Download - C HAPTER 5. B RIDGE MODE CONFIGURATION
DASAN NETWORKSGPON TRAINING
CHAPTER 5. BRIDGE MODE CONFIGURATION
www.dasannetworks.eu
1. Port numbering – V5812G
2. Port numbering – V5824G
3. Port numbering – V8240
4. Port configuration – uplink COMBO port type
5. Basic port configuration
6. Communication on/between OLT port/s (Layer 2)
7. VLANs
8. Loop-detect feature
9. Port mirroring
10. Link aggregation – TRUNK/LACP (1)
11. Jumbo frame
12. Spanning tree
13. Rate-limiting on uplink ports
14. Storm control
www.dasannetworks.eu
Table of contents
www.dasannetworks.eu
Introduction
Bridge Configuration ModeIn Bridge Configuration mode, you can configure various Layer 2 functions such as VLAN, STP, LACP, etc.
To access this level, You should set on CLI:SWITCH login: adminPassword:SWITCH> enableSWITCH# configure terminalSWITCH(config)# bridgeSWITCH(bridge)#
The same is on all DASAN OLTs: V5812G|V5824G|V8240
www.dasannetworks.eu
1. Port numbering – V5812G
OLT port numbering is as on the picture on the right. OLT contains 4 x GPON ports and 8 uplink COMBO ports. You can use an uplink port as an optical (1000Base-X, SFP) port or electrical (10/100/1000Base-T, RJ45) port, depending on the type of network it connected to.
By default all uplink ports are RJ45.
To check port status You can use below command:
SWITCH> enable
SWITCH# show port
SWITCH# show port PORT
www.dasannetworks.eu
2. Port numbering – V5824G
OLT port numbering is as on the picture on the right. OLT contains 8 x GPON ports, 8 uplink 1G COMBO ports and 2 uplink 1G/10G ports (SFP/SFP+) . You can use an uplink port as an optical (1000Base-X, SFP) port or electrical (10/100/1000Base-T, RJ45) port, depending on the type of network it connected to.
By default all uplink 1G ports are RJ45.
To check port status You can use below command:
SWITCH> enable
SWITCH# show port
SWITCH# show port PORT
www.dasannetworks.eu
3. Port numbering – V8240
When specifying the port number for SIU/NIU in the CLI, you can simply put the number in the form of SLOT/PORT
To check port status You can use below command:
SWITCH> enable
SWITCH# show port
SWITCH# show port PORTs
www.dasannetworks.eu
4. Port configuration – uplink COMBO port type
EXAMPLE:SWITCH> enable
SWITCH# configure terminal
SWITCH(config)# bridge
SWITCH(bridge)# port medium 7,8,9 sfp
SWITCH (bridge)# show port medium
www.dasannetworks.eu
5. Basic port configuration (1)
To display status of switch ports , use the following
commands:
SWITCH(bridge)# show port
SWITCH(bridge)# show port status
SWITCH(bridge)# show port PORTs
SWITCH(bridge)# show port status PORTs
www.dasannetworks.eu
5. Basic port configuration (2)
www.dasannetworks.eu
5. Basic port configuration (3)
www.dasannetworks.eu
6. Communication on/between OLT port/s (Layer 2)
By default on Layer 2: Communication on the same GPON port is blocked (so
ONTs on the same GPON port CAN’T communicate each other)
Communication between different port is possible (so ONTs on different GPON port CAN communicate each other)
You can change this default scenario:
1. Enable communication on the same GPON port:
2. Disable communication between different GPON ports:
If You are using ARP inspection on the OLT, if You want to enable communication on the same GPON port, then You can not use port port-bridge feature.
You should use ARP ALIAS and define range of IP addresses which should communicate each other.:
SWITCH(config)# arp alias START-IP END-IP
www.dasannetworks.eu
7. VLANs (1)
The simplest implicit mapping rule is known as port-based VLAN. A frame is assigned to a VLAN based solely on the switch port on which the frame arrives. In the example depicted on picture on the right, frames arriving on ports 1 through 4 are assigned to VLAN 1, frame from ports 5 through 8 are assigned to VLAN 2, and frames from ports 9 through 12 are assigned to VLAN 3.
