MA5600&MA5603 V300R003C05 Configuration Guide 09(32)

(1)

Module

V300R003C05

Configuration Guide

Issue 09

Date 2015-02-28

(2)

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang Shenzhen 518129

People's Republic of China

Website: http://www.huawei.com

(3)

About This Document

Purpose

This document describes the configuration of various services supported by the MA5600. The description covers the following topics:

l Purpose l Networking l Data plan l Prerequisite(s) l Precaution l Configuration flowchart l Configuration procedure l Result

This document helps users to know the configuration of various services supported by the MA5600.

Related Versions

The following table lists the product versions related to this document.

Product Name Version

MA5600 V300R003C05

N2000 BMS V200R012C05

This document considers the MA5600 as an example to describe the configuration and does not describe the configuration of services supported by the MA5603 because the MA5600 have the different hardware and the same software functions.

Intended Audience

(4)

l Installation and commissioning engineers

l System maintenance engineers

l Data configuration engineers

Conventions

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates a hazard with a high level of risk which, if not prevented, may result in death or serious injury.

Indicates a hazard with a medium or low level of risk which, if not prevented, may result in minor or moderate injury.

Indicates a potentially hazardous situation that, if not prevented, may result in equipment damage, data loss, and performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time.

Provides additional information to emphasize or supplement important points of the main text.

General Conventions

Convention Description

Times New Roman Normal paragraphs are in Times New Roman.

Boldface Names of files, directories, folders, and users are in boldface. For example, log in as user root.

Italic Book titles are in italics.

Courier New Terminal display is in Courier New. In addition, the

information that is input by the user and is contained in the screen display is in boldface.

(5)

Command Conventions

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italic.

[ ] Items (keywords or arguments) in square brackets [ ] are

optional.

{ x | y | ... } Alternative items are grouped in braces and separated by

vertical bars. One is selected.

[ x | y | ... ] Optional alternative items are grouped in square brackets and

separated by vertical bars. One or none is selected.

{ x | y | ... } * Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be selected.

[ x | y | ... ] * Optional alternative items are grouped in square brackets and

separated by vertical bars. Multiple or none are selected.

GUI Conventions

Boldface Buttons, menus, parameters, tabs, window, and dialog titles are in Boldface. For example, click OK.

> Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder.

Keyboard Operation

Format Description

Key Press the key. For example, press Enter and press Tab.

Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl+Alt +A indicates the three keys need to be pressed concurrently. Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A indicates

(6)

Mouse Operation

Action Description

Click Select and release the primary mouse button without moving

the pointer.

Double-click Press the primary mouse button twice continuously and quickly

without moving the pointer.

Drag Press and hold the primary mouse button and move the pointer

to a certain position.

Update History

Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions.

Issue 09 (2015-02-28)

Based on issue 08 (2013-12-30), the document is updated as follows: The following information is modified:

1.7 Configuring the Attributes of an Upstream Ethernet Port 1.4 Configuring Alarms

Issue 08 (2013-12-30)

2.6 Configuring MPLS

Issue 07 (2013-03-26)

Based on issue 06 (2012-01-20), the document is updated as follows: Some bugs are fixed.

Issue 06 (2012-01-20)

l Configuring the System Clock

(7)

Issue 05 (2010-11-29)

l Configuring the ADSL2+ Profile

l Configuring the Multicast Service in the MVLAN Mode

l Configuring the Multicast Service in the Non-MVLAN Mode

Issue 04 (2010-10-25)

l Configuration Example of the Integrated MSTP Network l Configuration Example of the Integrated Subtending Network

Issue 03 (2010-03-15)

Based on issue 02 (2009-03-15), the document is updated as follows: The following information is added:

Based on the new design, the file structure is changed according to the customer requirements to implement the configuration according to the scenario and documentation.

Issue 02 (2009-03-15)

Based on issue 01 (2008-11-20), the document is updated as follows: The following information is added:

l Modifying an ACL

l Enabling the Ring Network Detection on the User Side

l FAQ

l Configuration Example of the Multicast Service Based on the VDSL2 Fall Back Function The following information is modified:

l Configuring the IP Address of the Inband NMS Interface

l Configuring the PITP Function

l Enabling the Anti MAC Spoofing Function

l Configuring the Outband Firewall Function l Configuring an Accessible Address Segment

l Introduction to VDSL2 Service

l Configuration Example of the VDSL2 IPoA Service

l Configuration Example of the VDSL2 PPPoA Service

l Configuration Example of the VDSL2 PPPoE/IPoE Service

(8)

l Adding a VDSL2 Channel Profile

l Introduction to MPLS Service

Updates in Issue 01 (2008-11-20)

This is the first release.

(9)

About This Document...ii

1 Basic Configurations...1

1.1 Configuring the License Function...3

1.2 Configuring the System Clock...5

1.3 Configuring the Network Time...6

1.3.1 (Optional) Configuring NTP Authentication...7

1.3.2 Configuring the Broadcast Mode NTP...8

1.3.3 Configuring the Multicast Mode NTP...10

1.3.4 Configuring the Unicast Server Mode NTP...13

1.3.5 Configuring the Peer Mode NTP...15

1.4 Configuring Alarms...17

1.5 Adding Port Description...18

1.6 Configuring the Auto-save Function...19

1.7 Configuring the Attributes of an Upstream Ethernet Port...22

1.8 Configuring the Ethernet Port Aggregation...24

1.9 Configuring DHCP...25

1.9.1 Configuring the Standard DHCP Mode...26

1.9.2 Configuring the DHCP Option60 Mode...27

1.9.3 Configuring the DHCP MAC Address Segment Mode...29

1.10 Configuring a VLAN...31

1.11 Configuring an xDSL Profile...37

1.11.1 Configuring the ADSL2+ Profile...37

1.11.2 Configuring SHDSL Profiles...39

1.11.3 Configuring VDSL2 Profiles...41

1.12 Configuring System Security...43

1.12.1 Configuring Firewall...44

1.12.2 Configuring Anti-Attack...46

1.12.3 Preventing the Access of Illegal Users...48

1.13 Configuring the User Security...50

1.13.1 Configuring Anti-Theft and Roaming of User Account Through PITP...51

1.13.2 Configuring Anti-Theft and Roaming of User Accounts Through DHCP...53

(10)

