線上支援 提供即時的技術支援與服務

常見問題

How to configure the QinQ (Basic QinQ) on ES3510MA?


Firmware Version: 1.5.1.18
IEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs.
QinQ tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy, preserving the customer’s original tagged packets, and adding SPVLAN tags to each frame (also called double tagging).
 
At SW 1 and SW4
1. Configure access mode
Console(config)#interface ethernet 1/1
Console(config-if)#switchport mode access
Console(config-if)#switchport native vlan 2
Console(config-if)#switchport allowed vlan remove 1
2. Configure trunk mode
Console(config)#interface ethernet 1/9
Console(config-if)#switchport mode trunk
Console(config-if)#switchport allowed vlan add 2 tagged
Console(config-if)#switchport allowed vlan remove 1
 
At SW2 and SW3
1. Enable QinQ  
Console(config)#dot1q-tunnel system-tunnel-control
2. Configure Q-in-Q access port 
Console(config)interface ethernet 1/1
Console(config-if)#switchport allowed vlan add 20 untagged
Console(config-if)#switchport native vlan 20
Console(config-if)#switchport allowed vlan remove 1
Console(config-if)#switchport dot1q-tunnel mode access
3. Configure Q-in-Q uplink port 
Console(config)interface ethernet 1/5
Console(config-if)#switchport allowed vlan add 20 tagged
Console(config-if)#switchport dot1q-tunnel mode uplink
 
Check the status on the switch
Console#show dot1q-tunnel
802.1Q Tunnel Status : Enabled
Port     Mode   TPID (Hex) Priority Mapping
-------- ------ ---------- ----------------
Eth 1/ 1 Access       8100 Disabled        
Eth 1/ 2 Normal       8100 Disabled        
Eth 1/ 3 Normal       8100 Disabled        
Eth 1/ 4 Normal       8100 Disabled        
Eth 1/ 5 Uplink       8100 Disabled        
Eth 1/ 6 Normal       8100 Disabled        
Eth 1/ 7 Normal       8100 Disabled
Eth 1/ 8 Normal       8100 Disabled
Eth 1/ 9 Normal       8100 Disabled
Eth 1/ 10 Normal       8100 Disabled
 
The packet, captured from SW1 to SW2.

 
The packet, captured from SW2 to SW3.


The packet, captured from SW3 to SW4.
Sample for Selective QinQ
 
Support model: ES3510MA, ES3528MV2, ECS3510-28T, ECS4510 series, ECS4620 series, ECS4210 series, ECS4120 series, ECS4110 series and ECS4100 series

Scenario:
 

 
Configuration procedures:
(Start with factory default)
 
At SW2 and SW3:
vlan database
vlan 100,200,300 media ethernet state active
interface ethernet 1/1
switchport dot1q-tunnel mode access
switchport allowed vlan add 100,200,300 untagged
switchport allowed vlan add 10,20,30 tagged
switchport dot1q-tunnel service 100 match cvid 10
switchport dot1q-tunnel service 200 match cvid 20
switchport dot1q-tunnel service 300 match cvid 30
interface ethernet 1/5
switchport dot1q-tunnel mode uplink
switchport allowed vlan add 100,200,300 tagged
dot1q-tunnel system-tunnel-control
 
At SW1 and SW4:
vlan database
vlan 10,20,30 media ethernet state active
interface ethernet 1/11
switchport mode trunk
switchport allowed vlan add 10,20,30 tagged
switchport allowed vlan remove 1
interface ethernet 1/1
switchport mode access
switchport native vlan 10
switchport allowed vlan remove 1
interface ethernet 1/2
switchport mode access
switchport native vlan 20
switchport allowed vlan remove 1
interface ethernet 1/3
switchport mode access
switchport native vlan 30
switchport allowed vlan remove 1
 

Result:
At SW2 and SW3:

At SW1 ~ SW4:


 
At QinQ tunnel:
Capture packets by WireShark
 

 
 

 
Install and configure MRTG on Ubuntu

Environment:
Support Model:
ECS4660 series, ECS4620 series, ECS4510 series, ECS4210 series, ECS4120 series, ECS4110 series, ECS4100 series, ECS3500 series, ECS2110 series, ECS2100 series
System info:
Ubuntu 16.04.2 LTS (Desktop, amd64)

 
Package info:
  1. snmpd           v5.7.3
  2. mrtg               v2.17.4
  3. apache2        v2.4.18

 

 Install and configure steps:

0. Update the source package list
sudo apt-get update

 
1. snmpd
1-1  Install packages
sudo apt-get install snmp
sudo apt-get install snmpd
 

 
1-2  Creat snmp community word
echo 'rocommunity public' > /etc/snmp/snmpd.conf
  
1-3  Restart the snmpd service
service snmpd restart
 
  
     
 1-4  Test snmpd (Can get OIDs)
 snmpwalk localhost –v 1 –c public
 
  
Reference:
http://www.debianhelp.co.uk/snmp.htm
http://www.net-snmp.org/docs/readmefiles.html

2. mrtg
2-1  Install mrtg
sudo apt-get install mrtg

2-2  Configure mrtg.cfg
sudo vi /etc/mrtg.cfg

 
3. apache2
3-1  Install apache2
sudo apt-get install apache2

 
3-2  Configure apache2.cfg
sudo vi /etc/apache2/apache2.cfg

 In the end of this file, add Alias /mrtg “/var/www/mrtg”to link URL to file.
 Syntax: Alias URL-path file-path/directory-path
 
 3-3  Creat new folder to save MRTG data
 sudo mkdir /var/www/mrtg
  
  3-4  Creat MRTG data (Need execute 3 times)
  sudo env LANG=C /usr/bin/mrtg /etc/mrtg.cfg

If success, you can find the data under /var/www/mrtg/
 
3-5  Link test.html to index.html
sudo ln –s /var/www/mrtg/test.html /var/www/mrtg/index.html
 
 This command can use http://192.168.1.20/mrtg to access the MRTG page.
 No need to use http://192.168.1.20/mrtg/test.html to access this page.
 