Stations within a given VLAN can freely communicate among themselves using either unicast or multicast addressing. No communication is possible at the Data Link layer be tween stations connected to ports that are members of different VLANs. Communication among devices in separate VLANs can be accomplished at higher layers of the architecture, for example, by using a Network layer router with connections to two or more VLANs.
Multicast traffic, or traffic destined for an unknown unicast address arriving on any port, will be flooded only to those ports that are part of the same VLAN. This provides the desired traffic isolation and bandwidth preservation. The use of port-based VLANs effectively partitions a single switch into multiple sub-switches, one for each VLAN.
www.dasannetworks.eu
7. VLANs (2)
Meaning of: unagged – port is working as CISCO access
port (untagged traffic when comes to this port obtain configured VLAN-ID)
tagged – CISCO trunk port
When we configure one or more tagged VLANs on the port, and another VLAN as untagged – then this VLAN (untagged) is working as CISCO Native VLAN.
With default configuration, all ports are on Default VLAN 1 as untagged. Please remember, that when You will set now port to another VLAN, than Default VLAN is automatically deleted from this port.
EXAMPLE:
SWITCH(bridge)# vlan create 100,200
SWITCH(bridge)# vlan add 100 1-4 tagged
SWITCH(bridge)# vlan add 200 8 untagged
SWITCH(bridge)# vlan description 200 IPTV
www.dasannetworks.eu
8. Loop-detect feature (1)
Loop Detection
The loop may occur when double paths are used for the link redundancy between switches and one sends unknown unicast or multicast packet that causes endless packet floating on the LAN like loop topology. That superfluous traffic eventually can result in network fault. It causes superfluous data transmission and network fault.
To prevent this, DASAN OLTs provides the loop detecting function. The loop detecting mechanism is as follows: The switch periodically sends the loop-detecting packet to all the ports with a certain interval, and then if receiving the loop-detecting packet on ONT LAN ports sent before, the switch performs a pre-defined behavior.
Because on one gpon port there is a lot of ONTs connected, please do not set to block OLT port when loop is detected (because it can affect all ONTs). You should use this feature only for sending LOOP-DETECT packets by OLT on specific ports. Other mechanism will be used to block ONLY ONT on which loop will be discovered (follow the instruction).
You must to enable interface of each VLAN, if You want OLT to send loop-detect packets on this VLAN:
SWITCH # configure terminalSWITCH(config)# interface 100SWITCH(config-if[100])# no
shutdown
www.dasannetworks.eu
8. Loop-detect feature (2)
OLT provide a feature which can automatically block ONT for specific interval time when it discovered a loop.
How it works:
1. OLT is sending loop-detect frames on gpon ports (including OLT MAC in frame source MAC)
2. IF this loop-detect frame will came to ONT LAN port (OLT will learn its own MAC address on the OLT) OLT discovered that there is a loop.
