SmartAX MA5300

Basic Operations
Table of Contents ......................................................................................... i

Chapter 1 Maintenance Terminal Configuration ........................................... 1-1
1.1 Configuring Serial Terminal .............................................................. 1-1
1.2 Configuring Remote Serial Terminal ................................................. 1-6
1.3 Configuring Telnet Environment ....................................................... 1-6
1.4 Telnet Configuration Example ........................................................... 1-10
1.4.1 Example of Outband Telnet Configuration ............................... 1-10
1.4.2 Example of Inband Telnet Configuration .................................. 1-11
Chapter 2 Basic Operations ......................................................................... 2-1
2.1 Command Line Operation Characteristics ........................................ 2-1
2.1.1 Intelligent Matching ................................................................... 2-1
2.1.2 Edit Characteristics ................................................................... 2-2
2.1.3 Display Characteristics ............................................................. 2-3
2.1.4 Command Line Error Prompts .................................................. 2-3
2.1.5 Command Modes ..................................................................... 2-3
2.2 Online Help ....................................................................................... 2-5
2.3 Setting Interactive Mode ................................................................... 2-7
2.4 Switching Terminal Languages ......................................................... 2-8
2.5 Setting System Time ......................................................................... 2-8
2.6 Setting System Name ....................................................................... 2-9
2.7 Setting Terminal Type ....................................................................... 2-9
2.8 Setting Timeout Exit .......................................................................... 2-9
2.9 Setting Terminal Screen Length ....................................................... 2-10
2.10 Setting Terminal Screen Clearance ................................................ 2-10
2.11 Showing Hardware/Software Version ............................................. 2-10
2.12 Showing History Commands ........................................................... 2-10
2.13 Showing CPU Occupancy Ratio ..................................................... 2-11
2.14 Network Testing Tools .................................................................... 2-11
Chapter 3 User Management ....................................................................... 3-1
3.1 Overview ........................................................................................... 3-1
3.2 Adding/Deleting a User ..................................................................... 3-2
3.2.1 Confirming a User and the Associated Authority ...................... 3-2
3.2.2 Adding a User ........................................................................... 3-2
3.2.3 Deleting a User ......................................................................... 3-4
3.3 Modifying User Attributes .................................................................. 3-4
3.4 Viewing User Information .................................................................. 3-6
Chapter 4 Line Configuration ....................................................................... 4-1
4.1 Introduction ....................................................................................... 4-1
4.2 Entering Line Configuration Mode .................................................... 4-2
4.3 Configuring Attributes of Asynchronous Interface ............................. 4-2
4.4 Defining the HyperTerminal Attributes .............................................. 4-3
4.5 Querying Line Information ................................................................. 4-5
Chapter 5 Board Management ..................................................................... 5-1
5.1 Overview ........................................................................................... 5-1
5.2 Querying a Board .............................................................................. 5-1
5.3 Adding a Board ................................................................................. 5-3
5.4 Confirming a Board ........................................................................... 5-5
5.5 Deleting a Board ............................................................................... 5-5
5.6 Resetting a Board ............................................................................. 5-6
5.7 Resetting the System ........................................................................ 5-6
Chapter 6 MAC Address Management ........................................................ 6-1
6.1 Overview ........................................................................................... 6-1
6.2 Adding/Modifying/Deleting Address Item .......................................... 6-1
6.3 Configuring System MAC Address Aging ......................................... 6-2
6.4 Enabling/Disabling Address Learning ............................................... 6-3
6.5 Viewing Address List ......................................................................... 6-3
Chapter 7 ARP Configuration ....................................................................... 7-1
7.1 Overview ........................................................................................... 7-1
7.2 Configuring Static ARP ..................................................................... 7-2
Chapter 8 Network Management Configuration ........................................... 8-1
8.1 Configuring Outband NMS ................................................................ 8-1
8.1.1 Setting IP Address of Outband Port ......................................... 8-1
8.1.2 Configuring Routes for Outband NMS ...................................... 8-2
8.1.3 Configuring SNMP .................................................................... 8-3
8.2 Configuring Inband NMS ................................................................... 8-3
8.2.1 Setting IP Address of Inband NMS ........................................... 8-4
8.2.2 Configuring Inband NMS Routes .............................................. 8-5
8.2.3 Configuring IP Addresses Allowed to Access the MA5300 ...... 8-5
8.2.4 Configuring SNMP .................................................................... 8-6
8.3 Configuring SNMP ............................................................................ 8-6
8.3.1 Overview ................................................................................... 8-6
8.3.2 Configuring SNMP V1/V2C ...................................................... 8-9
8.3.3 Configuring SNMP V3 .............................................................. 8-12
8.4 NMS Configuring Example ................................................................ 8-15
8.4.1 Example of Outband NMS Configuration ................................. 8-15
8.4.2 Example of Inband NMS Configuration .................................... 8-16
Service Configuration
Chapter 1 Ethernet Port Configuration ......................................................... 1-1
1.1 Overview ........................................................................................... 1-1
1.2 Setting Port Physical Properties ....................................................... 1-2
1.3 Setting Port Flow Control .................................................................. 1-3
1.4 Setting Port Broadcast Storm Suppression ...................................... 1-3
1.5 Setting Port Priority Level ................................................................. 1-4
1.6 Setting Maximum Multicast Group Counts ........................................ 1-4
1.7 Setting Port Aggregation ................................................................... 1-4
1.8 Querying Ethernet Port Information .................................................. 1-5
1.9 Enabling/Disabling Long Frames on an Ethernet port ...................... 1-6
Chapter 2 VDSL Port Configuration ............................................................. 2-1
2.1 Overview of VDSL Port Configuration ............................................... 2-1
2.2 Setting VDSL Port Ethernet Parameters ........................................... 2-1
2.3 Setting Port Traffic Control ................................................................ 2-2
2.4 Setting Port Multicast Storm Suppression ........................................ 2-2
2.6 Setting Maximum Multicast Group Counts ........................................ 2-3
2.7 Enabling/Disabling Port MAC Address Learning .............................. 2-3
2.8 Setting a VDSL Line Profile .............................................................. 2-4
2.8.1 Blocking/Unblocking a VDSL Port ............................................ 2-4
2.8.2 Adding/Deleting/Modifying a VDSL Line Profile ....................... 2-5
2.8.3 Activating/Deactivating a VDSL Port ........................................ 2-10
2.9 Setting a VDSL Alarm profile ............................................................ 2-12
2.9.1 Blocking/Unblocking a VDSL Port ............................................ 2-12
2.9.2 Adding/Deleting/Modifying a VDSL Alarm profile ..................... 2-12
2.9.3 Binding a VDSL Alarm profile ................................................... 2-17
2.9.4 Activating/Deactivating a VDSL Port ........................................ 2-18
2.10 Setting VDSL Port Aggregation ...................................................... 2-18
2.11 VDSL Remote Equipment Management ......................................... 2-19
2.11.1 Enabling/Disabling VDSL Remote Equipment Binding ........... 2-19
2.11.2 Enabling/Disabling Automatic Upgrade of VDSL Remote
Equipment ......................................................................................... 2-20
2.12 Resetting the VDSL Port and Chipset............................................. 2-21
2.13 Querying VDSL Port Information .................................................... 2-21
2.14 Setting VDSL Port Out-line Test ..................................................... 2-26
2.15 Setting VDSL Port Loopback .......................................................... 2-26
Chapter 3 ADSL Port Configuration ............................................................. 3-1
3.1 Overview ........................................................................................... 3-1
3.3 Setting Maximum Multicast Group Count of a Port ........................... 3-2
3.4 Enabling/Disabling Port MAC Address Learning .............................. 3-2
3.5 Setting ADSL Port PVC .................................................................... 3-3
3.5.1 PPPoA/IPoA Configuration ....................................................... 3-3
3.5.2 Configuring Single PVC on an ADSL ....................................... 3-5
3.5.3 Configuring Multiple PVCs on an ADSL Port ............................ 3-6
3.6 Setting ADSL Port CAR .................................................................... 3-10
3.7 Binding ADSL Port and IP Address .................................................. 3-11
3.8 Setting an ADSL Line Profile ............................................................ 3-11
3.8.1 Blocking/Unblocking an ADSL Port .......................................... 3-11
3.8.2 Adding/Deleting/Modifying an ADSL Line Profile ..................... 3-12
3.8.3 Activating/Deactivating an ADSL Port ...................................... 3-21
3.9 Setting an ADSL Alarm profile .......................................................... 3-23
3.9.1 Blocking/Unblocking an ADSL Port .......................................... 3-23
3.9.2 Adding/Deleting/Modifying an ADSL Alarm profile ................... 3-23
3.9.3 Binding an ADSL Alarm profile ................................................. 3-29
3.9.4 Activating/Deactivating an ADSL Port ...................................... 3-30
3.10 Resetting ADSL Chipset ................................................................. 3-30
3.11 Querying ADSL Port Information .................................................... 3-31
3.12 Setting ADSL Port Out-line Test ..................................................... 3-35
3.13 Setting ADSL Port Loopback .......................................................... 3-35
Chapter 4 ADSL2+ Port Configuration ......................................................... 4-1
4.1 ADSL2+ Line Configuration Profile ................................................... 4-1
4.2 ADSL2+ Alarm profile ....................................................................... 4-6
4.3 ADSL2+ Port Configuration Commands ........................................... 4-8
Chapter 5 SHDSL Port Configuration ........................................................... 5-1
5.1 Overview ........................................................................................... 5-1
5.2 Setting Port Priority Levels ................................................................ 5-1
5.3 Setting Maximum Multicast Group Count ......................................... 5-2
5.4 Enabling/Disabling MAC Address Learning ...................................... 5-2
5.5 Setting SHDSL Port PVC .................................................................. 5-4
5.6 Setting SHDSL Port CAR.................................................................. 5-5
5.7 Setting Binding between SHDSL Port & IP Address ......................... 5-6
5.8 Setting an SHDSL Line Profile .......................................................... 5-7
5.8.1 Blocking/Unblocking an SHDSL Port ........................................ 5-7
5.8.2 Adding/Deleting/Modifying an SHDSL Line Profile ................... 5-7
5.8.3 Activating/Deactivating an SHDSL Port.................................... 5-12
5.9 Configuring SHDSL Alarm profile ..................................................... 5-14
5.9.1 Blocking/Unblocking SHDSL Port............................................. 5-14
5.9.2 Adding/Deleting/Modifying an SHDSL Alarm profile ................. 5-14
5.9.3 Binding an SHDSL Alarm profile .............................................. 5-17
5.9.4 Activating/Deactivating an SHDSL Port.................................... 5-18
5.10 Resetting the SHDSL Port and Chipset .......................................... 5-19
5.11 Querying SHDSL Port Information .................................................. 5-19
5.12 Setting SHDSL Port Loopback ........................................................ 5-21
Chapter 6 VLAN Configuration ..................................................................... 6-1
6.1 Overview ........................................................................................... 6-1
6.2 Configuring VLAN ............................................................................. 6-1
6.3 Configuring a VLAN Interface ........................................................... 6-4
6.4 Configuring VLAN Trunk ................................................................... 6-5
6.5 VLAN Configuration Examples ......................................................... 6-6
6.5.1 Configuring VLAN Interconnection ........................................... 6-6
6.5.2 Configuring VLAN Trunk Interconnection ................................. 6-11
Chapter 7 Smart VLAN Configuration .......................................................... 7-1
7.1 Overview ........................................................................................... 7-1
7.2 Creating/Deleting a VLAN ................................................................. 7-1
7.3 Setting/Canceling a VLAN as a Smart VLAN.................................... 7-1
7.4 Adding an Upstream Port to the Smart VLAN ................................... 7-2
7.5 Adding Downstream Ports to the Smart VLAN ................................. 7-3
7.6 Querying Smart VLAN Information ................................................... 7-4
7.7 Smart VLAN Configuration Examples ............................................... 7-5
7.7.1 Smart VLAN (Access Mode) ..................................................... 7-5
7.7.2 Smart VLAN (Trunk Mode) ....................................................... 7-6
Chapter 8 MUX VLAN Configuration ............................................................ 8-1
8.1 Overview ........................................................................................... 8-1
8.2 Enabling/Disabling MUX VLAN ......................................................... 8-1
8.3 Configure MUX VLAN Configuration Profile ..................................... 8-2
8.4 Specifying Upstream Port and Range of Local MUX VLAN .............. 8-2
8.5 Specifying Cascading Port and Range of Cascaded MUX VLANs ... 8-4
8.6 Setting MUX VLANs for a Specified Interface Board ........................ 8-5
8.7 Setting the MUX VLAN for a Specified Port ...................................... 8-8
8.8 MUX VLAN Configuration Examples ................................................ 8-10
8.8.1 Basic MUX VLAN Application ................................................... 8-10
8.8.2 MUX VLAN Cascading Application ........................................... 8-14
8.8.3 Comprehensive MUX VLAN Application .................................. 8-19
Chapter 9 STP Configuration ....................................................................... 9-1
9.1 Overview ........................................................................................... 9-1
9.2 Configuring RSTP ............................................................................. 9-7
9.2.1 Enabling/Disabling System RSTP ............................................ 9-7
9.2.2 Enabling/Disabling Port RSTP .................................................. 9-8
9.2.3 Setting Network Diameter......................................................... 9-8
9.2.4 Setting Operating Mode of RSTP ............................................. 9-9
9.2.5 Setting the Priority of a Specified Bridge .................................. 9-9
9.2.6 Setting Forward Delay of Specified Bridge ............................... 9-10
9.2.7 Setting Hello Time of a Specified Bridge .................................. 9-11
9.2.8 Setting Max. Age of a Specified Bridge .................................... 9-11
9.2.9 Setting Maximum Transmission Speed of a Specified
Bridge ................................................................................................ 9-12
9.2.10 Setting Specified Port as an Edge Port .................................. 9-12
9.2.11 Setting Path Cost of a Specified Port ..................................... 9-13
9.2.12 Setting Priority of a Specified Port .......................................... 9-13
9.2.13 Enabling/Disabling Point-to-point Link on a Specified Port .... 9-14
9.2.14 Running mCheck .................................................................... 9-15
9.2.15 Querying RSTP Information ................................................... 9-15
Chapter 10 IGMP Snooping Configuration ................................................... 10-1
10.1 Overview ......................................................................................... 10-1
10.1.1 IGMP Snooping Principle ....................................................... 10-1
10.1.2 Implementation of IGMP Snooping ......................................... 10-2
10.2 Configuring IGMP Snooping ........................................................... 10-4
10.2.1 Enabling/Disabling IGMP Snooping Globally ......................... 10-5
10.2.2 Setting Aging Time of Multicast Group Member Port ............. 10-5
10.2.3 Setting Aging Time of the Router Port .................................... 10-6
10.2.4 Setting Maximum Response Time.......................................... 10-6
10.2.5 Enabling a User under a Port to Leave an Multicast
Quickly ............................................................................................... 10-7
10.2.6 Setting the Router Port ........................................................... 10-8
10.3 Querying IGMP Snooping Information ............................................ 10-9
10.4 Configuration Example of IGMP Snooping ..................................... 10-11
10.5 Troubleshooting IGMP Snooping .................................................... 10-12
Chapter 11 IGMP Proxy Configuration ......................................................... 11-1
11.1 Overview ......................................................................................... 11-1
11.2 Basic IGMP Proxy Configuration .................................................... 11-1
11.2.1 Enabling/Disabling IGMP Proxy ............................................. 11-1
11.2.2 Configuring the Master Upstream Port ................................... 11-2
11.2.3 Maintaining a Program Library ............................................... 11-3
11.2.4 Configuring Parameters for a Multicast Router ...................... 11-7
11.2.5 Configuring the Static Multicast Members of an IGMP
Proxy Group ...................................................................................... 11-9
11.2.6 Querying IGMP Proxy Configurations .................................... 11-10
11.2.7 Querying Multicast Group Information .................................... 11-10
11.3 Configuring Authority Profile-Based Controlled Multicast ............... 11-12
11.3.1 Configuring Authority Profile ................................................... 11-12
11.3.2 Configuration User Authority .................................................. 11-17
11.4 Querying the IGMP Proxy Log ........................................................ 11-20
Chapter 12 Multicast VLAN Configuration .................................................... 12-1
12.1 Overview ......................................................................................... 12-1
12.2 Configuring Multicast VLAN ............................................................ 12-1
12.2.1 Configuring Upstream Port of the Multicast VLAN ................. 12-1
12.2.2 Configuring Downstream Port of Multicast VLAN ................... 12-2
12.2.3 Querying the Multicast VLAN ................................................. 12-2
12.3 Configuration Example of Multicast VLAN ...................................... 12-3
Chapter 13 Managed Multicast Configuration .............................................. 13-1
13.1 Overview ......................................................................................... 13-1
13.2 Configuring Managed Multicast ...................................................... 13-1
13.2.1 Enabling/Disabling Managed Multicast ................................... 13-1
13.2.2 Configuring Multicast Group Accessibility .............................. 13-2
13.2.3 Querying the Debugging Information of Managed
Multicast ............................................................................................ 13-3
13.3 Configuration Example of Managed Multicast ................................ 13-3
Chapter 14 ACL Configuration ..................................................................... 14-1
14.1 Introduction to ACL ......................................................................... 14-1
14.1.1 Overview................................................................................. 14-1
14.1.2 Configuring the Match Order .................................................. 14-1
14.1.3 ACLs Supported by the MA5300 ............................................ 14-2
14.2 Configuring ACL.............................................................................. 14-3
14.2.1 Configuring Time-Range ........................................................ 14-3
14.2.2 Defining ACL .......................................................................... 14-4
14.2.3 Activating an ACL ................................................................... 14-12
14.2.4 Querying ACL Information ...................................................... 14-13
14.3 ACL Configuration Example............................................................ 14-13
Chapter 15 QoS Configuration ..................................................................... 15-1
15.1 Overview ......................................................................................... 15-1
15.1.1 Traffic Classification ............................................................... 15-1
15.1.2 Packet Filtering ....................................................................... 15-2
15.1.3 Traffic Policing ........................................................................ 15-2
15.1.4 Port Rate Limit ........................................................................ 15-2
15.1.5 Redirection ............................................................................. 15-2
15.1.6 Priority Tag ............................................................................. 15-2
15.1.7 Selecting Egress Queue for the Packets ................................ 15-4
15.1.8 Queue Scheduling .................................................................. 15-4
15.1.9 Traffic Mirroring ...................................................................... 15-5
15.1.10 Port Mirroring ........................................................................ 15-5
15.1.11 Traffic Statistics .................................................................... 15-6
15.1.12 QoS Implementation ............................................................. 15-6
15.2 Configuring QoS ............................................................................. 15-6
15.2.1 Configuring Traffic Policing ..................................................... 15-6
15.2.2 Configuring Port Rate Limit .................................................... 15-7
15.2.3 Configuring Packet Redirection .............................................. 15-7
15.2.4 Configuring Priority Tag .......................................................... 15-8
15.2.5 Configuring Queue Scheduling ............................................... 15-9
15.2.6 Configuring Traffic Mirroring ................................................... 15-9
15.2.7 Configuring Traffic Statistics ................................................... 15-10
15.2.8 Querying QoS Information ...................................................... 15-11
15.3 QoS Configuration Example ........................................................... 15-11
Chapter 16 Cluster Management Configuration ........................................... 16-1
16.1 Overview ......................................................................................... 16-1
16.1.1 Cluster Roles .......................................................................... 16-2
16.1.2 Functions ................................................................................ 16-3
16.2 Configuring HDP ............................................................................. 16-4
16.2.1 Introduction to HDP ................................................................ 16-4
16.2.2 Enabling/Disabling Global HDP .............................................. 16-5
16.2.3 Enabling/Disabling HDP on a Port.......................................... 16-6
16.2.4 Setting HDP Holdtime ............................................................. 16-6
16.2.5 Setting HDP Timer.................................................................. 16-7
16.2.6 Querying HDP Information ..................................................... 16-7
16.3 Configuring HTP ............................................................................. 16-8
16.3.1 Introduction to HTP ................................................................. 16-8
16.3.2 Enabling/Disabling Global HTP .............................................. 16-9
16.3.3 Enabling/Disabling HTP on a Port .......................................... 16-9
16.3.4 Setting Topology Collection Range ........................................ 16-10
16.3.5 Setting Delay for the Device to Forward Collection
Request ............................................................................................. 16-11
16.3.6 Setting Delay for the Port to Forward Collection Request ...... 16-11
16.3.7 Setting Topology Collection Interval ....................................... 16-12
16.3.8 Starting Topology Information Collection ................................ 16-12
16.3.9 Querying HTP Information ...................................................... 16-13
16.4 Configuring a Cluster ...................................................................... 16-14
16.4.1 Introduction to the Cluster ...................................................... 16-14
16.4.2 Enabling/Disabling Cluster Function....................................... 16-14
16.4.3 Configuring Cluster IP Address Pool ...................................... 16-15
16.4.4 Setting the Cluster Name ....................................................... 16-16
16.4.5 Adding/Deleting a Cluster Member ......................................... 16-17
16.4.6 Enabling Cluster Auto-Setup .................................................. 16-18
16.4.7 Setting Cluster Holdtime ......................................................... 16-19
16.4.8 Setting the Handshaking Message Interval ............................ 16-19
16.4.9 Configuring Remote Control over Member Devices ............... 16-20
16.4.10 Configuring FTP/TFTP Server, SNMP and Log Hosts for
a Cluster ............................................................................................ 16-21
16.4.11 Configuring Member Accessing ............................................ 16-22
16.4.12 Querying Cluster Information................................................ 16-23
16.5 Configuration Example of Cluster Management ............................. 16-24
Chapter 17 802.1x Configuration ................................................................. 17-1
17.1 Overview ......................................................................................... 17-1
17.1.1 Introduction to 802.1x ............................................................. 17-1
17.1.2 802.1x System Architecture .................................................... 17-1
17.1.3 802.1x Authentication Process ............................................... 17-2
17.1.4 Implementing 802.1x on MA5300 ........................................... 17-4
17.2 Configuring 802.1x .......................................................................... 17-4
17.2.1 Enabling/Disabling 802.1x ...................................................... 17-4
17.2.2 Setting Port Access Control Mode.......................................... 17-5
17.2.3 Setting Port Access Control Method....................................... 17-5
17.2.4 Setting Number of Users Per Port .......................................... 17-6
17.2.5 Enabling/Disabling DHCP Trigger Authentication .................. 17-6
17.2.6 Setting the Authenticator-to-Supplicant Frame-Retry
Times ................................................................................................. 17-6
17.2.7 Configuring Timer Parameters ............................................... 17-6
17.3 802.1x Configuration Example ........................................................ 17-7
Chapter 18 AAA and RADIUS Configuration ............................................... 18-1
18.1 AAA and RADIUS Overview ........................................................... 18-1
18.1.1 Introduction to AAA ................................................................. 18-1
18.1.2 Introduction to RADIUS .......................................................... 18-1
18.1.3 Implementing AAA/RADIUS on MA5300 ................................ 18-2
18.2 Configuring AAA ............................................................................. 18-3
18.2.1 Setting Authen/Author Scheme .............................................. 18-3
18.2.2 Setting Accounting Scheme ................................................... 18-5
18.2.3 Creating/Deleting ISP Domain................................................ 18-5
18.2.4 Configuring a User.................................................................. 18-9
18.3 Configuring RADIUS ....................................................................... 18-11
18.3.1 Creating/Deleting a RADIUS server group ............................. 18-11
18.3.2 Setting IP Address and Port Number of RADIUS Server ....... 18-12
18.3.3 Setting Encryption Key of RADIUS Packet ............................. 18-13
18.3.4 Setting Response Timeout Timer of RADIUS Server ............. 18-13
18.3.5 Setting Retransmit Times of RADIUS Request Packet .......... 18-13
18.3.6 Setting the Realtime Accounting Interval ................................ 18-14
18.3.7 Setting Maximum Failure Count of Realtime Accounting
Request ............................................................................................. 18-15
18.3.8 Setting Maximum Times for Resending Account-Stop
Request ............................................................................................. 18-15
18.3.9 Setting the RADIUS Server Type ........................................... 18-16
18.3.10 Setting RADIUS Server State ............................................... 18-16
18.3.11 Setting the Format of Username Sent to RADIUS Server .... 18-17
18.4 Querying AAA and RADIUS Information ......................................... 18-17
18.5 Example of AAA and RADIUS Configuration .................................. 18-18
18.6 Fault Diagnosis and Troubleshooting ............................................. 18-19
Chapter 19 PITP Configuration .................................................................... 19-1
19.1 Overview ......................................................................................... 19-1
19.2 Enabling/Disabling PITP ................................................................. 19-1
19.3 Setting PITP Ethernet Type ............................................................ 19-1
Chapter 20 ISU Configuration ...................................................................... 20-1
20.1 Introduction to ISU .......................................................................... 20-1
20.2 MA5300s ISU Board ...................................................................... 20-1
20.3 Configuring the ISU Board .............................................................. 20-2
Chapter 21 Overview of IP Routing Protocol................................................ 21-1
21.1 IP Routing and Routing Table ......................................................... 21-1
21.1.1 Route and Route Segment ..................................................... 21-1
21.1.2 Route Selection through the Routing Table ............................ 21-2
21.2 Route Management Policy .............................................................. 21-3
21.2.1 Routing Protocols and Routing Priority ................................... 21-3
21.2.2 Load Sharing and Route Backup ............................................ 21-4
Chapter 22 Static Route Configuration......................................................... 22-1
22.1 Overview ......................................................................................... 22-1
22.1.1 Attributes and Function of Static Route .................................. 22-1
22.1.2 Default Route .......................................................................... 22-1
22.2 Configuring Static Routes ............................................................... 22-2
22.2.1 Configuring a Static Route...................................................... 22-2
22.2.2 Configuring a Default Route ................................................... 22-3
22.2.3 Querying a Static Route ......................................................... 22-3
22.3 Example of Static Route Configuration ........................................... 22-4
22.4 Static Route Troubleshooting .......................................................... 22-5
Chapter 23 OSPF Configuration .................................................................. 23-1
23.1 Overview ......................................................................................... 23-1
23.1.1 Introduction to OSPF .............................................................. 23-1
23.1.2 Process of OSPF Route Calculation ...................................... 23-2
23.1.3 OSPF Packets ........................................................................ 23-2
23.1.4 Related Concepts ................................................................... 23-3
23.1.5 OSPF Features of the MA5300 .............................................. 23-4
23.2 Configuring OSPF ........................................................................... 23-5
23.2.1 Enabling/Disabling OSPF ....................................................... 23-6
23.2.2 Specifying the Interface and Area ID ...................................... 23-6
23.2.3 Configuring Router ID ............................................................. 23-7
23.2.4 Configuring Network Type on the OSPF Interface ................. 23-7
23.2.5 Configuring Cost for Interface Transmit Packets .................... 23-9
23.2.6 Setting Interface Priority in DR Election ................................. 23-9
23.2.7 Setting the Neighbor ............................................................... 23-11
23.2.8 Setting the Transmit Interval of the Hello Packet ................... 23-11
23.2.9 Setting the Dead Interval Between Adjacent Routers ............ 23-12
23.2.10 Setting the LSA Transmit Interval ......................................... 23-12
23.2.11 Setting the LSA Retransmit Interval Between Adjacent
Routers .............................................................................................. 23-13
23.2.12 Configuring OSPF Stub Area ............................................... 23-13
23.2.13 Configure OSPF NSSA ........................................................ 23-14
23.2.14 Configuring Route Summarization Between Areas .............. 23-16
23.2.15 Configuring a Virtual Link ..................................................... 23-17
23.2.16 Configuring Packet Authentication between OSPF Areas .... 23-18
23.2.17 Configuring Packet Authentication Mode ............................. 23-18
23.2.18 Redistributing Routes of Other Protocols ............................. 23-19
23.2.19 Configuring Parameters for OSPF to Redistribute
External Routes ................................................................................. 23-20
23.2.20 Redistributing Default Routes into the OSPF Routing
Table .................................................................................................. 23-21
23.2.21 Setting Route Preference ..................................................... 23-21
23.2.22 Configuring OSPF Route Filtering ........................................ 23-21
23.2.23 Configuring MTU Filling for an Interface Transmiting DD
Packets .............................................................................................. 23-22
23.2.24 Configuring Sending of OSPF Packets on an Interface ....... 23-23
23.2.25 Querying OSPF Information ................................................. 23-23
23.3 OSPF Configuration Examples ....................................................... 23-24
23.3.1 Configuring DR Election by OSPF Preference ....................... 23-24
23.3.2 Configuring OSPF Virtual Links .............................................. 23-26
23.4 OSPF Troubleshooting ................................................................... 23-28
Maintenance Operations
Chapter 1 Loading and Backup .................................................................... 1-1
1.1 Loading ............................................................................................. 1-1
1.1.1 Loading Host Program Files ..................................................... 1-1
1.1.2 Loading Multi-language Resource File ..................................... 1-6
1.1.3 Loading the Program of Service Board .................................... 1-7
1.2 Backup .............................................................................................. 1-8
1.2.1 Viewing and Saving System Configuration Files ...................... 1-8
1.2.2 Backing Up the System Data Using TFTP ............................... 1-11
1.2.3 Backing Up the System Data Using FTP .................................. 1-12
Chapter 2 Patch Management ..................................................................... 2-1
2.1 Overview ........................................................................................... 2-1
2.2 Procedure for Patch Operations ....................................................... 2-2
2.3 Patch Loading Examples .................................................................. 2-2
Chapter 3 Logs and Alarms .......................................................................... 3-1
3.1 Log Management .............................................................................. 3-1
3.1.1 Querying Logs .......................................................................... 3-1
3.1.2 Configuring Log Host ................................................................ 3-2
3.2 Configuring Alarms ........................................................................... 3-2
3.2.1 Querying Alarm Records .......................................................... 3-4
3.2.2 Querying Alarm Configurations ................................................ 3-5
3.2.3 Setting Alarm Levels ................................................................. 3-5
3.2.4 Setting Alarm Output on a CLI Terminal ................................... 3-6
3.2.5 Setting Alarm Statistics ............................................................. 3-7
3.2.6 Setting Alarm Threshold ........................................................... 3-9
3.2.7 Querying Alarm Statistics ......................................................... 3-10
3.2.8 Clearing Alarm Statistics .......................................................... 3-10
3.2.9 Querying Basic Alarm Information ............................................ 3-10
Chapter 4 File Management ......................................................................... 4-1
4.1 Configuring File System .................................................................... 4-1
4.1.1 Directory-Related Operations ................................................... 4-1
4.1.2 File-Related Operations............................................................ 4-1
4.1.3 Memory Device Related Operations ......................................... 4-2
4.2 Configuring FTP ................................................................................ 4-3
4.2.1 Overview ................................................................................... 4-3
4.2.2 Enabling/Disabling FTP Server ................................................ 4-3
4.2.3 Configuring Authentication and Authorization of FTP Server ... 4-4
4.2.4 Setting FTP Timeout ................................................................. 4-4
4.2.5 Querying FTP Server Information............................................. 4-4
4.2.6 FTP Client................................................................................. 4-5
4.3 Configuring TFTP.............................................................................. 4-5
4.3.1 Overview ................................................................................... 4-5
4.3.2 Setting Transfer Mode .............................................................. 4-5
4.3.3 Configuring File Downloading................................................... 4-6
4.3.4 Configuring File Uploading ....................................................... 4-6
Chapter 5 Environment Monitoring Management ......................................... 5-1
5.1 Overview ........................................................................................... 5-1
5.2 Configuration Procedures ................................................................. 5-2
5.3 Configuring EMU ............................................................................... 5-2
5.3.1 Adding/Deleting/Querying an EMU ........................................... 5-3
5.4 Configuring EMU-H303ESC ............................................................. 5-5
5.4.1 Configuring H303ESC Environment Monitor Parameter .......... 5-5
5.4.2 Displaying H303ESC Environment Information ........................ 5-6
5.5 Configuring EMU-Power 4875/4845 ................................................. 5-7
5.5.1 Configuring 4875/4845 Power Module ..................................... 5-7
5.5.2 Querying Information on POWER4875/4845 ........................... 5-8
5.6 Configuring EMU-DIS ....................................................................... 5-9
5.6.1 Configuring DIS Parameters ..................................................... 5-9
5.6.2 Displaying DIS Information ....................................................... 5-10
5.7 Configuration Examples .................................................................... 5-10
5.7.1 Configuring H303ESC .............................................................. 5-10
5.7.2 Configuring a DIS ..................................................................... 5-13
Chapter 6 Active/Standby Switchover .......................................................... 6-1
6.1 Overview ........................................................................................... 6-1
6.1.1 Basic Principles ........................................................................ 6-1
6.1.2 Active/Standby Switchover Modes ........................................... 6-2
6.2 Preconditions for Active/Standby Switchover ................................... 6-3
6.3 MA5300+Double ISUs Active/Standby Switchover ........................... 6-3
6.4 ESM+EIU Active/Standby Switchover .............................................. 6-8
6.4.1 Establishing Switch-over Environment ..................................... 6-8
6.4.2 Active/Standby Switchover Configuration Commands ............. 6-8
6.4.3 Configuring Automatic Switchover ............................................ 6-9
6.4.4 Configuring Manual Switchover ................................................ 6-10
Appendix
Appendix A Acronyms and Abbreviations .................................................... A-1
HUAWEI
1. Basic Operations
2. Service Configuration
3. Maintenance Operations
4. Appendix
SmartAX MA5300/5303 Broadband Access System

Operation Manual
V100R005
SmartAX MA5300/5303 Broadband Access System
Operation Manual
Manual Version T2-051692-20040707-C-1.50
Product Version V100R005
BOM 31161292
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support
and service. Please feel free to contact our local office or company headquarters.
Huawei Technologies Co., Ltd.
Address: Administration Building, Huawei Technologies Co., Ltd.,
Bantian, Longgang District, Shenzhen, P. R. China
Postal Code: 518129
Website: http://www.huawei.com
Email: support@huawei.com
Copyright 2004 Huawei Technologies Co., Ltd.
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any

means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks
, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

TELLIN, InfoLink, Netkey, Quidway, SYNLOCK, Radium, M900/M1800,
TELESIGHT, Quidview, Musa, Airbridge, Tellwin, Inmedia, VRP, DOPRA, iTELLIN,
HUAWEI OptiX, C&C08 iNET, NETENGINE, OptiX, iSite, U-SYS, iMUSE, OpenEye,
Lansway, SmartAX, infoX, TopEng are trademarks of Huawei Technologies Co.,
Ltd.
All other trademarks mentioned in this manual are the property of their respective
holders.
Notice
The information in this manual is subject to change without notice. Every effort has
been made in the preparation of this manual to ensure accuracy of the contents, but
all statements, information, and recommendations in this manual do not constitute
the warranty of any kind, express or implied.
About This Manual
Release Notes
The current version of this manual applies to the SmartAX MA5300 Broadband Access
System V100R005.
Related Manuals
The following manuals provide detailed information about the SmartAX MA5300
Broadband Access System (MA5300 for short).
Manual Content
It provides an overall introduction to the MA5300, including
MA5300 Broadband Access System the major functions, system structure, service
Technical Manual implementation, management & maintenance, networking
& applications.
SmartAX MA5300/5303 Broadband It is used for assisting the users in general operations, data
Access System Operation Manual configurations and typical applications.
It introduces all commands available in the MA5300, as well
SmartAX MA5300/5303 Broadband
as the command usage and examples. For specific
Access System Command Reference
command reference, consult the related electronic
(CD-ROM)
documentation.
It provides information on the system installation, including
MA5300 Broadband Access System
the installation of the cabinet, power system and various
Installation Manual
cables.
The following manuals provide detailed information about the SmartAX MA5303
Broadband Access System (MA5303 for short).
Manual Content
It provides an overall introduction to the MA5300 Series,
SmartAX MA5300/5303 Broadband including the major functions, system structure, service
Access System Technical Manual implementation, management & maintenance, networking
& applications.
It is used for assisting the users in general operations, data
SmartAX MA5300/5303 Broadband
configurations and typical applications of the MA5300
Access System Operation Manual
Series.
SmartAX MA5300/5303 Broadband It introduces all commands available in the MA5300 Series,
Access System Command Reference as well as the command usage and examples. It is only
(CD-ROM) available in electronic form.
It provides information on the system installation of the
MA5303 Broadband Access System
MA5303, involving the installation of the cabinet, power
Installation Manual
system and various cables.
Difference between the MA5300 and the MA5303
This manual takes the MA5300 for illustration. Also refer to this manual for
configuration of the MA5303. The following describes the difference between the
MA5300 and the MA5303.
Both the MA5300 and the MA5303 are Huawei-developed broadband access devices
that provide broadband access services such as ADSL, VDSL and LAN.
The MA5300 is of the cabinet structure. Each MA5300 frame has 16 slots, among
which slots 7 and 8 house the ESM board, while slots 0 6, 9 15 house various
service boards. Slots 14 and 15 can also house the ISU boards.
The MA5303 has 7 slots, among which slot 7 houses the ESM board, while slots 1 6
house various service boards.
See the following table.
Difference between the MA5300 and the MA5303

MA5300 MA5303
Indicator MA5300> MA5303>
Slot No. for MMX 78 7
Slot No. for service
0 6, 9 15 16
boards
Special care shall be taken in configuring data for the MA5303 slot. The system will
issue alarms for configurations in the wrong slot number.
Organization
The manual assists the users in general operations, data configurations and typical
applications of the MA5300. There are four parts in the manual, including:
Part 1 Basic Operations details the maintenance terminal configuration, system basic
configuration, user management, Line management, board management, MAC
address management, ARP configuration and network management configuration.
Part 2 Service Configuration describes configuration of VDLS, ADSL and Ethernet

ports, VLAN configuration, STP configuration, multicast configuration, QACL
configuration, cluster configuration and 802.1x configuration.
Part 3 Maintenance Operations elaborates on maintenance operations including

loading & backup, patch management, log & alarm management, file management,
broadband test, environment monitoring, as well as active/standby switchover.
Appendix lists acronyms and abbreviations involved in this manual.
Intended Audience
The manual is intended for the following readers:

z Network designers
z Network administrators
z xDSL system engineers
Conventions
The manual uses the following conventions:
I. General conventions
Convention Description
Arial Normal paragraphs are in Arial.
Arial Narrow Warnings, Cautions, Notes and Tips are in Arial Narrow.
Boldface Headings are in Boldface.
Courier New Terminal Display is in Courier New.
II. Command conventions
Boldface The keywords of a command line are in Boldface.
italic Command arguments are in italic.
[] Items (keywords or arguments) in square brackets [ ] are optional.
Alternative items are grouped in braces and separated by vertical bars.
{ x | y | ... }
One is selected.
Optional alternative items are grouped in square brackets and separated
[ x | y | ... ]
by vertical bars. One or none is selected.
Alternative items are grouped in braces and separated by vertical bars. A
{ x | y | ... } *
minimum of one or a maximum of all can be selected.
Optional alternative items are grouped in square brackets and separated
[ x | y | ... ] *
by vertical bars. Many or none can be selected.
III. GUI conventions
Button names are inside angle brackets. For example, click the <OK>
<>
button.
Window names, menu items, data table and field names are inside square
[]
brackets. For example, pop up the [New User] window.
Multi-level menus are separated by forward slashes. For example,
/
[File/Create/Folder].
IV. Keyboard operation
Format Description
Press the key with the key name inside angle brackets. For example,
<Key>
<Enter>, <Tab>, <Backspace>, or <A>.
Press the keys concurrently. For example, <Ctrl+Alt+A> means the three
<Key1+Key2>
keys should be pressed concurrently.
Press the keys in turn. For example, <Alt, A> means the two keys should
<Key1, Key2>
be pressed in turn.
V. Mouse operation
Action Description
Click Press the left button or right button quickly (left button by default).
Double Click Press the left button twice continuously and quickly.
Drag Press and hold the left button and drag it to a certain position.
VI. Symbols
Eye-catching symbols are also used in the manual to highlight the points worthy of
special attention during the operation. They are defined as follows:
Caution: Means reader be extremely careful during the operation.
Note: Means a complementary description.

Operation Manual
SmartAX MA5300/5303 Broadband Access System General Table of Contents
General Table of Contents
Module/Chapter Content
Basic Operations
Chapter 1 Maintenance Terminal Configuration
Chapter 2 Basic Operations
Chapter 3 User Management
Chapter 4 Line Configuration
Chapter 5 Board Management
Chapter 6 MAC Address Management
Chapter 7 ARP Configuration
Chapter 8 Network Management Configuration
Chapter 9 RMON Configuration
Chapter 10 DHCP Relay Configuration
Chapter 11 IP Performance Configuration
Chapter 1 Ethernet Port Configuration
Chapter 2 VDSL Port Configuration
Chapter 3 ADSL Port Configuration
Chapter 4 ADSL2+ Port Configuration
Chapter 5 SHDSL Port Configuration
Chapter 6 VLAN Configuration
Chapter 7 Smart VLAN Configuration
Chapter 8 MUX VLAN Configuration
Chapter 9 STP Configuration
Chapter 10 IGMP Snooping Configuration
Chapter 11 IGMP Proxy Configuration
Chapter 12 Multicast VLAN Configuration
Chapter 13 Managed Multicast Configuration
Chapter 14 ACL Configuration
Chapter 15 QoS Configuration
i
Operation Manual
SmartAX MA5300/5303 Broadband Access System General Table of Contents
Module/Chapter Content
Chapter 16 Cluster Management Configuration
Chapter 17 802.1x Configuration
Chapter 18 AAA and RADIUS Configuration
Chapter 19 PITP Configuration
Chapter 20 ISU Configuration
Chapter 21 Overview of IP Routing Protocol
Chapter 22 Static Route Configuration
Chapter 23 OSPF Configuration
Chapter 1 Loading and Backup
Chapter 2 Patch Management
Chapter 3 Logs and Alarms
Chapter 4 File Management
Chapter 5 Environment Monitor Management
Chapter 6 Active/Standby Switchover
Appendix
Appendix A Acronyms and Abbreviations
ii
HUAWEI
SmartAX MA5300/5303 Broadband Access

system
Operation Manual
Basic Operations
Operation Manual - Basic Operations
SmartAX MA5300/5303 Broadband Access System Table of Contents
Table of Contents
Chapter 1 Maintenance Terminal Configuration ........................................................................ 1-1

1.1 Configuring Serial Terminal ............................................................................................... 1-1
1.2 Configuring Remote Serial Terminal.................................................................................. 1-6
1.3 Configuring Telnet Environment ........................................................................................ 1-6
1.4 Telnet Configuration Example ......................................................................................... 1-10
1.4.1 Example of Outband Telnet Configuration............................................................ 1-10
1.4.2 Example of Inband Telnet Configuration............................................................... 1-11
Chapter 2 Basic Operations ......................................................................................................... 2-1

2.1 Command Line Operation Characteristics......................................................................... 2-1
2.1.1 Intelligent Matching ................................................................................................. 2-1
2.1.2 Edit Characteristics ................................................................................................. 2-2
2.1.3 Display Characteristics............................................................................................ 2-3
2.1.4 Command Line Error Prompts ................................................................................ 2-3
2.1.5 Command Modes .................................................................................................... 2-3
2.2 Online Help ........................................................................................................................ 2-5
2.3 Setting Interactive Mode .................................................................................................... 2-7
2.4 Switching Terminal Languages.......................................................................................... 2-8
2.5 Setting System Time.......................................................................................................... 2-8
2.6 Setting System Name ........................................................................................................ 2-9
2.7 Setting Terminal Type........................................................................................................ 2-9
2.8 Setting Timeout Exit........................................................................................................... 2-9
2.9 Setting Terminal Screen Length ...................................................................................... 2-10
2.10 Setting Terminal Screen Clearance............................................................................... 2-10
2.11 Showing Hardware/Software Version ............................................................................ 2-10
2.12 Showing History Commands ......................................................................................... 2-10
2.13 Showing CPU Occupancy Ratio .................................................................................... 2-11
2.14 Network Testing Tools ................................................................................................... 2-11
Chapter 3 User Management........................................................................................................ 3-1

3.1 Overview ............................................................................................................................ 3-1
3.2 Adding/Deleting a User...................................................................................................... 3-2
3.2.1 Confirming a User and the Associated Authority .................................................... 3-2
3.2.2 Adding a User.......................................................................................................... 3-2
3.2.3 Deleting a User........................................................................................................ 3-4
3.3 Modifying User Attributes................................................................................................... 3-4
3.4 Viewing User Information................................................................................................... 3-6
i
Chapter 4 Line Configuration....................................................................................................... 4-1

4.1 Introduction ........................................................................................................................ 4-1
4.2 Entering Line Configuration Mode ..................................................................................... 4-2
4.3 Configuring Attributes of Asynchronous Interface ............................................................. 4-2
4.4 Defining the HyperTerminal Attributes............................................................................... 4-3
4.5 Querying Line Information ................................................................................................. 4-5
Chapter 5 Board Management ..................................................................................................... 5-1

5.1 Overview ............................................................................................................................ 5-1
5.2 Querying a Board............................................................................................................... 5-1
5.3 Adding a Board .................................................................................................................. 5-3
5.4 Confirming a Board............................................................................................................ 5-5
5.5 Deleting a Board ................................................................................................................ 5-5
5.6 Resetting a Board .............................................................................................................. 5-6
5.7 Resetting the System......................................................................................................... 5-6
Chapter 6 MAC Address Management ........................................................................................ 6-1

6.1 Overview ............................................................................................................................ 6-1
6.2 Adding/Modifying/Deleting Address Item........................................................................... 6-1
6.3 Configuring System MAC Address Aging.......................................................................... 6-2
6.4 Enabling/Disabling Address Learning................................................................................ 6-3
6.5 Viewing Address List ......................................................................................................... 6-3
Chapter 7 ARP Configuration....................................................................................................... 7-1

7.1 Overview ............................................................................................................................ 7-1
7.2 Configuring Static ARP ...................................................................................................... 7-2
Chapter 8 Network Management Configuration......................................................................... 8-1

8.1 Configuring Outband NMS................................................................................................. 8-1
8.1.1 Setting IP Address of Outband Port ........................................................................ 8-1
8.1.2 Configuring Routes for Outband NMS .................................................................... 8-2
8.1.3 Configuring SNMP .................................................................................................. 8-3
8.2 Configuring Inband NMS ................................................................................................... 8-3
8.2.1 Setting IP Address of Inband NMS ......................................................................... 8-4
8.2.2 Configuring Inband NMS Routes ............................................................................ 8-5
8.2.3 Configuring IP Addresses Allowed to Access the MA5300 .................................... 8-5
8.2.4 Configuring SNMP .................................................................................................. 8-6
8.3 Configuring SNMP ............................................................................................................. 8-6
8.3.1 Overview ................................................................................................................. 8-6
8.3.2 Configuring SNMP V1/V2C ..................................................................................... 8-9
8.3.3 Configuring SNMP V3 ........................................................................................... 8-12
8.4 NMS Configuring Example .............................................................................................. 8-15
8.4.1 Example of Outband NMS Configuration.............................................................. 8-15
8.4.2 Example of Inband NMS Configuration................................................................. 8-16
ii
Chapter 9 RMON Configuration ................................................................................................... 9-1

9.1 RMON Overview ................................................................................................................ 9-1
9.2 Configuring RMON ............................................................................................................ 9-2
9.2.1 Adding/Deleting an Entry to/from the Alarm Table.................................................. 9-2
9.2.2 Adding/Deleting an Entry to/from the Event Table.................................................. 9-2
9.2.3 Adding/Deleting an Entry to/from the History Control Table ................................... 9-3
9.2.4 Adding/Deleting an Entry to/from the Statistics Table............................................. 9-3
9.2.5 Querying RMON Information................................................................................... 9-4
9.3 RMON Configuration Example .......................................................................................... 9-4
Chapter 10 DHCP Relay Configuration ..................................................................................... 10-1

10.1 DHCP Relay Overview .................................................................................................. 10-1
10.2 Configuring DHCP Relay ............................................................................................... 10-2
10.2.1 Configuring the DHCP Servers IP Address........................................................ 10-2
10.2.2 Configuring the DHCP Server Group of a VLAN Interface ................................. 10-2
10.2.3 Configuring an Address Table Entry ................................................................... 10-3
10.2.4 Enabling DHCP Security Features...................................................................... 10-3
10.2.5 Querying DHCP Relay Information ..................................................................... 10-4
10.3 Configuring DHCP Relay Agent Information Option...................................................... 10-4
10.3.1 Configuring DHCP Option82 ............................................................................... 10-4
10.3.2 Configuring DHCP Option60 ............................................................................. 10-11
10.4 Configuration Example of DHCP Relay....................................................................... 10-15
10.5 DHCP Relay Troubleshooting...................................................................................... 10-17
Chapter 11 IP Performance Configuration................................................................................ 11-1

11.1 Configuring TCP Attributes ............................................................................................ 11-1
11.2 Querying and Debugging IP Performance..................................................................... 11-1
11.3 IP Performance Troubleshooting ................................................................................... 11-2
iii
SmartAX MA5300/5303 Broadband Access System Chapter 1 Maintenance Terminal Configuration
Chapter 1 Maintenance Terminal Configuration
The command line interface (CLI) of the MA5300 Multi-service Access Module
(referred to as the MA5300 hereinafter) offers two types of configuration modes, the
serial port configuration and Telnet configuration.
Local maintenance is made through the serial port or Telnet, and the remote
maintenance is made through the Modem or Telnet.
Configuration of the maintenance terminal mainly involves:

z Serial terminal configuration.
z Remote serial terminal configuration.
z Telnet terminal configuration.
1.1 Configuring Serial Terminal
You can use the HyperTerminal software operating under Windows 9x, Windows 2000
or Windows NT to configure the serial terminal.
The following introduces how to set up the serial terminal environment.

1) Connect the serial port of the PC with the console port in the main control board
(namely the ESM board) of the MA5300 using RS-232 serial cable.
See Figure 1-1.
RS-232 port MA5300
PC (Console)
Console cable
Figure 1-1 Setting up serial port configuration environment
2) Select [Start/Program/Accessories/Communication/HyperTerminal] to start the

HyperTerminal and set up the associated port connections.
See Figure 1-2.
1-1
Figure 1-2 Selecting the serial port for connection
Select the standard character terminal or PC terminal serial port that is actually
connected to the MA5300 (assuming serial port 2).
3) Click <OK> to pop up the COM2 Properties dialog box. Then configure the serial
port parameters by selecting 9600 bits/s for baud rate, 8 for data bits, 1 for stop
bits, none for parity and none for flow control.
Note that the setting of baud rate should be consistent with that for serial port
parameters. The default baud rate for the system is 9600bit/s.
See Figure 1-3:
1-2
Figure 1-3 Setting console port parameters
4) Click <OK> to pop up the HyperTerminal interface, as shown in Figure 1-4.
Figure 1-4 HyperTerminal interface
1-3
5) Select [File/Properties] menu in the HyperTerminal interface, and then click

[Settings] submenu to choose VT100 or Auto Detection as the type of terminal
emulation, as shown in Figure 1-5.
Figure 1-5 Defining the terminal type
6) Next, click [ASCCII Setup] to set the property of ASCII code.

See Figure 1-6.
1-4
Figure 1-6 Setting ASCII code
Note:
For pasting files to the HyperTerminal, Character delay controls the transmission speed of each
character and Line delay controls the time interval of every line. Too short delay may cause character
missing. When commands for file pasting functions abnormally, such values should be modified.
Enter the user name and password in the prompt box for user registration (by default,
the super user name is root and password is admin), and wait until the command
line prompt (such as MA5300>) appears. If no prompt information concerning user
name and password appears, click [Hang-up] first and [Dial] next, and then press the
<Enter> key. If you still fail to log on, return to the last step to check the parameter
settings and physical connections, and then try again.
Configure the system using maintenance commands. If necessary, you can type ? to
obtain help.
For details about the configuration, refer to the chapters that follow.
1-5
1.2 Configuring Remote Serial Terminal
To perform remote configuration for the MA5300 through the serial port, you need an
external Modem. Before powering on the MA5300, you should power on its external
Modem first, and then wait for the remote PC to initiate a call through the Modem.
Once the dialup connection is set up, all other configuration steps are the same as
those for configuring local serial port.
Figure 1-7 shows how to configure the remote serial terminal using Modems.
MODEM Console
Telephone line
MA5300
PSTN
COM
MODEM
PC
Figure 1-7 Configuring remote serial terminal
1.3 Configuring Telnet Environment
I. Configuring the outband port /inband port
You can configure the MA5300 Telnet environment through the outband port (namely
the ETH port) or the inband port (namely the Fast Ethernet/Gigabit Ethernet (FE/GE)
port or the ADSL/VDSL port).
To configure Telnet using the ETH port, you should set correctly the IP address and
the reachable route for the MA5300s ETH port through the serial port first. After that,
you can Telnet to the MA5300 through Local Area Network (LAN) and Wide Area
Network (WAN) for configuration.
To configure Telnet using the inband port, you should correctly configure the VLAN IP
address and the reachable route for the inband port. After that, you can use Telnet to
log on to the MA5300 through LAN and WAN for configuration.
1-6
After the completion of configuration, you should check whether the MA5300 can ping
the IP address of a PC. If yes, the configuration is successful. Otherwise, check the
network interface address and network status indicators.
II. Setting up configuration environment
1) Set up local configuration environment.

To set up local configuration environment, you need only to connect the PCs
network interface with the MA5300 through LAN.
See Figure 1-8.
MA5300
Workstation
ETH/FE/GE
LAN
LAN established through

Hub or LAN switch
Server Workstation
Configuration PC
Figure 1-8 Setting up local configuration environment through LAN
2) Set up remote configuration environment.

To set up remote configuration environment, you need to connect the PC with the
MA5300 through WAN network interface.
See Figure 1-9.
1-7
Workstation
Router
LAN
WAN line
Server Workstation Configuration PC

WAN
MA5300 ETH/FE/GE
Figure 1-9 Setting up remote configuration environment through WAN
III. Running Telnet application
The following terminal operations take the Windows 98 for example.

1) Click [Start/Run] in the PC to run Telnet application.
See Figure 1-10.
Figure 1-10 Interface for running Telnet application
2) Select [Terminal/Preferences] menu to set the Telnet terminal preferences, as

shown in Figure 1-11.
1-8
Figure 1-11 Setting Telnet terminal preferences
3) Select [Connection/Remote system] menu in the Telnet interface, enter the IP

address of the MA5300 in the [Connect] dialog box to set up Telnet connection
with MA5300.
See Figure 1-12.
Figure 1-12 Setting up Telnet connection with MA5300
IV. Logging on to the system
When you log on, the system will prompt the following information:
User Access Verification
Username:root
Password:
The default user name and password for an Administrator is root and admin
respectively.
V. Configuring or viewing equipment
After logging on to the system, you can perform configuration or view equipment by
using corresponding commands. If necessary, you can also type ? to get help. For
detailed descriptions of configurations, refer to the following chapters.
1-9
1.4 Telnet Configuration Example
1.4.1 Example of Outband Telnet Configuration
I. Networking description
Figure 1-13 shows the outband Telnet networking.
Upstream
0# 7# 0# 7# 13#
ETH
E ME SS
A MS MM
D XM BB
HAB HRB
MA5300 MA5200
Figure 1-13 Outband Telnet networking
1) The traffic passes upstream from the ETH port on the ESM board of the MA5300
to port 0 of the MA5200s HAB board through a cross-over network cable.
2) The IP address of the MA5300s outband port is 10.10.20.1 255.255.255.0.
3) The Telnet IP address is 10.10.21.1 255.255.255.0 (not included in the above
figure).
4) The IP address of the MA5200s virtual terminal (VT) interface is
10.10.20.254/24.
5) The IP address of port 0 of the MA5200s HRB board is 10.10.40.1/30.
II. Configuration procedures
1) Set the IP address of the outband port.

MA5300(config)#interface m-ethernet7/0/1
MA5300(config-ifMEthernet7/0/1)#ip address
{ A.B.C.D<A.B.C.D> }:10.10.20.1
{ A.B.C.D<A.B.C.D> }:255.255.255.0
{ <cr>|secondary<K> }:
2) Add a route.
MA5300(config)#ip route
{ A.B.C.D<A.B.C.D> }:0.0.0.0
{ A.B.C.D<A.B.C.D>|INTEGER<0,32> }:0.0.0.0
{ NULL<K>|Vlaninterface<K>|A.B.C.D<A.B.C.D> }:10.10.20.254
{ <cr>|preference<K>|reject<K>|blackhole<K> }:
3) Add a user.
1-10
By default, the user name and password for an Administrator is root and admin
respectively. You can use them to Telnet to the equipment or to add new users.
MA5300#terminal user name
User Name(<=16 chars): huawei
User Password(<=16 chars):
Confirm Password(<=16 chars):
User's Level(13).
1. Common User(1) 2. Operator(10) 3. Administrator(15):2
Permitted Reenter Number(04):2
User's Appended Info(<=50 chars): 07558008302118
User's callback dialstring(<=32 chars):
Callbackverify?[Y|N]n
This user has been added
Repeat this operation? [Y|N]n //Select Y to add more users. The system
will prompt you to enter another user name.
4) Save Data.
MA5300(config)#write
By now, the configuration for the MA5300 is completed. After configuring the MA5200
and the Telnet terminal, you can log on to the MA5300 through the Telnet terminal.
1.4.2 Example of Inband Telnet Configuration
Figure 1-14 shows the inband Telnet networking.
Upstream
0# 7# 0# 7# 13#
E
S
E MM SS
A M MM
D E7/2/0 BB
X
HAB HRB
MA5300 MA5200
Figure 1-14 Inband Telnet networking
1) The traffic passes upstream from the port Ethernet 7/2/0 of the MA5300s ESM
board to port 0 of the MA5200s HAB board. The service VLAN ID is 4000.
2) The inband management IP address of the MA5300 is 10.10.20.1/24. The
management VLAN ID is 1000.
3) The Telnet IP is 10.10.21.1/24 (not included in the above figure).
1-11
4) The IP address of the MA5200s VT interface is 10.10.20.254/24.

5) The IP address of port 0 of the MA5200s HRB board is 10.10.40.1/30.
1) Set inband management IP address

z Create a management VLAN.
MA5300(config)#vlan 1000
MA5300(configvlan1000)#exit
z Enter the management VLAN interface.
MA5300(config)#interface vlan-interface 1000
z Set IP address of the management VLAN interface
MA5300(configifVlaninterface1000)#ip address 10.10.20.1 255.255.255.0
2) Set the access control list (ACL) for the IP addresses.
z Define ACL.
MA5300(config)#access-list 200 deny ingress 1000 egress any // Deny the
traffic flow of VLAN 1000.
MA5300(config)#access-list 1 permit 10.10.21.0 0.0.0.255 // Permit the
traffic flow of the specified IP address.
MA5300(config)#access-list 201 permit ingress 1000 egress any// Permit the
z Activate ACL.
MA5300(config)#interface ethernet 7/2/0
MA5300(configifEthernet7/2/0)#access-group link-group 200 in // Deny the
MA5300(configifEthernet7/2/0)#access-group ip-group 2 link-group 201 in//
Permit the traffic flow of the specified IP address in VLAN 1000.
3) Add a route.
{ A.B.C.D<A.B.C.D> }:0.0.0.0
4) Set the service VLAN.
z Creating the service VLAN 4000.
MA5300(configvlan4000)#vlan-type smart
z Add the port of ethernet 7/2/0 to the service VLAN.
MA5300(configvlan4000)#vlan-upport ethernet 7/2/0
z Set the port of ethernet 7/2/0 as the trunk port for managing VLAN 1000.
MA5300(configifEthernet7/2/0)#switchport mode trunk
1-12
MA5300(configifEthernet7/2/0)#switchport trunk allowed vlan 1000

Please wait... Done.
5) Add a user.
By default, the user name and password for an administrator is respectively root and
admin. You can use them to Telnet to the equipment or to add new users.
User's Level(13).
User's Appended Info(<=50 chars): 07558008302118
User's callback dial string (<=32 chars):
Callbackverify?[Y|N]n
Repeat this operation? [Y|N]n //Select Y to add more users. the system
will prompt you to enter another user name.
6) Save Data.
By now, the configuration for the MA5300 is completed. After configuring the MA5200
and the Telnet terminal, you can then log on to the MA5300 through the Telnet
terminal.
1-13
SmartAX MA5300/5303 Broadband Access System Chapter 2 Basic Operations
Chapter 2 Basic Operations
Basic system operations refer to the common operations and information queries
performed for the MA5300 and the operation terminal, including:
z Command line operation characteristics
z Setting online help
z Setting interactive mode
z Switching terminal languages
z Setting system time
z Setting system name
z Setting terminal type
z Setting terminal timeout exit
z Setting terminal screen length
z Setting terminal screen clearance
z Viewing hardware/software version
z Viewing CPU occupancy ratio
z Viewing history commands
z Using network test tools
2.1 Command Line Operation Characteristics
Through the CLI, you can manage, maintain and configure the MA5300.
Note:
For command line format, refer to II Command conventions in the preface of the manual.
2.1.1 Intelligent Matching
1) Supporting command matching

Command line descriptor facilitates incomplete searching. It can offer explanation for
any key word input as long as that key word does not cause confusion. For example,
you can just enter en or ena for enable.
2) Supporting auto key word matching
When entering a key word, you can enter a part of the key word, and then press the
<Space> key to display the completely-matched key word. By doing so, you do not
2-1
have to enter long key words, thus making your operation more convenient. If no
correct match is found, you cannot proceed with the next key word or parameter.
Therefore, when you are operating the system using command line, the command lines
displayed are always in complete form. If you cannot enter a space, it indicates that you
have entered a wrong command. In this case you should check and enter the correct
one.
2.1.2 Edit Characteristics
The CLI provides basic command editing functions. It allows multi-line editing and a
maximum of 256 bytes for each command. Such function is available for both
HyperTerminal and Telnet terminal. However, for HyperTerminal, and arrow keys
are disabled, whereas for other terminals, some editing keys are disabled. Table 2-1
lists the edit functions.
Table 2-1 Edit functions
Key Functionality
If the edit buffer is not full, pressing such key will move the
Common keys
cursor rightward from its current position.
Pressing such key will delete the character before the cursor
<BackSpace> and move the cursor forward. When reaching the beginning of
the command, the cursor stops.
<Delete> Delete a character in the position of the current cursor.

Left arrow key <> or <Ctrl+A> Move the cursor leftward for the length of one character
Right arrow key <> or <Ctrl+D> Move the cursor rightward for the length of one character
Display history commands. (For some display terminals
which do not support up/down arrow keys, you can use
Up/down arrow key <><>
<Ctrl+P> or <Ctrl+N> to select the last or next history
command.)
Delete the characters before the current cursor and move the
<Ctrl+U>
cursor to the beginning of the line.
Delete the characters after the current cursor and move the
<Ctrl+K>
cursor to the end of the line
<Ctrl+F> Move the cursor to the beginning of the line.
<Ctrl+B> Move the cursor to the end of the line.
<ESCAPE> Pressing such key twice can undo current input.
2-2
2.1.3 Display Characteristics
During information query, sometimes the displayed information is too much to be

shown on one screen. In such case, you can use the pause function to view information
displayed on multiple screens. Three choices are available, as shown in Table 2-2.
Table 2-2 Display functionalities
Key or command Functionality

To suspend the display and execution of the
Press <Ctrl+C> when the display is frozen
commands
To continue to display the information on the next
Press <Space> key when the display is frozen
screen
Press <Enter> key when the display is frozen To continue to display the information of the next line
The CLI also provides Doskey-like function, enabling auto saving of history commands.
By using such function, you can obtain history commands saved in the CLI and execute
them repeatedly. Up to 10 history commands can be saved for every user in the CLI.
2.1.4 Command Line Error Prompts
The system performs grammar check for every command entered, and executes it if it
proves correct. For the command that fails to pass the check, the system will prompt
you with error information. Table 2-3 shows common error information.
Table 2-3 List of common command line error information
Error prompt Cause

Such command cannot be found.
Such key word cannot be found.
Unrecognized command
The parameter type is erroneous.
The parameter value exceeds the threshold.
Incomplete command The input command is incomplete.
Too many parameters The input parameters are too many.
Ambiguous command The input parameter is poorly defined.
2.1.5 Command Modes
The command modes for the MA5300 include:
2-3
z Common user mode

z Privilege mode
z Global mode
z Port mode
z Service modes
The command modes feature downward compatibility. This allows all commands in
user mode to be executed in privilege mode and all commands in user mode and
privilege mode to be executed in global mode.
The MA5300s CLI adopts hierarchical protection to prevent any unauthorized access.
For users of different levels, the command modes involved are different, and the
executable commands are also different even though they operate in the same mode.
Figure 2-1 shows the relationship between the various command modes in the MA5300
system.
interface Port mode

exit MA5300 (config-if-...)#
interface VLAN interface mode

exit MA5300 (config-if-...)#
vlan VLAN mode

exit MA5300 (config-vlan...)#
line Line mode

configure exit
enable terminal MA5300 (config-line...)#
exit Prvilege mode
Common user mode Global mode
MA5300> MA5300 # MA5300 (config)#
disable ex i t
board Board mode
exit MA5300 (config-board-...)#
Other modes
exit MA5300 ( config-...)#
end
Figure 2-1 Diagram of the relationship between the command modes
Table 2-4 lists the functionalities and characteristics of the command modes.
Table 2-4 Functionalities and characteristics of command modes
Command mode Functionality Prompt Entry

To show basic system You can enter the mode
Common user mode MA5300>
information. directly after log-on
2-4
Command mode Functionality Prompt Entry

To make basic system
Privilege mode MA5300# MA5300>enable
configuration.
To configure the equipment MA5300#config
Global mode MA5300(config)#
and global attributes. terminal
MA5300(config)#
Fast Ethernet (FE) To configure FE port
MA5300(config-if-ethernet7/1/0)# interface ethernet
port mode attributes.
slot/subslot/port
MA5300(config)#
Gigabit Ethernet (GE) To configure GE port MA5300(config-if-gigabitethernet- interface
port mode attributes. 7/1/0)# gigabit-ethernet
slot/subslot/port
MA5300(config)#
To configure VDSL port
VDSL port mode MA5300 (config-if-vdsl2/0/0)# interface vdsl
attributes.
slot/subslot/port
MA5300(config)#
To configure ADSL port
ADSL port mode MA5300 (config-if-adsl2/0/0)# interface adsl
attributes.
slot/subslot/port
To configure the attributes
of IP interface MA5300(config-if-vlan-interface1) MA5300(config)#interfa
VLAN interface mode
corresponding to VLAN # ce vlan-interface 1
and VLAN interface.
To configure VLAN
VLAN mode MA5300 (config-vlan1)# MA5300(config)#vlan 1
attributes.
To configure Line
Line mode MA5300 (config-line0)# MA5300(config)#line 0
attributes.
Note:
z To exit command mode level by level, use the exit command; to exit from the current mode to the
privilege mode, use the end command; to exit the privilege mode and enter the common user mode,
use the disable command.
z By default, the command line prompt uses MA5300 as its prefix. It can be modified using the
hostname command. What is included in the bracket is used to describe the current configuration
mode.
2.2 Online Help
The CLI offers four means for you to obtain online help.
z Execute the help command to obtain an overview of the system.
MA5300>help
2-5
Help may be requested at any point in a command by entering

a question mark '?'. If nothing matches, the help list may
be empty
Two styles of help are provided:
1. Full help is available when you are ready to enter a
command argument ( e.g. 'show ?' ) and describes each
possible argument
2. Partial help is provided when an abbreviated argument
is entered and you want to know what arguments match
the input ( e.g. 'show l?' )
z You can type ? after the command line prompt to display the current mode and
all commands available in that mode.
For example:
MA5300>?
--------------------------------------------------------------------
Command Of user Mode:
--------------------------------------------------------------------
clear Reset functions.
cls Clear screen.
debug[2] debug command group, 2 sub-command.
enable Turn on privilege mode commands.
exit Exit from current mode and enter prior mode.
help Description of the interactive help system.
lock Lock the terminal.
no Negate a command or set its defaults.
ping[11] ping command group, 11 sub-command.
send[3] send command group, 3 sub-command.
show[13] show command group, 13 sub-command.
system Show used percent of memory.
telnet Open a telnet connection.
tracert[8] tracert command group,8 sub-command.
z You can type ? after an incomplete key word to obtain online help information
about that key word.
For example:
MA5300>s?
--------------------------------------------------------------------
--------------------------------------------------------------------
send[3] send command group,3 sub-command.
2-6
show[13] show command group,13 sub-command.

system Show used percent of memory.
z You can type ? after a complete key word to obtain brief online help information
about the current command and its parameters.
For example:
MA5300>show ?
--------------------------------------------------------------------
--------------------------------------------------------------------
alarm[4] alarm command group, 4 sub-command.
board Show information of board.
cpu Show used percent of cpu.
history Display the session history command.
infolevel[4] infolevel command group, 4 sub-command.
infoswitch[4] infoswitch command group,4 sub-command.
language Show language version information.
line[3] line command group, 3 sub-command.
loghost Show the configuration list of the log server.
patch[2] patch command group, 2 sub-command.
terminal[2] terminal command group, 2 sub-command.
time Show system time.
version Show version.
2.3 Setting Interactive Mode
You can use the smart command to enable interactive command input mode or use the
no smart command to disable it, depending on your personal preference. The default
one is to enable interactive command input mode.
After the interactive mode is enabled, pressing the <Enter> key after inputting a
command will enable the system to check whether the command and its parameters
have been completely entered. If not, the system will prompt you to make them
complete. Prompt information is also available for optional parameters, but you can
press <Enter> key to ignore them.
MA5300#smart //Enable the interactive input mode.
MA5300#config
{ terminal<K> }: //If you press the <Enter> key after having typed an incomplete
command, the system may prompt you with the next parameter name.
After the interactive mode is disabled, pressing the <Enter> key after typing a
command will enable the system to check the parameters and execute the command. If
no parameter is entered, the system will prompt you with error information.
2-7
MA5300#no smart //Disable the interactive input mode

MA5300#config
^
% Incomplete command, and error detected at '^' marker.
//If you press <Enter> key after typing an incomplete
command, the system may prompt you with error information.
2.4 Switching Terminal Languages
The MA5300 system supports two languages. They serve as the local language and
the general language respectively. Currently, the supported languages are English and
Chinese. English is the default language. You can use the load language command to
load Chinese.
Use the show language command to view information concerning the names and
version of the loaded languages.
MA5300>show language
Local:
Description: CHINESE SIMPLIFIED
Version: V100R002B03D020
General:
Description: ENGLISH (DEFAULT LANGUAGE)
Version: V100R002B03D020
Use the terminal language command to switch the current language to the other
language. You can choose one of them for information display according to your
personal preference.
MA5300>terminal language
The current language has been switched over
2.5 Setting System Time
You can use the show time command to view current system time and check whether
it is correct.
If not, the system administrator is entitled to modify it by using the time command. The
modification takes effect upon the completion of the setting. The time format for the
setting is hh:mm:ss yyyy-mm-dd, namely hour:minute:second year-month-day. Take
special care in setting the leap year and leap month.
MA5300#time 11:06:39 2003-12-17
MA5300>show time
Date: 2003-12-17
Time: 11:06:40
2-8
2.6 Setting System Name
To differentiate various MA5300 devices, the administrator can rename the device by
using the hostname command. Such setting takes effect immediately after it is made.
The command line prompt will change accordingly with the name of the associated
equipment. The default equipment name is MA5300.
MA5300(config)#hostname MA5300A
MA5300A(config)#
2.7 Setting Terminal Type
Different terminals feature different edit characteristics. To make most terminals

become mutually compatible, terminals can be divided into two types, namely the
standard terminal (ANSI) and the VT series terminal. The system terminal type should
be correctly set according to the type of your terminal to ensure correct command line
editing.
The MA5300 operating system allows query and setting of the terminal type. VT100
and ANSI are two terminal types available in the system. The default one is ANSI.
1) Set terminal type using the terminal type {ansi | vt100} command.
MA5300#terminal type vt100
2) Display terminal type using the show terminal type command.