 3-6  Restart apache web service
 service apache2 restart


Result:
Now can access the MRTG statistic page ( http:// Ubuntu_server 's IP/mrtg )
This page will refresh per 5 min.
 

 
 
How to enable SNMP trap and set trap server via standard MIB?
Scenario

IP Address: 192.168.1.88, UDP Port: 162
Version: v2c
Community String: support
 
Firmware: ES3510MA v1.5.2.7
MIB requirement: SNMP-NOTIFICATION-MIB, SNMP-TARGET-MIB
ASCII Table reference: http://www.asciitable.com/
 
A. Configure “snmpNotifyTable”
SNMPSET command format:
snmpset -v 2c -c private <switch ip> < snmpNotifyRowStatus | snmpNotifyTag | snmpNotifyType | snmpNotifyStorageType >.<snmpNotifyName> < INTEGER | STRING > <value>
===Note===
snmpNotifyName index 110.111.116.105.102.121.49(notify1) à Notify Name: notify1
snmpNotifyRowStatus = active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6)
snmpNotifyType = trap(1), inform(2)
snmpNotifyStorageType = other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5)
 
(1) snmpNotifyRowStatus(Integer 5: createAndWait)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.13.1.1.1.5.110.111.116.105.102.121.49 i 5
SNMP-NOTIFICATION-MIB::snmpNotifyRowStatus.'notify1' = INTEGER: createAndWait(5)
(2) snmpNotifyTag(String “trap”)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.13.1.1.1.2.110.111.116.105.102.121.49 s trap
SNMP-NOTIFICATION-MIB::snmpNotifyTag.'notify1' = STRING: trap
(3) snmpNotifyType(Integer 1: trap)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.13.1.1.1.3.110.111.116.105.102.121.49 i 1
SNMP-NOTIFICATION-MIB::snmpNotifyType.'notify1' = INTEGER: trap(1)
(4) snmpNotifyStorageType(Integer 3: nonVolatile)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.13.1.1.1.4.110.111.116.105.102.121.49 i 3
SNMP-NOTIFICATION-MIB::snmpNotifyStorageType.'notify1' = INTEGER: nonVolatile(3)
(5) snmpNotifyRowStatus(Integer 1: active)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.13.1.1.1.5.110.111.116.105.102.121.49 i 1
SNMP-NOTIFICATION-MIB::snmpNotifyRowStatus.'notify1' = INTEGER: active(1)
 
B. Configure “snmpTargetParamsTable”
SNMPSET command format:
snmpset -v 2c -c private <switch ip> < snmpTargetParamsRowStatus | snmpTargetParamsMPModel | snmpTargetParamsSecurityModel | snmpTargetParamsSecurityName | snmpTargetParamsSecurityLevel | snmpTargetParamsStorageType >.<snmpTargetParamsName> < INTEGER | STRING > <value>
===Note===
snmpTargetParamsName index 112.97.114.97.109.115.49(params1) à Target Parameter Name: params1
snmpTargetParamsRowStatus = active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6)
snmpTargetParamsMPModel = SNMPv1(0), SNMPv2c(1), SNMPv2u(2), SNMPv3(3), SNMPv2p(256)
snmpTargetParamsSecurityModel = ANY(0), SNMPv1(1), SNMPv2c(2), USM(3), SNMPv2p(256)
snmpTargetParamsSecurityLevel = noAuthNoPriv(1), authNoPriv(2), authPriv(3)
snmpTargetParamsStorageType = other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5)
 
(1) snmpTargetParamsRowStatus(Integer 5: createAndWait)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.3.1.7.112.97.114.97.109.115.49 i 5
SNMP-TARGET-MIB::snmpTargetParamsRowStatus.'params1' = INTEGER: createAndWait(5)
(2) snmpTargetParamsMPModel(Integer 1: SNMPv2c)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.3.1.2.112.97.114.97.109.115.49 i 1
SNMP-TARGET-MIB::snmpTargetParamsMPModel.'params1' = INTEGER: 1
(3) snmpTargetParamsSecurityModel(Integer 2: SNMPv2c)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.3.1.3.112.97.114.97.109.115.49 i 2
SNMP-TARGET-MIB::snmpTargetParamsSecurityModel.'params1' = INTEGER: 2
(4) snmpTargetParamsSecurityName(String “support”)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.3.1.4.112.97.114.97.109.115.49 s support
SNMP-TARGET-MIB::snmpTargetParamsSecurityName.'params1' = STRING: support
(5) snmpTargetParamsSecurityLevel(Integer 1: noAuthNoPriv)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.3.1.5.112.97.114.97.109.115.49 i 1
SNMP-TARGET-MIB::snmpTargetParamsSecurityLevel.'params1' = INTEGER: noAuthNoPriv(1)
(6) snmpTargetParamsStorageType(Integer 3: nonVolatile)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.3.1.6.112.97.114.97.109.115.49 i 3
SNMP-TARGET-MIB::snmpTargetParamsStorageType.'params1' = INTEGER: nonVolatile(3)
(7) snmpTargetParamsRowStatus(Integer 1: active)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.3.1.7.112.97.114.97.109.115.49 i 1
SNMP-TARGET-MIB::snmpTargetParamsRowStatus.'params1' = INTEGER: active(1)
 