1.13.4 Configuring the Ring Network Detection on the User Side...57

1.14 Configuring AAA...58

1.14.1 Configuring the Remote AAA (RADIUS Protocol)...59

1.14.2 Configuration Example of the RADIUS Authentication...62

1.15 Configuring the ACL...64

1.15.1 Configuring a Basic ACL...65

1.15.2 Configuring an Advanced ACL...67

1.15.3 Configuring a Link Layer ACL...68

1.15.4 Configuring a User-defined ACL...69

1.16 Configuring QoS...72

1.16.1 Configuring Traffic Management...72

1.16.2 Configuring Traffic Management Based on ACL...77

1.16.3 Configuring the Queue Management...81

2 Protocol Configuration...84

2.1 Configuring ARP Proxy...85

2.2 Configuring the Route...88

2.2.1 Configuration Example of the Routing Policy...88

2.2.2 Configuration Example of the Static Route...90

2.2.3 Configuration Example of RIP...92

2.2.4 Configuration Example of OSPF...96

2.3 Configuring the MSTP...99

2.4 Configuring the Ethernet OAM...103

2.5 Configuring PIM-SSM Parameters...106

2.6 Configuring MPLS...113

2.6.1 Configuring the MPLS LDP...113

2.6.2 Configuring the MPLS VPN...120

2.6.3 Configuring the MPLS RSVP-TE...130

2.6.4 Configuring the MPLS OAM...138

3 Configuring the xDSL Internet Access Service...151

3.1 Configuring a VLAN...154

3.2 Configuring an Upstream Port...159

3.3 Configuring an xDSL Port...159

3.4 Creating an xDSL Service Port...161

3.5 (Optional) Configuring the xPoA-xPoE Protocol Conversion...167

4 Configuring the Multicast Service in the MVLAN Mode...171

4.1 Default Settings of the Multicast Service...173

4.2 Configuring the Multicast Service on a Single-NE Network...173

4.2.1 Configuring Multicast Global Parameters...175

4.2.2 Configuring the Multicast VLAN and the Multicast Program...177

(11)

4.2.4 (Optional) Configuring the Multicast Bandwidth...183

4.2.5 (Optional) Configuring Multicast Preview...184

4.2.6 (Optional) Configuring Program Prejoin...186

4.2.7 (Optional) Configuring the Multicast Logging Function...187

4.2.8 (Optional) Configuring the PIM-SSM...190

4.3 Configuring the Multicast Service in a Subtending Network...197

4.4 Configuring the Multicast Service in an MSTP Network...198

5 Configuring the Multicast Service in the Non-MVLAN Mode...201

5.1 Default Settings of the Multicast Service...203

5.2 Configuring the Multicast Service on a Single-NE Network...203

5.2.1 Configuring Global Multicast Parameters...204

5.2.2 Configuring the Multicast Program...207

5.2.3 Configuring the Multicast User...210

5.2.4 (Optional) Configuring the Multicast Bandwidth...212

5.2.5 (Optional) Configuring Multicast Preview...213

5.2.6 (Optional) Configuring the Program Prejoin...215

5.2.7 (Optional) Configuring the Multicast Log...216

5.3 Configuring the Multicast Service in a Subtending Network...218

5.4 Configuring the Multicast Service in an MSTP Network...220

6 Configuration Examples of Services...223

6.1 Configuration Example of the xDSL Internet Access Service...224

6.1.1 Configuration Example of the xDSL Internet Access Service Through PPPoE Dialup...224

6.1.2 Configuration Example of the xDSL IPoE Internet Access Service...232

6.1.3 Configuration Example of the xDSL IPoA Internet Access Service...239

6.1.4 Configuration Example of the xDSL PPPoA Internet Access Service...247

6.2 Configuration Examples of the Multicast Service in the MVLAN Mode...255

6.2.1 Configuration Example of the Multicast Video Service in the Static Configuration Mode...255

6.2.2 Configuration Example of the Multicast Video Service in the Dynamic Generation Mode...260

6.3 Configuration Example of the Multicast Video Service in the Non-MVLAN Mode...263

6.4 Configuring the VLAN Stacking Wholesale Service...267

6.4.1 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access...267

6.4.2 Configuration Example of VLAN ID Extension...269

6.5 Configuration Example of the QinQ VLAN...271

6.6 Configuring the Triple Play...273

6.6.1 Configuration Example of the Triple Play Application (Multi-PVC for Multiple Services)...274

6.6.2 Configuration Example of the Triple Play Application (Single-PVC for Multiple Services)...279

7 Configuring the Uplink Redundancy Backup...285

8 Configuring the Device Subtending...288

8.1 Configuring the NE Subtending Through the FE or GE Port...289

(12)

8.2.1 Configuring the Attributes of an ATM Port...291

8.2.2 Configuring an ATM Service Port...293

8.2.3 Configuring the xPoA-xPoE Protocol Conversion...294

8.2.4 (Optional) Configuring the MPLS VPN...298

9 Configuration Example of the Integrated MSTP Network...304

9.1 Networking...306 9.2 Data Plan...307 9.3 Configuring MA5600-1...310 9.4 Configuring MA5600-2...317 9.5 Configuring MA5600-3...324 9.6 Configuring MA5600-4...329 9.7 Configuring MA5600-5...335 9.8 Verification...337

10 Configuration Example of the Integrated Subtending Network...339

10.1 Networking...340

10.2 Data Plan for Integrated Subtending Network...341

10.3 Configuring MA5600-1...343

10.6 Verification...359

A FAQ... 361

A.1 How to Query MAC Addresses of Online Users and Query the Ports that Provide the Access for the Users According to the MAC Addresses...362

A.2 What Are the Prerequisites for the Link and Protocol Status of the L3 Interface to Be Up...362

A.3 How to Prevent System Breakdown or Service Interruption of the MA5600 Caused by Network Attacks Through the Proper Configuration...362

A.4 How to Change the NMS VLAN...363

A.5 How to Change the VLAN Type...364

A.6 How to Change the Service VLAN to Which the xDSL Port Belongs...364

A.7 How to Change the Line Profile of an xDSL Port...365

A.8 How to Add a Board on the MA5600...365

A.9 How to Enable Two xDSL Ports of the MA5600 to Communicate with Each Other...366

A.10 What Are the Differences Between the firewall packet-filter Command and the packet-filter Command...366

(13)

1

Basic Configurations

About This Chapter

Basic configurations mainly include certain common configurations, public configurations, and pre-configurations in service configurations. There is no logical relationship between basic configurations. You can perform basic configurations according to actual requirements.

1.1 Configuring the License Function

With the license platform enabled, the license platform performs license control through license server over the function entries and resource entries supported by the MA5600 and provides customized services for users.

1.2 Configuring the System Clock

This topic describes how to configure the system clock to restrict the clock frequency and phase of each node on a network within the preset tolerance scope. This prevents transmission performance deterioration caused by poor timing at both the transmit and receive ends in the digital transmission system.