MA5300#show terminal type
The terminal type: VT100
Note:
For some terminal tools allowing terminal type setting (such as HyperTerminal, Telnet and neterm), you
can use the associated menu to set the terminal emulation type so that the type of the terminal tool is
consistent with that of terminal in the system.
2.8 Setting Timeout Exit
You can use the exec-timeout command to set the timeout exit for the system. With
such function, the system will exit from the terminal if no information is entered for the
specified period of time.
By default, the timeout exit function is enabled whenever you log on. You can use the
no exec-timeout command to disable it. However, to prevent the system from being
occupied by a user performing no operation for too long period, the system will still exit
2-9
as long as no information is entered on the terminal for 120 minutes, even though the
timeout exit function is disabled.
MA5300(config-line0)# exec-timeout 5 0
2.9 Setting Terminal Screen Length
You can set the length of terminal screen required by using the length command. The
default terminal screen length is 24 lines (you can use the no length command to
restore the default setting). To disable the screen splitting function, use the length 0
command.
MA5300(config-line0)#length 12
2.10 Setting Terminal Screen Clearance
To facilitate information display, you can use the cls command to clear the screen. The
command will clear the screen output, and display the command prompt on the upper
left of the screen. This command only clears what is displayed on the screen rather
than those in the buffer.
MA5300>cls
2.11 Showing Hardware/Software Version
You can use the show version command to show the version of the system and a
board. Only the information for boards in good working status is available.
MA5300>show version
MA5300(config)#show version
{ <cr>|frameid[/slotid]<S><1,5> }:
Huawei Versatile Routing Platform Software.
VRP (tm) Software, Version V3R000M03
Copyright (c) 2000-2002 HUAWEI TECH CO., LTD
2.12 Showing History Commands
To show the history commands, use the command show history. This command can
only show the commands executed by the current user. After re-login, the history
commands will be cleared.
To set the number of history commands that can be displayed, use the command
history size. By default, 10 commands will be displayed.
MA5300(config-line0)#history size 5
MA5300>show history
2-10
history size 5.
Exit.
configure terminal.
2.13 Showing CPU Occupancy Ratio
To show CPU occupancy ratio of a specific board, use the command show cpu. The
system will generate alarms when the CPU occupancy ratio exceeds the threshold.
MA5300>show cpu 0/7
CPU occupancy: 12%
2.14 Network Testing Tools
Network test tools refer to the commands used to test the network connectivity and the
host reachability. You can run the commands to check all gateways passed by data
packets sent from the host to the destination, and locate network faults. ping and
tracert are two commonly used commands.
I. ping
To check the network connectivity and the host reachability, use the ping command.
MA5300#ping 10.11.106.133
PING 10.11.106.133: 56 data bytes, press CTRL_C to break.
Reply from 10.11.106.133: bytes=56 Sequence=0 ttl=125 time = 6 ms.
--- 10.11.106.133 Ping statistics ---

5 packets transmitted.
5 packets received.
0.00% packet loss.
round-trip min/avg/max = 6/6/6 ms.
II. tracert
To check the gateways passed by a data packet sent from the host to the destination,
use the tracert command. This aims to check the connectivity of network and locate
faults in the network.
First, the host sends a data packet with the Time to Live (TTL) value as 1 is sent to the
destination. During the first hop, the system returns an Internet Control Message
2-11
Protocol (ICMP) message to indicate the failure in transmitting the data packet due to
TTL timeout.
Then, the data packet is re-sent, its TTL is 2. The system also returns TTL timeout in the
second hop.
In this way, the process continues until the data packet reaches the destination. Doing
so will record the source address of each ICMP TTL timeout message, so as to provide
a path that an IP packet passes along the way to the destination.
MA5300#tracert 10.11.106.133
traceroute to 10.11.106.133 max hops 30 ,packet 40 bytes
press CTRL_C to break
1 253 ms 476 ms 508 ms 10.11.120.62
2 * * * Request timed out.
3 * * * Request timed out.
4 4 ms 4 ms 5 ms 10.11.106.133
2-12
SmartAX MA5300/5303 Broadband Access System Chapter 3 User Management
Chapter 3 User Management
3.1 Overview
User management refers to user account management and authority assignment for
the MA5300.
Operation users here refer to the users who operate the system using the command
line terminal. Each use has certain attributes include account, authority, password,
reentry count, and appending information.
1) Account.
An account, also called a username, consists of 1 15 non-space characters. All the
usernames are unique and case insensitive.
2) Password.
A password consists of 1 15 characters. The common user can only modify his own
password, while the administrator can modify the passwords of other users. The
password is case sensitive.
Users are required to enter the valid username and password to log in before they can
maintain the system using command line terminal.
3) Reentry count.
Reentry count means the permitted number of re-entries.
Whether a username can be used to log in to the MA5300 simultaneously from

multiple terminals depends on the reentry count. It is in the range of 0 4. 0 means
the user cannot log in to the MA5300. Reentry count is generally set to 1.
When you log in, the system will check whether the user name matches the password
and whether that user name is being used at the moment. It depends on the reentry
count whether that user is allowed to log in, if the user name has already been used to
log in to the console.
4) Authority.
In terms of authority, operation users can be divided into common users, operators
and administrators.
z The common users can simply check the equipment information, and run some
of system commands, such as the cls command.
z The operators are allowed to configure the equipment, such as setting system
time.
3-1
z The administrators are of the highest level. The administrators are not involved in
specific configuration action. They mainly carry out system administration, such
as patch management.
The users with higher authority can execute lower level commands, but the users with
lower authority cannot execute higher level commands. However, the users with lower
authority can switch to a higher level.
After passing the login authentication, all users first enter the User mode, and then
other modes, depending on their authorities. Even in the same command mode, users
with different authorities are entitled to perform different operations.
5) Appending information.
Appending information is a kind of supplementary information. It is optional, which can
be the users phone number or address. Its total length is limited to 35 characters.
Operation user management involves:

z Adding/deleting a user
z Modifying user attributes
z Viewing user information
The following sections introduce how to perform these operations.
3.2 Adding/Deleting a User
3.2.1 Confirming a User and the Associated Authority
You need to take the actual condition into consideration when adding a user and
setting the authority. No administrator should be added unless considered necessary.
3.2.2 Adding a User
The default administrative username is "root" and the initial password is "admin".
You can use the terminal user name command to add an authorized user, or the no
terminal user name command to delete a user.
When adding a user, you need to enter the user name, password, user level, reentry
count, and appending information.
3-2
Note:
z Only the administrator can add a new user.
z All usernames are unique.
z The user with username root cannot be deleted, but the password can be modified.
z Multiple users can be added at a single time, and a maximum of 126 users can be added.
This example shows how to add a common user Huawei. The reentry count is 2. The
appending information is 5550988, namely the users telephone number.
User's Level(13).
User's Appended Info(<=50 chars): 555-0988
User's call-back dialstring(<=32 chars):
Callback-verify?[Y|N]n
Repeat this operation? [Y|N]n //Selecting Y allows you to add more
users. Then the system will prompt you to enter another user name.
To show user information after a user has been added successfully, use the command
show terminal user.
MA5300#show terminal user huawei
User name: huawei
User's Level: User
User's ReEnterNum: 2
User's Appended Info: 555-0988
User's Callback-dialstring:
none
Callback-Verify: No
Line:
Idle Time: 0
Location:
3-3
3.2.3 Deleting a User
When a user is found to have poor credibility or malicious behavior, or his term expires,
the administrator is entitled to delete that user by using the no terminal user name
command. To delete a user, only the name of the user to be deleted is to be entered.
Note:
z Users cannot delete themself.
z The user root cannot be deleted.
z A user who is logging in cannot be deleted unless that user is disconnected first.
z Multiple users can be deleted at single time.
This example shows how to delete a user.

MA5300#no terminal user name
User name (<=15 chars):huawei
This user has been deleted
Repeat this operation? (y/n)[n]:n //Selecting Y allows you to delete
multiple users once for all. Then the system will prompt you to enter another
name.
3.3 Modifying User Attributes
The MA5300 supports the modification of user attributes, including user level,
password, number of permitted re-entries, and appending information.
I. Modifying user level
To modify the user level, use the command terminal user level. Only an
administrator can perform this operation.
This example shows how to change the level of the common user huawei to the level
of an operator.
MA5300#terminal user level
User Name(<=16 chars):huawei
1. Common User(1) 2. Operator(10) 3. Administrator(15):
User's Level(13).2
Confirm Level(13): 2
Information will take effect when this user logs on next time
Repeat this operation? [Y|N]n
3-4
II. Modifying user password
To modify the user password, use the command terminal user password.
Administrators can modify the passwords of all users (including themselves), without
entering the old passwords.
However, common users and operators can only modify their own passwords, where
the old passwords are required.
MA5300#terminal user password
Information will take effect when this user logs on next time
III. Modifying reentry count
To modify the reentry count, use the command terminal user reenter. Only the
administrator is able to perform this operation.
MA5300#terminal user reenter
Confirm Reenter Number(04):3
Information will take effect when this user logs on next time.
IV. Modifying appending information
To modify the appending information, use the command terminal user apdinfo.
Administrators can modify appending information of all users. Common users and
Operators can only modify their own appending information.
MA5300#terminal user apdinfo
User's Appended Info(<=50 chars):support@huawei.com
The user's attribute is set successfully!
V. Modifying user callback attributes
To modify the callback attributes of a user, use the command terminal user callback.
Administrators can modify the callback attributes of all users, while common users
and operators can only modify their own callback attributes.
MA5300#terminal user callback
3-5
User's call-back dialstring(<=32 chars):26530880

Callback-verify?[Y|N]n
The user's attribute is set successfully!
3.4 Viewing User Information
You can use the show terminal user command to view the information concerning all
users, online users, or a specific user.
This example shows how to

1) This example shows how to view information on all users.
MA5300#show terminal user all

User name Level Line Idle Time Location

root Admin 0 AUX 0 0
huawei Operator 0
2) This example shows how to view information on online users.

MA5300#show terminal user online

User name Level Line Idle Time Location

root Admin 0 AUX 0 0
3) This example shows how to view information on the user "Huawei.

MA5300#show terminal user huawei
User name: huawei
User's Level: Operator
User's ReEnterNum: 3
User's Appended Info: support@huawei.com
User's Callback-dialstring: 26530880
Callback-Verify: No
Line:
Idle Time: 0
Location:
Note:
The show terminal user command can only show the information on a user with a level equal to or
lower than that of the current user.
3-6
SmartAX MA5300/5303 Broadband Access System Chapter 4 Line Configuration
Chapter 4 Line Configuration
4.1 Introduction
I. Line introduction
Line configuration is a new configuration mode parallel to the interface configuration.

It is provided by the MA5300 to configure and manage the configuration data of
physical interfaces and logical interfaces in asynchronous and interactive mode. In
this way, the MA5300 can manage all types of users in a unified manner.
Two line types are supported by the MA5300:

z Auxiliary line (AUX)
Auxiliary port is a line device. Each device has only one console port. This port
provides an RS-232 interface to facilitate the local configuration and management
through the Console port.
z Virtual line (VTY)
Virtual port is a logical line allowing you to access the device in Telnet mode. It is often
abbreviated as VTY.
Note:
On the MA5300, the AUX port and the Console port refer to the same port. Therefore, only two types of
lines are available: AUX line and VTY line.
II. Line numbering
There are two modes for the line numbering: the absolute numbering mode and the
relative numbering mode.
1) Rules for the absolute numbering mode are as follows:
z AUX line number is placed at the first digit: such as line0, line1.
z The virtual line (VTY) number follows. Therefore, the absolute line number of the
first virtual line (hereafter referred to as line) is line2, the second is line3, and so
forth.
2) Relative line numbering mode is: line type + serial number. The numbering rules
are as follows:
4-1
z Number of the AUX line: aux0.

z The numbering of virtual line: The first virtual line is VTY 0, the second one is
VTY1, and so forth.
III. Line management
Line management involves:

z Entering Line mode
z Configuring attributes of asynchronous interface
z Defining the HyperTerminal attributes
z Querying line information
4.2 Entering Line Configuration Mode
Run the line command to enter line mode. Then you can configure the attributes of
the asynchronous interface.
You can either enter the single line mode to configure a single line, or enter the
multiple-line mode to configure multiple lines at one time.
For example:
1) To enter the AUX port mode under a line, do as follows.
MA5300(config)#line aux 0
MA5300(config-line-aux0)#
Or perform the following configuration:

MA5300(config)#line 0
MA5300(config-line0)#
2) To enter the VTY mode under a line, do as follows.
MA5300(config)#line vty 0 3
MA5300(config-line-vty0-3)#
Or perform the following configuration:

MA5300(config)#line 1 3
MA5300(config-line1-3)#
4.3 Configuring Attributes of Asynchronous Interface
You can configure attributes of asynchronous interface only in line mode. However,
the configuration commands are applicable only when the serial ports are working in
the asynchronous interactive mode.
4-2
I. Setting transmission rate of the serial port
Run the speed command to set the transmission rate of the serial port. The available
rates are: 300bit/s, 600bit/s, 1200bit/s, 4800bit/s, 9600bit/s, 19200bit/s, 38400bit/s,
57600bit/s and 115200bit/s. By default, it is 9600bit/s.
MA5300(config-line-aux0)#speed 9600
II. Setting flow control mode
Run the flowcontrol command to configure flow control on the serial port, including
hardware flow control and software flow control. The MA5300 does not support
hardware flow control. By default, the flow control mode is none, namely, not to
enable flow control.
MA5300(config-line-aux0)#flowcontrol none
III. Setting the parity bit of the line
To set the parity bit of the line, run the parity command. By default, the parity bit is
none, namely, not to enable parity check.
MA5300(config-line-aux0)#parity none
IV. Setting the stop bit of the line
To set the stop bit of the line, run the stopbits command. By default, the stop-bit is 1.
MA5300(config-line-aux0)#stopbits 1
V. Setting the data bit of the line
To set the data bit of the line, run the databits command. By default, the data bits are
8.
MA5300(config-line-aux0)#databits 8
4.4 Defining the HyperTerminal Attributes
I. Enabling EXEC terminal service
To enable EXEC terminal service, run the exec command. Then the user will be able
to log in to the system through the serial port or Telnet session. By default, the EXEC
terminal service is enabled on all lines.
The no exec command is used to disable EXEC terminal service. However, since the
line AUX itself is the console port, the AUX port does not support the no exec
command for the sake of safety. It is supported on other lines apart from the AUX port.
For example:
4-3
1) Run the no exec command on the serial line.

MA5300(config-line-aux0)#no exec
Not support this command on AUX!
2) Run the no exec command on line 1.

MA5300(config-line1)#no exec \\Disable Telnet service on line 1.
Once this command is executed, Telnet will be disabled, and the system will prompt:
%Connection refused by remote host.
II. Enabling/Disabling line locking
To enable line locking, run the lockable command in line mode. Then you can
execute the global lock command to lock the line. To unlock the line, password input
is required. This can effectively prevent random modification of the equipment by an
illegal user. Note that you have to make the line lockable before setting line locking.
Otherwise, the line cannot be locked. By default, line locking is disabled.
For example, to lock the serial port line, do as follows.

MA5300(config)#line aux 0
MA5300(config-line-aux0)#lockable \\Enable line locking.
MA5300(config-line-aux0)#exit
MA5300(config)#lock \\Lock the terminal line.
Password: \\Set the unlocking password.
Again:
Locked ! \\The terminal is locked.
Password: \\To unlock the terminal line, press any key
and input the unlocking password according to the prompt.
MA5300(config)# \\The terminal line is unlocked after the
correct password is entered.
III. Enabling/Disabling timeout exit
To enable the function of timeout exit, use the exec-timeout command. That is, when
no operation has been performed on the terminal for a certain period of time (the
specified timeout), the terminal will be disconnected.
By default, the function of timeout exit is enabled whenever you log in. If you do not
need this function, use the no exec-timeout command to disable it.
However, to prevent any user from occupying the system without performing any
operations for too long, the system will disconnect a terminal user if no input from that
terminal is received for 120 minutes.
MA5300(config-line0)# exec-timeout 5 0
4-4
IV. Setting the screen-length of the terminal screen
You can set the length of a terminal screen as required. The length of the terminal
screen is 24 lines by default. The no length command is used to restore the default
setting, while the command length 0 is used to disable the split-screen function.
MA5300(config-line0)#length 12
V. Setting the size of history command buffer
To set the number of commands that can be stored in the history buffer, use the story
size command. By default, 10 commands can be stored.
MA5300(config-line0)#history size 5
4.5 Querying Line Information
To show information about the physical attributes and related configurations of the
line(s), use the show line command.
1) Show information about all lines.
MA5300(config)#show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
I 0 AUX 0 9600 0
1 VTY 0 0
2 VTY 1 0
3 VTY 2 0
4 VTY 3 0
2) Show information about line 0.
MA5300(config)#show line 0
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
I 0 AUX 0 9600 0
4-5
SmartAX MA5300/5303 Broadband Access System Chapter 5 Board Management
Chapter 5 Board Management
5.1 Overview
I. Board types
The MA5300 offers multiple boards, including:

z Ethernet Switch Main control boards (ESMs): ESMA and ESME, residing in slots
7 and 8 only.
z Broadband Access Service Processing Boards (ISUs): ISUA and ISUE, residing
in slot 15 only.
z Service boards: EADA, EADB, EVDA, EVDB, ESHA, BTS, and EIU, residing in
slots 0 6 and 9 15. The service boards are identified and located by their
respective frame number and slot number (EVD is short for Ethernet over VDSL,
and EAD is short for Ethernet ADSL).
II. Board maintenance & mangement
Board maintenance & management involves:

z Querying a board
z Adding a board
z Confirming a board
z Deleting a board
z Resetting a board
z Resetting the system
5.2 Querying a Board
You can use the show board command to query the information about a board.
When only the frame number is entered, you can obtain the overall information about
such a frame, including board names, board status and subboard types.
By entering the frame number/slot number of a board, you can obtain more detailed
information about that board, such as its board category, status and port-related
information.
For example:
1) Query boards in Frame 0.
MA5300#show board 0
5-1
---------------------------------------------------------------
SlotID BoardName Status SubType1 SubType2
---------------------------------------------------------------
0 EVDA Auto_find
1 EVDA Auto_find
2 EVDA Auto_find
3
4 EADA Auto_find
5
6
7 ESMA Normal E4FE E4FE
8
9
10
11
12
13
14
15
2) Query the board in slot 2 of frame 0.

MA5300#show board 0/2
---------------------------------------------------------------
Board auto_find
Board Name : EVDA
Board state : Auto_find
The board has no port configured
---------------------------------------------------------------
Depending on the user operations and running conditions, boards can be in different
status. Table 5-1 lists various board statuses.
Table 5-1 Board statuses
Status Remark
Comm Fail Service board. It indicates the physical link communication fails.
Comm OK Service board. It indicates the physical link communication is normal.
Service board. It indicates the board is registered successfully, and is running
Normal
normally.
Failed Service board. The board is suffering from fault
Active -Normal ESM board
5-2
Status Remark
Standby-Normal ESM board
Configuring Service board. The board is being configured.
Service board. It refers to the status displayed by the system when a board is just
Auto_find
inserted, but not confirmed yet.
Table 5-2 shows the subboard type for various boards (ESMA/ESME and
ISUA/ISUE).
Table 5-2 The subboards attached to the MA5300 boards
ySubboard type Description Board attached to

E4FA 4FE electrical port subboard ESMA/ESME
E4FB 4FE electrical port subboard ISUA/ESME
O1FAB 1xFE multi-mode optical port subboard ESMA/ESME
O1FAF 1xFE single-mode optical port subboard ESMA/ESME
O4FBB 4xFE multi-mode optical port subboard ISUA/ESME
O4FBF 4xFE single-mode optical port subboard ISUA/ESME
O2GAA 2xGE multi-mode optical port subboard ESMA/ESME, ISUA/ESME
O2GAE 2xGE single-mode optical port subboard ESMA/ESME, ISUA/ESME
O1GAA 1XGE multi-mode optical port subboard ESMA/ESME, ISUA/ESME
O1GAE 1xGE single-mode optical port subboard ESMA/ESME, ISUA/ESME
O1GAG 1xGE single-mode optical port subboard ESMA/ESME, ISUA/ESME
2GE single-mode/multi-mode optical port
O2GAX ESMA/ESME, ISUA/ESME
subboard
5.3 Adding a Board
The MA5300 can auto detect boards in a frame. To configure a board off line (namely
performing data configuration when the board slot is idle) so that the equipment can
enter the running status immediately after the board is inserted, you can first use the
board add command to add the desired board to an idle slot, and then perform data
5-3
configuration. At the moment, the board is in fault status. It will restore to normal
status after the slot is inserted with a board of the same type.
The following introduces the specific operations.
I. Confirming an idle slot
You can only add a board in an idle slot; otherwise, the system will prompt you with
error information. To confirm an idle slot, use the command show board.
II. Adding a board
To add a board, use the command board add. Service boards can only reside in slots
0 6 and 9 15. Otherwise, the system will prompt you with error information.
MA5300(config)#board add 0/4 evda
! 1[2002-12-18 05:50:54]:ALM-3-AlarmInfo:
ALARM 113 FAULT MAJOR 0x02310000 EQUIPMENT 2002-12-18 05:50:54

ALARM NAME :
PARAS INFO :
DESCRIPTION :
REASON :
ADVICE :
--- END
MA5300(config)#
Frame 0 slot 4 board add successfully
Note that even after a board is added successfully off line, the system will still prompt
you that the communication with the ESM board fails.
Note:
z ESPA board is a passive board that can work normally without any connection with the backplane.
Therefore, no operation on this board is required. (ESP is short for Ethernet Splitter board).
z When a service board other than ESPA is inserted into an idle slot, the system will make registration
automatically and identify the board type. Auto registration is not available for the ESPA board.
z The ESPA board should be used in combination with the EVDA board and the EADA board.
5-4
III. Confirming the result
Similarly, you can use the show board command to display the result of the board
adding. At the moment, the board status is failed. It will become normal after a
board of the same type is inserted.
5.4 Confirming a Board
The MA5300 can identify a board automatically. After a board is inserted into an idle
slot, the system can identify the board name and subboard type. To confirm a board
identified automatically by the system, use the command board confirm frame/slot.
You can also use the command board confirm frame to confirm all boards in a frame.
Only after the board is confirmed to be normal can the configuration for that board
begin.
For example, to enter the frame number to confirm all boards:

MA5300(config)#board confirm 0
0 frame 0 slot board confirm successfully
Entering the frame number to confirm the specified board.
MA5300(config)#board confirm 0/12
5.5 Deleting a Board
You can delete those boards which are no longer used. Board deletion operation
involves deletion and deletion confirming. The specific operations are as follows:
I. Deleting a board
To delete a board, use the command board delete. A deleted board is not
recoverable, and all of its data will be cleared.
Note:
z ESM board cannot be deleted.
z You can also delete other boards working in normal status. Such command should be used with due
care, as board deletion operation cannot be undone, and it will clear all data of the board.
5-5
MA5300(config)#board delete 0/2

are you sure to delete this board? (y/n)[n]:y
Board delete successfully
II. Confirming the deletion result
You can use the show board command to confirm the deletion of a board. The board
type for a deleted board is empty.
5.6 Resetting a Board
When a board is working abnormally, you can use the board reset command to reset
that board. Board resetting operation may result in board fault alarm and recovery
alarm.
After the board reset command is executed, the ESM board will generate reset
failure alarm if it has not received any response from the service board for a long time.
When a board is reset successfully, the registration will be output to the ESM board.
The ESM board then performs data configuration for the board to restore the services.
MA5300(config)#board reset 0/1
Are you sure to reset board? (y/n)[n]:y
0 frame 1 slot reset board message sent successfully.
Note:
The command board reset cannot reset the ESM or ESPA board. To reset the ESM board, use the
command reboot.
MA5300(config)#board reset 0/7

Are you sure to reset board? (y/n)[n]:y
Fail to reset board
5.7 Resetting the System
Use the reboot command to reset the ESM board. When it is restarted it will reset all
service boards, so such operation is equivalent to resetting all boards in the system.
MA5300(config)#reboot
Data is not saved, the unsaved data will lose if reboot system, are you sure
to reboot system? (y/n)[n]:y
5-6
Note:
z As reset operation may result in loss of unsaved data, you are recommended to use the write
command to save the system data before the reset operation.
z To avoid affecting the service, due consideration should be made before you reset the system.
System resetting is generally carried out after new application or data is loaded or system restarting
is required.
5-7
SmartAX MA5300/5303 Broadband Access System Chapter 6 MAC Address Management
Chapter 6 MAC Address Management
6.1 Overview
The MA5300 maintains an address list for packet forwarding. It contains information
about the equipment address and the port number of other equipment connected to
the MA5300.
For the packet with destination address included in the address list, the MA5300 will
use hardware to forward it. For the packet with destination address excluded from the
address list, the MA5300 will broadcast the Layer 2 packet and perform routing for the
Layer 3 packet through software.
The MA5300 is capable of learning new addresses. If the source address of a

received packet does not exist in the address list, the MA5300 can add the source
address and the port ID of the received packet to the address list as a new item. The
Administrator can configure the address list as required. The added or modified item
can be either a static one or a dynamic one.
The MA5300 also features address aging function. The MA5300 will delete the
associated address items of the equipment which has not sent any packet for a
certain period of time.
Address list configuration involves:

z Adding/Modifying/Deleting address item.
z Configuring system MAC address aging.
z Enabling/Disabling address learning.
6.2 Adding/Modifying/Deleting Address Item
If necessary, the Administrator is entitled to add, modify or delete items contained in

the address list. The Administrator can use the command mac-address-table { static
| permenant | blackhole | dynamic } to delete the address items (for unicast
addresses only) related to a specific port, or the command no mac-address-table
{ static | permenant | blackhole | dynamic } to delete the address items of a certain
type (such as dynamic address items, static address items, permanent address items
and blackhole address items).
If an entered address already exits in the address list, you should modify the
corresponding item by setting the port associated with the address as input port, and
6-1
the property of the address item as input (including the dynamic item, static item,
permanent item and blackhole item)
The MA5300 does not support the parameter blackhole and permanent, since using
these parameters will result in failure in address adding.
This example shows how to add the static address 0800.4e35.dc71 to the port e7/2/1.
MA5300(config)#mac-address-table static 0800.4e35.dc71 interface e7/2/1
vlan 1
6.3 Configuring System MAC Address Aging
To effectively realize the function of address aging, the aging time should be
configured properly.
As long as a device has not sent any packet during the period specified by the aging
time, the associated address item will be deleted. If the aging time is set too short, the
address item will be deleted very soon. As a result, the data packet associated with
the address item will be broadcasted due to the failure in finding the destination
address, thus affecting the running efficiency of the equipment.
On the other hand, if the aging time is set too long, the idle address item will remain in
the address list for too long. This will exhaust the resources of the address list, and
make the equipment unable to update the address list in accordance with the
networking change. Consequently a large amount of packets will be broadcasted due
to the failure in finding the destination address.
Therefore, proper setting of the aging time is the prerequisite for putting the address
aging function into full play.
To properly configure address aging time, use the mac-address-table { aging-time

age | table-full } command.
To restore the default setting of the address aging time, use the no
mac-address-table aging-time command.
However, the configured address aging function can only work for items of addresses
which are learned or enabled with the aging function, namely the dynamic items. In
general conditions, it is recommended to take the default value of 300s.
This example shows how to set the address aging time as 300s.
MA5300(config)#mac-address-table aging-time 300
6-2
6.4 Enabling/Disabling Address Learning
The address learning function enables the MA5300 to learn new addresses. When
the MA5300 receives a data packet with destination address the same as what it has
learned, it no longer needs to broadcast them. Disabling address learning function is
usually done for the sake of security. For example, someone may send frames of
different source addresses to the equipment so as to exhaust the resources of
address list. Disabling learning function can effectively prevent this from happening.
You can use the mac-address-table mac-learning disable command to disable the
address learning function on a piece of equipment or a port, or the no
mac-address-table mac-learning disable to enable it. By default, the address
learning function is enabled.
This examples show how to enable and disable the address learning function.
1) Enable address learning function.
MA5300(config)#no mac-address-table mac-learning disable
2) Disable the address learning function of port vdsl4/0/0.
MA5300(config-if-Vdsl4/0/0)#mac-address-table mac-learning disable
6.5 Viewing Address List
You can use the show mac-address-table command to view the address list for fault
diagnosis.
1) View the enabling/disabling status of the address learning function.
MA5300(config)#show mac-address-table mac-learning
mac-address learning status of the switch: enable
PortName Learning Status
Vdsl4/0/0 disable
Vdsl4/0/1 enable
Vdsl4/0/2 enable
Vdsl4/0/3 enable
Vdsl4/0/4 enable
Vdsl4/0/5 enable
Vdsl4/0/6 enable
Vdsl4/0/7 enable
Vdsl4/0/8 enable
Vdsl4/0/9 enable
Vdsl4/0/10 enable
Vdsl4/0/11 enable
Vdsl4/0/12 enable
Vdsl4/0/13 enable
Vdsl4/0/14 enable
6-3
Vdsl4/0/15 enable
Vdsl4/0/16 enable
Vdsl4/0/17 enable
Vdsl4/0/18 enable
Vdsl4/0/19 enable
Vdsl4/0/20 enable
Vdsl4/0/21 enable
Vdsl4/0/22 enable
Vdsl4/0/23 enable
Ethernet7/2/0 enable
GigabitEthernet7/1/5 enable
2) View the setting of the aging time.
MA5300(config)#show mac-address-table aging-time
mac-address-table aging-time: 300s
3) View MAC address list.
z View MAC address according to VLAN.
MA5300(config)#show mac-address-table vlan 1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME
0020.ed2b.8c27 1 Learned Ethernet7/2/0 N/A
0800.4e35.dc71 1 Config static Ethernet7/2/1 NOAGED
--- 2 mac address(es) found ---
z View MAC address according to port.
MA5300(config)#show mac-address-table interface e7/2/1
z View address list information according to MAC address.
MA5300(config)#show mac-address-table 0800.4e35.dc71
z View static MAC address.
MA5300(config)#show mac-address-table static
This may take several minutes, please wait...
z View dynamic MAC address.
MA5300(config)#show mac-address-table dynamic
This may take several minutes, please wait...
6-4

0020.ed2b.8c27 1 Learned Ethernet7/2/0 N/A
6-5
SmartAX MA5300/5303 Broadband Access System Chapter 7 ARP Configuration
Chapter 7 ARP Configuration
7.1 Overview
Address Resolution Protocol (ARP) is used to translate the IP address into the MAC
address.
I. Necessity of ARP address translation
The IP address cannot be used for direct communication as network equipment can
only identify the MAC address. The IP address represents the address of a host in the
network layer. The hosts physical address should be made available if data in the
network layer are to be transmitted to that destination host. This is why the IP address
should be translated into the MAC address.
II. Implementation of ARP address translation
Before two hosts in the Ethernet can communicate with each other, they should be
able to know each others MAC addresses. Every host should have an ARP mapping
list for translating IP address into MAC address. The ARP address list contains a
series of IP addresses and the associated MAC addresses. When the host is
activated, the ARP mapping list is empty. If an ARP mapping item remains idle for a
long period, the host will delete it so as to save memory and the time needed for
searching ARP mapping list.
Given two PCs in an Ethernet: host A and host B. The IP address for host A and host B
is respectively IP_A and IP_B. The process for host A to send packet to host B is as
follows:
1) Host A first checks its ARP mapping list to determine whether it contains the ARP
mapping item of IP_B.
2) If host A can find the associated MAC address, it will encapsulate the IP data
packets according to that MAC address and send them to host B.
3) On the other hand, if host A fails to find such address, it will put the data packet in
the ARP waiting queue, then initiate an ARP request, and broadcast it in the
Ethernet. The ARP request contains the IP address of host B, and the IP address
and the MAC address of host A.
4) As the ARP request is broadcasted, all hosts in Ethernet can receive that request.
However, only the host that is requested (namely host B) will respond to that
request.
7-1
First, host B stores the IP address and MAC address of the request initiator
(namely host A) contained in the request to its own ARP mapping list.
Next, host B returns host A the ARP response containing the MAC address of
host B. Such response will be sent directly to host A rather than broadcasted.
After receiving the response, host A extracts the IP address and the MAC
address of host B, and adds them to its own ARP mapping list. Then it will
transmit all data packets in the waiting queue destined for host B.
In general conditions, ARP is implemented dynamically. The translation of IP address

into MAC address can proceed without intervention from the Administrator.
The following introduces the configuration of static ARP exclusively.
7.2 Configuring Static ARP
ARP mapping list can be maintained either dynamically or manually. The manually
configured mapping between IP address and MAC address is usually known as static
ARP.
Static ARP configuration involves:

z Adding/Deleting static ARP mapping item manually.
z Querying ARP information.
I. Adding/Deleting static ARP mapping item manually
Administrators are allowed to maintain an ARP mapping list manually. They can use
the arp command to add/delete static ARP mapping items.
The static ARP mapping item will remain effective during the normal working hours of
the MA5300, while the dynamic ARP mapping item can only maintain its effectiveness
for 20 minutes.
MA5300(config)#arp 10.71.53.11 0800.4e35.dc71 1 ethernet7/2/1
II. Querying ARP information
You can use the show arp command to view ARP mapping list so as to know the
running of ARP and diagnose existing problems.
1) View all ARP items.
MA5300(config)#show arp
IP Address MAC Address VLAN ID Port Name Type
10.71.53.11 0800.4e35.dc71 1 Ethernet7/2/1 Static
10.71.53.108 0020.ed2b.8c27 1 Ethernet7/2/0 Dynamic
2) View static ARP items.
MA5300(config)#show arp static
7-2

10.71.53.11 0800.4e35.dc71 1 Ethernet7/2/1 Static
3) View dynamic ARP items.
MA5300(config)#show arp dynamic
4) View ARP item information according to IP address.
MA5300(config)#show arp 10.71.53.108
7-3
SmartAX MA5300/5303 Broadband Access System Chapter 8 Network Management Configuration
Chapter 8 Network Management Configuration
The MA5300 supports both inband network management system (NMS) and outband
NMS.
Outband NMS refers to the NM system implemented through the dedicated Integrated
Services Digital Network (ISDN) line, Digital Data Network (DDN) line or E1 line. An
NMS can connect to the managed device through Local Area Network (LAN), or Wide
Area Network (WAN) including DDN.
Compared with inband network, outband network provides more reliable channels for
device management. In outband network, the NMS can timely locate the fault incurred
to a managed device, and monitor the managed device in real time. Outband network
requires additional devices to form a network so as to provide a maintenance channel
independent of the service channel.
Inband NMS refers to the network management system implemented through the
service channel provided by the managed devices. Inband network features flexible
networking and requires no additional devices. But it still has a shortcoming. The
traffic generated in maintenance occupies the service channel, making it impossible
to maintain the managed device when it is faulty.
8.1 Configuring Outband NMS
The MA5300 can implement outband NMS through the local outband network port
(namely the ETH port) or serial port. For configuration of the serial port, refer to the
chapter Configuration of Maintenance Terminal. This chapter focuses on the
outband port configuration.
Configuration of outband management through the outband port involves:

z Setting IP address of outband port.
z Configuring outband NMS routes.
z Configuring Simple Network Management Protocol (SNMP).
8.1.1 Setting IP Address of Outband Port
Outband port configuration involves setting and querying the IP Address of the
outband port.
8-1
I. Setting IP address of the outband port
To set IP address and mask for the outband port, use the ip address command. The
IP address of the outband port should be in the same network segment as that of the
configuration terminal or gateway. You can query the information on the IP network
before the actual setting.
You are still recommended to save the IP address once any modification has been
made for future query, though the system has a default IP address
(10.11.18.1/255.255.0.0).
MA5300(config-if-M-Ethernet7/0/1)#ip address
{ A.B.C.D<A.B.C.D> }:10.71.53.2
{ A.B.C.D<A.B.C.D> }:255.255.255.0
Note:
If the IP address of the outband port has not been set, you can use the default IP address of the outband
port, namely, 10.11.18.1/255.255.0.0.
II. Querying IP address
To query the IP address of an outband port, use the show ip interface command.
MA5300(config-if-M-Ethernet7/0/1)#show ip interface m-ethernet 7/0/1
M-Ethernet7/0/1 is down, line protocol is down
Internet Address is 10.71.53.2/24
Broadcast Address is 10.71.53.255
The Maximum Transmit Unit is 1500
5 packets input,707 bytes,0 multicasts
0 packets output,0 bytes,0 multicasts
8.1.2 Configuring Routes for Outband NMS
Route configuration involves:

z Selecting routes.
z Adding/Deleting system routes.
z Showing route configuration.
8-2
I. Selecting routes
As the host IP address of NM may not be in the same network segment as the
MA5300, IP packets destined to the host must be forwarded to a specific gateway first.
Otherwise, the IP packets will be discarded. To configure a route, you have to be
familiar with configuration of the whole IP network.
II. Adding/Deleting a system route
To add a route to the gateway, use the command atmlan ip-route. To delete a route,
use the no form of the command.
A maximum of 200 routes can be configured in the system. Useless routes will affect
the routing efficiency.
{ A.B.C.D<A.B.C.D> }:10.70.53.0
{ NULL<K>|Vlan-interface<K>|A.B.C.D<A.B.C.D> }:10.71.53.1
III. Showing route configuration
To view the route configuration, use the command show ip-route.
You are recommended to view the system IP configurations when modifications have
been made. This is to determine whether the route configurations are proper.
MA5300(config)#show ip route
Routing Tables:
Destination/Mask Proto Pre Metric Nexthop Interface
10.70.53.0/24 STATIC 60 0 10.71.53.1 M-Ethernet7/0/1
10.71.53.0/24 DIRECT 0 0 10.71.53.2 M-Ethernet7/0/1
10.71.53.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0
8.1.3 Configuring SNMP
Refer to 8.3 Configuring SNMP of this chapter for SNMP configuration.
8.2 Configuring Inband NMS
Outband NMS requires the establishment of an NM LAN, which is not practicable for
devices which are far away from each other. In such a case, inband NMS should be
8-3
provided. The MA5300 implements inband NMS through the FE/GE ports on its ESM
board.
Inband NMS configuration mainly involves:

z Setting IP address of inband NMS.
z Configuring inband NMS routes.
z Setting IP addresses allowed to access the MA5300.
z Configuring SNMP.
8.2.1 Setting IP Address of Inband NMS
The following part introduces how to:

z Create NM VLAN
z Set IP address of the VLAN interface
z Query IP address of the VLAN interface
z Enable transparent transmission of NM VLAN for the upstream interface
I. Creating NM VLAN
To create an NM VLAN, use the vlan command.

II. Setting IP address of the VLAN interface
To set the IP address and input mask for the VLAN interface of the MA5300, use the
ip address command. The IP address and input mask must be valid ones.
MA5300(config)#interface vlan 1000
MA5300(config-if-Vlan-interface1000)#ip address 10.71.53.2
{ A.B.C.D<A.B.C.D> }:255.255.255.0
{ <cr> }:
III. Querying IP address of the VLAN interface
To query the IP address setting of the current VLAN interface, use the show ip
interface command.
To query IP address configuration of the current VLAN interface, use the show vlan
command.
MA5300(config-if-Vlan-interface1000)#show ip interface vlan 1000
Vlan-interface1000 is down, line protocol is down
Broadcast Address is 10.71.53.255
41 packets input,3318 bytes,0 multicasts
8-4
20 packets output,1680 bytes,0 multicasts

MA5300(config-if-Vlan-interface1000)#show vlan 1000
Vlan ID: 1000
Vlan Type: static
Route Interface: configured
IP Address: 10.71.53.2
Subnet Mask: 255.255.255.0
Tagged Ports: none
Untagged Ports: none
IV. Enabling transparent transmission of NM VLAN on the upstream interface
After having completed setting the NM VLAN and its interface IP address, you need to
enable transparent transmission of NM VLAN on the upstream interface. By setting
the upstream interface as the trunk interface, you can enable transparent
transmission of multiple VLANs, including the NM VLAN.
MA5300(config-if-Ethernet7/2/0)#switchport mode trunk
MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 1000
Please wait.. Done.
8.2.2 Configuring Inband NMS Routes
Route configurations include defining IP access list, adding/deleting system routes,

and showing IP route configuration. For the detailed description, refer to 8.1.2
Configuring Routes for Outband NMS of this chapter.
8.2.3 Configuring IP Addresses Allowed to Access the MA5300
By default, the MA5300 is accessible for all users. However, for the sake of security,
you can configure the system to only allow users within a certain network segment to
access the MA5300 while denying other illegal network segments.
The MA5300 prohibits the access of illegal users through its VLAN-based access
control list (ACL). To analyze and process data packets, it is required to create the
associated ACL rules based on the Layer 3 source IP addresses. As a result, the
standard ACL is adopted, which includes numeral-based ACL and name-based ACL.
You can configure either of them.
1) Define an ACL.
The match orders are as follows:
z config: Indicates to follow the user-defined order to match ACL rules.
z auto: Indicates to follow the depth-first order to match ACL rules.
By default, the user-defined order, namely config, is followed.
8-5
This example shows how to define the ACL Telnet limit which allows access of the
users within the network segment 10.72.53.0/24. Note that inversed mask is required
here.
traffic flow of VLAN 1000
traffic flow of the designated IP address.
MA5300(config)#access-list 201 permit ingress 1000 egress any// Deny the
2) Activate an ACL.
To validate a defined ACL, you need to activate it in the first place.
This example shows how to activate the ACL on ethernet 7/2/0.

MA5300(config-if-Ethernet7/2/0)#access-group link-group 200 in
//Deny the traffic flow of VLAN 1000.
MA5300(config-if-Ethernet7/2/0)#access-group ip-group 2 link-group 201 in
//Permit the traffic flow of the designated IP address in VLAN 1000.
8.2.4 Configuring SNMP
Refer to 8.3 Configuring SNMP of this chapter for the SNMP configuration.
8.3 Configuring SNMP
8.3.1 Overview
SNMP is the most widely used NM protocol in the present computer network. The
SNMP architecture comprises NMS and Agent.
NMS (Network Management Station) is the workstation running the client program
(Sun NetManager and IBM NetView are two commonly applied NM platforms).
Agent is the server software running on the network device.
After receiving the request from NMS, the Agent will read or write the management
variables depending on the message type, and then generate a Response and
returned it to the NMS. On the other hand, Agent will send Trap to report any
abnormality that occurs in the cold/warm start of the device.
I. SNMP version and the management information bases (MIBs) supported
To uniquely identify the management variables in SNMP packet, SNMP identifies the
management objects in a hierarchical naming scenario. It resembles a tree, where the
8-6
nodes of the tree represent management objects, as shown in Figure 8-1. An

unequivocal path starting from the root of the tree can identify a managed object.
1 2
1 2
1 B 2
5 6
Figure 8-1 MIB tree structure
As shown in the above figure, the managed object B can be uniquely identified with a
string of numbers {1.2.1.1}. This number string is the object identifier of B. The
function of the MIB is to describe the hierarchical structure of a tree. It is a set defined
by the standard variables of the monitored network device.
The SNMP Agent in the MA5300 supports SNMP V1 and SNMP V2C. Table 8-1
shows the supported MIBs.
Table 8-1 MIBs supported by the MA5300
MIB
MIB content Reference
attribute
MIB II based on TCP/IP network device RFC1213
RFC1493
BRIDGE MIB
Public MIB RFC2675
RMON MIB RFC2819
Ethernet MIB RFC2665
8-7
MIB
MIB content Reference
attribute
DHCP MIB
DHCP MIB
QACL MIB
ADBM MIB
IGMP Snooping MIB
RSTP MIB
VLAN MIB
Equipment management
Proprietary
MIB Interface management
QACL MIB
RSTP MIB
VLAN MIB
ADSL MIB
VDSL MIB
Device management
Interface management
II. Configuring SNMP
Commands for configuring SNMP vary with the versions of SNMPs. SNMP V1/VC2
authenticates the log-in of PCs based on community name. In comparison, SNMP V3
offers higher security by allowing you to set community name, add users/groups, and
add views.
Configuration of SNMP V1/V2C involves:

z Enabling/Disabling SNMP V1/V2C.
z Setting Community Name.
z Enabling/Disabling sending Trap.
Configuration of SNMP V3 involves:
z Enabling/Disabling SNMP V3.
z Adding a user.
z Adding a group.
z Adding a view.
z Enabling/Disabling sending trap.
8-8
The first running of the snmp-server command will enable all the SNMP versions.
The second running of the snmp-server command will disable all the SNMP
versions.
8.3.2 Configuring SNMP V1/V2C
I. Setting community name
SNMP V1 adopts the community name authentication solution. SNMP packets not
conforming to the community name recognized by the device will be discarded.
SNMP community is identified with a character string called community name. A
community may have the read-only access authority or the read-write access
authority. Communities with read-only authority can merely query the device
information while those with read-write authority can configure device.
To set names for communities with read-only authority or read-write authority, use the
global snmp-server community command.
To cancel the setting, use the global no snmp-server community command.

MA5300(config)#snmp-server community
{ WORD<S><1,32> }: public
{ <cr>|view<K>|ro<K>|rw<K> }:ro //Set the community "public" with read-only
authority.
MA5300(config)#snmp-server community
{ WORD<S><1,32> }: private
{ <cr>|view<K>|ro<K>|rw<K> }:rw //Set the community "private" with
read-write authority.
To query the community names after having completed the setting, use the show
snmp community command.
MA5300(config)#show snmp community
Community name:public
Group name: public
Storage-type: nonVolatile
Community name:private
Group name: private
Storage-type: nonVolatile
II. Configuring Trap sending
Trap is the unsolicited information sent automatically to NMS by the managed device
to report some urgent events.
The related configurations include:
8-9
z Enabling/Disabling sending Trap.

z Setting Trap destination address.
z Setting Trap source address (if you want to trace a specific event using the Trap
address).
1) Enable/Disable sending Trap.
In global mode, you can enable sending Trap using the snmp-server enable traps
command, and disable this function using the no snmp-server enable traps
command.
MA5300(config)#snmp-server enable traps
2) Set Trap destination address.
To enable sending Trap, set the Trap destination address using the snmp-server
host command.
To cancel the setting, use the no snmp-server host command. The only difference
between configuring SNMP V1 and SNMPV2C lies in the version selection.
MA5300(config)#snmp-server host
{ A.B.C.D<A.B.C.D> }:10.71.53.108 //Set IP address of the Trap
destination host
{ WORD<S><1,32>|version<K>|udp-port<K> }:version //Select the SNMP version.
{ 1<K>|2c<K>|3<K> }:1 //Adopt SNMP V1
{ WORD<S><1,32>|udp-port<K> }:private //Specify private as the community
name.
3) Set Trap source address
In global mode, you can set Trap source address using the snmp-server
trap-source command, and cancel the setting using the no snmp-server
trap-source command.
MA5300(config)#snmp-server trap-source
{ Ethernet<K>|GigabitEthernet<K>|Aux<K>|NULL<K>|LoopBack<K>|Vlan-interfac
e<K>|M-Ethernet<K>|Vdsl<K> }:vlan-interface
{ <1-4000> }:1000 //Set Trap source address to vlan interface 1000.
III. Configuring sysContact
SysContact is a management variable in the system group of MIB II. Its content
includes the ID of device administrator and contact method.
In global mode, you can configure sysContact using the snmp-server contact
command, and restore the default setting using the no snmp-server contact
command. The default setting is HuaWei BeiJing China.
MA5300(config)#snmp-server contact
{ LINE }: mary-075526516793 //Set the ID and contact method of
the personnel in charge of the device.
8-10
After the configuration completes, you can query information on the ID of device
administrator and contact method using the show snmp contact command.
MA5300(config)#show snmp contact
The contact person for this managed node: mary-075526516793
IV. Configuring sysLocation
SysLocation, a management variable in the "system" group of MIB, is used to indicate

the location of the managed device.
In global mode, you can set the location of the MA5300 using the snmp-server
location command, or restore the default setting using the no snmp-server location
command.
By default, sysLocation is BeiJing China.

MA5300(config)#snmp-server location
{ LINE }:Shenzhen China //Set location of the MA5300.
After having completed the configuration, you can use the show snmp location
command to query information on the device location.
MA5300(config)#show snmp location
The physical location of this node: Shenzhen China
V. Setting SNMP packet size
To set the size of the SNMP packet that can be received or sent by the Agent, use the
nmp-server packetsize command.
To restore the default setting, use the no snmp-server packetsize command. The
packet size ranges 484 17940 (unit: byte), and the default value is 17940.
MA5300(config)#snmp-server packetsize 1500
You can use the snmp-server packetsize command to query statistics information
on the SNMP packets.
MA5300(config)#show snmp
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Getrequest PDUs
0 Getnext PDUs
0 Setrequest PDUs
0 SNMP packets output
8-11
0 Too big errors (Maximum packet size 1500)

0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
8.3.3 Configuring SNMP V3
I. Setting the name of local or remote device
This operation is only allowed for SNMP V3. Since an engine ID is associated with the
user information, you have to configure the engine ID before adding an SNMP user.
Any modification of the engine ID will delete all the user information. Therefore, it is
recommended to perform this operation with caution.
In global mode, you can set the engine ID for a device using the snmp-server
engineid command, and restore the default setting using the no snmp-server
engineid command. By default, the engine ID is composed of enterprise ID and
device information. The latter may be device IP address, MAC address or other
self-defined text.
MA5300(config)#snmp-server engineid
{ WORD<532> }:800007DB00E0FC1119C26877
You can use the show snmp engineid command to query the device ID after having
completed the configuration.
MA5300(config)#show snmp engineid
Local SNMP engineID: 800007DB00E0FC1119C26877
II. Setting an SNMP group
Setting SNMP group is only allowed for SNMP V3. This operation involves two
passwords: the authentication protocol password and the privacy protocol password.
Choosing the keyword auth means to authenticate only the first-level password
(namely the authentication protocol password). Choosing the keyword priv means to
authenticate the passwords of both levels (namely the authentication protocol
password and privacy protocol password). Choosing the keyword noauth means that
no authentication is required. The keywords read, wirte and notify are used to define
the read, write and notify attributes of a node in a view.
In global mode, you can add an SNMP group using the snmp-server group
command, and delete an SNMP group using the no snmp-server group command.
MA5300(config)#snmp-server group
{ WORD<S><1,32> }:5300 //Specify the SNMP group name.
8-12
{ v1<K>|v2c<K>|v3<K> }:v3 //Specify the SNMP version.

{ auth<K>|noauth<K>|priv<K> }:auth //Set the authentication mode.
{ <cr>|read<K>|write<K>|notify<K> }:read //Specify the read view.
{ WORD<S><1,32> }:5300a
{ <cr>|write<K>|notify<K> }:write //Specify the write view
{ WORD<S><1,32> }:5300b
{ <cr>|notify<K> }:notify //Specify the notify view.
{ WORD<S><1,32> }:5300c
You can use the show snmp group command to query information on the SNMP
group after having completed the configuration.
MA5300(config)#show snmp group
Group name: 5300 Security model: v3 auth
Readview: 5300a Writeview: 5300b
Notifyview :5300c
Storagetype: nonVolatile
III. Adding/Deleting a user to an SNMP group
This operation is only allowed for SNMP V3. SNMP V3 implements user-oriented
SNMP packet sending. The SNMP user is a remote user executing the SNMP
management commands. To connect to the Agent module of the MA5300, the user is
required to pass the user authentication (namely the user name and password must
be set). An SNMP user should belong to an SNMP group. The user authority must be
lower than that of the group to which he belongs.
In global mode, you can use the snmp-server user command to add a user to an
SNMP group, and use the no snmp-server user command to delete a user from an
SNMP group.
MA5300(config)#snmp-server user
{ WORD<S><1,32> }:huawei //Add an SNMP user.
{ WORD<S><1,32> }:ma5300 //Specify the SNMP group corresponding to
the SNMP user.
{ v1<K>|v2c<K>|v3<K> }:v3 //Select the SNMP version.
{ <cr>|auth<K> }:auth //Specify the authentication mode.
{ md5<K>|sha<K> }:md5 //Specify the authentication protocol.
{ WORD<S><1,64> }:hello //Set the authentication password
{ <cr>|priv<K> }: //Specify whether the password is encrypted.
You can use the show snmp user command to query information on the SNMP user
after having completed the configuration.
MA5300(config)#show snmp user
User name: huawei
Engine ID: 800007DB00E0FC1119C26877 active
8-13
IV. Creating/Modifying/Deleting/Viewing information
This operation is only allowed for SNMP V3. By configuring a view, you can define the
accessibility attributes of a node in the view, thus limiting the access to the data.
In global mode, you can create/modify the view information using the snmp-server
view command, and delete the view information using the no snmp-server view
command.
MA5300(config)#snmp-server view
{ WORD<S><1,32> }:mib2 //Specify the view name.
{ WORD<S><1,255> }:1.3.6.1 //Specify the MIB object
{ included<K>|excluded<K> }:included //Specify that the view includes the
MIB.
You can use the show snmp view command to query the view information.
MA5300(config)#show snmp view
View name:mib2 MIB Subtree:internet
Storagetype: nonVolatile included active
View name:ViewDefault MIB Subtree:internet

Storagetype: nonVolatile included active
View name:ViewDefault MIB Subtree:snmpUsmMIB

Storagetype: nonVolatile excluded active
View name:ViewDefault MIB Subtree:snmpVacmMIB

View name:ViewDefault MIB Subtree:snmpModules.18

V. Setting Trap
Refer to the description in 8.3.2 II. Configuring Trap sending for the detailed
configuration.
8-14
8.4 NMS Configuring Example
8.4.1 Example of Outband NMS Configuration
Upstream
0# 7# 0# 7# 13#
ETH
E ME SS
A MS MM
D XM BB
HAB HRB
MA5300 MA5200
Figure 8-2 Outband NMS networking
1) The outband port (namely the ETH port) on the ESM board of the MA5300 is
connected to port 0 on the MA5200s HAB board through a crossover network
cable.
2) The IP address of the MA5300 outband NMS is: 10.10.20.1 255.255.255.0;
3) The IP address of the NMS: 10.10.21.1 255.255.255.0 (not included in Figure
8-2);
4) The IP address of the virtual terminal (VT) interface on the MA5200 is:
10.10.20.254/24;
5) The IP address of port 0 on the MA5200s HRB board is: 10.10.40.1/30.
1) Configure IP address of the outband port

MA5300(configifMEthernet7/0/1)#ip address
{ A.B.C.D<A.B.C.D> }:10.10.20.1
{ A.B.C.D<A.B.C.D> }:255.255.255.0
2) Add an NM route
{ A.B.C.D<A.B.C.D> }:0.0.0.0
3) Set the community name and the access authority
8-15
MA5300(config)#snmp-server community public ro

MA5300(config)#snmp-server community private rw
4) Enable Trap sending
5) Set Trap destination address
MA5300(config)#snmp-server host 10.10.21.1 private
6) Specify IP address of the outband NMS as the Trap destination address
MA5300(config)#snmp-server trap-source m-ethernet 7/0/1
7) Save Data
8.4.2 Example of Inband NMS Configuration
Upstream
0# 7# 0# 7# 13#
E
S
E MM SS
A M MM
D E7/2/0 BB
X
HAB HRB
MA5300 MA5200
Figure 8-3 Inband NMS networking
1) The inband port ethernet 7/2/0 on the MA5300s ESM board is connected to port
0 on the MA5200s HAB board. Service VLAN ID = 4000.
2) The IP address of the MA5300 inband NMS is: 10.10.20.1/24; NM VLAN
ID=1000.
3) IP address of the NMS: 10.10.21.1/24 (not included in Figure 8-3).
4) IP address of the MA5200s VT interface is: 10.10.20.254/24.
5) IP address of the VT interface on the MA5200: 10.10.40.1/30.
1) Configure IP address of the inband NMS

z Creating an NM VLAN
z Enter the VLAN interface mode.
z Configure the IP address of the VLAN interface
8-16
MA5300(configifVlaninterface1000)#ip address 10.10.20.1 255.255.255.0

2) Configure ACL
traffic flow of the specified IP address.
MA5300(config)#access-list 201 permit ingress 1000 egress any// Permit the
z Activate the ACL
MA5300(configifEthernet7/2/0)#access-group link-group 200 in // Deny the
MA5300(configifEthernet7/2/0)#access-group ip-group 2 link-group 201 in//
Permit the traffic flow of the specified IP address in VLAN 1000.
3) Add an NM route
{ A.B.C.D<A.B.C.D> }:0.0.0.0
4) Configure a service VLAN
You can configure a service VLAN in various ways. In this example, assume that the
service VLAN (whose ID is 4000) is a Smart VLAN.
z Creating a VLAN whose ID is 4000, and specifying it as a Smart VLAN.
MA5300(configvlan4000)#vlan-type smart
z Add an upstream interface (ethernet 7/2/0) to the VLAN
MA5300(configvlan4000)#vlan-upport ethernet 7/2/0
z Specify the port ethernet 7/2/0 as the trunk interface which transparently
transmits NM VLAN (whose ID is 1000).
MA5300(configifEthernet7/2/0)#switchport mode trunk
MA5300(configifEthernet7/2/0)#switchport trunk allowed vlan 1000
Please wait.. Done.
5) Set the community name and the access authority
MA5300(config)#snmp-server community public ro
MA5300(config)#snmp-server community private rw
6) Enable Trap sending
7) Set Trap destination address
MA5300(config)#snmp-server host 10.10.21.1 private
8-17
8) Specify IP address of the inband NMS as the Trap destination address

MA5300(config)#snmp-server trap-source vlan-interface 1000
9) Save Data
8-18
HUAWEI

system
Operation Manual
Operation Manual - Service Configuration
Table of Contents
Chapter 1 Ethernet Port Configuration ....................................................................................... 1-1

1.1 Overview ............................................................................................................................ 1-1
1.2 Setting Port Physical Properties ........................................................................................ 1-2
1.3 Setting Port Flow Control................................................................................................... 1-3
1.4 Setting Port Broadcast Storm Suppression ....................................................................... 1-3
1.5 Setting Port Priority Level .................................................................................................. 1-4
1.6 Setting Maximum Multicast Group Counts ........................................................................ 1-4
1.7 Setting Port Aggregation.................................................................................................... 1-4
1.8 Querying Ethernet Port Information ................................................................................... 1-5
1.9 Enabling/Disabling Long Frames on an Ethernet port....................................................... 1-6
Chapter 2 VDSL Port Configuration ............................................................................................ 2-1

2.1 Overview of VDSL Port Configuration ............................................................................... 2-1
2.2 Setting VDSL Port Ethernet Parameters ........................................................................... 2-1
2.3 Setting Port Traffic Control ................................................................................................ 2-2
2.4 Setting Port Multicast Storm Suppression ......................................................................... 2-2
2.6 Setting Maximum Multicast Group Counts ........................................................................ 2-3
2.7 Enabling/Disabling Port MAC Address Learning ............................................................... 2-3
2.8 Setting a VDSL Line Profile ............................................................................................... 2-4
2.8.1 Blocking/Unblocking a VDSL Port........................................................................... 2-4
2.8.2 Adding/Deleting/Modifying a VDSL Line Profile...................................................... 2-5
2.8.3 Activating/Deactivating a VDSL Port..................................................................... 2-10
2.9 Setting a VDSL Alarm profile ........................................................................................... 2-12
2.9.1 Blocking/Unblocking a VDSL Port......................................................................... 2-12
2.9.2 Adding/Deleting/Modifying a VDSL Alarm profile.................................................. 2-12
2.9.3 Binding a VDSL Alarm profile................................................................................ 2-17
2.9.4 Activating/Deactivating a VDSL Port..................................................................... 2-18
2.10 Setting VDSL Port Aggregation ..................................................................................... 2-18
2.11 VDSL Remote Equipment Management ....................................................................... 2-19
2.11.1 Enabling/Disabling VDSL Remote Equipment Binding ....................................... 2-19
2.11.2 Enabling/Disabling Automatic Upgrade of VDSL Remote Equipment ................ 2-20
2.12 Resetting the VDSL Port and Chipset ........................................................................... 2-21
2.13 Querying VDSL Port Information ................................................................................... 2-21
2.14 Setting VDSL Port Out-line Test .................................................................................... 2-26
2.15 Setting VDSL Port Loopback ......................................................................................... 2-26
Chapter 3 ADSL Port Configuration ............................................................................................ 3-1

3.1 Overview ............................................................................................................................ 3-1
i

3.3 Setting Maximum Multicast Group Count of a Port ........................................................... 3-2
3.4 Enabling/Disabling Port MAC Address Learning ............................................................... 3-2
3.5 Setting ADSL Port PVC ..................................................................................................... 3-3
3.5.1 PPPoA/IPoA Configuration ..................................................................................... 3-3
3.5.2 Configuring Single PVC on an ADSL ...................................................................... 3-5
3.5.3 Configuring Multiple PVCs on an ADSL Port .......................................................... 3-6
3.6 Setting ADSL Port CAR ................................................................................................... 3-10
3.7 Binding ADSL Port and IP Address ................................................................................. 3-11
3.8 Setting an ADSL Line Profile ........................................................................................... 3-11
3.8.1 Blocking/Unblocking an ADSL Port....................................................................... 3-11
3.8.2 Adding/Deleting/Modifying an ADSL Line Profile.................................................. 3-12
3.8.3 Activating/Deactivating an ADSL Port................................................................... 3-21
3.9 Setting an ADSL Alarm profile ......................................................................................... 3-23
3.9.1 Blocking/Unblocking an ADSL Port....................................................................... 3-23
3.9.2 Adding/Deleting/Modifying an ADSL Alarm profile................................................ 3-23
3.9.3 Binding an ADSL Alarm profile.............................................................................. 3-29
3.9.4 Activating/Deactivating an ADSL Port................................................................... 3-30
3.10 Resetting ADSL Chipset ................................................................................................ 3-30
3.11 Querying ADSL Port Information ................................................................................... 3-31
3.12 Setting ADSL Port Out-line Test .................................................................................... 3-35
3.13 Setting ADSL Port Loopback ......................................................................................... 3-35
Chapter 4 ADSL2+ Port Configuration ........................................................................................ 4-1

4.1 ADSL2+ Line Configuration Profile.................................................................................... 4-1
4.2 ADSL2+ Alarm profile ........................................................................................................ 4-6
4.3 ADSL2+ Port Configuration Commands............................................................................ 4-8
Chapter 5 SHDSL Port Configuration.......................................................................................... 5-1

5.1 Overview ............................................................................................................................ 5-1
5.2 Setting Port Priority Levels ................................................................................................ 5-1
5.3 Setting Maximum Multicast Group Count .......................................................................... 5-2
5.4 Enabling/Disabling MAC Address Learning....................................................................... 5-2
5.5 Setting SHDSL Port PVC................................................................................................... 5-4
5.6 Setting SHDSL Port CAR .................................................................................................. 5-5
5.7 Setting Binding between SHDSL Port & IP Address ......................................................... 5-6
5.8 Setting an SHDSL Line Profile........................................................................................... 5-7
5.8.1 Blocking/Unblocking an SHDSL Port ...................................................................... 5-7
5.8.2 Adding/Deleting/Modifying an SHDSL Line Profile ................................................. 5-7
5.8.3 Activating/Deactivating an SHDSL Port ................................................................ 5-12
5.9 Configuring SHDSL Alarm profile .................................................................................... 5-14
5.9.1 Blocking/Unblocking SHDSL Port ......................................................................... 5-14
5.9.2 Adding/Deleting/Modifying an SHDSL Alarm profile ............................................. 5-14
5.9.3 Binding an SHDSL Alarm profile ........................................................................... 5-17
ii
5.9.4 Activating/Deactivating an SHDSL Port ................................................................ 5-18

5.10 Resetting the SHDSL Port and Chipset......................................................................... 5-19
5.11 Querying SHDSL Port Information................................................................................. 5-19
5.12 Setting SHDSL Port Loopback ...................................................................................... 5-21
Chapter 6 VLAN Configuration .................................................................................................... 6-1

6.1 Overview ............................................................................................................................ 6-1
6.2 Configuring VLAN .............................................................................................................. 6-1
6.3 Configuring a VLAN Interface ............................................................................................ 6-4
6.4 Configuring VLAN Trunk.................................................................................................... 6-5
6.5 VLAN Configuration Examples .......................................................................................... 6-6
6.5.1 Configuring VLAN Interconnection.......................................................................... 6-6
6.5.2 Configuring VLAN Trunk Interconnection ............................................................. 6-11
Chapter 7 Smart VLAN Configuration ......................................................................................... 7-1

7.1 Overview ............................................................................................................................ 7-1
7.2 Creating/Deleting a VLAN.................................................................................................. 7-1
7.3 Setting/Canceling a VLAN as a Smart VLAN .................................................................... 7-1
7.4 Adding an Upstream Port to the Smart VLAN ................................................................... 7-2
7.5 Adding Downstream Ports to the Smart VLAN.................................................................. 7-3
7.6 Querying Smart VLAN Information .................................................................................... 7-4
7.7 Smart VLAN Configuration Examples................................................................................ 7-5
7.7.1 Smart VLAN (Access Mode) ................................................................................... 7-5
7.7.2 Smart VLAN (Trunk Mode)...................................................................................... 7-6
Chapter 8 MUX VLAN Configuration ........................................................................................... 8-1

8.1 Overview ............................................................................................................................ 8-1
8.2 Enabling/Disabling MUX VLAN.......................................................................................... 8-1
8.3 Configure MUX VLAN Configuration Profile ...................................................................... 8-2
8.4 Specifying Upstream Port and Range of Local MUX VLAN .............................................. 8-2
8.5 Specifying Cascading Port and Range of Cascaded MUX VLANs ................................... 8-4
8.6 Setting MUX VLANs for a Specified Interface Board......................................................... 8-5
8.7 Setting the MUX VLAN for a Specified Port ...................................................................... 8-8
8.8 MUX VLAN Configuration Examples ............................................................................... 8-10
8.8.1 Basic MUX VLAN Application ............................................................................... 8-10
8.8.2 MUX VLAN Cascading Application ....................................................................... 8-14
8.8.3 Comprehensive MUX VLAN Application............................................................... 8-19
Chapter 9 STP Configuration ....................................................................................................... 9-1

9.1 Overview ............................................................................................................................ 9-1
9.2 Configuring RSTP.............................................................................................................. 9-7
9.2.1 Enabling/Disabling System RSTP........................................................................... 9-7
9.2.2 Enabling/Disabling Port RSTP ................................................................................ 9-8
9.2.3 Setting Network Diameter ....................................................................................... 9-8
9.2.4 Setting Operating Mode of RSTP............................................................................ 9-9
iii
9.2.5 Setting the Priority of a Specified Bridge ................................................................ 9-9

9.2.6 Setting Forward Delay of Specified Bridge ........................................................... 9-10
9.2.7 Setting Hello Time of a Specified Bridge .............................................................. 9-11
9.2.8 Setting Max. Age of a Specified Bridge ................................................................ 9-11
9.2.9 Setting Maximum Transmission Speed of a Specified Bridge .............................. 9-12
9.2.10 Setting Specified Port as an Edge Port............................................................... 9-12
9.2.11 Setting Path Cost of a Specified Port.................................................................. 9-13
9.2.12 Setting Priority of a Specified Port ...................................................................... 9-13
9.2.13 Enabling/Disabling Point-to-point Link on a Specified Port................................. 9-14
9.2.14 Running mCheck................................................................................................. 9-15
9.2.15 Querying RSTP Information ................................................................................ 9-15
Chapter 10 IGMP Snooping Configuration ............................................................................... 10-1