C. Configure “snmpTargetAddrTable”
SNMPSET command format:
snmpset -v 2c -c private <switch ip> < snmpTargetAddrRowStatus | snmpTargetAddrTDomain | snmpTargetAddrTAddress | snmpTargetAddrTagList | snmpTargetAddrParams | snmpTargetAddrStorageType >.<snmpTargetAddrName> < INTEGER | OBJID | HEX STRING | STRING > <value>
===Note===
snmpTargetAddrName index 116.97.114.103.101.116.49(target1) à Target Address Name: target1
snmpTargetAddrRowStatus = active(1), notInService(2), notReady(3), createAndGo(4), createAndWait(5), destroy(6)
snmpTargetAddrTDomain = (1.3.6.1.6.1.1: UDP Domain), (1.3.6.1.6.1.2: CLNS Domain), (1.3.6.1.6.1.3: CONS Domain), (1.3.6.1.6.1.4: DDP Domain), (1.3.6.1.6.1.5: IPX Domain)
snmpTargetAddrTagList = snmpNotifyTag(trap)
snmpTargetAddrParams = snmpTargetParamsName(params1)
snmpTargetAddrStorageType = other(1), volatile(2), nonVolatile(3), permanent(4), readOnly(5)
 
(1) snmpTargetAddrRowStatus(Integer 5: createAndWait)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.2.1.9.116.97.114.103.101.116.49 i 5
SNMP-TARGET-MIB::snmpTargetAddrRowStatus.'target1' = INTEGER: createAndWait(5)
(2) snmpTargetAddrTDomain(OBJID 1.3.6.1.6.1.1: UDP Domain)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.2.1.2.116.97.114.103.101.116.49 o 1.3.6.1.6.1.1
SNMP-TARGET-MIB::snmpTargetAddrTDomain.'target1' = OID: SNMPv2-TM::snmpUDPDomain
(3) snmpTargetAddrTAddress(Hex: C0A8015800A2)
-> C0A80158(192.168.1.88) is IP Address of trap server, 00A2(162) is UDP Port
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.2.1.3.116.97.114.103.101.116.49 x C0A8015800A2
SNMP-TARGET-MIB::snmpTargetAddrTAddress.'target1' = Hex-STRING: C0 A8 01 58 00 A2
(4) snmpTargetAddrTagList(String “trap”)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.2.1.6.116.97.114.103.101.116.49 s trap
SNMP-TARGET-MIB::snmpTargetAddrTagList.'target1' = STRING: trap
(5) snmpTargetAddrParams(String “params1)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.2.1.7.116.97.114.103.101.116.49 s params1
SNMP-TARGET-MIB::snmpTargetAddrParams.'target1' = STRING: params1
(6) snmpTargetAddrStorageType(Integer 3: nonVolatile)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.2.1.8.116.97.114.103.101.116.49 i 3
SNMP-TARGET-MIB::snmpTargetAddrStorageType.'target1' = INTEGER: nonVolatile(3)
(7) snmpTargetAddrRowStatus(Integer 1: active)
C:\>snmpset -v 2c -c private 192.168.1.10 1.3.6.1.6.3.12.1.2.1.9.116.97.114.103.101.116.49 i 1
SNMP-TARGET-MIB::snmpTargetAddrRowStatus.'target1' = INTEGER: active(1)
 
Check the configuration on switch.
Console#show snmp
SNMP Logging: Enabled
    Logging to 192.168.1.88 support version 2c udp-port 162
Console#
 
 
Test result of Cable Diagnostics among Edgecore switches (ES3528M, ECS3510-28T, ECS4100-52T)
Cable Diagnostic supports either (A) cable failures, as well as the status and approximate distance to a fault or (B) the approximate cable length if no fault is found.







 
How to modify switch (ECS3510-28T) IP address via SNMP?  
Notes: New software enhancement is only available for firmware version 1.5.2.7 or above.
 
Answer:
The default Switch IP address is 192.168.1.1. 
To use SNMP OID to modify IP address to 192.168.22.1. Please follow 3 steps:
  1. Create
  2. Wait for primary interface
  3. Active
Frequently Asked Question about ECS4120-28F
 
  1. What is the Hardware Configuration of ECS4120-28F:
  • Front:
  • Rear:
  • Dual power sources (AC x 1, DC x 1)
  • 4 x 10G SFP+ ports (port 25~28)
  • 22 x 1G SFP (port 1~22)
  • 2 x 1G Combo ports (port 23~24) that support RJ45 and SFP.
  • FANLESS design
 
  1. Is there any transceiver info (DDM) on 1G SFP port?
        Answer: No, port 1~22 do not support DDM.  Only 10G SFP+ (port 25~28) port support Digital          
        Diagnostic Monitoring (DDM).
 