3. OLT SRCMAC monitor feature will automatically block this ONT for defined time.
SWITCH# configure terminal
SWITCH(config)# gpon
SWITCH(gpon)# gpon-olt 1
SWITCH(config-gpon-olt[1])#olt srcmac-monitor enable
www.dasannetworks.eu
8. Loop-detect feature (3)
Example configuration of automatic block ONT on which OLT discovered a loop on below scenarios:
loop created on one ONT loop created between two ONTs connected to the same GPON port loop created between two ONTs connected to the different GPON ports if loop will be created on ports behind NAT – then ONT will be automatically
deactivated
1. Create three VLANs: 100,200, 300:
SWITCH (config)# bridge
SWITCH (bridge)# vlan create 100,200,300
SWITCH (bridge)# vlan add 100,200,300 1-4 tagged
SWITCH(bridge)# exit
2. Enable VLAN interfaces
SWITCH(config)# interface 100
SWITCH(config-if[100])# no shutdown
SWITCH(config)# interface 200
SWITCH(config-if[200])# no shutdown
SWITCH(config)# interface 300
SWITCH(config-if[300])# no shutdown
SWITCH(config-if[300])# exit
3. Configure loop-detect on GPON ports
SWITCH(config)# bridge
SWITCH(bridge)# loop-detect enable
SWITCH(bridge)# loop-detect 1-4
SWITCH(bridge)# loop-detect 1-4 timer 5
SWITCH(bridge)# loop-detect 1-4 period 5
SWITCH(bridge)# exit
4. Configure olt source mac monitorSWITCH (config)# gponSWITCH (gpon)# gpon-olt 1SWITCH(config-gpon-olt[1])#olt srcmac-monitor enable auto-onu-block expire-timeout 300 SWITCH (gpon)# gpon-olt 2SWITCH(config-gpon-olt[2])#olt srcmac-monitor enable auto-onu-block expire-timeout 300 SWITCH (gpon)# gpon-olt 3SWITCH(config-gpon-olt[3])#olt srcmac-monitor enable auto-onu-block expire-timeout 300 SWITCH (gpon)# gpon-olt 4SWITCH(config-gpon-olt[4])#olt srcmac-monitor enable auto-onu-block expire-timeout 300
5. Check ONT status:SWITCH(config-gpon-olt[4])# show onu block statusSWITCH(config-gpon-olt[4])# endSWITCH# show syslog local non-volataile reverse
www.dasannetworks.eu
9. Port mirroring (1)
Port mirroring is the function of monitoring a designated port. Here, one port to monitor is called monitor port and a port to be monitored is called mirrored port. Traffic transmitted from mirrored port are copied and sent to monitor port so that user can monitor network traffic.
The following is a network structure to analyze the traffic by port mirroring. It analyzes traffic on the switch and network status by configuring Mirrored port and Monitor port connecting the computer, that the watch program is installed, to the port configured as Monitor port.
To configure port mirroring, designate mirrored ports and monitor port. Then enable port mirroring function. Monitor port should be connected to the watch program installed PC. You can designate only one monitor port but many mirrored ports for one switch.
www.dasannetworks.eu
9. Port mirroring (2)
EXAMPLE:
SWITCH(bridge)# mirror monitor 7
SWITCH(bridge)# mirror add 1,12
SWITCH(bridge)# mirror enable
SWITCH(bridge)# show mirror
www.dasannetworks.eu
10. Link aggregation – TRUNK/LACP (1)
Link aggregation complying with IEEE 802.3ad bundles several physical ports together to one logical port so that you can get enlarged bandwidth.
DASAN OLTs supports two kinds of link aggregation as Port Trunk and LACP. There is a little difference in these two ways. In case of port trunking, it is quite troublesome to set the configuration manually and the rate to adjust to the network environment changes when connecting to the switch using logical port. On the other hand, in case of LACP, once you specify LACP member ports between the switches, the ports will be automatically aggregated by LACP without manually configuring the aggregated ports.
www.dasannetworks.eu
10. Link aggregation – TRUNK (2)
You should configure VLANs to the new created trunk, for V5812G: Trunk 0 -> port 13 Trunk 1 -> port 14 and so onfor V5824G: Trunk 0 -> port 19 Trunk 1 -> port 20 and so onfor V8240: Trunk 0 -> port t/1 Trunk 1 -> port t/2 and so on
EXAMPLE:
SWITCH(bridge)# trunk 0 5-6
SWITCH(bridge)# vlan add 100,200,400 13 tagged
SWITCH(bridge)# show trunk
SWITCH(bridge)# show vlan
www.dasannetworks.eu
10. Link aggregation – LACP (3)
Link Aggregation Control Protocol (LACP)
Link aggregation control protocol (LACP) is the function of using wider bandwidth by aggregating more than two ports as a logical port as previously stated port trunk function. If the aggregated port by port trunk is in different VLAN from the VLAN where the existing member port originally belongs to, it should be moved to VLAN where the existing member port belongs to. However, the integrated port configured by LACP is automatically added to appropriate VLAN.
More then one aggregator
If You are using more then one aggregator, You should configure different admin-key for ports belong to different aggregator.
So, e.g. when we have two aggregators (0 and 1).