10.1 Overview ........................................................................................................................ 10-1
10.1.1 IGMP Snooping Principle .................................................................................... 10-1
10.1.2 Implementation of IGMP Snooping ..................................................................... 10-2
10.2 Configuring IGMP Snooping .......................................................................................... 10-4
10.2.1 Enabling/Disabling IGMP Snooping Globally...................................................... 10-5
10.2.2 Setting Aging Time of Multicast Group Member Port.......................................... 10-5
10.2.3 Setting Aging Time of the Router Port ................................................................ 10-6
10.2.4 Setting Maximum Response Time ...................................................................... 10-6
10.2.5 Enabling a User under a Port to Leave an Multicast Quickly.............................. 10-7
10.2.6 Setting the Router Port........................................................................................ 10-8
10.3 Querying IGMP Snooping Information........................................................................... 10-9
10.4 Configuration Example of IGMP Snooping.................................................................. 10-11
10.5 Troubleshooting IGMP Snooping................................................................................. 10-12
Chapter 11 IGMP Proxy Configuration ...................................................................................... 11-1

11.1 Overview ........................................................................................................................ 11-1
11.2 Basic IGMP Proxy Configuration ................................................................................... 11-1
11.2.1 Enabling/Disabling IGMP Proxy .......................................................................... 11-1
11.2.2 Configuring the Master Upstream Port ............................................................... 11-2
11.2.3 Maintaining a Program Library ............................................................................ 11-3
11.2.4 Configuring Parameters for a Multicast Router................................................... 11-7
11.2.5 Configuring the Static Multicast Members of an IGMP Proxy Group.................. 11-9
11.2.6 Querying IGMP Proxy Configurations............................................................... 11-10
11.2.7 Querying Multicast Group Information .............................................................. 11-10
11.3 Configuring Authority Profile-Based Controlled Multicast............................................ 11-12
11.3.1 Configuring Authority Profile ............................................................................. 11-12
11.3.2 Configuration User Authority ............................................................................. 11-17
11.4 Querying the IGMP Proxy Log..................................................................................... 11-20
Chapter 12 Multicast VLAN Configuration................................................................................ 12-1

12.1 Overview ........................................................................................................................ 12-1
iv
12.2 Configuring Multicast VLAN........................................................................................... 12-1

12.2.1 Configuring Upstream Port of the Multicast VLAN.............................................. 12-1
12.2.2 Configuring Downstream Port of Multicast VLAN ............................................... 12-2
12.2.3 Querying the Multicast VLAN .............................................................................. 12-2
12.3 Configuration Example of Multicast VLAN..................................................................... 12-3
Chapter 13 Managed Multicast Configuration.......................................................................... 13-1

13.1 Overview ........................................................................................................................ 13-1
13.2 Configuring Managed Multicast ..................................................................................... 13-1
13.2.1 Enabling/Disabling Managed Multicast ............................................................... 13-1
13.2.2 Configuring Multicast Group Accessibility........................................................... 13-2
13.2.3 Querying the Debugging Information of Managed Multicast............................... 13-3
13.3 Configuration Example of Managed Multicast ............................................................... 13-3
Chapter 14 ACL Configuration................................................................................................... 14-1

14.1 Introduction to ACL ........................................................................................................ 14-1
14.1.1 Overview ............................................................................................................. 14-1
14.1.2 Configuring the Match Order............................................................................... 14-1
14.1.3 ACLs Supported by the MA5300......................................................................... 14-2
14.2 Configuring ACL............................................................................................................. 14-3
14.2.1 Configuring Time-Range ..................................................................................... 14-3
14.2.2 Defining ACL ....................................................................................................... 14-4
14.2.3 Activating an ACL.............................................................................................. 14-12
14.2.4 Querying ACL Information................................................................................. 14-13
14.3 ACL Configuration Example ........................................................................................ 14-13
Chapter 15 QoS Configuration................................................................................................... 15-1

15.1 Overview ........................................................................................................................ 15-1
15.1.1 Traffic Classification ............................................................................................ 15-1
15.1.2 Packet Filtering.................................................................................................... 15-2
15.1.3 Traffic Policing..................................................................................................... 15-2
15.1.4 Port Rate Limit..................................................................................................... 15-2
15.1.5 Redirection .......................................................................................................... 15-2
15.1.6 Priority Tag .......................................................................................................... 15-2
15.1.7 Selecting Egress Queue for the Packets ............................................................ 15-4
15.1.8 Queue Scheduling............................................................................................... 15-4
15.1.9 Traffic Mirroring ................................................................................................... 15-5
15.1.10 Port Mirroring..................................................................................................... 15-5
15.1.11 Traffic Statistics ................................................................................................. 15-6
15.1.12 QoS Implementation ......................................................................................... 15-6
15.2 Configuring QoS ............................................................................................................ 15-6
15.2.1 Configuring Traffic Policing ................................................................................. 15-6
15.2.2 Configuring Port Rate Limit ................................................................................. 15-7
15.2.3 Configuring Packet Redirection........................................................................... 15-7
v
15.2.4 Configuring Priority Tag ...................................................................................... 15-8

15.2.5 Configuring Queue Scheduling ........................................................................... 15-9
15.2.6 Configuring Traffic Mirroring................................................................................ 15-9
15.2.7 Configuring Traffic Statistics ............................................................................. 15-10
15.2.8 Querying QoS Information ................................................................................ 15-11
15.3 QoS Configuration Example ........................................................................................ 15-11
Chapter 16 Cluster Management Configuration....................................................................... 16-1

16.1 Overview ........................................................................................................................ 16-1
16.1.1 Cluster Roles....................................................................................................... 16-2
16.1.2 Functions............................................................................................................. 16-3
16.2 Configuring HDP ............................................................................................................ 16-4
16.2.1 Introduction to HDP............................................................................................. 16-4
16.2.2 Enabling/Disabling Global HDP .......................................................................... 16-5
16.2.3 Enabling/Disabling HDP on a Port ...................................................................... 16-6
16.2.4 Setting HDP Holdtime ......................................................................................... 16-6
16.2.5 Setting HDP Timer .............................................................................................. 16-7
16.2.6 Querying HDP Information .................................................................................. 16-7
16.3 Configuring HTP ............................................................................................................ 16-8
16.3.1 Introduction to HTP ............................................................................................. 16-8
16.3.2 Enabling/Disabling Global HTP........................................................................... 16-9
16.3.3 Enabling/Disabling HTP on a Port....................................................................... 16-9
16.3.4 Setting Topology Collection Range................................................................... 16-10
16.3.5 Setting Delay for the Device to Forward Collection Request............................ 16-11
16.3.6 Setting Delay for the Port to Forward Collection Request ................................ 16-11
16.3.7 Setting Topology Collection Interval ................................................................. 16-12
16.3.8 Starting Topology Information Collection .......................................................... 16-12
16.3.9 Querying HTP Information ................................................................................ 16-13
16.4 Configuring a Cluster ................................................................................................... 16-14
16.4.1 Introduction to the Cluster ................................................................................. 16-14
16.4.2 Enabling/Disabling Cluster Function ................................................................. 16-14
16.4.3 Configuring Cluster IP Address Pool ................................................................ 16-15
16.4.4 Setting the Cluster Name .................................................................................. 16-16
16.4.5 Adding/Deleting a Cluster Member ................................................................... 16-17
16.4.6 Enabling Cluster Auto-Setup............................................................................. 16-18
16.4.7 Setting Cluster Holdtime ................................................................................... 16-19
16.4.8 Setting the Handshaking Message Interval ...................................................... 16-19
16.4.9 Configuring Remote Control over Member Devices ......................................... 16-20
16.4.10 Configuring FTP/TFTP Server, SNMP and Log Hosts for a Cluster............... 16-21
16.4.11 Configuring Member Accessing ...................................................................... 16-22
16.4.12 Querying Cluster Information .......................................................................... 16-23
16.5 Configuration Example of Cluster Management.......................................................... 16-24
vi
Chapter 17 802.1x Configuration ............................................................................................... 17-1

17.1 Overview ........................................................................................................................ 17-1
17.1.1 Introduction to 802.1x.......................................................................................... 17-1
17.1.2 802.1x System Architecture ................................................................................ 17-1
17.1.3 802.1x Authentication Process............................................................................ 17-2
17.1.4 Implementing 802.1x on MA5300 ....................................................................... 17-4
17.2 Configuring 802.1x......................................................................................................... 17-4
17.2.1 Enabling/Disabling 802.1x................................................................................... 17-4
17.2.2 Setting Port Access Control Mode ...................................................................... 17-5
17.2.3 Setting Port Access Control Method ................................................................... 17-5
17.2.4 Setting Number of Users Per Port....................................................................... 17-6
17.2.5 Enabling/Disabling DHCP Trigger Authentication............................................... 17-6
17.2.6 Setting the Authenticator-to-Supplicant Frame-Retry Times .............................. 17-6
17.2.7 Configuring Timer Parameters ............................................................................ 17-6
17.3 802.1x Configuration Example....................................................................................... 17-7
Chapter 18 AAA and RADIUS Configuration ............................................................................ 18-1

18.1 AAA and RADIUS Overview .......................................................................................... 18-1
18.1.1 Introduction to AAA ............................................................................................. 18-1
18.1.2 Introduction to RADIUS....................................................................................... 18-1
18.1.3 Implementing AAA/RADIUS on MA5300 ............................................................ 18-2
18.2 Configuring AAA ............................................................................................................ 18-3
18.2.1 Setting Authen/Author Scheme........................................................................... 18-3
18.2.2 Setting Accounting Scheme ................................................................................ 18-5
18.2.3 Creating/Deleting ISP Domain ............................................................................ 18-5
18.2.4 Configuring a User .............................................................................................. 18-9
18.3 Configuring RADIUS.................................................................................................... 18-11
18.3.1 Creating/Deleting a RADIUS server group ....................................................... 18-11
18.3.2 Setting IP Address and Port Number of RADIUS Server ................................. 18-12
18.3.3 Setting Encryption Key of RADIUS Packet ....................................................... 18-13
18.3.4 Setting Response Timeout Timer of RADIUS Server ....................................... 18-13
18.3.5 Setting Retransmit Times of RADIUS Request Packet .................................... 18-13
18.3.6 Setting the Realtime Accounting Interval .......................................................... 18-14
18.3.7 Setting Maximum Failure Count of Realtime Accounting Request ................... 18-15
18.3.8 Setting Maximum Times for Resending Account-Stop Request....................... 18-15
18.3.9 Setting the RADIUS Server Type...................................................................... 18-16
18.3.10 Setting RADIUS Server State ......................................................................... 18-16
18.3.11 Setting the Format of Username Sent to RADIUS Server .............................. 18-17
18.4 Querying AAA and RADIUS Information ..................................................................... 18-17
18.5 Example of AAA and RADIUS Configuration .............................................................. 18-18
18.6 Fault Diagnosis and Troubleshooting .......................................................................... 18-19
Chapter 19 PITP Configuration .................................................................................................. 19-1

19.1 Overview ........................................................................................................................ 19-1
vii
19.2 Enabling/Disabling PITP ................................................................................................ 19-1

19.3 Setting PITP Ethernet Type ........................................................................................... 19-1
Chapter 20 ISU Configuration .................................................................................................... 20-1

20.1 Introduction to ISU ......................................................................................................... 20-1
20.2 MA5300s ISU Board ..................................................................................................... 20-1
20.3 Configuring the ISU Board............................................................................................. 20-2
Chapter 21 Overview of IP Routing Protocol............................................................................ 21-1

21.1 IP Routing and Routing Table........................................................................................ 21-1
21.1.1 Route and Route Segment.................................................................................. 21-1
21.1.2 Route Selection through the Routing Table ........................................................ 21-2
21.2 Route Management Policy............................................................................................. 21-3
21.2.1 Routing Protocols and Routing Priority ............................................................... 21-3
21.2.2 Load Sharing and Route Backup ........................................................................ 21-4
Chapter 22 Static Route Configuration ..................................................................................... 22-1

22.1 Overview ........................................................................................................................ 22-1
22.1.1 Attributes and Function of Static Route .............................................................. 22-1
22.1.2 Default Route ...................................................................................................... 22-1
22.2 Configuring Static Routes .............................................................................................. 22-2
22.2.1 Configuring a Static Route .................................................................................. 22-2
22.2.2 Configuring a Default Route................................................................................ 22-3
22.2.3 Querying a Static Route ...................................................................................... 22-3
22.3 Example of Static Route Configuration.......................................................................... 22-4
22.4 Static Route Troubleshooting ........................................................................................ 22-5
Chapter 23 OSPF Configuration ................................................................................................ 23-1

23.1 Overview ........................................................................................................................ 23-1
23.1.1 Introduction to OSPF........................................................................................... 23-1
23.1.2 Process of OSPF Route Calculation................................................................... 23-2
23.1.3 OSPF Packets..................................................................................................... 23-2
23.1.4 Related Concepts................................................................................................ 23-3
23.1.5 OSPF Features of the MA5300........................................................................... 23-4
23.2 Configuring OSPF.......................................................................................................... 23-5
23.2.1 Enabling/Disabling OSPF.................................................................................... 23-6
23.2.2 Specifying the Interface and Area ID .................................................................. 23-6
23.2.3 Configuring Router ID ......................................................................................... 23-7
23.2.4 Configuring Network Type on the OSPF Interface.............................................. 23-7
23.2.5 Configuring Cost for Interface Transmit Packets ................................................ 23-9
23.2.6 Setting Interface Priority in DR Election.............................................................. 23-9
23.2.7 Setting the Neighbor ......................................................................................... 23-11
23.2.8 Setting the Transmit Interval of the Hello Packet.............................................. 23-11
23.2.9 Setting the Dead Interval Between Adjacent Routers....................................... 23-12
23.2.10 Setting the LSA Transmit Interval ................................................................... 23-12
viii
23.2.11 Setting the LSA Retransmit Interval Between Adjacent Routers .................... 23-13
23.2.12 Configuring OSPF Stub Area .......................................................................... 23-13
23.2.13 Configure OSPF NSSA ................................................................................... 23-14
23.2.14 Configuring Route Summarization Between Areas......................................... 23-16
23.2.15 Configuring a Virtual Link ................................................................................ 23-17
23.2.16 Configuring Packet Authentication between OSPF Areas.............................. 23-18
23.2.17 Configuring Packet Authentication Mode........................................................ 23-18
23.2.18 Redistributing Routes of Other Protocols........................................................ 23-19
23.2.19 Configuring Parameters for OSPF to Redistribute External Routes ............... 23-20
23.2.20 Redistributing Default Routes into the OSPF Routing Table .......................... 23-21
23.2.21 Setting Route Preference................................................................................ 23-21
23.2.22 Configuring OSPF Route Filtering .................................................................. 23-21
23.2.23 Configuring MTU Filling for an Interface Transmiting DD Packets ................. 23-22
23.2.24 Configuring Sending of OSPF Packets on an Interface.................................. 23-23
23.2.25 Querying OSPF Information............................................................................ 23-23
23.3 OSPF Configuration Examples.................................................................................... 23-24
23.3.1 Configuring DR Election by OSPF Preference ................................................. 23-24
23.3.2 Configuring OSPF Virtual Links ........................................................................ 23-26
23.4 OSPF Troubleshooting ................................................................................................ 23-28
ix
SmartAX MA5300/5303 Broadband Access System Chapter 1 Ethernet Port Configuration
Chapter 1 Ethernet Port Configuration
1.1 Overview
The ETH board and the subboards attached to the ESM board, ETH board and ISU
board can provide the following types of Ethernet ports:
z The 100Base-TX Ethernet port
Working in half-duplex, full duplex or auto-negotiation mode, the 100Base-TX Ethernet
port is designed to offer FE electrical port. It can negotiate with other network devices to
determine the operating mode and transmission rate, greatly simplifying the system
configuration and management.
z The 100Base-FX single mode/multimode Ethernet port
The 100Base-FX single mode/multimode Ethernet port works invariably at 100Mbit/s
and in full duplex mode. The 100Base-FX single mode Ethernet port can provide FE
single mode optical port; the 100Base-FX multimode Ethernet port can provide FE
multimode optical port.
z The 1000Base-SX/LX Ethernet port
The 1000Base-SX/LX Ethernet port works in kilomega full duplex mode. The
1000Base-LX is used to provide kilomega single mode optical port; while the
1000Base-SX is used to provide kilomega multimode optical port.
The MA5300 Ethernet port is numbered in the following way:
The Ethernet port number adopts the format of slot number /sub-slot number /port
number. The slot number is 7 or 8. The sub-slot number is 1 or 2. The FE port number
ranges 0 3. The GE port number ranges 0 1.
The MA5303 has 7 slots, among which slot 7 only houses the ESM board, while slots 1
6 house various service boards.
The MA5303 Ethernet port is numbered in the following way:
The Ethernet port number adopts the format of slot number /sub-slot number /port
number. The slot number is 7; the sub-slot number is 1 or 2; the FE port number ranges
0 3; the GE port number ranges 0 1.
Configuration of all the above Ethernet ports are generally the same, which mainly
involves:
z Setting port physical properties
z Setting port flow control
1-1
z Setting port broadcast storm suppression ratio

z Setting port priority level
z Setting maximum multicast group counts of a port
z Setting port aggregation
z Enabling/Disabling long frames on an Ethernet port
z Enabling/Disabling Ethernet port
z Querying Ethernet port
Note:
The working mode of the 100Base-FX single mode/multimode Ethernet port is set by the system as
non-auto-negotiation, 100Mbit/s, full duplex. It is not allowed to modify these settings. For the
1000Base-SX/LX Ethernet port working in full duplex, you can choose full (full duplex) or auto
(auto-negotiation) for its working mode.
1.2 Setting Port Physical Properties
I. Setting duplex mode of Ethernet port
The available duplex modes of an Ethernet port include: full duplex, half-duplex and
auto negotiation.
When setting two interconnected devices, make sure that the setting for one of them
should be consistent with that of the other. Connecting a port supporting
auto-negotiation with one not supporting auto-negotiation may cause faults.
Use the command duplex to set the duplex mode of a port. The default duplex mode
is auto. The working mode of the 100Base-FX multi-mode/single mode optical port is
set by the system as full duplex. It is not allowed to modify these settings. The
1000Base-SX/LX kilomega optical port works in full duplex mode. You can set the
working mode as full or auto.
MA5300(config-if-Ethernet7/2/0)#duplex full
II. Setting Ethernet port rate
The FE electrical port supports 10Mbit/s and 100Mbit/s. The default rate setting of the
port is auto. The rate of 100Mbit/s is recommended. The FE multimode/single mode
optical port only supports 100Mbit/s. While the GE optical port only supports
1000Mbit/s. Both of them are not allowed to be set. If you intend to set the transmission
rate, the system will prompt you with Not supported.
MA5300(config-if-Ethernet7/2/0)#speed 100
1-2
III. Enabling/Disabling jumbo frame
By default, jumbo frame is enabled. It means the MA5300 is able to receive a packet
smaller than 1600 bytes.
When jumbo frame is disabled, the MA5300 is able to receive a packet smaller than
1522 bytes.
MA5300(config-if-Ethernet7/2/0)#jumboframe disable
IV. Setting Ethernet port network cable type
The FE electrical port adopts straight through network cable and cross-over network
cable.
Use the command mdi to set the cable type. The default network cable type is auto
(auto-adaptive). Such setting only works for the FE electrical port.
MA5300(config-if-Ethernet7/2/0)#mdi auto
1.3 Setting Port Flow Control
When the traffic exceeds a certain level, the MA5300 will send frames to inform the
remote PC to reduce the traffic so as to reduce the packet loss rate. The process
involved is called flow control.
To enable flow control function requires the supports from both the MA5300 and the
remote PC. If both of them support flow control, it will be enabled. If the remote PC fails
to support the flow control, it is disabled. By default, the port flow control is disabled.
Use the command flow-control to enable port flow control or the command no
flow-control to disable it.
MA5300(config-if-Ethernet7/2/0)#no flow-control
1.4 Setting Port Broadcast Storm Suppression
When the broadcast traffic exceeds a preset threshold, the system will discard some
broadcast packets until the broadcast traffic falls into the acceptable range. This is to
ensure the normal network services. The process involved is called broadcast storm
suppression.
We use the maximum percentage of linear broadcast rate at the port as the reference
parameter. The smaller the percentage is, the less broadcast traffic is allowed to pass
through a port. The broadcast storm suppression is disabled when the percentage
reaches 100%. It is recommended that you enable/disable the broadcast storm
suppression based on the specific network conditions.
1-3
To set broadcast storm suppression, use the command switchport

broadcast-suppression.
To restore the default setting, use the no form of the command.

MA5300(config-if-Ethernet7/2/0)#switchport broadcast-suppression 100
1.5 Setting Port Priority Level
The Ethernet port supports eight priority levels and four forwarding queues. The system
sends packets to the associated queues based on their priority levels:
z Packets assigned with the priority levels 0 and 1 are sent to the low priority queue.
z Packets assigned with the priority levels 2 and 3 are sent to the general-priority
queue.
z Packets assigned with the priority levels 4 and 5 are sent to the medium priority
queue.
z Packets assigned with the priority levels 6 and 7 are sent to the high priority
queue.
By doing so, packets assigned with different priority levels are treated with different
quality of service (QoS) guarantees.
The default port priority level is 0.
Use the command priority to set the priority level of a port, or the command no priority
to restore the default setting.
MA5300(config-if-Ethernet7/2/0)#priority 0
1.6 Setting Maximum Multicast Group Counts
The MA5300 supports 255 multicast groups. By controlling the number of multicast
groups allowed to be added to a port, the system can effectively avoid any malicious
attack. By default, up to two multicast groups are supported.
Use the command multicast max-group-count to set the maximum number of

multicast groups for a port, or the command no multicast max-group-count to restore
the default setting, or the command show interface to view the settings.
MA5300(config-if-Ethernet7/2/0)#multicast max-group-count 2
Set max-group number of Ethernet7/2/0 to:2 successfully
1.7 Setting Port Aggregation
Several Ethernet ports can be aggregated so that the input/output load can be
distributed among them. The MA5300 supports one aggregated group, which can have
up to eight Ethernet ports at the same rate. These member ports must be numbered
1-4
successively and the start port number needs to be smaller than the ending port
number Aggregation of ports at different slots is not supported.
I. Setting the parameters of aggregated ports
Ports to be aggregated should have the same rate settings, and work simultaneously in
duplex mode.
II. Enabling/disabling port aggregation
Use the command link-aggregation to enable Ethernet port aggregation, and the
command no link-aggregation to disable Ethernet port aggregation.
MA5300(config)#link-aggregation Ethernet7/2/0 to Ethernet7/2/1
ingress-egress
III. Querying information on port aggregation
Use the command show link-aggregation to view information on port aggregation,

which may include the master port name, other member port names, and the working
mode.
MA5300(config)#show link-aggregation Ethernet7/2/0
Master port: Ethernet7/2/0
Other sub-ports:
Ethernet7/2/1
Mode: ingress-egress
1.8 Querying Ethernet Port Information
Use the command show interface to view the information on a port, which may include
the port type, port status, duplex state, port rate, flow control, broadcast storm
suppression ratio, and port aggregation state.
MA5300(config)#show interface e7/2/0
Ethernet7/2/0 is down
Hardware is Fast Ethernet, Hardware address is 00e0.fc00.0009
Auto-duplex, 100M, 100_ISUE_TX
Flow control is disabled
Broadcast max-ratio is 15%
PVID is 3
Priority is 0
1-5
Mdi type: auto

Max multicast group count: 2
Port mode: access
Tagged VLAN ID: none
Untagged VLAN ID: 3
160 packets output, 0 packets/sec, 0 bytes/sec
57648 bytes, 136 multicasts, 4 broadcasts, 0 pauses
118 packets input, 0 packets/sec, 0 bytes/sec
0 CRC errors
0 long frames
The command clear interface can be used to clear port information. If neither port type
nor port ID is specified, it will clear the information on all ports in the equipment; if both
the port type and port ID are provided, it only clears the information on the specified
port.
MA5300(config)#clear interface e7/2/0
1.9 Enabling/Disabling Long Frames on an Ethernet port
Use the command jumboframe disable to disable long frames on an Ethernet port.
If the long frame is enabled, the Ethernet port can receive a frame within 1600 bytes. If
the long frame is disabled, the Ethernet port can receive a frame within 1522 bytes. The
default setting is no jumboframe disable, namely, the long frame is enabled.
This example shows how to enable long frames.

MA5300(config-if-Ethernet7/2/0)#no jumboframe disable
This example shows how to disable long frames.

MA5300(config-if-Ethernet7/2/0)#jumboframe disable
1-6
SmartAX MA5300/5303 Broadband Access System Chapter 2 VDSL Port Configuration
Chapter 2 VDSL Port Configuration
2.1 Overview of VDSL Port Configuration
The MA5300 can provide VDSL access service. It supports 14 EVDA boards. Each
EVDA board can provide 24 VDSL ports. Each frame can offer access for 336 channels
of VDSL services. The EVDA board can reside in any of the 14 service board slots in
the MA5300 frame.
The VDSL port is numbered in the format of slot number/subslot number/port number.
The slot number ranges 0 6 and 9 15; the sub-slot number is 0; and the port number
ranges 0 23.
VDSL modes include:

z VDSL port mode
The VDSL port mode is for setting VDSL port on individual basis. You can enter the
desired VDSL port mode by running the command interface in global mode.
This example shows how to enter the VDSL board mode for the port 0 of the board in
slot 3.
MA5300(config)#interface vdsl3/0/0
MA5300(config-if-vdsl3/0/0)#
z VDSL board mode
The VDSL board mode is for setting a VDSL board specifically. You can enter the
desired VDSL board mode by running the command board-vdsl in global mode.
This example shows how to enter the board mode for the VDSL board in slot 3.
MA5300(config)#board-vdsl 3
MA5300(config-board-vdsl3)#
2.2 Setting VDSL Port Ethernet Parameters
I. Setting VDSL port duplex
Use the command duplex to set the duplex properties of a VDSL port, including full
duplex, half duplex and auto-negotiation. As the duplex state of a port is required to be
the same as that of the PC connected at the far end, which is usually set as
auto-negotiation, the port is generally set as auto-negotiation. The default setting,
namely auto-negotiation, is recommended.
2-1
MA5300(config-if-vdsl3/0/0)#duplex auto
II. Setting VDSL port Ethernet rate
Use the command speed to set the Ethernet rate of a VDSL port. The Ethernet rate for
a VDSL port can be either of 10Mbit/s, 100Mbit/s or auto-negotiation. As the Ethernet
rate of a port is required to be the same as that of the PC connected at the far end,
which is usually set as auto-negotiation, the port is generally set as auto-negotiation.
The default setting, namely auto-negotiation, is recommended.
MA5300(config-if-vd3/0/0)#speed auto
2.3 Setting Port Traffic Control
When the traffic exceeds the acceptable level, the equipment will send frames to inform
the remote PC to reduce the traffic so as to cut the packet loss rate. The process
involved is called traffic control. To enable traffic control function requires the supports
from both the MA5300 and the remote PC. If both of them support the traffic control, it is
generally enabled; if the remote PC fails to support the traffic control, it is disabled. By
default, the port traffic control is disabled.
Use the command flow-control to enable the port traffic control, or the command no
flow-control to disable it.
MA5300(config-if-Vdsl3/0/0)#no flow-control
2.4 Setting Port Multicast Storm Suppression
When the broadcast traffic exceeds the preset threshold, the system will discard some
broadcast packets until the percentage of broadcast traffic falls into the acceptable
range. This is to ensure the normal network services. The process involved is called
broadcast storm suppression. We use the maximum percentage of linear broadcast
rate at a port as the reference parameter. The smaller the percentage is, the less the
broadcast traffic is allowed to pass through the port. The broadcast storm suppression
is disabled when the percentage reaches 100%. It is recommended that you
enable/disable the broadcast storm suppression based on the specific network
conditions.
Use the command switchport broadcast-suppression to set broadcast storm

suppression, or the command no switchport broadcast-suppression to restore the
default setting.
MA5300(config-if-Vdsl3/0/0)#switchport broadcast-suppression 100
2-2
The Ethernet port supports eight priority levels and four forwarding queues. The system
sends packets to the associated queues based on their priority levels in this way:
z Packets with the priority levels 0 and 1 are sent to the low priority queue.
z Packets with the priority levels 2 and 3 are sent to the general-priority queue.
z Packets with the priority levels 4 and 5 are sent to the medium priority queue.
z Packets with the priority levels 6 and 7 are sent to the high priority queue.
By doing so, packets assigned with different priority levels are treated with different
quality of service (QoS) guarantees. The default port priority level is 0.
To set the priority level of a port, use the command priority. To restore the default
setting, use the command no priority.
MA5300(config-if-Vdsl4/0/0)#priority 0
2.6 Setting Maximum Multicast Group Counts
groups allowed to be added to a port, the system can effectively avoid any malicious
attack. By default, up to two multicast groups are supported.

the default setting, or the command show interface to view the settings.
MA5300(config-if-Vdsl4/0/0)#multicast max-group-count 2
Set max-group number of Vdsl4/0/0 to:2 successfully.
2.7 Enabling/Disabling Port MAC Address Learning
The MA5300 is capable of limiting the address number involved in VDSL port address
learning so as to control the total number of users allowed to access it. You can
enable/disable the MAC address learning limitation, and set the maximum number of
MAC addresses allowed to be learned.
I. Enabling port MAC address learning limitation
You can enable/disable the MAC address learning limitation depending on the actual
requirement. By default, the port MAC address learning limitation is enabled.
In global mode, you can use the command no mac-address-table max-mac-count

no-limit to enable the port address learning limitation for the specified VDSL board.
MA5300(config)#no mac-address-table max-mac-count no-limit slot 4
2-3
II. Setting the maximum number of MAC addresses allowed to be learned
When the MAC address learning limitation is enabled, you can use the command
mac-address-table max-mac-count to set the number of MAC addresses allowed to
be learned, or the command no mac-address-table max-mac-count to restore the
default setting. The default value is 2.
In global mode, you can configure the port table:

MA5300(config)#mac-address-table max-mac-count 2 vdsl4/0/0 to vdsl4/0/6
In VDSL port mode, you can only configure an individual port:

MA5300(config-if-Vdsl4/0/7)#mac-address-table max-mac-count 2
If you do not want to impose limitation on the VDSL port address learning, use the
command mac-address-table max-mac-count no-limit to disable the MAC address
learning limitation for ports of a specified VDSL board. Upon the completion of this
setting, you can use the command show interface to verify the setting.
2.8 Setting a VDSL Line Profile
2.8.1 Blocking/Unblocking a VDSL Port
When operating in the deactive state, a port cannot transmit data. Moreover, it is not
allowed to be operated. After the port is unblocked, it is still in the deactive state. It will
not be in the active state until you run a command to activate it.
If a port is blocked, you need to run a command to unblock it before you can activate it
and set up service channels. By default, all ports of the MA5300 VDSL boards are in the
deactive state without additional unblocking operation.
Use the command (no) block to unblock/block a VDSL port, and use the command (no)
block all to unblock/block all ports. Next, use the command show interface to view
the status of the VDSL port, which is in the deactive state.
MA5300(config-board-vdsl4)#no block all
Note:
A VDSL port can be in any of blocked state, activating state, active state, deactivating state, or deactive
state. Use the command show interface state to view its current state. Figure 2-1 illustrates the relations
between these states.
2-4
no block activate
blocked deactive active
block deactivate
block
Figure 2-1 Status transfer
2.8.2 Adding/Deleting/Modifying a VDSL Line Profile
The parameters of a VDSL line profile include the upstream/downstream line rate,
upstream/downstream interleave depth, signal-to-noise ratio (SNR) margin, and so on.
When a port is activated, the system will negotiate with the office end and remote end to
determine whether the port can work normally under above conditions. In practice, the
settings for all ports are roughly the same. Therefore MA5300 provides the VDSL line
profile to ease the port configuration. Once the line profile is made available, it can be
used to activate a port directly.
I. Adding a VDSL line profile
To add a VDSL line profile, use the command vdsl line-profile add.
Note:
VDSL board (EVDA) is designed with a default VDSL line profile. It is named LINE-PROFILE-1, and
numbered 1. By default, the system adopts the LINE-PROFILE-1 profile for port activation.
To configure a VDSL profile, you can follow the procedures as shown in Figure 2-2.
2-5
Configuring a VDSL
line profile
Setting the profile No.
Setting VDSL line training mode
Setting max. downstream bit rate
Setting max. upstream bit rate
Setting max. downstream interleave depth
Setting max. upstream interleave depth
Setting max. downstream SNR margin
Setting max. upnstream SNR margin
Whether to set downstream PSDmask
Whether to set upstream PSDmask
Adding profile successfully
Figure 2-2 Procedures of configuring VDSL profile
The following describes the details for configuring the VDSL line profile.
1) Set VDSL line profile number.
MA5300(config)#vdsl line-profile add 2
Start profile 2 adding.
During input, press 'CTRL+C' to quit, and then settings at this time are
neglected.
You can enter a profile number or press <Enter> to enable the system to allocate a
profile number. As the profile number is unique, you can delete or modify a VDSL line
profile by its profile number.
2) Select bandplan.
The available bandplans include 0-PLAN997, 1-PLAN998, 2-CHINA-3BAND,
3-ADSL-MODE and 4-10BASE-S. The system only supports PLAN998 and 10BASE-S
2-6
currently. If you select others, the system will prompt that the selected one is not
supported and require you to enter a new one. If you enter 4, the system will adopt the
procedure for configuring VDSL.
3) Enable/Disable VDSL line auto-training.
> VDSL link auto train 1-enable 2-disable (1 2)[1]:
When the auto training is enabled, the link will try to operate at the set rate while
maintaining the SNR margin. The training may lead to the link rate being lower than or
equal to the expected rate. If the link working at the lowest rate is still not able to meet
the expected SNR requirement, it will be disconnected. When the auto training is
disabled, the link will turn the set rate into the expected rate. If the link fails to reach the
expected rate, it will be disconnected, regardless of the SNR. You are recommended to
enable the auto training.
4) Set the maximum downstream bit rate.
> Target bit rate downstream (780 25000 kbps) [12500]:
In the process of setting up VDSL connection, if the line is in good conditions, and the
calculated downstream rate of a VDSL line is higher than the maximum value set, the
bit rate will be limited to the set value. Meanwhile, the downstream noise margin will
increase. If the line is in poor condition, and the calculated downstream bit rate is lower
than the set maximum bit rate, the system will set up the VDSL connection at the
calculated bit rate, while maintaining the target downstream noise margin. To ensure
VDSL connection stability, you are recommended to set the maximum downstream rate
at 12500kbit/s.
5) Set the maximum upstream bit rate.
> Target bit rate upstream (780 25000 kbps) [12500]:
For more details, refer to the above descriptions.

6) Set the maximum downstream interleave depth.
> Target downstream interleaved depth 0,1,2,8,16 (0 16) [1]:
The interleave depth is closely related to the stability of VDSL connection and
transmission delay. It can change the low-resistance impulse noise spectrum in the link,
thus affecting the equipments error correction capability. The larger the interleave
depth, the more powerful the link error correction capability, and the longer the link
transmission delay. It is recommended that you set the interleave depth to 1.
7) Set the maximum upstream interleave depth.
> Target upstream interleaved depth 0,1,2,8,16 (0 16) [1]:

8) Set the minimum downstream SNR margin.
> Signal to noise ratio margin downstream: precision 0.1dB(0.0 31.0 dB) [6.0]
The target SNR margin refers to the SNR margin preserved to maintain the normal data
communication at the time of the line noise deteriorating. The larger the target SNR
2-7
margin, the lower the chance of error occurrence in data transmission, and the more
secure the system will be. Conversely, the larger the SNR margin, the smaller the
achievable maximum rate.
In practice, the expected upstream/downstream SNR margin should be adjusted based

on the line conditions. For high-quality lines, you can set it with a smaller target noise
margin to ensure high line rate. While for poor-quality lines, you can set it with a larger
target noise margin to ensure higher link stability.
9) Set the minimum upstream SNR margin.
> Signal to noise ratio margin upstream:precision 0.1dB(0.0 31.0 dB) [6.0]:

10) Set whether to set downstream PSDmask.
> Will you set downstream PSDMask?(y/n)[n]:
To avoid affecting other equipment, the transmit power of a device in each frequency is
usually required to be equal to or lower than the specified value. If a VDSL device is
likely to interfere with other equipment, its transmit power in some frequencies should
be reduced.
The radio wave band filtering function is used to reduce the performance of the
equipment. This can avoid interfering with other equipment. As the use of radio wave
band filtering may diminish the usable VDSL frequencies and greatly reduce the VDSL
transmission performance, you are recommended to disable the radio wave filtering
function.
11) Set whether to set upstream PSDmask.
> Will you set upstream PSDMask?(y/n)[n]:
With the above settings, VDSL profile configuration succeeds when the system
displays the following:
Add profile 2 successfully.
II. Deleting a VDSL line profile
To delete a designated VDSL profile, use the command vdsl line-profile delete.
However, when deleting a VDSL profile bound with a port, you have to unbind this
profile first, and then use the command to delete it.
Note:
The default VDSL line profile (numbered 1) cannot be deleted.
MA5300(config)#vdsl line-profile delete 2
2-8
The vdsl line config profile will be deleted.

Are you sure?[Y/N]y
The vdsl line config profile 2 has been removed successfully.
III. Modifying a VDSL line profile
To modify a specified VDSL line profile, use the command vdsl line-profile modify.
The detailed procedures involved are similar to those of adding a VDSL profile.
MA5300(config)#vdsl line-profile modify 2
Start modifying profile 2.
neglected.
> VDSL link auto train 1-enable 2-disable (1 2)[1]:
> Target bit rate downstream (780 25000 kbps) [12500]:
> Target bit rate upstream (780 25000 kbps) [12500]:
> Target downstream interleaved depth 0,1,2,8,16 (0 16) [1]:
> Target upstream interleaved depth 0,1,2,8,16 (0 16) [1]:
> Signal to noise ratio margin downstream:precision 0.1dB(0.0 31.0 dB) [6.0]:
> Signal to noise ratio margin upstream:precision 0.1dB(0.0 31.0 dB) [6.0]:
> Will you set downstream PSDMask?(y/n)[n]:n
Modify profile 2 successfully
Attention: To effect the modification will disconnect the VDSL interface
which use this template for a few seconds!
Do you want to make it effect? (y/n)[n]:n
It will take effect after VDSL interface deactive and active again!
Upon the completion of the VDSL line profile configuration, the system will prompt you
whether to validate the profile configurations immediately. If yes, the system will
interrupt all VDSL ports using this profile for several seconds; if not, you can validate it
by deactivating the ports first and then activating them. Board resetting can also
validate a modified profile.
The default line profile numbered 1 cannot be modified at will.
IV. Querying VDSL line profile
Using the command show vdsl line-profile, you can choose to show a specified VDSL
line profile or all VDSL line profiles. When a VDSL line profile is specified, all
information about the profile is displayed.
This example shows the default VDSL line profile.

MA5300(config)#show vdsl line-profile 1
Following are all items of the VDSL template 1:
2-9
template name : LINE-PROFILE-1

planned down-stream rate(Kbps) : 12500
planned up-stream rate(Kbps) : 12500
SNR margin downstream(dB) : 6.0
SNR margin upstream(dB) : 6.0
planned down-stream interleave depth : 1
planned up-stream interleave depth : 1
auto train mode : enable
setting of down-stream PSDMask : None
setting of up-stream PSDMask : None
Note:
The profile is the default VDSL line profile. Its parameter settings are shown above.
This example shows all the VDSL line profiles.

MA5300#show vdsl line-profile all
The 10BASE S line config profile info:

Index Template Name DownStream UpStream DownSnr UpSnr AutoTrain
Rate(Kbps)Rate(Kbps) Margin(dB)Margin(dB)
-------------------------------------------------------------------------
1 LINE-PROFILE-1 12500 12500 6.0 6.0 enable
The PLAN998 line config profile info:
Idx Profile Name Downstream Upstream
===================================================================
| Adaptive | MaxRate(kbps) | Adaptive | MaxRate(kbps)
| Mode | | Mode |
-------------------------------------------------------------------
2 LINE-PROFILE-2 enable 4160 enable 4160
3 LINE-PROFILE-3 disable 5000 enable 5000
2.8.3 Activating/Deactivating a VDSL Port
Before transmitting services, a VDSL port should be activated. Activation refers to the
training between the VDSL Transceiver Unit, Central Office end (VTU-C) and the VDSL
Transceiver Unit, Remote end (VTU-R).
During the training process, the line distance and line status will be checked based on
parameters included in the line profile, such as the specified upstream/downstream line
rates, noise margin. The VTU-C negotiates with the VTU-R to confirm whether the
2-10
MA5300 can work normally in the aforementioned conditions. If the training succeeds,
the VTU-C can communicate with the VTU-R and is ready for transmission (namely in
port activation state).
For an online Customer Premises Equipment (CPE), the activation process ends when
the training completes. The communication terminates after the CPE gets offline. At
this moment, the VTU-C is in listening state. Once the CPE gets online again, the
training process will begin automatically, and the port will be activated after the training
succeeds.
In board mode, you can use the command activate to activate a VDSL port, or the
command activate all to activate all ports in the board. If no line profile number is
entered, use the profile which was bound with the port last time to activate the port.
MA5300(config-board-vdsl4)#activate
{ all<K>|INTEGER<0,23> }:all //Activate all ports in the VDSL board in
slot 4.
{ <cr>|INTEGER<1,16> }:1 //Bind the line profile 1.
MA5300(config-board-vdsl4)#activate
{ all<K>|INTEGER<0,23> }:0 //Activate the port 0 of the VDSL board in
slot 4.
In global mode, you can use the command vdsl activate to activate the VDSL port list
and VDSL ports of a specified board, or the command vdsl activate all to activate all
ports at one time.
MA5300(config)#vdsl activate
{ all<K>|INTEGER<0,15>|Vdsl<K> }:all //Activate all ports of VDSL boards.
{ all<K>|INTEGER<0,15>|Vdsl<K> }:4 //Activate all VDSL ports of the board
in slot 4.
{ <cr>|INTEGER<1,16> }:1 //Bind line profile 1.
{ all<K>|INTEGER<0,15>|Vdsl<K> }:vdsl4/0/0
{ <cr>|to<K>|Vdsl<K>|INTEGER<1,16> }:to
{ Vdsl<K> }:vdsl4/0/12 //Activate ports vdsl4/0/0 vd4/0/12.
{ <cr>|Vdsl<K>|INTEGER<1,16> }:1 //Bind the line profile 1.
In board mode, you can use the command deactivate to deactivate a VDSL port, or the
command deactivate all to deactivate all ports in the board at one time.
MA5300(config-board-vdsl4)#deactivate all //Deactivate all VDSL ports of the
board in slot 4.
2-11
MA5300(config-board-vdsl4)#deactivate 0 //Deactivate the number 0 VDSL port

of the board in slot 4.
In global mode, you can use the command vdsl deactivate to deactivate the VDSL
port list and VDSL ports of a specified board, or the command vdsl deactivate all to
deactivate all ports at one time.
MA5300(config)#vdsl deactivate all //Deactivate all VDSL ports in all
boards.
MA5300(config)#vdsl deactivate 4 //Deactivate all VDSL ports in the board
in slot 4.
MA5300(config)#vdsl deactivate vdsl4/0/0 to vdsl 4/0/12 //Deactivate ports
vdsl4/0/0 vdsl 4/0/12.
When a VDSL port is deactivated, the communication between the ADSL Transceiver
Unit, Remote end (ATU-R) and the ADSL Transceiver Unit, Central Office end (ATU-C)
terminates. To enable service transmission, you should re-activate the first.
2.9 Setting a VDSL Alarm profile
2.9.1 Blocking/Unblocking a VDSL Port
For more details, refer to 2.8.1 Blocking/Unblocking a VDSL Port.
2.9.2 Adding/Deleting/Modifying a VDSL Alarm profile
The VDSL alarm profile is used to set alarm thresholds, count and supervise the
performances of an active VDSL line. Upon the occurrence of threshold crossing, it will
inform the equipment of the event, and send alarms to the log host and the NMS.
However, if all parameters of an alarm profile are set as 0, it will not generate any
threshold alarm. In practice, as most of the ports share these settings, the VDSL alarm
profile is provided in the MA5300 system. When the profile is set successfully, it can be
used to activate a port directly.
I. Adding a VDSL alarm profile
To add a VDSL alarm profile, use the command vdsl alarm-profile add.
Note:
The MA5300 is designed with a VDSL alarm profile. It is named as ALARM-PROFILE-1, and numbered 1.
By default, the system uses this profile for port activation.
2-12
To establish a VDSL alarm profile, you need to set the downstream/upstream alarm
threshold parameters.
Alarm parameter descriptions:

1) Set VDSL line profile index.
MA5300(config)#vdsl alarm-profile add 2
You can enter a profile number or press <Enter> to enable the system to designate a
number for it. As the profile number is unique, all VDSL alarm profiles are deleted and
modified by their respective number.
2) Enable/Disable downstream line alarm threshold parameter setting.
neglected.
> Will you set threshold for modem at near end of line? (y/n)[n]:y
You can select n to disable downstream line alarm threshold setting and turn to 8).
If you select y to enable this setting, the system will prompt you to:
3) Set the threshold for the downstream 15-minute frame second loss.
> [atuc thresh-15-min-lofs] The number of loss of frame seconds within any given
15-minute performance data collection period (0 900) [0]:
Within any given 15-minute performance data collection period, the threshold-crossing
of downstream frame second loss will result in alarm reporting. By far, you are not
required to set this parameter as setting for it is disabled.
4) Set the threshold for the 15-minute signal second loss in the downstream
direction.
> [atuc thresh-15-min-loss] The number of loss of signal seconds within any
given 15-minute performance data collection period (0 900) [0]:
of downstream signal second loss will result in alarm reporting.
5) Set the threshold for loss of power seconds within 15 minutes at the office end.
> [atuc thresh-15-min-lprs] The number of loss of power seconds within any given
of office-end power second loss will result in alarm reporting. By far, you are not
required to set this parameter as this setting is disabled.
6) Set the threshold for number of loss of errored seconds within 15 minutes in the
downstream direction.
> [atuc thresh-15-min-ess] The number of loss of errored seconds within any
Within any given 15-minute performance data collection period, threshold-crossing of

downstream errored second loss will result in alarm reporting.
2-13
7) Enable/Disable downstream initialization failure reporting.

> [atuc init failure trap]Enables and disables the InitFailureTrap 1-enable
2-disable (1 2) [2]:
You can set it as enable to enable the line initialization failure reporting.
8) Enable/disable upstream alarm threshold parameter setting.
> Will you set threshold for modem at remote end of line? (y/n)[n]:y
You can select n to disable the upstream alarm profile configuration and turn to 2).
9) Set the threshold for number of loss of frame seconds within 15 minutes in the
upstream direction.
> [atur thresh-15-min-lofs] The number of loss of frame seconds within any given
For more details, refer to 3).

10) Set the threshold for signal second loss within 15 minutes in the upstream
direction.
> [atur thresh-15-min-loss] The number of loss of signal seconds within any

11) Set the threshold for number of loss power seconds within 15 minutes at the
remote end.
> [atur thresh-15-min-lprs] The number of loss of power seconds within any given

upstream direction.
> [atur thresh-15-min-ess] The number of loss of errored seconds within any

> [atur init failure trap]Enables and disables the InitFailureTrap 1-enable
2-disable (1 2) [2]:
With the above procedures, the system displays:

Add profile 2 successfully
This indicates success in adding a VDSL alarm profile.
2-14
By far, the MA5300 allows you to set the upstream/downstream signal second loss
threshold, upstream/downstream errored second threshold and initialization failure
reporting.
II. Deleting a VDSL alarm profile
To delete a specified VDSL alarm profile, use the command vdsl alarm-profile delete.
Note:
The default VDSL alarm profile (numbered 1) cannot be deleted.
MA5300(config)#vdsl alarm-profile delete 2

The vdsl alarm profile will be deleted.
Are you sure?[Y/N]y
The vdsl alarm profile 2 has been removed successfully.
III. Modifying a VDSL alarm profile
To modify a specified VDSL alarm profile, use the command vdsl alarm-profile modify.
The procedure involved is similar to that of setting a VDSL alarm profile.
MA5300(config)#vdsl alarm-profile modify 2
neglected.
2-disable (1 2) [2]:
2-15
> [atur init failure trap]Enables and disables the InitFailureTrap 1-enable
2-disable (1 2) [2]:
Attention: To effect the modification will disconnect the VDSL interface
which use this template for a few seconds!
It will take effect after VDSL interface deactive and active again!
When the profile modification completes, the system will prompt you whether to
validate the profile modification immediately. If yes, the system will interrupt all VDSL
ports using this profile for several seconds; if not, you can validate it by deactivating the
ports first and then activating them. Board resetting can also validate a modified profile.
The default profile which is numbered 1 cannot be modified at will.
IV. Querying VDSL alarm profile information
To query a specified VDSL alarm profile, use the command show vdsl alarm-profile.
This example shows the default VDSL alarm profile.

MA5300(config)#show vdsl alarm-profile 1
Following are all items of the VDSL Alarm-Profile 1:
Alarm-Profile name : ALARM-PROFILE-1
VTU-C thresh-15-min-lofs(s) : 0
VTU-C thresh-15-min-loss(s) : 0
VTU-C thresh-15-min-lprs(s) : 0
VTU-C thresh-15-min-ess(s) : 0
VTU-C init failure trap : DISABLE
VTU-R thresh-15-min-lofs(s) : 0
VTU-R thresh-15-min-loss(s) : 0
VTU-R thresh-15-min-lprs(s) : 0
VTU-R thresh-15-min-ess(s) : 0
VTU-R init failure trap : DISABLE
Note:
The profile is the default alarm profile. Its parameter settings are shown above.
2-16
2.9.3 Binding a VDSL Alarm profile
After setting a VDSL alarm profile, you should bind an alarm profile with a VDSL port.
By default, the port is bound with alarm profile 1.
In board mode, you can use the command alarm-config to bind an alarm profile with a
VDSL port, or the command alarm-config all to complete the alarm profile binding at
one time.
MA5300(config-board-vdsl4)#alarm-config
{ all<K>|INTEGER<0,23> }:all //Bind all ports of the VDSL board in
slot 4.
{ INTEGER<1,16> }:1 //Bind alarm profile 1.
MA5300(config-board-vdsl4)#alarm-config
{ all<K>|INTEGER<0,23> }:0 //Bind the port 0 of the VDSL board in
slt 4.
{ INTEGER<1,16> }:1 //Bind alarm profile 1
In global mode, you can use the command vdsl alarm-config to bind the VDSL port list
and the VDSL port of specified board, or the command vdsl alarm-config all to bind all
ports at one time.
MA5300(config)#vdsl alarm-config
{ all<K>|INTEGER<0,15>|Vdsl<K> }:all //Bind all ports of VDSL boards.
{ all<K>|INTEGER<0,15>|Vdsl<K> }:4 //Bind ports of the VDSL board in slot
4.
{ all<K>|INTEGER<0,15>|Vdsl<K> }:vdsl4/0/0
{ INTEGER<1,16>|to<K>|Vdsl<K> }:to
{ Vdsl<K> }:vdsl4/0/12 //Bind ports vdsl4/0/0 vdsl4/0/12.
{ INTEGER<1,16>|Vdsl<K> }:1 //Bind alarm profile 1.
In board mode, you can use the command no alarm-config to unbind a VDSL port, or
the command no alarm-config all to unbind all ports of a board at one time.
MA5300(config-board-vdsl4)#no alarm-config all //Unbind all ports of the VDSL
board in slot 4.
MA5300(config-board-vdsl4)#no alarm-config 0 //Unbind port 0 of the VDSL board
in slot 4.
In global mode, you can use the command no vdsl alarm-config to unbind the VDSL
port list or VDSL ports of a designated board, or the command no vdsl alarm-config
all to unbind all ports at one time.
MA5300(config)#no vdsl alarm-config //Unbind all VDSL board ports.
2-17
MA5300(config)#no vdsl alarm-config 4 //Unbind all ports of the VDSL board

in slot 4.
MA5300(config)#no vdsl alarm-config vdsl4/0/0 to vdsl 4/0/12 //Unbind ports
vdsl4/0/0 vdsl 4/0/12.
2.9.4 Activating/Deactivating a VDSL Port
An activated VDSL port can perform performance monitoring and statistics collection
for a line. Upon the occurrence of threshold crossing, it will inform the equipment of the
event, and send alarm to the log host and the NMS.
For specific settings, refer to 2.8.3 Activating/Deactivating a VDSL Port.
2.10 Setting VDSL Port Aggregation
Several Ethernet ports can be aggregated so that the input /output load can be
distributed among them.
The MA5300 supports up to six aggregated groups, one of which can have up to 4
Ethernet ports of the same rate. These member ports must be numbered successively
and the start port number needs to be smaller than the end port number. Aggregation of
ports at different slots is not supported.
I. Setting aggregation port parameters
Ports to be aggregated should have the same rate, and work in the duplex mode
simultaneously.
MA5300(config-if- Vdsl4/0/0)#duplex full
MA5300(config-if- Vdsl4/0/0)#speed 100
MA5300(config-if- Vdsl4/0/1)#duplex full
MA5300(config-if- Vdsl4/0/1)#speed 100
II. Setting port aggregation
Use the command link-aggregation to set the VDSL port aggregation, or the
command no link-aggregation to delete it.
MA5300(config)#link-aggregation vdsl4/0/0 to vdsl4/0/0 ingress-egress
III. Querying port aggregation information
Use the command show link-aggregation to view the aggregated ports related
information. The display may include the name of the master port, names of other
member ports, and working mode of the aggregated ports.
MA5300(config)#show link-aggregation vdsl4/0/0
Master port: Vdsl4/0/0
2-18
Other sub-ports:
Vdsl4/0/1
Mode: ingress
2.11 VDSL Remote Equipment Management
The MA5300 also features remote management of the VDSL equipment. Remote
management includes remote equipment binding, automatic upgrade of VDSL remote
equipment parameters, automatic upgrade of VDSL remote equipment patch.
2.11.1 Enabling/Disabling VDSL Remote Equipment Binding
I. Enabling/Disabling VDSL remote equipment binding
To enable the binding with the VDSL remote equipment, the system may assign IDs to
the MA5300 and the remote equipment respectively. As a result, the port can only work
with the bound remote equipment.
Replacemetn of the remote VDSL Modem, or mismatch of IDs between the MA5300
and the remote VDSL Modem will result in failure in port activation.
Use the command vdsl bind cpe to enable the binding of the MA5300 with the remote
equipment (VDSL Modem), or the command no vdsl bind cpe to disable the binding.
By default, no binding exist between the port and the user terminal.
Note:
When you use commands to enable a binding, the associated port should be activated (with exception of
the command vdsl bind cpe bind-id local).
When using the command vdsl bind cpe, which requires no parameter entering, you
should enter the randomly designated binding IDs in the MA5300 and the remote user
terminal.
MA5300(config-if-Vdsl4/0/0)#vdsl bind cpe
When using the command vdsl bind cpe bind-id, you should enter the designated
binding IDs in the MA5300 and the remote user terminal simultaneously to bind them.
MA5300(config-if-Vdsl4/0/0)#vdsl bind cpe 12
2-19
II. Viewing port binding information
Use the command show interface to see whether the remote user terminal is bound
and view the binding ID.
MA5300(config)#show interface vdsl4/0/23
In board mode, you can use the command port state to view the port binding
information.
MA5300(config-board-vdsl4)#show port state 23
In board mode, you can also use the command port cpe-info to view port binding
information.
MA5300(config-board-vdsl4)#show port cpe-info 23
2.11.2 Enabling/Disabling Automatic Upgrade of VDSL Remote Equipment
The MA5300 supports automatic upgrade of parameters and patch version of VDSL
remote equipment. After the automatic upgrade is enabled, programs can automatically
monitor the patch version and parameters of the VDSL remote Modem. If the patch
version is inconsistent with the version of the MA5300 or the parameters are not the
latest, the system will upgrade them. If the upgrade succeeds, the system will offer the
success message. Otherwise, it will offer the failure message.
If using the remote VDSL Modem certified by the MA5300, you do not have to upgrade
the parameters and patch version of the remote VDSL Modem. If using other remote
VDSL Modem not certified by the MA5300, you have to upgrade them. By default, the
automatic upgrade of the parameters and patch version of the user terminal equipment
is disabled.
I. Automatic upgrade of VDSL remote equipment paramters
Use the command vdsl auto-upgrade remote-parameter to enable the automatic

upgrade of the parameters of a remote device, or the command no vdsl auto-upgrade
remote-parameter to disable it.
In global mode, you can upgrade the parameters of remote equipment connected to
multiple ports:
MA5300(config)#vdsl auto-upgrade remote-parameter vdsl4/0/0 to vdsl4/0/23
In port mode, you can upgrade the parameters of a remote device connected to a port:
MA5300(config-if-Vdsl4/0/0)#vdsl auto-upgrade remote-parameter
2-20
II. Automatic upgrade of VDSL remote equipment patches
Use the command vdsl auto-upgrade remote-patch to enable the automatic upgrade
of the patches of remote equipment, or the command no vdsl auto-upgrade
remote-patch to disable it.
In global mode, you can upgrade the patches of a remote device connected to multiple
ports.
MA5300(config)#vdsl auto-upgrade remote-patch vdsl4/0/0 to vdsl4/0/23
In port mode, you can upgrade the patches of a remote device connected to a port.
MA5300(config-if-Vdsl4/0/0)#vdsl auto-upgrade remote-patch
2.12 Resetting the VDSL Port and Chipset
I. Resetting a VDSL port
When a fault occurs in a VDSL port, you can use the command port reset to reset the
port.
MA5300(config-board-vdsl4)#port reset 23
II. Resetting a VDSL chipset
When a fault occurs in a VDSL chipset, you can use the command chipset reset to
reset the VDSL chip.
MA5300(config-board-vdsl4)#chipset reset 1
2.13 Querying VDSL Port Information
I. Viewing VDSL port information
In board mode, you can use the command port state to view all information on a VDSL
port, or the command port state all to view the brief information on the port. In global
mode, you can use the command show vdsl port state to obtain the same information.
MA5300(config-board-vdsl4)#show port state 23
Vdsl4/0/23 is up
The VDSL link is active
Bind template No.1 LINE-PROFILE-1
Auto-duplex(Full), Auto-speed(100M), _VDSL_TX
Broadcast suppression ratio is 15%
PVID is 1
2-21
Priority is 0
Max mac-address learning count: 2
Bound with CPE of No.1647403999
Port mode: access
Untagged VLAN ID: 1
0 CRC errors
0 long frames
MA5300(config-board-vdsl4)#show port state all
Interface PortState LinkState Line-Profile Alarm-Profile
--------------------------------------------------------------------
Vdsl4/0/0 down Activating 1 1
Vdsl4/0/2 admin down Deactive 1 1
---- More (Press CTRL+C break) ---
In global mode, you can use the command show interface to view all information on a
port, which is the same as the information displayed using the command port state.
MA5300(config)#show interface vdsl4/0/23
Vdsl4/0/23 is down
The VDSL link is active
2-22
Bind template No.1 LINE-PROFILE-1

Auto-duplex, Auto-speed, _VDSL_TX
Broadcast suppression ratio is 15%
PVID is 1
Priority is 0
Bound with CPE of No.1647403999
Port mode: access
Untagged VLAN ID: 1
0 CRC errors
0 long frames
II. Viewing port line parameters
In board mode, you can use the command show line config to view the settings of a
port line profile.
In global mode, you can obtain the same information by using the command show vdsl
line config.
MA5300(config-board-vdsl4)#show line config 23
Interface Profile Name DownStream UpStream DownSnr UpSnr AutoTrain
Rate(Kbps) Rate(Kbps) Margin(dB) Margin(dB)
--------------------------------------------------------------------------
Vdsl4/0/23 LINE-PROFILE-1 12500 12500 6.0 6.0 enable
Use the command show line state to view the information on an activated port,
including the port state, upstream/downstream rate, upstream/downstream interleave
depth, office-end/remote-end transmit power, upstream/downstream SNR margin,
office-end/ remote-end mean square deviation, office-end/remote-end bit error count,
and deactivation count.
In global mode, you can obtain the same information by using the command show vdsl
line state.
MA5300(config-board-vdsl0)#show line state 0
vdsl link status : active
The actual down-stream rate(Kbps) : 12500
2-23
The actual up-stream rate(Kbps) : 12500

The down-stream interleave delay(us) : 1000
The up-stream interleave delay(us) : 1000
Rmote tx-power spectral density(dBm/Hz) : -81.610
Local tx-power spectral density(dBm/Hz) : -66.770
Remote SNR(dB) : 43.370
Local SNR(dB) : 34.020
Remote SNR Margin(dB) : 18.35
Local SNR Margin(dB) : 15.02
Remote MSE(dB) : 27.060
Local MSE(dB) : 24.110
Remote RS count : 0
Local RS count : 0
FailCount : 0 1
III. Querying port version
Use the command port version to query the version of a VDSL office-end/remote-end
Modem, including the hardware version, software version and patch version.
MA5300(config-board-vdsl4)#show port version 23
-----------Local--------------------Remote----------
Interface Hw Sw Patch Hw Sw Patch
--------------------------------------------------------------------
Vdsl4/0/23 0x81 0x2 0x0 0x32 0xb4 0x50
IV. Querying VDSL port statistics
1) Query VDSL port Ethernet statistics.

To show the Ethernet statistics of a VDSL port, use the command show statistics
frame.
MA5300(config-board-vdsl4)#show statistics frame 23
Vdsl4/0/23:
218 packets output
95048 bytes, 118 multicast, 0 broadcasts, 0 pause
100 packets input
50400 bytes, 0 multicast, 0 broadcasts, 0 pause
0 FCS errors
0 long frames
The Ethernet statistics in local vdsl link:
0 AlignmentErrors
0 SingleCollisionFrames
0 MultipleCollisionFrames
0 DeferredTransmissions
2-24
0 LateCollisionFrames
0 ExcessiveCollisionFrames
0 ReceiveErrors
0 CarrierErrors
0 TooLongErrors
0 SequenceErrors
0 TransmitOctets
1616 ReceiveOctets
0 ReceiveBroadcastFrames
0 ReceivePauseFrames
0 TransmitPauseFrames
0 TransmitFrames
4 ReceiveFrames
The Ethernet statistics in remote vdsl link:
0 AlignmentErrors
0 SingleCollisionFrames
0 MultipleCollisionFrames
0 DeferredTransmissions
0 LateCollisionFrames
0 ExcessiveCollisionFrames
0 ReceiveErrors
0 CarrierErrors
0 TooLongErrors
0 SequenceErrors
1616 TransmitOctets
0 ReceiveOctets
0 ReceiveBroadcastFrames
0 ReceivePauseFrames
0 TransmitPauseFrames
4 TransmitFrames
0 ReceiveFrames
2) Query VDSL port performance statistics.
Use the command show statistics performance to view the performance statistics of
a VDSL port, including performance statistics for last 15 minutes and last 24 hours, and
all performance statistics currently available.
MA5300(config-board-vdsl4)#show statistics performance 23 historic-15minutes
15
Interface Vdsl4/0/23:
<VTU-C>
performance lofs : 0
performance loss : 0
performance lprs : 0
2-25
performance ESs : 0
performance inits : 0
channel corrected blocks : 0
channel uncorrected blocks : 0
performance valid intervals : 96
performance invalid intervals : 0
channel performance valid intervals : 96
channel performance invalid intervals: 0
<VTU-R>
performance ESs : 0
performance valid intervals : 96
performance invalid intervals : 0
channel performance valid intervals : 96
channel performance invalid intervals: 0
2.14 Setting VDSL Port Out-line Test
Line test refers to the test of parameters and indexes in a VDSL line. The MA5300
allows you to perform VDSL out-line test by connecting meter with the test port on the
backplane. You can also perform internal line test, which aims at testing the internal line
of VDSL chipset, and external line test, which aims at testing the line from the office end
to the remote end.
Use the command meter-test to activate the port out-line test. Only one port can be
activated for the internal test or external test at a time. The internal line test activation is
only allowed for the first port of a board. However, the external line test activation is
allowed for every port.
After the test completes, you can use the command no meter to disable the port
out-line test. By default, the port out-line test is disabled.
MA5300(config-if-Vdsl4/0/0)#meter-test out-line
2.15 Setting VDSL Port Loopback
When a port is set with loopback, the Ethernet frames sent from the port will be sent
back. By comparing the transmitted frames with the received ones, you can determine
2-26
whether the link is normal. The MA5300 supports setting office-end/remote-end

loopback for a VDSL port.
In the case of office-end loopback, you only need to test the switch chips and the
office-end VDSL, without setting up any VDSL link. However, the office-end loopback
can be set only when the link is deactivated.
In the case of remote-end loopback, you have to test the whole link (including the
remote-end Modem), and set up a VDSL link. Meanwhile, the loopback be set only
when the link is activated.
Use the command loopback to set office-end/remote-end loopback for a VDSL port.
After a port is set with loopback, it is no longer able to forward data packets correctly. If
not properly isolated, this may cause multicast storm. Therefore, when the test
completes, you should disable the loopback immediately using the command no
loopback. By default, port loopback is disabled.
MA5300(config-if-Vdsl4/0/0)#loopback remote
The command loopback is just used to set loopback for a port. CPU alone cannot send
test frames. To enable the CPU to send test frames, it should coordinate with the ports
of the auxiliary equipment.
To perform port loopback test, do as follows:

1) Select a test port and connect it with the auxiliary equipment.
2) Set a VLAN containing the port test and the port to be tested (VDSL port) to protect
the normal service.
3) Set the VDSL port with loopback using the command loopback. In the case of
remote-end loopback, you are required to set up a VDSL link.
4) View and disable the port settings, such as STP (system test plan), which might
affect the port, and clear port statistics. In the case of remote-end loopback, you
are recommended to set the working mode of the VDSL port as full duplex, and its
rate as non-auto-negotiation.
5) Send a certain number of data packets at a rate lower than 10Mbits/s using the
auxiliary equipment.
6) Stop sending data packets and verify the number of received data packets. If the
number of the received packets equals that of the transmitted packets, the link is in
normal state.
7) Use the command no loopback to disable the port loopback setting.
2-27
SmartAX MA5300/5303 Broadband Access System Chapter 3 ADSL Port Configuration
Chapter 3 ADSL Port Configuration
3.1 Overview
The MA5300 delivers the ADSL access service. It supports 14 EADA boards. Each
EADA board provides 48 ADSL ports. Each frame offers access for 672 channels of
ADSL services. The EADA board can reside in any of the 14 service board slots in the
MA5300 frame.
You can set the ADSL port in ADSL port mode or the ADSL board mode.
z ADSL port mode
The ADSL port mode is for setting ADSL port on individual basis. You can enter the
desired ADSL port mode by running the command interface in global mode. The ADSL
port is numbered using the format of slot number/subslot number/port number. The slot
number ranges 0 6 and 9 15; the sub-slot number is 0; the port number ranges 0
47.
This example shows how to enter ADSL port mode for port 3/0/0.
MA5300(config)#interface adsl3/0/0
MA5300(config-if-Adsl3/0/0)#
z ADSL board mode
The ADSL board mode is for setting ADSL board on batch basis. You can enter the
desired ADSL board mode by running the command board-adsl in global mode.
For example, to enter the ADSL board mode for the board in slot 3:
MA5300(config)#board-adsl 3
MA5300(config-board-adsl3)#
The ADSL port supports eight priority levels and two forwarding queues. Distribution of
packets in the queues is based on their corresponding priority levels: packets assigned
with the priority levels 0 3 are sent to the low priority queue; packets assigned with the
priority levels 4 7 are sent to the high priority queue. By doing so, packets assigned
with different priority levels are treated with different QoS guarantees. The default port
priority level is 0.
Use the command priority to set the priority level of a port, or the command no priority
to restore the default setting.
3-1
MA5300(config-if-Adsl4/0/0)#priority 0
3.3 Setting Maximum Multicast Group Count of a Port
groups allowed to be added to a port, the system can effectively avoid malicious attacks.
By default, two multicast groups are supported.

the default setting, or the command show interface to verify the setting.
MA5300(config-if-Adsl4/0/0)#multicast max-group-count 2
Set max-group number of Adsl4/0/0 to:2 successfully.
3.4 Enabling/Disabling Port MAC Address Learning
The MA5300 is capable of limiting the address number involved in ADSL port address
learning so as to control the total number of users allowed to access it. You can
enable/disable the MAC address learning limitation, set the maximum number of MAC
addresses allowed to be learned, and view the port configuration.
I. Enabling port MAC address learning limitation
Use the command no mac-address-table max-mac-count no-limit to enable the

MAC address learning limitation. By default, the port MAC address learning limitation is
enabled.
Enabling MAC address learning limitation for all ports of specified ADSL board in global
mode:
MA5300(config)#no mac-address-table max-mac-count no-limit slot 4
Enabling MAC address learning limitation for a specified ADSL port in ADSL port mode:
MA5300(config-if-Adsl4/0/0)#no mac-address-table max-mac-count no-limit
II. Setting the maximum number of MAC addresses allowed to be learned
When the MAC address learning limitation is enabled, you can use the command
mac-address-table max-mac-count to set the number of MAC addresses allowed to
be learned, or the command no mac-address-table max-mac-count to restore the
default setting. The default value is 2.
You can configure the port table in global mode:

MA5300(config)#mac-address-table max-mac-count 2 adsl4/0/0 to adsl4/0/6
However, you can also configure an individual port in ADSL port mode:
3-2
MA5300(config-if-Adsl4/0/0)#mac-address-table max-mac-count 2
III. Viewing the port configuration
Use the command show interface to view the settings.

MA5300(config)#show interface adsl4/0/0
IV. Disabling port MAC address learning limitation
If you do not want to impose limitation on the ADSL port address learning, use the
command mac-address-table max-mac-count no-limit to disable MAC address
learning limitation for ports of a specified ADSL board or a specified port.
Disabling the MAC address learning limitation for all ports of the specified ADSL boards
in global mode:
MA5300(config)#mac-address-table max-mac-count no-limit slot 4
Disabling MAC address learning limitation for a specified ADSL port in ADSL port
mode:
MA5300(config-if-Adsl4/0/0)#mac-address-table max-mac-count no-limit
3.5 Setting ADSL Port PVC
3.5.1 PPPoA/IPoA Configuration
The MA5300 supports the PPPoA-to-PPPoE conversion and IPoA-to-IPoE conversion.