  1. Does 1G SFP port support 100M transceiver?
         Answer: Yes. But it’s required additional commend - “media-type sfp-forced 100fx”
         ==================================================================
         Console#con
         Console(config)#int e 1/1
         Console(config-if)#exit
         Console(config)#interface ethernet 1/1
         Console(config-if)#media-type sfp-forced 100fx
         Console(config-if)#end
         Console#show interfaces status ethernet 1/1
         Information of Eth 1/1
         Basic Information:
         Port Type              : 100BASE-FX
         MAC Address            : 00-E0-0C-00-00-FE
         Configuration:
         Name                   :
         Port Admin             : Up
         Speed-duplex           : 100full
         Capabilities           : 100full
         Broadcast Storm        : Disabled
         Broadcast Storm Limit  : 500 packets/second
         Multicast Storm        : Disabled
         Multicast Storm Limit  : 262143 packets/second
         Unknown Unicast Storm       : Disabled
         Unknown Unicast Storm Limit : 262143 packets/second
         Flow Control           : Disabled
         VLAN Trunking          : Disabled
         LACP                   : Disabled
         MAC Learning           : Enabled
         Link-up-down Trap      : Enabled
         Media Type             : SFP forced
         MTU                    : 1518
         Current Status:
         Link Status            : Up                                       
         Port Operation Status  : Up
         Operation Speed-duplex : 100full

         Up Time                : 0w 0d 0h 0m 26s (26 seconds)
         Flow Control Type      : None
         Max Frame Size         : 1518 bytes (1522 bytes for tagged frames)
         MAC Learning Status    : Enabled
      Console#
==================================================================
 
How to set up “DHCP Dynamic Provision” on ECS4100 Series?
 
Scenario:

 
 
Introduction:
When the switch obtains the IP address from the DHCP server, it will download the configuration from TFTP server and apply the configuration automatically.
 
Procedures:
1. Put the configuration file to the TFTP server.
2. The DHCP server must setup the option 66(TFTP server name) and 67 (Bootfile name).
For Example: 
Serva32.exe is a free software tool which contain DHCP and TFTP server. (http://www.vercot.com/~serva/)

 
3. DHCP options is disable by default.  The user has to enable the “DHCP Dynamic Provision” on global mode.
Console#configure
Console(config)#ip dhcp dynamic-provision

 
4. Configure the switch to obtain management IP address from the DHCP server.
Console(config)#interface vlan 1
Console(config-if)#ip address dhcp

 
5. The switch sends the DHCP discover packet to acquire an IP address.

 
6. When switch obtain the IP address, it will start to download the configuration file from the TFTP server and apply the configuration automatically.

*The configuration file will be set to the startup file automatically.
How to configure the L2PT (Layer 2 Protocol Tunneling) on ECS4100 Series?
 
Scenario:

* L2PT can be used to forward CDP/LACP/LLDP/VTP/STP/PVST+ packets.
 
Procedures:
1. For L2PT to function properly, QinQ must be enabled on the switch.
Console(config)#dot1q-tunnel system-tunnel-control
 
2. Configure Q-in-Q access port and L2PT on port 1 of 1-ECS4100 and 2-ECS4100. For example: LLDP
Console#configure
Console(config)#interface ethernet 1/1
Console(config-if)#switchport dot1q-tunnel mode access
Console(config-if)#switchport l2protocol-tunnel lldp

 
3. Configure Q-in-Q uplink port on port 48 of 1-ECS4100 and 2-ECS4100.
Console(config)#interface ethernet 1/48
Console(config-if)#switchport dot1q-tunnel mode uplink

 
4. Check the status on 1-ECS4100 and 2-ECS4100. Now the both switches will forward LLDP packets.
(receive LLDP packet on the port 1 and forward it to the port 48)
* The switch also replaces the destination MAC address by Tunnel MAC address.
By default, the L2PT MAC address is “01-12-CF-00-00-02” on Edge-corE Switch. Make sure “Tunnel MAC address” is the same on the both switches.
 
Console#show l2protocol-tunnel
Layer 2 Protocol Tunnel
 
Tunnel MAC Address : 01-12-CF-00-00-02
 
Interface  Protocol
----------------------------------------------------------
Eth 1/1   LLDP
 
Console#show dot1q-tunnel
802.1Q Tunnel Status : Enabled
802.1Q Tunnel TPID   : 8100 (Hex)
 
Port     Mode   Priority Mapping
-------- ------ ----------------
Eth 1/ 1 Access Disabled
Eth 1/48 Uplink Disabled

 
 
 
How to set up the "auto-upgrade" on ECS4100 Series?
 
Scenario:
 

 
Procedures:
1. Upload the firmware to the TFTP server and specify the file name to “ECS4100-series.bix”.

2. Configure the IP address on switch. (The management IP address is 192.168.2.10/24 by default.)
Console#configure
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.199.10/24
 
3. Enable the auto-upgrade function on global mode.
Console(config)#upgrade opcode auto
Console(config)#upgrade opcode reload
 
4. Configure the directory path of TFTP server.
Console(config)#upgrade opcode path tftp://192.168.199.2/

 
5. Save the configuration file.
Console#copy running-config startup-config

6. Reboot the switch.

7. The switch will look for newer firmware version after rebooting. If there is a newer firmware, the switch will auto upgrade and restart the system.

8. Now, the switch boots up with newer version.

 
How to upgrade ECS4510 and ECS4620 loader version to extend the ECC (Error Correcting Code) support?
 