1.3 Configuring the Network Time

Configuring the NTP protocol is to keep the time of all the devices on the network synchronized, so that the MA5600 implements various service applications, such as the network management system and the network accounting system, based on universal time.

1.4 Configuring Alarms

Alarm management includes the following functions: alarm record, alarm setting, and alarm statistics. These functions help you to maintain the device and ensure that the device works efficiently.

1.5 Adding Port Description

This topic describes how to add port description.

1.6 Configuring the Auto-save Function

This topic describes how to configure the auto-save function so that the system configuration data or database files can be saved automatically.

1.7 Configuring the Attributes of an Upstream Ethernet Port

This topic describes how to configure the attributes of a specified Ethernet port so that the system communicates with the upstream device in the normal state.

(14)

1.8 Configuring the Ethernet Port Aggregation

This topic describes how to configure the Ethernet port aggregation. Port aggregation means the aggregation of multiple ports to expand the bandwidth and balance the input and output load among member ports.

1.9 Configuring DHCP

The MA5600 can implement DHCP relay and DHCP proxy on a network. Configuring DHCP relay is applicable to the scenario where users dynamically obtain IP addresses from the DHCP server through DHCP. In DHCP proxy, the MA5600 proxy can implement certain functions of the DHCP server.

1.10 Configuring a VLAN

Configuring VLAN is a prerequisite for configuring a service. Hence, before configuring a service, make sure that the VLAN configuration based on planning is complete.

1.11 Configuring an xDSL Profile

Configuring an xDSL profile is a prerequisite for configuring an xDSL access service. This topic describes how to configure an ADSL2+ profile, an SHDSL profile, and a VDSL2 profile.

1.12 Configuring System Security

This topic describes how to configure the network security and protection measures of the system to protect the system from malicious attacks.

1.13 Configuring the User Security

Configuring the security mechanism can protect operation users and access users against user account theft and roaming or from the attacks from malicious users.

1.14 Configuring AAA

This topic describes how to configure the AAA on the MA5600, including configuring the MA5600 as the local and remote AAA servers.

1.15 Configuring the ACL

This topic describes the type, rule, and configuration of the ACL on the MA5600.

1.16 Configuring QoS

(15)

1.1 Configuring the License Function

With the license platform enabled, the license platform performs license control through license server over the function entries and resource entries supported by the MA5600 and provides customized services for users.

Prerequisites

The license platform must be enabled, that is, the license function must be enabled.

Application Context

The license platform provides the registration mechanism for the service modules of the MA5600. During system initialization, the service modules need to register for the controlled resource entries or the controlled function entries. After the system starts to work, based on the controlled entries that are registered, the license client management module obtains the authentication information about the license controlled entries of the MA5600 from the license server.

When a service module is configured through the CLI or NMS, the device checks whether the resource entries of the service module or the function entries of the service module are overloaded.

l If overload occurs, the system quits the service configuration and displays a prompt of insufficient license resources.

l If overload does not occur, the system allows the user to continue configuring and using the service. When the service configuration is deleted, the system automatically releases the license resources occupied by the service configuration.

Background Information

l The MA5600 adopts the network license solution, that is, a license server is deployed on the network. The license server software can be installed on the same device with the NMS. The license server software can also be installed separately on a license server. Each digital subscriber line access multiplexer (DSLAM) is like a license client and the licenses of all the clients are managed by the license server in a centralized manner.

l In the management scope of the license server (generally a region or a city), each product has only one license file that is stored on the license server. The resources of the product that are controlled by the license are defined by the license file. Because one license server can manage multiple products, multiple license files can be stored on one license server. l With the license platform enabled, the license server performs license control over the

function entries and resource entries supported by the MA5600 and provides customized services, namely, specified function entries and resource entries, for users according to the requirements.

The control entries of the license platform include function entries and resource entries. You can run the display license feature command to query the corresponding control entries.

– A function entry refers to the entry whose license is controlled based on the function. The controllable function entries supported by the MA5600 include:

(16)

–ETH OAM function

–Illegal access control function of the broadband metropolitan area network (MAN) –Statistical function of the port rate fulfillment ratio

–MPLS function

–Dynamic routing function

– A resource entry refers to the entry whose license is controlled based on the count. The controllable resource entries supported by the MA5600 include:

–Count of multicast users –Count of multicast programs

–Count of conversions from xPOA to xPOE

–Count of ADSL2+/SHDSL/VDSL2 ports

–Count of ADSL2+ ports using the Annex M feature –Count of ADSL2+ ports using the INP+ feature

–Count of SHDSL.bis ports referencing the profile configured with high rate

–Count of bound SHDSL ports

–Count of ports on the AIUG board supporting the access of the ATM service –Count of IMA links on the AIUG board

Precautions

l If you need to use the license platform supported by the MA5600, ensure to consider the deployment of the license server in network planning.

l It is recommended that you install the license server on the same computer with the NMS server. If there is no NMS server, you need to separately deploy a license server on the network.

Procedure

Step 1 Configure the interface that is for communicating between the MA5600 and the license server. 1. Run the vlan command to create a VLAN.

2. Run the port vlan command to add an upstream port to the VLAN.

3. (Optional) Run the native-vlan command to configure the default VLAN of the upstream port.

Whether the native VLAN needs to be set for the upstream port depends on whether the upper-layer device connected to the upstream port supports packets carrying a VLAN tag. The setting on the MA5600 must be the same as that on the upper-layer device.

4. Run the interface vlanif command to enter the VLAN interface mode.

5. Run the ip address command to configure the IP address of the VLAN L3 interface so that the IP packets in the VLAN are forwarded by using this IP address.

Step 2 Run the license esn command to configure the equipment serial number (ESN) of the device. Each client of the license server is uniquely identified by the ESN. The ESN needs to be configured if the user enables the license platform. The ESN can be the NMS IP address of the device or the IP address of the VLAN L3 interface.

(17)

Step 3 Run the license server command to configure the license server.

If the user enables the license platform, configure the IP address and TCP port ID of the license server so that the license server can communicate with the client.

Step 4 Run the display license info command to query the communication status between the device and the license server.