In the conversion process, the MA5300 replaces the ATM packet header with Ethernet
packet header. This involves the configuration of source/destination address for the
Ethernet packet header and SessionID areas.
I. View the global configuration of PPPoA/IPoA
Using the command show atm-terminated, you can view the configurations for
PPPoA/IPoA, including source MAC address and destination MAC address.
MA5300(config)#show atm-terminated
Source MAC Address : None
Destination MAC Address for PPPoA : None
Destination MAC Address for IPoA : None
II. Configure PPPoA/IPoA source MAC address
When setting up PPPoA or IPoA PVC connections, you need to configure the source
MAC addresses. To enable ADSL board to replace upstream PPPoA or IPoA packet's
ATM header with Ethernet header, you need to configure the source MAC address.
3-3
Using the command atm-terminated source-mac in global mode, you can configure
the source MAC address of PPPoA or IPoA packet:
MA5300(config)#atm-terminated source-mac 0000.1111.2222
III. Configure PPPoA/IPoA destination MAC address
When setting up PPPoA or IPoA PVC connections, you need to configure the
destination MAC addresses. To enable ADSL board to replace upstream PPPoA or
IPoA packet's ATM header with Ethernet header, you need to configure the destination
MAC address.
Using the command atm-terminated dest-mac in global mode, you can configure the
destination MAC address of PPPoA or IPoA packet:
MA5300(config)#atm-terminated dest-mac pppoa 0000.1111.2222
IV. Configure PPPoA SessionID area
When setting up PPPoA connection, you need to configure SessionID area for every
slot. To enable ADSL board to convert the upstream PPPoA packets into PPPoE
packets, you are required to assign a unique SessionID area for every slot.
Using the command show atm-terminated session-id, you can view the SessionID
areas of the system. The number of Session-id areas ranges from 1 to 16. Every area
contains 128 SessionIDs. The default settings are as follows:
MA5300(config)#show atm-terminated session-id
slot area start session-id end session-id
--------------------------------------------------------
0 1 2048 2175
1 2 2176 2303
2 3 2304 2431
3 4 2432 2559
4 5 2560 2687
5 6 2688 2815
6 7 2816 2943
9 8 2944 3071
10 9 3072 3199
11 10 3200 3327
12 11 3328 3455
13 12 3456 3583
14 13 3584 3711
15 14 3712 3839
--------------------------------------------------------
Free session-id area: 15 16
3-4
Using the command atm-terminated session-id in global mode, you can assign a new
SessionID area for every slot. You can adopt a null value for slot without PPPoA
connection.
MA5300(config)#atm-terminated session-id
{ INTEGER<0,15> }:0
{ INTEGER<1,16>|null<K> }:null
3.5.2 Configuring Single PVC on an ADSL
I. Setting VPI and VCI
In single-PVC mode, each ADSL port has a fixed Permanent Virtual Circuit (PVC),
which must be consistent with the remote Modem PVC in terms of VPI and VCI settings.
When Modem PVC properties change, you should also modify ADSL port properties.
By default, the VPI is 0 and VCI is 35.
1) Set VPI and VCI using the command adsl pvc.
In port mode:
MA5300(config-if-Adsl11/0/0)#adsl pvc vpi 0 vci 35
In global mode:
MA5300(config)#adsl pvc vpi 0 vci 35
2) Query the settings using the command show adsl line config or show line
config.
MA5300(config-if-Adsl11/0/0)#show adsl line config adsl11/0/0
MA5300(config-board-adsl11)#show line config 0
3) Restore the default VPI and VCI value using the command no adsl pvc.
In port mode:
MA5300(config-if-Adsl11/0/0)#no adsl pvc
In global mode:
MA5300(config)#no adsl pvc all
II. Setting packet type supported by an ADSL port
To set the packet type supported by an ADSL port, use the command adsl
connect-type. auto represents automatic packet identification and enables the ports to
transmit packets of all types; 1483b, pppoa-llc, pppoa-vcmux, or ipoa-llc means that
the ports can only transport packets of a specified type, and packets different from the
specified type will be discarded. The default setting is 1483b. In general circumstances,
auto is recommended.
In port mode:
MA5300(config-if-Adsl1/0/0)#adsl connect-type
3-5
{ 1483b<K>|pppoa-llc<K>|pppoa-vcmux<K>|ipoa-llc<K>|auto<K> }:auto
Failed! Not set dest mac address for ipoa!
In global mode:
MA5300(config)#adsl connect-type
{ 1483b<K>|pppoa-llc<K>|pppoa-vcmux<K>|ipoa-llc<K>|auto<K> }:auto
{ all<K>|INTEGER<0,15>|Adsl<K> }:all
Failed! Not set dest mac address for ipoa!
Caution:
z This command cannot function when a port is configured with multiple PVCs.
z When a port adopts such connection type as auto, pppoa-llc, pppoa-vcmux, or ipoa-llc, you need to
configure the destination MAC address for the PPPoA/IPoA packets and the SessionID domain for the
involved slot. For details, refer to 3.5.1 PPPoA/IPoA Configuration.
3.5.3 Configuring Multiple PVCs on an ADSL Port
You can create multiple PVCs on an ADSL port and configure PVCs to deliver
priority-based traffics. This is to enable traffic classification and packet prioritization on
that ADSL port.
Up to 8 PVCs can be established between an RTU and an ADSL board. The 8 PVCs
can support packets of various types, including PPPoEoA, IPoEoA, IPoA and PPPoA.
I. Enabling/Disabling the multi-PVC function on an ADSL port
By default, a port can only be configured with a single PVC. To enable a port to support
multiple PVCs, you need to use the command multipvc enable. After the multiple
PVCs function is enabled for a port, No. 1 PVC is the default one. It can be added and
deleted, but cannot be modified.
In port mode:
MA5300(config-if-Adsl3/0/0)#multipvc enable
In global mode:
MA5300(config)#multipvc enable
{ Adsl<K>|all<K>|INTEGER<0,15> }:adsl
{ <3-3> }:3/0/0
{ <cr>|to<K>|Adsl<K> }:
3-6
To disable the multi-PVC function, use the command multipvc disable. When the
multi-PVC function is disabled, the connection attribute settings will be copied to the
single PVC mode configuration.
In port mode:
MA5300(config-if-Adsl3/0/0)#multipvc disable
In global mode:
MA5300(config)#multipvc disable
{ Adsl<K>|all<K>|INTEGER<0,15> }:adsl
{ <3-3> }:3/0/0
After the configurations, you can use the command show multipvc to show global
configuration about the multi-PVC. The information displayed includes the source MAC
address, destination MAC address, and the ports on which the multi-PVC function is
enabled.
MA5300(config)#show multipvc
{ <cr>|config<K> }:
Source MAC Address : 00e0.fc20.3c00
Destination MAC Address for PPPoA : None
Destination MAC Address for IPoA : None
Enabled multi-pvc function port(s):
Adsl3/0/0
II. Adding PVCs on an ADSL port
Use the command show multipvc config to show the multi-PVC configuration about
the ADSL port.
When the multi-PVC function is enabled, the port has a default PVC, whose default
settings are shown in this example.
MA5300(config)#show multipvc config adsl 3/0/0
Adsl3/0/0:
Multi-Pvc mode: enable
PVC 1: enable
PVC connect type: 1483B
PVC : vpi is 0, vci is 35
CAR : ds-band is 255, us-band is 255
PVID : 1
Priority : 0
Support Down MultiCast Stream: enable
Support IGMP packet : enable
Output : 0 packets, 0 cells
3-7
Input : 0 packets, 0 cells

To CPU : 0 packets
PVC 2: disable
PVC 3: disable
PVC 4: disable
PVC 5: disable
PVC 6: disable
PVC 7: disable
PVC 8: disable
Each ADSL port supports up to 8 PVCs.
To add a PVC on an ADSL port, run the multipvc add command, as illustrated in this
example.
In port mode:
MA5300(config-if-Adsl3/0/0)#multipvc add
{ pvcindex<K> }:pvcindex
{ INTEGER<1,8> }:2
{ vpi<K> }:vpi
{ INTEGER<0,255> }:1
{ vci<K> }:vci
{ INTEGER<0,511> }:25
{ connect-type<K> }:connect-type
{ 1483b<K>|pppoa-llc<K>|pppoa-vcmux<K>|ipoa-llc<K>|auto<K> }:1483b
{ vlan<K> }:vlan
{ INTEGER<0,4000> }:2
In global mode:
MA5300(config)#multipvc add
{ all<K>|INTEGER<0,15>|Adsl<K> }:adsl
{ <3-3> }:3/0/0
{ pvcindex<K>|to<K>|Adsl<K> }:pvcindex
{ INTEGER<1,8> }:2
{ vpi<K> }:vpi
{ INTEGER<0,255> }:1
{ vci<K> }:vci
{ INTEGER<0,511> }:25
{ connect-type<K> }:connect-type
{ 1483b<K>|pppoa-llc<K>|pppoa-vcmux<K>|ipoa-llc<K>|auto<K> }:1483b
{ vlan<K> }:vlan
{ INTEGER<1,4000> }:2
These conditions should be met for executing the multipvc add command:
z The multi-PVC function should be enabled already.
3-8
z Since each ADSL port supports up to 8 PVCs, and each ADSL board supports up
to 128 PVCs, the total number of PVCs on all ports cannot exceed 128.
z Each PVC on an ADSL port should belong to a different VLAN, in other words,
multiple PVCs must not belong to the same VLAN.
z The VPI and VCI settings should be consistent with those of the remote Modem.
z To create PVCs whose connection type is AUTO, PPPoA or IPoA, you have to set
the destination MAC address of the PPPoA and IPoA, as well as the SessionID of
the associated slot. Otherwise, the system prompts the failure. For details, refer to
3.5.1 PPPoA/IPoA Configuration.
z The PVC with index as 1 is the default PVC. It exists automatically once the
multi-PVC function is enabled. You cannot add, delete or modify it.
III. Modify the multi-PVC configuration of an ADSL port
To modify the multi-PVC configuration of an ADSL port, use the command multipvc
modify.
This example modifies the VPI, VCI settings of PVC 2 on adsl3/0/0 in port mode.
MA5300(config-if-Adsl3/0/0)#multipvc modify
{ INTEGER<1,8> }:2
{ vpi<K>|connect-type<K>|vlan<K>|car<K>|priority<K>|support-down-mcast-str
eam<K>
|support-igmp-pkt<K> }:vpi
{ INTEGER<0,255> }:5
{ vci<K> }:vci
{ INTEGER<0,511> }:55
This example modifies the VPI, VCI settings of PVC 2 on adsl3/0/0 in global mode.
MA5300(config)#multipvc modify
{ <3-3> }:3/0/0
{ INTEGER<1,8> }:2
eam<K>
|support-igmp-pkt<K> }:vpi
{ INTEGER<0,255> }:5
{ vci<K> }:vci
{ INTEGER<0,511> }:55
IV. Delete a PVC on an ADSL port
To delete a PVC on an ADSL port, use the command multipvc delete. PVC 1 cannot
be deleted.
3-9
This example deletes PVC 2 on adsl3/0/0 in port mode.

MA5300(config-if-Adsl3/0/0)#multipvc delete
{ INTEGER<1,8> }:2
This example deletes PVC 2 on adsl3/0/0 in global mode.

MA5300(config-if-Adsl3/0/0)#multipvc delete
{ INTEGER<1,8> }:2
MA5300(config-if-Adsl3/0/0)#exit
MA5300(config)#multipvc delete
{ <3-3> }:3/0/0
{ INTEGER<1,8> }:2
V. Setting multicast support on a PVC
To set multicast support on a PVC of an ADSL port, use the command multipvc
modify. On an ADSL port, only one PVC is allowed to support multicast data downlink
transmission, and only one PVC is allowed to support transmission of IGMP packets.
In port mode:
MA5300(config-if-Adsl3/0/0)#multipvc modify
{ INTEGER<1,8> }:2
eam<K>
|support-igmp-pkt<K> }:support-down-mcast-stream
In global mode:
MA5300(config)#multipvc modify
{ <3-3> }:3/0/0
{ INTEGER<1,8> }:2
eam<K>
|support-igmp-pkt<K> }:support-down-mcast-stream
3.6 Setting ADSL Port CAR
To avoid data loss, the ADSL port is required to transmit data at the rate specified by the
EADA side. This rate is Committed Access Rate (CAR). By default, the
3-10
upstream/downstream rate of an ADSL port is limited to 255bit/s, and the granularity is

64kbit/s.
1) Set ADSL port upstream/downstream rate limit using the command adsl car.
MA5300(config-if-Adsl11/0/0)#adsl car ds-band 255 us-band 255
2) Query the settings using the command show adsl line config or the command
show line config.
MA5300(config-if-Adsl11/0/0)#show adsl line config adsl11/0/0
3) Restore the default settings using the command no adsl car.
MA5300(config-if-Adsl11/0/0)#no adsl car
3.7 Binding ADSL Port and IP Address
IP address binding means to bind an IP address with a port so that only user with this IP
address is allowed to log in. This helps you to avoid illegal use of the port, (thus)
improving the security of the equipment.
To enable the IP address binding of a port, use the command static-user in ADSL port
mode; to disable the IP address binding of the port, use the command no static-user in
ADSL port mode or global mode.
MA5300(config-if-Adsl1/0/0)#static-user 10.71.53.2
Use the command show to view the IP address binding information on a port:
MA5300#show static-user adsl 1/0/0
The static user info:
Adsl1/0/0 : 10.71.53.2
3.8 Setting an ADSL Line Profile
3.8.1 Blocking/Unblocking an ADSL Port
When operating in the deactive state, a port cannot transmit data and is not allowed to
be operated. If a port is unblocked, you need to run the no block command to unblock
it before you can activate it and set up service channels. After the port is unblocked, it is
still in the deactive state. It will not be in the active state until you run the activate
command to activate it.
By default, all ports of the MA5300 ADSL boards are in the deactive state without
additional unblocking operation.
Use the command (no) block to unblock/block an ADSL port (provided this command
is executable to all these ports). Next, you can use the command port state to view the
status of the ADSL port, which is supposed to be in the deactive state at the moment.
3-11
MA5300(config-board-adsl4)#no block all
Note:
An ADSL port can be in any of blocked state, activating state, active state, deactivating state, or deactive
state. You can use the command show interface state to view its current state. Figure 3-1 illustrates the
relations of these states.
no block activate
block deactivate
block
Figure 3-1 Status inter-conversion
3.8.2 Adding/Deleting/Modifying an ADSL Line Profile
The parameters of an ADSL line profile include upstream/downstream line rate,

upstream/downstream interleave depth, SNR margin, and so on. When a port is
activated, the system will negotiate with the office end and remote end to determine
whether the port can work normally under the above conditions. In practice, the settings
for all ports are similar. Therefore ADSL line profile is adopted for the MA5300. Once
the line profile is made available, it can be used to activate a port directly.
I. Adding an ADSL line profile
Use the adsl line-profile add to add an ADSL line profile.
Note:
The MA5300 system is designed with two ADSL line profiles. One of them is called LINE-PROFILE-1 and
used in the Fast channel mode; the other is called LINE-PROFILE-2 and used in interleave channel mode.
By default, the system adopts the LINE-PROFILE-1 profile for port activation.
Figure 3-2 shows the parameters involved in setting an ADSL line profile. In practice,
the system offers the interactive prompts which can help you to configure the ADSL line
profile easily.
3-12
Configuring an ADSL
line profile
Setting profile No.
N
Whether to perform basic setting
Setting ADSL working mode
Whether to use trellis coding
Whether to enable upstream channel bit swap
Whether to enable downstream

channel bit swap
Setting channel working mode

Fast
Interweave
Set interweave delay mode
Manual configuration
Auto configuration
Setting unit of interweave delay

m
s DM
T
N Whether to set Whether to set N
Setting
interweave delay interweave depth unit of
Y Y inter-
weave
Setting max. downstream Setting max. downstream
delay
interweave delay interweave depth
Setting max.upstream Setting max. upstream

interweave delay interweave depth
Whether to set MODEM noise N

margin
Y
Setting downstream target noise margin
Setting min. downstream target noise margin
Setting upstream target noise margin
Setting min. upstream target noise margin
N
Whether to set line rate
Setting min. downstream rate
Setting max. downstream rate
Setting min. upstream rate
Setting max. upstream rate
Adding profile successfully
Figure 3-2 Flow chart for ADSL line profile configuration
3-13
The procedure for port parameter configuration is as the follows:

1) Set ADSL configuration profile number.
MA5300(config)#adsl line-profile add 3
You can enter a profile number. or press <Enter> to enable the system to allocate a
profile number. As the profile number is unique, you can delete or modify an ADSL line
profile by its profile number.
2) Enable/Disable basic setting.
neglected.
> Will you set basic configuration for modem? (y/n)[n]:y
This option is used to prompt you whether to proceed with the basic setting. If not, enter
n; if yes, enter y. The system prompts you to:
3) Set ADSL working mode.
> ADSL operating mode:
> 0: All(G992.1, G992.2, T1.413)
> 1: Full rate(G992.1 or T1.413)
> 2: G992.2(g.lite)
> 3: T1.413
> 4: G992.1(g.dmt)
> 5: g.hs(G992.1 and G992.2, G992.1 is prior)
> Please select (0 5) [0]:0
This option is used to select the ADSL working mode. There are three ADSL working
modes available, which are in compliance with G992.1, G992.2 and T1.413
respectively. The frequency specified in G992.2 is just half of that specified in G992.1
and T1.413. The rate specified in G992.2 is 1536kbps downstream and 512kbps
upstream. The rate specified in G992.1 is the same as that in T1.413: 6144kbps
downstream, and 640kbps upstream.
The MA5300 equipment and the ATU-R (namely the ADSL Modem) should work in the
same mode. Otherwise, the connection between them cannot be established. As
ATU-R may adopt any of the three working modes, you are recommended to set the
MA5300 ADSL working mode with full compatibility. This is to enable the MA5300 to
support G992.1, G992.2 and T1.413 simultaneously.
The specific working mode is determined by the ATU-R. If you enter "0", the system will
prompt you to:
4) Enable/Disable trellis coding.
> Trellis coding 1-enable 2-disable (1 2) [1]:1
This option allows you to enable or disable trellis coding. The trellis coding is an
algorithm, which helps to improve Signal-to-Noise Ratio (SNR) and the ADSL
3-14
connection stability. The trellis coding is usually enabled. You can enter "1" to enable
trellis coding. Next, the system will prompt you to:
5) Enable/Disable upstream channel bit swap.
> Upstream channel bit swap 1-enable 2-disable (1 2) [2]:2
This option is used to enable or disable the upstream channel bit swap.
When an ADSL channel change, the signal-to-noise ratio (SNR) of some sub-carriers
may deteriorate, resulting in failures in bearing the allocated bits. The bit swap function
can swap the allocated bits from one sub-carrier to another sub-carrier to avoid
possible disconnection due to the variation in characteristics of twisted pair channel.
Note:
To enable the bit swap function, supports from both the EADA board and the ATU-R are needed. This
function is disabled by default since it is not supported by the EADA board.
6) Enable/Disable downstream channel bit swap.

> Downstream channel bit swap 1-enable 2-disable (1 2) [2]:2
This option allows you to enable or disable downstream channel bit swap. For more
details, refer to above relevant description.
7) Enable/Disable channel working mode selection.
> Will you set channel mode? (y/n)[n]:y
The option is used to prompt you whether to set the channel working mode. If not, the
system will adopt the default mode. If yes, the system will prompt you to:
8) Select channel working mode.
> Please select channel mode 0-interleaved 1-fast (0 1) [1]:0
This option allows you to set the channel working mode. There are two channel modes
available: the interleave mode and the fast working mode. The fast working mode is the
default channel mode. Compared with the fast working mode, the interleave mode is
characterized by stable ADSL connection, and longer transmission delay. For common
Internet access service, the interleave mode is recommended. For services which are
delay sensitive, such as Voice On Demand (VOD), the fast mode is recommended.
You can press <0> to select the interleave mode, or <1> to select the fast working mode.
If you press <0>, the system will prompt you whether to:
9) Set interleave depth.
Will you set interleave depth? (y/n) [n]: Y
This option is used to prompt you whether to set the interleave depth. The interleave
depth is deeply related to the stability of ADSL connection and transmission delay: the
3-15
larger the interleave depth, the higher the ADSL connection stability, and the longer the
transmission delay.
If you select "Y" to set the interleave depth, the system will prompt you to:
10) Set the maximum downstream interleave depth.
Maximum downstream interleaved depth 2,4,8,16,32,64,128 DMT (2 128) [64]:64
This option is used to prompt you to select the maximum downstream interleave depth.
The available options are 2, 4, 8, 16, 32, 64 and 128. The larger the interleave depth,
the higher the ADSL connection stability, and the longer the transmission delay. The
depth of 64 is recommended.
11) Set the maximum upstream interleave depth.
Maximum upstream interleaved depth 2,4,8,16,32,64,128 DMT (2 128) [64]:64
This option allows you to set the maximum upstream interleave depth. The depth of 64
is recommended. For detailed setting process, refer to the above descriptions.
12) Set whether to set the noise margin for Modem.
Will you set noise margin for modem? (y/n) [n]: Y
This option determines whether to set noise margin for Modem. The noise margin
refers to the tolerable additional noise which does not lead to the deteriorating of
current line rate and Bit Error Rate (BER). The noise margin is divided into the target
noise margin and the minimum noise margin.
The Modems noise margin is proportional to the ADSL connection stability. The larger
the Modem noise margin, the higher the connection stability. Modem noise margin is
inversely proportional to the line rate. The larger the Modem noise margin, the lower
the line rate. The default value is recommended.
To skip the setting, select "N". If you select "Y" to set the noise margin of Modem, and
the system will prompt you to:
13) Set the minimum downstream noise margin.
> Minimum noise margin in downstream (0 15 dB) [0]:0
This option allows you to set the minimum downstream noise margin. In the process of
setting up ADSL connection, if the calculated target noise margin of an ADSL
connection is lower than the set minimum noise margin, the ADSL port can not be
activated.
It is recommended that you set the minimum noise margin to 0. If you enter 0, the
system will prompt you to:
14) Set the maximum downstream noise margin.
> Maximal noise margin in downstream (0 31 dB) [31]:31
This option allows you to set the maximum downstream noise margin. In the process of
setting up ADSL connection, if the calculated target noise margin of an ADSL
3-16
connection is higher than the set maximum noise margin, the system will limit the
downstream maximum noise margin to the set value.
It is recommended that you set the maximum downstream noise margin to 31dB. If you
enter "31", the system will prompt you to:
15) Set downstream target noise margin.
Target noise margin in downstream (0 15 dB) [12]: 12
This option allows you to set the target downstream noise margin. The target noise
margin is the preserved noise margin to ensure normal communication in the case of
line noise deterioration. The larger the target noise margin, the higher the chance of
occurrence of the line error, and the safer the system may be. Conversely, the larger
the target nose margin, the smaller the traffic, and the lower the data transmission rate.
Therefore, the target noise margin should be adjusted based on the actual line
conditions. For high-quality lines, you can set the target noise margin to a lower value to
ensure higher line rate. While for poor-quality lines, you can set the target noise margin
with a larger value to ensure higher line stability.
The target noise margin determines the ADSL connections and line rate. A downstream
target noise margin of 12dB is recommended.
If you enter 12, the system will prompt you to:

16) Set the minimum upstream noise margin.
> Minimum noise margin in upstream (0 15 dB) [0]:
This option allows you to set the minimum upstream noise margin. The setting process
involved in similar to section 13).
When the the setting process completes, the system will prompt you to:
17) Set the maximum upstream noise margin.
> Maximal noise margin in upstream (0 31 dB) [31]:
This option allows you to set the maximum upstream noise margin. The setting process
involved is similar to section 14).
When the the setting process completes, the system will prompt you to:
18) Set upstream target noise margin.
> Target noise margin in upstream (0 15 dB) [12]:
This option allows you to set the upstream target noise margin. The setting process
involved is similar to section 15).
When the the setting process completes, the system will prompt you whether to:
19) Set the bit rate parameters.
> Will you set parameters for rate? (y/n)[n]:y
3-17
This option allows you to determine whether to modify ADSL line rate parameters. The
rate setting is deeply related to the stability of ADSL connection. To skip the setting,
enter "N". If you enter Y to modify the rate parameters, the system will prompt you to:
20) Set the minimum downstream bit rate.
> If you want the fixed rate, set the Minimum value equal to Maximum value.
> Minimum bit rate in downstream (32 8160 Kbps) [32]:32
The system will prompt if you want a fixed rate, set the minimum value equal to the
maximum value. You are recommended to neglect such a suggestion, because if the
minimum value is equal to the maximum value and the rate is set too high to be
unachievable, it will result in ADSL connection failure.
This option allows you to set the minimum downstream bit rate. In the process of setting
up ADSL connection, if the calculated downstream rate is lower than the set minimum
downstream bit rate, the ADSL port can not be activated. It is recommended that you
set the downstream minimum bit rate at 32Kbps.
If you enter "32", the system will prompt you to:

21) Set the maximum downstream bit rate.
> Maximum bit rate in downstream (32 8160 Kbps) [6144]:6144
This option allows you to set the maximum downstream bit rate. In the process of
setting up ADSL connection, if the line is in good condition, and the calculated
downstream rate of an ADSL line is lower than the set maximum value, the bit rate will
be limited to the set value. Meanwhile, the downstream noise margin will increase.
If the line is in poor condition, and the calculated downstream bit rate is lower than the
set maximum bit rate, the system will set up the ADSL connection at the calculated bit
rate, while maintaining the target downstream noise margin.
To ensure ADSL connection stability, you are recommended to set the maximum
downstream rate at 6144Kbps. If you enter 6144, the system will prompt you to:
22) Set the minimum upstream bit rate.
> Minimum bit rate in upstream (32 896 Kbps) [32]:32
This option allows you to set the minimum upstream bit rate. In the process of setting up
ADSL connection, the port will not be activated if the calculated upstream rate is
smaller than the set minimum bit rate. It is recommended that you set the minimum
upstream rate at 32kbps. If you enter 32, the system will prompt:
23) Set the maximum upstream bit rate.
> Maximum bit rate in upstream (32 896 Kbps) [640]:640
This option allows you to set the maximum bit rate in upstream. In the process of setting
up ADSL connection, if the line is in good conditions, and the calculated upstream rate
of an ADSL line is more than the maximum value set, the bit rate will be limited to the
set value. Meanwhile, the upstream noise margin will increase.
3-18
If the line is in poor condition, and the upstream calculated bit rate is lower than the set
maximum bit rate, the system will set up the ADSL connection at the calculated bit rate,
while maintaining the upstream target noise margin. To ensure ADSL connection
stability, you are recommended to set the maximum upstream rate at 640Kbps.
After you enter 640, when the above settings are successful, the system will prompt
you with the message indicating the success of setting:
The profile number, which is 2 in this example, is also included in the message. You can
quote or delete a profile by its number.
II. Deleting an ADSL line profile
To delete a specified ADSL line profile, use the command adsl line-profile delete.
Note:
The default ADSL line profile (numbered 1 or 2) cannot be deleted.
MA5300(config)#adsl line-profile delete 3

The adsl line config profile will be deleted.
Are you sure?[Y/N]y
The adsl line config profile 3 has been removed successfully.
III. Modifying an ADSL line profile
To modify a specified ADSL line profile, use the command adsl line-profile modify.
The detailed procedures involved are similar to those of setting an ADSL line profile.
MA5300(config)#adsl line-profile modify 3
Start modifing profile 3.
neglected.
> 0: All(G992.1, G992.2, T1.413)
> 1: Full rate(G992.1 or T1.413)
> 2: G992.2(g.lite)
> 3: T1.413
> 4: G992.1(g.dmt)
3-19
> Please select (0 5) [0]:

> Trellis coding 1-enable 2-disable (1 2) [1]:
> Upstream channel bit swap 1-enable 2-disable (1 2) [2]:
> Downstream channel bit swap 1-enable 2-disable (1 2) [2]:
> Please select channel mode 0-interleaved 1-fast (0 1) [1]:
> Will you set noise margin for modem? (y/n)[n]:y
> Minimum noise margin in downstream (0 15 dB) [0]:
> Maximal noise margin in downstream (0 31 dB) [31]:
> Target noise margin in downstream(0 15 dB) [12]:
> Minimum noise margin in upstream (0 15 dB) [0]:
> Maximal noise margin in upstream (0 31 dB) [31]:
> Target noise margin in upstream (0 15 dB) [12]:
> Minimum bit rate in downstream (32 8160 Kbps) [32]:
> Maximum bit rate in downstream (32 8160 Kbps) [6144]:
> Minimum bit rate in upstream (32 896 Kbps) [32]:
> Maximum bit rate in upstream (32 896 Kbps) [640]:
Attention: To effect the modification will disconnect the ADSL interface
which use
this profile for a few seconds!
It will take effect after ADSL interface deactive and active again!
When the profile configuration completes, the system will ask you if you want to
validate the profile configurations immediately. If yes, the system will interrupt all ADSL
ports using this profile for several minutes; if not, you can validate it by deactivating the
The default profiles numbered 1 and 2 cannot be modified.
IV. Quering an ADSL configuration profile
To show a specified ADSL line profile, use the command show adsl line-profile. This
example shows the default ADSL line profile.
MA5300(config)#show adsl line-profile 1
Following are all items of the ADSL Line-Profile 1:

Line-Profile name : LINE-PROFILE-1
atuc rate mode : ADSL_RATEMODE_ADAPTATSTARTUP
atuc rate channel ratio(%) : 100
3-20
atuc target SNR Margin(dB) : 12

atuc max SNR Margin(dB) : 31
atuc min SNR Margin(dB) : 0
atuc downshift SNR Margin(dB) : 0
atuc upshift SNR Margin(dB) : 0
atuc min upshift time(s) : 0
atuc min downshift time(s) : 0
atuc channel fast min tx-rate(Kbps) : 32
atuc channel fast max tx-rate(Kbps) : 6144
atuc down bit swap mode : disable
atuc up bit swap mode : disable
atuc trellions mode : enable
atuc transmission mode : all
atuc channel mode : FAST
atur rate mode : ADSL_RATEMODE_ADAPTATSTARTUP
atur rate channel ratio(%) : 100
atur target SNR Margin(dB) : 12
atur max SNR Margin(dB) : 31
atur min SNR Margin(dB) : 0
atur downshift SNR Margin(dB) : 0
atur upshift SNR Margin(dB) : 0
atur min upshift time(s) : 0
atur min downshift time(s) : 0
atur channel fast min tx-rate(Kbps) : 32
atur channel fast max tx-rate(Kbps) : 640
Note:
The line profile shown in this example is the default one.
3.8.3 Activating/Deactivating an ADSL Port
An ADSL port should be activated to implement data transmitting. Activation refers to

the training between the ATU-C and the ATU-R. During the training process, the line
distance and line status will be checked based on parameters included in the line profile,
such as the upstream and downstream line rates, noise margin. The ATU-C negotiates
with the ATU-R to confirm whether the MA5300 can work normally under the
aforementioned conditions. If the training succeeds, the ATU-C can communicate with
the ATU-R and get ready for transmission. It is in port activation status now.
3-21
For an online Customer Premises Equipment (CPE), the activation process ends upon
the completion of the training. When the CPE gets offline, the communication
terminates, and the ATU-C is in listening state. Once the CPE gets online, the training
process begins automatically. When the training succeeds, the port is activated.
In board mode, you can use the command activate to activate an ADSL port, or the
entered, the system will activate the port using the profile which is bound with the port
last time.
MA5300(config-board-adsl11)#activate
{ all<K>|INTEGER<0,47> }:all //Activate all ports in the ADSL board in
slot 11.
MA5300(config-board-adsl11)#activate
{ all<K>|INTEGER<0,47> }:0 //Activate the number 0 port in the ADSL
board in Slot 1.
In global mode, you can use the command adsl activate to activate ADSL ports in a
specified board, or the command adsl activate all to activate all boards at one time.
MA5300(config)#adsl activate
{ all<K>|INTEGER<0,15>|Adsl<K> }: all //Activate ADSL ports in an board.
{ all<K>|INTEGER<0,15>|Adsl<K> }:11 //Activate all ADSL ports in the board
in slot 4.
{ all<K>|INTEGER<0,15>|Adsl<K> }:adsl11/0/0
{ <cr>|to<K>|Adsl<K>|INTEGER<1,16> }:to
{ Adsl<K> }:adsl11/0/2 //Activate ports adsl11/0/0 adsl11/0/2.
{ <cr>|Adsl<K>|INTEGER<1,16> }:1 //Bind the line profile 1.
In board mode, you can use the command deactivate to deactivate an ADSL port, or
the command deactivate all to deactivate all ports in the board at one time.
MA5300(config-board-adsl4)#deactivate all //Deactivate all ADSL ports in the
board in slot 4
MA5300(config-board-adsl4)#deactivate 0 //Deactivate the number 0 ADSL port
in the board in slot 4.
In global mode, you can use the command adsl deactivate to deactivate the ADSL
port list and ADSL ports of a specified board, or the command adsl deactivate all to
3-22
MA5300(config)#adsl deactivate all //Deactivate all ports in all boards

MA5300(config)#adsl deactivate 4 //Deactivate all ADSL ports in the board
in slot 4
MA5300(config)#adsl deactivate adsl4/0/0 to adsl 4/0/12 //Deactivate port
adsl4/0/0 adsl 4/0/12
When an ADSL port is deactivated, the communication between ATU-R and ATU-C
terminates. To enable service transmission, you should re-activate the port first.
3.9 Setting an ADSL Alarm profile
3.9.1 Blocking/Unblocking an ADSL Port
For more details, refer to 3.8.1 Blocking/Unblocking an ADSL Port.
3.9.2 Adding/Deleting/Modifying an ADSL Alarm profile
The ADSL alarm profile is used to set alarm thresholds, count and supervise the
performances of an active ADSL line. Once threshold crossing occurs, the MA5300 will
inform the equipment of the event, and send alarms to the log host and the NMS. In
practice, as most of the ports share the same settings, the ADSL alarm profile is
provided in the MA5300 system. When the profile is set successfully, it can be used to
activate a port directly.
I. Adding an ADSL alarm profile
Use the command adsl alarm-profile add to add an ADSL alarm profile.
Note:
The MA5300 is designed with an ADSL alarm profile. It is named as ALARM-PROFILE-1, and numbered 1.
By default, the system uses this profile for port activation.
To add an ADSL alarm profile, you need to set the downstream/upstream alarm

1) Set ADSL line profile index.
MA5300(config)#adsl alarm-profile add 2
3-23
number for it. As the profile number is unique, all ADSL alarm profiles are deleted and
modified by their respective number.
2) Enable/Disable downstream line alarm threshold parameter setting.
neglected.
> Will you set threshold for modem at near end of line? (y/n)[n]:y y
You can select n to disable downstream line alarm threshold setting and turn to 13).
of downstream frame second loss will result in alarm reporting. By far, you are not
required to set this parameter as setting for it is disabled.
4) Set the threshold for number of loss of signal seconds within 15 minutes in the
of downstream signal second loss will result in alarm reporting.
5) Set the threshold for number of loss of link seconds within 15 minutes in the
> [atuc thresh-15-min-lols] The number of loss of link seconds within any given
of downstream link second loss will result in alarm reporting. By far, you are not
required to set this parameter as such setting is disabled.
6) Set the threshold for number of loss of power seconds within 15 minutes at the
office end.
of office-end power second loss will result in alarm reporting. By far, you are not
required to set this parameter as this setting is disabled
7) Set the threshold for loss of errored seconds within 15 minutes in the downstream
direction.
3-24
of downstream errored second loss will result in alarm reporting
8) Set the threshold for downstream fast-channel rate increase.
> [atuc thresh-fast-rate-up] The threshold for fast channels, if the difference
between the current Tx rate and the previous Tx rate larger than it (0 8160
Kbps) [0]:
Within any given 15-minute performance data collection period, the crossing of the
threshold for downstream fast-channel line rate increase will result in alarm reporting.
By far, you are not required to set this parameter as this setting is disabled.
9) Set the threshold for downstream fast-channel rate decrease.
> [atuc thresh-fast-rate-down] The threshold for fast channels, if the
difference between the current Tx rate and the previous Tx rate litter than
it (0 8160 Kbps) [0]:
Within any given 15-minute performance data collection period, the crossing of the
threshold for downstream fast-channel line rate decrease will result in alarm reporting.
By far, you are not required to set this parameter as this setting is disabled.
10) Set the threshold for downstream interleave-channel rate increase.
> [atuc thresh-interleave-rate-up] The threshold for interleave channels, if
the difference between the current Tx rate and the previous Tx rate larger than
it (0 8160 Kbps) [0]:

11) Set the threshold for downstream interleave-channel line rate decrease.
> [atuc thresh-interleave-rate-down] The threshold for interleave channels,
if the difference between the current Tx rate and the previous Tx rate litter
than it (0 8160 Kbps) [0]:

2-disable (1 2) [2]:
You can set it as enable to enable the line initialization failure reporting.
13) Enable/Disable upstream alarm threshold parameter.
You can select n to disable the upstream alarm profile configuration and turn to 22). If
you select y to enable this setting, the system will prompt you to:
upstream direction.
3-25

15) Set the threshold for number of loss of signal seconds within 15 minutes in the
upstream direction.

16) Set the threshold for number of loss of power seconds within 15 minutes at the
remote end.

upstream direction.

18) Set the threshold for upstream fast-channel rate increase.
> [atur thresh-fast-rate-up] The threshold for fast channels, if the difference
Kbps) [0]:

19) Set the threshold for upstream fast-channel rate decrease.
> [atur thresh-fast-rate-down] The threshold for fast channels, if the
it (0 8160 Kbps) [0]:

20) Set the threshold for upstream interleave-channel rate increase
> [atur thresh-interleave-rate-up] The threshold for interleave channels, if
it (0 8160 Kbps) [0]:

21) Set the threshold for upstream interleave-channel rate decrease.
> [atur thresh-interleave-rate-down] The threshold for interleave channels,
than it (0 8160 Kbps) [0]:
3-26
After all the above settings are completed, the system will prompt you about the
success in adding an ADSL alarm profile:
By far, the MA5300 allows you to set the upstream/downstream signal second loss
threshold, upstream/downstream errored second threshold and initialization failure
reporting.
II. Deleting an ADSL alarm profile
To delete a specified ADSL alarm profile, use the command adsl alarm-profile delete.
Note:
The default ADSL alarm profile (numbered 1) cannot be deleted.
MA5300(config)#adsl alarm-profile delete 2

The adsl alarm profile will be deleted.
Are you sure?[Y/N]y
The adsl alarm config profile 2 has been removed successfully.
III. Modifying an ADSL alarm profile
To modify a specified ADSL alarm profile, use the command adsl alarm-profile modify.
The procedure involved is similar to that of setting an ADSL alarm profile.
MA5300(config)#adsl alarm-profile modify 3
neglected.
> [atuc thresh-15-min-lols] The number of loss of link seconds within any given
3-27
> [atuc thresh-fast-rate-up] The threshold for fast channels, if the difference
Kbps) [0]:
> [atuc thresh-fast-rate-down] The threshold for fast channels, if the
it (0 8160 Kbps) [0]:
> [atuc thresh-interleave-rate-up] The threshold for interleave channels, if
thedifference between the current Tx rate and the previous Tx rate larger than
it (0 8160 Kbps) [0]:
> [atuc thresh-interleave-rate-down] The threshold for interleave channels,
than it (0 8160 Kbps) [0]:
2-disable (1 2) [2]:
> [atur thresh-15-min-loss]The number of loss of signal seconds within any
> [atur thresh-fast-rate-up] The threshold for fast channels, if the difference
Kbps) [0]:
> [atur thresh-fast-rate-down] The threshold for fast channels, if the
difference between the current Tx rate and the previous Tx rate littler than
it (0 8160 Kbps) [0]:
> [atur thresh-interleave-rate-up] The threshold for interleave channels, if
it (0 8160 Kbps) [0]:
> [atur thresh-interleave-rate-down] The threshold for interleave channels,
if the difference between the current Tx rate and the previous Tx rate littler
than it (0 8160 Kbps) [0]:
Attention: To effect the modification will disconnect the ADSL interface
which use this profile for a few seconds!
It will take effect after ADSL interface deactive and active again!
Upon the completion of profile modification, the system will prompt you whether to
validate the profile modification immediately. If yes, the system will interrupt all ADSL
3-28
IV. Querying ADSL alarm profile information
To query a specified ADSL alarm profile, use the command show adsl alarm-profile.
This example shows the default ADSL alarm profile.
MA5300(config)#show adsl alarm-profile 1
Following are all items of the ADSL Alarm-Profile 1:

Alarm-Profile name : ALARM-PROFILE-1
atuc thresh-15-min-lofs(s) : 0
atuc thresh-15-min-loss(s) : 0
atuc thresh-15-min-lols(s) : 0
atuc thresh-15-min-lprs(s) : 0
atuc thresh-15-min-ess(s) : 0
atuc thresh-fast-rate-up(Kbps) : 0
atuc thresh-interleave-rate-up(Kbps): 0
atuc thresh-fast-rate-down(Kbps) : 0
atuc thresh-interleave-rate-down(Kbps): 0
atuc init failure trap : disable
atur thresh-15-min-lofs(s) : 0
atur thresh-15-min-loss(s) : 0
atur thresh-15-min-lprs(s) : 0
atur thresh-15-min-ess(s) : 0
atur thresh-fast-rate-up(Kbps) : 0
atur thresh-interleave-rate-up(Kbps): 0
atur thresh-fast-rate-down(Kbps) : 0
atur thresh-interleave-rate-down(Kbps): 0
3.9.3 Binding an ADSL Alarm profile
After setting an ADSL line profile, you should bind an alarm profile with an ADSL port.
By default, the port is bound with alarm profile 1.
1) In board mode, you can use the command alarm-config to bind an alarm profile
with an ADSL port, or the command alarm-config all to complete the alarm profile
binding at one time.
MA5300(config-board-adsl4)#alarm-config all 1 //Bind alarm profile 1 with
all interfaces of the ADSL board in slot 4.
MA5300(config-board-adsl4)#alarm-config 0 1 //Bind alarm profile 1 with
port 0 of the ADSL board in slot 4.
3-29
2) In global mode, you can use the command adsl alarm-config to bind the ADSL
port list and the ADSL port of specified board or the command adsl alarm-config
all to bind all ports at one time.
MA5300(config)#adsl alarm-config all 1 //Bind alarm profile 1 with all ports
of ADSL boards.
MA5300(config)#adsl alarm-config 4 1 //Bind alarm profile 1 with all ports
of the ADSL board in slot 4.
MA5300(config)#adsl alarm-config adsl4/0/0 to adsl4/0/12 1 //Bind alarm
profile 1 with adsl4/0/0 adsl4/0/12.
3) In board mode, you can use the command no alarm-config to unbind an ADSL
port, or the command no alarm-config all to unbind all ports at one time.
MA5300(config-board-adsl4)#no alarm-config all //Unbind all ports of the ADSL
board in slot 4.
MA5300(config-board-adsl4)#no alarm-config 0 //Unbind port 0 of the ADSL board
in slot 4.
4) In global mode, you can use the command no adsl alarm-config to unbind the
ADSL port list or ADSL ports of designated board, or the command no adsl
alarm-config all to unbind all ports at one time.
MA5300(config)#no adsl alarm-config //Unbind all ADSL board ports.
MA5300(config)#no adsl alarm-config 4 //Unbind all ports of the ADSL board
in slot 4.
MA5300(config)#no adsl alarm-config adsl4/0/0 to adsl 4/0/12 //Unbind ports
adsl4/0/0 adsl 4/0/12
3.9.4 Activating/Deactivating an ADSL Port
If an ADSL port is already in the active state before being bound with a profile, upon the
completion of binding, the profile is valid without reactivation of the port. If an ADSL port
is in the deactive state before being bound with a profile, the profile will not be valid
upon the completion of binding until the port is reactivated.
An activated ADSL port can perform performance monitoring and collect statistics for a
line. Upon the occurrence of threshold crossing, it will inform the equipment of the fault
and send an alarm to the log host and the NMS.
For detailed description about the configuration, refer to 3.8.3 Activating/Deactivating

an ADSL Port.
3.10 Resetting ADSL Chipset
In the event of a fault in the ADSL port, you can use the command chipset reset to
reset the ADSL chipset.
MA5300(config-board-adsl4)#chipset reset 1
3-30
3.11 Querying ADSL Port Information
I. Viewing ADSL port information
In board mode, you can use the command port state to view all information on an
ADSL port, or the command port state all to view the brief information on the port. In
global mode, you can use the command show adsl port state to obtain the same
information.
MA5300(config-board-adsl11)#show port state 23
Adsl11/0/23 is down
The ADSL link is activating
Bind Line-profile No.1 LINE-PROFILE-1
Bind alarm-profile No.1 ALARM-PROFILE-1
Hardware is Ethernet over ATM over ADSL, Hardware address is 00e0.fc00.0009
Encapsulation type is 1483B
Line coding type is DMT
Local-Tx-Rate 0 Kbps, Remote-Tx-Rate 0 Kbps, _ADSL_TX
PVC: vpi is 0, vci is 35
CAR: ds-band is 255, us-band is 255
PVID is 1
Priority is 0
Port mode: access
Untagged VLAN ID: 1
Output: 0 packets, 0 cells
Input: 0 packets, 0 cells
To CPU: 0 packets
Discard: 0 packets
MA5300(config-board-adsl11)#show port state all
Interface PortState LinkState Line-Profile Alarm-Profile
--------------------------------------------------------------------
Adsl11/0/0 down Activating 1 1
3-31

port, which is the same as the information available when using the command port
state.
MA5300(config)#show interface adsl11/0/23
Adsl11/0/23 is down
The ADSL link is activating
Hardware is Ethernet over ATM over ADSL, Hardware address is 00e0.fc00.0009
Encapsulation type is 1483B
Line coding type is DMT
Local-Tx-Rate 0 Kbps, Remote-Tx-Rate 0 Kbps, _ADSL_TX
PVID is 1
Priority is 0
Port mode: access
Untagged VLAN ID: 1
To CPU: 0 packets
Discard: 0 packets
II. Viewing line parameters of a port
Use the command show line config to view the line settings of a port.
3-32
interface Line- Alarm- ---Pvc--- -----Car----- CodingType LineType

Profile Profile vpi vci dsBand usBand
--------------------------------------------------------------------
Adsl11/0/23 1 1 0 35 255 255 DMT FAST
Use the command show line state to view information about an activated port,
including the port state, upstream/downstream rate, upstream/downstream interleave
depth, office-end/remote-end transmit power, upstream/downstream SNR margin,
office-end/ remote-end mean square deviation, office-end/remote-end bit error count,
and deactivation count.
MA5300(config-board-adsl11)#show line state 23
Interface Adsl11/0/23
Current Link Status : active
Atuc
Current Snr Margin(dB) : 24
Current Chan Attenuation(dB) : 0
Current Output Power(dBm) : 10
Current Attainable Rate(Kbps) : 9408
Current Transmission Mode : G.DMT
Channel Interleave Delay(ms) : 0
Channel Current tx-Rate(Kbps) : 6144
Channel Previous tx-Rate(Kbps) : 0
Channel Crc-block Length : 0
Atur
Current Snr Margin(dB) : 21
Current Chan Attenuation(dB) : 4
Current Output Power(dBm) : 10
Current Attainable Rate(Kbps) : 992
Channel Interleave Delay(ms) : 0
Channel Current tx-Rate(Kbps) : 640
Channel Previous tx-Rate(Kbps) : 0
Channel Crc-block Length : 0
III. Querying port office-end/remote-end information
Use the command show inventory to view information about ADSL

office-end/remote-end Modem, including the vendor serial number, vendor ID and
vendor version.
MA5300(config-board-adsl11)#show inventory atu-r 23
--------------Atuc-------------------------Atur------------
interface Vendor Vendor Version Vendor Vendor Version
SerialNumber ID Number SerialNumber ID Number
3-33
--------------------------------------------------------------------
Adsl11/0/23 TSTC 4 0 -
IV. Querying ADSL port statistics
Use the command show statistics to view the performance statistics for an ADSL port,
including performance statistics for last 15 minutes and last 24 hours, and all
performance statistics currently available.
MA5300(config-board-adsl11)#show statistics performance 23
historic-15minutes 15
Interface Adsl11/0/23:
<ATU-C>
IntervalNumber : 15
IntervalValidData : INVALID
performance ESs : 0
performance lols : 0
channel IntervalNumber : 15
channel IntervalValidData : INVALID
channel received blocks : 0
channel transmitted blocks : 0
<ATU-R>
IntervalNumber : 15
IntervalValidData : INVALID
performance ESs : 0
performance lols : 0
channel IntervalNumber : 15
channel IntervalValidData : INVALID
channel received blocks : 0
channel transmitted blocks : 0
3-34
3.12 Setting ADSL Port Out-line Test
The MA5300 allows you to perform port out-line test by connecting a meter with the test
port on the backplane. Y ou can also perform internal line test and external line test.
The internal line test tests the internal line of ADSL chipset; and the external line test
tests the line from the office-end to the remote end.
Use the command meter-test to activate the port out-line test. Only one port can be
activated for internal test or external test at a time. The internal line test activation is
only allowed for the first port of a board. However, the external line test activation is
allowed for every port. After the completion of a test, you can use the command no
meter to disable the port out-line test. By default, the port out-line test is disabled.
MA5300(config-if-Adsl4/0/0)#meter-test out-line
3.13 Setting ADSL Port Loopback
back. By comparing the transmitted frames with the received ones, you can determine
whether the link is normal. The MA5300 supports office-end loopback for an ADSL port.
When performing office-end test, you only need to test the switch chips and the
office-end ADSL without setting up any ADSL link. Meanwhile, the office-end loopback
can be set only when the link is deactivated.
Use the command loopback to set office-end loopback for an ADSL port. After a port is
set with loopback, it is no longer able to forward data packets correctly. If not properly
isolated, it may cause multicast storm. Therefore, upon the completion of test, you
should disable the loopback immediately using the command no loopback. By default,
port loopback is disabled.
MA5300(config-if-Adsl11/0/0)#loopback local
The command loopback is just used to set loopback for a port. To enable the CPU to
send test frames, you need the port of an auxiliary equipment to send test frames.
To set loopback for a port:

z Select a test port and connect it with the auxiliary equipment.
z Set a VLAN containing the test port and the port to be tested (ADSL port) to protect
the normal service.
z Set the ADSL port with loopback using the command loopback.
z View and undo port configurations that might affect the port, such as STP (system
test plan), and clear port statistics.
z Send a certain number of data packets at a rate lower than 10Mbits/s using an
auxiliary equipment.
3-35
z Stop sending data packets and verify the number of received data packets. If the
normal state.
z Use the command no loopback to disable the port loopback setting.
3-36
SmartAX MA5300/5303 Broadband Access System Chapter 4 ADSL2+ Port Configuration
Chapter 4 ADSL2+ Port Configuration
Commands used for ADSL2+ port configuration are almost the same as those used for
basic ADSL configuration. For details about general ADSL2+ port configuration
commands, refer to the chapter ADSL Port Configuration, which will no longer be
detailed in the following sections.
4.3 ADSL2+ Port Configuration Commands" introduces a few ADSL2+ port

configuration commands that differ from basic ADSL configuration commands.
The operations involved in configuring ADSL2+ port are roughly the same as those for
basic ADSL port configuration. Therefore, this chapter will only focus on the differences
between these two types of configuration.
In the configuration, note that the EADA board supports the basic ADSL attributes,
while the EADB board supports ADSL2+ attributes.
4.1 ADSL2+ Line Configuration Profile
The configuration items of an ADSL line configuration profile can be considered as a

subset of ADSL2+ line configuration profile. Compared with the basic ADSL line
configuration profile, the ADSL2+ line configuration profile contains the following
additional items.
z Rate downshift in downstream (adslAtucConfDownshiftSnrMgn).
z Rate upshift in downstream (adslAtucConfUpshiftSnrMgn).
z Minimum time of rate upshift in downstream (adslAtucConfMinUpshiftTime).
z Minimum time of rate downshift in downstream (adslAtucConfMinUpshiftTime).
z Rate downshift in upstream (adslAturConfDownshiftSnrMgn).
z Rate upshift in upstream (adslAturConfUpshiftSnrMgn).
z Minimum time of rate upshift in upstream (adslAturConfMinUpshiftTime).
z Minimum time of rate downshift in upstream (adslAturConfMinDownshiftTime).
z ADSL line physical configuration item (adslConfProfileLineType).
The number of an ADSL2+ line configuration profile ranges 3 100. The default value
is 100.
This table lists the configuration items of the default ADSL2+ line configuration profile
(namely ADSL2+ line configuration profile 100).
4-1
Table 4-1 Settings of the default ADSL2+ line configuration profile
Profile No. 100

Working mode (Operating mode) 0: all
Trellis coding 1: enabled(1)
Upstream channel bit swap 1: enbled(1)
Downstream channel bit swap 1: enbled(1)
Channel mode 1: interleavedOnly (1)
Maximum downstream interleave delay 4ms
Maximum upstream interleave delay 16ms
Minimum downstream SNR margin 0
Maximum downstream SNR margin 31
Target downstream SNR margin 6
Rate downshift in downstream 0
Rate upshift in downstream 0
Minimum time of rate upshift in downstream 0
Minimum time of rate downshift in downstream 0
Minimum upstream SNR margin 0
Maximum upstream SNR margin 31
Target upstream SNR margin 6
Rate downshift in upstream 0
Rate upshift in upstream 0
Minimum time of rate upshift in upstream 0
Minimum time of rate downshift in upstream 0
Adapt mode in downstream 1: Auto adaptation at startup
Adapt mode in upstream 1: Auto adaptation at startup
Minimum downstream rate 32 Kbps
Maximum downstream rate 24544 Kbps
Minimum upstream rate 32 Kbps
Maximum upstream rate 1024 Kbps
This table lists the configuration items of an ADSL2+ line configuration profile in the
interactive configuration.
4-2
Table 4-2 Configuration items of an ADSL2+ line configuration profile in the interactive configuration
1:adsl(default)
Add a profile type
2: adsl2+
The following lists the configuration items
The following lists the values for the configuration items of the
for the selected ADSL2+ line configuration
selected ADSL2+ line configuration profile.
profile.
Profile index 3 99
0: All(G992.1,G992.2,G992.3,G992.4,G992.5,T1.413) ( default)
1: Full rate(G992.1,G992.3,G992.5 or T1.413)
2: G992.2(g.lite) G992.4(g.lite.bis)
3: T1.413
4: G992.1(g.dmt) G992.3(g.dmt.bis) G992.5
Working mode 5: g.hs(G992.5,G992.3,G992.1,G992.4,G992.2,G992.5 is prior)
6: G992.1
7: G992.2
8: G992.3
9: G992.4
10: G992.5
1: enabled(1) enabled(default)
Trellis coding
2: disabled(2) disabled
Upstream channel bit swap
Downstream channel bit swap
1: interleavedOnly (1) (default)
2: fastOnly(2)
Channel mode 3: fastAndInterleaved (3)
4: fastOrInterleaved(4)
5: noChannel (5)
Downstream rate channel ratio (0 100,0-fast,100-interleaved) default[100]
Upstream rate channel ratio (0 100,0-fast,100-interleaved) default[100]
y: Indicates to set interleave delay.
Will you set interleave delay? (y/n) [n]:y
n: Indicates not to set interleave delay.
You need to set this parameter when the channel mode is
Maximum downstream interleave delay
interleavedOnly. ms(0-255) default [4]
4-3
You need to set this parameter when the channel mode is

Maximum upstream interleave delay
interleavedOnly. ms(0-255) default[16]
Will you set noise margin for modem? y: indicates to set the noise margin for modem.
(y/n)[n]:y n: indicates not to set the noise margin for modem.
Maximum downstream SNR margin (0 15 dB) default[0]
Maximum downstream SNR margin (0 31 dB) default[31]
Target downstream SNR margin (0 15 dB) default[6]
Rate downshift in downstream (0 31dB)[0]
Rate upshift in downstream (0 31dB)[0]
Minimum time of rate upshift in
(0 16383)[0]
downstream
Minimum time of rate downshift in
(0 16383)[0]
downstream
Minimum upstream SNR margin (0 15 dB) default[0]
Maximum upstream SNR margin (0 31 dB) default[31]
Target upstream SNR margin (0 15 dB) default[12]
Rate downshift in upstream (0 31dB)[0]
Rate upshift in upstream (0 31dB)[0]
Minimum time of rate upshift in
(0 16383)[0]
upstream
Minimum time of rate downshift in
(0 16383)[0]
upstream
Will you set parameters for rate? To adopt a fixed value for the rate, you set the maximum rate
(y/n)[n]:y equal to the minimum rate.
Adapt mode in downstream (0-fixed 1-adaptAtStartup 2-daptAtRuntime)[1]
Adapt mode in upstream (0-fixed 1-adaptAtStartup 2-daptAtRuntime)[1]
Minimum downstream rate (32 28800Kbps) default[32]
Maximum downstream rate (32 28800 Kbps) default[24544]
Minimum upstream rate (32 1560 Kbps) default[32]
Maximum upstream rate (32 1560 Kbps) default[1024]
The following items are for the selected channel mode. For
example, if you select fast channel mode, you only need to set
Remark fast channel rate. If you select fast and (or) interleave channel
modes, you will have to set all of the eight parameters listed
below.
Minimum fast channel downstream rate (32 28800Kbps) default[32]
Minimum interleave channel
(32 28800Kbps) default[32]
downstream rate
4-4
Maximum fast channel downstream

(32 28800 Kbps) default[24544]
rate
Maximum interleave channel
(32 28800 Kbps) default[24544]
downstream rate
Minimum fast channel upstream rate (32 1560 Kbps) default[32]
Minimum interleave channel upstream
(32 1560 Kbps) default[32]
rate
Maximum fast channel upstream rate (32 1560 Kbps) default[1024]
Maximum interleave channel upstream
(32 1560 Kbps) default[1024]
rate
This example shows how to configure ADSL2+ line configuration profile 5.

During input,press 'CTRL+C' to quit,then settings at this time are neglected.
> please choose the type of template 0-ADSL 1-ADSL2+ (0~1)[0]: 1
> 0: All(G992.1,G992.2,G992.3,G992.4,G992.5,T1.413)
> 1: Full rate(G992.1,G992.3,G992.5 or T1.413)
> 2: G992.2(g.lite) G992.4(g.lite.bis)
> 3: T1.413
> 4: G992.1(g.dmt) G992.3(g.dmt.bis) G992.5
> 5: g.hs(G992.5,G992.3,G992.1,G992.4,G992.2,G992.5 is prior)
> 6: G992.1
> 7: G992.2
> 8: G992.3
> 9: G992.4
> 10: G992.5
> Please select (0~10) [0]: 0
> Trellis coding 1-enable 2-disable (1~2) [1]:
> Upstream channel bit swap 1-enable 2-disable (1~2) [2]:
> Downstream channel bit swap 1-enable 2-disable (1~2) [2]:
> Please select channel mode 0-interleaved 1-fast 2-fastOrInterleaved (0~2)
[0]:
1
> Will you set rate adapt mode ? (y/n)[n]:y
> Adapt mode in downstream 1-fixed 2-adaptAtStartup 3-adaptAtRuntime(1~3)[2]:
> Adapt mode in upstream 1-fixed 2-adaptAtStartup 3-adaptAtRuntime (1~3)[2]:
4-5

> Minimum noise margin in downstream (0~15 dB) [0]:
> Maximal noise margin in downstream (0~31 dB) [31]:
> Target noise margin in downstream(0~15 dB) [6]:
> Minimum noise margin in upstream (0~15 dB) [0]:
> Maximal noise margin in upstream (0~31 dB) [31]:
> Target noise margin in upstream (0~15 dB) [6]:
> Minimum bit rate in downstream (32~28800 Kbps) [32]:
> Maximum bit rate in downstream (32~28800 Kbps) [24544]:
> Minimum bit rate in upstream (32~1560 Kbps) [32]:
> Maximum bit rate in upstream (32~1560 Kbps) [1024]:
4.2 ADSL2+ Alarm profile
The configuration items of ADSL alarm profile can be considered as a subset of

ADSL2+ alarm profile.
Compared with the ADSL alarm profile, the ADSL2+ alarm profile contains these
additional items:
z ATUC retrain failure count threshold
z ATUC serious errored second threshold
z ATUC unusable second threshold
z ATUR serious errored second threshold
z ATUR unusable second threshold
This table lists the configuration items of an ADSL2+ alarm profile in interactive mode.
Table 4-3 Configuration items of an ADSL2+ alarm profile in interactive mode
Profile name A character string, ranging 1 32.

Atuc-15min-lofs-threshold(second) Ranges 0 900.
ATUC 15-minute loss-of-frame second (default) 0: Indicates that no alarm will be
threshold generated.
Atuc-15min-loss-threshold(second) Ranges 0 900.
ATUC 15-minute loss-of-signal second (default) 0: Indicates that no alarm will be
Atuc-15min-lprs-threshold(second) Ranges 0 900.
ATUC 15-minute power-off second (default) 0: Indicates that no alarm will be
4-6
Ranges 0 900.
Atuc-15min-Ess-threshold(second)
(default) 0: Indicates that no alarm will be
ATUC 15-minute errored second threshold
generated.
Ranges 0 900.
Atuc-15min-lols-threshold(second)
ATUC 15-minute link loss second threshold
generated.
Ranges 0 900.
Atuc-15min-FailedFastR-threshold(second) The attribute is not support by ADSL, but supported

by ADSL2+.
ATUC retrain failure count threshold
generated.
Ranges 0 900.
The attribute is not support by ADSL, but supported
ATUC serious errored second threshold by ADSL2+.
generated.
Ranges 0 900.
Atuc-15min-UasL-threshold(second) The attribute is not support by ADSL, but supported

by ADSL2+.
ATUC unusable second threshold
generated.
Enable: No alarm will be generated.
Atuc-Init-InitFailure-Trap-Enable
Disable: No alarm will be generated.
ATUC initiate failure alarm enabled/disabled
(default) Disable
Atur-15min-lofs-threshold(second) Ranges 0 900.
ATUR 15-minute loss-of-frame second (default) 0: Indicates that no alarm will be
Atur-15min-loss-threshold(second) Ranges 0 900.
ATUR 15-minute loss-of-signal second (default) 0: Indicates that no alarm will be
Atur-15min-lprs-threshold(second) Ranges 0 900.
ATUR 15-minute power-off second (default) 0: Indicates that no alarm will be
Ranges 0 900.
Atur-15min-Ess-threshold(second)
ATUR 15-minute errored second threshold
generated.
Ranges 0 900.
Atur-15min-lols-threshold(second)
ATUR 15-minute link loss second threshold
generated.
4-7
Ranges 0 900.
Atur-15min-SesL-threshold(second) The attribute is not support by ADSL, but supported

by ADSL2+.
ATUR serious errored second threshold
generated.
Ranges 0 900.
Atur-15min-UasL-threshold (second) The attribute is not support by ADSL, but supported

by ADSL2+.
ATUR unusable second threshold
generated.
4.3 ADSL2+ Port Configuration Commands
This section only describes commands which are different from those used for
configuring ADSL port. For information about the common commands, refer to Chapter
3, ADSL Port Configuration.
Configure CAR for ADSL2+ Port:
By running the command adsl car ds-band ds-band-value us-band us-band-value in

ADSL2+ port mode, you can set the upstream/downstream rate limit for an ADSL2+
port. Parameter ds-band-value and us-band-value ranges from 0 to 450, differing from
the relevant value ranges of ADSL port.
To set the downstream/upstream rate limit for an ADSL port, use the command adsl
car.
MA5300(config-if-Adsl11/0/0)#adsl car ds-band 300 us-band 450
Upon the completion of configuration, you can use the command show adsl line
config or show line config to view the configurations.
MA5300(config-if-Adsl11/0/0)# show adsl line config adsl11/0/0
To restore the default settings, use the command no adsl car.

MA5300(config-if-Adsl11/0/0)#no adsl car
4-8
SmartAX MA5300/5303 Broadband Access System Chapter 5 SHDSL Port Configuration
Chapter 5 SHDSL Port Configuration
5.1 Overview
The MA5300 supports Single-pair High-speed Digital Subscriber Line (SHDSL) service.
An MA5300 frame is inserted with 14 ESHA boards. Each ESHA board offers
24-channel SHDSL ports. This means a total of 336-channel SHDSL ports in a frame.
ESHA board can be inserted in any of the 14 slots in the MA5300 frame.
You can configure SHDSL port in both SHDSL port mode and SHDSL board mode:
z SHDSL port mode
SHDSL port mode is intended for configuring SHDSL port on individual basis. To enter
SHDSL port mode, use the command interface in the global mode.
An SHDSL port is numbered in the format of slot number/subslot number/port number.

The slot number ranges 0 6 and 9 15, the subslot number is invariably 0, the port
number ranges 0 23.
This example shows how to enter the SHDSL port 5/0/0 mode.
MA5300(config)#interface shdsl 5/0/0
MA5300(config-if-Shdsl5/0/0)#
z SHDSL board mode
SHDSL board mode is intended for configuring the ports of an SHDSL board on batch
basis. To enter SHDSL board mode, use the command board-shdsl in global
configuration.
This example shows how to enter the board mode for SHDSL board in slot 3.
MA5300(config)#board-shdsl 3
MA5300(config-board-shdsl3)#
5.2 Setting Port Priority Levels
An SHDSL port can be assigned with any of 8 priority levels, and allocated to one of 2
forward queues based on the assigned priority level. Packets falling within levels 0 3
are allocated to the queue of lower priority, while packets falling within levels 4 7 are
assigned to the queue of higher level. In this way, packets of different priority are
treated with different QoS. By default, the priority level of a port is 0.
To set the priority level of a port, use the command priority.
To restore the default setting, use the command no priority.
5-1
MA5300(config-if-Shdsl9/0/2)#priority 0
5.3 Setting Maximum Multicast Group Count
The MA5300 supports 255 multicast groups. By limiting the number of multicast groups
allowed for a port, the system can protect the port from malicious attacks. By default, a
port is allowed to join up to two multicast groups.
To set the maximum number of multicast groups allowed for a port, use the command
multicast max-group-count; to restore the default setting, use the command no
multicast max-group-count. Upon the completion of the setting, you can run the
show interface to view the setting.
MA5300(config-if-Shdsl9/0/2)#multicast max-group-count 3
Set max-group number of Shdsl9/0/2 to:3 successfully.
5.4 Enabling/Disabling MAC Address Learning
The MA5300 limits the number of addresses an SHDSL port is allowed to learn so as to
limit the number of subscribers allowed to access the port. The MA5300 allows you to
disable a ports MAC address learning, set the number of MAC address allowed to be
learned, and view the settings of a pot.
1) Disable a ports MAC address learning.
To disable a ports MAC address learning, use the command mac-address-table
mac-learning disable; to enable a ports MAC address learning, use the command no
mac-address-table mac-learning disable. By default, a ports MAC address learning
is enabled.
MA5300(config-if-Shdsl9/0/2)#mac-address-table mac-learning disable
MA5300(config-if-Shdsl9/0/2)#show interface shdsl 9/0/2
Shdsl9/0/2 is administratively down
The SHDSL link is defective
Hardware is Ethernet over ATM over SHDSL, Hardware address is 00e0.fc00.0009
Last UP time: 0000-00-00 00:00:00.0
Last DOWN time: 0000-00-00 00:00:00.0
Line coding type is TC-PAM
PVID is 1
Priority is 0
Mac-address learning status is disable
5-2
Port mode: access

Untagged VLAN ID: 1
To CPU: 0 packets
Discard: 0 packets
MA5300(config-if-Shdsl9/0/2)#no mac-address-table mac-learning disable

Last UP time: 0000-00-00 00:00:00.0
Last DOWN time: 0000-00-00 00:00:00.0
PVID is 1
Priority is 0
Port mode: access
Untagged VLAN ID: 1
To CPU: 0 packets
Discard: 0 packets
2) Set the number of MAC addresses allowed to be learned.
To set the number of MAC addresses allowed to be learned by a port, use the
command mac-address-table max-mac-count; to restore the default setting, use the
command no mac-address-table max-mac-count. By default, a port is allowed to
learn two MAC addresses.
In global mode, you can perform settings for multiple ports.

MA5300(config)#mac-address-table max-mac-count 5 shdsl9/0/0 to shdsl9/0/6
In SHDSL port mode, you can only perform settings for a single port.
MA5300(config-if-Shdsl9/0/2)#mac-address-table max-mac-count 6
3) View a ports settings.
5-3
After the port configuration is completed, you can use the command show interface to
verify the setting.
Last UP time: 0000-00-00 00:00:00.0
Last DOWN time: 0000-00-00 00:00:00.0
PVID is 1
Priority is 0
Port mode: access
Untagged VLAN ID: 1
To CPU: 0 packets
Discard: 0 packets
5.5 Setting SHDSL Port PVC
Each SHDSL port has a fixed Permanent Virtual Circuit (PVC), which must be
consistent with the PVC of remote Modem in terms of Virtual Path Identifier (VPI) and
Virtual Channel Identifier (VCI) settings. When Modem PVC properties change, you
should also modify SHDSL port properties accordingly. By default, the VPI is 0 and VCI
is 35.
This example shows how to set VPI and VCI using the command shdsl pvc.
MA5300(config-if-Shdsl9/0/2)#shdsl pvc vpi 0 vci 39
In global mode:
MA5300(config)#shdsl pvc vpi 0 vci 39 shdsl 9/0/2
This example shows how to view the settings using the command show shdsl port
state after the setting completes.
In global mode:
MA5300(config)#show shdsl port state shdsl 9/0/2
5-4
{ <cr>|to<K>|Shdsl<K> }:
interface Line- Alarm- --Pvc-- --Car-- enable blocked loopback power-
Profile Profile vpi/vci up/down type backoff
-------------------------------------------------------------------
Shdsl9/0/2 1 1 0/39 36/36 No No No enhanced
This example shows how to restore the default values of VPI and VCI using the
command no shdsl pvc:
In port mode:
MA5300(config-if-Shdsl9/0/2)#no shdsl pvc
In global mode:
MA5300(config)#no shdsl pvc shdsl 9/0/2
5.6 Setting SHDSL Port CAR
To avoid data loss, it is required that a port transmit data at a specified rate. This rate is
referred to as Committed Access Rate (CAR). By default, SHDSL ports
upstream/downstream is limited to 255 at the step of 64kbit/s.
1) Set an SHDSL ports upstream/downstream rate limit using the command shdsl
car.
MA5300(config-if-Shdsl9/0/2)#shdsl car ds-band 10 us-band 35
2) View the settings using the command show interface or show shdsl port state.
Last UP time: 0000-00-00 00:00:00.0
Last DOWN time: 0000-00-00 00:00:00.0
PVID is 1
Priority is 0
Port mode: access
Untagged VLAN ID: 1
5-5

To CPU: 0 packets
Discard: 0 packets
Or:
-------------------------------------------------------------------
3) Restore the default setting using the command no shdsl car.