The version supports ECC (Error correcting code):
ECS4510 Loader version 0.6.0.1 and above
ECS4620 Loader version 0.3.2.1 and above
 
Environment and Preparation:
  1. The ECS4620 or ECS4510 switch
  2. Windows PC(Win7, Win8 or Win10) with one Serial COM port and one RJ45 port
  3. Download and Unzip Script file 
       Script for ECS4510 series: ECS4510-28T_uboot_upgrade_v1.0.0.zip
       Script for ECS4620 series: ECS4620-28T_uboot_upgrade_v1.0.0.zip
 
Configuration: Modify config.ini
  • [serial] section: Serial COM port
  • [tftp]section: tftp client and server's IP address
tftp client is switch ECS4620 or ECS4510.
tftp server is the PC that connect to the ECS4620 or ECS4510, and run the script.
 
Example:
The PC with Serial COM3 connects to the switch ECS4510-28T console port.
And PC with IP address 192.168.2.150 connect to the switch ECS4510-28T port 1.
Make sure the switch and PC are the same IP subnet.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File: config.ini
[product]
type = ECS4510-28T
 
[serial]
port = COM3
 
[tftp]
client = 192.168.2.20
server = 192.168.2.150
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 
How to check Serial COM port on the PC?
In Device Manager (Start -> Run -> devemgmt.msc)

 
 
Caution:
  1. Before running the script, please turn OFF all the terminal on the PC and power OFF the Switch.
  2. Please make the firewall to allow the TFTP service in order to upgrade successfully

 
Upgrade loader:
Step 1:    Run the script “uboot_upgarde.exe”.
 
    - In CMD (Start -> Execute -> cmd.exe) , enter into the program's folder
    - Run uboot_upgrade.exe and .\tftpd32.452\tftpd32.exe will execute automatically
    ex:
        C:\ECS4510_uboot_upgrade_v0.0.1>uboot_upgrade.exe
    - Turn on the power for switch
Step 2:    Power ON the switch
 
After upgrade, uboot_upgrade.exe will close by itself.




 
If it fails to upgrade, please send your request and log file to support@edge-core.com

 
Answer:
No, all the Edgecore switches unit ID start from 1.
For some stackable switches (ex, ECS4510, ECS4620), which may have 4 units in a stack for management. Then the unit ID is from 1 to 4.
 
For example:
If the client connects on port2 of second unit in stack, the interface would be "eth 2/2".
Answer:
Basically, the privilege's level can be configured from 0 to 15, and we can divide the privilege level into three parts.
  1. Level 0 to 7 is for the normal user.
  2. Level 8 to 14 is for the manager.  This level cannot configure several functions which belong to level 15. EX: DHCPSNP, IPSG, AAA.
  3. Level 15 is the top level for the administrator.  And, this level can configure all  functions of the switch. Also, administrator may add/remove the commands to/from user privilege 0~14.

Topology

 

A. Configuration

 

B. Check ERPS status

 

ERPS status on S1 (RPL Owner)

 

ERPS status on S3

 

ERPS status on S5

 

C. Disconnect the link between Agg2 and S5.

With ERPS recovery procedure, the RPL owner node detects a failed link when it receives R-APS (SF - signal fault) messages from nodes adjacent to the failed link. The RPL owner then enters protection state by unblocking the West port. However, using this standard recovery procedure may cause a non-EPRS device to become isolated when the ERPS device adjacent to it detects a continuity check message (CCM) loss event and blocks the link between the non-ERPS device and ERPS device.

 

ERPS domain status on S1

 

ERPS domain status on S5

 

D. Enable non-ERPS device protection

If non-ERPS device protection is enabled on the ring, the ring ports on the RPL owner node and non-owner nodes will not be blocked when signal loss is detected by CCM loss events. When non-ERPS device protection is enabled on a RPL owner node, it will send non-standard health-check packets to poll the ring health when it enters the protection state.

 

Enable non-ERPS device protection on S1 and S5.

 

When ERPS status was changed to protection mode, port 24 on S1 become forwarding, and non-ERPS device will not be isolated.

 

ERPS and domain status on S1

<font face="?????> <p style=" margin:="" 0cm="" 0pt;'="">ERPS and domain status on S5

 

 

 

 

Trunk is a function that groups ports and combines the links among those ports into a single link.
As the scenario shown below, there are two links between SW1 and SW4 and therefore two loops:
1.      Loop A: SW1, SW2, SW3 and SW4
2.      Loop B: SW1 and SW4.
 
It causes problems such as a waste of CPU utilization if more than one loop exists. In order to prevent loop, Port 26 and 27 of SW1 and Port 26 and 28 of SW4 should be trunked as a group. In this way, two links between Switch 1 and 4 will be logically identified as one link by the system and only one loop exists with port 27 of SW3 blocked.
 

Use the following commands to enable LACP on port 26 and 27 of SW1.
 
SW_1#config
SW_1(config)#interface e 1/26
SW_1(config-if)#lacp
SW_1(config-if)#int e 1/27
SW_1(config-if)#lacp
 
Use the command "show interface status port-channel 1" to check trunk group members. As shown below, port 26 and 27 of SW1 are member ports of trunk group 1.
 