----End

Example

To configure the MA5600 to communicate with the server through smart VLAN 10, configure the IP address of the L3 interface to 10.10.10.10/24, configure the MA5600 to communicate with the license server (IP address: 10.20.20.2/24) through port 0/7/0, and configure the TCP port ID to 10010, do as follows: huawei(config)#vlan 10 smart huawei(config)#port vlan 10 0/7 0 huawei(config)#interface vlanif 10 huawei(config-if-vlanif10)#ip address 10.10.10.10 24 huawei(config-if-vlanif10)#quit huawei(config)#ip route-static 0.0.0.0 24 10.10.10.1 huawei(config)#license esn 10.10.10.10

huawei(config)#license server ipaddress 10.20.20.2 tcpport 10010

1.2 Configuring the System Clock

This topic describes how to configure the system clock to restrict the clock frequency and phase of each node on a network within the preset tolerance scope. This prevents transmission performance deterioration caused by poor timing at both the transmit and receive ends in the digital transmission system.

Background Information

On a digital network comprising the MA5600 and other devices, the primary problem is clock synchronization. To ensure that the system uses a unified clock standard, you must specify the clock signals from a certain port as the system clock source.

Procedure

Step 1 Run the clock source command to configure the system clock source.

Specify the clock signals extracted from a certain port as the system clock source. Step 2 Run the clock priority command to configure the priority of the clock source.

----End

Example

To obtain two clock sources from ports 0/5/0 and 0/5/1 of the SHEB board as clock source 0 and clock source 2 of the system, configure clock source 2 with the highest priority, and configure clock source 0 with the second highest priority, do as follows:

huawei(config)#clock source 0 0/5/0 huawei(config)#clock source 2 0/5/1 huawei(config)#clock priority sdh 2/0

(18)

1.3 Configuring the Network Time

Configuring the NTP protocol is to keep the time of all the devices on the network synchronized, so that the MA5600 implements various service applications, such as the network management system and the network accounting system, based on universal time.

Background Information

Introduction to the NTP Protocol:

l The Network Time Protocol (NTP) is an application layer protocol defined in RFC 1305, which is used to synchronize the times of the distributed time server and the client. The RFC defines the structures, arithmetics, entities, and protocols used in the implementation of NTP.

l NTP is developed from the time protocol and the ICMP timestamp message protocol, with special design on the aspects of accuracy and robustness.

l NTP runs over UDP with port number as 123.

l Any local system that runs NTP can be time synchronized by other clock sources, and also act as a clock source to synchronize other clocks. In addition, mutual synchronization can be done through NTP packets exchanges.

NTP is applied to the following situations where all the clocks of hosts or routers on a network need to be consistent:

l In the network management, an analysis of log or debugging information collected from different routers needs time for reference.

l The charging system requires the clocks of all devices to be consistent.

l Completing certain functions, for example, timing restart of all the routers on a network requires the clocks of all the routers be consistent.

l When several systems work together on the same complicate event, they have to take the same clock for reference to ensure correct implementation order.

l Incremental backup between the backup server and clients requires clocks on them be synchronized.

When all the devices on a network need to be synchronized, it is almost impossible for an administrator to manually change the system clock by command line. This is because the work load is heavy and clock accuracy cannot be ensured. NTP can quickly synchronize the clocks of network devices and ensure their precision.

There are four NTP modes: unicast server, peer, broadcast, and multicast modes. The MA5600 supports all these modes.

Default Configuration

(19)

Table 1-1 Default configuration for NTP

Parameter Default Value

NTP-service authentication function Disable NTP-service authentication key None The maximum allowed

number of sessions

100

Clock stratum 16

1.3.1 (Optional) Configuring NTP Authentication

This topic describes how to configure NTP authentication to improve the network security and prevent unauthorized users from modifying the clock.

Prerequisites

Before configuring the client/server mode NTP, make sure that the network interface of the MA5600 and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.

Background Information

In certain networks that have strict requirements on security, enable NTP authentication when running the NTP protocol. Configuring NTP authentication is classified into configuring NTP authentication on the client and configuring NTP authentication on the server.

Precautions

l If NTP authentication is not enabled on the client, the client can synchronize with the server, regardless of whether NTP authentication is enabled on the server.

l If NTP authentication is enabled, a reliable key needs to be configured. l The configuration of the server must be the same as that of the client.

l When NTP authentication is enabled on the client, the client can pass the authentication if the server is configured with the same key as that of the client. In this case, you need not enable NTP authentication on the server or declare that the key is reliable.

l The client synchronizes with only the server that provides the reliable key. If the key provided by the server is unreliable, the client does not synchronize with the server.

Procedure

Step 1 Run the ntp-service authentication enable command to enable NTP authentication. Step 2 Run the ntp-service authentication-keyid command to set an NTP authentication key.

(20)

Step 3 Run the ntp-service reliable authentication-keyid command to declare that the key is reliable. ----End

Example

To enable NTP authentication, set the NTP authentication key as aNiceKey with the key number 42, and then define key 42 as a reliable key, do as follows:

huawei(config)#ntp-service authentication enable

huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5

aNiceKey

huawei(config)#ntp-service reliable authentication-keyid 42

1.3.2 Configuring the Broadcast Mode NTP

This topic describes how to configure the MA5600 for clock synchronization in the broadcast mode NTP. After the configuration is completed, the server periodically sends broadcast clock synchronization packets through a specified port, and the client listens to the broadcast packets sent from the server and synchronizes the local clock according to the received broadcast packets.

Prerequisites

Before configuring the broadcast mode NTP, make sure that the interface and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.

Background Information

In the broadcast mode, the server periodically sends clock synchronization packets to the broadcast address 255.255.255.255, with the mode field set to 5 (indicating the broadcast mode). The client listens to the broadcast packets sent from the server. After receiving the first broadcast packet, the client exchanges NTP packet whose mode fields are set to 3 (client mode) and 4 (server mode) with the server to estimate the network delay between the client and the server. The client then enters the broadcast client mode, continues to listen to the incoming broadcast packets, and synchronizes the local clock according to the incoming broadcast packets, as shown in Figure 1-1.

Figure 1-1 Broadcast mode NTP

Broadcast server Broadcast client Periodically sends clock synchronization

packets to the broadcast address (with the

mode field set to 5) After receiving the first _{broadcast packet, the clent} requests for server/client mode Exchanges NTP packet whose mode fields

are set to 3 (client mode) and 4 (server

mode) with the server Obtains the network delay between the client and the server, and then enters the broadcast client mode Periodically sends clock synchronization

packets (with the mode field set to 5) Synchronizes the local clock according to the incoming broadcast packets

(21)

Precautions

1. In the broadcast mode, you need to configure both the NTP server and the NTP client. 2. The clock stratum of the synchronizing device must be higher than or equal to that of the

synchronized device. Otherwise, the clock synchronization fails.

Procedure

l Configure the NTP broadcast server host.