Aggregator 0 should contain ports 5 and 6
Aggregator 1 should contain ports 7 and 8
V5812G and V8240:
SWITCH(bridge)# lacp aggregator 0
SWITCH(bridge)# lacp aggregator 1
SWITCH(bridge)# lacp port 5-8
SWITCH(bridge)# lacp port admin-key 5-6 1
SWITCH(bridge)# lacp port admin-key 7-8 3
V5824G:
SWITCH(bridge)# lacp aggregator 0
SWITCH(bridge)# lacp aggregator 1
SWITCH(bridge)# lacp port 9-10 aggregator 0
SWITCH(bridge)# lacp port 11-12 aggregator 1
SWITCH(bridge)# lacp port admin-key 9-10 2
SWITCH(bridge)# lacp port admin-key 11-12 3
www.dasannetworks.eu
10. Link aggregation – LACP (3)
EXAMPLE V5812G:
1. Configure VLAN on physical ports:
SWITCH(bridge)# vlan add 100, 400 5-6 tagged
SWITCH(bridge)# vlan add 200, 500 7-8 tagged
2. Configure LACP Aggregators
SWITCH(bridge)# lacp aggregator 0
SWITCH(bridge)# lacp aggregator 1
SWITCH(bridge)# lacp port 5-8
SWITCH(bridge)# lacp port admin-key 5-6 2
SWITCH(bridge)# lacp port admin-key 7-8 3
EXAMPLE V5824G:
1. Configure VLAN on physical ports:
SWITCH(bridge)# vlan add 100, 400 9-10 tagged
SWITCH(bridge)# vlan add 200, 500 11-12 tagged
2. Configure LACP Aggregators
SWITCH(bridge)# lacp aggregator 0
SWITCH(bridge)# lacp aggregator 1
SWITCH(bridge)# lacp port 9-10 aggregator 0
SWITCH(bridge)# lacp port 11-12 aggregator 1
SWITCH(bridge)# lacp port admin-key 9-10 2
SWITCH(bridge)# lacp port admin-key 11-12 3
www.dasannetworks.eu
10. Link aggregation – TRUNK/LACP (4)
www.dasannetworks.eu
11. Jumbo frame
JUMBO FRAME:
The packet range that can be capable to accept is from 64 bytes to 1518 bytes. Therefore, packets not between these ranges will not be taken. However, the V5812G can accept jumbo frame larger than 1518 bytes through user’s configuration.
To configure frame-size up to 9216 bytes
on port 5 and 6, configure:
SWITCH(config)# bridge
SWITCH(bridge)# jumbo-frame 5-6 9216
www.dasannetworks.eu
12. Spanning tree (1)
Spanning-Tree Protocol (STP)
The local area network (LAN), which is composed of double paths like token ring, has the advantage that it is possible to access in case of disconnection with one path. However, there is another problem called a loop when you always use the double paths. The loop may occur when double paths are used for the link redundancy between switches and one sends unknown unicast or multicast packet that causes endless packet floating on the LAN like loop topology. That superfluous traffic eventually can result in network fault. It causes superfluous data transmission and network fault.
The spanning-tree protocol (STP) is the function to prevent the loop in LAN with more than two paths and to utilize the double paths efficiently. It is defined in IEEE 802.1d. If the STP is configured in the system , there is no loop since it chooses more efficient path of them and blocks the other path. In other words, when SWITCH C in the below figure sends packet to SWITCH B, path 1 is chosen and path 2 is blocked.
Meanwhile, the rapid spanning-tree protocol (RSTP) defined in IEEE 802.1 dramatically reduces the time of network convergence on the spanning-tree protocol (STP). It is easy and fast to configure new protocol. The IEEE 802.1w also supports backward
compatibility with IEEE 802.1d. The DASAN OLTs provides STP, RSTP and MSTP. STP configuration is a bit different on OLT V5824G then in V5812G and V8240
www.dasannetworks.eu
12. Spanning tree (2) - RSTP
STP or RSTP is configured on network where Loop can be created. However, RSTP is more rapidly progressed than STP at the stage of reaching to the last topology.