SW_1#sh int status port-channel 1
Information of Trunk 1
 Basic Information:
  Port Type              : 1000BASE-T
  MAC Address            : 70-72-CF-58-F9-25
 Configuration:
  Name                   :
  Port Admin             : Up
  Speed-duplex           : Auto
  Capabilities           : 10half, 10full, 100half, 100full, 1000full
  Broadcast Storm        : Enabled
  Broadcast Storm Limit  : 64 Kbits/second
  Multicast Storm        : Disabled
  Multicast Storm Limit  : 64 Kbits/second
  Unknown Unicast Storm       : Disabled
  Unknown Unicast Storm Limit : 64 Kbits/second
  Flow Control           : Disabled
  VLAN Trunking          : Disabled
 Current Status:
  Created By             : LACP
  Link Status            : Up
  Port Operation Status  : Up
  Operation Speed-duplex : 1000full
  Up Time                : 0w 0d 0h 3m 45s (225 seconds)
  Flow Control Type      : None
  Max Frame Size         : 1518 bytes (1522 bytes for tagged frames)
  Member Ports           : Eth1/26, Eth1/27
 
Use the command "show spanning-tree port-channel 1" to check information such as role and state of each port.
 
SW_1#sh spanning-tree port-channel 1
Trunk 1 Information
---------------------------------------------------------------
 Admin Status                      : Enabled
 Role                              : Designate
 State                             : Forwarding
 Admin Path Cost                   : 0
 Oper Path Cost                    : 2500
 Priority                          : 128
 Designated Cost                   : 0
 Designated Port                   : 128.33
 Designated Root                   : 4096.7072CF58F90B
 Designated Bridge                 : 4096.7072CF58F90B
 Forward Transitions               : 24
 Admin Edge Port                   : Auto
 Oper Edge Port                    : Disabled
 Admin Link Type                   : Auto
 Oper Link Type                    : Point-to-point
 Flooding Behavior                 : Enabled
 Spanning-Tree Status              : Enabled
 Loopback Detection Status         : Enabled
 Loopback Detection Release Mode   : Auto
 Loopback Detection Trap           : Disabled
 Loopback Detection Action         : Block
 Root Guard Status                 : Disabled
 BPDU Guard Status                 : Disabled
 BPDU Guard Auto Recovery          : Disabled
 BPDU Guard Auto Recovery Interval : 300
 BPDU Filter Status                : Disabled
 

1. To prevent loop

 

As shown in the figure above, there are 3 traffic paths from VLC server to PC2:
Path 1(red): from SW1 port 26 to SW4 port 26;
Path 2(blue): from SW1 port 27 to SW4 port 28;
Path 3(green): from SW1 port 28 to SW2 port 27, from SW2 port 28 to SW3 port 27, from SW3 port 28 to SW4 port 27 then to SW4 port 1.

Therefore, there are two loops in the topology:

 

As shown in the figures above, when the switch receives a broadcast, multicast or unknown unicast packet from VCL Server, packet will flood to port 26(packet 2 yellow) and 27 (packet 2 green). When SW4 receives the packet from port 26, the packet will flood to port 1 (packet 3 yellow) and port 28 (packet 3 yellow). When SW4 receives the packet from port 28, the packet will flood to port 1(packet 3 green) and port 26 (packet 3 green). In this way, packets will occupy every port that connected to switch and it results in a failure to serving normal packets and sometimes a waste of CPU utilization.

Spanning Tree Protocol is a mechanism that automatically detects loops in the network and blocks the redundant paths to keep only one path for two nodes in the network. Rapid Spanning Tree Protocol (RSTP) is an enhancement of STP and provides faster spanning tree convergence. RSTP uses path cost, bridge ID and port priority/port ID of BPDU to prioritize the paths and then to establish a spanning tree.

2. To Provide Redundant path

Sometimes users create a loop intentionally in order to build up a redundant path in case the path is failed to link. Traffic dynamically switches to the redundant path and maintain network operation when the default path is failed to link.

 

When the link between SW1 port 26 and SW4 port 26 is down, SW1 port 27 which is in blocking state (Alternate Role) automatically forwards. Therefore, traffic from VLC server switches to the link between SW1 port 27 and SW4 port 28.

Use command "show log ram" to see the change log.

SW_1#sh log ram
[3] 08:59:45 2011-12-08
   'STA topology change happened on Eth 1/27.'
   level : 6, module : 5, function : 1, and event no. : 1
[2] 08:59:45 2011-12-08
   'STP port state: MSTID 0, Eth 1/27 becomes forwarding.'
   level : 6, module : 5, function : 1, and event no. : 1
[1] 08:59:45 2011-12-08
   'STP port state: MSTID 0, Eth 1/26 becomes non-forwarding.'
   level : 6, module : 5, function : 1, and event no. : 1
[0] 08:59:45 2011-12-08
   'Unit 1, Port 26 link-down notification.'
   level : 6, module : 5, function : 1, and event no. : 1


SW_4-0#sh log ram
[2] 08:28:56 2011-12-08
   'STA topology change happened on Eth 1/27.'
   level : 6, module : 5, function : 1, and event no. : 1
[1] 08:28:54 2011-12-08
   'STP port state: MSTID 0, Eth 1/26 becomes non-forwarding.'
   level : 6, module : 5, function : 1, and event no. : 1
[0] 08:28:54 2011-12-08
   'Unit 1, Port 26 link-down notification.'
   level : 6, module : 5, function : 1, and event no. : 1