1. Run the ntp-service refclock-master command to configure the local clock as the master NTP clock, and specify the stratum of the master NTP clock.

2. (Optional) Configure NTP authentication.

In certain networks that have strict requirements on security, it is recommended that you enable NTP authentication when running the NTP protocol. The configuration of the server must be the same as that of the client.

a. Run the ntp-service authentication enable command to enable NTP authentication.

b. Run the ntp-service authentication-keyid command to set an NTP authentication key.

c. Run the ntp-service reliable authentication-keyid command to declare that the key is reliable.

3. Add a VLAN L3 interface.

a. Run the vlan command to create a VLAN.

b. Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port.

c. In the global config mode, run the interface vlan command to create a VLAN interface, and then enter the VLAN interface mode to configure the L3 interface. d. Run the ip address command to configure the IP address and subnet mask of the

VLAN interface so that the IP packets in the VLAN can participate in the L3 forwarding.

4. Run the ntp-service broadcast-server command to configure the NTP broadcast server mode of the host, and specify the key ID for the server to send packets to the client.

l Configure the NTP broadcast client host. 1. (Optional) Configure NTP authentication.

(22)

3. Run the ntp-service broadcast-client command to configure a host as the NTP broadcast client.

----End

Example

Assume the following configurations: MA5600_S uses the local clock as the master NTP clock on stratum 2 and works in the broadcast mode NTP, sends broadcast clock synchronization packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2; MA5600_C functions as the NTP client, listens to the broadcast packets sent from the server through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the clock on the broadcast server. To perform these configurations, do as follows:

1. On MA5600_S: huawei(config)#ntp-service refclock-master 2 huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.10 24 huawei(config-if-vlanif2)#ntp-service broadcast-server huawei(config-if-vlanif2)#quit 2. On MA5600_C: huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.20 24 huawei(config-if-vlanif2)#ntp-service broadcast-client huawei(config-if-vlanif2)#quit

1.3.3 Configuring the Multicast Mode NTP

This topic describes how to configure the MA5600 for clock synchronization in the multicast mode NTP. After the configuration is completed, the server periodically sends multicast clock synchronization packets through a specified port, and the client listens to the multicast packets sent from the server and synchronizes the local clock according to the received multicast packets.

Prerequisites

Before configuring the multicast mode NTP, make sure that the interface and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.

Background Information

In the multicast mode, the server periodically sends clock synchronization packets to the multicast address configured by the user. The default NTP multicast address 224.0.1.1 is used

(23)

if the multicast address is not configured. The mode field of clock synchronization packet is set to 5 (multicast mode). The client listens to the multicast packets sent from the server. After receiving the first multicast packet, the client exchanges NTP packet whose mode fields are set to 3 (client mode) and 4 (server mode) with the server to estimate the network delay between the client and the server. The client then enters the multicast client mode, continues to listen to the incoming multicast packets, and synchronizes the local clock according to the incoming multicast packets, as shown in Figure 1-2.

Figure 1-2 Multicast mode NTP

Multicast server Multicast client Periodically sends clock synchronization

packets to the multicast address (with the

mode field set to 5) After receiving the first multicast _{packet, the clent requests for} server/client mode

Exchanges NTP packet whose mode fields are set to 3 (client mode) and 4 (server

mode) with the server Obtains the network delay between _{the client and the server, and then} enters the multicast client mode Periodically sends clock synchronization

packets (with the mode field set to 5) Synchronizes the local clock according to the incoming multicast packets

Precautions

1. In the multicast mode, you need to configure both the NTP server and the NTP client. 2. The clock stratum of the synchronizing device must be higher than or equal to that of the

synchronized device. Otherwise, the clock synchronization fails.

Procedure

l Configure the NTP multicast server host.

1. Run the ntp-service refclock-master command to configure the local clock as the master NTP clock, and specify the stratum of the master NTP clock.

2. (Optional) Configure NTP authentication.

(24)

4. Run the ntp-service multicast-server command to configure the NTP multicast server mode of the host, and specify the key ID for the server to send packets to the client.

l Configure the NTP multicast client host. 1. (Optional) Configure NTP authentication.

3. Run the ntp-service multicast-client command to configure a host as the NTP multicast client.

----End

Example

Assume the following configurations: MA5600_S uses the local clock as the master NTP clock on stratum 2 and works in the multicast mode NTP, sends multicast clock synchronization packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2, and is enabled with the NTP authentication function (the ID of the MD5 authentication key is set to 10, the key is set to BetterKey, and the authentication key is declared to be reliable);

MA5600_C functions as the NTP client, listens to the multicast packets sent from the server through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the clock on the multicast server. To perform these configurations, do as follows:

1. On MA5600_S:

huawei(config)#ntp-service authentication enable

huawei(config)#ntp-service authentication-keyid 10 authentication-mode md5

(25)

huawei(config)#ntp-service reliable authentication-keyid 10 huawei(config)#ntp-service refclock-master 2 huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.10 24 huawei(config-if-vlanif2)#ntp-service multicast-server huawei(config-if-vlanif2)#quit 2. On MA5600_C: huawei(config)#vlan 2 standard huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2 huawei(config-if-vlanif2)#ip address 10.10.10.20 24 huawei(config-if-vlanif2)#ntp-service multicast-client huawei(config-if-vlanif2)#quit

1.3.4 Configuring the Unicast Server Mode NTP

This topic describes how to configure the MA5600 as the NTP client to synchronize time with the NTP server on the network.

Prerequisites

Before configuring the unicast mode NTP, make sure that the interface and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.

Background Information

In the unicast server mode, the client sends a clock synchronization packet to the server, with the mode field set to 3 (client mode). After receiving the packet, the server automatically enters the server mode and sends a response packet with the mode field set to 4 (server mode). After receiving the response from the server, the client filters and selects the clock, and synchronizes with the preferred server, as shown in Figure 1-3.

Figure 1-3 Unicast mode NTP

Client Server

Sends a synchronization packet to the server, with the mode field set

to 3 (client mode) Automatically enters the server mode and sends a response packet Sends a response packet with the

mode field set to 4 (server mode) Filters and selects the

clock, and synchronizes with the preferred server

Precautions

1. In the unicast server mode, you need to configure only the client and need not configure the server.

2. The clock stratum of the synchronizing device must be higher than or equal to the clock stratum of the synchronized device. Otherwise, the clock synchronization fails.

(26)

Procedure

Step 1 Configure a VLAN L3 interface.

1. Run the vlan command to create a VLAN.

2. Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port.

3. Run the interface vlan command to create a VLAN interface in the global config mode and enter the VLAN interface mode to configure the L3 interface.