MA5300(config-if-Shdsl9/0/2)#no shdsl car
Profile Profile
vpi/vci up/down type backoff
-------------------------------------------------------------------
5.7 Setting Binding between SHDSL Port & IP Address
IP address binding is intended to bind an IP address with a port so that only user with
this IP address is allowed to log in. This practice can avoid illegal use of the port, and
boosts the system security.
To enable the IP address binding of a port, use the command static-user in SHDSL
port mode; to disable the IP address binding of the port, use the command no
static-user in SHDSL port mode or global mode.
MA5300(config-if-Shdsl9/0/2)#static-user 10.11.53.9
Use the command show to view the IP address binding of a port.

MA5300#show static-user shdsl 9/0/2
The static user info:
Shdsl9/0/2 : 10.11.53.9
5-6
5.8 Setting an SHDSL Line Profile
5.8.1 Blocking/Unblocking an SHDSL Port
When operating in the deactive state, a port cannot transmit data, and is not allowed to
be operated. To operate the port, you need to unblock the port first. After the port is
unblocked, it is still in the deactive state. It will not be in the active state until you run the
activate command to activate it.
If a port is in blocked state, you need to unblock it first before you can activate it and set
up service connection. By default, the MA5300 SHDSL ports work in deactive state
without being unblocked.
Use the command (no) block to unblock/block an SHDSL port. To block/unblock all
ports of a board, use the command (no) block all. Next, you can use the command
show interface to view the status of the SHDSL port, which is supposed to be in the
deactive state at the moment.
Note:
An SHDSL port can be in any of blocked state, activating state, active state, deactivating state, or deactive
state. You can use the command show interface to view its current state. Figure 5-1 illustrates the
relations of these states.
no block activate
block deactivate
block
Figure 5-1 Status inter-conversion
MA5300(config-board-shdsl9)#no block all
5.8.2 Adding/Deleting/Modifying an SHDSL Line Profile
To activate an SHDSL line, the system should have a group of parameters for local
Modem training. Such a group of parameters is called configuration profile. The system
is designed with a configuration profile table, which consists of multiple configuration
profile. You can add a line profile as required. By default, the configuration profile table
contains a profile established with empirical data.
5-7
Each SHDSL line is associated with a specific channel mode, and is bound with a
configuration profile. A configuration table can accommodate up to 16 configuration
profiles. You can activate a port by referencing a profile so that the activated port is
configured with desirable parameters. The default profile is numbered as 1.
I. Adding an SHDSL line profile
You can use the command shdsl line-profile add to add an SHDSL line profile.
Note:
The MA5300 system is designed with an ADSL line profile. It is called LINE-PROFILE-1, and numbered 1.
By default, the system adopts the LINE-PROFILE-1 profile for port activation.
To configure an SHDSL profile involves the setting of multiple parameters. The system
can prompt the user in an interactive manner. This helps you to finish the configuration
easily and conveniently.
The following part details how to configure a port profile configuration.

1) Set SHDSL line profile number.
MA5300(config)#shdsl line-profile add 3
You can enter a profile number or press <Enter> to enable the system to allocate a
profile number. As the profile number is unique, you can delete or modify a VDSL line
profile by its profile number. The profile number ranges 2 16.
2) Set whether to use the data of default profile.
neglected.
> Do you use the default data to create a line profile?(y/n)[y]:y
This option prompts you whether to adopt the parameters of the default profile to create
an SHDSL line profile. You can press N to create a line profile with new parameters, or
press Y or <Enter> to accept the systems suggestion, namely adopting the default
line profile to create a new SHDSL line profile. In this case, the system will skip steps
below to Step 13, and prompt that add profile 3 successfully.
Note: to proceed with the steps below, you need to press N in Step 2.
3) Set G.SHDSL minimum line rate.
> G.SHDSL minimum line rate:(192 2304 kbps)[2048]:
You can enter an integer falling within 192 2304, or press <Enter> to adopt the default
value 2048 kbps for the parameter.
5-8
4) Set G.SHDSL maximum line rate.

> G.SHDSL maximum line rate:(192 2304 kbps)[2048]:
You can enter an integer falling within 192 2304, or press <Enter> to adopt the default
value 2048 kbps for parameter.
5) Set power spectral density mode.
>Power Spectral Density mode (1--symmetric 2--asymmetric)[1]:
You can enter 1 or press <Enter> to select symmetric as the PSD mode, or enter 2
as asymmetric as the PSD mode.
6) Set transmission mode.
>Transmission mode
(1--G.991.2 Annex A 2--G.991.2 Annex B 3--support Annex A&B)[2]:
According to ITU-T Recommendations, there are two types of SHDSL transmission

modes: ITU-T G.991.2 Annex A and ITU-T G.991.2 Annex B.
If you input 1, it means that the selected transmission mode complies with G.991.2
Annex A.
If you input 2, it means that the selected transmission mode complies with G.991.2
Annex B.
If you input 3, it means that the selected transmission mode complies with both
G.992.1 Annex A and G.991.2 Annex.
7) Enable/disable remote management.
>Remote enable (1--enabled 2--disabled)[1]:
You can input 1 to enable it or 2 to disable it.

8) Set whether to set the target SNR margin
>Do you config the target SNR margin?(y/n)[n]:y
This option prompts you whether to set the target SNR margin. You can enter n or
press <Enter> to cancel the setting by adopting the default value, or enter y to
proceed with Steps 9, 10, 11 and 12.
9) Set downstream target SNR margin.
>Downstream current target SNR margin(0 10 dB)[0]:
Enter the desired downstream target SNR margin, which ranges 0 10 dB. If you press
<Enter> to select 0dB, the system will prompt the following information after you
pressing <Enter>:
Do you want to use it?(y/n)[y]:
You can press n to invalidate the input so that you can enter a new one, or y (or
pressing <Enter>) to acknowledge the input.
10) Set downstream worst case target SNR margin.
>Downstream worst case target SNR margin(0 10 dB)[0]:
5-9
Enter the desired downstream worst case target SNR margin, which ranges 0 10 dB.
You can press <Enter> to select 0dB. After you press <Enter>, the system prompts:
11) Set upstream target SNR margin.
>Upstream current target SNR margin(0 10 dB)[0]:
Enter the desired upstream current target SNR margin, which ranges 0 10 dB. You
can also press <Enter> to select 0dB. After you press <Enter>, the system prompts:
12) Set upstream worst case target SNR margin.
>Upstream worst case target SNR margin(0 10 dB)[0]:
Enter the desired upstream worst case target SNR margin, which ranges 0 10 dB.
You can also press <Enter> to select 0dB. After you press <Enter>, the system
prompts:
pressing <Enter>) to acknowledge the input
When the new line profile is added successfully with the above settings, the system
prompts:
II. Deleting an SHDSL line profile
To delete a designated SHDSL profile, use the command shdsl line-profile delete.
Note:
The default SHDSL line profile (numbered 1) cannot be deleted.
MA5300(config)#shdsl line-profile delete 2

SHDSL line profile 2 will be deleted
Are you sure?[y/n][n]y
Delete profile 2 successfully.
5-10
III. Modifying an SHDSL line profile
To modify a specified SHDSL line profile, use the command shdsl line-profile modify.
The procedure for modifying an SHDSL line profile is similar to that for adding an
SHDSL line profile.
MA5300(config)#shdsl line-profile modify 2
neglected.
>G.SHDSL minimum line rate:(192 2304 kbps)[1856]:1900
>G.SHDSL maximum line rate:(192 2304 kbps)[2240]:2300
>Power Spectral Density mode (1--symmetric 2--asymmetric)[2]:1
>Transmission mode
(1--G.991.2 Annex A 2--G.991.2 Annex B 3--support Annex A&B)[3]:3
>Remote enable (1--enabled 2--disabled)[2]:
>Do you config the target SNR margin?(y/n)[n]:y
>Downstream current target SNR margin(0 10 dB)[4]:5
Do you want to use it?(y/n)[n]:y
>Downstream worst case target SNR margin(0 10 dB)[6]:5
Do you want to use it?(y/n)[y]:n
>Upstream current target SNR margin(0 10 dB)[5]:43
Invalid input
>Upstream current target SNR margin(0 10 dB)[5]:4
Do you want to use it?(y/n)[y]:y
>Upstream worst case target SNR margin(0 10 dB)[7]:5
Do you want to use it?(y/n)[y]:n
To effect the modification will disconnect the SHDSL port which use this prifle
for a few seconds!
Do you want to make it effect? (y/n)[n]:y
Effect profile 2 successfully
Upon the completion of the profile configuration, the system will prompt you whether to
validate the profile configurations immediately. If yes, the system will interrupt all
SHDSL ports using this profile for several minutes; if not, you can validate it by
deactivating the ports first and then activating them. Board resetting can also validate a
modified profile.
The default line profile which is numbered 1 cannot be modified at will.
IV. Querying SHDSL line profile
To show a specified SHDSL line profile, use the command show shdsl line-profile.
The displayed information includes:
5-11
z Line profile index

z Line profile name
z G.SHDSL line rate (unit: kbps)
z PSD
z Transmission mode
z Current downstream target SNR margin (dB)
z Downstream worst case target SNR margin (dB)
z Current upstream target SNR margin (dB)
z Upstream worst case target SNR margin (dB)
z Remote management enabling status
z Probe enabling status
This following example shows the parameter settings of the default line profile.
MA5300(config)#show shdsl line-profile 1
Line profile index :1
Line profile name :LINE-PROFILE-1
G.SHDSL minimum line rate(unit:kbps) :2048
G.SHDSL maximum line rate(unit:kbps) :2048
PSD :symmetric
Transmission mode :G.991.2 Annex B
Remote enable :enabled
Probe :disabled
The downstream current SNR margin(unit:dB):0, enabled
The downstream worst SNR margin(unit:dB) :0, disabled
The upstream current SNR margin(unit:dB) :0, disabled
The upstream worst SNR margin(unit:dB) :0, disabled
Note:
This profile is the default one of the system. The default values of the profile are shown above.
5.8.3 Activating/Deactivating an SHDSL Port
To enable an SHDSL port to function, you need to activate it using the specified line
profile first. If you intend to adopt new parameters for an activated port, you need to
deactivate it first, and then activate it using the profile with the desired parameters.
In board mode, you can use the command activate to activate an SHDSL port, or the
entered, the system uses the profile which was bound with the port last time to activate
the port.
5-12
MA5300(config-board-shdsl9)#activate
{ all<K>|INTEGER<0,23> }:all //Activate all ports in the SHDSL board in
slot 9.
MA5300(config-board-shdsl9)#activate
{ all<K>|INTEGER<0,23> }:2 //Activate the port 2 of the SHDSL board
in slot 2
{ <cr>|INTEGER<1,16> }:1 //Bind the line profile 1
In global mode, you can use the command shdsl activate to activate the SHDSL port
list and VDSL ports of a specified board, or the command shdsl activate all to activate
all ports at one time.
MA5300(config)#shdsl activate
{ all<K>|INTEGER<0,15>|Shdsl<K> }: all //Activate all ports of SHDSL
boards.
{ all<K>|INTEGER<0,15>|Shdsl <K> }:11 //Activate all SHDSL ports of the
board in slot 11.
{ all<K>|INTEGER<0,15>|Shdsl <K> }:shdsl9/0/2
{ <cr>|to<K>|Shdsl <K>|INTEGER<1,16> }:to
{ Shdsl<K> }:shdsl9/0/9 //Activate ports shdsl9/0/2 shdsl9/0/9.
{ <cr>|Shdsl <K>|INTEGER<1,16> }:1 //Bind the line profile 1.
In board mode, you can use the command deactivate to deactivate an SHDSL port, or
the command deactivate all to deactivate all ports in the board at one time.
MA5300(config-board-Shdsl9)#deactivate all //Deactivate all SHDSL ports in
the board in slot 9.
MA5300(config-board-Shdsl9)#deactivate 2 //Deactivate the SHDSL port 2 in the
board in slot 9.
In global mode, you can use the command shdsl deactivate to deactivate the SHDSL
port list and SHDSL ports of a specified board, or the command shdsl deactivate all to
MA5300(config)#shdsl deactivate all //Deactivate ports of all SHDSL boards.
MA5300(config)#shdsl deactivate 9 //Deactivate all ports of the SHDSL board
in slot 9.
MA5300(config)#shdsl deactivate shdsl9/0/2 to shdsl 9/0/9 //Deactivate port
shdsl9/0/2 shdsl9/0/9.
When an SHDSL port is deactivated, the communication between ATU-R and ATU-C
terminates. To enable service transmission, you should re-activate the port first.
5-13
5.9 Configuring SHDSL Alarm profile
5.9.1 Blocking/Unblocking SHDSL Port
Refer to 5.8.1 Blocking/Unblocking an SHDSL.
5.9.2 Adding/Deleting/Modifying an SHDSL Alarm profile
The SHDSL alarm profile is used to set alarm thresholds, count and supervise the
performances of an active SHDSL line. Upon the occurrence of threshold crossing, it
will inform the equipment of the event, and send alarms to the log host and the NMS. In
practice, as most of the ports share the same settings, the SHDSL alarm profile is
provided in the MA5300 system. When the profile is set successfully, it can be used to
activate a port directly.
I. Adding an SHDSL alarm profile
Use the command shdsl alarm-profile add to add an SHDSL alarm profile.
Note:
The MA5300 is designed with an SHDSL alarm profile. It is named as ALARM-PROFILE-1, and numbered
1. By default, the system uses this profile for port activation.
To establish an SHDSL alarm profile, you need to set the downstream/upstream alarm

1) Set SHDSL line profile index.
MA5300(config)#shdsl alarm-profile add 2
Start profile 2 adding
number for it. As the profile number is unique, all ADSL alarm profiles are deleted and
modified by their respective number. The input profile number should fall within 2 16.
2) Set whether to use the default data.
neglected.
> Do you use the default data to create an alarm profile?(y/n)[y]:
5-14
This option prompts you whether to adopt the parameters of the default alarm profile to
create an SHDSL alarm profile. You can press N to create an alarm profile with new
parameters, or press Y or <Enter> to accept the systems suggestion, namely
adopting the default line profile to create a new SHDSL alarm profile. In this case, the
system will skip to Step 13, and prompt that add profile 3 successfully.
Note: to proceed with the steps below, you need to press N in Step 2.
3) Set loop attenuation alarm threshold.
> Loop attenuation threshold (0 127 dB)[0]:
The system collects performance data generated within any 15-minute period. If the
loop attenuation exceeds the threshold, the system will report an alarm.
4) Set SNR margin threshold.
> SNR margin threshold (0 10 dB)[0]:
The system collects SNR related performance data generated within any 15-minute
period. If the SNR margin exceeds the threshold, the system will report an alarm.
5) Set Errored Seconds (ES) threshold.
> ES threshold (0 900 second)[0]:
The system collects ES related performance data generated within any 15-minute
period. If the accumulative ES exceeds the threshold, the system will report an alarm.
6) Set Severely Errored Seconds (SES) threshold.
> SES threshold (0 900 second)[0]:
The system collects SES related performance data generated within any 15-minute
period. If the accumulative SES exceeds the threshold, the system will report an alarm.
7) Set CRC abnormality threshold.
> CRC anomalies number threshold (0 58981500)[0]:
The system collects CRC related performance data generated within any 15-minute
period. If the accumulative CRC exceeds the threshold, the system will report an alarm.
8) Set Loss of SYNC Failure (LOSW) threshold.
> LOSWS threshold (0 900 second)[0]:
The system collects LOSW related performance data generated within any 15-minute
period. If the LOSW exceeds the threshold, the system will report an alarm.
9) Set Unavailable Seconds (UAS) threshold.
> UAS threshold (0 900 second)[0]:
The system collects UAS related performance data generated within any 15-minute
period. If the UAS exceeds the threshold, the system will report an alarm.
After the alarm profile is added successfully with the above settings, the system
prompts the follows:
5-15
II. Deleting an SHDSL alarm profile
To delete a specified SHDSL alarm profile, use the command shdsl alarm-profile
delete.
Note:
The default SHDSL alarm profile (numbered 1) cannot be deleted.
MA5300(config)#shdsl alarm-profile delete 2

The shdsl alarm profile will be deleted.
Are you sure?[Y/N]y
The shdsl alarm config profile 2 has been removed successfully.
III. Modifying an SHDSL alarm profile
To modify a specified SHDSL alarm profile, use the command shdsl alarm-profile
modify. The procedure involved is similar to that of setting an SHDSL alarm profile.
MA5300(config)#shdsl alarm-profile modify 2
neglected.
> Loop attenuation threshold (0 127 dB)[0]:50
> SNR margin threshold (0 10 dB)[0]:5
> ES threshold (0 900 second)[0]:10
> SES threshold (0 900 second)[0]:10
> CRC anomalies number threshold (0 58981500)[0]:60
> LOSWS threshold (0 900 second)[0]:10
> UAS threshold (0 900 second)[0]:10
Profile 2 has no binded port.
Modify profile 2 successfully.
MA5300(config)#
Upon the completion of profile modification, the system will prompt you whether to
validate the profile modification immediately. If yes, the system will interrupt all SHDSL
5-16
IV. Querying an SHDSL alarm profile information
To query a specified SHDSL alarm profile, use the command show shdsl
alarm-profile. This example shows the default SHDSL alarm profile.
MA5300(config)#show shdsl alarm-profile 1
Alarm profile index :1
Alarm profile name :ALARM-PROFILE-1
Loop attenuation threshold (unit:dB) :0
SNR margin threshold (unit:dB) :0
ES threshold (unit:second) :0
SES threshold (unit:second) :0
CRC anomalies number threshold :0
LOSWS threshold (unit:second) :0
UAS threshold (unit:second) :0
Information about SHDSL alarm profile 1 is displayed as follows:

MA5300(config)#show shdsl alarm-profile 2
Alarm profile index :2
Alarm profile name :ALARM-PROFILE-2
Loop attenuation threshold (unit:dB) :50
SNR margin threshold (unit:dB) :5
ES threshold (unit:second) :10
SES threshold (unit:second) :10
CRC anomalies number threshold :60
LOSWS threshold (unit:second) :10
UAS threshold (unit:second) :10
MA5300(config)#
Note:
The profile is the default alarm profile, whose parameters are shown above.
5.9.3 Binding an SHDSL Alarm profile
After setting an SHDSL alarm profile, you should bind an alarm profile with an SHDSL
port. By default, the port is bound with the alarm profile used last time.
1) In board mode, you can use the command alarm-config to bind an alarm profile
with an SHDSL port, or the command alarm-config all to complete the alarm
profile binding at one time.
5-17
MA5300(config-board-shdsl9)#alarm-config all 1 //Bind all ports of the SHDSL

board in slot 9 with alarm profile 1.
MA5300(config-board-shdsl9)#alarm-config 2 1 //Bind port 2 of the SHDSL
board in slot 9 with alarm profile 1.
2) In global mode, you can use the command shdsl alarm-config to bind the
SHDSL port list or an SHDSL port of specified board, or the command shdsl
alarm-config all to bind all ports at one time.
MA5300(config)#shdsl alarm-config all 1 //Bind ports of all SHDSL boards
with the alarm profile 1.
MA5300(config)#shdsl alarm-config 9 1 //Bind ports of the SHDSL board in
slot 9 with alarm profile 1.
MA5300(config)#shdsl alarm-config shdsl9/0/2 to shdsl9/0/9 1 //Bind alarm
profile 1 with shdsl9/0/2 shdsl9/0/9
3) In board mode, you can use the command no alarm-config to unbind an SHDSL
port, or the command no alarm-config all to unbind all ports at one time.
MA5300(config-board-shdsl9)#no alarm-config all //Unbind all ports of the
SHDSL board in slot 9.
MA5300(config-board-shdsl9)#no alarm-config 0 //Unbind port 0 of the SHDSL
board in slot 9.
4) In global mode, you can use the command no shdsl alarm-config to unbind the
SHDSL port list or SHDSL ports of designated, or the command no shdsl
alarm-config all to unbind all ports at one time.
MA5300(config)#no shdsl alarm-config //Unbind ports of all SHDSL board
MA5300(config)#no shdsl alarm-config 9 //Unbind all ports of the SHDSL board
in slot 9.
MA5300(config)#no shdsl alarm-config shdsl9/0/2 to shdsl 9/0/9 //Unbind
ports shdsl9/0/2 shdsl 9/0/9
5.9.4 Activating/Deactivating an SHDSL Port
If an SHDSL port is in active state before being bound with a profile, such a profile takes
effect immediately without port reactivating. If an SHDSL port is in deactive state before
being bound with a profile, such a profile binding will not take effect until the SHDSL
port is activated.
After an SHDSL port is activated, it will monitor and count the performance of the line.
When a performance statistics exceeds the threshold, the system will send alarm report
to the log host and the NMS.
For more details, refer to 5.8.3 Activating/Deactivating an SHDSL Port.
5-18
5.10 Resetting the SHDSL Port and Chipset
Upon the occurrence of fault on an SHDSL port, you can use the command chipset
reset to reset SHDSL chipset.
MA5300(config-board-shdsl9)#chipset reset 1
5.11 Querying SHDSL Port Information
I. Viewing SHDSL port information
In board mode, you can use the command show port state to view all information on
an SHDSL port, or the command show port state all to view the brief information on
the port.
In global mode, you can use the command show shdsl port state to obtain the same
information.
MA5300(config)#board-shdsl 9
MA5300(config-board-shdsl9)#show port state 2
-------------------------------------------------------------------
MA5300(config-board-shdsl9)#show port state all
Interface Line- Alarm- --Pvc-- --Car-- enable blocked loopback power-
-------------------------------------------------------------------
5-19

port, which is the same as the information made available when using the command
show port state.
MA5300(config)#show interface shdsl 9/0/2
Last UP time: 0000-00-00 00:00:00.0
Last DOWN time: 0000-00-00 00:00:00.0
PVID is 1
Priority is 0
Port mode: access
Untagged VLAN ID: 1
To CPU: 0 packets
Discard: 0 packets
II. Viewing the line status of a port
To view the line status of a port, use the command show line state in the board mode:
MA5300(config-board-shdsl9)#show line state 2
interface repeaternum max_rate act_rate mode LinkStatus
(kbps) (kbps)
5-20
-------------------------------------------------------------------
Shdsl9/0/2 0 0 0 G.991.2 annex B defective
III. Querying a ports office-end/remote-end information
To view the office-end/remote-end information on a port, use the command show

inventory.
MA5300(config-board-shdsl9)#show inventory 2
Inventory of SHDSL local port Shdsl9/0/2
Vendor ID :HWMA5300
Vendor mode :H533ESHA
Vendor serial :111111111111
EOC version :0
Standard version :0
Vendor list :HWR
Vendor issue :11
Software code :R003B2
Equipment code :0000000000
Information on other vendor :000000000000
Transmission mode capability:G.991.2 annex B
IV. Querying SHDSL port statistics
Query SHDSL port performance statistics
Use the command show statistics performance to view the performance statistics of
an SHDSL port, including performance statistics for last 15 minutes and last 24 hours.
MA5300(config-board-shdsl9)#show statistics performance 2 current
MA5300(config-board-shdsl9)#show statistics performance 2 historic-15minutes

10
MA5300(config-board-shdsl9)#show statistics performance 2 historic-24hours 5
5.12 Setting SHDSL Port Loopback
back. By comparing the transmitted frames with the received ones, the system can
determine whether the link is normal. The MA5300 supports setting
office-end/remote-end loopback for an SHDSL port. In office-end loopback, you only
need to test the switch chips and the office-end VDSL, without setting up any VDSL link.
However, the office-end loopback be set only when the link is deactivated.
5-21
Use the command loopback to set office-end/remote-end loopback for an SHDSL port.
After a port is set with loopback, it is no longer able to forward data packets correctly. If
not properly isolated, it may cause multicast storm. Therefore, upon the completion of
test, you should disable the loopback immediately using the command no loopback.
By default, port loopback is disabled.
MA5300(config-if-Shdsl9/0/2)#loopback local
MA5300(config-if-Shdsl9/0/2)#loopback remote
The command loopback is just used to set loopback for a port. CPU alone cannot send
test frames. To enable the CPU to send test frames, it should be assisted with the ports
of auxiliary equipment.
To perform port loopback test:

z Select a test port and connect it with the auxiliary equipment;
z Set a VLAN containing the testing port and the port to be tested (SHDSL port) to
protect the normal service;
z Set the SHDSL port with loopback using the command loopback.
z Cancel the port settings that might affect the port, such as STP (system test plan),
and clear port statistics.
z Send a certain number of data packets at a rate lower than 10Mbits/s using the
auxiliary equipment;
z Stop sending data packets and verify the number of received data packets. If the
normal state.
z Use the command no loopback to disable the port loopback setting.
5-22
SmartAX MA5300/5303 Broadband Access System Chapter 6 VLAN Configuration
Chapter 6 VLAN Configuration
6.1 Overview
Virtual Local Area Network (VLAN) is a technology used to form virtual workgroups by
grouping the devices of a LAN logically. IEEE issued the IEEE 802.1Q in 1999, aiming
at standardizing VLAN solutions.
You can define VLANs to divide a physical LAN into different logically broadcast
domains. Each domain is referred to as a virtual LAN, namely, a VLAN. Each VLAN has
a group of workstations with the same attributes. Although a VLAN is similar to a LAN in
effect, it only exists logically. The workstations in a VLAN do not have to belong to the
same physical LAN. The broadcast and unicast traffic within a VLAN will not be
forwarded to other VLANs.
VLAN helps to control network traffic, save the device investment, simplify network
management and improve security.
6.2 Configuring VLAN
To configure a VLAN, first create the VLAN, and then configure the VLAN ports and the
associated parameters.
I. Creating/Deleting a VLAN
Whenever creating/deleting a VLAN, you should enter global mode first.
If the VLAN to be created already exists, enter VLAN mode directly. Otherwise, create
the VLAN first, and then enter VLAN mode.
To create a VLAN, use the vlan command in global mode. By default, the created
VLAN is a general one.
To delete a VLAN, use the no vlan command in global mode. By default, VLAN 1
cannot be deleted.
MA5300(config)#no vlan 2
6-1
II. Adding/Deleting a port to/from a VLAN
Based on the actual networking conditions, you can enable L2 user isolation by
allocating different ports to different VLANs, or enable L2 user interconnection by
allocating different ports to the same VLAN.
By default, the system adds all the ports to a default VLAN (namely VLAN 1).
In VLAN mode, you can use the switchport command to add a port to a VLAN, or the
no switchport command to delete a port from a VLAN.
MA5300(config-vlan2)#switchport vdsl 5/0/0 to vdsl 5/0/23
MA5300(config-vlan2)#no switchport vdsl 5/0/0 to vdsl 5/0/23
III. Showing VLAN information
When the configuration completes, you can use the show vlan command to query
VLAN interface information.
1) To query the brief VLAN information, use the show vlan command.
MA5300(config)#show vlan
Now, the following vlan exist(s):
1(default), 2
2) To query detailed information on all VLANs, use the show vlan all command.
MA5300(config)#show vlan all
VLAN ID: 1
VLAN Type: static
Subnet Mask: 255.255.255.128
Tagged Ports: none
Untagged Ports:
Adsl1/0/0 Adsl1/0/1 Adsl1/0/2
Adsl1/0/9 Adsl1/0/10 Adsl1/0/11
Adsl1/0/12 Adsl1/0/13 Adsl1/0/14
Adsl1/0/15 Adsl1/0/16 Adsl1/0/17
Adsl1/0/18 Adsl1/0/19 Adsl1/0/20
Adsl1/0/21 Adsl1/0/22 Adsl1/0/23
Adsl1/0/24 Adsl1/0/25 Adsl1/0/26
Adsl1/0/27 Adsl1/0/28 Adsl1/0/29
Adsl1/0/30 Adsl1/0/31 Adsl1/0/32
Adsl1/0/33 Adsl1/0/34 Adsl1/0/35
Adsl1/0/36 Adsl1/0/37 Adsl1/0/38
Adsl1/0/39 Adsl1/0/40 Adsl1/0/41
6-2
Adsl1/0/42 Adsl1/0/43 Adsl1/0/44

Adsl1/0/45 Adsl1/0/46 Adsl1/0/47
Ethernet7/2/0 Ethernet7/2/1 Ethernet7/2/2
GigabitEthernet7/1/0 GigabitEthernet7/1/1
VLAN ID: 2
VLAN Type: static
Subnet Mask: 255.255.255.0
Tagged Ports: none
Untagged Ports:
Vdsl5/0/0 Vdsl5/0/1 Vdsl5/0/2
Vdsl5/0/9 Vdsl5/0/10 Vdsl5/0/11
Vdsl5/0/12 Vdsl5/0/13 Vdsl5/0/14
Vdsl5/0/15 Vdsl5/0/16 Vdsl5/0/17
Vdsl5/0/18 Vdsl5/0/19 Vdsl5/0/20
Vdsl5/0/21 Vdsl5/0/22 Vdsl5/0/23
Ethernet7/2/3
3) To query detailed information on a specific VLAN, use the command show vlan
id.
MA5300(config)#show vlan 1
VLAN ID: 1
VLAN Type: static
Subnet Mask: 255.255.255.128
Tagged Ports: none
Untagged Ports:
Adsl1/0/9 Adsl1/0/10 Adsl1/0/11
Adsl1/0/12 Adsl1/0/13 Adsl1/0/14
Adsl1/0/15 Adsl1/0/16 Adsl1/0/17
Adsl1/0/18 Adsl1/0/19 Adsl1/0/20
Adsl1/0/21 Adsl1/0/22 Adsl1/0/23
Adsl1/0/24 Adsl1/0/25 Adsl1/0/26
Adsl1/0/27 Adsl1/0/28 Adsl1/0/29
Adsl1/0/30 Adsl1/0/31 Adsl1/0/32
Adsl1/0/33 Adsl1/0/34 Adsl1/0/35
6-3
Adsl1/0/36 Adsl1/0/37 Adsl1/0/38

Adsl1/0/39 Adsl1/0/40 Adsl1/0/41
Adsl1/0/42 Adsl1/0/43 Adsl1/0/44
Adsl1/0/45 Adsl1/0/46 Adsl1/0/47
Ethernet7/2/0 Ethernet7/2/1 Ethernet7/2/2
GigabitEthernet7/1/0 GigabitEthernet7/1/1
6.3 Configuring a VLAN Interface
I. Adding/Deleting a VLAN interface
Before adding a VLAN interface, you should create a VLAN. Up to 32 VLAN interfaces
can be created in the system.
In global mode, you can use the interface vlan-interface command to add a VLAN
interface and enter VLAN interface mode, or use the no interface vlan-interface
command to delete the VLAN interface.
MA5300(config)#no interface vlan-interface 2
II. Setting/Deleting IP address and mask for a VLAN interface
To initiate the L3 functions on a VLAN interface, you should assign an IP address and a
mask for it.
In VLAN interface mode, you can use the ip address command to set the IP address
and mask for the interface, or use the no ip address command to delete the IP address
for the interface.
MA5300(config-if-VLAN-interface2)#ip address 10.71.83.2 255.255.255.128
MA5300(config-if-VLAN-interface2)#no ip address
III. Enabling/Disabling a VLAN interface
When a VLAN interface is disabled, it is in DOWN state; when a VLAN interface is

enabled, it is in UP state. By default, if all ports under a VLAN interface are in DOWN
state, this VLAN interface is in DOWN state; if one or more port under it is in UP state,
this VLAN interface is in UP state.
Enabling or disabling a VLAN interface does not change the state of the Ethernet ports,
VDSL ports and ADSL ports belonging to the VLAN interface, that is to say, the normal
services on these ports are not affected.
In VLAN interface mode, you can use the shutdown command to disable a VLAN
interface, or the no shutdown command to enable a VLAN interface.
MA5300(config-if-VLAN-interface2)#shutdown
6-4
% 1[2003-07-04 16:23:19]:L2INF-1-VLANIF LI:

VLAN-interface2: change status to DOWN
% 1[2003-07-04 16:23:19]:IFNET-1-UPDOWN:
Line protocol on interface VLAN-interface1, changed state to DOWN
IV. Querying VLAN interface information
To query the status and configurations of a VLAN interface, use the show interface
vlan-interface command.
MA5300(config-if-VLAN-interface2)#show interface vlan-interface 2
VLAN-interface2 is administratively down, line protocol is down
Description : HUAWEI, Quidway Series, VLAN-interface1 Interface
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0.fc11.19c3
6.4 Configuring VLAN Trunk
VLAN Trunk refers to the aggregation of multiple VLANs on one interface (group) to
enable interconnection between various devices. With the VLAN Trunk function, one or
more VLAN on a device can interconnect with the same VLAN(s) on the peer device
that is in the same interface (group). To achieve VLAN interconnection within the whole
network, each packet in a VLAN is labeled with an 802.1Q label to differentiate itself
from packets from other VLANs.
I. Specifying/Canceling a Trunk port
An Ethernet port or VDSL port is in either Access mode or Trunk mode. By default, the
port is in Access mode.
In Ethernet or VDSL port mode, you can use the switchport mode trunk command to
set a port as a Trunk port, or the no switchport mode command to restore it to an
access port.
MA5300(config-if-Ethernet7/2/0)#no switchport mode
II. Specifying the VLAN(s) whose traffic is allowed to pass the Trunk port
By specifying the VLAN(s) whose traffic is allowed to pass the Trunk port, you can
enable the interconnection between multiple VLANs on the local device, or with the
same VLAN(s) on the peer device.
6-5
In Ethernet or VDSL port mode, you can use the switchport trunk allowed command
to specify the VLAN(s) whose traffic is allowed to pass the Trunk port, or use the no
switchport trunk allowed command to delete such VLAN(s).
MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 2 10 to 15
MA5300(config-if-Ethernet7/2/0)#no switchport trunk allowed vlan 2 10 to 15
III. Setting default VLAN ID of the Trunk port
Once set with a default VLAN ID, upon receiving an unlabeled packet, the Trunk port
will forward it to the VLAN with the default VLAN ID. Packet receiving and forwarding
comply with IEEE 802.1Q standards.
To validate this setting, make sure the following conditions are met:
z The VLAN with the default VLAN ID already exists.
z The traffic of this VLAN is allowed to pass the Trunk port.
z The default VLAN ID of the local Trunk port is the same as that of the peer Trunk
port.
By default, the default VLAN ID is 1.
In port mode, you can use the switchport trunk native command to specify the default
VLAN ID of the Trunk port, or the no switchport trunk native command to restore the
default VLAN ID of the Trunk port.
MA5300(config-if-Ethernet7/2/0)#switchport trunk native vlan 2
6.5 VLAN Configuration Examples
6.5.1 Configuring VLAN Interconnection
The MA5300 enables the interconnection of two LANs located in different network
segments.
With the LAN interconnection function, you can enable high-speed interconnection
between two remote users by allocating the two users to the same VLAN. In addition, if
the two users obtain access to the Internet through an access device, they can further
enjoy the high-speed leased line services.
6-6
CON=>Aux7/0/0
E E ETH=>M-Ethernet7/0/1
MON
V A
GE=>7/1/0
D D GE=>7/1/1
A A
FE=>7/2/0
FE=>7/2/1
FE=>7/2/2
FE=>7/2/3
Telephone line ESM MA5300

RTU RTU
Straight through cable
PC1 PC2
Figure 6-1 Application of LAN Interconnection
1) PC1 is connected to the 0/0/0 port on the MA5300s EVDA board. The IP address
of PC1 is 10.1.1.1/24.
2) PC2 is connected to the 1/0/0 port on the MA5300s EADA board. The IP address
of PC2 is 10.1.1.2/24.
3) Both PC1 and PC2 belong to VLAN2.
4) The upstream rate for the VDSL user is 1.5M, and the downstream rate is 4M.
5) The upstream rate for the ADSL user is 0.5M, and the downstream rate is 2M. The
working mode is the interleave mode.
6) ADSL RTU works in 1483B mode; VPI/VCI=0/35
II. Configuring VLAN
This example shows how to create a VLAN and add the ports to this VLAN.
MA5300>enable
MA5300#configure terminal
Enter configuration commands, one per line. End with Ctrl+Z.
MA5300(config-vlan2)#switchport vdsl 0/0/0
MA5300(config-vlan2)#switchport adsl 1/0/0
MA5300(config-vlan2)#exit
III. Adding a VDSL line profile
To add a VDSL line profile with these attributes:

z Upstream rate: 1.5M
z Downstream rate: 4m
6-7
z Signal noise ratio: 6

z Interleave depth for both upstream and downstream:1
z Auto-training: enabled
z Mask of amateur radio frequency band: disabled
Do as follows:
During input, press 'CTRL+C' to quit, then settings at this time are
neglected.
> VDSL link auto train 1-enable 2-disable (1 - 2)[1]:
> Target bit rate in downstream (780 - 25000 kbps) [12500]:4000
> Target bit rate in upstream (780 - 25000 kbps) [12500]:1500
> Target downstream interleaved depth 0,1,2,8,16 (0 - 16) [1]:
> Target upstream interleaved depth 0,1,2,8,16 (0 - 16) [1]:
> Signal to noise ratio margin in downstream: precision 0.1dB(0.0 - 31.0 dB)
[6.0]:
> Signal to noise ratio margin in upstream: precision 0.1dB(0.0 - 31.0 dB)
[6.0]:
IV. Adding an ADSL line profile
To add an ADSL line profile with these attributes:

z Downstream rate is 2M
z Working mode: interleave mode
Do as follows:
neglected.
> 0: All(G992.1, G992.2, T1.413)
> 1: Full rate(G992.1 or T1.413)
> 2: G992.2(g.lite)
> 3: T1.413
> 4: G992.1(g.dmt)
6-8
> Please select (0 - 5) [0]:

> Trellis coding 1-enable 2-disable (1 - 2) [1]:
> Upstream channel bit swap 1-enable 2-disable (1 - 2) [2]:
> Downstream channel bit swap 1-enable 2-disable (1 - 2) [2]:
> Please select channel mode 0-interleaved 1-fast (0 - 1) [1]: 0
> Will you set interleave depth? (y/n)[n]:y
> Maximum downstream interleaved depth 2,4,8,16,32,64,128 DMT (2 - 128) [64]:
> Maximum upstream interleaved depth 2,4,8,16,32,64,128 DMT (2 - 128) [64]:
> Minimum noise margin in downstream (0 - 15 dB) [0]:
> Maximal noise margin in downstream (0 - 31 dB) [31]:
> Target noise margin in downstream(0 - 15 dB) [12]:
> Minimum noise margin in upstream (0 - 15 dB) [0]:
> Maximal noise margin in upstream (0 - 31 dB) [31]:
> Target noise margin in upstream (0 - 15 dB) [12]:
> Minimum bit rate in downstream (32 - 8160 Kbps) [32]:
> Maximum bit rate in downstream (32 - 8160 Kbps) [6144]:2048
> Minimum bit rate in upstream (32 - 896 Kbps) [32]:
> Maximum bit rate in upstream (32 - 896 Kbps) [640]:512
V. Configuring ADSL port PVC
This example shows how to configure ADSL port PVC.

MA5300(config)#interface adsl 1/0/0
VI. Activating the port
This example shows how to activate port vdsl 0/0/0 and bind it with line profile 2.
MA5300(config)#vdsl activate vdsl 0/0/0 2
Activate port adsl 1/0/0, and bind it with line profile 3.

MA5300(config)#adsl activate adsl 1/0/0 3
VII. Querying the line profile
This example shows how to query the line profiles.

MA5300(config)#show vdsl line-profile all
Index Profile Name DownStream UpStream DownSnr UpSnr AutoTrain
6-9
Rate(Kbps) Rate(Kbps) Margin(dB) Margin(dB)

-------------------------------------------------------------------------
MA5300(config)#show adsl line-profile all
Index ProfileName Target Atuc-Max Atur-Max trans-mode chan-mode
SnrMgn txRate txRate
(dB) (Kbps) (Kbps)
-------------------------------------------------------------------------
1 LINE-PROFILE-1 12 6144 640 all FAST
2 LINE-PROFILE-2 12 6144 640 all INTERLEAVE
3 LINE-PROFILE-3 12 2048 512 all INTERLEAVE
VIII. Querying state of an activated line
This example shows how to query the state of an activated line.

MA5300(config)#show vdsl line state vdsl 0/0/0
Vdsl0/0/0 vdsl link status : active
The actual down-stream rate(Kbps) : 4000
The actual up-stream rate(Kbps) : 1500
The down-stream interleave delay(ms): 1
The up-stream interleave delay(ms) : 1
Remote tx-power(dBm/Hz) : -89.720
Local tx-power(dBm/Hz) : -66.770
Remote SNR(dB) : 38.240
Local SNR(dB) : 27.220
Remote SNR Margin(dB) : 13.1
Local SNR Margin(dB) : 8.0
Remote MSE(dB) : 21.800
Local MSE(dB) : 17.160
Remote RS count : 0
Local RS count : 0
DownTimes : 1
IX. Querying VLAN configuration information
This example shows how to query VLAN configuration information.

VLAN ID: 2
VLAN Type: static
Route Interface: not configured
Tagged Ports: none
Untagged Ports:
6-10
Vdsl0/0/0 Adsl1/0/0
X. Verifying the configuration
Upon successful completion of the configuration, the two ports vdsl0/0/0 and adsl1/0/0
can interconnect with each other.
XI. Saving the configuration
This example shows how to save the configuration.

6.5.2 Configuring VLAN Trunk Interconnection
The MA5300 supports interconnection between multiple VLANs on the local equipment
or with the same VLANs on the peer device that are in the same interface (group).
To enable such interconnection, one interface (group) should support multiple VLANs
using the VLAN Trunk function.
CON=>Aux7/0/0
FE=>2/0/0
E E ETH=>M-Ethernet7/0/1 FE=>2/0/1
MON M FE=>2/0/2 N
V A FE=>2/0/3
GE=>7/1/0 GE=>1/0/0
D D
GE=>7/1/1 GE=>1/0/1
P E
A A
FE=>7/2/0 FE=>2/0/12
FE=>7/2/1 U FE=>2/0/13 T
FE=>7/2/2 FE=>2/0/14
FE=>7/2/3 FE=>2/0/15
Telephone line ESM LPU LPU

RTU RTU MA5300 S8016
Straight-through cable
PC1 PC2 Server
Figure 6-2 Application of VLAN interconnection
of PC1 is 10.1.1.1/24; the IP address of the gateway 10.1.1.254.
of PC2 is 10.1.1.2/24.
3) The IP address of the server is 10.1.3.1/24; the IP address of the gateway is
10.1.3.254.
4) Port 0/0/0 belongs to VLAN 10, and port 1/0/0 belongs to VLAN 20.
5) MA5300 is connected to an S8016 through a GE port (Trunk mode) that allows the
traffic of VLAN 10 and VLAN 20.
6) The upstream/downstream rates for the VDSL user are 1.5M and 4M respectively.
6-11
7) The upstream/downstream rates for the ADSL user are 0.5M and 2M respectively.
The working mode is fast mode.
8) ADSL RTU works in 1483B mode; VPI/VCI = 0/35.
9) VLAN 10, VLAN 20, VLAN 100 and VLAN 200 are configured on the S8016. VLAN
100 is the Super VLAN, which includes two sub VLANsVLAN 10 and VLAN
20.The IP address of VLAN 100 is 10.1.1.254/24, and the IP address of VLAN 200
is 10.1.3.254/24.
II. Configuring VLANs
This example shows how to configure VLANs.

MA5300>enable
MA5300# configure terminal
MA5300(config)#vlan 10 //Add VLAN10, which includes a VDSL port.
MA5300(config)#vlan 20 //Add VLAN20, which includes an ADSL port.
MA5300(config-vlan20)#switchport adsl1/0/0
III. Adding a VDSL line profile
To add a VDSL line profile with these attributes:

z Downstream rate: 4M
z Signal noise ratio: 6
z Interleave depth for both upstream and downstream: 1
z Auto-training: enabled
z Mask of amateur radio frequency: disabled
Do as follows:
neglected.
> VDSL link auto train 1-enable 2-disable (1 - 2)[1]:
> Target bit rate in downstream (780 - 25000 kbps) [12500]:4000
> Target bit rate in upstream (780 - 25000 kbps) [12500]:1500
> Target downstream interleaved depth 0,1,2,8,16 (0 - 16) [1]:
> Target upstream interleaved depth 0,1,2,8,16 (0 - 16) [1]:
> Signal to noise ratio margin in downstream: precision 0.1dB(0.0 - 31.0 dB)
[6.0]:
6-12
> Signal to noise ratio margin in upstream: precision 0.1dB(0.0 - 31.0 dB)
[6.0]:
IV. Adding an ADSL line profile
To add an ADSL line profile with these attributes:

z Downstream rate: 2M
z Working mode: fast mode
Do as follows:
neglected.
> 0: All(G992.1, G992.2, T1.413)
> 1: Full rate(G992.1 or T1.413)
> 2: G992.2(g.lite)
> 3: T1.413
> 4: G992.1(g.dmt)
> Please select (0 - 5) [0]:
> Trellis coding 1-enable 2-disable (1 - 2) [1]:
> Upstream channel bit swap 1-enable 2-disable (1 - 2) [2]:
> Downstream channel bit swap 1-enable 2-disable (1 - 2) [2]:
> Please select channel mode 0-interleaved 1-fast (0 - 1) [1]:1
> Minimum noise margin in downstream (0 - 15 dB) [0]:
> Maximal noise margin in downstream (0 - 31 dB) [31]:
> Target noise margin in downstream(0 - 15 dB) [12]:
> Minimum noise margin in upstream (0 - 15 dB) [0]:
> Maximal noise margin in upstream (0 - 31 dB) [31]:
> Target noise margin in upstream (0 - 15 dB) [12]:
> Minimum bit rate in downstream (32 - 8160 Kbps) [32]:
> Maximum bit rate in downstream (32 - 8160 Kbps) [6144]: 2048
6-13
> Minimum bit rate in upstream (32 - 896 Kbps) [32]:

> Maximum bit rate in upstream (32 - 896 Kbps) [640]: 512
This example shows how to configure the ADSL port PVC.

This example shows how to activate port vdsl 0/0/0 and bind it with line profile 2.
Activate port adsl 1/0/0, and bind it with line profile 3.

VII. Setting the GE port as Trunk port
This example shows how to set the GE port as Trunk port.

MA5300(config)#interface gigabitethernet 7/1/0
MA5300(config-if-GigabitEthernet7/1/0)#switchport mode trunk
MA5300(config-if-GigabitEthernet7/1/0)#switchport trunk allowed vlan 10 20
VIII. Verifying the configuration
Upon successful completion of the configuration, the two ports vdsl0/0/0 and adsl1/0/0
can interconnect with each other.
IX. Saving the configuration
This example shows how to save the configuration.

6-14
SmartAX MA5300/5303 Broadband Access System Chapter 7 Smart VLAN Configuration
Chapter 7 Smart VLAN Configuration
7.1 Overview
Smart VLAN is a new feature of the MA5300. It is applied in residential area to provide
access to Internet. With this technology, multiple downstream ports (VDSL/ADSL users)
and one upstream port can be grouped into a Smart VLAN. Meanwhile, the system
creates internal mapping between the upstream port and downstream ports, thus
allowing the isolation of L2 messages of different users.
Smart VLAN does not hamper the implementation of general VLAN. In the MA5300, it is
still achievable to implement the L2 message isolation for some ports while realizing the
L2 message interconnection for others. You can add the user ports into a Smart VLAN
for L2 message interconnection through the mapping created by the system, or add
them into a general VLAN for L2 message exchange.
Smart VLAN configuration involves:

z Creating/Deleting a VLAN
z Setting/Canceling the VLAN as Smart VLAN
z Adding an upstream port to the Smart VLAN
z Adding downstream ports to the Smart VLAN
z Querying Smart VLAN information
7.2 Creating/Deleting a VLAN
In global mode, use the vlan command to create a VLAN. By default, the VLAN to be
created is a general one.
MA5300(config-vlan12)#
7.3 Setting/Canceling a VLAN as a Smart VLAN
To specify a VLAN as a Smart VLAN, use the svlan-type smart command in VLAN
mode. The MA5300 can be configured with 255 Smart VLANs, with VLAN IDs ranging
from 2 to 4000. However, you cannot define the default VLAN (namely VLAN 1) as a
Smart VLAN. When a Smart VLAN is created, ports included in the original VLAN serve
as the downstream ports of the Smart VLAN.
MA5300(config-vlan12)#vlan-type smart
7-1
In VLAN mode, use the no vlan-type smart command to cancel the setting of Smart
VLAN. Before canceling the VLAN as a Smart one, you must delete its upstream port
and downstream ports.
MA5300(config-vlan12)#no vlan-type smart
The above command can turn Smart VLAN 12 into a general VLAN, without deleting all
upstream/downstream ports included in Smart VLAN 12. Meanwhile, the system
cancels the original isolation state, allowing these ports to be included in the general
VLAN 12.
To perform the following configurations, you need to first set the VLAN type as the
Smart VLAN in VLAN mode.
7.4 Adding an Upstream Port to the Smart VLAN
In VLAN mode, use the svlan-upport command to add an upstream port to the Smart
VLAN. You can add multiple upstream ports to a Smart VLAN.
There is no limitation on the mode of the upstream port. An upstream port of a Smart
VLAN can be a master PA port (namely master aggregated port), Trunk port or access
port. However, it cannot be the access port (regardless of upstream or downstream port)
of any other Smart VLAN, or the downstream port of its own. Besides, the upstream
port must be the FE/GE port of the ESM board rather than the port of service boards
(such as VDSL port, ADSL port or SHDSL port).
z To set the upstream port of the Smart VLAN as an aggregated port, you have to
enable port aggregation first. Next, you need to use the number of the master port
in the aggregation group to specify the aggregated port as the upstream port of the
Smart VLAN.
MA5300(config)#link-aggregation ethernet 7/2/0 to ethernet 7/2/1 ingress
MA5300(config-vlan12)#svlan-upport ethernet 7/2/0
z To set the upstream port of the Smart VLAN as a Trunk port, you have to add the
upstream port to the Smart VLAN first, and then specify this port as a Trunk port.
MA5300(config-vlan10)#svlan-upport e7/2/0
In VLAN mode, you can use the no svlan-upport command to delete the upstream
port from the Smart VLAN.
MA5300(config-vlan1000)#no svlan-upport ethernet 7/2/0
It is not allowed to delete the upstream ports of a Smart VLAN by running the command
switchport in any other VLAN mode to add these upstream ports to the mentioned
VLAN. However, this method is applicable to a general VLAN.
7-2
7.5 Adding Downstream Ports to the Smart VLAN
In VLAN mode, you can use the svlan-downport command to add downstream ports
to the Smart VLAN, or the no svlan-downport command to delete downstream ports
from the Smart VLAN. You can add multiple downstream ports to a Smart VLAN.
The downstream ports of a Smart VLAN can be the ports of ESM boards (namely FE
ports or GE ports), or the ports of service boards (namely FE ports, ADSL ports, VDSL
ports, or SHDSL ports). There is no limitation on the mode of downstream ports. A
downstream port can be a Trunk port, access port or PA port. In the case of PA port, it
can only be the port of the ESM board (namely FE or GE port).
This example shows how to add the downstream port adsl 1/0/0 to SVLAN 12.
MA5300(config-vlan2)#no switchport adsl 1/0/0
MA5300(config-vlan12)# svlan-downport adsl 1/0/0
Through the above operation, you can add the access ports of a general VLAN to a
smart VLAN. However, you cannot add the access ports (both upstream and
downstream) of other Smart VLANs or the upstream ports of the Smart VLAN itself to
the Smart VLAN.
This example shows how to delete port adsl 1/0/0 from SVLAN 12.
MA5300(config-vlan12)# no svlan-downport adsl 1/0/0
It is not allowed to delete the downstream ports of a Smart VLAN by running the
command switchport in any other VLAN mode to add these downstream ports to the
mentioned VLAN. However, this method is applicable to a general VLAN.
You can also run the command svlan-downport in port mode. However, when this
command is executed in port mode, its form is different from that in VLAN mode. You
need to specify the VLAN in port mode, whereas you need to specify the port in VLAN
mode.
This example shows how to add downstream port Ethernet7/1/0 to SVLAN 12 in port
mode.
MA5300(config-if-Ethernet7/1/0)# svlan-downport vlan 12
Note:
z If the downstream ports of a Smart VLAN are set as Trunk ports, these ports cannot communicate with
each other in any other general VLAN.
z If ports of two interface boards belong to the same Smart VLAN, other ports of these interface boards
cannot communicate with each other in any VLAN.
7-3
7.6 Querying Smart VLAN Information

1) To show brief information on the smart VLAN, use the show vlan smart
command.
MA5300(config)#show vlan smart
Now, the following smart vlan exist(s):
2, 3, 5
2) To show detailed information on all Smart VLANs, use the show vlan smart all
command.
MA5300(config)#show vlan smart all
VLAN ID: 2
VLAN Type: static,Smart
Up Ports:
Ethernet7/1/3
Down Ports:
Ethernet7/1/2
VLAN ID: 3
Up Ports:
Ethernet7/1/1
Down Ports:
Adsl1/0/0
VLAN ID: 5
Up Ports:
Ethernet7/1/3
Down Ports:
Vdsl5/0/2
3) Display detailed information on a Smart VLAN
MA5300(config)#show vlan smart 2
VLAN ID: 2
Up Ports:
Ethernet7/1/3
Down Ports:
Ethernet7/1/2
7-4
7.7 Smart VLAN Configuration Examples
7.7.1 Smart VLAN (Access Mode)
CON=>Aux7/0/0
FE=>2/0/0
MON M FE=>2/0/2 N
V A FE=>2/0/3
GE=>7/1/0 GE=>1/0/0
D D
GE=>7/1/1 GE=>1/0/1
P E
A A
FE=>7/2/0 FE=>2/0/12
FE=>7/2/1 U FE=>2/0/13 T
FE=>7/2/2 FE=>2/0/14
FE=>7/2/3 FE=>2/0/15

PC1 PC2 Server
Figure 7-1 Application of Smart VLAN (Access mode)
10.1.3.254.
4) Set VLAN 100 as the Smart VLAN. The upstream port of Smart VLAN is
GigabitEthernet 7/1/0, and the packets sent by the upstream port are not labeled
with VLAN tags. The downstream ports include vdsl0/0/0 and adsl1/0/0.
5) VDSL and ADSL users use the default profile for port activation.
7) VLAN 100 and VLAN 200 are configured on the S8016. The IP address of VLAN
100 is 10.1.1.254/24. The IP address of VLAN 200 is 10.1.3.254/24.
II. Configuring Smart VLAN
This example shows how to configure Smart VLAN.

MA5300> enable
MA5300(config)#vlan 100 //Add VLAN100.
MA5300(config-vlan100)#vlan-type smart //Set the VLAN type as a Smart
VLAN.
7-5
MA5300(config-vlan100)#svlan-upport GigabitEthernet 7/1/0//Add an upstream

port.
MA5300(config-vlan100)#svlan-downport vdsl 0/0/0 //Add a downstream
port.
MA5300(config-vlan100)#svlan-downport vdsl 0/0/0 //Add a downstream
port.
III. Configuring ADSL port PVC
This example shows how to configure the ADSL port PVC.

IV. Activating the port
This example shows how to activate port vdsl 0/0/0 and bind it with the default line
profile.
This example shows how to activate port adsl1/0/0, and bind it with the default line
profile.
7.7.2 Smart VLAN (Trunk Mode)
CON=>Aux7/0/0
FE=>2/0/0
MON M FE=>2/0/2 N
V A FE=>2/0/3
GE=>7/1/0 GE=>1/0/0
D D
GE=>7/1/1 GE=>1/0/1
P E
A A
FE=>7/2/0 FE=>2/0/12
FE=>7/2/1 U FE=>2/0/13 T
FE=>7/2/2 FE=>2/0/14
FE=>7/2/3 FE=>2/0/15

PC1 PC2 Server
Figure 7-2 Application of Smart VLAN (Trunk mode)
7-6
10.1.3.254.
4) Set VLAN 100 as the Smart VLAN. The upstream port of Smart VLAN is
GigabitEthernet 7/1/0. The downstream ports include vdsl0/0/0 and adsl1/0/0.
5) VLAN 200 is the management VLAN.
6) VDSL and ADSL users use the default profile.
8) VLAN 100 and VLAN 200 are configured on the S8016. The IP address of VLAN
100 is 10.1.1.254/24, and the IP address of VLAN 200 is 10.1.3.254/24.
II. Configuring Smart VLAN
This example shows how to configure Smart VLAN.

MA5300> enable
MA5300(config)#vlan 100 //Add VLAN 100.
MA5300(config-vlan100)#vlan-type smart //Set VLAN 100 as the Smart VLAN.
MA5300(config-vlan100)#svlan-upport GigabitEthernet 7/1/0 //Add an upstream
port.
MA5300(config-vlan100)#svlan-downport vdsl 0/0/0 //Add a downstream port.
MA5300(config-vlan100)#svlan-downport vdsl 1/0/0 //Add a downstream port.
III. Creating the management VLAN
This example shows how to create the management VLAN.

IV. Enabling traffic of the management VLAN to pass the upstream port
This example shows how to enable traffic of the management VLAN to pass the
upstream port.
MA5300(config)#interface GigabitEthernet 7/1/0
MA5300(config-if-GigabitEthernet7/1/0)#switchport trunk allowed vlan 200
This example shows how to configuring ADSL port PVC.

7-7
This example shows how to activate port vdsl 0/0/0 and bind it with the default line
profile.
To activate port adsl1/0/0, and bind it with the default line profile.
7-8
SmartAX MA5300/5303 Broadband Access System Chapter 8 MUX VLAN Configuration
Chapter 8 MUX VLAN Configuration
8.1 Overview
MUX VLAN is a new feature of the MA5300. It is applied in residential area to offer
Internet access. With the MUX VLAN function, the system can automatically designate
VLANs to the ports on various interface boards when:
z The upstream port and the range of the MUX VLANs have been specified, or
z The cascading port and the range of the cascaded MUX VLANs have been
specified.
This eventually helps simplify the data configuration.
The system supports up to 4K VLANs. MUX VLAN cannot coexist with a general VLAN
and/or a Smart VLAN.
MUX VLAN configuration involves:

z Enabling/Disabling MUX VLAN
z Specifying the upstream port and the range of the local MUX VLAN
z Specifying the cascading port and the range of the cascaded MUX VLANs
z Setting the MUX VLAN for a specified interface board
z Setting the MUX VLAN for a specified port
z Querying MUX VLAN information
8.2 Enabling/Disabling MUX VLAN
To configure MUX VLAN, you have to enable the MUX VLAN function first. By default,
the MUX VLAN is disabled.
When MUX VLAN is enabled using the global command mux-vlan, the system will
back up the configuration files in common mode. Then at the next startup, the system
will use the configuration files in MUX VLAN mode.
MA5300(config)#mux-vlan
When MUX VLAN is disabled using the no mux-vlan command, the system will back
up the configuration files in MUX VLAN mode. Then at the next startup, the system will
use the configuration files in common mode.
MA5300(config)#no mux-vlan
8-1
8.3 Configure MUX VLAN Configuration Profile
MUX VLAN configuration profile specifies the start MUX VLAN ID, the number of
VLANs in a group (or a slot), as well as the maximum number of MUX VLAN groups for
the device. This profile sets limits on parameter settings of the uplink port and the
cascading port of the MUX VLAN.
To configure the MUX VLAN configuration profile, use the command mux-vlan
config-profile.
For the command mux-vlan config-profile, the parameters start-vlanid and

vlan-num-per-group are compulsory, while vlan-group-num is optional.
Parameters specification:
start-vlanid: Specifies the start MUX VLAN ID for the device, which is a multiplier of 96,
ranging from 8 to 3976.
vlan-num-per-group: Specifies the number of VLANs in each group or slot. The options
are 24, 48 and 64, and the default is 48.
vlan-group-num: Specifies maximum number of MUX VLAN groups allowed for the
device, including the VLAN groups configured for this device and those for the
cascading port. It is in range of 1 166, and the default is 80. This parameter is optional.
When it is not specified, the value will be the maximum number of MUX VLAN groups
allowed in full configuration.
The example shows how to set the start MUX VLAN ID to 128, the number of VLANs in
each group to 48, and the maximum number of MUX VLAN groups to 80.
MA5300(config)#mux-vlan config-profile 128 48 80
The command no mux-vlan config-profile is used to restore the parameters to the

default settings in the MUX VLAN configuration profile.
8.4 Specifying Upstream Port and Range of Local MUX VLAN
This section introduces how to specify the upstream port and the range of local MUX
VLAN.
I. Specifying upstream port and range of lcoal MUX VLAN
If the upstream port and the range of the local MUX VLAN are specified, the system will
automatically allocate VLANs to all the ports (including ADSL ports and VDSL ports) of
the interface boards. As a result, it simplifies the data configuration.
The upstream port of the MUX VLAN can only be on the ESM board, namely, an FE
port or a GE port.
8-2
The start VLAN ID and the number of VLAN groups of the MUX VLAN set a limit on the
range of the local VLAN.
Start VLAN ID starts from start-vlanid as specified in the command mux-vlan

config-profile. It is in increments of vlan-group-num as specified in the command
mux-vlan config-profile, and it is in the range of 8 3976.
Number of VLAN groups ranges from 0 to vlan-group-num as specified in the command

mux-vlan config-profile. Usually, VLANs in one service board form a group. Each
MA5300 device has 14 service boards.
In global mode, use the mux-vlan uplink-port command to set the upstream port and
the range of the local MUX VLAN; use the no mux-vlan uplink-port command to
cancel the setting.
MA5300(config)#mux-vlan config-profile 32 48 95
MA5300(config)#mux-vlan uplink-port
{ interface<K> }:interface
{ Ethernet<K>|GigabitEthernet<K> }:ethernet
{ <7-7> }:7/2/0 //Specify the upstream port as ethernet7/2/0.
{ local-vlan<K> }:local-vlan //Specify the local VLAN.
{ INTEGER<32,3976> }:128 //Set the start VLAN ID.
{ INTEGER<0,95> }:14 //Set the number of VLAN groups.
Now, the system will automatically allocate VLANs for the 14 interface boards. The start
VLAN ID is 128. Each board, namely one VLAN group, has 48 VLANs.
The first board contains VLANs from VLAN 128 to VLAN 175. The second board
contains VLANs from VLAN 176 to VLAN 223. The same rule applies to the rest
interface boards.
II. Querying MUX VLAN information
To query MUX VLAN information, use the show mux-vlan command.

MA5300(config)#show mux-vlan
Mux-vlan is enabled
Uplink port: interface Ethernet7/2/0
Local mux-vlan ID: 128 - 799
Vlan-group(s) number: 14
Mux-vlan(s) number: 672
No cascading port exist
14 I/O board(s) configured

Slot: 00 mux-vlan: 128 - 175
Slot: 01 mux-vlan: 176 - 223
8-3
Slot: 02 mux-vlan: 224 - 271

Slot: 03 mux-vlan: 272 - 319
Slot: 04 mux-vlan: 320 - 367
Slot: 05 mux-vlan: 368 - 415
Slot: 06 mux-vlan: 416 - 463
Slot: 09 mux-vlan: 464 - 511
Slot: 10 mux-vlan: 512 - 559
Slot: 11 mux-vlan: 560 - 607
Slot: 12 mux-vlan: 608 - 655
Slot: 13 mux-vlan: 656 - 703
Slot: 14 mux-vlan: 704 - 751
Slot: 15 mux-vlan: 752 - 799
8.5 Specifying Cascading Port and Range of Cascaded MUX

VLANs
If multiple MA5300s are cascaded, you can enable the system to automatically allocate
VLANs for those MA5300s by specifying the cascading port and the range of the
cascaded MUX VLANs.
The cascading port of the MUX VLAN must be on the ESM board, namely, it should be
a FE port or a GE port. The start VLAN ID and the number of VLAN groups determine
the range of the cascaded MUX VLANs, that is, the range of the VLANs of the
cascaded devices. Each VLAN group has 48 VLANs.
I. Specifying the cascading port and range of the cascaded MUX VLANs
In global mode, use the mux-vlan cascading-port command to specify the cascading
port and range of the cascaded MUX VLANs, or use the no mux-vlan cascading-port
command to cancel the setting.
MA5300(config)#mux-vlan cascading-port
{ interface<K> }:interface
{ Ethernet<K>|GigabitEthernet<K> }:ethernet
{ <7-7> }:7/2/1 //Specify the cascading port as ethernet7/2/1.
{ cascading-vlan<K> }:cascading-vlan //Set the range of the VLANs of the
cascading devices.
{ INTEGER<128,3872> }:800 //Set the start VLAN ID for the cascading
devices.
{ INTEGER<2,80> }:14 //Set the number of VLAN groups for the
cascading devices.
8-4
This example shows how to query MUX VLAN information.