SW_2-0#sh log ram
[1] 09:00:39 2011-12-08
   'User(admin/Telnet) (192.168.1.1), login successful.'
   level : 6, module : 5, function : 1, and event no. : 1
[0] 08:58:43 2011-12-08
   '192.168.1.1 VTY user admin, logout from PRIV. EXEC mode.'
   level : 6, module : 1, function : 0, and event no. : 1

SW_3-0#sh log ram
[2] 08:28:51 2011-12-08
   'User(admin/Telnet) (192.168.1.1), login successful.'
   level : 6, module : 5, function : 1, and event no. : 1
[1] 08:27:48 2011-12-08
   'STA topology change happened on Eth 1/27.'
   level : 6, module : 5, function : 1, and event no. : 1
[0] 08:27:12 2011-12-08
   '192.168.1.1 VTY user admin, logout from PRIV. EXEC mode.'
   level : 6, module : 1, function : 0, and event no. : 1

Users change the port priority in order to specify the forwarding port and/or blocking port. In general, the port with smaller port priority ID would be configured as the forwarding port whereas the port with bigger port priority ID would be the blocking port. For example, if users want to configure SW1 port 27 as forwarding port and the port priority ID of SW4 port 26 is 128, the port priority ID of SW1 port 27 should be changed to a number smaller than 128.
 
SW_4(config)#interface ethernet 1/27
SW_4(config-if)#spanning-tree port-priority ?
  <0-240>  Spanning-tree port priority value in steps of 16
 
Please note that the port priority value is steps of 16 in range of 0-240.
 
SW_4(config-if)#spanning-tree port-priority 16
 

A switch is configured as root if it has the smallest priority ID. Therefore, by changing the priority ID to the smallest ID, users could configure any switch as root. For example, use the following commands to change the priority of SW1 to 4096:

SW_1(config)#spanning-tree priority?
  <0-61440>  Spanning-tree priority value in steps of 4096

Please note that the priority ID value can only be changed in steps of 4096, from 0 to 61440.

SW_1(config)# spanning-tree priority 4096

After changing priority ID of SW1 to 4096, SW1 is configured as the Root and the blocking port is changed to SW4 port 28 and SW3 port 27.

How to login as privilege-8 and use “Enable” to access privilege-15?
 
Model Name: ECS4620 series
Firmware Version: v1.2.2.19

1. Set privilege-8, privilege-15 accounts and enable password in tacacs Server
 

2. Then, set following command:
Console(config)#tacacs-server 1 host [tacacs server ip] key [tacacs server's key]
Console(config)#authentication login tacacs local
Console(config)#authentication enable tacacs local
Console(config)#line console
Console(config-line-console)#authorization exec default


3. Use privilege-8 account login to switch, and use enable to access privilege-15

PS. If you want use telnet login, you need to use “authorization exec default” in line vty, too.
 
Console#show privilege
Current privilege level is 15
Console#configure
Console(config)#line vty
Console(config-line-vty)#authorization exec default

 

 
Description:
When the user changes the default login method to use no username, the user will only need to enter the password.
 
  1. Topology:

 
  1. Switch configure:
 
  1. Reset switch to default.
Console#conf
Console(config)#boot system config:Factory_Default_Config.cfg
Console(config)#
Console#reload
System will be restarted. Continue ? y

 
  1. Set line console/vty password
Console#config
Console(config)#line console
Console(config-line-console)#password 0 support
Console(config-line-console)#login
Console(config-line-console)#exit
Console(config)#line vty
Console(config-line-vty)#password 0 support
Console(config-line-vty)#login
Console(config-line-vty)#


 
  1. Verify
Now the user login via console or vty only needs to enter the password.
 
 
When the user logs in with the password set for console/vty, the user’s privilege level is 0. The user needs to use the command “enable” to get privilege level -15.
Default enable password is “super”.
 

 
Why users cannot set up the description to the BGP neighbor?
Model: AS5710-54X-EC
 
Console(config-router)#neighbor x.x.x.x description Edge-Core
Failed to set neighbor description.
Console(config-router)#
 
Solution:
Users have to set “neighbor remote-as”. After that, users are able to set the BGP neighbor description.
 
Console#con
Console(config)#router bgp 1
Console(config-router)#neighbor 192.168.1.2 remote-as 2
Console(config-router)#neighbor 192.168.1.2 description Edge-Core
Console(config-router)#
 
What BGP log messages are supported on the AS5710-54X-EC?
 
Answer: The AS5710-54X-EC supports 3 BGP log messages.
  1. BGP_NEIGHBOR_CHANGE_MESSAGE   "BGP: %s"
  2. BGP_ESTABLISHED_NOTIFICATION_MESSAGE   "BGP established, ip: %s, last err: 0x%04x, state: %s"
  3. BGP_BACKWARD_TRANS_NOTIFICATION_MESSAGE   "BGP backward trans, ip: %s, last err: 0x%04x, state: %s"
How to configure SNMPv3 notification messages on ECS4510 series?
 
 

 
Product Model & Software
ECS4510-28T firmware version: v1.5.2.16
SNMP Server software: MG-soft v10.0.0.4044
 
Configure Procedures
1. Setting an IP address on ECS4510-28T.
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.1 255.255.255.0
 
2. Specifies an “engine-id” for the SNMP server.
Console(config)#snmp-server engine-id remote 192.168.1.20 8000052301c0a80114
*Please find the engine-id from your SNMP server.
The “engine-id” is automatically generated that is unique to the host.