4. Run the ip address command to configure the IP address and subnet mask of the VLAN interface so that the IP packets in the VLAN can be forwarded at layer 3.

Step 2 Run the ntp-service unicast-server command to configure the unicast server mode and specify the IP address of the remote server that functions as the local timer server and the interface for transmitting and receiving NTP packets.

NOTE

l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast address, or the IP address of a local clock.

l After the source interface of the NTP packets is specified by source-interface, the source IP address of the NTP packets is configured as the primary IP address of the specified interface.

l A server can function as a time server to synchronize other devices only after its clock is synchronized. l When the clock stratum of the server is higher than or equal to the clock stratum of the client, the client does

not synchronize with the server.

l You can run the ntp-service unicast-server command for multiple times to configure multiple servers. Then, the client selects the optimal server according to clock priorities.

Step 3 (Optional) Configure the ACL rules.

Filter the packets that pass through the L3 interface. Only the IP packet from the clock server is allowed to access the L3 interface and other unauthorized packets are not allowed to access the L3 interface. It is recommended that you use the ACL rules for the system that has requirements on strict security.

1. Run the acl adv-acl-numbe command to create an ACL.

2. Run the rule command to create an ACL according to the source IP address, destination IP address, type of the protocol over IP, and protocol features of the packet, allowing or forbidding the data packets that meet related requirements to pass.

3. Run the packet-filter command configure an ACL filtering rule for a specified port and make the configuration take effect.

----End

Example

Assume the following configurations: One MA5600 functions as the NTP server (IP address: 10.20.20.20/24), the other MA5600 (IP address of the L3 interface of VLAN 2: 10.10.10.10/24, gateway IP address: 10.10.10.1) functions as the NTP client, the NTP client sends the clock synchronization request packet through the VLAN L3 interface to the NTP server, the NTP server responds to the request packet, and ACL rules are configured to allow only IP packets from the clock server to access the L3 interface. To perform these configurations, do as follows: huawei(config)#vlan 2 standard

huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2

(27)

huawei(config-if-vlanif2)#quit

huawei(config)#ntp-service unicast-server 10.20.20.20 source-interface vlanif 2 huawei(config)#acl 3010

huawei(config-acl-adv-3010)#rule deny ip source any destination 10.10.10.10

0.0.0.0

huawei(config-acl-adv-3010)#rule permit ip source 10.20.20.20 0.0.0.0 destination

10.10.10.10 0.0.0.0

huawei(config-acl-adv-3010)#quit

huawei(config)#packet-filter inbound ip-group 3010 port 0/7/0

1.3.5 Configuring the Peer Mode NTP

This topic describes how to configure the MA5600 for clock synchronization in the peer mode NTP. In the peer mode, configure only the active peer, and the passive peer need not be configured. In the peer mode, the active peer and the passive peer can synchronize with each other. The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.

Prerequisites

Before configuring the peer mode NTP, make sure that the interface and the routing protocol are configured so that the server and the client are reachable to each other at the network layer.

Background Information

In the peer mode, the active peer and the passive peer exchange NTP packets whose mode fields are set to 3 (client mode) and 4 (server mode). Then, the active peer sends a clock synchronization packet to the passive peer, with the mode field of the packet set to 1 (active peer). After receiving the packet, the passive peer automatically works in the passive mode and sends a response packet with the mode field set to 2 (passive peer). Through packet exchange, the peer mode is set up. The active peer and the passive peer can synchronize with each other. If both the clock of the active peer and that of the passive peer are synchronized, the clock on a lower stratum is used, as shown in Figure 1-4.

Figure 1-4 Peer mode NTP

Active Peer Passive peer

Exchanges NTP packets whose mode fields are set to 3 (client

mode) and 4 (server mode)

Automatically works in the passive mode and sends a response packet

Sends a clock synchronization packet to the passive peer, with the mode field

of the packet set to 1 (active peer) Through packet

exchange, the peer mode is set up

Sends a response packet with the mode field set to 2 (passive peer)

Synchronizes with each other

Precautions

(28)

2. The peers determine clock synchronization according to the clock stratum instead of according to whether the peer is an active peer.

Procedure

Step 1 Configure the NTP active peer.

1. Run the ntp-service refclock-master command to configure the local clock as the master NTP clock, and specify the stratum of the master NTP clock.

2. Run the ntp-service unicast-peer command to configure the peer mode NTP, and specify the IP address of the remote server that functions as the local timer server and the interface for transmitting and receiving NTP packets.

NOTE

l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast address, or the IP address of a reference clock.

l After the source interface of the NTP packets is specified by source-interface, the source IP address of the NTP packets is configured as the primary IP address of the specified interface.

l In the peer mode, the active peer and the passive peer can synchronize with each other. l The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.

Step 2 Add a VLAN L3 interface.

1. Run the vlan command to create a VLAN.

2. Run the port vlan command to add an upstream port to the VLAN so that the user packets carrying the VLAN tag are transmitted upstream through the upstream port.

3. In the global config mode, run the interface vlan command to create a VLAN interface, and then enter the VLAN interface mode to configure the L3 interface.

4. Run the ip address command to configure the IP address and subnet mask of the VLAN interface so that the IP packets in the VLAN can participate in the L3 forwarding. ----End

Example

Assume the following configurations: One MA5600 functions as the NTP active peer (IP address of the L3 interface of VLAN 2: 10.10.10.10/24) and works on clock stratum 4, the other MA5600 (IP address: 10.10.10.20/24) functions as the NTP passive peer, the active peer sends a clock synchronization request packet through the VLAN L3 interface to the passive peer, the passive peer responds to the request packet, and the peer with a higher clock stratum is synchronized by the peer with a lower clock stratum. To perform these configurations, do as follows:

huawei(config)#ntp-service refclock-master 4

huawei(config)#ntp-service unicast-peer 10.10.10.20 source-interface vlanif 2 huawei(config)#vlan 2 standard

huawei(config)#port vlan 2 0/7 0 huawei(config)#interface vlanif 2

huawei(config-if-vlanif2)#ip address 10.10.10.10 24 huawei(config-if-vlanif2)#quit

(29)

1.4 Configuring Alarms

Alarm management includes the following functions: alarm record, alarm setting, and alarm statistics. These functions help you to maintain the device and ensure that the device works efficiently.

Background Information

An alarm refers to the notification of the system after a fault is detected. After an alarm is generated, the system broadcasts the alarm to the terminals, mainly including the NMS and CLI terminals.