Mux-vlan is enabled
VLAN-group(s) number: 14
1 cascading port(s) exist
Interface Ethernet7/2/1
Mux-vlan ID: 800 - 1471
VLAN group(s) number: 14
Mux-VLAN(s) number: 672

Slot: 00 mux-vlan: 128 - 175
Slot: 01 mux-vlan: 176 - 223
Slot: 02 mux-vlan: 224 - 271
Slot: 03 mux-vlan: 272 - 319
Slot: 04 mux-vlan: 320 - 367
Slot: 05 mux-vlan: 368 - 415
Slot: 06 mux-vlan: 416 - 463
Slot: 09 mux-vlan: 464 - 511
Slot: 10 mux-vlan: 512 - 559
Slot: 11 mux-vlan: 560 - 607
Slot: 12 mux-vlan: 608 - 655
Slot: 13 mux-vlan: 656 - 703
Slot: 14 mux-vlan: 704 - 751
Slot: 15 mux-vlan: 752 - 799
8.6 Setting MUX VLANs for a Specified Interface Board
You can use the default MUX VLAN setting for an interface board or set the port
manually as desired.
Modifying the start VLAN ID of an interface board will change the MUX VLAN settings
of that board. After the modified start VLAN ID is used, the system will automatically
delete the previous settings.
8-5
I. Setting the MUX VLAN for a specified interface board
In global mode, use the mux-vlan slot command to set MUX VLAN for a specified
interface board.
MA5300(config)#mux-vlan slot
{ INTEGER<0,15> }:1 //Specify the board.
{ idle<K>|start-vlanid<K> }:start-vlanid //Set the start VLAN ID of the
board.
{ INTEGER<128,3920 }:128
Specify that the board in slot 1 includes MUX VLANs ranging from VLAN 128 to VLAN
175.
If this MUX VLAN setting of the board conflicts with that of the board in slot 0, cancel the
MUX VLAN setting of the board in slot 0, and keep the settings of other boards
unchanged.
Mux-vlan is enabled.
Mux-vlan ID: 800 - 1471

Slot: 00 mux-vlan: idle
Slot: 01 mux-vlan: 128 - 175
Slot: 02 mux-vlan: 224 - 271
Slot: 03 mux-vlan: 272 - 319
Slot: 04 mux-vlan: 320 - 367
Slot: 05 mux-vlan: 368 - 415
Slot: 06 mux-vlan: 416 - 463
Slot: 09 mux-vlan: 464 - 511
Slot: 10 mux-vlan: 512 - 559
8-6
Slot: 11 mux-vlan: 560 - 607

Slot: 12 mux-vlan: 608 - 655
Slot: 13 mux-vlan: 656 - 703
Slot: 14 mux-vlan: 704 - 751
Slot: 15 mux-vlan: 752 - 799
III. Cancel the MUX VLAN setting of a specified interface board
Use the idle keyword to cancel the MUX VLAN setting of a specified interface board.
MA5300(config)#mux-vlan slot
{ INTEGER<0,15> }:2 //Specify the board.
{ idle<K>|start-vlanid<K> }:idle //Cancel the MUX VLAN setting of
the board.
Mux-vlan is enabled
Mux-vlan ID: 800 - 1471

Slot: 01 mux-vlan: 128 - 175
Slot: 03 mux-vlan: 272 - 319
Slot: 04 mux-vlan: 320 - 367
Slot: 05 mux-vlan: 368 - 415
Slot: 06 mux-vlan: 416 - 463
Slot: 09 mux-vlan: 464 - 511
Slot: 10 mux-vlan: 512 - 559
Slot: 11 mux-vlan: 560 - 607
Slot: 12 mux-vlan: 608 - 655
Slot: 13 mux-vlan: 656 - 703
Slot: 14 mux-vlan: 704 - 751
8-7
Slot: 15 mux-vlan: 752 - 799
8.7 Setting the MUX VLAN for a Specified Port
You can use the default MUX VLAN setting for a port or set the port manually as desired.
The specified VLAN ID should be within the range of the MUX VLAN group of the board
where the port is located.
I. Setting the MUX VLAN for a specified port
In global mode, use the mux-vlan command to set the MUX VLAN or modify the
existing MUX VLAN configuration for a port. In ADSL port mode or VDSL port mode,
use the mux-vlan vlan-id command to set the MUX VLAN or modify the existing MUX
VLAN configuration for a port.
MA5300(config)#mux-vlan interface
{ Vdsl<K>|Adsl<K> }:adsl 1/0/0 //Specify the port.
{ idle<K>|vlan-id<K> }:vlan-id //Set the VLAN of the port.
{ INTEGER<128,3967> }:129
MA5300(config-if-Adsl1/0/0)#mux-vlan vlan-id 129 //Set the VLAN of the port.
To query the MUX VLAN information, use the command show mux-vlan or show
vlan.
MA5300(config-if-Adsl1/0/0)#show mux-vlan
Mux-vlan is enabled
Mux-vlan ID: 800 - 1471

Slot: 01 mux-vlan: 128 - 175
Slot: 03 mux-vlan: 272 - 319
8-8
Slot: 04 mux-vlan: 320 - 367

Slot: 05 mux-vlan: 368 - 415
Slot: 06 mux-vlan: 416 - 463
Slot: 09 mux-vlan: 464 - 511
Slot: 10 mux-vlan: 512 - 559
Slot: 11 mux-vlan: 560 - 607
Slot: 12 mux-vlan: 608 - 655
Slot: 13 mux-vlan: 656 - 703
Slot: 14 mux-vlan: 704 - 751
Slot: 15 mux-vlan: 752 - 799

{ <cr>|to<K> }:
Vlan ID: 129
Vlan Type: static
Tagged Ports: none
Untagged Ports:
Adsl1/0/0 Adsl1/0/1
III. Deleting the MUX VLAN of a specified port
Use the idle keyword to cancel the MUX VLAN setting of a specified port.
MA5300(config)#mux-vlan interface
{ Vdsl<K>|Adsl<K> }:Adsl 1/0/0 //Specify the port.
{ idle<K>|vlan-id<K> }:idle //Delete the VLAN of the port.
MA5300(config-if-Adsl1/0/0)#mux-vlan idle //Delete the VLAN of the port.
8-9
8.8 MUX VLAN Configuration Examples
8.8.1 Basic MUX VLAN Application
CON=>Aux7/0/0
E E ETH=>M-Ethernet7/0/1 BAS
MON
V A
D D
A A
FE=>7/2/0
FE=>7/2/1
FE=>7/2/2
FE=>7/2/3
telephone line ESM MA5300

RTU RTU
straight through cable
PC1 PC2
Figure 8-1 Application of MUX VLAN
1) PC1 is connected to the 0/0/0 port on the MA5300s EVDA board; PC2 is
connected to the 1/0/0 port on the MA5300s EADA board.
2) Both PC1 and PC2 access the Internet by obtaining IP address dynamically.
3) Each port of the EVDA board or the EADA boards belongs to a different VLAN.
The VLANs range from 128 to 799.
4) MA5300s inband NMS IP address is 10.1.1.100/24; the management VLAN ID is
100.
5) The MA5300 communicates with the ISU board through the backplanes GE
interface.
6) The default profile is used for the ADSL/VDSL users.
7) ADSL RTU works in 1483B mode; its VPI/VCI is 0/35.
8) Both PC1 and PC2 are considered by the ISU as the subscribers of a specific
VLAN. ISU board adopts the built-in DHCP Server function. The Virtual Terminal
(VT) IP address of the ISU is 10.1.1.254/24.
9) Port Ethernet7/1/1 of MA5300 A is connected to port Ethernet7/1/1 of MA5300 B.
10) With the MUX VLAN function enabled, the system automatically allocates VLANs
for the ports of MA5300 A and MA5300 B.
II. Data configuration
//Enable MUX VLAN.
8-10
{ <cr>|uplink-port<K>|cascading-port<K>|slot<K>|interface<K> }:
System will be restarted.
Turn to mux mode?[Y/N]:y
//Log in to the system after the system restarts.
Username:root
Password:
MA5300>enable
{ <cr>|level-value<1,15> }:
//Define the upstream ports of MUX VLAN and the scope of the local MUX VLAN.
MA5300(config)#mux-vlan uplink-port interface gigabitEthernet 7/1/1
{ local-vlan<K> }:local-vlan
{ INTEGER<128, 3872> }:128
{ INTEGER<0,80> }:14
//Enable the GE port which connects the ESM board with ISU board, and set the
parameters of the GE port.
MA5300(config)#inner-isu 15
GigabitEthernet7/1/5 will be connected to inner-isu, continue?[Y/N]y
Inner-isu in slot 15 is enabled.
GigabitEthernet7/1/5 has been connected to inner-isu.
//Activate VDSL/ADSL port.
//Add a management VLAN100, and set the management IP address.
MA5300(config-if-VLAN-interface100)#exit
//Add a route.
MA5300(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1
MA5300(config)#
//Set the working mode for the upstream port, and enable the management VLAN
to pass through the port.
MA5300(config)#interface gigabitEthernet 7/1/5
MA5300(config-if-GigabitEthernet7/1/5)#switchport trunk allowed vlan 100
{ <cr>|INTEGER<2,4000>|to<K> }:
8-11
MA5300(config-if-GigabitEthernet7/1/5)#exit
//Configure the ISU board.
MA5300ISU#configure terminal
MA5300ISU(config)#interface ethernet 10
MA5300ISU(config-if-ethernet-10)#side user
MA5300ISU(config-if-ethernet-10)#send-frame-type 802.1Q
MA5300ISU(config-if-ethernet-10)#mode gigaethernet 1000full
MA5300ISU(config-if-ethernet-10)#no shutdown
MA5300ISU(config-if-ethernet-10)#exit
MA5300ISU(config)#interface virtual-template 1
MA5300ISU(config-if-virtual-template-1)#ip address 10.1.1.254 255.255.255.0
MA5300ISU(config-if-virtual-template-1)#bind vlan 128 799
MA5300ISU(config-if-virtual-template-1)#dhcp server ip pc 127.0.0.1
MA5300ISU(config-if-virtual-template-1)#exit
MA5300ISU(config)#ip local pool huawei
MA5300ISU(config-ip-pool-huawei)#router-ip 10.1.1.254 255.255.255.0
MA5300ISU(config-ip-pool-huawei)#section 0 10.1.1.1 10.1.1.253
MA5300ISU(config-ip-pool-huawei)#exit
MA5300ISU(config)#vlan port 128 672 authpolicy bind vlan
MA5300ISU(config)#aaa
MA5300ISU(config-aaa)#vlan-batch local user 128 672 vlan vlan
MA5300ISU(config-aaa)#vlan-batch set local-user state active 256 1792 vlan
MA5300ISU(config-aaa)#domain vlan
MA5300ISU(config-aaa-vlan)#set state active
MA5300ISU(config-aaa-vlan)#exit
MA5300ISU(config-aaa)#exit
MA5300ISU(config)#
III. Querying related information
1) Query the configuration of the MUX VLAN.

Mux-vlan is enabled
Uplink port: interface GigabitEthernet7/1/5
No cascading port exist
Slot: 00 mux-vlan: 128 - 175

Slot: 01 mux-vlan: 176 - 223
Slot: 02 mux-vlan: 224 - 271
Slot: 03 mux-vlan: 272 - 319
8-12
Slot: 04 mux-vlan: 320 - 367

Slot: 05 mux-vlan: 368 - 415
Slot: 06 mux-vlan: 416 - 463
Slot: 09 mux-vlan: 464 - 511
Slot: 10 mux-vlan: 512 - 559
Slot: 11 mux-vlan: 560 - 607
Slot: 12 mux-vlan: 608 - 655
Slot: 13 mux-vlan: 656 - 703
Slot: 14 mux-vlan: 704 - 751
Slot: 15 mux-vlan: 752 - 799
2) Show the subscriber information made available by the ISU board.
MA5300ISU(config)#show connect username
[username][<= 32 chars]:
0 UCIB=0001 State=Online UserName=MA5300ISU-vlan-00-0128@vlan
IP=10.1.1.1 MAC=00-80-c8-e5-2c-04 TotalBytes=656
Total 1 connect(s) matched, and 1 listed
IV. Verification
1) Run the command winipcfg on PC1 and PC2 to obtain their IP addresses
allocated by DHCP Server.
2) PC1 (or PC2) can successfully ping the VT.
3) PC1 can ping PC2, and vice versa.
4) If PC1 and PC2 cannot ping each other, you can use the command proxy-arp
enable for the ISU to enable the switch of ARP proxy.
8-13
8.8.2 MUX VLAN Cascading Application
CON=>Aux7/0/0 CON=>Aux7/0/0
E E ETH=>M-Ethernet7/0/1 E E ETH=>M-Ethernet7/0/1 BAS

MON MON
V A V A
D D D D
A A A A
FE=>7/2/0 FE=>7/2/0
FE=>7/2/1 FE=>7/2/1
FE=>7/2/2 FE=>7/2/2
FE=>7/2/3 FE=>7/2/3
telephone line ESM MA5300_B telephone line ESM MA5300_A

RTU RTU RTU RTU
straight through straight through
cable cable
PC1 PC2 PC3 PC4
Figure 8-2 MUX VLAN cascading application
1) PC1 and PC3 are connected to the 0/0/0 port on the EVDA boards of two MA5300
devices. PC2 and PC4 are connected to the 1/0/0 port on the EADA boards of two
MA5300 devices.
2) Each of PC1, PC2, PC3 and PC4 accesses the Internet by obtaining IP address
dynamically.
3) All MA5300 devices, both master node and slave node, adopt MUX VLAN. Each
port of EVDA and EADA boards belongs to a different VLAN. The MA5300_As
VLANs range between 128 - 799; the MA5300_Bs VLANs range between 800 -
1471.
4) The MA5300_A communicates with the ISU through the backplanes GE interface.
7) PC1, PC2, PC3 and PC4 are considered by the ISU as the subscribers of a
specific VLAN. ISU board adopts the built-in DHCP Server function. The ISU
boards VT IP address is 10.1.1.254/24.
II. Configuring parameters
1) Configure the parameters of cascading node (namely the MA5300_B).

//Enable MUX VLAN.
8-14
//Log in to the system after the system resets.

Username:root
Password:
MA5300>enable
//Configure the upstream port of the MUX VLAN and the range of local MUX VLAN.
MA5300(config)#mux-vlan uplink-port interface ethernet 7/2/0
{ INTEGER<128,3872> }:800
{ INTEGER<0,80}:14
//Activate VDSL/ADSL ports.
//Add the management VLAN101, and configure its IP address as IP10.1.1.101.
MA5300(config-if-Vlan-interface101)#ip address 10.1.1.101 255.255.255.0
MA5300(config-if-Vlan-interface101)#exit
//Add a route.
//Configure the working mode of the upstream port, and allow the management
VLAN101 to pass through.
MA5300(config-if-Ethernet7/2/0)#exit
2) Configure the parameters of the master node (namely the MA5300_A).
Username:root
Password:
MA5300>enable
8-15
MA5300(config)#mux-vlan uplink-port interface gigabitEthernet 7/1/1
{ INTEGER<128,3872> }:128
{ INTEGER<0,80}:14
//Configure the cascading port of MUX VLAN and the range of the cascading MUX
VLAN.
MA5300(config)#mux-vlan cascading-port interface Ethernet 7/2/0
{ cascading-vlan<K> }:cascading-vlan
{ INTEGER<128,3872> }:800
{ INTEGER<2,80> }:14
//Enable the GE port connecting the ESM board and ISU board, and configure the
parameters of the GE port.
//Activate VDSL/ADSL port.
MA5300(config-if-Vlan-interface100)#ip address 10.1.1.100 255.255.255.0
MA5300(config-if-Vlan-interface100)#exit
//Add a route.
//Add VLAN101, which is the management VLAN ID for MA5300_B.
//Configure the working mode of the downstream port, and allow the management
//The PVIDs for ports connecting MA5300_A and MA5300_B must be different.
8-16
//Configure the work mode of the upstream port, and allow the management VLANs
(VLAN100 and VLAN101) to pass through.
MA5300(config-if-GigabitEthernet7/1/5)#switchport trunk allowed vlan 100 to
101
MA5300ISU(config)#
III. Querying informaiton
1) View the MUX VLAN configurations.

MA5300ISU(config)#show mux-vlan
Mux-vlan is enabled
Uplink port: interface GigabitEthernet7/1/5
8-17
Mux-vlan ID: 800 - 1471
Slot: 00 mux-vlan: 128 - 175

Slot: 01 mux-vlan: 176 - 223
Slot: 02 mux-vlan: 224 - 271
Slot: 03 mux-vlan: 272 - 319
Slot: 04 mux-vlan: 320 - 367
Slot: 05 mux-vlan: 368 - 415
Slot: 06 mux-vlan: 416 - 463
Slot: 09 mux-vlan: 464 - 511
Slot: 10 mux-vlan: 512 - 559
Slot: 11 mux-vlan: 560 - 607
Slot: 12 mux-vlan: 608 - 655
Slot: 13 mux-vlan: 656 - 703
Slot: 14 mux-vlan: 704 - 751
Slot: 15 mux-vlan: 752 - 799
2) View the subscriber information in ISU mode.
MA5300ISU(config)#show connect
[username,ucibindex,state,domain,ip,mac,cut-data,leaseline,msisdn,roam]:
UCIB=0002 State=Online UserName=MA5300ISU-vlan-00-0128@vlan
IP=10.1.1.2 MAC=00-80-c8-e5-2c-04 TotalBytes=0
Total 1 connect(s) matched,and 1 listed.
IV. Verification
1) Run the command winipcfg on PC1, PC2, PC3 and PC4 to obtain their IP
addresses allocated by DHCP Server.
2) PC1, PC2, PC3 and PC4 can ping the VTs IP address.
3) Any two PCs can ping each other.
4) If PC1 and PC2 cannot ping each other, you can use the command proxy-arp
enable for the ISU board to enable the switch of ARP proxy.
8-18
8.8.3 Comprehensive MUX VLAN Application
CON=>Aux7/0/0 CON=>Aux7/0/0
E E ETH=>M-Ethernet7/0/1 E E ETH=>M-Ethernet7/0/1 ISU

MON MON
V A V A
D D D D
A A A A
FE=>7/2/0 FE=>7/2/0
FE=>7/2/1 FE=>7/2/1
FE=>7/2/2 FE=>7/2/2
FE=>7/2/3 FE=>7/2/3
Telephone line ESM MA5300_B ESM MA5300_A

RTU RTU RTU RTU
Straight through cable Straight through cable
PC1 PC2 PC3 PC4
Figure 8-3 Comprehensive MUX VLAN application
1) PC1 and PC3 are connected to the 0/0/0 port on the EVDA boards of two MA5300
devices. PC2 and PC4 are connected to the 1/0/0 port on the EADA boards of two
MA5300 devices.
2) PC1 and PC2 access the Internet by obtaining IP address dynamically; PC3 and
PC4 access the Internet through PPP dial-up.
3) The master node MA5300 does not use MUX VLAN, and all of its subscribers
belong to VLAN10; the slave node MA5300 uses MUX VLAN; all ports of EVDA
board and EADA board belong to a VLAN; the VLAN IDs range between 128 -
799.
4) The MA5300_As management VLAN is VLAN100, and its management IP
address is 10.1.1.100/24. The MA5300_Bs management VLAN is 101, and the
management IP is 10.1.1.101/24.
5) The MA5300_A communicates with ISU board through the backplanes GE
interface.
8) PC1 and PC2 are considered by ISU as the subscribers of a specific VLAN. PC3
and PC4 are considered by ISU as PPP dial-up subscribers. ISU board adopts the
built-in DHCP Server function. The ISU boards VT IP address is 10.1.1.254/24.
II. Configuring parameters
1) Configure the parameters of cascading node (namely the MA5300_B).

//Enable MUX VLAN.
8-19
Username:root
Password:
MA5300>enable
MA5300(config)#mux-vlan uplink-port interface ethernet 7/2/0
{ INTEGER<128, 3872> }:128
{ INTEGER<0,80> }:14
//Activate VDSL/ADSL ports.
//Add a route
MA5300(config)#
//Configure the working mode of the downstream port, and allow the management
{ <cr>|INTEGER<2,4000>|to<K> }:
2) Configure the parameters of the master node (namely the MA5300_A).
//Enable the GE port which connects the ESM board with ISU board, and configure
the data of GE port.
8-20

//Add the service VLAN10, which includes ADSL/VDSL subscriber ports. Activate
VDSL/ADSL ports. (These subscribers are PPP dialup subscribers).
//Add the management VLAN100, and set its IP address as 10.1.1.100.
//Add a route
MA5300(config)#
//Add VLAN101,VLAN101 is the management VLAN of MA5300_B.
//Configure the working mode and PVID of the downstream port, and allow the
management VLAN101 to pass through.
MA5300(config-if-Ethernet7/2/0)#switchport trunk allowed vlan 100 to 101
{ <cr>|INTEGER<2,4000>|to<K> }:
MA5300(config-if-Ethernet7/2/0)#switchport trunk native vlan 100
//Configure the PVID of the port that connects the MA5300_A to the MA5300_B.
Make sure that the PVID for E7/2/0 and G7/1/1 are different.
//Configure the working mode of the upstream port, and allow the management
VLAN100 and VLAN101 to pass through.
MA5300(config-if-GigabitEthernet7/1/5)#switchport trunk allowed vlan 10 100
to 101
//Allow the MA5300_Bs VLAN to pass through the MA5300_A.
8-21
MA5300(config)#access-list user vlan_relay

MA5300(config-user-nacl-vlan_relay)#permit //Allow VLANs 128 - 255 to pass
throug.
{ WORD<S><1,160> }:0080 //The start VLANID is 128.
{ WORD<S><1,160> }:0f80 //128VLANs are included.
{ <0-78> }:14 //The head of MAC frame, namely DA+SA+802.1Qs
first two bytes), is invariably 14 bytes long.
MA5300(config-user-nacl-vlan_relay)#permit 0100 0f00 14
//Allow VLANs 256 - 511 to pass through.
MA5300(config-user-nacl-vlan_relay)#permit 0200 0f00 14
MA5300(config-user-nacl-vlan_relay)#permit 0300 0fe0 14
MA5300(config-user-nacl-vlan_relay)#exit
//Apply the traffic rule to the ingress port and the egress port of the MA5300_A.
MA5300(config-if-GigabitEthernet7/1/5)#traffic-redirect
{ input<K>|output<K> }:input
{ user-group<K>|ip-group<K>|link-group<K> }:user-group
{ INTEGER<300,399>|WORD<S><1,32> }:vlan_relay
{ subitem<K>|cpu<K>|interface<K> }:interface ethernet 7/2/0
MA5300(config-if-Ethernet7/2/0)#traffic-redirect
{ input<K>|output<K> }:input
{ user-group<K>|ip-group<K>|link-group<K> }:user-group
{ INTEGER<300,399>|WORD<S><1,32> }:vlan_relay
{ subitem<K>|cpu<K>|interface<K> }:interface gigabitEthernet 7/1/5
8-22

MA5300ISU(config)#vlan static user pc 10 100 10.1.1.100
MA5300ISU(config)#vlan static user pc 10 101 10.1.1.101
MA5300ISU(config)#
MA5300ISU(config)#vpdn-group 1
MA5300ISU(config-vpdn1)#accept dialin pppoe authentication chap
MA5300ISU(config-vpdn1)#exit
MA5300ISU(config-aaa)#domain huawei
MA5300ISU(config-huawei)#set ip-pool huawei
MA5300ISU(config-huawei)#set state active
MA5300ISU(config-huawei)#exit
MA5300ISU(config-aaa)#add user hw@huawei -p hw -c active enable A 0 -al enable
10
MA5300ISU(config)#
III. Verification
1) Run winipcfg on PC1 and PC2 respectively to obtain the IP addresses allocated
by the DHCP server.
2) Start the dialup software on PC2 and PC4 respectively to obtain the IP addresses
allocated by the DHCP server.
3) Ping the VT on PC1, PC2, PC3 and PC4 respectively, and you should be able to
ping the IP address of the VT.
4) Ping a PC from another PC, and you should be able to perform the operation
successfully.
8-23
5) If you cannot ping a PC from another PC, run the command proxy-arp enable to
enable the ARP proxy function.
8-24
SmartAX MA5300/5303 Broadband Access System Chapter 9 STP Configuration
Chapter 9 STP Configuration
9.1 Overview
Spanning Tree Protocol, or STP for short, is applied in loop network to block some
undesirable redundant paths through certain algorithms and prune the network into a
loop-free tree, thereby avoiding the proliferation and infinite cycling of the packet in
the loop network.
The fundamental of STP is that the switches exchange a kind of special protocol
packet (namely configuration Bridge Protocol Data Units, or BPDU according to IEEE
802.1D) to decide the topology of the network. The configuration BPDU contains
sufficient information to ensure the switches to compute the spanning tree.
The configuration BPDU mainly contains the following information:

z Root ID. It consists of root priority and MAC address.
z Cost of the shortest path to the root.
z ID of the designated device. It consists of device priority and MAC address.
z ID of the designated port. It consists of port priority and port number.
z Age of the configuration BPDU: MessageAge.
z maximum age of the configuration BPDU: MaxAge.
z Configuration BPDU interval: HelloTime.
z Forward delay of the port: ForwardDelay.
Figure 9-1 introduces the concepts of designated device and designated port.
MA5300 A
vdsl 3/0/1 vdsl 3/0/2
vdsl 3/0/7
MA5300 B
vdsl 3/0/4
vdsl 3/0/5
MA5300C
vdsl 3/0/1
LAN
Figure 9-1 Designated device and designated port
9-1
For a single device, the designated device is the device that directly connects to and
forwards packets to the local device through a port called the designated port.
However, for a LAN, the designated device is the device in charge of forwarding
packets to the network segment through a port called the designated port. As
illustrated in Figure 9-1, MA5300 A forwards data to MA5300 B through port Ethernet
0/1. So in the configuration BPDU of MA5300 B, the designated device is MA5300 A
and the designated port is vdsl3/0/1 of MA5300 A. Also in Figure 9-1, MA5300 B and
MA5300 C are connected to the LAN and MA5300 B forwards packets to LAN.
Therefore, the designated device of LAN is MA5300 B and the designated port is vdsl
3/0/4 of MA5300 B.
z The specific calculation process of STP algorithm.
The following example illustrates the calculation process of STP. Figure 9-2 shows the
network topology.
MA5300 A
vdsl 3/0/1 vdsl 3/0/2

5
vdsl 3/0/7
10
MA5300 B
vdsl 3/0/4
4 vdsl 3/0/1 vdsl 3/0/5
MA5300 C
Figure 9-2 MA5300 network topology
To simplify the descriptions, only the first four items of the configuration BPDU are
given in the example. They are root ID (expressed with device priority), path cost to
the root, designated switch ID (expressed with device priority) and the designated port
ID (expressed with port number). As illustrated in Figure 9-2, the priority levels of
MA5300 A, B and C are 0, 1 and 2 respectively, and the path costs of their links are 5,
10 and 4 respectively.
1) Initial state.
When initialized, every port of a device will generate the configuration BPDU, in which
the device itself serves as the root; root path cost is 0; the ID of the device is the ID of
the designated device; and the local port is the designated ports.
MA5300 A:
Configuration BPDU of vdsl 3/0/1: {0, 0, 0, vdsl3/0/1}.
MA5300 B:
9-2
MA5300 C:

2) Select the optimum configuration BPDU.
Every switch transmits its configuration BPDU to others. When a port receives a
configuration BPDU with a priority lower than that of its own, it will discard the
message while keeping the local BPDU unchanged. When a port receives a
configuration BPDU with higher priority, it will update the configuration BPDU of the
local port with the received one. Next, it will select the optimum configuration BPDU
by comparing the configuration BPDUs of all the ports.
The comparison rules are:

z The configuration BPDU with a smaller root ID has a higher priority.
z If the root IDs are the same, perform the comparison based on root path cost.
The root path cost recorded in the configuration BPDU plus the corresponding
path cost of the local port is expressed with S. The configuration BPDU with a
smaller S has a higher priority.
z If the root path costs are still the same, compare in sequence the ID of
designated switch, the ID of designated port and the ID of the port which receives
the configuration BPDU.
For the convenience of description, assume in the example that the optimum BPDU
can be selected through root ID comparison.
3) Specify the root port, block the redundant links and update the configuration
BPDU of the designated port.
If a port receives the optimum configuration BPDU, the port will be the root port. Its
configuration BPDU will remain the same.
Other ports with configuration BPDU updated in step 2 will be blocked and not allowed
to forward any data. In addition, these ports will only receive configuration BPDU, and
their configuration BPDU will remain the same.
The port whose configuration BPDU is not updated in step 2 will be the designated
port. Its configuration BPDU will be modified as follows:
z Substitute the root ID with the root ID in the configuration BPDU of the root port.
z Substitute the root path cost with the root path cost in the configuration BPDU of
the root port plus the path cost corresponding to the root port.
z Substitute the designated device ID with the local device ID.
z Substitute the designated port ID with the local port ID.
9-3
The comparison process of each switch is as follows.
MA5300 A:
Port vdsl 3/0/1 receives the configuration BPDU from MA5300 B and finds out that the
local configuration BPDU priority is higher than that of the received one, so it discards
the received configuration BPDU. So it is with port vdsl 3/0/2.
Then MA5300 A finds itself to be both the root and the designated device in the
configuration BPDU of every port; so MA5300 A regards itself as the root, and retains
the configuration BPDU of each port. After that it will transmit configuration BPDU to
others regularly.
By now, the configuration BPDUs of the two ports are as follows:
MA5300 B:
Port vdsl 3/0/7 receives the configuration BPDU from MA5300 A and finds that the
received BPDU has a higher priority than that of the local one, so it updates its
configuration BPDU.
Port vdsl 3/0/4 receives the configuration BPDU from MA5300 C and finds that priority
of the local BPDU is higher than that of the received one, so it discards the received
BPDU.
By far, the configuration BPDUs of each port are as follows:
MA5300 B compares the configuration BPDUs of the ports and selects port vdsl 3/0/7
BPDU as the optimum one. Therefore, vdsl 3/0/7 is elected as the root port, and the
configuration BPDUs of MA5300 B ports are updated as follows.
z The configuration BPDU of the root port vdsl 3/0/7 retains as {0, 0, 0, vdsl3/0/1}.
z Port vdsl 3/0/4 updates root ID with that in the optimum configuration BPDU, the
path cost to root with 5, sets the designated device as the local device ID and the
designated port ID as the local port ID. Thus the configuration BPDU becomes {0,
5, 1, vdsl3/0/4}.
After that, all the designated ports of MA5300 B transmit the configuration BPDUs
regularly.
MA5300 C:
9-4
Port vdsl 3/0/1 receives from port vdsl 3/0/4 of MA5300 B the configuration BPDU {1,
0, 1, vdsl3/0/4} that has not been updated. This triggers the updating. As a result, the
configuration BPDU is updated to {1, 0, 1, vdsl3/0/4}.
Port vdsl 3/0/5 receives the configuration BPDU {0, 0, 0, vdsl3/0/2} from MA5300 A.
This triggers the updating. As a result the configuration BPDU is updated to {0, 0, 0,
vdsl3/0/2}.
After the above comparison process, configuration BPDU of port vdsl 3/0/5 is elected
as the optimum one, and port vdsl 3/0/5 is thus designated as the root port. Its
configuration BPDU will remain unchanged then.
However, vdsl 3/0/1 will be blocked, but its BPDU also remains same. It will not
receive the data (excluding the STP packet) forwarded from MA5300 B before
spanning tree calculation is triggered again by some new events. For example, the
link from MA5300 B to MA5300C is down, or the port receives a better configuration
BPDU.
Then port vdsl 3/0/1 will receive the updated configuration BPDU, {0, 5, 1, vdsl3/0/4},
from MA5300 B. Since this configuration BPDU is better then the old one, the old
BPDU will be updated to {0, 5, 1, vdsl3/0/4}.
Meanwhile, port vdsl 3/0/5 receives the configuration BPDU from MA5300 A, but its
configuration BPDU will not be updated and remain {0, 0, 0, vdsl3/0/2}.
By comparison, the configuration BPDU of vdsl 3/0/1 is elected as the optimum one,
and port vdsl 3/0/1 is elected as the root port, whose BPDU will not change. While port
vdsl 3/0/5 will be blocked and retain its BPDU, but it will not receive the data forwarded
from MA5300 A until spanning tree calculation is triggered again by some changes.
For example, the link from MA5300 B to MA5300 C is down.
By now, the spanning tree becomes stable. Figure 9-3 illustrates the tree in which
MA5300 A is the root.
MA5300 A
vdsl 3/0/1
5
vdsl 3/0/7
MA5300 B
vdsl 3/0/4 vdsl 3/0/1

4
MA5300 C
Figure 9-3 Stable spanning tree
9-5
Many things are simplified in this example for the ease of description. For example,
the root ID and the designated device ID in actual calculation should comprise both
device priority and device MAC address. Designated port ID should comprise port
priority and port MAC address. In the updating process of a configuration BPDU, other
configuration BPDUs besides the first four items will make modifications according to
certain rules. However, the process of calculations is basically the same like this.
z Configuration BPDU forwarding mechanism in STP.
Upon the initiation of the network, all the devices regard themselves as the roots. The
designated ports send the configuration BPDUs of local ports at a regular interval of
HelloTime. If it is the root port that receives the configuration BPDU, the system will
enable a timer to time the configuration BPDU as well as increase MessageAge
carried in the configuration BPDU by certain rules.
If a path goes wrong, the root port on this path will not receive configuration BPDUs
any more and the old configuration BPDUs will be discarded due to timeout. Hence,
recalculation of the spanning tree will be initiated to generate a new path to replace
the failed one and thus restore the network connectivity.
However, the recalculated new configuration BPDU will not be propagated throughout
the network right away, so the old root ports and designated ports that have not
detected the topology change will still forward the data through the old path. If the new
root port and designated port begin to forward data immediately after they are elected,
a temporary loop may be caused.
To avoid that happening, in RSTP, a transitional state mechanism is adopted to

ensure the new configuration BPDU has been propagated throughout the network
before the root port and designated port begin to send data again. That is, the root
port and designated port should undergo a transitional state for a period of Forward
Delay before they enter the forwarding state.
The MA5300 implements the Rapid Spanning Tree Protocol (RSTP), an

enhancement of STP. The Forward Delay for the root ports and designated ports to
enter forwarding state is greatly reduced in certain conditions, thereby shortening the
period for the network topology to get stable.
To achieve the rapid transition of the root port state, the following requirement should
be met: the old root port on this switch has stopped data forwarding and the
designated port in the upstream has begun forwarding data.
The conditions for rapid state transition of the designated port are:
z The port is an edge port. Edge port means a port that does not connect with any
switch directly or indirectly. If the designated port is an edge port, it can enter the
forwarding state directly.
z The port is connected with the point-to-point link. That is, it is the master port in
aggregation ports or full duplex port. You can also onfigure it as a point-to-point
9-6
connection manually. If the designated port connects to the point-to-point link, it

can enter the forwarding state right after handshaking with the downstream
switch and receiving the response.
The system that uses RSTP is compatible with the one using STP. Both protocol
packets can be identified by the switch running RSTP and used in spanning tree
calculation.
9.2 Configuring RSTP
To validate configurations of RSTP, you have to start RSTP first. Before starting RSTP,
you can set the associated parameters for the device and ports. The parameters you
have configured are still preserved even after RSTP is disabled. When RSTP is
enabled next time, the parameters will take effect again.
RSTP configuration involves:

z Enabling/Disabling system RSTP
z Enabling/Disabling port RSTP
z Setting network diameter
z Setting operating mode of RSTP
z Setting the priority of a specified bridge
z Setting Forward Delay of a specified bridge
z Setting Hello Time of a specified bridge
z Setting Max. Age of a specified bridge
z Setting maximum transmission speed of a specified bridge
z Setting specified port to be an Edge port
z Setting Path Cost of a specified port
z Setting priority of a specified port
z Setting point-to-point link on a specified port
z Running mCheck
z Querying RSTP information
9.2.1 Enabling/Disabling System RSTP
Perform these operations in global mode.
Table 9-1 Enabling/Disabling system RSTP
To Use
Enable/Disable system RSTP spanning-tree { enable | disable }
Reset RSTP state to the default value no spanning-tree
Note that some network resource will be occupied after RSTP is enabled.
9-7
By default, RSTP is disabled.
This example shows how to disable system RSTP.

MA5300(config)#spanning-tree disable
9.2.2 Enabling/Disabling Port RSTP
To flexibly control the RSTP operations, after RSTP is enabled on Ethernet ports and
VDSL ports, you can disable it again to forbid the ports to participate in the spanning
tree calculation.
Perform these operations in VDSL port mode.
Table 9-2 Enabling/Disabling port RSTP
To Use
Enable/Disable RSTP on a specific port spanning-tree { enable | disable }
Restore the RSTP of a port to the default value no spanning-tree
Note that ADSL ports do not support STP/RSTP and that redundancy routes may be
generated after RSTP is disabled on Ethernet ports and VDSL ports.
By default, RSTP on all the ports will be enabled after it is enabled on the device.
This example shows how to disable RSTP on port Ethernet7/2/0.

MA5300(config-if-Ethernet7/2/0)#spanning-tree disable
9.2.3 Setting Network Diameter
Any two hosts in the switching network can be connected to each other through a
series of bridges. Network diameter refers to the path with the most bridges among
these paths. It is expressed by the number of bridges on the path.
Table 9-3 Setting network diameter
To Use
Set network diameter spanning-tree bridge-diameter bridgenum
Reset network diameter to the default value no spanning-tree bridge-diameter
The diameter of the switching network is recommended not to exceed 7. You can
configure this parameter according to the actual networking.
9-8
By default, the parameter value is 7.
This example shows how to set the network diameter to 7.

MA5300(config)#spanning-tree bridge-diameter 7
9.2.4 Setting Operating Mode of RSTP
RSTP can interwork with STP. If the switching network contains bridges which run
STP, you can configure RSTP in STP-compatible mode.
Table 9-4 Setting operating mode of RSTP
To Use
Set the working mode of RSTP as STP-compatible or RSTP
spanning-tree mode { stp | rstp }
mode
Restore the working mode of RSTP to the default value no spanning-tree mode
Normally, if there is a bridge running STP in the switching network, the port (running
RSTP), which connects to another port (running STP), can automatically transfer to
STP compatible mode from RSTP mode.
By default, RSTP operates in RSTP mode.
This example shows how to set the working mode of RSTP as RSTP mode.
MA5300(config)# spanning-tree mode stp
9.2.5 Setting the Priority of a Specified Bridge
Whether a bridge can be selected as the root of the spanning tree depends on its
priority. Therefore, by configuring a bridge with a lower priority, you can specify it as
the root of the spanning tree.
Table 9-5 Setting the priority of a specified bridge
To Use
Set the priority of a specified bridge spanning-tree priority bridge-priority
Restore the priority of the bridge to the default value no spanning-tree priority
Note that if the priority levels of all the bridges in the switching network are the same,
the bridge with the smallest MAC address will be selected as the root. When RSTP
9-9
is enabled, configuring priority for a bridge will lead to the recalculation of the
spanning tree.
By default, the priority of a bridge is 32768.
This example shows how to set the priority of a bridge to 32768.

MA5300(config)# spanning-tree mode priority 32768
9.2.6 Setting Forward Delay of Specified Bridge
Link failure will cause recalculation of the spanning tree and its structure. However,
the newly calculated configuration BPDU cannot be propagated throughout the
network immediately.
If the newly selected root port and designated port begin to forward data frame right
away, it can cause temporary loop. Accordingly, the protocol adopts the state
transition mechanism. That is, the root port and the designated port must undergo a
transition state for a certain period (as long as the defined Forward Delay) before they
switch to the forwarding state and resume data frame forwarding. This delay ensures
that the new configuration BPDU has been propagated throughout the network before
the data frame forwarding is resumed.
The bridge Forward Delay is related to network diameter. So generally, you should set
the Forward Delay to a larger value for a larger network diameter.
Table 9-6 Setting Forward Delay of a specified bridge
To Use
Set Forward Delay of a specified bridge spanning-tree forward-time centiseconds
Restore the Forward Delay of the bridge to the default
no spanning-tree forward-time
value
Note that if the Forward Delay is configured to be too short, temporary redundant
paths redundancy may be generated. If the Forward Delay is configured to be too long,
the recovery of network connection may take a long time. It is recommended to use
the default setting.
By default, the bridge Forward Delay is 15 seconds.
This example shows how to set the Forward Delay of a bridge to 1500 seconds.
MA5300(config)#spanning-tree forward-time 1500
9-10
9.2.7 Setting Hello Time of a Specified Bridge
An appropriate value of Hello Time ensures timely detection of line failure without
occupying too much network resources.
Table 9-7 Setting Hello Time of a bridge
To Use
Set Hello Time of a bridge spanning-tree hello-time centiseconds
Restore the Hello Time of the bridge to the default value no spanning-tree hello-time
Too long Hello Time will result in the spanning tree recalculation, because the bridge
mistakes the frame loss of the link for link failure. On the other hand, too short Hello
Time will force the bridge to frequently send configuration BPDUs. This can increase
the burden of the switch and wasting network resource. The default value is
recommended.
By default, bridge Hello Time is 2 seconds.
This example shows how to set the Hello Time of a bridge to 200 seconds.
MA5300(config)# spanning-tree hello-time 200
9.2.8 Setting Max. Age of a Specified Bridge
Max. Age is a parameter to judge whether the configuration BPDU is outdated. You
can configure it according to the actual network situation.
Table 9-8 Setting Max. Age of a specified bridge
To Use
Set Max. Age of a bridge spanning-tree max-age centiseconds
Restore Max. Age of the bridge to the default value no spanning-tree max-age
Too short Max. Age will result in frequent calculation of spanning tree and mistaking
network congestion for link fault. On the other hand, too long Max. Age may make the
bridge unable to find link failure in time, weakening the network auto-sensing ability. It
is recommended to use the default setting.
By default, the bridge Max. Age is 20 seconds.
9-11
This example shows how to set the Max. Age of a bridge to 2000 seconds.
MA5300(config)# spanning-tree max-age 2000
9.2.9 Setting Maximum Transmission Speed of a Specified Bridge
The maximum transmission speed of the Ethernet port and VDSL port is related to its
physical state and network structure. You can configure it according to the actual
network situation.
Perform these operations in Ethernet port mode or VDSL port mode.
Table 9-9 Setting maximum transmission speed of a bridge
To Use
Set maximum transmission speed of a bridge spanning-tree transit-limit packetnum
Restore the maximum transmission speed to the default
no spanning-tree transit-limit
value
If the max transmission speed on a port is configured to be too large, excessive

network resources may be occupied. It is recommended to use the default setting.
By default, the maximum transmission speed is 3 (a counter value without unit) on all
the Ethernet ports and VDSL ports of the bridge.
This example shows how to set the maximum transmission speed of a bridge to 3.
MA5300(config-if-Ethernet7/2/0)# spanning-tree transit-limit 3
9.2.10 Setting Specified Port as an Edge Port
If an Ethernet port or VDSL port is not connected to the Ethernet or VDSL port of
another bridge, you can configure the port as an Edge port, as the Edge port can
switch to the forwarding state directly, consequently reducing the unnecessary
transition time. If the Ethernet port or VDSL port is set as Edge port while it is
connected to the port of another bridge, RSTP will automatically detect it and
reconfigure it as a non-Edge port.
Perform these configurations in Ethernet port mode or VDSL port mode.
Table 9-10 Setting specified port as an Edge port
To Use
Set specified port as an Edge port spanning-tree portfast { enable | disable }
Restore port type to the default value no spanning-tree portfast
9-12
When an Ethernet port or VDSL port switches from non-Edge port to Edge port, you
are recommended to configure it as Edge port manually because RSTP cannot detect
this kind of transition.
Configure the port which directly connects to the terminal as an Edge port, so that it
can switch to the forwarding state fast.
By default, all the Ethernet ports are configured as non-Edge ports.
This example shows how to set port Ethernet7/2/0 as an Edge port.

MA5300(config-if-Ethernet7/2/0)#spanning-tree portfast enable
9.2.11 Setting Path Cost of a Specified Port
The path cost of Ethernet port is related to the speed of a link connected to the port.
The larger the link speed, the smaller the path cost. RSTP can recognize link speed
and convert it into the appropriate path cost.
Table 9-11 Setting Path Cost of a specified port
To Use
Set Path Cost of a specified port spanning-tree cost cost
Restore path cost to the default value no spanning-tree cost
Note that configuring path cost for the Ethernet port or VDSL port will cause
recalculation of spanning tree. It is recommended to use the default value and let
RSTP calculate the path cost on the current Ethernet port.
By default, the bridge gets the path cost of a port according to the link speed directly.
This example shows how to set the Path Cost of a specified port to 200.
MA5300(config-if-Ethernet7/2/0)#spanning-tree cost 200
9.2.12 Setting Priority of a Specified Port
By setting the priority of an Ethernet port or VDSL port, you can enable a specified
Ethernet port or VDSL port to be included in the final spanning tree. Generally, the
lower the set value is, the higher priority the port has, and the more likely it is for this
Ethernet port to be included in the spanning tree. If all the Ethernet ports or VDSL
ports of the bridge adopt the same priority, then the priority of these ports will be
decided by the port index number.
9-13
Table 9-12 Setting priority of a specified port
To Use
Set priority of a specified port spanning-tree port-priority port-priority
Reset port priority to the default value no spanning-tree port-priority
Note that any change of priority for an Ethernet port or VDSL port will cause
recalculation of the spanning tree.
By default, the priority for all the Ethernet ports or VDSL ports is 128.
This example shows how to set the priority of a specified port to 128.
MA5300(config-if-Ethernet7/2/0)# spanning-tree port-priority 128
9.2.13 Enabling/Disabling Point-to-point Link on a Specified Port
Two ports that are Point-to-Point connected can enter the forwarding state rapidly by
transmitting synchronous packets. As a result, the unnecessary forwarding delay can
be reduced. If this parameter is configured with auto, RSTP can automatically
detect whether the Point-to-Point link is enabled on the current Ethernet port or VDSL
port.
Table 9-13 Enabling/Setting point-to-point link on a specified port
To Use
Enable Point-to-Point link on a specified port spanning-tree point-to-point forcetrue
Disable Point-to-Point link on a specified port spanning-tree point-to-point forcefalse
Set the connection mode as auto spanning-tree point-to-point auto
Restore the parameter to the default value no spanning-tree point-to-point
The aforementioned operations are only effective to aggregated Ethernet (or VDSL)
ports or those working in full duplex mode. The auto mode is recommended.
By default, auto mode is selected.
This example shows how to set the connection mode as auto.

MA5300(config-if-Ethernet7/2/0)#spanning-tree point-to-point auto
9-14
9.2.14 Running mCheck
In a relatively stable network, though the bridge running STP has been removed, the
port may still run in STP-compatible mode. You can use the following command to
force the port to work in RSTP mode.
Run the following operation in Ethernet port mode or VDSL port mode.
Table 9-14 Running mCheck
To Use
Run mCheck spanning-tree mcheck
The command can be used when the bridge runs RSTP in RSTP mode, but it cannot
be used when the bridge runs RSTP in STP-compatible mode.
This example shows how to run mCheck.

MA5300(config-if-Ethernet7/2/0)#spanning-tree mcheck
9.2.15 Querying RSTP Information
Perform these operations in privilege mode. The show command can also be used in
any mode other than common user mode.
Table 9-15 Querying RSTP information
To Use
Show system or port RSTP information show spanning-tree [ interface interface-list ]
Enable RSTP debug switch (packet, event or error) debug stp { error | event | packet }
Clear RSTP statistics clear spanning-tree [ interface interface-list ]
This example shows how to view system RSTP information.

MA5300(config)#show spanning-tree
Spanning tree protocol is disabled
The bridge has priority 32768, MAC address: 00e0.fc11.19c2
Configured Hello Time 2 second(s), Max Age 20 second(s),
Forward Delay 15 second(s)
This example shows how to view RSTP information on port ethernet 7/2/0.
MA5300(config)#show spanning-tree interface ethernet 7/2/0
Spanning tree protocol is disabled
The bridge has priority 32768, MAC address: 00e0.fc11.19c2
9-15
Configured Hello Time 2 second(s), Max Age 20 second(s),

Forward Delay 15 second(s)
This example shows how to clear system RSTP information.

MA5300(config)#clear spanning-tree
This example shows how to clear RSTP information on port ethernet 7/2/0.
MA5300(config)#clear spanning-tree interface ethernet 7/2/0
9-16
SmartAX MA5300/5303 Broadband Access System Chapter 10 IGMP Snooping Configuration
Chapter 10 IGMP Snooping Configuration
10.1 Overview
10.1.1 IGMP Snooping Principle
The MA5300 can act as a pure Layer 2 device to implement Layer 2 multicast
through Internet Group Management Protocol (IGMP) Snooping. IGMP Snooping is
the restriction mechanism running on Layer 2 devices. It is used to manage and
control the multicast group.
IGMP Snooping runs on the link layer. When the MA5300 receives the IGMP
messages transmitted between the host and the router, IGMP Snooping will analyze
the information carried by IGMP message. When it detects the IGMP host report
message sent by the host, the MA5300 will add this host into the corresponding
multicast table. When it detects the IGMP leave message sent by the host, the
MA5300 will delete the corresponding item from the multicast table.
Through incessant monitoring of IGMP packets, the device can establish and
maintain MAC multicast address table at Layer 2. After that, the MA5300 can
forward the multicast messages issued from the router, according to the MAC
multicast address table.
When no IGMP Snooping is running, the multicast messages will be broadcasted in

Layer 2, as shown in Figure 10-1.
Video stream
Multicast router Internet
VOD Server
Video stream
MA5300
Video stream Video stream

Video stream
Multicast Non-multicast Non-multicast

group member group member group member
Figure 10-1 Transmission of multicast messages when IGMP Snooping is not running
10-1
When IGMP Snooping is running, messages will be multicast (rather than

broadcasted) in Layer 2.
Refer to Figure 10-2.
Video stream
Multicast router Internet
VOD Server
Video stream
MA5300
Video stream Video stream

Video stream
Multicast Non-multicast Non-multicast

group member group member group member
Figure 10-2 Transmission of multicast messages when IGMP Snooping is running
10.1.2 Implementation of IGMP Snooping
I. Concepts related to IGMP Snooping
The following are the concepts related to IGMP Snooping.

z Router Port The port on the MA5300, which is directly connected to the
multicast router.
z Multicast member port The port on the MA5300, which is connected to the
multicast member. Multicast member is the host in a multicast group.
z MAC multicast group The multicast group is identified by the MAC
multicast address and maintained by the MA5300.
z Aging time of the router port The time set on the aging timer of the router
port. If no IGMP general query message is received before the timer times out,
the MA5300 will not regard the port as a router port.
z Aging time of multicast group member port When a port is added to the
IP multicast group, an aging timer will be started for this port. The aging time is
set on the timer. If no IGMP report message is received before the timer times
out, the MA5300 will send IGMP query message for a specific group to this
port.
z Maximum time to respond the query: When sending the ICMP specific query
messages to the multicast members, the MA5300 will start a timer for the
10-2
response to the query. The maximum time to respond the query is the time set
on the timer. During the set time, if no ICMP report message is received, the
MA5300 will delete this port from the ports of multicast members.
II. Implementation of Layer 2 multicast through IGMP Snooping
Running IGMP Snooping, the MA5300 can detect IGMP messages, and establish
the mapping relation between the host, its port and the corresponding multicast
address.
Figure 10-3 shows the way in which the MA5300 processes IGMP messages.
Internet
Router running
IGMP
IGMP message
MA5300 running
IGMP Snooping
IGMP message
Figure 10-3 Implementation of IGMP Snooping
The following introduces how IGMP Snooping processes the received IGMP
messages.
z IGMP general query message
It is the message sent from multicast router to the multicast group member, querying
which multicast groups have members. When it receives IGMP general query
messages on the original port connecting the router, the MA5300 will reset the
aging-time timer of a router port. When it receives IGMP general query messages
on a new port, the MA5300 will inform the multicast router that a host will join a
multicast group and start the aging timer for this router port.
z IGMP specific group query message
This message is sent by the multicast router to the multicast group member. It is
used to query whether a member exists in a specific multicast group. When the
10-3
MA5300 receives an IGMP specific group query message, it will send the query to
the queried IP multicast group.
z IGMP report message
It is the report message sent by the host to the multicast router. It is used to apply
for joining a multicast group or respond to an IGMP query message.
When the MA5300 receives an IGMP report message, it will first judge the existence
of the MAC multicast group to which the message will join.
If the corresponding MAC multicast group does not exist, and it only informs the
router that a member will join a broadcast group. A new MAC multicast group will be
established, the port receiving report message will be added into the MAC multicast
group, and the aging timer of this port will be started. All the router ports existing in
the VLAN, to which this port belongs, will be added into this MAC multicast
forwarding table. Meanwhile, a new IP multicast group will be established, to which
the port receiving the report message will be added.
If the MAC multicast group corresponding to the report message exists but the port
receiving report message is not in it, this port will be added into the MAC multicast
group and start the aging timer for it. Then judge whether the IP multicast IP group
corresponding to the message exists. If not, an IP multicast group will be created
and the port receiving report message will be added into it. If yes, the port receiving
report message will be added into the IP multicast group.
If the MAC multicast group corresponding to the message exists, and the port
receiving report message exists in the MAC multicast group, the aging timer on the
port receiving report message will be reset.
z IGMP leave message
It is the message sent by multicast group member to the multicast router, aiming at
informing the router that the host has left a multicast group.
When the MA5300 receives the leave message of an IP multicast group, it will send
specific group query message to the port which received this leave message, so as
to confirm if there exists other members of this multicast group among the hosts
connected with the port. At the same time, a response query timer will be started.
If no report message of this multicast group is received before the timer times out,
the port will be deleted from the corresponding MAC multicast group. If MAC
multicast group has no multicast member ports, the MA5300 will inform the multicast
router to delete the branch from the multicast tree.
10.2 Configuring IGMP Snooping
The configuration tasks of IGMP Snooping include:
10-4
z Enabling/Disabling IGMP Snooping

z Configuring the aging time of multicast group member port (optional)
z Configuring the aging time of the router port (optional)
z Configure maximum response time to the query (optional)
z Querying IGMP Snooping information (optional)
10.2.1 Enabling/Disabling IGMP Snooping Globally
The following commands are used to enable/disable IGMP Snooping to control

whether MAC multicast forwarding table is created and maintained on Layer 2.
Perform this configuration in global mode.
Table 10-1 Enabling/disabling IGMP Snooping globally
To Use
Enable/disable IGMP Snooping igmp-snooping { enable | disable }
Restore the default settings no igmp-snooping
IGMP Snooping is disabled by default.
GMRP and IGMP Snooping cannot run at the same time. You can use the show
gmrp status command to see if GMRP is running before enabling IGMP Snooping.
This example shows how to enable IGMP Snooping.
MA5300(config)#igmp-snooping enable
10.2.2 Setting Aging Time of Multicast Group Member Port
If the multicast group report message is not received within the set aging time, a
query message will be sent to the port.
Perform these configurations in global mode.
Table 10-2 Setting aging time of the multicast member port
To Use
Setting aging time of the multicast member port igmp-snooping host-aging-time seconds
Restore the default setting no igmp-snooping host-aging-time
By default, the aging time of the multicast member port is 260 seconds.
10-5
This example shows how to set the aging time of the multicast member port to 260
seconds.
MA5300(config)#igmp-snooping host-aging-time 260
10.2.3 Setting Aging Time of the Router Port
The goal of setting aging time of the router port is to remove the port from the MAC
multicast group once the general query message is not received from the router
within this aging time.
Table 10-3 Setting aging time of the router port
To Use
Set aging time of the router port igmp-snooping router-aging-time seconds
Restore the default settings no igmp-snooping router-aging-time
By default, the aging time of the router port is 260 seconds.
This example shows how to set the aging time of the router port to 260 seconds.
MA5300(config)#igmp-snooping router-aging-time 260
10.2.4 Setting Maximum Response Time
Maximum response time to the query is set to remove the port from the multicast
group if the report message has not been received within this response time.
Table 10-4 Setting the maximum response time
To Use
Set the maximum response time igmp-snooping max-response-time milliseconds
Restore the default settings no Igmp-snooping max-response-time
The maximum response time is 1000 milliseconds by default.
This example shows how to set the maximum response time to 1000 milliseconds.
MA5300(config)# igmp-snooping max-response-time 1000
10-6
10.2.5 Enabling a User under a Port to Leave an Multicast Quickly
In some multicast applications, such as the video on demand (VOD) application, the
user needs to be able to switch the program source channel quickly. This requires
that the MA5300 can quickly delete a multicast group immediately after it receives
the leave request from the user, rather than to delete a multicast group only after it
sends a specific query packet and gets the confirmation response.
The command igmp-snooping quick-leave is used to enable a multicast user

under a FE/GE/ADSL/VDSL port to leave a multicast group that he has already
joined. The no form of this command is used to restore the default setting, that is,
not allow the user under a FE/GE/ADSL/VDSL port to leave a multicast group that
he has already joined.
Perform these configurations in FE/GE/VDSL/ADSL port mode or global mode.
Table 10-5 Enabling a user under the port to leave an multicast quickly
To Use
Enable a user under the port to leave an multicast quickly
igmp-snooping quick-leave
(FE/GE/VDSL/ADSL port mode)
Enable a user under the port to leave an multicast quickly igmp-snooping quick-leave
(Global mode) interface [ to interface ]
interface: specifies the port to be configured. It can be an FE/GE/VDSL/ADSL port.
Make sure that the IGMP Snooping has been enabled globally before you run the
command igmp-snooping quick-leave.
This example shows how to enable the users under port adsl2/0/1 to leave a
multicast group quickly.
Enable IGMP-Snooping ok.
MA5300 (config-ifadsl2/1/0)# igmp-snooping quick-leave
! Or do as follows:
Enable IGMPSnooping ok.
MA5300 (config)# igmp-snooping quick-leave adsl2/0/1
10-7
10.2.6 Setting the Router Port
The port connecting to the user and the ports connecting downstream to the
cascading devices are not allowed to be set as the router port, for fear that the user
port becomes a router port by sending IGMP query packets, which will affect the
normal multicast service.
The command igmp-snooping router-port allowed is used to set the router port. A
router port refers to a port that connects to the upstream router. The no form of this
command is used to restore the default setting. By default, the GE and FE ports are
allowed to serve as the router port, and the VDSL port is not allowed to serve as the
router port. However, the command cannot be executed in ADSL port mode since an
ADSL port cannot be set as a router port.
Perform these configurations in FE/GE/VDSL port mode or global mode.
Table 10-6 Setting an port as a router port
To Use
Set an port as a router port
igmp-snooping router-port allowed
(FE/GE/VDSL port mode)
Set an port as a router port
igmp-snooping router-port allowed interface [ to interface ]
(Global mode)
interface: specifies the port to be configured. It can be an FE/GE/VDSL port, and it

cannot be an ADSL port.
Make sure that the IGMP Snooping has been enabled globally before you run the
command igmp-snooping router-port allowed.
For example:
MA5300(config-if-Ethernet7/2/1)#igmp-snooping router-port allowed
! Or do as follows:
MA5300(config)# igmp-snooping router-port allowed ethernet 7/2/1
10-8
10.3 Querying IGMP Snooping Information
After the above configuration, command show can be used to query the running
status of IGMP Snooping or verify whether the configurations are correct.
Table 10-7 Querying IGMP Snooping information
To Use
Show the statistics information on IGMP Snooping show igmp-snooping statistics
Show the configuration information on IGMP Snooping show igmp-snooping configuration
Show the information on IP multicast group and MAC show igmp-snooping group [ vlan
multicast group in VLAN vlan-id ]
I. Showing the statistics informaiton of IGMP Snooping
The show igmp-snooping statistics command will display IGMP Snooping

statistical information on the received and sent messages.
This command can be used to diagnose IGMP Snooping when it does not set up
MAC multicast group as expected.
For example:
MA5300# show igmp-snooping statistics
Received IGMP general query packet(s) number:0.
Received IGMP specific query packet(s) number:0.
Received IGMP V1 report packet(s) number:0.
Received IGMP V2 report packet(s) number:0.
Received IGMP leave packet(s) number:0.
Received error IGMP packet(s) number:0.
Sent IGMP specific query packet(s) number:0.
The above information shows that IGMP Snooping has not received these
messages:
z IGMP general query message
z IGMP specific query message
z IGMP V1 report message
z IGMP V2 report message
z IGMP leave message
z IGMP error message
In addition, no IGMP specific query message is sent.
10-9
II. Showing IGMP Snooping configuration information
The command show igmp-snooping configuration is used to display all the

configuration information on IGMP Snooping.
You can use this command to verify whether the configuration is correct after IGMP
Snooping is configured.
For example:
MA5300 show igmp-snooping configuration
Disable IGMP-Snooping.
The router port timeout is 260 second(s).
The max response timeout is 10 second(s).
The member port timeout is 260 second(s).
The information above shows: IGMP Snooping is disabled, aging time of the router
port is 260 seconds, maximum response time to the query is 10 seconds, and aging
time of multicast group member port is 260 seconds.
III. Showing IP and MAC multicast group information under VLAN
The show igmp-snooping group command will display information on IP/MAC

multicast groups under the VLAN.
For example:
MA5300# show igmp-snooping group
***************Multicast group table***************
Vlan(id):1.
Router port(s): Gigabitethernet7/1/0
IP group(s):the following ip group(s) match to one mac group.
IP group address:224.1.2.3
Member port(s):vdsl4/0/3
MAC group(s):
MAC group address:01-00-5e-01-02-03
Member port(s):vdsl4/0/3
The above display shows:

z There are multicast groups under VLAN2.
z The router port is Gigabitethernet 7/1/0.
z IP multicast group is 224.1.2.3.
z IP multicast group member is vdsl4/0/3.
z MAC multicast group is 01-00-5e-01-02-03.
z MAC multicast group member is vdsl4/0/3.
10-10
Note:
The router port is not displayed together with IP/MAC multicast group members. Instead, it is displayed
separately before all multicast groups under the local VLAN.
10.4 Configuration Example of IGMP Snooping
I. Networking requirements
To implement the MA5300 multicast on Layer 2 (namely, MAC multicast), you should
perform corresponding configurations on the equipment. The networking is as
shown in Figure 10-4, where the upstream port of the MA5300 acts as the router
port and connects with the router, and other non-router ports connect to the PC of
the user.
II. Networking diagram
Figure 10-4 shows the networking for configuring IGMP Snooping.
Internet
Router
Multicast
MA5300
Figure 10-4 Networking diagram for IGMP Snooping
III. Configuration steps
1) Display the status of GMRP.

MA5300# show gmrp status
2) Display the current status of IGMP Snooping when GMRP is disabled.
MA5300 show igmp-snooping configuration
3) Enable global IGMP Snooping if it is disabled.
10-11
MA5300(config)# igmp-snooping enable
10.5 Troubleshooting IGMP Snooping
Fault: multicast function cannot be implemented on the device.
Diagnosis 1: IGMP Snooping is disabled.
Troubleshooting 1:
1) Input show igmp-snooping configuration to view IGMP Snooping status.
2) If IGMP Snooping is disabled, input igmp-snooping enable in the global mode
to enable IGMP Snooping.
3) Continue with diagnosis 2 if the first reason is excluded.
Diagnosis 2: Multicast forwarding table set up by IGMP Snooping is wrong.
Troubleshooting 2:
1) Input the command show igmp-snooping group to view if the multicast group
is correct.
2) If the multicast group created by IGMP Snooping is not correct, you can turn to
professional maintenance personnel for help.
3) Continue with diagnosis 3 if the second reason is excluded.
Diagnosis 3: Multicast forwarding table set up by the bottom layer is wrong.
Troubleshooting 3:
1) Enable IGMP Snooping group debugging switch by executing command debug
igmp-snooping groups in privilege mode, and then input the command show
igmp-snooping group to check if MAC multicast forwarding table in the
bottom layer and that created by IGMP Snooping are consistent.
2) Use the command show mac vlan in the privileged user mode to check if the
MAC multicast forwarding table created by the bottom layer under VLAN ID and
that created by IGMP Snooping are consistent.
3) If they are not consistent, turn to the maintenance personnel for help.
10-12
SmartAX MA5300/5303 Broadband Access System Chapter 11 IGMP Proxy Configuration
Chapter 11 IGMP Proxy Configuration
11.1 Overview
The MA5300 supports the IGMP proxy function. With the IGMP proxy function, the
upstream multicast router, rather than the MA5300 Series, performs the routing.
From the perspective of a multicast user, the MA5300 is the multicast router
responsible for implementing the functions of a router as defined in the IGMP. The
MA5300 collects and maintains membership information on the downstream ports in
two ways: it accepts the downstream users requests for joining or leaving a
multicast group, and periodically queries whether there is member belonging to the
multicast group on a downstream port.
From the perspective of a multicast router, theMA5300 is a multicast host, which

sends IGMP requests to the multicast router for joining or leaving a designated
multicast group.
The IGMP proxy function provided by the MA5300 Series supports unidirectional
delivery of the multicast packets. That is, the multicast router sends data to the
multicast user, while the multicast user is not able to send multicast data. The
MA5300 can control the group ordered by the user through the CLI or NMS, and
then forward the multicast from the upstream port to the downstream port based on
its group membership information. The upstream and the downstream ports may not
belong to the same VLAN. However, the upstream port cannot forward the multicast
data received from the downstream port, or forward multicast data to other upstream
ports.
11.2 Basic IGMP Proxy Configuration
11.2.1 Enabling/Disabling IGMP Proxy
To enable the IGMP Proxy function, use the command igmp-proxy enable.
For example:
MA5300(config)#igmp-proxy enable
Enable IGMP-Proxy ok.
MA5300(config)#
The IGMP Proxy feature is not compatible with these functions: IGMP Snooping, L3
muticast routing and multicast VLAN. However, the IGMP Proxy function is
11-1
compatible with such functions as Smart VLAN and MUX VLAN. Therefore, make
sure IGMP Snooping, L3 muticast routing and multicast VLAN have all been
disabled before you enable IGMP Proxy. Otherwise, the system will prompt failure in
enabling the IGMP Proxy function as long as any of the three functions is enabled.
To disable the IGMP Proxy function, use the command igmp-proxy disable.
For example:
MA5300(config)#igmp-proxy disable
This will disable IGMP-Proxy. Continue? [Y/N] y
Disable IGMP-Proxy ok.
MA5300(config)#
11.2.2 Configuring the Master Upstream Port
The upstream port determines the ingress of the multicast data traffic, as well as the
port and VLAN ID used by the IGMP packets sent by the IGMP Proxy to the
upstream equipment. If the multicast data traffic has a VLAN tag, the tagged VLAN
ID refers to the VLAN ID for the upstream port. If the multicast data traffic does not
have a VLAN tag, the VLAN ID should be the PVID of the upstream port.
The MA5300 can have multiple upstream ports, which are identified by Port +
VLAN ID uniquely. The upstream port can be either a Trunk port or an Access port.
However, it must be on the ESM board. Up to 100 upstream ports are supported by
the MA5300.
Two concepts about the MA5300 need to be made clearmaster upstream port and
slave upstream port. When you have not designated the upstream port which the
program is bound to, the program will be bound to the master upstream port by
default.
To designate the master upstream port, use the command igmp-proxy

upstream-port interface vlanid. The system can have one master upstream port
only.
The port (namely interface) is numbered in the form of interface type slot/card/port.
This port must be an Ethernet or GigabitEthernet port on the ESM board, and the
port must belong to the designated VLAN.
For example:
MA5300(config)#igmp-proxy enable
Enable IGMP-Proxy ok.
MA5300(config)#igmp-proxy upstream-port ethernet 7/1/0 vlan 2
MA5300(config)#
11-2
To delete the current master upstream port, use the command no igmp-proxy
upstream-port interface vlanid.
For example:
MA5300(config)#no igmp-proxy upstream-port ethernet 7/1/0 vlan 2
This will delete Forward Table of program bound to this upstream-port.
Continue? [Y/N] y
MA5300(config)#
IGMP Proxys upstream port is identified with port number and VLAN ID. The
upstream port should belong to a specified VLAN or allow the packets with specified
VLAN ID to pass through. Otherwise, the associated multicast forwarding will fail.
11.2.3 Maintaining a Program Library
To facilitate maintaining the programs, the MA5300 provides a program library and
supports relative maintenance means. You are entitled to make further maintenance
operations only after you have added programs to the library. For example, you add
a program to an authority profile to enable program demanding. Otherwise, a
subscriber will not be able to demand the program. You can also perform other
operations for maintaining the program library, for example, setting a program to be
in pre-join state.
A program library can have up to 255 programs, which are numbered 1255
respectively. Five commands are available for maintaining a program library, as
described in the following sections.
I. Adding a program to a program library
To add a program to a program library, use this command:
igmp-proxy program { add { { index program-index { name program-name |

default-name } | name program-name } ip multicast-ip | default-name ip
multicast-ip [ to multicast-ip] } [ bind { interface vlan vlanid | default } | host
{ enable | disable } | prejoin { enable | disable } ] *
This example shows how to add the program NetTV to the program library.
MA5300(config)#igmp-proxy program add name NetTV ip 224.1.1.1 bind
default host enable prejoin enable
MA5300(config)#
II. Deleteing a program from a program library
To delete a program from a program library, use this command:
11-3
igmp-proxy program delete { all | name program-name | ip multicast-ip | index

program-index }
This example shows how to delete the program NetTV from the program library.
MA5300(config)#igmp-proxy program delete name NetTV
This will delete Forward Table of program. Continue? [Y/N] y
MA5300(config)#
III. Renaming a program in a program library
To rename a program in a program library, use this command:
igmp-proxy program rename old-name new-name
This example shows how to rename the program NetTV in the program library to
NetTV-1.
MA5300(config)#igmp-proxy program rename NetTV NetTV-1
MA5300(config)#
IV. Modifying a program in a program library
To modify a program in a program library, use this command:
igmp-proxy program modify { all | program-name program-name | ip

multicast-ip | index program-index } { bind { interface vlan vlanid | default } |
host { enable | disable} | prejoin { enable | disable} }
This example shows how to modify the program NetTV-1 in the program library.
MA5300(config)#igmp-proxy program modify name NetTV-1 bind ethernet
7/1/1 vlan 1 host enable prejoin disable
MA5300 (config)#
V. Showing the programs in a program library
To show the programs in a program library, use this command:
show igmp program { all | ip multicast-ip | name program-name | index

program-index } [ detail ]
This example shows how to show the brief information on the programs in a
program library.
MA5300# show igmp-proxy program all
Total:5
-------------------------------------------------------------------
------
Index Name Ip Upport Host Pre- Multicast-source
-index join
11-4
1 program-1 224.1.1.1 1 Yes No 20.0.0.1

2 program-2 224.1.1.2 1 Yes No 20.0.0.1
3 program-3 224.1.1.3 1 Yes No 20.0.0.1
4 program-4 224.1.1.4 1 Yes No 20.0.0.1
5 program-5 224.1.1.5 1 Yes No 20.0.0.1
-------------------------------------------------------------------
-
This example shows how to show the detailed information on the programs in a
program library.
MA5300(config)#show igmp-proxy program all detail
Total:1
-------------------------------------------------------------------
Index: 1
Program name: NetTV-1
IP: 224.1.1.1
Upport: Ethernet7/1/1 Vlan 3
Host function: No
Prejoin: No
User references: 0
Profile references list(Total:0):
-------------------------------------------------------------------
MA5300(config)#
VI. Parameters of commands for maintaining a program library
Parameters of commands for maintaining a program library include:
multicast-ip: program IP address (D type IP address only).
program-name: ranges 132 bytes in length. It is not case insensitive.
interface: specifies the port in the form of interface type slot/card/port.
add { { index program-index { name program-name | default-name } | name

program-name } ip multicast-ip | default-name ip multicast-ip [ to multicast-ip] }
[ bind { interface vlan vlanid | default } | host { enable | disable } | prejoin { enable
| disable }: these parameters are to add a program with the name specified by
program-name. A program name has a unique multicast address. The default
system program name can be used. When the program index is not specified, the
system will automatically assign an index for the program by numeric order. You
may configure the relative program attributes when adding a program. The default
settings will be taken if you have not performed the configuration. By default, the
11-5
program is bound to the master port, host function is enabled, and pre-join function
is disabled.
igmp-proxy program delete { all | name program-name | ip multicast-ip | index

program-index }: indicates to delete a program in the library. all indicates to delete
all programs.
rename old-name new-name: indicates to rename an existing program.
modify { all | program-name program-name | ip multicast-ip | index

program-index } { bind { interface vlan vlanid | default } | host { enable | disable} |
prejoin { enable | disable}: indicates to modify program attributes. * indicates that
you should at least select one from these three options: bind, host and prejoin,
and you can also select more than one of them in the same command line.
bind { interface vlanid | default }: specifies the upstream port to which the program
is bound. default indicates to bind the program to the default port, namely, the
master upstream port. The system sends IGMP packets to the bound upstream port,
in which case the IP address used is that of the transmit port.
host { enable | disable }: indicates to enable or disable IGMPs host functions. In

the case of enable, MA5300 will respond to IGMP query from the upstream device
and send IGMP packets; in the case of disable, MA5300 will not send any IGMP
packet.
prejoin { enable | disable }: indicates to enable or disable program pre-join

function.
When the pre-join function is enabled, the MA5300 regards that a virtual subscriber
is demanding the program; but for the upstream device, it seems that a real
subscriber was demanding the program. That is, in the case of enable, the MA5300
will send a membership Report packet to the upstream device, and will then respond
with a Report packet when it gets a Query packet from the upstream device. Now
the data traffic of the program can reach the MA5300, but the MA5300 will not
forward it to any subscriber because there is no real forwarding table entry in the
system.
However, the MA5300 will generate a real forwarding table entry and forward the
program data traffic to the subscriber immediately after a subscriber joins the
program. This will shorten the delay in program demanding.
When the pre-join function is disabled, the MA5300 will send a Leave packet to the
upstream device and will not respond an IGMP query from the upstream device.
After one or more subscriber joins the MA5300, the MA5300 will then send an IGMP
membership Report packet to the upstream device and will respond with an IGMP
membership Report packet after having received an IGMP Query from the upstream
device.
11-6
all | ip multicast-ip | name program-name | index program-index: indicates

respectively to show all programs, the program of a designated multicast address, a
program of a designated name, or a program of a designated index. You can specify
any one of these conditions.
detail: indicates to show detailed information.
11.2.4 Configuring Parameters for a Multicast Router
For a downstream user, the MA5300 running IGMP Proxy is equal to a multicast
router. It receives the Report packet and Leave packet from a downstream device.
In addition, it queries the group/member relationship, and generates/maintains the
multicast forwarding table.
Configuration of the multicast router involves:

z Setting the robustness variable
z Setting the source IP address for the IGMP packets sent from the system to the
user
z Setting the query-interval of the igmp-proxy router
z Setting the gen-response-time of the igmp-proxy router
z Setting the sp-response-time of the igmp-proxy router
z Enabling the user on a port to leave quickly
I. Setting the robustness variable
To set the robustness variable, use these commands:
igmp-proxy router robustness-variable value
no igmp-proxy router robustness-variable
value ranges 1 10, and its default is 2.
IGMP robustness variable specifies the times of allowed IGMP packet losses. For
example, when the robustness variable is set to 2, the IGMP querier will decide
whether to delete member entries after querying the common groups or special
groups for two times. 1 is not recommended for the setting.
The no form of the command is used to restore the default setting.
This example shows how to set the robustness variable to 5.