 
3. Create a remote SNMPv3 user.
Console(config)#snmp-server user andy super remote 192.168.1.20 v3 auth md5 andytest
* Also need to create a same user on your SNMP server.

 
4. Create an SNMP “view entry” which controls user access to the MIB for the specific notification message.
Console(config)#snmp-server view super 1.3.6.1.4.1.259.10.1.24.* included.
*This example OID could access to whole the MIB tree of ECS4510-28T.
 
5. Create an SNMP group sets the access policy for the assigned users, and mapping SNMP users to SNMP views.
Console(config)#snmp-server group super v3 auth
 
6. Specify the target SNMP server that will receive inform messages.
Console(config)#snmp-server host 192.168.1.20 inform andy version 3 auth
*If we specify an SNMP Version 3 host, then the community-string is interpreted as an SNMP user name.
Thus here community-string “andy” is the user name.
 
7. SNMP informs collector will receive the SNMPv3 trap.

 
Troubleshooting

If the SNMP server still can’t receive the trap message from switch.
Please continue to capture SNMP packet on the SNMP server, then you could start to do the troubleshooting.
Generally it can be divided into the following two cases.
 
1) Host has not received the SNMP packets. >>> check the configuration of the switch.
-----------------------------------Switch’s Configuration Example-----------------------------------------------------
!
snmp-server engine-id remote 192.168.1.20 8000052301c0a80114
snmp-server group super v3 auth
snmp-server user andy super remote 192.168.1.20 v3 auth md5 andytest
snmp-server view super 1.3.6.1.4.1.259.10.1.24.* included
snmp-server host 192.168.1.20 inform andy version 3 auth
!
!
interface vlan 1
 ip address 192.168.1.1/24
!
-----------------------------------Switch’s Configuration End------------------------------------------------------------
 
2) Host has received the SNMP packets. >>> check the engine-ID and user profile of SNMP server and switch.
 
 
Problem: Why ECS4210 series will fail to enable IPv6 RA Guard on port interface ?
 
Problem description:
When user would like to enable IPv6 RA Guard on port interface by command below, but it display failed.
Console#con
Console(config)#interface ethernet 1/1
Console(config-if)#ipv6 nd raguard
Failed to configure IPv6 RA Guard on port 1/1.
Console(config-if)#
 
Solution:
To sloved rules number issue on ECS4210 series, R&D add new feature for dynamic TCAM allocation.
About IPv6 RA Guard, it's IPv6 rule.
According to tcam design, you must change to 'default' mode then could enable IPv6 RA Guard.(default is ipv4 mode)
Console(config)#tcam allocation ?
  default  allocate one slice for MAC, one slice for IPv4, two slices for IPv6
  ipv4     allocate one slice for MAC, three slices for IPv4, no slices for IPv6
  mac      allocate two slices for MAC, one slice for IPv4, no slices for IPv6
Console(config)#tcam allocation default
please remember save the config and reboot the switch, then new allocation will apply.
When you use IPv4/MAC mode, it will share IPv6 table to IPv4/MAC.
On 'IPv4' or 'MAC' mode, it will always fail to enable IPv6 RA Guard.
 
[Reason]
Chip have symptom for the limit number of ACLs.
[Target]
Dynamic to allocate superfluous rules to other rules.
[Action] .
==default mode==
MAC rules: 128 rules share with MAC ACL, MAC service policy and reserved rules.
IPv4 rules: 128 rules share with IPv4 ACL, IPv4 service policy and reserved rules.
IPv6 rules: 128 rules share with IPv6 ACL, IPv6 service policy and reserved rules.
 
==IPv4 mode==
MAC rules: 128 rules share with MAC ACL, MAC service policy and reserved rules.
IPv4 rules: 128 rules share with IPv4 ACL. 256 rules share with IPv4 service policy.
IPv6 rules: 0 rules.
 
==mac mode==
MAC rules: 128 rules share with MAC ACL and reserved rules. 128 rules share with MAC service policy.
IPv4 rules: 128 rules share with IPv4 ACL, IPv4 service policy and reserved rules.
IPv6 rules: 0 rules.
 
 
 
 
 

 
1. Enable the PPPoE Intermediate Agent globally on the switch.
Console(config)#pppoe intermediate-agent
 
2. Enable PPPoE Intermediate Agent and set to trusted mode at the interface that is connected to a PPPoE server.
Console(config)#interface ethernet 1/24
Console(config-if)#pppoe intermediate-agent port-enable
Console(config-if)#pppoe intermediate-agent trust
 
3. Enables PPPoE Intermediate Agent at the interface that is connected to a PPPoE client.
Console(config)#interface ethernet 1/1
Console(config-if)#pppoe intermediate-agent port-enable
 
4. Check the Intermediate Agent information on the ports.



5. We can capture the packets on the PPPoE server to know whether the PPPoE connection it is success or not. Besides, we can specify circuit ID string to tagged to PPPoE packets that send to server from clients.
 
Default circuit ID string at PPPoE Tags:

 
Specified circuit ID string at PPPoE Tags with following command:
Console(config)# pppoe intermediate-agent format-type access-node-identifier ECS4110
Console(config)#interface ethernet 1/1
Console(config-if)# pppoe intermediate-agent port-format-type circuit-id TEST



6. We also can check the statistics information of the PPPoE Intermediate Agent on the switch.