Alarms are classified into fault alarm and clear alarm. After a fault alarm is generated at a certain time, the fault alarm lasts until the fault is rectified to clear the alarm.

You can modify the alarm settings according to your requirements. The settings are alarm severity, alarm output mode through the CLI and alarm statistics switch.

Procedure

l You can run the alarm active clear command to clear the alarms that are not recovered in the system.

– Before clearing an alarm, you can run the display alarm active command to query the currently active alarms.

– When an active alarm lasts a long time, you can run this command to clear the alarm. l Run the alarm alarmlevel command to configure the alarm severity.

– Alarm severities are critical, major, minor, and warning.

– Parameter default indicates restoring the alarm severity to the default setting. – You can run the display alarm list command to query the alarm severity.

– The system specifies the default (also recommended) alarm severity for each alarm. Use the default alarm severity unless otherwise required.

l Run the alarm output/undo alarm output command to set or shield the output of alarms to the CLI terminal.

– Setting the output mode of alarms does not affect the generating of alarms. The alarms generated by the system are still recorded. You can run the display alarm history command to query the alarms that are shielded.

– When the new output mode of an alarm conflicts with the previous mode, the new output mode takes effect.

– The output mode of the clear alarm is the same as the output mode of the fault alarm. When the output mode of the fault alarm is set, the system automatically synchronizes the output mode of its clear alarm. The reverse is also applicable. That is, when the output mode of the clear alarm is set, the system automatically synchronizes the output mode of its fault alarm.

l Run the alarm jitter-proof command to configure the alarm jitter-proof function and the jitter-proof period.

(30)

– To prevent a fault alarm and its clear alarm from being displayed frequently, you can enable the alarm jitter-proof function to filter alarms in the system.

– After the alarm jitter-proof function is enabled, the alarm in the system is not reported to the NMS immediately but is reported to the NMS after an alarm jitter-proof period. – If an alarm is recovered in an alarm jitter-proof period, the alarm is not reported to the

NMS.

– You can run the display alarm proof command to check whether the alarm jitter-proof function is enabled and whether the alarm jitter-jitter-proof period is set.

– By default, the alarm jitter-proof function is disabled. You can determine whether to enable the function according to the running of the device.

l Run the alarm-event statistics period command to set the alarm statistics collection period.

– The system collects the occurrence times of alarms and events according to the set period. To save the statistical result, run the alarm-event statistics save command to save the statistics to the flash memory.

– You can use the statistical result of alarms and events to locate a problem in the system. – You can run the display alarm statistics command to query the alarm statistical record. l Run the display alarm configuration command to query the alarm configuration according to the alarm ID. The alarm configuration that you can query includes the alarm ID, alarm name, alarm class, alarm type, alarm severity, default alarm severity, number of parameters, CLI output flag, conversion flag, and detailed alarm description.

l Run the display alarm statistics command to query the alarm statistical record.

– When you need to know the frequency in which one alarm occurs within a time range, and to know the working conditions of the device and analyze the fault that may exist, run this command.

– Currently, you can query the alarm statistics in the current 15 minutes, current 24 hours, last 15 minutes, and last 24 hours in the system.

----End

Example

Assume the following configurations: The output of all the alarms at level warning are shielded to the CLI terminal, the alarm jitter-proof function is enabled, the alarm jitter-proof period is set to 15s, the statistical period of the alarms and events is set to 72 hours, and all the alarms at level major are saved to the flash memory so that a problem can be located through the alarm statistical record. To perform these configurations, do as follows:

huawei(config)#undo alarm output alarmlevel warning huawei(config)#alarm jitter-proof on

huawei(config)#alarm jitter-proof 15

huawei(config)#alarm-event statistics period 72 huawei(config)#alarm alarmlevel 0x0121a001 critical huawei(config)#alarm alarmlevel 0x02310000 critical huawei(config)#alarm-event statistics save

1.5 Adding Port Description

(31)

Background Information

After the description of a physical port on the board is added, the description has the following functions:

l You can perform operations on the port according to its description.

l The customized description of a port facilitates information query in the system maintenance.

Procedure

Step 1 In the global config mode, run the port desc command to add port description.

Port description is a character string, used to identify a port on a board in a slot of a shelf. Step 2 Run the display port desc command to query port description.

----End

Example

Plan the format of user port description as "community ID-building ID-floor ID/shelf ID-slot ID-port ID". "Community ID-building ID-floor ID" indicates the physical location where the user terminal is deployed, and shelf ID-slot ID-port ID" indicates the physical port on the local device that is connected to the user terminal. This plan can present the user terminal location and the connection between the user terminal and the device, which facilitates query in maintenance. Assume that the user terminal that is connected to port 0/2/0 of the MA5600 is deployed in floor 1, building 01 of community A. To add port description according to the plan, do as follows:

huawei(config)#port desc 0/2/0 description A-01-01/0-2-0 huawei(config)#display port desc 0/2/0

F/ S/ P IMA Group Port Description 0/ 2/ 0 - A-01-01/0-2-0

---1.6 Configuring the Auto-save Function

This topic describes how to configure the auto-save function so that the system configuration data or database files can be saved automatically.

Background Information

The MA5600 supports two auto-save modes: l Auto-save at preset interval.

l Auto-save at preset time. Pay attention to the following points:

l Auto-save at preset time conflicts with auto-save at preset interval. You can enable only one of them.

(32)

l Saving data frequently affects the system. Therefore, an auto-save interval shorter than one hour is not recommended, and it is recommended that you set the interval equal to or longer than one day.

l Before the system upgrade operation, run the autosave interval off or autosave time off command to disable the auto-save function to prevent upgrade failure due to the conflict between upgrade and auto-save operations.

NOTICE

After the system upgrade is completed, you must re-enable the auto-save function if the auto-save function is required.

Configuration Flowchart

Figure 1-5 shows the flowchart for configuring the auto-save function.

(33)

Procedure

l Configure auto-save at preset interval.

1. In the global config mode, run the autosave interval on command to enable auto-save at preset interval.

Auto-save at preset interval conflicts with auto-save at preset time. You can enable only one of them.

2. (Optional) In the global config mode, run the autosave interval configuration command to set the auto-save interval for modified system data.

Auto-save is performed according to the interval set by the user. The system checks whether the system data is modified at each interval. If the system data is modified, the system saves the data. Otherwise, the system does not save the data. By default, the interval is 30 minutes.

3. (Optional) In the global config mode, run the autosave interval command to set the auto-save interval.

After the setting, the system data is automatically saved at the set interval regardless of whether the system data is modified. By default, the interval is 24 hours.

4. (Optional) Set the auto-save file type.