MA5300(config)#igmp-proxy router robustness-variable 5
11-7
II. Setting the source IP address for the IGMP packets sent from the system
to the user
To set the source IP address for the IGMP packets sent from the system to the user,
use these commands:
igmp-proxy router querier-ip ip-address
no igmp-proxy router querier-ip
The default value is 0.0.0.1. The no form of the command is used to restore the
default settings.
IGMP querier uses source IP address in compliance with the following rule:
1) First, it uses the IP address of the VLAN interface at the transmit end.
2) If the VLAN interface is not configured with an IP address, you can use the
command to configure a source IP address for the interface.
This example shows how to set the source IP address for the IGMP packets sent
from the system to the user to 1.2.1.1.
MA5300(config)#igmp-proxy router querier-ip 1.2.1.1
III. Setting the query-interval of the igmp-proxy router
To set the igmp-proxy router query-interval, namely, the interval for sending the
IGMP Proxy query packet to users, use these commands:
igmp-proxy router query-interval time
no igmp-proxy router query-interval
time specifies the interval of IGMP Proxy query packet. It ranges1065535s, and the
default is 125s.
This example shows how to set the query-interval of the igmp-proxy router to 120s.
MA5300(config)#igmp-proxy router query-interval 120
IV. Setting the gen-response-time
To configure the gen-response-time, namely the maximum time for the IGMP host to
response the general group query, use these commands:
igmp-proxy router gen-response-time time
no igmp-proxy router gen-response-time
time ranges 100 25500ms. It is an integer multiple of 100. The default is 10000ms.
11-8
This example shows how to set the gen-response-time to 5000ms.

MA5300(config)#igmp-proxy router gen-response-time 5000
V. Setting the sp-response-time
To set the sp-response-time, namely the maximum time for the IGMP host to
response the specific group query, use these commands:
igmp-proxy router sp-response-time time
no igmp-proxy router sp-response-time
time ranges 100 25500ms, and is an integer multiple of 100. The default is
10000ms.
This example shows how to set the sp-response-time to 5000ms.

MA5300(config)#igmp-proxy router sp-response-time 3000
VI. Enabling the user on a port to leave quickly
To enable the user on a port to leave quickly, use these commands:
igmp-proxy router quick-leave interface [ to interface ]
no igmp-proxy router quick-leave interface [ to interface ]
interface: specifies a port in the form of interface type slot/card/port.
The no form of the command is used to restore the default setting, that is, to disable
the quick leave function.
This example shows how to enable the user on a port to leave quickly.
MA5300(config)#igmp-proxy router quick-leave ethernet 7/1/0 to ethernet
7/1/3
no
11.2.5 Configuring the Static Multicast Members of an IGMP Proxy Group
To define the relations between the static multicast members of an IGMP Proxy
group, run this command in global mode.
igmp-proxy group {all | ip ip-address | name program-name | index

program-index } interface [ to interface ]
11-9
11.2.6 Querying IGMP Proxy Configurations
To query IGMP Proxy configurations, use the command show igmp-proxy

configuration.
show igmp-proxy configuration [ interface [ to interface] ]*
interface specifies a port in the form of port type slot/card/port.
This example shows how to query IGMP Proxy configurations.

MA5300(config)#show igmp-proxy configuration
{ <cr>|Ethernet<K>|GigabitEthernet<K> }:
----------------------Up port information
table----------------------
Index Port VlanId V1-Router-Present
2 Ethernet7/1/1 3 No
-------------------------------------------------------------------
Default-multicast-source: 20.0.0.1
Unsolicited-report-interval: 0 second(s)
Robustness-variable: 5
Query-interval: 120 second(s)
General-query-response-time: 5000 millisecond(s)
Specific-query-response-time: 3000 millisecond(s)
Querier-ip: 0.0.0.1
MA5300(config)#
11.2.7 Querying Multicast Group Information
To query multicast group information, run this command:
show igmp-proxy group [ interface interface | ip multicast_ip | name

program-name | index program-index ]
The command is used to show information on static/dynamic multicast group by port,

multicast IP address, program name, or program index.
For example:
MA5300(config)#show igmp-proxy group interface ethernet 7/1/2
********************Multicast group table*******************
Port Ethernet7/1/2 have joined 1 group(s):
NetTV-1(224.1.1.1) static
------------------------------------------------------------
MA5300(config)#show igmp-proxy group ip 224.1.1.1
11-10

Total 1 group(s) have member(s)
------------------------------------------------------------
Index: 1 NetTV-1(224.1.1.1)
Member list(Total:2):
Ethernet7/1/1(static) Ethernet7/1/2(static)
------------------------------------------------------------
MA5300(config)#show igmp-proxy group name nettv-3

------------------------------------------------------------
Index: 4 nettv-3(224.1.1.5)
Ethernet7/1/3(static)
------------------------------------------------------------
MA5300(config)#show igmp-proxy group index 1

------------------------------------------------------------
Index: 1 NetTV-1(224.1.1.1)
------------------------------------------------------------
MA5300(config)#show igmp-proxy group

{ <cr>|name<K>|ip<K>|interface<K>|index<K> }:
------------------------------------------------------------
Index: 1 NetTV-1(224.1.1.1)
------------------------------------------------------------
Index: 4 nettv-3(224.1.1.5)
Ethernet7/1/3(static)
------------------------------------------------------------
11-11
11.3 Configuring Authority Profile-Based Controlled

Multicast
Authority profile is used to define the programs a user is entitled to access. An

administrator can configure an authority profile by assigning it with certain programs.
By default, the system contains no authority profile. An authority profile can have up
to 255 multicast programs.
A port is exclusively bound to one authority profile. Users associated with the port
are only allowed to access the multicast programs assigned to the mentioned
authority profile. Any request to access programs beyond the profile will be rejected.
The system supports up to 128 authority profiles. By default, a port is not bound to
any authority profile.
11.3.1 Configuring Authority Profile
I. Create an authority profile
igmp-proxy profile add [ index start-profile-index [ to index end-profile-index ] ]

{ name profile-name | default-name }
For example:
MA5300(config)#igmp-proxy profile add name tvb-profile
MA5300(config)#igmp-proxy program add name tvb-1 ip 224.1.1.2
{ <cr>|bind<K>|host<K>|prejoin<K> }:
MA5300(config)#igmp-proxy profile modify name tvb-profile join program
ip 224.1.1.2
MA5300(config)#show igmp-proxy profile all
{ <cr>|detail<K> }:
Total:2
-------------------------------------------------------------------
Index Profile name Program number User references
-------------------------------------------------------------------
1 nettv-profile 0 0
2 tvb-profile 1 0
-------------------------------------------------------------------
The number of displayed profile(s) is: 2
11-12
II. Delete an authority profile
igmp-proxy profile delete { { index start-profile-index [ to index end-profile-index ] }

| name profile-name }
For example:
MA5300(config)#igmp-proxy profile delete name tvb-profile
Are you sure to delete the profile? (y/n)[n]:y
{ <cr>|detail<K> }:
Total:1
-------------------------------------------------------------------
1 nettv-profile 0 0
-------------------------------------------------------------------
III. Rename authority profile
igmp-proxy profile rename { { index start-profile-index [ to index

end-profile-index ] } | name old-profile-name } { default-name | new-name
new-profile-name }
To rename multiple profiles, use the command index start-profile-index to index

end-profile-index. You can only adopt the name of the default profile for them.
For example:
{ <cr>|detail<K> }:
Total:1
-------------------------------------------------------------------
-------------------------------------------------------------------
1 nettv-profile 0 0
MA5300(config)#igmp-proxy profile rename index 1 new-name nettv
{ <cr>|detail<K> }:
Total:1
-------------------------------------------------------------------
11-13

1 nettv 0 0
MA5300(config)#igmp-proxy profile rename index 1 default-name
{ <cr>|detail<K> }:
Total:1
-------------------------------------------------------------------
1 profile-1 0 0
-------------------------------------------------------------------
IV. Add/Delete programs to/from an authority profile
igmp-proxy profile modify { index start-profile-index [ to index end-profile-index ] |

name profile-name } { join | remove } program { ip multicast-ip | name
program-name | index start-program-index [ to index end-program-index ]
&<1-20> }
This example shows how to display all programs of the program library.
MA5300(config)#show igmp-proxy program all
{ <cr>|detail<K> }:
Total:2
-------------------------------------------------------------------
Index Name Ip Upport Host Pre- Profile- User-
-index join references references
1 NetTV-1 224.1.1.1 2 No No 0 0
2 tvb-1 224.1.1.2 none Yes No 0 0
-------------------------------------------------------------------
This example shows how to add two programs, NetTV-2 and NetTV-3, to the profile.
MA5300(config)#igmp-proxy program add name nettv-2 ip 224.1.1.3 bind
default host enable prejoin enable
MA5300(config)#igmp-proxy program add name nettv-3 ip 224.1.1.5 bind
ethernet 7/1/0 vlan 2
This example shows how to display all programs of the program library.
MA5300(config)#show igmp-proxy program all
{ <cr>|detail<K> }:
Total:4
-------------------------------------------------------------------
11-14
Index Name Ip Upport Host Pre- Profile- User-

-index join references references
1 NetTV-1 224.1.1.1 2 No No 0 0
2 tvb-1 224.1.1.2 none Yes No 0 0
3 nettv-2 224.1.1.3 none Yes Yes 1 0
4 nettv-3 224.1.1.5 3 Yes No 1 0
-------------------------------------------------------------------
This example shows how to add two programs, NetTV-2 and NetTV-3, to profile 1.
MA5300(config)#igmp-proxy profile modify index 1 join program name
nettv-2
MA5300(config)#igmp-proxy profile modify index 1 join program name
nettv-3
This example shows how to display all profiles.

{ <cr>|detail<K> }:
Total:1
-------------------------------------------------------------------
1 profile-1 2 0
-------------------------------------------------------------------
MA5300(config)#show igmp-proxy profile all detail

Total:1
-------------------------------------------------------------------
Index: 1
Profile name: profile-1
Programs(Total:2):
nettv-2 nettv-3
User references(Total:0):
-------------------------------------------------------------------
This example shows how to delete the program NetTV-2 from the profile.
MA5300(config)#igmp-proxy profile modify index 1 remove program name
nettv-2
Are you sure to remove the multicast program? (y/n)[n]:y
This example shows how to display all profiles.
11-15
MA5300(config)#show igmp-proxy profile index 1

{ <cr>|to<K>|detail<K> }:
Total:1
-------------------------------------------------------------------
1 profile-1 1 0
MA5300(config)#show igmp-proxy profile index 1 detail

Total:1
-------------------------------------------------------------------
Index: 1
Profile name: profile-1
Programs(Total:1):
nettv-3
User references(Total:0):
Note:
z Before specifying an authority profile, make sure that the profile is an existing one.
z The programs to be added to a profile must already exist in the library.
z The system will prompt nothing if the program to be deleted does not exist in the profile.
V. Querying authority profile configurations
show igmp-proxy profile { all | index start-profile-index [ to index

end-profile-index ] | name profile-name } [ detail ]
This example shows how to display the brief information of all profiles.
MA5300# show igmp-proxy profile all
Total : 2
0 VIP 2 2
1 COMMON 1 3
-------------------------------------------------------------------
This example shows how to display the detailed information of profiles:

MA5300# show igmp-proxy profile all detail
Total : 2
Index: 0
Profile name : VIP
Programs(Total:2) :
11-16
NetTV-1 NetTV-2
User references(Total:2) :
adsl 2/0/0 adsl2/0/1
Index: 1
Profile name : COMMON
Programs(Total:1):
SZTV-1 SZTV-2
User references(Total:3) :
adsl 2/0/5 adsl2/0/6 adsl2/0/7
-------------------------------------------------------------------
VI. Parameters description
profile-name: the name of a profile. It ranges 1 32 characters and is case

insensitive.
add [ index start-profile-index [ to index end-profile-index ] { name profile-name |

default-name }: adds one or more profile.
delete { index start-profile-index [ to index end-profile-index ] } | name

profile-name : deletes one or more profile.
rename { { index start-profile-index [ to index end-profile-index ] } | name

old-profile-name } { default-name | new-name new-profile-name }: renames a
profile. When renaming multiple profiles, you need to adopt the name of the default
profile for them.
modify { index start-profile-index [ to index end-profile-index ] | name

profile-name } { join | remove } program { ip multicast-ip | name program-name |
index start-program-index [to index end-program-index ] }: adds/deletes a
program to/from one or multiple profiles.
detail: queries the detailed configurations of profiles.
11.3.2 Configuration User Authority
I. User authority configuration commands
Use the command below to configure the authorities of a user port:
igmp-proxy user interface [ to interface ] bind { profile { index profile-index |

name profile-name } | noauth } [ max-program-number maxProgramnum ]
Use the command below to cancel the authorization settings for a user port:
igmp-proxy user interface [ to interface ] delete
11-17
Use the command below to block a user port:
igmp-proxy user interface [ to interface ] block
no igmp-proxy user interface [ to interface ] block
Use the command below to restore the setting of maximum program number to the
default value (namely 2):
no igmp-proxy user interface [ to interface ] max-program-number
II. Parameters description
bind { profile { index profile-index | name profile-name } } | noauth: Binds a profile

with a specified port. By default, a port is not bound to any profile.
profile { index profile-index | name profile-name: Specifies the profile to be bound

to a user. A user can only be bound to one profile. To bind the user with additional
profile will delete the original one.
noauth: Specifies that no authorization is needed for the user. This type of user is
entitled to access any program.
max-program-number maxProgramnum: Defines the maximum number of

programs accessible for the user. The parameter maxProgramnum ranges 0255.
Its default value is 2. You can adopt 0 for this parameter to disable the user from
viewing the on-going program.
delete: Deletes the authorization settings for a user port. This can disable a user
from viewing any program. To enable the user to access programs, you need to bind
the user with a profile.
block: Blocks a user port. When a port is blocked, the associated users will be
disabled from viewing the on-going program, and will be no longer allowed to
access any program until it is unblocked using no form of the command.
III. User authority example
This example shows how to bind a user with a profile by profile index.
MA5300(config)#igmp-proxy user adsl 2/0/0 bind profile index 12
max-program-number 6
This example shows how to bind a user with a profile by profile name.
MA5300(config)#igmp-proxy user adsl 2/0/0 bind profile name vip_user
This example shows how to authorize a user port with unlimited authorizations.
MA5300(config)#igmp-proxy user adsl 2/0/0 to adsl 2/0/10 bind noauth
11-18
This example shows how to delete the authorities of user port.

MA5300(config)#igmp-proxy user adsl 2/0/0 delete
This example shows how to delete the authorities of multiple user ports.
MA5300(config)#igmp-proxy user adsl 2/0/0 to adsl 2/0/10 delete
This example shows how to block a user port.

MA5300(config)#igmp-proxy user adsl 2/0/0 block
This example shows how to block multiple user ports.

MA5300(config)#igmp-proxy user adsl 2/0/0 to adsl 2/0/10 block
This example shows how to unblock a user port.

MA5300(config)#no igmp-proxy user adsl 2/0/0 to adsl 2/0/10 block
This example shows how to set the maximum number of programs accessible for a
user port.
MA5300(config)#igmp-proxy user adsl 2/0/0 max-program-number 4
This example shows how to set the maximum number of programs accessible for
multiple user ports.
MA5300(config)#igmp-proxy user adsl 2/0/0 to adsl 2/0/10 max-program-number
4
This example shows how to restore the settings of maximum program number for
multiple user ports to the default value.
MA5300(config)#no igmp-proxy user adsl 2/0/0 to adsl 2/0/10 max-program-number
IV. Display user authority configuation
show igmp-proxy user interface [ to interface] [ detail ]
This example shows how to display the brief authority information of a user.
MA5300(config)#show igmp-proxy user ethernet 7/1/0
{ <cr>|to<K>|Ethernet<K>|GigabitEthernet<K>|Shdsl<K>|detail<K> }:
Total:1
-------------------------------------------------------------------
User Profile(Program number) Max Program Number Block
-------------------------------------------------------------------
Ethernet7/1/0 profile-1(1) 2 No
-------------------------------------------------------------------
The number of displayed user(s) is: 1
This example shows how to display the authority configurations of a user.

MA5300(config)#show igmp-proxy user ethernet 7/1/0 detail
11-19
Total:1
-------------------------------------------------------------------
User: Ethernet7/1/0
Profile: profile-1 (1)
Program:
nettv-3
Max Program Number: 2
Block: No
-------------------------------------------------------------------
The number of displayed user(s) is: 1
[noauth]: Indicates that the authorization for the user is not required, and the user is
entitled to access any program.
profile-1 (1): Represents the profile named profile-1. The profile is entitled to
access one program.
----: Indicate that the user has no authority.
11.4 Querying the IGMP Proxy Log
The igmp-proxy log command is used to display the log-in duration and log
information of a specific port within certain period, or the information of ports
belonging to a multicast IP group.
To view the log information, run the following commands:
show igmp-proxy log { interface | ip multicast_ip } start-time to { end-time | now }
show igmp-proxy log { interface | ip multicast_ip } all
show igmp-proxy log { interface | ip multicast_ip } now
Parameters description:
interface | ip multicast_ip: Queries the history log generated within a specified

period by port, and program's multicast IP address. You can specify the period by
giving out the start time and end time, or the start time and the current time. If you
intend to view the current log information, just give out the current time.
start-time: Specifies the start query time (in the form of hh:mm MM-DD-YYYY).
now: Indicates the current time.
end-time: Specifies the end query time (in the form of hh:mm MM-DD-YYYY).
all: Displays all logs for all ports.
11-20
To clear IGMP Proxy logs, run the global command clear igmp-proxy log.
clear igmp-proxy log interface [ to interface ] all
This example shows how to clear IGMP Proxy logs for Ethernet ports 7/1/0 7/1/3.
MA5300(config)#clear igmp-proxy log ethernet 7/1/0 to ethernet 7/1/3 all
11-21
SmartAX MA5300/5303 Broadband Access System Chapter 12 Multicast VLAN Configuration
Chapter 12 Multicast VLAN Configuration
12.1 Overview
With the multicast VLAN function, the MA5300 can effectively cooperate with
various upstream devices in implementing multicast, even though the received
messages from the upstream devices do not contain any VLAN label.
The MA5300 networks with upstream devices. When the MA5300 receives a
multicast message without a VLAN label from an upstream device, the receiving port
will send this message to the VLAN to which the port belongs. When the
corresponding multicast port is not found in the multicast address table of that VLAN,
the device will discard the response message and the multicast will fail.
When multicast VLAN is realized, if the MA5300 receives a multicast message

without a VLAN label from an upstream device, the receiving port, as the upstream
port of multicast VLAN, will send this message to the multicast VLAN. When the
corresponding multicast port is found in the multicast address table of that multicast
VLAN, the device will then send the response message to this port. In this way,
multicast is successfully implemented.
Multicast VLAN includes the upstream port and the downstream port. The upstream
port refers to the port connected to the upstream device, while the downstream port
refers to the port connected to the user. On the same port, multicast VLAN is
incompatible with Smart VLAN, but compatible with normal VLAN.
12.2 Configuring Multicast VLAN
Configurations of multicast VLAN include:

z Configuring the upstream port of multicast VLAN
z Configuring the downstream port of multicast VLAN
z Querying multicast VLAN (optional)
12.2.1 Configuring Upstream Port of the Multicast VLAN
Upstream port of multicast VLAN is the port connected with the upstream device.
Perform the following configurations in global mode.
12-1
Table 12-1 Configuring upstream port of multicast VLAN
To Use
Add/Delete the upstream port of multicast VLAN [ no] mvlan-upport interface interface-list
By default, there is no port in the multicast VLAN.
A multicast VLAN can have multiple upstream ports, but its upstream ports must be
on the main control board. A port cannot act as both the upstream port and the
downstream port at the same time.
This example shows how to add port GigabitEthernet 7/1/0 as the upstream port.
MA5300(config)# mvlan-upport interface GigabitEthernet 7/1/0
12.2.2 Configuring Downstream Port of Multicast VLAN
The downstream port of multicast VLAN is the port connected with the user.
Table 12-2 Configuring downstream port of multicast VLAN
To Use
Add/Delete the downstream port of multicast VLAN [ no] mvlan-downport interface interface-list
By default, there is no port in the multicast VLAN.
Multicast VLAN can have multiple downstream ports, but its upstream ports must be
on the main control board. A port cannot act as both the upstream port and the
downstream port at the same time.
This example shows how to add port vdsl2/0/0 as the down port.
MA5300(config)# mvlan-downport interface vdsl2/0/0
12.2.3 Querying the Multicast VLAN
After finishing the above configurations, you can use command show multivlan to
query the information on the multicast VLAN, including the upstream and
downstream ports. This helps to verify whether the configurations are correct.
Table 12-3 Querying the multicast VLAN
To Use
Query the port information on multicast VLAN show multivlan
12-2
This example shows how to query the multicast VLAN.

MA5300# show multivlan
The upstream port(s) of multicast vlan include:
GigabitEthernet7/1/0
The downstream port(s) of multicast vlan include:
Vdsl2/0/0
12.3 Configuration Example of Multicast VLAN
The following provides a configuration example of multicast VLAN.
To implement the transmitting and receiving of multicast information between

upstream devices (which send the messages without designated VLAN label) and
the MA5300, it is necessary to configure multicast VLAN on the device.
Figure 12-1 shows the networking for configuring multicast VLAN.
MA5200 Multicast server
g7/1/0
MA5300
vdsl2/0/0
vdsl2/0/23
Figure 12-1 Networking for configuring multicast VLAN
1) Add the gigabit Ethernet port g7/1/0 of the MA5300 as the upstream port of
multicast VLAN.
MA5300(config)# mvlan-upport interface GigabitEthernet 7/1/0
2) Add the ports vdsl2/0/0vdsl2/0/23 of the MA5300 into the multicast VLAN.
MA5300(config)# mvlan-downport interface vdsl2/0/0 to vdsl2/0/23
3) Show the port information on multicast VLAN.
12-3
MA5300# show multivlan

The upstream port(s) of multicast vlan include:
GigabitEthernet7/1/0
The downstream port(s) of multicast vlan include:
Vdsl1/0/9 Vdsl1/0/10 Vdsl1/0/11
Vdsl1/0/12 Vdsl1/0/13 Vdsl1/0/14
Vdsl1/0/15 Vdsl1/0/16 Vdsl1/0/17
Vdsl1/0/18 Vdsl1/0/19 Vdsl1/0/20
Vdsl1/0/21 Vdsl1/0/22 Vdsl1/0/23
The above information shows that the upstream port of multicast VLAN is
GigabitEthernet7/1/0, and the down stream ports of it include vdsl2/0/0 vdsl2/0/23.
12-4
SmartAX MA5300/5303 Broadband Access System Chapter 13 Managed Multicast Configuration
Chapter 13 Managed Multicast Configuration
13.1 Overview
Managed multicast indicates to control multicast message. It is used to implement

the management of multicast user, services and accounting. Managed multicast
involves: authentication and accounting of multicast, monitor and analysis of
multicast, multicast QoS, multicast encryption as well as allocation of multicast
addresses. The MA5300 completely complies with the standard multicast protocol,
and provides managed multicast and supports multicast authentication.
With multicast authentication, the MA5300 will authenticate a user who intends to
join a multicast group, and decide whether to allow the user to join the multicast
group based on the authentication result.
Multicast accounting indicates to charge a user who has passed the multicast
authentication, according to the multicast group he joins, the traffic of the multicast
group, or the start and end time of joining the multicast group. The multicast device
periodically sends the member query messages to judge whether to continue
charging the user. If it receives the report message from the user, it will continue
charging the user. If the user makes no response, the device will adopt the
mechanism for offline multicast user, and stop charging the multicast user. If the
multicast device receives the offline message from the user, it will also adopt the
mechanism for offline multicast user and stop charging the user. By far, the MA5300
does not support multicast accounting.
13.2 Configuring Managed Multicast
Configuration of managed multicast involves:

z Enabling/disabling managed multicast
z Configuring multicast group accessibility
z Querying the debugging information on managed multicast (optional)
The following introduce the specific operations.
13.2.1 Enabling/Disabling Managed Multicast
Enabling managed multicast indicates to authenticate and charge multicast users.

Disabling managed multicast indicates to cancel the control over the multicast user.
13-1
Note that only when 802.1x is enabled globally on all the ports and the 802.1x
authentication is passed, can the authentication of managed multicast be enabled.
Only the ports under port-based authentication/control can use the managed
multicast function.
Table 13-1 Enabling/Disabling managed multicast
To Use
Enable managed multicast ip managed-multicast
Disable managed multicast no ip managed-multicast
Managed multicast is disabled by default.
This example shows how to enable managed multicast.

MA5300(config)# ip managed-multicast
13.2.2 Configuring Multicast Group Accessibility
After a multicast user has passed the authentication, you can configure the multicast
groups to make them accessible/inaccessible to the multicast user.
Table 13-2 Configuring multicast group accessibility
To Use
Configure multicast groups to make them accessible multicast user username enable
for the user group-address
Configure multicast groups to make them multicast user username disable
inaccessible for the user { group-address | all }
This example shows how to configure a multicast group to make it accessible for the
user.
MA5300(config)# multicast user 5300 enable 224.0.1.11
This example shows how to configure a multicast group to make it inaccessible for
the user.
MA5300(config)# multicast user 5300 disable 224.0.1.12
13-2
13.2.3 Querying the Debugging Information of Managed Multicast
Perform this configuration in privilege mode.
Table 13-3 Querying the debugging information on managed multicast
To Use
Query the debugging information on managed multicast [ no ] debug ip managed-multicast
This example shows how to query the debugging information of managed multicast.
MA5300(config)#show ip managed-multicast user passed
Managed-multicast user passed.
Total 0 passed entry listed.
13.3 Configuration Example of Managed Multicast
Configure the managed multicasts of the MA5300 to allow the multicast user 5300
to access the multicast group of 224.0.1.11.
Figure 13-1 shows the networking of managed multicast.
Internet
Router
Multicast
MA5300
Figure 13-1 Networking of managed multicast
13-3
1) Configure 802.1x authentication.

Refer to the section of AAA and Security Configuration
2) Enable multicast.
MA5300(config)# ip multicast-routing
Or
MA5300(config)# igmp-snooping enable
3) Enable managed multicast.
MA5300(config)# ip managed-multicast
4) Configure the reachable multicast group for the multicast group user.
MA5300(config)# multicast user 5300 enable 224.0.1.11
13-4
SmartAX MA5300/5303 Broadband Access System Chapter 14 ACL Configuration
Chapter 14 ACL Configuration
14.1 Introduction to ACL
14.1.1 Overview
In order to filter data packets, network equipment needs to configure a series of

matching rules to identify the objects to be filtered. Only when the specific objects
have been identified can the data packets be allowed or prohibited to pass according
to preset policies. Access control list (ACL) is adopted to provide such functions.
ACL classifies data packets through various matching rules, which can be source
address or destination address of the data packets, port number, and so on. ACL is
also applied to the MA5300 ports. The MA5300 can determine whether to forward or
discard certain data packets according to specified rules in ACL.
The matching rules defined by ACL can also be quoted in other cases concerning
traffic classification, for example, the definition of traffic classification rules in QoS.
14.1.2 Configuring the Match Order
An access control rule may comprise several sub-rules, the statements of which
specify different ranges of packets. When matching a data packet with the access
control rule, the issue of match order arises. There are two match orders for access
control sub-rules:
z config: indicates to follow the user defined configuration order when formulating
the matching rule.
z auto: indicates to allow the system to sort automatically (in depth-first order)
when formulating the matching rule.
The default setting is config, in which case once the user specifies the match order of
an access control rule, he cannot modify it later, unless he deletes all the content of
the rule and specifies the match order again.
The depth-first principle of auto is to put the statement specifying the smallest range
of packets on the top of the list. This can be implemented through comparing the
wildcards of the addresses. The smaller the wildcard is, the fewer hosts it can specify.
For example, 129.102.1.1 0.0.0.0 specifies a host: 129.102.1.1, while 129.102.1.1

0.0.255.255 specifies a network segment, 129.102.0.1 through 129.102.255.255.
Obviously, the former one listed ahead in the ACL. The specific standard is as follows:
14-1
z For standard ACL, the source address wildcards are compared directly.
If the wildcards are the same, follow the configuration sequence.
z For extended ACL, the source address wildcards are compared first.
If the wildcards are the same, the destination address wildcards are then
compared. If the destination address wildcards are again the same, the ranges of
port numbers will be compared, and the port number with smaller range will be
listed ahead. If the port numbers are still in the same range, follow the
configuration sequence.
14.1.3 ACLs Supported by the MA5300
In the MA5300, ACLs are divided into the following categories:

z Numbered standard ACL
z Numbered extended ACL
z Numbered Layer 2 ACL
z Numbered user defined ACL
z Named standard ACL
z Named extended ACL
z Named Layer 2 ACL
z Numbered user defined ACL
In the MA5300, the limits on the number of various ACLs are as shown in following
table.
Table 14-1 Restriction on the number of various ACLs
Item Range of figure Max. number able to be defined

Numbered standard ACL 1 99 99
Numbered extended ACL 100 199 100
Numbered Layer 2 ACL 200 299 100
Numbered user defined ACL 300 399 100
Named standard ACL 1000
Named extended ACL 1000
Named Layer 2 ACL 1000
Named user defined ACL 1000
Sub-rules that can be defined by one ACL 0 127 128
Sub-rules that can be defined by one
3000
equipment
Number of absolute time range 12
14-2
Item Range of figure Max. number able to be defined

Number of periodic time range 32
14.2 Configuring ACL
It is recommended to follow the three steps below to configure ACL:

1) First configure the time range.
2) Then define the ACL, which will quote the pre-defined time range.
3) Finally activate the ACL.
ACL configuration tasks include:
z Configuring time range
z Defining ACL
z Activating ACL
z Querying ACL information
14.2.1 Configuring Time-Range
I. Entering time-range mode
You can use the following command to enter the time-range mode and begin
configuring the time range.
Perform this configuration in global mode.
Table 14-2 Entering time range mode
To Use
Enter time range mode time-range time-range-name
There are two kinds of time ranges, absolute and periodic time ranges.
The absolute time range is expressed in the format of year/month/day, hour/minute.

The periodic time range is expressed in the format of day of the week/hour/minute.
II. Setting the absolute time range
You can use the following commands to set the absolute time range.
Perform these configurations in time range mode.
14-3
Table 14-3 Setting the absolute time range
To Use
absolute [ start HH:MM MM-DD-YYYY ] [ end HH:MM
Set the absolute time range
MM-DD-YYYY ]
no absolute [ start HH:MM MM-DD-YYYY ] [ end HH:MM
Delete the absolute time range
MM-DD-YYYY ]
When the start time is not configured, there is no limit on the start time. If the end time
is not configured, it will be the maximum time that can be displayed by the system.
The end time shall be later than the start time.
The absolute time range specifies a broader valid period and also limits the periodic
time range. Up to 12 absolute time ranges can be configured.
III. Setting the periodic time range
You can use the following commands to set the periodic time range.
Perform these configurations in time range mode.
Table 14-4 Setting the periodic time range
To Use
Set the periodic time range periodic days-of-the-week hh:mm to [ day-of-the-week ] hh:mm
Delete the periodic time range no periodic days-of-the-week hh:mm to [ day-of-the-week ] hh:mm
The periodic time range expires in a week. Up to 32 periodic time ranges can be
configured.
14.2.2 Defining ACL
The MA5300 supports several kinds of ACLs. The following section introduces how to
define these ACLs.
I. Defining standard ACL
The MA5300 can define up to 99 standard ACLs identified by numbers ranging from 1
to 99, and up to 1000 named standard ACLs. It can also define up to 128 sub-rules for
an ACL (the numbered ACL or named ACL). A maximum of 3000 sub-rules can be
defined. The rules of the standard ACL are defined on the basis of the Layer 3 source
IP address to analyze the data packets.
1) Define numbered standard ACL.
14-4
You can use the following commands to define the numbered standard ACL.
Table 14-5 Defining numbered standard ACL
To Use
access-list access-list-number1 { deny | permit
Define numbered standard ACL | } { source-addr source-wildcard | any }
[ fragments ] [ time-range time-range-name ]
access-list access-list-number match order

Define the match order of ACL
{ config | auto }
Delete all the sub-rules or one sub-rule of the ACL no access-list { all | { access-list-number |
or delete the entire ACL access-list-name } [subitem ] }
During the process of defining the ACL, you can use the access-list command for
several times to define multiple rules for an ACL.
If defined without a specified time-range, the ACL will always function once being
activated.
2) Define named standard ACL.
You can use the following commands to define named standard ACL.
Note:
The named standard ACL shall be defined in the special configuration mode: use the access-list
standard command in global mode, then the command will also specify the match order of the access
list. You can use the exit command to exit the configuration mode.
Perform these configurations in corresponding mode.
Table 14-6 Define named standard ACL
To Use
Enter the named standard ACL mode access-list standard name [ match order { config |
(global mode) auto } ]
Define standard ACL rules (named { permit | deny } { source-addr source-wildcard | any }
standard ACL mode) [ fragments ] [ time-range time-range-name ]
Delete all the sub-rules or one sub-rule of
no access-list { all | { access-list-number |
the ACL or delete the entire ACL (global
access-list-name } [ subitem ] }
mode)
14-5
During the process of defining the ACL, you can use the { permit | deny } command
for several times to define multiple rules for an ACL.
Besides, once the user specifies the match order of an ACL rule, he cannot modify it
later.
The default match order of ACL is config, namely, following the order configured by
the user.
II. Defining extended ACL
The MA5300 can define up to 100 extended ACLs identified by numbers ranging from
100 to 199 and up to 1000 named extended ACLs. In total, the MA5300 can define
3000 sub-rules. Also, it can define at most 128 sub-rules for one ACL (either
numbered ACL or named ACL).
The classification rules are defined on the basis of packet attributes such as the
source IP, destination IP, TCP or UDP port number in use and the packet priority. The
extended ACL is able to analyze three kinds of packet priorities, including 802.1p
priority, IP priority and DSCP priority.
1) Define numbered extended ACL.
You can use the following commands to define numbered extended ACL.
Table 14-7 Define numbered extended ACL
To Use
access-list access-list-number2 { permit | deny } [ protocol ]
[ established ] { source-addr source-wildcard | any } [ operator port1
Define numbered extended
[ port2 ] ] { dest-addr dest-wildcard | any } [ operator port1 [ port2 ] ]
ACL
[ icmp-type [ icmp-code ] ] [ fragments ] { [ precedence precedence ]
[ tos tos ] | [ dscp dscp ] } [ time-range time-range-name ]
Define the match order of ACL access-list access-list-number match order { config | auto }
Delete all the sub-rules or one
no access-list { all | { access-list-number | access-list-name }
sub-rule of the ACL or delete
[subitem ] }
the entire ACL
The extended ACL is identified with the numbers ranging from 100 to 199.
Note that, the port1 and port2 in the access-list command specify the TCP or UDP
ports used by various high-layer applications. For some common port numbers, you
14-6
can use the mnemonic symbols as shortcut. For example, bgp can represent the
TCP number 179 used by BGP.
2) Define named extended ACL.
You can use the following commands to define named extended ACL.
Note:
The named extended ACL shall be defined in the special configuration mode. Use the access-list
extended command in global mode. The command will also specify the match order of the access list.
You can use the exit command to exit the configuration mode.
Table 14-8 Defining named extended ACL
To Use
Enter the named extended ACL mode (global access-list extended name [ match order { config |
mode) auto } ]
{ permit | deny } [ protocol ] [ established ]
{ source-addr source-wildcard | any } [ operator port1
[ port2 ] ] { dest-addr dest-wildcard | any } [ operator
Define extended ACL rules (named extended
port1 [ port2 ] ] [ icmp-type [ icmp-code ] ]
ACL mode)
{ [ precedence precedence ] [ tos tos ] | [ dscp
dscp ] } [ fragments ] [ time-range
time-range-name ]
Delete all the sub-rules or one sub-rule of the no access-list { all | { access-list-number |
ACL or delete the entire ACL (global mode) access-list-name } [ subitem ] }
later.
Note that, the port1 and port2 in the above command specify the TCP or UDP ports
used in various high-layer applications. For some common port numbers, you can use
the mnemonic symbols as shortcut. For example, bgp can represent the TCP
number 179 used by BGP.
The default match order of ACL is config. That is, to follow the order configured by the
user.
14-7
III. Defining Layer 2 ACL
The MA5300 can define up to 100 numbered Layer 2 ACLs identified with numbers
ranging from 200 to 299 and up to 1000 named Layer 2 ACLs. In total, the MA5300
can define 3000 sub-rules, and at the same time, it can define up to 128 sub-rules for
one ACL (either numbered ACL or named ACL).
The rules of Layer 2 ACL are defined based on the Layer 2 information such as
source MAC address, source VLAN ID, Layer 2 protocol type, Layer 2 ports receiving
and forwarding the packet and destination MAC address to process the data packets.
1) Define numbered Layer 2 ACL.
You can use the following commands to define the numbered Layer 2 ACL.
Table 14-9 Defining the numbered Layer 2 ACL
To Use
access-list access-list-number3 { permit | deny }
[ protocol ] [ cos vlan-pri ] ingress { { [ source-vlan-id ]
[ source-mac-addr source-mac-wildcard ] [ interface
Define the numbered Layer 2 ACL { interface-name | interface-type interface-num } ] } | any }
egress { { [ dest-mac-addr dest-mac-wildcard ] [ interface
{ interface-name | interface-type interface-num } ] } | any }
[ time-range time-range-name ]
access-list access-list-number match order { config |
auto }
Delete all the sub-rules or one sub-rule no access-list { all | { access-list-number |
of the ACL or delete the entire ACL access-list-name } [ subitem subitem ] }
In defining the ACL, you can use the access-list command for several times to define
multiple rules for an ACL.
Layer 2 ACL can be identified with numbers ranging from 200 to 299.
2) Define the named Layer 2 ACL.
You can use the following commands to define the named Layer 2 ACL
Note:
The named Layer 2 ACL shall be defined in the special configuration mode: use the access-list link
command in global mode, then the command will also specify the match order of the access list. You can
use the exit command to exit the configuration mode.
14-8
Table 14-10 Defining the named Layer 2 ACL
To Use
Enter the Named Layer 2 ACL mode (global access-list link name [ match order { config |
mode) auto } ]
{ permit | deny } [ protocol ] [ cos vlan-pri ] ingress
{ { [ source-vlan-id ] [ source-mac-addr
Define Layer 2 ACL (Named Layer 2 ACL
source-mac-wildcard ] } | any } egress
mode)
{ { dest-mac-addr dest-mac-wildcard } | any }
[ time-range time-range-name ]
Delete all the sub-rules or one sub-rule of the no access-list { all | { access-list-number |
ACL or delete the entire ACL (global mode) access-list-name } [subitem ] }
later.
The default match order of ACL is config, namely, following the order configured by
the user.
IV. Defining user defined ACL
The user defined ACL matches any of the first 80 bytes in Layer 2 data frames and
processes them accordingly. To be able to use the user defined ACL in a proper way,
you are required to understand the composition of Layer 2 data frames very well.
The figure below is the schematic diagram of the first 64 bytes of the Layer 2 data
frames. Every letter represents one hexadecimal, and every two letters represent one
byte.
Figure 14-1 Schematic diagram of the first 64 bytes of data frames
The description of each letter and their offset values in the above figure are shown in
Table 14-11.
14-9
Table 14-11 Description of each letter and their offset values
Letter Meaning Offset Letter Meaning Offset

Destination MAC
A 0 O TTL field 34
address
Protocol number (6 refers
B Source MAC address 6 P to TCP and 17 refers to 35
UDP)
Length field of data
C 12 Q IP checksum 36
frame
D VLAN tag field 14 R Source IP address 38
DSAP (Destination
E Service Access Point) 18 S Destination IP address 42
field
SSAP (Source Service
F 19 T TCP source port 46
Access Point) field
G Ctrl field 20 U TCP destination port 48
H org code field 21 V Serial number 50
I Encapsulated data type 24 W Acknowledgement field 54
IP header length and
J IP version number 26 XY 58
reserved bit
K TOS field 27 Z Reserved bit and flags bit 59
L IP packet length 28 a Window Size field 60
M ID number 30 b Other 62
N Flags field 32
In Table 14-11, the offset of each field is their offset in the 802.3 data frame of SNAP +
tag. For the user defined ACL, user can use the rule mask and offset parameters to
extract any byte from the first 80 bytes of data frame, and then compare the extracted
byte with user defined rules to filter matched data frames for processing. User defined
rules can be some certain attributes of the data.
For example, to filter all TCP messages, you can define the rule as 06, rule mask
FF and offset 35. Then the rule mask and offset will work together to extract the
contents in the TCP protocol number field of the received data frame to compare with
the rules and then find all the matched TCP messages.
14-10
Note:
At present, user defined ACL is only applicable for filtering snap+tagged data frames, which are
compliant with 802.3 standards.
1) Define the numbered user defined ACL.

You can use the following commands to define numbered user defined ACL.
Table 14-12 Defining numbered user defined ACL
To Use
access-list access-list-number4 { permit | deny }
Define the numbered user defined ACL { rule-string rule-mask offset }&<1-20> [ time-range
time-range-name ]
access-list access-list-number match order { config |
auto }
Delete all the sub-rules or one sub-rule no access-list { all | { access-list-number |

of the ACL or delete the entire ACL access-list-name } [ subitem ] }
The self defined ACL are identified with the numbers ranging from 300 to 399.
2) Define the named user defined ACL.
You can use the following commands to define named user defined ACL.
Note:
The named user defined ACL shall be defined in the special configuration mode. Use the access-list
user command in global mode. Then the command will also specify the match order of the access list.
You can use the exit command to exit the configuration mode.
14-11
Table 14-13 Defining named user defined ACL
To Use
Enter the named user defined ACL mode (global access-list user name [ match order { config |
mode) auto } ]
Define the user defined ACL (named user defined { permit | deny } { rule-string rule-mask
ACL mode) offset }&<1-20> [ time-range time-range-name ]
Delete all the sub-rules or one sub-rule of the ACL no access-list { all | { access-list-number |
or delete the entire ACL (global mode) access-list-name } [subitem ] }
Create a user defined ACL named by access-list-name and enter the ACL mode. The
parameter access-list-name is expressed as a character string starting with English
letters (that is [a to z, A to Z]), excluding space and quotation marks. The name cannot
be specified as all. The system does not distinguish the upper and lower case
letters.
Similar to the numbered ACL rule, the following match order clause is also used for
specifying the match order of the rule. If the order is not specified with match order, it
defaults to config. That is the match follows the user defined order. Besides, once the
match order of an ACL rule has been specified, it cannot be modified later.
14.2.3 Activating an ACL
The defined ACL has to be activated to become effective.
You can use the following commands to activate the defined ACL.
Perform these configurations in Ethernet port mode, ADSL port mode, VDSL port
mode, SHDSL port mode. However, the rules for the ADSL port and the SHDSL port
are only applicable to the IP packets.
After you have configured the ACL for one port on the ADSL or the SHDSL interface
board, the other ports on that board have the same properties as this one.
Table 14-14 Activating an ACL
To Use
access-group { user-group { access-list-number | access-list-name } [ subitem
subitem ] { in | out } | { [ ip-group { access-list-number | access-list-name }
Activate an ACL
[ subitem subitem ] { in | out } ] [ link-group { access-list-number |
access-list-name } [ subitem subitem ] { in | out } ] } }
14-12
To Use
no access-group { user-group { access-list-number | access-list-name }
Deactivate an [ subitem subitem ] { in | out } | { [ ip-group { access-list-number |
ACL access-list-name } [ subitem subitem ] { in | out } ] [ link-group
{ access-list-number | access-list-name } [ subitem subitem ] { in | out } ] } }
Note:
This command can activate the Layer 2 and Layer 3 ACLs at the same time on the
condition that the actions of the combination items should be consistent. If the actions
conflict (one is permit and the other is deny), they cannot be activated.
MA5300 activates Layer 2 and Layer 3 ACLs by the following means: the sub-rule 1 of
the Layer 2 ACL group combines with the sub-rule 1 of the Layer 3 ACL group, and
the sub-rule 2 of the Layer 2 ACL group combines with the sub-rule 1 of the Layer 3
ACL group, and so on. If the sub-rules of the two ACL groups are not identical, then
the unmatched sub-rules will be activated respectively.
14.2.4 Querying ACL Information
After performing the above configurations, you can use the show command to query
information on configured ACLs or to authenticate whether the configuration is
correct.
Table 14-15 Query ACL information
To Use
Query status of time range show time-range { time-range-name | all }
show access-lists config { all | access-list-number |
Show detailed ACL information
access-list-name }
show access-lists runtime { all | { interface
Show runtime information on all ACLs
interface-name | interface-type interface-num } }
14.3 ACL Configuration Example
The following provide an ACL configuration example.
I. Networking requirement
Given these conditions:

z The interconnection between different departments on a company network is
implemented through the VDSL2/0/0 VDSL2/0/2 ports of the MA5300.
14-13
z The payment query server of the Financial Dept. is accessed through

Ethernet7/1/0 (at 129.110.1.2).
It is required to properly configure the ACL and limit the department other than the
Office of President access the payment query server between 8:00 and 12:00. The
Office of President (at 129.111.1.2) can access the server without limitation.
Office of President Payment query server

129.111.1.2 129.110.1.2
MA5300
Financial Dept. Management Dept.

To router
Figure 14-2 Access control configuration example
III. Configuration precedure
Note:
In the following configurations, only the commands related to ACL configurations are listed.
1) Define the work time range.

! This example shows how to enter the time range mode and names it as
time-on-duty.
MA5300(config)# time range time-on-duty
! This example shows how to define the periodic time range from 8:00 to 12:00.
MA5300(config-timerange- time-on-duty)# periodic daily 8:00 to 12:00
2) Define the ACL to access the payment server.
! This example shows how to enter the named extended ACL, named as
traffic-to-payserver.
MA5300(config)# access-list extended traffic-to-payserver
14-14
! This example shows how to define the rules for other department to access the
payment server.
MA5300(config-ext-nacl-traffic-to-payserver)# deny ip any 129.110.1.2
0.0.0.0 time range time-on-duty
! This example shows how to define the rules for the Office of President to access the
payment server.
MA5300(config-ext-nacl-traffic-to-payserver)# permit ip 129.111.1.2 0.0.0.0
129.110.1.2 0.0.0.0
3) Activate ACL.
! This example shows how to apply the ACL traffic-to-payserver to corresponding
MA5300 port.
MA5300(config-if-Vdsl2/0/0)# access-group ip-group traffic-to-payserver in
14-15
SmartAX MA5300/5303 Broadband Access System Chapter 15 QoS Configuration
Chapter 15 QoS Configuration
15.1 Overview
In the traditional IP network, all the packets are treated without difference. Every
switch/router handles the packets following the First In First Out (FIFO) policy. That is,
it makes best effort to transmit the packets to the destination, instead of making any
commitment to the transmission liability, delay or other performances.
With the rapid development of computer network, the requirements on network are
becoming increasingly high, and the network is being used to deliver more and more
traffic of voice, image and important data, which are sensitive to the bandwidth, delay
and jitter. This enriches the network sources. On the other hand, the network
congestion occurs more frequently. As a result, people require higher quality of
service (QoS) for the transmission over the network.
The Ethernet technology is the most widely used network technology nowadays.
Ethernet has been the dominant technology of various independent Local Area
Networks (LANs), and many LANs in the Ethernet form have been part of the Internet.
Moreover, with the continuous development of the Ethernet technology, Ethernet is
becoming one of the major ways for common users to access the Internet. In order to
implement the end-to-end QoS solution on the whole network, how to guarantee the
Ethernet QoS service has to be taken into consideration.
This requires the Ethernet switching devices to apply the Ethernet QoS technology to
the traffic of different types with QoS guarantees at different levels, especially for
those having higher-requirements on the time delay and jitter.
15.1.1 Traffic Classification
Traffic refers to all packets passing through a MA5300.
Traffic classification means identifying the packets with certain characteristics, using
the matching rule called classification rule, set by the configuration administrator
based on the actual requirements. The rule can be very simple.
For example, the traffic with different priority levels can be identified according to the
ToS field in IP packet header. There are also some complex rules. For example, the
information over the integrated link layer (Layer 2), network layer (Layer 3) and
transport layer (Layer-4), such as MAC address, IP protocol, source IP address,
15-1
destination IP address and the port number of application, can be used for traffic
classification.
Generally, the classification standards are encapsulated in the header of the packets.
The packet content is seldom used as the classification standard.
15.1.2 Packet Filtering
Packet filtering aims to filter the traffic. For example, the operation deny discards the
traffic matching the traffic classification rule, while allowing other traffic to pass
through. With the complex traffic classification rules, the MA5300 enable the filtering
of various information carried in Layer 2 traffic and discards useless, unreliable or
doubtful traffic, thereby enhancing the network security.
These are the two key steps for implementing the frame filtering.
Step 1: Classify the ingress traffic according to the classification rule.
Step 2: Filter the identified traffic, namely performing the deny operation (also the
default access control operation).
15.1.3 Traffic Policing
In order to deliver better service with the limited network resources, QoS regulates the
traffic of the specified user at the input port, so that it can make a better use of the
assigned resource.
15.1.4 Port Rate Limit
The port rate limit is the limit imposed on the rate of a port so as to limit the general
speed of output packets passing through the port.
15.1.5 Redirection
You can specify a new port to forward the packets according to your requirements on
the QoS policy.
15.1.6 Priority Tag
The MA5300 can deliver priority tag service for certain packets. These tags include
TOS, DSCP and 802.1p, which can be used and defined in different QoS modules
respectively.
The following section will introduce the priority levels of IP, TOS, DSCP and 802.1p.
15-2
I. The priority levels of IP, TOS and DSCP
Figure 15-1 DS domain and ToS byte
You may already be quite familiar with the definition of the TOS domain in the header
of IP message (refer to RFC791). As shown in above figure, the TOS field of IP
header has 8 bits, the first 3 bits of which represent IP priority, ranging 0 7 (see
RFC1122), whereas the 4th 7th bits represent TOS priority, ranging 0 15 (see
RFC1349).
RFC2474 has redefined the TOS domain of IP packet header as DS domain, of which
the first 6 bits (0-5) represent DSCP priority, ranging 0 63 and the later 2 bits (6 7)
are reserved bits.
II. 802.1p priority
802.1p priority is located in the header of a Layer 2 message. It applies to cases

where analysis of Layer 3 header is not required while QoS under Layer 2 should be
guaranteed.
Figure 15-2 Ethernet frame with 802.1Q flag header
As shown in Figure 15-2, each host that supports 802.1Q protocol will add a 4-byte
802.1Q flag head after the source address in previous Ethernet frame header when
sending data packets.
This 4-byte 802.1Q flag header includes a 2-byte Tag Protocol Identifier (TPID) whose
value is 8100 and a 2-byte Tag Control Information (TCI). TPID is new type defined by
IEEE. It indicates that the message has been added an 802.1Q flag. The following
figure shows the detailed contents of 802.1Q header.
15-3
Figure 15-3 802.1Q header
As shown in Figure 15-3, the Priority field in TCI refers to 802.1p priority, which
consists of 3 bits with range 0 7. These 3 bits indicate the priority of the frame.
There are 8 priorities altogether, mainly used to determine in what order the packets
will be sent in case of equipment congestion.
It is called 802.1p priority because such priorities are defined in detail in 802.1p
standards.
15.1.7 Selecting Egress Queue for the Packets
MA5300 can select corresponding egress queues for certain packets.
15.1.8 Queue Scheduling
When congestion occurs, several packets will compete for the resources. To settle the
problem, they are generally queued. The following section will introduce three queue
scheduling algorithms, strict Priority Queue (PQ), Weighted Round Robin (WRR) and
delay-bounded WRR.
1) PQ
Queue
High
Dequeue
Medium
Classify
Packets to be sent Packets left
via this interface Normal the interface
Low
Figure 15-4 Priority queue diagram
The PQ is specially designed for the key service application. A significant feature of
the key service is the demand for service priority to reduce the response delay when
congestion occurs. The PQ divides all messages into up to 4 kinds, namely,
high-priority, medium-priority, normal-priority and low-priority queues (which are
indicated as the Queue 3, 2, 1 and 0 in turn), whose priorities reduce one by one.
15-4
The queue dispatching strictly obeys the high-to-low priority order. The PQ gives
preference to and forwards the packets in the higher-priority queue first. When the
higher-priority queue is empty, it will send the packets in the lower-priority group. In
this way, the key service packets are put in the higher-priority queue and the non-key
service packets, like E-mail, are put in the lower-priority queue. This ensures that the
key service packets are transmitted first, while the non-key service packets are
transmitted during the idle gaps of key service traffic processing.
The PQ also has a drawback. When congestion occurs, if there are many packets
queuing in the higher-priority queue, which will take a long time to transmit, the
messages in the lower-priority queue will be starved without service.
2) WRR
WRR defines 4 or 8 egress queues for each port (MA5300 has 4 queues on each port,
which are queue 3, 2, 1 and 0 with descending priorities). The round scheduling
ensures every queue gets some time of service. WRR gives every queue a weight
(w3, w2, w1, and w0 respectively) for resource obtaining.
For example, you can configure the weight value of the WRR algorithm for 100M port
as 50, 30, 10 and 10 (corresponding to the w3, w2, w1 and w0 respectively). Thus the
low-priority queue can be guaranteed to get the minimum bandwidth of 10Mbps,
avoiding the case in PQ scheduling that the messages in the lower-priority queues
may not get any service for long time. Another advantage of WRR queue is that the
service time is assigned to each queue flexibly, although it is the round multiple queue
scheduling. When a queue is empty, it will switch to the next queue immediately,
thereby making good use of the bandwidth resource.
3) Delay bounded WRR
Compared with common WRR, the Delay bounded WRR is special in that it
guarantees packets in the highest-priority queue to be forwarded before the specified
delay times out.
15.1.9 Traffic Mirroring
The traffic mirroring function is to copy the specified data packets to the observing port
for network diagnosis and troubleshooting.
15.1.10 Port Mirroring
The port mirroring function is to copy data packets of specified ports to the observing
port for network diagnosis and troubleshooting.
15-5
15.1.11 Traffic Statistics
With the traffic-based traffic statistics, you can count and analyze the packets at your
requirements.
The MA5300 uses ACL to implement the QoS services including traffic policing, port
line rate, packet redirection, priority tag, queue scheduling, traffic mirroring and traffic
statistics.
15.1.12 QoS Implementation
The MA5300 uses ACL quotation to complete the QoS functions such as traffic
policing, port rate limit, redirection, priority tag, queue scheduling, traffic mirroring,
traffic counting.
15.2 Configuring QoS
Before configuring QoS, you have to define the corresponding ACL.
The configuration of QoS involves:

z Traffic policing
z Rate limit
z Redirection configuration
z Priority tag
z Queue scheduling
z Traffic mirroring
z Traffic statistics
z Query QoS information
15.2.1 Configuring Traffic Policing
Traffic policing is the traffic-based rate restriction. Once the traffic flow exceeding the
specified rate, corresponding actions will be taken, such as discarding the packets or
lowering the priority.
You can use the following commands to configure traffic policing.
are only applicable to the IP packets. After you have configured the ACL for one port
on the ADSL or the SHDSL interface board, the other ports on that board have the
same properties as this one.
15-6
Table 15-1 Configuring rate limit
To Use
rate-limit input { user-group { access-list-number | access-list-name }
Configure the [ subitem subitem ] | { [ ip-group { access-list-number | access-list-name }
traffic-based rate limit [ subitem subitem ] ] [ link-group { access-list-number | access-list-name }
[ subitem subitem ] ] } } target-rate [ exceed-action action ]
no rate-limit input { user-group { access-list-number | access-list-name }
Cancel the
[ subitem subitem ] | { [ ip-group { access-list-number | access-list-name }
configuration of the
[ subitem subitem ] ] [ link-group { access-list-number | access-list-name }
traffic-based rate limit
[ subitem subitem ] ] } }
You have to define the corresponding ACL before performing this configuration task.
The purpose of this configuration task is to implement traffic policing over the data
traffic matching the ACL. The traffic beyond the limit will be dealt with in other way,
such as being discarded.
15.2.2 Configuring Port Rate Limit
The port rate limit is the port-based line rate used for limiting the general speed of
packet output on the port.
You can use the following commands to configure port rate limit.
Table 15-2 Configuring port rate limit
To Use
Configure the port rate limit line-rate target-rate
Cancel the configuration port rate limit no line-rate
You can configure the rate limit for a single port of the MA5300.
15.2.3 Configuring Packet Redirection
Packet redirection is to redirect the packets to the CPU or a specified output port.
You can use the following commands to configure the packet redirection.
15-7
Perform these configurations in VDSL port mode or Ethernet port mode.
Table 15-3 Configuring redirection
To Use
traffic-redirect { input | ouput } { user-group { access-list-number |
access-list-name } [ subitem subitem ] | { [ ip-group { access-list-number |
Configure redirection access-list-name } [ subitem subitem ] ] [ link-group { access-list-number |
access-list-name } [ subitem subitem ] ] } } { cpu | { interface interface-name
| interface-type interface-num } }
no traffic-redirect { input | ouput } { user-group { access-list-number |
Cancel the redirection
access-list-name } [ subitem subitem ] ] [ link-group { access-list-number |
access-list-name } [ subitem subitem ] ] } }
Note that the configuration of redirection only takes effects on the rules with action
permit. After the packets are redirected to the CPU, they will not be forwarded any
longer.
15.2.4 Configuring Priority Tag
The priority tag configuration is a policy to tag the priority for the packets matching the
ACL. The new priority is filled in the priority field of the packet header.
You can use the following commands to configure the priority marking.
Perform these configurations in VDSL port mode, Ethernet port mode, SHDSL port
mode, or ADSL port mode. Note that the ACL which are configured in ADSL port
mode and SHDSL port mode are applicable to IP packets only. After you have
configured the ACL for one port in ADSL port mode or SHDSL port mode, the other
ports on the same interface board will have the same settings.
Table 15-4 Tagging packet priority (centralized system)
To Use
traffic-priority { input | ouput } { user-group { access-list-number |
Configure the packet access-list-name } [ subitem subitem ] ] [ link-group { access-list-number |
priority tag access-list-name } [ subitem subitem ] ] } } { [ dscp dscp-value ]
[ ip-precedence { pre-value | from-cos } ] [ cos { pre-value | from-ipprec } ]
[ local-precedence pre-value ] }
no traffic-priority { input | output } { user-group { access-list-number1 |
Cancel the packet access-list-name } [ subitem subitem ] | { [ ip-group { access-list-number2 |
priority tag access-list-name } [ subitem subitem ] ] [ link-group { access-list-number3 |
15-8
The MA5300 supports to tag the packets with IP precedence (specified by

ip-precedence in the traffic-priority command), DSCP (specified by dscp in the
traffic-priority command) or 802.1p preference (specified by cos in the
traffic-priority command). You can tag the packets with different priority levels at
requirements on QoS policy. The MA5300 puts the packets into corresponding egress
queues according to the 802.1p preference or the local preference (specified by
local-precedence in the traffic-priority command). If both the 802.1p preference
and local preference have been specified in the traffic-priority command, the switch
will put the packets into corresponding queues according to the 802.1p preference
first.
Note that packet priority tag function only takes effects on the rules with action permit.
15.2.5 Configuring Queue Scheduling
Queue scheduling is commonly used to resolve the problem that multiple messages
compete with resource when the network congestion happens.
You can use the following commands to configure the queue scheduler.
Table 15-5 Configuring the queue scheduling algorithm
To Use
queue-scheduler { strict-priority | wrr queue1-weight
queue2-weight queue3-weight queue4-weight |
Configure queue scheduling algorithm
wrr-max-delay queue1-weight queue2-weight
queue3-weight queue4-weight maxdelay }
Restore the default queue scheduling
no queue-scheduler
algorithm
MA5300 supports 3 kinds of queue schedulers, namely strict priority queuing, WRR
and delay bounded WRR.
By default, the switch uses the strict-priority algorithm.
15.2.6 Configuring Traffic Mirroring
The function of traffic mirroring is to copy the traffic matching ACL rule to the
designated observing port to analyze and monitor the packets.
You can use the following commands to configure the traffic mirroring.
15-9
Table 15-6 Configuring traffic mirroring
To Use
mirrored-to { input | output } { user-group { access-list-number |
Configure traffic
mirroring
access-list-name } [subitem subitem ] ] } } [ interface interface-name |
interface-type interface-num ]
no mirrored-to { input | output } { user-group { access-list-number |

Cancel traffic mirroring access-list-name } [subitem subitem ] | { [ ip-group { access-list-number |
function access-list-name } [subitem subitem ] ] [ link-group { access-list-number |
access-list-name } [subitem subitem ] ] } }
15.2.7 Configuring Traffic Statistics
The traffic statistics function is used for counting the data packets of the specified
traffic.
You can use the following commands to configure traffic statistics.
Table 15-7 Configuring traffic statistics
To Use
traffic-statistic { input | output } { user-group { access-list-number |
Configure traffic access-list-name } [ subitem subitem ] | { [ ip-group { access-list-number |
statistics access-list-name } [ subitem subitem ] ] [ link-group { access-list-number |
clear traffic-statistic { input | output } { all | user-group
Cancel the traffic { access-list-number | access-list-name } [ subitem subitem ] | { [ ip-group
statistics function { access-list-number | access-list-name } [ subitem subitem ] ] [ link-group
{ access-list-number | access-list-name } [ subitem subitem ] ] } }
no traffic-statistic { input | output } { user-group { access-list-number |
Clear traffic statistics
15-10
Note that the traffic statistics function only takes effects on the rules with action
permit.
15.2.8 Querying QoS Information
After the above configuration, you can use the show command to query information
on configured QoS or authenticate whether the configuration is correct.
Table 15-8 Query QoS information
To Use
show qos-interface [ interface-name |
Display parameter setting of traffic mirroring
interface-type interface-num ] mirrored-to
Display queue scheduling mode and
show queue-scheduler
parameters
Display QoS setting of all ports
interface-type interface-num ] all
Display parameter setting of traffic limit
interface-type interface-num ] rate-limit
Display parameter setting of port rate limit
interface-type interface-num ] line-rate
Display parameter setting of priority tag
interface-type interface-num ] traffic-priority
Display parameter setting of redirection
interface-type interface-num ] traffic-redirect
Display parameter setting of traffic statistics
interface-type interface-num ] traffic-statistic
15.3 QoS Configuration Example
For example, the interconnection between different departments on a company

network is implemented through ports VDSL2/0/0 VDSL2/0/of the MA5300. The
payment query server of the Financial Dept. is accessed through Ethernet7/1/0 (at
129.110.1.2). It is required to limit the traffic from other department to the server to no
more than 20M. Set the DSCP preference of those not matching the rules to 1.
15-11
Pay query server

129.110.1.2
R
#3 #4
#1 #2
MA5300
Connected to a router
Figure 15-5 Access control configuration example
III. Configuration precedure
Note that in the following configurations, only the commands related to QoS/ACL
configurations are listed.
1) Define the traffic accessing the payment query server.
! This example shows how to enter the named extended ACL, identified as
traffic-to-payserver.
MA5300(config)# access-list extended traffic-to-payserver
! This example shows how to define traffic-to-payserver.

MA5300(config-ext-nacl-traffic-to-payserver)# permit ip any 129.110.1.2
0.0.0.0
2) Define the limit to the traffic-to-payserver.
! This example shows how to set the average speed of the traffic-to-payserver to 20M,
and the DSCP of the packets exceeding average rate to 1.
MA5300(config-if-Vdsl2/0/0)# rate-limit input ip-group traffic-to-payserver
20 exceed-action set-dscp-value 1
15-12
SmartAX MA5300/5303 Broadband Access System Chapter 16 Cluster Management Configuration
Chapter 16 Cluster Management Configuration
16.1 Overview
HGMP V2 aims to allow a network administrator to manage multiple devices through

a managing device with a public IP address.
The managing device is called command device and the managed devices are called
member devices. Generally, you are not required to assign public IP addresses for the
member devices. The management and maintenance over the member devices are
implemented through redirection of the command device. A command device and
several member devices compose a cluster.
Figure 161 illustrates a typical application of the cluster.
69.110.1.100
Network management
device
network
69.110.1.1
Command device
Member device
Cluster
Member device
Member device
Candidate
device
Figure 161 Networking diagram of a cluster
The advantages of a cluster are as follows:

z Simplifies the configuration management tasks.
To configure and manage multiple devices, you only need to configure a public
network IP address for the command device, and there is no need to login to each
member device to perform configuration on their Console ports respectively.
z Provides topology discovery and displaying function, which is useful for network
monitoring and debugging.
16-1
z Saves IP address.
z Allows simultaneous software upgrade and parameter configuration for multiple
devices.
z Independent of network topology.
16.1.1 Cluster Roles
The devices in a cluster have different statuses and functions and play different roles.
You can specify the role of a specified device. The devices can also change their roles
based on predefined rules.
The roles that a device can play in a cluster include the command device, member
device and candidate device.
z Command device
It refers to the device configured with a public network IP address and used to
providing management interface for all devices in the cluster. The management
commands are sent to the command device first, which will process these commands.
If the command is destined to a member device, the command device will forward it to
the member device.
The command device is capable of discovering adjacency information, collecting the

topology of the whole network, managing the cluster, maintaining the cluster status
and supporting different agents.
z Member device
It refers to the member of a cluster. Member devices are managed by means of
command device redirection. Generally, you do not have to assign a public network IP
addresses for the member devices.
The member device discovers adjacent information, executes the commands

delivered by the proxy, and reports failure/log. A member device is managed by the
command device.
z Candidate device
It refers to the device that is not a member of any cluster yet, but is well qualified to be
a member device of a cluster.
Figure 162 illustrates the rules for role switchover.
16-2
Candidate device
Ad
dd s
ice
Re
a n ed a
de
ev
ter
mo
dt
mm n at
lu s
oa
ve
si g
ac
clu
fro
De
ro m
s
m
ter
co
ac
df
ve
lus
mo
ter
Re
Command device Member device
Figure 162 Rules of changing roles
z Each cluster shall have one, but only one command device. The command
device will identify and discover the candidate device by collecting Huawei
Discovery Protocol / Huawei Topology Protocol (HDP/HTP) information. You can
specify a candidate device as a member device of the cluster.
z A candidate device becomes a member device after it is added to a cluster. If a
member device is removed from the cluster, it becomes a candidate device
again.
16.1.2 Functions
The cluster management has these functions:

z Network topology discovery
z Network topology collection
z Member identification
z Membership management
These functions are detailed as follows:
Network topology discovery is implemented by HDP. It is used for discovering

information on the directly connected neighboring devices, including the device type,
software/hardware version, connecting port,. Additionally, it can also provide the
information on device ID, port address, device capability and hardware platform.
Network topology collection is implemented by HTP. It is used for collecting the

information on device connection and the candidate device. It can also be used for
setting hops for topology discovery.
Member identification is used to locate every member device in the cluster, so that the
command device can identify them and deliver the management commands to them.
16-3
Membership management includes adding or deleting a member, authenticating the

command device by member device, as well as setting the number of hops and
polling interval for the topology discovery function.
Also note that, when configuring the cluster functions, you shall configure the
following in the command devices:
z Enabling the HDP on the devices and ports
z Configuring HDP parameters
z Enabling the HTP on the devices and ports
z Configuring HTP parameters
z Enabling cluster functions
z Configuring cluster parameters
In addition, you shall configure the following for member devices and candidate
devices:
z Enabling the HDP on the devices and ports
z Enabling the HTP on the devices and ports
z Enabling cluster functions
The following sections introduce the specific operations.
16.2 Configuring HDP
16.2.1 Introduction to HDP
HDP is the proprietary protocol of Huawei Technologies Co., Ltd. for discovering
related information on adjacent points. Running on the data link layer, HDP supports
systems of different network layer protocols.
HDP is used for discovering the information on the directly connected neighbors,
including device type, software/hardware version, and connected ports. It can also
provide the information on device ID, port address, device capability and hardware
platform. Its functions are as follows:
z Provides information about which devices are connected with local device and
basic information on the neighboring devices. The information is useful for
debugging and query.
z Provides support for the cluster and HTP module. Modules managed by the
cluster include cluster/stack, HTP, HDP.
An HDP information table exists on all the devices that support HDP. A table entry will
expire and be deleted by HDP automatically when the aging timer expires. The aging
time is controlled by the transmitting end and stored in HDP message or TTL field.
You can also clear the current HDP information to collect new adjacent information.
The device running HDP broadcasts the packets carrying HDP data to all the
16-4
activated ports regularly. The packet carries the holdtime, indicating how long the
receiving device has to keep the updating data.
The receiver only keeps the information in the HDP packet. It will not forward the
information. The receiver will update the corresponding data entry in the HDP table
based on the received information. If the new information is the same as the old one,
the receiver updates the holdtime.
The devices supporting HDP performs the following:

z Sends HDP messages to all ports periodically.
z Receives the HDP information from neighboring devices.
z Maintain the HDP information table (HDP Cache).
HDP configuration mainly involves:
z Enabling/Disabling global HDP
z Enabling/Disabling port HDP
z Setting the HDP holdtime
z Setting HDP timer
The following introduces the specific configurations.
Note:
For the command device, you shall enable HDP on the device and the port, and configure the HDP
parameters. While for member device and candidate device, you only need to enable HDP on the device
and relevant ports. When HDP operates, they will use the HDP parameters sent by the command device.
16.2.2 Enabling/Disabling Global HDP
To collect HDP information on the adjacent device of any port, enable HDP globally.
With global HDP enabled, the system collects HDP information periodically and
supports user query.
With global HDP disabled, all the HDP information on the device will be cleared and
the system will no longer process any HDP packets.
Table 16-1 Enabling/Disabling global HDP
To Use
Enable global HDP hdp run

Disable global HDP no hdp run
16-5
By default, global HDP is enabled.
This example shows how to enable global HDP.

