(config)#erps ring Ring
SW2(config-erps-ring)#no enable
SW2(config-erps-ring)#exclusion-vlan group3
SW2(config-erps-ring)#enable
SW4(config)#erps vlan-group group3 add 300
SW4(config)#erps ring Ring
SW4(config-erps-ring)#no enable
SW4(config-erps-ring)#exclusion-vlan group3
SW4(config-erps-ring)#enable







The management agent of Edgecore switches support SNMP (Simple Network Management Protocol).
This SNMP agent permits the switch to be managed from any system in the network using network management software.
Zabbix:
Zabbix is an open-source tool for monitoring the status of the server and device (switch, router...etc).
Available platforms:
OS: Ubuntu, CentOS, MAC
Necessary tool: Docker
Install the Zabbix procedure:
Step 1: Make sure the Docker is installed on this device.
Step 2: Get the repository on the GitHub. (https://github.com/zabbix/zabbix-docker.git)
git clone https://github.com/zabbix/zabbix-docker.git
Step 3: Enter the folder of the zabbix-docker
cd zabbix-docker
Step 4: Install and start up the Zabbix service.
docker-compose -f docker-compose_v3_alpine_mysql_latest.yaml up -d
Step 5: Open the web browser. (http://Your Server IP Address)
Username: Admin
Password: zabbix
Create the template for Edgecore switch:
This example is monitoring the temperature of the ECS4120-28T.
Procedure:
Step 1: Create the template
Configuration -> Templates -> Create template
Step 2: Create the host
Configuration -> Hosts -> Create host
Step 3: Create an application on the host.
ECS4120-28T -> Application -> Create application
Step 4: Create an item on the host.
ECS4120-28T -> Item -> Create item
Step 5: On the home page, create a graph of temperature on the Dashboard.
Zabbix -> edit dashboard -> Add widget
Step 6: Now, you can monitor the temperature of the ECS4120 Series via the Zabbix.

Product Model & Software
ECS4510-28T firmware version: v1.5.2.16
SNMP Server software: MG-soft v10.0.0.4044
Configure Procedures
1. Setting an IP address on ECS4510-28T.
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.1 255.255.255.0
2. Specifies an “engine-id” for the SNMP server.
Console(config)#snmp-server engine-id remote 192.168.1.20 8000052301c0a80114
*Please find the engine-id from your SNMP server.
The “engine-id” is automatically generated that is unique to the host.

3. Create a remote SNMPv3 user.
Console(config)#snmp-server user andy super remote 192.168.1.20 v3 auth md5 andytest
* Also need to create a same user on your SNMP server.

4. Create an SNMP “view entry” which controls user access to the MIB for the specific notification message.
Console(config)#snmp-server view super 1.3.6.1.4.1.259.10.1.24.* included.
*This example OID could access to whole the MIB tree of ECS4510-28T.
5. Create an SNMP group sets the access policy for the assigned users, and mapping SNMP users to SNMP views.
Console(config)#snmp-server group super v3 auth
6. Specify the target SNMP server that will receive inform messages.
Console(config)#snmp-server host 192.168.1.20 inform andy version 3 auth
*If we specify an SNMP Version 3 host, then the community-string is interpreted as an SNMP user name.
Thus here community-string “andy” is the user name.
7. SNMP informs collector will receive the SNMPv3 trap.

Troubleshooting
If the SNMP server still can’t receive the trap message from switch.
Please continue to capture SNMP packet on the SNMP server, then you could start to do the troubleshooting.
Generally it can be divided into the following two cases.
1) Host has not received the SNMP packets. >>> check the configuration of the switch.
-----------------------------------Switch’s Configuration Example-----------------------------------------------------
!
snmp-server engine-id remote 192.168.1.20 8000052301c0a80114
snmp-server group super v3 auth
snmp-server user andy super remote 192.168.1.20 v3 auth md5 andytest
snmp-server view super 1.3.6.1.4.1.259.10.1.24.* included
snmp-server host 192.168.1.20 inform andy version 3 auth
!
!
interface vlan 1
ip address 192.168.1.1/24
!
-----------------------------------Switch’s Configuration End------------------------------------------------------------
2) Host has received the SNMP packets. >>> check the engine-ID and user profile of SNMP server and switch.

Problem description:
When user would like to enable IPv6 RA Guard on port interface by command below, but it display failed.
Console#con
Console(config)#interface ethernet 1/1
Console(config-if)#ipv6 nd raguard
Failed to configure IPv6 RA Guard on port 1/1.
Console(config-if)#
Solution:
To sloved rules number issue on ECS4210 series, R&D add new feature for dynamic TCAM allocation.
About IPv6 RA Guard, it's IPv6 rule.
According to tcam design, you must change to 'default' mode then could enable IPv6 RA Guard.(default is ipv4 mode)
Console(config)#tcam allocation ?
default allocate one slice for MAC, one slice for IPv4, two slices for IPv6
ipv4 allocate one slice for MAC, three slices for IPv4, no slices for IPv6
mac allocate two slices for MAC, one slice for IPv4, no slices for IPv6
Console(config)#tcam allocation default
please remember save the config and reboot the switch, then new allocation will apply.
When you use IPv4/MAC mode, it will share IPv6 table to IPv4/MAC.
On 'IPv4' or 'MAC' mode, it will always fail to enable IPv6 RA Guard.
[Reason]
Chip have symptom for the limit number of ACLs.
[Target]
Dynamic to allocate superfluous rules to other rules.
[Action] .
==default mode==
MAC rules: 128 rules share with MAC ACL, MAC service policy and reserved rules.
IPv4 rules: 128 rules share with IPv4 ACL, IPv4 service policy and reserved rules.
IPv6 rules: 128 rules share with IPv6 ACL, IPv6 service policy and reserved rules.
==IPv4 mode==
MAC rules: 128 rules share with MAC ACL, MAC service policy and reserved rules.
IPv4 rules: 128 rules share with IPv4 ACL. 256 rules share with IPv4 service policy.
IPv6 rules: 0 rules.
==mac mode==
MAC rules: 128 rules share with MAC ACL and reserved rules. 128 rules share with MAC service policy.
IPv4 rules: 128 rules share with IPv4 ACL, IPv4 service policy and reserved rules.
IPv6 rules: 0 rules.
Topology
A. Configuration
B. Check ERPS status
ERPS status on S1 (RPL Owner)
ERPS status on S3
ERPS status on S5
C. Disconnect the link between Agg2 and S5.
With ERPS recovery procedure, the RPL owner node detects a failed link when it receives R-APS (SF - signal fault) messages from nodes adjacent to the failed link. The RPL owner then enters protection state by unblocking the West port. However, using this standard recovery procedure may cause a non-EPRS device to become isolated when the ERPS device adjacent to it detects a continuity check message (CCM) loss event and blocks the link between the non-ERPS device and ERPS device.
ERPS domain status on S1