In the global config mode, run the autosave type command to set the auto-save file type.

l Configure auto-save at preset time.

1. In the global mode, run the autosave time on command to enable auto-save at preset time.

Auto-save at preset time conflicts with auto-save at preset interval. You can enable only one of them.

2. (Optional) In the global config mode, run the autosave time command to set the auto-save time.

After the setting, the system data is automatically saved at the set time regardless of whether the system data is modified. By default, the time is 00:00:00.

3. (Optional) Set the auto-save file type.

In the global config mode, run the autosave type command to set the auto-save file type.

----End

Example

To enable auto-save at preset interval on the MA5600, set the auto-save interval to two days (2880 minutes), and save both the database file and the configuration file, do as follows: huawei(config)#autosave interval on

huawei(config)#autosave interval 2880 huawei(config)#autosave type all huawei(config)#save

(34)

1.7 Configuring the Attributes of an Upstream Ethernet Port

This topic describes how to configure the attributes of a specified Ethernet port so that the system communicates with the upstream device in the normal state.

Prerequisites

The Ethernet board must be configured in the system.

Background Information

The MA5600 needs to be interconnected with the upstream device through the Ethernet port. Therefore, pay attention to the consistency of port attributes.

Default Configuration

Table 1-2 lists the default settings of the attributes of an Ethernet port.

Table 1-2 Default settings of the attributes of an Ethernet port

Parameter Default Setting (Optical Port) Default Setting (Electrical Port)

Auto-negotiation mode of the port

Disabled Enabled

Port rate l FE optical port: 100 Mbit/s

l GE optical port: 1000 Mbit/s l 10GE optical port: 10000 Mbit/

s

NA NOTE

After the auto-negotiation mode of the port is disabled, you can configure the port rate.

Duplex mode Full-duplex NA

NOTE

After the auto-negotiation mode of the port is disabled, you can configure the duplex mode.

Network cable adaptation mode

Not supported l FE electrical port: auto

l GE electrical port: normal

Flow control Disabled Disabled

Procedure

l Configure the physical attributes of an Ethernet port.

1. (Optional) Set the auto-negotiation mode of the Ethernet port.

Run the auto-neg command to set the auto-negotiation mode of the Ethernet port. You can enable or disable the auto-negotiation mode:

(35)

– After the auto-negotiation mode is enabled, the port automatically negotiates with the peer port for the rate and working mode of the Ethernet port.

– After the auto-negotiation mode is disabled, the rate and working mode of the port are in the forced mode (adopt default values or are set through command lines). 2. (Optional) Set the rate of the Ethernet port.

Run the speed command to set the rate of the Ethernet port. After the port rate is set successfully, the port works at the set rate. Pay attention to the following points: – Make sure that the rate of the Ethernet port is the same as that of the interconnected

port on the peer device. This prevents communication failure. – The auto-negotiation mode needs to be disabled.

3. (Optional) Set the duplex mode of the Ethernet port.

Run the duplex command to set the duplex mode of the Ethernet port. The duplex mode of an Ethernet port can be full-duplex, half-duplex, or auto negotiation. Pay attention to the following points:

– Make sure that the ports of two interconnected devices work in the same duplex modes. This prevents communication failure.

– The auto-negotiation mode needs to be disabled.

4. (Optional) Configure the network cable adaptation mode of the Ethernet port. Run the mdi command to configure the network cable adaptation mode of the Ethernet port to match the actual network cable. The network adaptation modes are as follows: – normal: Specifies the adaptation mode of the network cable as straight-through

cable. In this case, the network cable connecting to the Ethernet port must be a straight-through cable.

– across: Specifies the adaptation mode of the network cable as crossover cable. In this case, the network cable connecting to the Ethernet port must be a crossover cable.

– auto: Specifies the adaptation mode of the network cable as auto-sensing. The network cable can be a straight-through cable or crossover cable.

Pay attention to the following points:

– The Ethernet optical port does not support the network cable adaptation mode. – If the Ethernet electrical port works in forced mode (auto-negotiation mode

disabled), the network cable type of the port cannot be configured to auto. l Configure flow control on the Ethernet port.

Run the flow-control command to enable flow control on the Ethernet port. When the flow of an Ethernet port is heavy, run this command to control the flow to prevent network congestion, which may cause the loss of data packets. Flow control needs to be supported on both the local and peer devices. Pay attention to the following points:

– If the peer device does not support flow control, generally, enable flow control on the local device.

– If the peer device supports flow control, generally, disable flow control on the local device.

By default, flow control is disabled. l Mirror the Ethernet port.

MA5600&MA5603 V300R003C05 Configuration Guide 09(32)

Module

V300R003C05

Configuration Guide

Huawei Technologies Co., Ltd.

About This Document

Purpose

Related Versions

Intended Audience

Conventions

Symbol Conventions

General Conventions

Command Conventions

GUI Conventions

Keyboard Operation

Mouse Operation

Update History

Issue 09 (2015-02-28)

Issue 08 (2013-12-30)

Issue 07 (2013-03-26)

Issue 06 (2012-01-20)

Issue 05 (2010-11-29)

Issue 04 (2010-10-25)

Issue 03 (2010-03-15)

Issue 02 (2009-03-15)

Updates in Issue 01 (2008-11-20)

Contents

About This Document...ii

1 Basic Configurations...1

2 Protocol Configuration...84

3 Configuring the xDSL Internet Access Service...151

4 Configuring the Multicast Service in the MVLAN Mode...171

5 Configuring the Multicast Service in the Non-MVLAN Mode...201

6 Configuration Examples of Services...223

7 Configuring the Uplink Redundancy Backup...285

8 Configuring the Device Subtending...288

9 Configuration Example of the Integrated MSTP Network...304

10 Configuration Example of the Integrated Subtending Network...339

A FAQ... 361

1

Basic Configurations

About This Chapter

1.1 Configuring the License Function

Prerequisites

Application Context

Background Information

Precautions

Procedure

Example

1.2 Configuring the System Clock

Background Information

Procedure

Example

1.3 Configuring the Network Time

Background Information

Default Configuration

1.3.1 (Optional) Configuring NTP Authentication

Prerequisites

Background Information

Precautions

Procedure

Example

1.3.2 Configuring the Broadcast Mode NTP

Prerequisites

Background Information

Precautions

Procedure

Example

1.3.3 Configuring the Multicast Mode NTP

Prerequisites

Background Information

Precautions

Procedure

Example

1.3.4 Configuring the Unicast Server Mode NTP

Prerequisites

Background Information

Precautions

Procedure

Example