Rapid Spanning-Tree Protocol (RSTP) EXAMPLE – V5812G | V8240
SWITCH(config)#bridge
SWITCH(bridge)# stp force-version rstp
SWITCH(bridge)# stp mst enable
Rapid Spanning-Tree Protocol (RSTP) EXAMPLE – V5824G
SWITCH(config)#bridge
SWITCH(bridge)# spanning-tree
SWITCH(bridge)# spanning-tree mst
SWITCH(bridge)# spanning-tree mode rstp
www.dasannetworks.eu
12. Spanning tree (3) – Per VLAN Rapid Spanning-Tree Protocol (PVSTP)
PVSTP/PVRSTP
STP and RSPT are designed with one VLAN in the network. If a port becomes blocking state, the physical port itself is blocked. But PVSTP (Per VLAN Spanning Tree Protocol) and PVRSTP (Per VLAN Rapid Spanning Tree Protocol) maintains spanning tree instance for each VLAN in the network. Because PVSTP treats each VLAN as a separate network, it has the ability to load balance traffic by forwarding some VLANs on one trunk and other VLANs. PVRSTP provides the same functionality as PVSTP with enhancement.
Per VLAN Rapid Spanning-Tree Protocol (PVRSTP) EXAMPLE – V5812G | V8240
SWITCH(config)#bridge
SWITCH(bridge)# vlan create 100,200
SWITCH(bridge)# vlan add 100,200 5-8 tagged
SWITCH(bridge)# stp force-version pvrstp
SWITCH(bridge)# stp pvst enable 100,200
SWITCH(bridge)# show stp pvst 100,200 all
Per VLAN Rapid Spanning-Tree Protocol (PVRSTP) EXAMPLE – V5824G
SWITCH(config)#bridge
SWITCH(bridge)# vlan create 100,200
SWITCH(bridge)# vlan add 100,200 9-12 tagged
SWITCH(bridge)# spanning-tree
SWITCH(bridge)# spanning-tree mode rapid-pvst
SWITCH(bridge)# spanning-tree vlan 100,200
SWITCH(bridge)# show spanning-tree
In this example STP will work for VLANs 100 and 200 separately
www.dasannetworks.eu
12. Spanning tree (3) – Per VLAN Rapid Spanning-Tree Protocol (PVSTP)
www.dasannetworks.eu
13. Rate-limiting on uplink ports
Rate Limit
User can customize port bandwidth according to user’s environment. By this configuration, you can prevent a certain port to monopolize whole bandwidth so that all ports can use bandwidth equally. Egress and ingress can be configured both to be same and to be different.
DASAN OLTs (V5812G|V5824G|V8240) can apply the rate limit with 64 Kbps unit for GE port, and support: ingress policing egress shaping
Please note that rate-limiting behavior is per physical port (per VLAN on port is not supported). For the ingress rate limit, the flow control should be enabled on a specified port and also on device connected to this port.
EXAMPLESWITCH(config)#bridgeSWITCH(bridge)#port flow-control 8 onSWITCH(bridge)# rate-limit port 8 rate 102400 egress SWITCH(bridge)# rate-limit port 8 rate 102400 ingress dot3x
www.dasannetworks.eu
14. Storm control
Storm Control
DASAN OLTs (V5812G|V5824G|V8240) provides a storm control feature for mass broadcast, multicast, and destination lookup failure (DLF). Generally, wrong network configuration, hardware malfunction, virus and so on cause these kinds of mass packets. Packet storm occupies most of the bandwidth of the network, and that causes the network to become very.
EXAMPLESWITCH(config)#bridge
SWITCH(bridge)# storm-control broadcast 300 1-4
SWITCH(bridge)# storm-control broadcast 500 5-12
SWITCH(bridge)# storm-control multicast 100 1-4
SWITCH(bridge)# storm-control multicast 200 5-12
SWITCH(bridge)# storm-control dlf 50 1-4
SWITCH(bridge)# storm-control dlf 100 5-12
SWITCH(bridge)#show storm-control
Above configuration shows only example
values, they depends on size/traffic on Your
network.