MA5300(config)#hdp run
16.2.3 Enabling/Disabling HDP on a Port
You can enable/disable HDP on a port so as to determine whether to collect

information on the adjacent node of the port. After HDP has been enabled both
globally and on the port, the system will collect the HDP information on the node
adjacent to the port regularly. If the port HDP is disabled, this port will not collect and
transmit the HDP information.
Perform these configurations in VDSL port, ADSL port or Ethernet port mode.
Table 16-2 Enabling/Disabling HDP on a port
To Use
Enable HDP on a port hdp enable

Disable HDP on a port no hdp enable
By default, HDP is enabled on the port.
This example shows how to enable HDP on a port.
MA5300(config-if-Ethernet7/2/1)#hdp enable
16.2.4 Setting HDP Holdtime
The HDP holdtime specifies how long the adjacent node can keep the local node
information. The adjacent device obtains the holdtime contained in the received HDP
packet and will discard the packet when it expires.
Table 16-3 Setting HDP holdtime
To Use
Set HDP holdtime hdp holdtime holdtime-in-secs

Restore the default HDP holdtime no hdp holdtime
By default, the HDP information is held for up to 180 seconds.
16-6
Note that HDP holdtime is supposed to be longer than the HDP timer. Otherwise, the
HDP information table will be unstable.
This example shows how to set the HDP holdtime to 180 seconds.
MA5300(config)#hdp holdtime 180
16.2.5 Setting HDP Timer
The HDP information on the adjacent nodes shall be updated frequently to guarantee
the timely updating for local information. You can use the following commands to
decide how often the HDP information will be updated.
Table 16-4 Setting HDP timer
To Use
Set HDP timer hdp timer timer-in-secs

Set the HDP timer back to the default setting no hdp timer
By default, HDP is transmitted every 60 seconds.
Note that HDP timer is supposed to be shorter than the HDP holdtime. Otherwise,
HDP information table will be unstable.
This example shows how to set the HDP timer to 60 seconds.

MA5300(config)#hdp time 60
16.2.6 Querying HDP Information
After completing the above configuration, you can use the show command to query
the operation status of the configured HDP or check whether the configuration is
correct.
Table 16-5 Query HDP information
To Use
Display global HDP configuration information

show hdp
(including HDP timer and holdtime)
Display the H information on a specified show hdp entry { mac-address [ protocol |
neighboring device that is discovered by HDP version ] }
Display information on the neighboring devices show hdp neighbors [ interface_type
discovered by HDP interface_num | interface_name ] [ detail ]
16-7
To Use
show hdp interface [ interface_type

Display information on the HDP-enabled port
interface_num | interface_name ]
Display HDP traffic information show hdp traffic
Clear the contents of HDP neighbor table clear hdp table
Clear HDP counters clear hdp counters
This example shows how to view the HDP configuration information.

MA5300(config)#show hdp
Global HDP information:
Sending HDP packets every 60 seconds
Sending a holdtime value of 180 seconds
This example shows how to view information on the neighboring devices discovered
by HDP.
MA5300(config)#show hdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device-Mac Local-Interface Hdtm Capab Platform Port-ID
00e0.fc00.0020 Ethernet7/2/1 123 TS Quidway S2016 Ethernet0/14
16.3 Configuring HTP
16.3.1 Introduction to HTP
Huawei Topology Protocol (HTP) is a proprietary protocol of Huawei Technologies Co.,

Ltd. for network topology information collection. HTP provides the information on
available devices to join the cluster and collects the devices within the specified hops
for the cluster management.
Based on the adjacent table information provided by HDP, HTP transmits and
forwards HTP topology collection request to collect HDP information and neighboring
connection information on every device in a certain network. After collecting the
information, the command device or the network administrator can perform some
functions accordingly.
When the HDP on the member device finds changes of neighbor, it will advertise the
changes to the command device by handshake message. The command device can
run HTP to collect the specified topology and show the network topology changes in
time.
These are the major tasks for configuring HTTP:
16-8
z Enabling/Disabling global HTP

z Enabling/Disabling HTP on a port
z Setting topology collection range
z Setting delay for collected device to forward topology collection request
z Setting delay for collected port to forward topology collection request
z Setting topology collection interval
z Starting topology information collection
z Querying HTP information
Note:
For the command device, you shall enable HDP on the device and port and configure the HDP
parameters. While for the member device and candidate device, you only need to enable HDP on the
device and relevant ports and then they will use the HDP parameters sent by command device during
the protocol operation.
16.3.2 Enabling/Disabling Global HTP
To enable the system to process HTP packets, you should enable the global HTP first.
If global HTP is disabled, all the HTP information on the device will be cleared, and the
device will discard all the HTP packets and stop transmitting HTP requests.
Table 16-6 Enabling/Disabling global HTP
To Use
Enable global HTP htp run

Disable global HTP no htp run
By default, the global HTP is enabled.
This example shows how to enable global HTP.

MA5300(config)#htp run
16.3.3 Enabling/Disabling HTP on a Port
You can use the following commands to enable/disable HTP on a specified port to
decide to transmit/receive and forward HTP packet through which port. After the
global HTP and port HTP have been enabled, the HTP packets can be transmitted,
16-9
received and forwarded through the port. After the HTP is disabled on the port, the
port will not process HTP packet.
Perform these configurations in VDSL port, ADSL port or Ethernet port mode.
Table 16-7 Enabling/Disabling HTP on a port
To Use
Enable HTP on a port htp enable

Disable HTP on a port no htp enable
By default, HTP is enabled on the ports supporting HDP. If you enable HTP on a port
not supporting HDP, HTP cannot be run.
Note that, in some occasions, it only needs collecting the topology connected to the
Downlink ports, without caring about the topology connected to the Uplink. In this
case, HTP is supposed to be disabled on the Uplink ports.
This example shows how to enable HTP on a port.

MA5300(config-if-Ethernet7/2/1)#htp enable
16.3.4 Setting Topology Collection Range
You can set a limit to the hops for topology collection, so that only the topology
information on the devices within the specified hops will be collected and infinite
collection can be avoided. You can set a hop limit for discovery.
For example, if you set a limit of 2 on the hop count, only the devices that are two hops
away from the first device transmitting the topology collection request will be
collected.
Table 16-8 Setting hop limit for topology collection
To Use
Set hop count for topology collection htp hop number

Restore the default hop count for topology collection no htp hop
By default, the topology information on the devices 3 hops away from the collecting
device is collected.
16-10
Note that the setting is only valid on the first device transmitting the topology collection
request. The broader the collection scope is, the more memory of the
topology-collecting device is required.
This example shows how to set the hop count for topology collection to 3.
MA5300(config)#htp hop 3
16.3.5 Setting Delay for the Device to Forward Collection Request
After a topology request packet is advertised in the network, many devices will get it at
the same time and respond at the same time. This may result in network congestion
and busy state of topology collection the device.
To solve the problem, you can configure each device to delay response for a certain
period after receiving the topology request. The first port will forward the topology
request packet when the delay timer times out.
Table 16-9 Setting delay for collected device to forward topology collection request
To Use
Set delay for collected device to forward topology collection request htp hop-delay time
Restore the default delay for collected device to forward topology
no htp hop-delay
collection request
By default, the device to be collected forwards the topology request after delaying for
200ms.
This example shows how to set the delay to 200ms for the collected device to forward
topology collection request.
MA5300(config)#htp hop-delay 200
16.3.6 Setting Delay for the Port to Forward Collection Request
After a topology request packet is advertised in the network, many devices will get it at
the same time and respond at the same time. This may result in network congestion
and busy state of topology collection the device.
To solve the problem, you can configure every port of the device to delay response for
a certain period after receiving the topology request, before the next port forwards the
topology request packet. The ports transmit packets in turn, consistent with the
sequencing of the devices in the topology response.
16-11
Table 16-10 Setting delay for collected port to forward topology collection request
To Use
Set delay for the port to forward topology collection request htp port-delay time
Restore the default delay for the port to forward topology collection request no htp port-delay
By default, the port forwards the topology collection request after a delay of 20ms.
This example shows how to set the delay to 200ms for the port to forward topology
collection request.
MA5300(config)# htp port-delay 20
16.3.7 Setting Topology Collection Interval
After the cluster function is started, once the command device detects any change in
member devices, it will inform HTP to perform partial topology collection. Such partial
collection cannot reflect the global change in topology. In order to learn the topology
changes in time, it is necessary to periodically collect the topology information on all
devices within the specified scope.
Table 16-11 Setting topology collection interval
To Use
Set topology collection interval htp timer interval-in-mins

Restore the default topology collection interval no htp timer
By default, the value of topology collection is 0, that is, the periodical topology
collection will not be performed.
This example shows how to the set topology collection interval to 20 minutes.
MA5300(config)# htp timer 20
16.3.8 Starting Topology Information Collection
After the topology collection interval is defined, HTP will automatically collect the
topology information within the entire range based on the interval.
HTP also provides commands for manual topology information collection, which allow
users to collect network topology information at any time for performing device
management and monitoring.
16-12
Table 16-12 Starting topology information collection
To Use
Start topology information collection htp start
This example shows how to start topology information collection.

MA5300#htp start
16.3.9 Querying HTP Information
After the above settings completes, you can use the show htp command to query the
HTP configuration or a list of devices collected by HTP. By doing so, you can check
whether the configurations are correct.
Table 16-13 Query HTP information
To Use
Display global HTP information show htp [ device-list ] [ detail ]
This example shows how to view HTP information.

MA5300(config)#show htp
HTP is running.
Hops : 3
Timer : 0 min
Hop Delay : 200 ms
Port Delay: 20 ms
Last collection total time: 0ms
This example shows how to view the devices list collected by HTP.
MA5300(config)#show htp device-list
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
MAC HOP PLATFORM IP CAPABILITY
00e0.fc00.0020 1 Quidway S2016 TS
00e0.fc11.19c2 0 SmartAX MA5300 RTS
16-13
16.4 Configuring a Cluster
16.4.1 Introduction to the Cluster
This section describes the relevant configurations of cluster management on:

z How to enable and set up a cluster.
z How to configure public network IP address for command device.
z How to add/delete a cluster member.
z How to configure the handshaking interval.
Each cluster shall have one unique command device. The designated command
device manages and monitors the device by learning the network topology through
HDP/HTP information collection.
Major configuration tasks of cluster involve:

z Enabling/Disabling cluster function
z Configuring cluster IP address pool
z Setting the command device name and cluster name
z Adding/Deleting a cluster member
z Enabling cluster auto-setup
z Setting cluster holdtime
z Setting cluster timer to specify the handshaking message interval
z Configuring FTP/TFTP Servers and Logging/SNMP hosts for a cluster
z Configuring member accessing
z Querying cluster information
Note:
z For command device, you shall enable the cluster function and configure cluster parameters.
z For member devices and candidate devices, you only need to enable the cluster function so that the
command device can manage them.
16.4.2 Enabling/Disabling Cluster Function
You have to enable the cluster function before carrying out other cluster functions.
Perform these configurations in global mode
16-14
Table 16-14 Enabling/Disabling cluster function
To Use
Enable cluster function cluster run

Disable cluster function no cluster run
By default, the cluster function is enabled.
After the no cluster run command is executed on the command device, the cluster
and all its members will be deleted, the command device function and cluster function
of the device will be disabled, and the device cannot be a candidate device of any
other cluster.
After the no cluster run command is executed on a member device, the device will
exit the cluster and the cluster function of the device will be disabled, and the device
cannot be a candidate device.
After the no cluster run command is executed on a switch not belonging to any
cluster, the cluster function will be disabled, and the device cannot be a candidate
device.
This example shows how to enable the cluster function.

MA5300(config)#cluster run
This example shows how to disable the cluster function.

MA5300(config)#no cluster run
16.4.3 Configuring Cluster IP Address Pool
Before setting up a cluster, you need to configure a private IP address pool first.
Then when a candidate device is added to the cluster, the command device will
dynamically assign it with a private IP address that can be used for communication
inside the cluster. By doing so, you can use the command device to manage and
maintain the member devices.
Table 16-15 Configuring cluster IP address pool
To Use
Configure cluster IP address pool cluster ip-pool ip-address { mask | mask-length }

Restore the default IP address pool of the cluster no cluster ip-pool
16-15
By default, the IP address of the command device is at 172.16.0.1 and the mask is
255.255.240.0, that is, the length of the mask is 20.
Note that you can only perform the above configuration before creating a cluster. If the
cluster has already been created, then the IP address pool of the existing cluster
cannot be modified.
This example shows how to configure IP address pool of the command device at
10.11.116.8, and the mask length to 24.
MA5300(config)# cluster ip-pool 10.11.116.8 24
16.4.4 Setting the Cluster Name
Every cluster has a name. Since a cluster can only have one command device, the
command device shall be designated first when you create a cluster. Then the
external network is able to access, configure, manage or monitor members of the
cluster through the command device. That is, the command device functions as the
entrance and exit for accessing cluster members.
The command device can identify and control all the member devices in the cluster,
regardless where they are and how they are connected with each other. Moreover, the
command device collects topology for information on candidate devices and network
topology necessary. This information is helpful when you are creating a cluster.
Table 16-16 Set the cluster name
To Use
Set the cluster name and command device name cluster enable name
Delete all member devices from the cluster and configure the
no cluster enable
command device as a candidate device
After you use the cluster enable command to set the cluster name for the device to
be designated as the command device, this device will become the command device.
By default, the device is not a command device and no cluster name has been
specified.
Note that the cluster enable command can only be used on a device to be
designated as the command device, rather than a device of any other cluster. Also,
when executed on a command device belonging to another cluster, and has been
configured a different cluster name, the command will rename that cluster.
16-16
This example shows how to set the cluster name and command device name to
huawei.
MA5300(config)#cluster enable huawei
% 1[2003-07-29 17:39:32]:CLST-1-LOG:
ip addr 10.11.116.8 255.255.255.0 se, set by cluster
% 1[2003-07-29 17:39:32]:CLST-1-LOG:
community string public@cm0, set by cluster
% 1[2003-07-29 17:39:32]:CLST-1-LOG:
community string private@cm0, set by cluster
% 1[2003-07-29 17:39:32]:CLST-1-LOG:
hostname huawei_0.MA5300, set by cluster
16.4.5 Adding/Deleting a Cluster Member
You can add or delete a cluster member device manually.
Table 16-17 Adding/Deleting a cluster member
To Use
cluster member [ member-number ] mac-address hw-addr [ password

Add a cluster member
password ]
Delete a cluster member no cluster member member-number
Make sure to perform adding or deleting a cluster member on a command device.

Otherwise, the operation will fail.
Here, member-number refers to the number of the member device to be added,

mac-address hw-addr refers to the MAC address and password password refers to
the password of the device to enter the privileged mode.
It is not necessary to assign a number for the newly added member device, since the
command device will automatically assign a number for the member device. The
system will also automatically set the privileged user password of the new member
device the same as that of the command device.
This example shows how to add a cluster member. The number of the member is 2, its
AMC address is 00E0.fc00.2222, and its password to enter the privileged mode as
grandkey.
huawei_0. MA5300(config)# cluster member 2 mac-address 00E0.fc00.2222
password grandkey
16-17
16.4.6 Enabling Cluster Auto-Setup
Besides manual adding members into a cluster, the cluster auto-setup function is also
provided. You can use the cluster setup command to set up a cluster.
During cluster setup, the system will prompt you to enter a cluster name. Then a list of
all the candidate devices discovered within the specified hops will be provided. You
can confirm whether to add these devices into the cluster. After your make a
confirmation, all the listed candidates can be added to the new cluster.
During the process, you can press <Ctrl+C> to cancel the current operation. However,
such action will only stop adding new members, but the devices already added will
remain in the cluster.
Table 16-18 Cluster auto-setup
To Use
Set up a cluster automatically cluster setup
Note that you can only execute the cluster auto setup command on a command
device.
This example shows how to set up a cluster automatically.

MA5300(config)#cluster setup
huawei_0.MA5300(config)#cluster setup
Collecting candidate list, please wait...
Candidate list:
Name Hops MAC Address Device

Quidway 1 00e0.fc00.0020 Quidway S2016
Add all Candidates?(Y/N)y

% 1[2003-07-29 17:41:13]:CLST-1-LOG:
Member 00e0.fc00.0020 is joined in cluster huawei.
Cluster setup Finish!

1 member(s) added successfully.
16-18
16.4.7 Setting Cluster Holdtime
After setting up a cluster, communication may fail due to network problems or switch
reboots. If the failure exceeds three times of the handshaking message interval+ the
effective holdtime specified by the device, then the member device becomes down.
When the communication recovers, the corresponding member device will be added
to the cluster again automatically.
If the failure is removed within the holdtime, the status of member device will remain
normal and there is no need for system to add the member device.
Table 16-19 Setting cluster holdtime
To Use
Set the cluster holdtime cluster holdtime holdtime-in-secs

Restore the default cluster holdtime no cluster holdtime
By default, the cluster holdtime is 80 seconds.
Note that the above command can only be executed on the command device, which
will advertise the holdtime value to other member devices. holdtime is usually set to
be several times of the handshaking message interval. It indicates for how many
times after no handshaking message from the member device is received will the
device be considered faulty.
This example shows how to set the cluster holdtime to 80 seconds.

MA5300(config)#cluster holdtime 80
16.4.8 Setting the Handshaking Message Interval
Inside a cluster, the member devices and command device communicate with each
other through sending handshaking messages. Regular handshaking can help
monitoring member status and link status.
After joining a cluster, the member device begins transmitting handshaking messages
actively and regularly to the command device. When receiving regular handshaking,
both the command device and member device will consider current communication
normal.
If the member device has not received 3 consecutive responses from the command
device, it will consider there is communication failure. Similarly, if the command
16-19
device fails to receive 3 consecutive handshaking requests from the member device,
it will also consider there is communication failure.
In addition, when a member device learns some change of the topology, it will report
the topology change to the command device with a handshaking message. Then the
command device will handle the situation.
Table 16-20 Setting the handshaking message interval
To Use
Set the handshaking message interval cluster timer interval-in-secs

Restore the default handshaking message interval no cluster timer
By default, handshaking message is transmitted every 8 seconds.
Note that the above command can only be executed on the command device, which
will advertise the time to the member devices.
This example shows how to set the handshaking message interval to 8 seconds.
MA5300(config)#cluster timer 8
16.4.9 Configuring Remote Control over Member Devices
Communication between the command device and the member device may fail due to
some mis-operation on the member device. Then you can control the member device
remotely on the command device.
For example, you can delete the booting configuration file on the member device and
reset it. This help to recover the normal communication between command device
and member device.
Generally, messages within a cluster can only be forwarded in VLAN1. If user has
performed any wrong configuration on a member device, such as setting the port (on
the member device) connected with the command device as a VLAN2 port,
communication between the command device and member device will fail.
To solve the problem, user can configure the VLAN checking function on a command
device. Then messages sent by the command device to the member devices within
the cluster will carry such information. When a member device receives the message,
it will automatically add a port into VLAN1 if it finds that the port of received message
does not belong to VLAN1. This helps to guarantee normal communication with the
command device.
Perform these configurations in privilege mode.
16-20
Table 16-21 Configuring remote control over the member device
To Use
cluster reset { member member-number |

Reset member device
mac-address hw-addr } [ eraseflash ]
Perform VLAN security check for communication
cluster security vlan vlan-id
inside the cluster
Not to perform VLAN security check for
no cluster security
communication inside the cluster
Note that the above command can only be executed on the command device.
When using the cluster reset member command, you can decide whether to delete
the configuration file with the eraseflash parameter.
This example shows how to reset member device 2 on the command device.
huawei_0.MA5300# cluster reset member 2
This example shows how to prohibit VLAN security check for communication inside
the cluster.
huawei_0.MA5300# cluster reset member 2
16.4.10 Configuring FTP/TFTP Server, SNMP and Log Hosts for a Cluster
After setting up a cluster, you can configure the FTP/TFTP server, SNMP and log
hosts for the cluster on a command device. Member devices can then access the
configured server through the command device.
All configuration information on the member devices will be output to the log host
configured for the cluster. The member devices will directly output their log messages
to the command device. The command device will then perform address translation
and finally output the log messages of the member device to the configured log host.
Similarly, all trap messages of the member devices will be output to the NM host
configured for the cluster.
You shall first set the IP address of the FTP or TFTP server. Then the member devices
within the cluster will be able to access FTP or TFTP server through the command
device.
16-21
Table 16-22 Configuring FTP/TFTP Servers and Logging/SNMP hosts for a cluster
To Use
Configure FTP server for the cluster cluster ftp server ip-address
Delete the FTP server from the cluster no cluster ftp server
Configure TFTP server for the cluster cluster tftp server ip-address
Delete the TFTP server from the cluster no cluster tftp server
Configure the logging host for the cluster cluster logging host ip-address
Delete the logging host from the cluster no cluster logging host
Configure the SNMP host for the cluster cluster snmp host ip-address
Delete the SNMP host from the cluster no cluster snmp host
Note that the above command can only be executed on the command device.
This example shows how to configure the TFTP server for the cluster.
MA5300(config)#cluster ftp server 164.23.1.100
16.4.11 Configuring Member Accessing
After you have configured HDP, HTP and cluster correctly, the command device can
then manage all member devices in a cluster. You can operate on a command device
and switch to a specified member device for managing or operating on a member
device. You can also switch back to a command device.
Authorization is required when you switch from the command device to a member
device. You can perform the switchover after you pass the authorization. However, if
the privileged user password of the member device is different from that of the
command device, the switchover will be rejected.
The user level will be inherited from the command device after you switch to the
member device. For example, the privileged user will retain as a privileged user after
you switch from the command device to a member device.
Authorization is also required when you switch from a member device to the
command device. After passing the authorization, the system will enter common user
mode automatically.
Perform this configuration in common user mode or privilege mode.
16-22
Table 16-23 Member accessing
To Use
Member accessing rcommand { member-number | commander | mac-address hw-addr }
Note that, when running this command on the command device, if member-number
does not exit, there will be error prompts. To cancel the switchover operation, enter
exit.
This example shows how to switch to the member device from the command device.
huawei_0.MA5300(config)#rcommand
{ commander<K>|INTEGER<1,2047>|mac-address<K> }:1
huawei_0.MA5300(config)#rcommand 1
Press CTRL_] to quit telnet mode.
Trying ...
Connected to ...
huawei_1.Quidway#
This example shows how to switch back to the command device from the member
device.
huawei_1.Quidway#exit
The connection was closed by the remote host!
huawei_0.MA5300(config)#
16.4.12 Querying Cluster Information
After the above configuration completes, you can use the show command to query
operation of the newly added cluster or check whether the configuration is correct.
Table 16-24 Querying cluster information
To Use
Display cluster status and statistics show cluster

Display candidate device list show cluster candidates [ mac-address hw-addr | detail ]
Display member device information show cluster members [ member-number | detail ]
This example shows how to view the cluster status and statistics.
huawei_0.MA5300(config)#s cluster
Command device for cluster "huawei".
Total members:2
16-23
Member state: 0 members are unreachable

Heartbeat interval:8
Heartbeat hold-time:80
IP-Pool:10.11.116.8/24
No logging host configured.
No SNMP host configured.
No FTP server configured.
No TFTP server configured.
This example shows how to view the member device information.

huawei_0.MA5300(config)#show cluster members
SN Device MAC Address Status Name
0 SmartAX MA5300 00e0.fc11.19c2 Cmdr huawei_0.MA5300
1 Quidway S2016 00e0.fc00.0020 Up huawei_1.Quidway
16.5 Configuration Example of Cluster Management
This example shows how to set up a cluster.
Assume that three MA5300s form a cluster and the command device manages two
member devices.
z The command device is connected to the two member devices through ports
Ethernet7/1/1 and Ethernet7/1/2. It is connected to the external network through
port Ethernet7/1/0, which belongs to VLAN2.
z The IP address of VLAN2 interface is 163.172.55.1.
z The same FTP server and TFTP server are used within the entire cluster and the
IP address of the FTP/TFTP server is 63.172.55.1.
z The IP address of NM server and log host is 69.172.55.4.
16-24
SNMP host/
logging host
69.172.55.4
FTP server/TFTP
Network
server
63.172.55.1
E7/1/0 VLAN2 interface IP
163.172.55.1
Command device
E7/1/1 E7/1/2
Cluster E7/1/1 E7/1/1
Member Member
device MAC address device MAC address
00e0.fc01.0011 00e0.fc01.0012
Figure 163 Networking diagram of cluster management
III. Configuration procedure
1) Configure member devices. (Take one member device as an example)

! Enable HDP on the device and HDP on port Ethernet7/1/1.
MA5300(config)#interface ethernet7/1/1
! Enable HTP on the device and HTP on port Ethernet7/1/1.

MA5300(config-if-Ethernet7/1/1)# htp enable
! Enable the cluster function.

2) Configure command device.
! Enable HDP on the device and HDP on ports E7/1/1 and E7/1/2.
! Enable HTP on the device and HTP on ports E7/1/1 and E7/1/2.
16-25
! Enable the cluster function.

! Configure the IP address pool within the cluster, with the start address 172.16.0.1.
There are eight addresses in total.
MA5300(config)#cluster ip-pool 172.16.0.1 255.255.255.248
! Set the cluster name and setting up the cluster.

MA5300(config)#cluster enable huawei
huawei_0.MA5300(config)#
! Add the two MA5300s connected into the cluster.

huawei_0.MA5300(config)# cluster member 1 mac-address 00e0-fc01-0011
huawei_0.MA5300(config)# cluster member 2 mac-address 00e0-fc01-0012
! Configure the FTP Server, TFTP Server, log host and SNMP host within the cluster.
huawei_0.MA5300(config)#cluster ftp server 63.172.55.1
huawei_0.MA5300(config)#cluster tftp server 63.172.55.1
huawei_0.MA5300(config)#cluster snmp host 69.172.55.4
huawei_0.MA5300(config)#cluster logging host 69.172.55.4
By now, you can switch to member device configuration mode by using the
rcommand command. Then you will be able to manage the member devices on the
command device. You can also reset the member device on the command device.
To return to the command device configuration mode, use the exit command.
16-26
SmartAX MA5300/5303 Broadband Access System Chapter 17 802.1x Configuration
Chapter 17 802.1x Configuration
17.1 Overview
17.1.1 Introduction to 802.1x
IEEE 802.1x (hereinafter simplified as 802.1x) is a port based network access control
protocol. IEEE issued it in 2001 and suggested the related manufacturers should use
the protocol as the standard protocol for LAN user access authentication. The 802.1x
originated from the IEEE 802.11 standard, which is the standard for wireless LAN user
access. The initial purpose of 802.1x was to implement the wireless LAN user access
authentication. Since its principle is commonly applicable to all the LANs complying
with the IEEE 802 standards, the protocol finds wide application in wired LANs.
In the LANs complying with the IEEE 802 standards, the user can access the devices
and share the resources in the LAN through connecting the LAN access control
device like the MA5300. However, in telecom access, commercial LAN (a typical
example is the LAN in the office building) or mobile office, the LAN providers generally
hope to control the users access. In these cases, the requirement on the
above-mentioned Port Based Network Access Control originates.
As the name implies, Port Based Network Access Control means to authenticate
and control all the accessed devices on the port of LAN access control device. If the
users device connected to the port can pass the authentication, the user can access
the resources in the LAN. Otherwise, the user cannot access the resources in the
LAN. In other words, the user is physically disconnected.
802.1x defines port based network access control protocol and only defines the
point-to-point connection between the access device and the access port. The port
can be either physical or logical. The typical application environment is as follows:
Each physical port of the LAN Switch only connects to one user workstation (based on
the physical port) and the wireless LAN access environment defined by the IEEE
802.11 standard (based on the logical port).
17.1.2 802.1x System Architecture
The system using 802.1x is the typical C/S (Client/Server) system architecture. It
contains three entities, which are illustrated in the following figure: Supplicant System,
Authenticator System and Authentication Sever System.
17-1
The LAN access control device needs to provide the Authenticator System of 802.1x.
The devices at the user side such as the computers need to be installed with the
802.1x client Supplicant software, for example, the 802.1x client provided by Huawei.
(or by Microsoft Windows XP). The 802.1x Authentication Sever system normally
stays in the carriers AAA center.
Authenticator and Authentication Sever exchange information through EAP frames.

The Supplicant and the Authenticator exchange information through the EAPoL frame
defined by IEEE 802.1x. Authentication data are encapsulated in the EAP frame,
which is to be encapsulated in the packets of other AAA upper layer protocols (e.g.
RADIUS) so as to go through the complicated network to reach the Authentication
Server. Such procedure is called EAP Relay. (EAP and EAPoL are short for
Extensible Authentication Protocol and Extensible Authentication Protocol over LANs
respectively).
There are two types of ports for the Authenticator. One is the Uncontrolled Port, and
the other is the Controlled Port. The Uncontrolled Port is always in bi-directional
connection state. The user can access and share the network resources any time
through the ports. The Controlled Port will be in connecting state only after the user
passes the authentication. Then the user is allowed to access the network resources.
Figure 17-1 shows the 802.1x system architecture.
Supplicant Authenticator System Authenticator

System Server
Heading
System
Services offered by Authenticator Authenticator

Supplicant
Authenticators System PAE Server
EAP protocol
exchanges
Port
carried in
unauthorized
Uncontrolled higher layer
Controlled Port protocol
Port
EAPOL
LAN
Figure 17-1 802.1x system architecture
17.1.3 802.1x Authentication Process
802.1x configures EAP frame to carry the authentication information. The Standard
defines the following types of EAP frames:
z EAP-Packet: Authentication information frame, used to carry the authentication
information.
17-2
z EAPoL-Start: Authentication originating frame, actively originated by the

Supplicant.
z EAPoL-Logoff: Logoff request frame, actively terminating the authenticated
state.
z EAPoL-Key: Key information frame, supporting to encrypt the EAP packets.
z EAPoL-Encapsulated-ASF-Alert: Supports the Alerting message of Alert
Standard Forum (ASF).
The EAPoL-Start, EAPoL-Logoff and EAPoL-Key only exist between the Supplicant
and the Authenticator. The EAP-Packet information is re-encapsulated by the
Authenticator System and then Sent to the Authentication Server System. The
EAPoL-Encapsulated-ASF-Alert is related to the network management information
and terminated by the Authenticator.
Figure 17-2 illustrates the exchanging of the above frames.
PC MA5300 RADIUS Server&DHCP
Access Blocked
EAPoL RADIUS
EAPoL_Start
EAP_Request/Identity
EAP_Response/Identity RADIUS_Access_Request
EAP_Request RADIUS_Access_Challenge
EAP_Response(cretentials) RADIUS_Access_Request
EAP_Success RADIUS_Access_Accept
Access Allowed
Figure 17-2 802.1x authentication process
From the above introduction, we can see that 802.1x provides a solution to
authentication based on user ID. However, 802.1x itself is not enough to implement
the plan. The administrator of the accessed device should configure the AAA scheme
by selecting RADIUS or local authentication so as to assist 802.1x to implement the
authentication based on user ID. For detailed description of AAA, refer to 18.2
Configuring AAA.
17-3
17.1.4 Implementing 802.1x on MA5300
The MA5300 supports the port access authentication scheme regulated by 802.1x. In
addition, it also extends and optimizes the scheme by:
z Connecting several End Stations in the downstream through a physical port.
z Supporting either port-based or MAC-based access control (or the user
authentication scheme).
17.2 Configuring 802.1x
Main 802.1x configuration tasks include:

z Enabling/Disabling 802.1x
z Setting port access control mode (optional)
z Setting port access control method (optional)
z Setting maximum number of users per port (optional)
z Setting to enable DHCP trigger authentication (optional)
z Setting the Authenticator-to-Supplicant frame-retransmit times (optional)
z Configuring the timer parameter (optional)
z Querying 802.1x information (optional)
The specific operations are introduced in the following.
17.2.1 Enabling/Disabling 802.1x
In global mode or port mode, use the command (no) dot1x to enable/disable 802.1x
on globally or on a specified port. By default, 802.1x is disabled both globally and on
any port.
This example shows how to enable 802.1x globally.

MA5300(config)#dot1x
802.1x is enabled globally
This example shows how to enable 802.1x on port ethernet 7/2/0.

MA5300(config)#dot1x interface vdsl 1/0/0
8021x is enabled on port Vdsl 1/0/0
Note:
z You can configure 802.1x on a single port, but it will take effect only right after 802.1x is enabled
globally.
z Do not enable 802.1x and RSTP at the same time. Otherwise the normal operation of MA5300 may
not be guaranteed.
17-4
17.2.2 Setting Port Access Control Mode
You can set the port access control mode to any of the following based on the actual
requirements:
z auto: Automatic identification mode.
In this mode, the initial state of the port is unauthorized. The user is only allowed to
receive or transmit EAPoL packets but not to access the network resources. If the
user passes the authentication flow, the port will switch over to the authorized state
and then the user is allowed to access the network resources. This is the most
common case and the default setting.
z force-auth: Forced authorized mode.
In this mode, the port always stays in authorized state and the user is allowed to
access the network resources without authentication/authorization
(authentication/authorization for short).
z force-unauth: Forced unauthorized mode.
In this mode, the port always stays in non-authorized mode and the user is not
allowed to access the network resources.
In global mode or port mode, use the command dot1x port-control to set the 802.1x
access control mode on a specified port; or use the to restore the default setting.
When the setting completes, you can use the command show dot1x to view the
802.1x configurations and current operation.
This example shows how to set the access control mode to auto on all port.
MA5300(config)#dot1x port-control auto
This example shows how to set the access control mode to auto on port vdsl 1/0/0.
MA5300(config)#dot1x port-control auto interface vdsl 1/0/0
This example shows how to view 802.1x information.

MA5300(config)#show dot1x
17.2.3 Setting Port Access Control Method
802.1X can implement authentication based on MAC or based on port. By default,

macbase is adopted, namely, MAC-based authentication.
In global mode or port mode, use the command dot1x port-method to set the access
control method on a specified port, namely, the basis for user authentication; or use
the command no dot1x port-method to restore the default setting.
This example shows how to enable MAC-based authentication on all ports.

MA5300(config)#dot1x port-method macbased
17-5
This example shows how to enable MAC-based authentication on port vdsl 1/0/0.
MA5300(config)# dot1x port-method macbased interface vdsl 1/0/0
17.2.4 Setting Number of Users Per Port
The MA5300 can access up to 1024 users. By default, each port is allowed to access
up to 256 users.
In global mode or port mode, use the command dot1x max-user to set the number of
access users allowed on a specified port; or use the no dot1x max-user to restore
the default setting.
This example shows how to set the number of access users allowed to 256 on all
ports.
MA5300(config)#dot1x max-user 256
This example shows how to set the number of access users allowed to 256 on port
vdsl 1/0/0.
MA5300(config)#dot1x max-user 256 interface vdsl 1/0/0
17.2.5 Enabling/Disabling DHCP Trigger Authentication
To be compatible with some devices that cannot forward EAPoL messages, you can
set to enable DHCP trigger authentication. Also, if Windows XP client is used, the
DHCP trigger authentication must be enabled.
By default, DHCP trigger authentication is disabled. Usually, DHCP trigger

authentication is disabled.
In global mode, use the command dot1x dhcp-launch to, in 802.1x, enable the
MA5300 to trigger user ID authentication when the user runs DHCP and applies for
dynamic IP addresses. The no form of this command is used to disable the DHCP
trigger authentication.
MA5300(config)#no dot1x dhcp-launch
17.2.6 Setting the Authenticator-to-Supplicant Frame-Retry Times
In global mode, use the command dot1x max-req to set the frame-retry times from
Authenticator to Supplicant. By default, 3 retry times are allowed.
MA5300(config)#dot1x max-req 3
17.2.7 Configuring Timer Parameters
In the operation, 802.1x will start many timers in order to control the interworking
among Supplicant, Authenticator and Authenticator Server.
17-6
In global mode, use the command dot1x timeout to change some of the timer values
to adjust the interworking process. This can be necessary under special or worse
network conditions. Generally, take the default values of the timers.
Use the command no dot1x timeout to restore the default setting.
Default values of these timers are:

z quiet-period-value: 60s.
z tx-period-value: 30s.
z supp-timeout-value: 30s.
z server-timeout-value: 100s.
17.3 802.1x Configuration Example
The following part gives an example on how to configure 802.1x.
As shown in Figure 17-3, these are the configuration requirements.
For the networking:

z The workstation of a user is connected to MA5300s vdsl2/0/1 port, which runs
802.1x to perform user access authentication so as to control the Internet
access.
z The access control mode is based on MAC address.
z To access users, AAA operation is enabled. All the access users belong to the
default domain huawei163.net, which can contain up to 30 users.
For the access control:
z During the authentication process, RADIUS authentication is performed first. If
there is no response from the RADIUS server, local authentication will be
performed.
z During accounting, if the RADIUS server fails to account, the user will be
disconnected. In addition, when the user is accessed, the domain name will not
be added after the user name.
z Normally, if user traffic is less than 2000Byte/s for 20 consecutive minutes, the
user will be disconnected.
For the RADIUS server group:
z A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2
respectively, is connected to the MA5300. The former acts as the
primary-authentication/secondary-accounting server and the latter acts as the
secondary-authentication/primary-accounting server.
17-7
z Set the encryption key as name when the system exchanges packets with the
authentication RADIUS server and money when the system exchanges
packets with the accounting RADIUS server.
z Configure the system to retransmit packets to the RADIUS server if no response
received in 5 seconds.
z Retransmit the packet no more than 5 times in all.
z Configure the system to transmit a realtime accounting packet to the RADIUS
server every 15 minutes.
z The system is instructed to transmit the user name to the RADIUS server after
removing the user domain name.
For the local access user:
z The user name of the local 802.1x access user is localuser, the domain name is
huawei163.net and the password is localpass (input in plain text).
z The idle cut function is enabled.
Authenticator Servers
(RADIUS Server Cluster
IP Addr: 10.11.1.1
10.11.1.2)
vdsl2/0/1
Internet
Supplicant
MA5300
Figure 17-3 Enabling 802.1x and RADIUS to perform AAA on the access user
Note:
z The following examples involve most of the AAA/RADIUS configuration commands. For details, refer
to the chapter AAA and RADIUS Configuration.
z The configurations of accessing user workstation and the RADIUS server are omitted.
! Enable 802.1x on the specified port vdsl2/0/1.

MA5300(config)#dot1x interface vdsl2/0/1
17-8
! Set the access control mode

MA5300(config)#dot1x port-method macbased interface vdsl2/0/1
! Set the authentication scheme

MA5300(config)#aaa authentication auth radius next local
! Set the accounting method.

MA5300(config)#aaa accounting charge enable offline
! Create the RADIUS group radius1 and entering its configuration mode.
MA5300(config)#radius-server host radius1
! Set IP address of the primary authentication/accounting RADIUS servers.

MA5300(config-radius-radius1)#primary auth 10.11.1.1
MA5300(config-radius-radius1)#primary acct 10.11.1.2
! Set the IP address of the secondary authentication/accounting RADIUS servers.

MA5300(config-radius-radius1)#second auth 10.11.1.2
MA5300(config-radius-radius1)#second acct 10.11.1.1
! Set the encryption key when the system exchanges packets with the authentication
RADIUS server.
MA5300(config-radius-radius1)#key auth name
! Set the encryption key when the system exchanges packets with the accounting
RADIUS server.
MA5300(config-radius-radius1)#key acct money
! Set the timeouts and times for the system to retransmit packets to the RADIUS
server.
MA5300(config-radius-radius1)#timeout 5
MA5300(config-radius-radius1)#retransmit 5
! Set the interval for the system to transmit realtime accounting packets to the
RADIUS server.
MA5300(config-radius-radius1)#realtime-acct-timeout 15
! Set the system to transmit user name to the RADIUS server after removing its
domain name.
MA5300(config-radius-radius1)#username-format without-domain
MA5300(config-radius-radius1)#exit
! Create the user domain huawei163.net and enters its configuration mode.
MA5300(config)#b huawei163.net
! Specify auth as the authentication scheme for users in domain huawei163.net.

MA5300(config-isp-huawei163.net)#authen-scheme auth
! Specify charge as the accounting method for users in domain huawei163.net.
17-9
MA5300(config-isp-huawei163.net)#acct-scheme charge
! Activate the domain.

MA5300(config-isp-huawei163.net)#state active
! Specify radius1 as the RADIUS server group for users in domain huawei163.net.
MA5300(config-isp-huawei163.net)#radius-scheme radius1
! Set a limit of 30 users to the domain huawei163.net.

MA5300(config-isp-huawei163.net)#access-limit enable 30
! Set the idle cut parameter and enable idle cut function for users in domain
huawei163.net.
MA5300(config-isp-huawei163.net)#idle-cut data 20 2000
MA5300(config-isp-huawei163.net)#user-template idle-cut enable
! Set the domain huawei163.net as global default domain and no domain name is
added to the access user.
MA5300(config)#global setting domain-default enable huawei163.net no
! Add a local access user and sets its password and idle cut property.
MA5300(config)#user localuser@huawei163.net password 0 localpass
service-type 8021x idle-cut enable
! Enable 802.1x globally.

MA5300(config)#dot1x
17-10
SmartAX MA5300/5303 Broadband Access System Chapter 18 AAA and RADIUS Configuration
Chapter 18 AAA and RADIUS Configuration
18.1 AAA and RADIUS Overview
18.1.1 Introduction to AAA
I. What is AAA
Authentication, Authorization and Accounting (AAA) provide a uniform framework

used for configuring these three security functions to implement the network security
management.
The network security mentioned here refers to access control and includes:
z Which user can access the network server?
z Which service can the authorized user enjoy?
z How to keep accounts for the user who is using network resource?
Accordingly, AAA shall provide the following services:
z Authentication: authenticates if the user can access the network sever.
z Authorization: authorizes the user with specified services.
z Accounting: traces network resources consumed by the user.
II. Advantages of AAA
Generally AAA framework uses the Client/Server architecture, in which the clients run
as managed sources and the servers centralize and store user information. AAA
framework has these advantages:
z Excellent scalability.
z Able to use standard authentication schemes.
z Easy to control and convenient for centralized management of user information.
z Supporting multiple-level backup system to enhance the security of the whole
framework.
18.1.2 Introduction to RADIUS
As mentioned above, AAA is a management framework, so it can be implemented by

some protocols, among which RADIUS is a frequently used.
18-1
I. What is RADIUS
Remote Authentication Dial-In User Service, RADIUS for short, is a kind of distributed
information switching protocol in Client/Server architecture. RADIUS can prevent the
network from interruption of unauthorized access and it is often used in the network
environments requiring both high security and remote user access. For example, it is
often used for managing a large number of scattering dial-in users who use serial
ports and modems. RADIUS system is the important auxiliary part of Network Access
Server (NAS).
After RADIUS system starts up, the user may want to access other network or use
some network resources through connection to the NAS (a dial-in access server in
PSTN environment). In that case, NAS, namely the RADIUS client, will transmit user
AAA request to the RADIUS server.
RADIUS server has a user database which records all information on user
authentication and network service access. When receiving a users request from the
NAS, the RADIUS server performs AAA through user database query and update.
The RADIUS server also returns the configuration information and accounting data to
the NAS.
Here, the NAS controls access user and corresponding connections, while RADIUS
protocol determines how to transmit configuration and accounting information
between the NAS and RADIUS server.
The NAS and RADIUS exchange the information through UDP packets. During the
interaction, both sides encrypt the packets with keys before uploading user
configuration information (like password). This is to avoid the information from being
intercepted or stolen.
II. RADIUS operation
RADIUS server generally uses proxy function of the devices like access server to
perform user authentication. The operation process is as follows:
1) Send client username and encrypted password to RADIUS server.
2) User will receive from RADIUS server one of the following response messages:
z ACCEPT: Indicates that the user has passed the authentication
z REJECT: Indicates that the user has not passed the authentication and needs to
input username and password again; otherwise he will be rejected to access.
18.1.3 Implementing AAA/RADIUS on MA5300
From the above description, it is easy to understand that in such an AAA/RADIUS

framework, the MA5300, serving as the user access device or NAS, is the client of the
RADIUS server. Figure 18-1 shows the MA5300 RADIUS authentication network.
18-2
Accounting server
PC user1
MA5300 Accounting server 1
PC user2
ISP1 Accounting server 2
L2
PC user3 MA5300
Ethernet
PC user4 Authentication serve

Internet
Accounting serve
ISP2
L2
Ethernet
Figure 18-1 Networking diagram when MA5300 applies RADIUS authentication
18.2 Configuring AAA
AAA configuration tasks include:

z Setting authentication/authorization scheme (optional)
z Setting accounting scheme (optional)
z Creating/deleting ISP domain
z Configuring relevant attributes of ISP domain (optional)
z Configuring user template attribute (optional)
z Specifying the default ISP domain (optional)
z Adding a local user (optional)
z Configuring local user attributes (optional)
z Disconnecting a user by force (optional)
The specific operations are introduced in the following sections.
18.2.1 Setting Authen/Author Scheme
Authen/author scheme defines policies used by the system to authenticate/authorize

the access user who requests to log in. There are remote authentication/authorization
(RADIUS authentication/authorization), local authentication/authorization and simple
authentication/authorization methods. You can use any of them or a combination of
several methods.
In global mode, use the command aaa authentication to set an

authentication/authorization scheme; or use the command no aaa authentication to
delete an authentication/authorization scheme.
18-3
The system has a default authentication/authorization scheme named default. Its

first-time authentication/authorization method is radius, and its second-time
authentication/authorization method is local.
MA5300(config)#aaa authentication
{ WORD<S><1,16> }:auth
{ radius<K>|local<K>|simple<K> }:radius //Specify the first-time
authentication/authorization method.
{ <cr>|next<K> }:next //Specify the second-time
authentication/authorization method.
{ radius<K>|local<K>|simple<K> }:local
Authen/author method values can be chosen from these three options.

z radius: It indicates to use RADIUS server to implement
authentication/authorization.
z local: It indicates implement local authentication/authorization through access
the MA5300.
z simple: It indicates that the user can obtain services without any
authentication/authorization.
The aaa authentication command has only configured one
authentication/authorization scheme. The scheme has to be explicitly used in a
certain user field (specifying a user category) to be effective.
When the system quotes the radius authentication/authorization scheme, you need
to configure the RADIUS server. For details, refer to 18.3 Configuring RADIUS. The
remote RADIUS server shall have been configured with relevant user information.
When the system quotes the local authentication/authorization scheme, you need to
add local users to the system and set the attributes.
When the system quotes the simple authentication/authorization scheme, once there
exists a local user using that scheme, that user only needs to input the user name to
enjoy the network service.
18-4
Note:
z The second-time authentication/authorization method is a policy used for a second
authentication/authorization when there is no result from the first authentication/authorization, (for
example, when the remote RADIUS server has not given any response). The second-time
authentication/authorization method is optional and not configured by default.
z If the first-time authentication/authorization gives the result explicitly, (for example, a rejection
response from RADIUS), there will be no need to perform the authentication/authorization for the
second time.
z In addition, local and simple are considered as similar authentication/authorization methods. Note
that the first and second authentication/authorization methods cannot be configured as two identical
or similar methods.
18.2.2 Setting Accounting Scheme
Similar to setting authentication/authorization scheme, the following commands are

used to set accounting scheme. The accounting process can be implemented only
through RADIUS protocol. You can select RADIUS server configured in RADIUS
mode to perform accounting.
By default, the system has an accounting scheme named default, which keeps
accounting on the users and disconnects them from with the network if the accounting
fails.
MA5300(config)#aaa accounting
{ WORD<S><1,16> }:charge
{ disable<K>|enable<K> }:enable //Enable accounting on the user.
{ online<K>|offline<K> }:offline //Disconnect the user when the accounting
fails.
Here,
z disable indicates to disable accounting on the user.
z enable indicates to enable accounting on the user.
z offline indicates to disconnect the user when the accounting fails.
z online indicates to keep the user online (namely connected to the network) when
the accounting fails.
18.2.3 Creating/Deleting ISP Domain
What is ISP domain? To make it simple, ISP domain is a group of users belonging to
the same Internet service provider (ISP). Generally, for a username in the format of
userid@isp-name, taking gw20010608@huawei163.net as an example, the isp-name
18-5
(namely, huawei163.net) following the @ is the ISP domain name. When the MA5300
controls user access, as for an ISP user whose username is in userid@isp-name
format, the system will take the userid part as username for identification and take
isp-name part as domain name.
The purpose for introducing ISP domain settings is to support the multiple ISPs
application. In such application, one access device might access users of different
ISPs.
Because the attributes of ISP users, such as username and password formats,
service types/authorities, or accounting methods, may be different, it is necessary to
differentiate them through setting ISP domain. In the ISP domain mode of MA5300,
you can configure a complete set of exclusive ISP domain attributes on a per-ISP
domain basis, including the AAA policy (authentication/authorization method,
accounting method, or the RADIUS server group used).
For the MA5300, each access user belongs to one ISP domain. Up to 16 domains can
be configured in the system. If a user has not reported its ISP domain name, the
system will put it into the default domain. For the detail, refer to Specifying the default
ISP domain.
The following introduces how to configure the ISP domain.
I. Creating/Deleting an ISP domain
In global mode, use the domain command to create an ISP domain and enter its
configuration mode; or use the no domain command to delete an ISP domain. By
default, there is no ISP domain in the system.
MA5300(config)#domain huawei163.net
II. Setting the authentication/authorization scheme used by the ISP domain
In ISP domain mode, use the authen-scheme command to specify the

authentication/authorization scheme to be used. Then this scheme will be applied to
all users under this ISP domain.
The authentication/authorization scheme should already be configured. Then it can

be quoted in the ISP domain. For details on the authentication/authorization scheme
configuration, refer to 18.2.1 Setting Authen/Author Scheme.
MA5300(config-isp-huawei163.net)#authen-scheme auth
III. Setting the accounting scheme used by the ISP domain
In ISP domain mode, use the command acct-scheme to set the accounting scheme
used by the ISP domain. Then this scheme will be applied to all users under this ISP.
18-6
The accounting scheme should already be configured. Then it can be quoted in the
ISP domain. For details on the accounting scheme configuration, refer to 18.2.2
Setting Accounting Scheme.
MA5300(config-isp-huawei163.net)#acct-scheme charge
IV. Specifying the RADIUS server group used by the ISP domain
If the RADIUS authentication or accounting is required, use the command

radius-scheme to specify the RADIUS server group used by the ISP domain. By
default, the default RADIUS server group is used.
The RADIUS server group should already be configured. Then it can be quoted in the
ISP domain. For details on the RADIUS server group configuration, refer to 18.3
Configuring RADIUS.
MA5300(config-isp-huawei163.net)# radius-scheme radius1
V. Set the the ISP domain state
Use the state command to set the state of the ISP domain as either in active or block
state.
If an ISP domain is in active state, its users can request for network service. Whereas
in block state, its users cannot request for any network service; yet this will not affect
the users already online.
An ISP is in block state when it is created. That is, no user in the domain is allowed to
request for network service.
MA5300(config-isp-huawei163.net)#state active
VI. Setting the number of access users allowed in the ISP domain
Use the command access-limit to specify how many access users are allowed in the
ISP.
By default, there is no limit on the number of access users for any ISP domain.
However, since a maximum of 1024 access users are supported by the MA5300, this
sets a limit on the number of access users in an ISP domain.
MA5300(config-isp-huawei163.net)#access-limit enable 30
VII. Setting the idle-cut attribute
Idle-cut attribute is also called aging attribute.
In a certain continuous period, if the traffic (including some handshaking packets)

between a user in the ISP domain and the network is less than the predefined volume,
the system will regard the connection as idle. It will then drop this disconnection.
18-7
Use the idle-cut command to set the idle-cut period and the traffic limit. By default,
the maximum idle time-range is 30 minutes and the minimum traffic is 3000 bytes.
Whether to enable this function is based on the configurations on the user side and
the RADIUS side.
MA5300(config-isp-huawei163.net)#idle-cut data 20 2000
VIII. Setting user template attributes
A user template refers to a set of default user attributes. If a user requesting for the
network service does not have all the required attributes, the corresponding attributes
in the template will be adopted as default ones.
At present, the user template only provides the user idle-cut attribute. After a user is
authenticated, if neither the user nor the RADIUS server has specified whether to
enable or disable the idle-cut, the idle-cut setting of the user is the same as that in the
template.
Because a user template only works in one ISP domain, it is necessary to configure
user template attributes for users from different ISP domain respectively.
In ISP domain mode, use the user-template command to set the idle-cut switch in the
template. By default, idle-cut is disabled.
MA5300(config-isp-huawei163.net)#user-template idle-cut enable
IX. Specifying the default ISP domain
For the MA5300, each access user belongs to a certain ISP domain. Generally, a user
will report its username and ISP domain names in the userid@isp-name format. If a
user does not report its ISP domain name while logging in, the system will assign the
user with the default ISP domain.
By default, the system does not have a default ISP domain. You can use the
command global setting domain-default in global mode to specify an existing ISP
domain as the default one.
This example shows how to set the default ISP domain.

MA5300(config)#global setting domain-default
{ disable<K>|enable<K> }:enable
{ WORD<S><1,24> }: huawei163.net
{ yes<K>|no<K> }:yes
Here,
enable indicates to set the default ISP domain.
disable indicates not to set the default ISP domain.
18-8
no indicates that, for users not reporting its ISP domain name. the system will put
them to the default domain, without adding that name to the user names.
yes indicates that, for users not reporting its ISP domain name. the system will put
them to the default domain and add that name to the user names.
Note:
If the system is not configured with a default ISP domain, the access users who have not reported the
domain name are not allowed to obtain any network service.
18.2.4 Configuring a User
The following introduces how to configure the user.
I. Adding a local user
A local user is a group of users set on NAS. The username is the unique identifier of a
user. To make it possible for a user with network service request to be authenticated
locally, it is required to add the corresponding local user to the NAS and set relevant
attributes.
In global mode, use the command user to add a local user and set relevant attributes.
By default, there is no local user in the system.
This example shows how to add a local user.

MA5300(config)#user
{ WORD<S><1,32> }:localuser@huawei163.net //Set the local user name as
localuser.
{<cr>|password<K>|state<K>|service-type<K>}:password
{ 0<K>|7<K> }:0
{ WORD<S><1,16> }:localpass //Set the local user password
as localpass.
{ <cr>|state<K>|service-type<K> }:service-type //Set the user type as
8021x.
{ 8021x<K>|ftp<K> }:8021x
{ <cr>|state<K>|access-limit<K>|idle-cut<K> }:idle-cut //Enable the
idle-cut function.
{ enable<K>|disable<K> }:enable
{ <cr>|access-limit<K>|state<K> }:access-limit //Set the access limit.
18-9
{ INTEGER<1,1024> }:3
{ <cr>|state<K> }:state //Set the user state.
{ active<K>|block<K> }:active
II. Modifying a local user
The attributes of a local 802.1x user include access-limit, idle-cut, password and
state.. In global mode, use the command set user to set these attributes.
z access-limit: Several users can use one local user account to access network
service. The number of access users will be determined by the access limit
attribute.
z idle-cut: Enables/Disables the idle-cut function for local users. The specific data
of idle-cut is determined by user configuration in ISP domain.
z password: User password during the local authentication.
z state: Similar to ISP domain configuration, a local user also has active and
block states. If the state is specified as block, the user is not allowed to request
for any network service.
This example shows how to modify a local user.
MA5300(config)#set user
{ WORD<S><1,32> }:aaa
{ password<K>|state<K>|service-type<K> }:service-type
{ 8021x<K>|ftp<K> }:8021x
{ <cr>|password<K>|state<K>|access-limit<K>|idle-cut<K> }:access-limit
{ INTEGER<1,1024> }:3
{ <cr>|idle-cut<K>|password<K>|state<K> }:password
{ 0<K>|7<K>|disable<K> }:0
{ WORD<S><1,16> }:aaa
{ <cr>|state<K> }:state
{ active<K>|block<K> }:active
III. Disconnecting a user forcefully
By default, the system does not disconnect online users by force. In certain cases, it is
necessary to disconnect a user or one type of users by force.
In global mode, use the command cut connect to disconnect a user or one type of
users by force.
MA5300(config)#cut connection
{ ucibindex<K>|username<K>|domain<K>|mac<K> }:username
{ WORD<S><1,32> }: localuser@huawei163.net
18-10
18.3 Configuring RADIUS
For the MA5300, the RADIUS is configured on each RADIUS server group. In real
networking environment, a RADIUS server group can be an independent RADIUS
server or a set of primary/secondary RADIUS servers with the same configuration but
two different IP addresses. Accordingly, attributes of every RADIUS server group
include IP addresses of primary and secondary servers, shared key and RADIUS
server type.
Actually, RADIUS configuration only defines some necessary parameters using for
information interaction between the NAS and RADIUS Server. To make these
parameters effective, it is necessary to configure, in the configuration mode, an ISP
domain to use the RADIUS server group and specify it to use RADIUS AAA schemes.
For more about the configuration commands, refer to 18.2 Configuring AAA
RADIUS configuration tasks include:

z Creating/Deleting a RADIUS server group
z Setting IP address and port number of RADIUS server
z Setting encryption key of RADIUS packet (optional)
z Setting response timeout timer of RADIUS server (optional)
z Setting retransmit times of RADIUS request packet (optional)
z Setting the realtime accounting interval (optional)
z Setting maximum failure count of realtime accounting request (optional)
z Setting retransmit times of account-stop request packet (optional)
z Setting RADIUS server type (optional)
z Setting RADIUS server status (optional)
z Setting the format of username sent to RADIUS server (optional)
z Querying AAA and RADIUS information (optional)
The following introduces how to make RADIUS configurations.
18.3.1 Creating/Deleting a RADIUS server group
RADIUS configurations are performed on the basis of each RADIUS server group,
one RADIUS server group can be used by several ISP domains at the same time. So
it is required to create a RADIUS server group and enter its configuration mode before
can make other RADIUS configurations.
By default, the system has a RADIUS server group named default, whose attributes
all adopt default values.
In global mode, use the command radius-server host to create a RADIUS server
group and enter its configuration mode; or use the command no radius-server host
to delete a RADIUS server group.
18-11
MA5300(config)#radius-server host
{ WORD<S><1,32> }:radius1 //Create a RADIUS server group.
18.3.2 Setting IP Address and Port Number of RADIUS Server
After creating a RADIUS server group, you are supposed to set IP addresses and
UDP port numbers for the RADIUS servers, including primary/secondary
authentication/authorization servers and accounting servers. Each type of servers
can be specified with the role of primary or secondary server. So you can configure up
to four groups of IP addresses and UDP port numbers.
At least you have to set one group of IP address and UDP port number for each pair of
primary/secondary servers to ensure the normal AAA operation.
By default, the IP addresses of primary/secondary authentication, authorization and

accounting (authentication/authorization/account for short) servers are all 0.0.0.0,
authentication/authorization service port is 1812 and accounting service UDP port is
1813.
In RADIUS server group mode, use the command primary auth to set IP address
and port number of the primary RADIUS authentication/authorization server; or use
the command primary acct to set IP address and port number of the primary RADIUS
accounting server.
MA5300(config-radius-radius1)# primary auth 10.11.1.1
MA5300(config-radius-radius1)# primary acct 10.11.1.2
In RADIUS server group mode, use the command second auth to set IP address and
port number of the secondary RADIUS authentication/authorization server; or use the
command; or use the command second acct to set IP address and port number of
the secondary RADIUS accounting server.
MA5300 (config-radius-radius1)# second auth 10.11.1.2
MA5300 (config-radius-radius1)# second acct 10.11.1.1
In a real networking environment, you need to set the above parameters based on the
actual requirements.
For example, you may specify four groups of different data to map four RADIUS
servers, or specify two servers as the primary and secondary
authentication/authorization/account server to each other. Also, you may set four
groups of same data so that each server functions as both the primary and secondary
server.
To guarantee the normal interaction between the NAS and RADIUS server, you shall
ensure the normal routes between the RADIUS server and the NAS before setting the
IP address and UDP port of the RADIUS server.
18-12
In addition, because RADIUS protocol uses different UDP ports to receive ro transmit
authentication/authorization/account packets, you shall set two different ports
accordingly. Suggested by RFC2138/2139, the authentication/authorization port
number is 1812 and the accounting port number is 1813. However, you may use
values other than the suggested ones. (Especially for some earlier RADIUS Servers,
authentication/authorization port number is often set to 1645 and accounting port
number is 1646.)
Make sure that settings of the RADIUS service port on the MA5300 are consistent
with those on RADIUS server.
18.3.3 Setting Encryption Key of RADIUS Packet
RADIUS client (or the MA5300 and RADIUS server) uses MD5 algorithm to encrypt
the exchanged packets. The two ends verify the packet through setting the encryption
key. Only when the keys are identical can both ends to accept the packets from each
other end and give response.
By default, the keys of RADIUS authentication/authorization/account packets are all

huawei.
In RADIUS server group mode, use the command key auth to set the RADIUS
authentication/authorization packet key; or use the command key acct to set the
RADIUS accounting packet key.
MA5300(config-radius-radius1)# key auth money
MA5300(config-radius-radius1)# key acct money
18.3.4 Setting Response Timeout Timer of RADIUS Server
After RADIUS (authentication/authorization or accounting) request packet has been

transmitted for a period of time, if the NAS has not received the response from
RADIUS server, it has to retransmit the request to ensure RADIUS service for the
user.
By default, timeout timer of RADIUS server is 3 seconds.
In RADIUS server group mode, use the command timeout to set the timeout timer of
RADIUS server.
MA5300(config-radius-radius1)#timeout 3
18.3.5 Setting Retransmit Times of RADIUS Request Packet
Since RADIUS protocol uses UDP packet to carry the data, the communication
process is not reliable. If the RADIUS server has not responded the NAS before the
predefined response timeout, the NAS has to retransmit RADIUS request packet.
18-13
If it transmits the packet for more than the given retransmit times (retry-time), but
RADIUS server still has not given any response, the NAS will regard the
communication with the current RADIUS server has been disconnected. the NAS will
then transmit the request packet to other RADIUS servers.
In RADIUS server group mode, use the command retransmit to set the retransmit
times of RADIUS request packet.
MA5300(config-radius-radius1)#retransmit 3
18.3.6 Setting the Realtime Accounting Interval
To enable real time accounting on the user, you need to set the realtime accounting
interval. After the setting, the NAS will transmit the accounting information about
online users to the RADIUS server regularly.
The configured realtime accounting interval will not be effective to authenticated

on-line users immediately. When the user log in and connect again and there is no
such specified attribute in messages returned from the RADIUS server, system will
then update the value. By default, this value is set to 12 minutes.
The realtime accounting interval is related to the performance of the NAS and
RADIUS server. The smaller the value is, the higher the performances of the NAS and
RADIUS are required. When there are a large number of users (equal to or more than
1000), we suggest a larger value.
Table 18-1 lists the recommended ratios between the realtime accounting interval and
the number of users.
Table 18-1 Recommended ratio of realtime accounting interval to number of users
Number of users Realtime accounting interval (minute)

1 to 99 3
100 to 499 6
500 to 999 12
1000 15
In RADIUS server group mode, use the command realtime-acct-timeout to set the
realtime accounting interval.
MA5300(config-radius-radius1)#realtime-acct-timeout 12
18-14
18.3.7 Setting Maximum Failure Count of Realtime Accounting Request
The RADIUS server usually checks if a user is online by way of timeout timer. If the
RADIUS server has not received the realtime accounting packet from the NAS for a
certain period of time, it will regard that there is device failure and stop accounting.
Accordingly, it is necessary to disconnect the user at the NAS end and on the RADIUS
server synchronously when some unpredictable failure exists. In the MA5300, you
can set the maximum failure count of in receiving response to the realtime accounting
request. Then, the NAS will disconnect the user if it has not received realtime
accounting response from the RADIUS server for the specified times.
How to calculate the value of count? Suppose that the RADIUS server connection will
timeout in T and the realtime accounting interval of the NAS is t, then the integer part
of the result from dividing T by t is the value of count. Therefore, when applied, T is
suggested the numbers which can be divided exactly by it.
By default, it is allowed that the realtime accounting request fails to be responded for
no more than 5 times.
In RADIUS server group mode, use the command permit-failed-count to set the
maximum failure count of realtime accounting request.
MA5300(config-radius-radius1)#permit-failed-count 5
18.3.8 Setting Maximum Times for Resending Account-Stop Request
Account-stop request is of vital importance to user and ISP, since it involves bill
settlement and affects the amount of charging. So the NAS shall try its best to send
the message to the RADIUS accounting server.
Accordingly, if the RADIUS accounting server does not respond to the request from
the MA5300, the MA5300 will save the request in its local buffer and retransmit it to
obtain the response from the RADIUS server. But it will discard the request after the
resending times exceed the specified value.
Use the command resend-acctstop-pkt to set whether to allow a buffer for the
account-stop request; and if buffer is allowed, the maximum times for resending the
account-stop request.
By default, the account-stop request will be saved in the buffer and the request can be
retransmitted for up to 500 times.
For example:
MA5300(config-radius-radius1)#resend-acctstop-pkt
{ disable<K>|enable<K> }:enable //Allow a buffer for the account-stop
request.
18-15
{ INTEGER<10,65535> }:10 //Set that the account-stop request

will be resent for 10 times.
18.3.9 Setting the RADIUS Server Type
The MA5300 supports both the standard RADIUS protocol and the extended RADIUS
service platforms independently developed by Huawei, such as IP Hotel, 201+ and
Portal. The following command can be used for selecting the supported RADIUS
server type.
Use the command server-type to specify the RADIUS server type. At present, valid
RADIUS server types are huawei and standard. The default RADIUS server type is
standard.
For example:
MA5300(config-radius-radius1)#server-type
{ standard<K>|iphotel<K>|portal<K>|huawei<K> }:standard
18.3.10 Setting RADIUS Server State
For the primary and secondary servers (regardless whether it is an

authentication/authorization server or an accounting server), if the primary is
disconnected to the NAS due to a fault, the NAS will automatically turn to exchange
packets with the secondary server.
However, after the primary one recovers, the NAS will not resume the communication
with it at once. Instead, it continues communicating with the secondary one. The NAS
will turn to the primary one again only when the secondary one also fails.
Use the command state to set the primary server state to up, so that the
communication between the NAS and the primary server can recover right after a fault
is removed.
By default, the state of each server in a RADIUS server group is down. After
configuring the IP address of each server, its state will become up.
This example shows how to set the RADIUS server group.

MA5300(config-radius-radius1)#state
{ primary<K>|second<K> }:primary //Select the primary RADIUS server.
{ auth<K>|acct<K> }:auth //Select the authentication/authorization
server.
{ up<K>|down<K> }:up //Set the state of the primary RADIUS
authentication/authorization server.
When the primary and secondary servers are both up or down at the same time, the
NAS will send the packets to the primary server only.
18-16
18.3.11 Setting the Format of Username Sent to RADIUS Server
Since the access users are generally named in userid@isp-name format. The part
following @ is the ISP domain name. The MA5300 will assign users into different
ISP domains based on their domain names.
However, some earlier RADIUS servers reject the username including ISP domain
name. In this case, you have to remove the domain name before sending the
username to the RADIUS server.
Use the command username-format to specify whether the username to be sent to

the RADIUS server carries the ISP domain name.
By default, the username sent to it the RADIUS server group carries the ISP domain
name.
MA5300(config-radius-radius1)#username-format
{ with-domain<K>|without-domain<K> }:with-domain
Note:
If it is specified that a RADIUS server group does not allow usernames carrying ISP domain names, the
RADIUS server group shall not be at the same time used in more than one domains. Otherwise, the
RADIUS server will mistake the two users in different domains as the same user since they have the
same username.
18.4 Querying AAA and RADIUS Information
After the above configurations complete, you can use the show command to query
operation of the configured AAA and RADIUS and check whether the configuration is
correct. You can also use the debug command to debug AAA and RADIUS in
privileged mode.
Table 18-2 Query AAA and RADIUS information
To Use
Display relevant AAA information show aaa
Display relevant information about the
show aaa authentication [ authen-scheme-name ]
authentication/authorization scheme table
Display relevant information about the
show aaa accounting [ acct-scheme-name ]
accounting scheme table
Display AAA statistics information show aaa statistic
18-17
To Use
Clear AAA statistics information clear aaa statistic
Display related parameters and state of
display domain
current ISP domain (ISP domain mode)
Display relevant information about ISP
show domain [ isp-name ]
domain
show connect [ cut-data ucib-index | domain

Display relevant information about domain-name | mac mac-address | state { all | online
connection | stop | wait } | ucibindex ucib-index | username
username ]
show user [ domain isp-name | idlecut { disable |

Display relevant user information enable } service-type 8021x | state { active | block }
| username username ]
View information about the current RADIUS
info
server (RADIUS server mode)
Display statistics information about RADIUS
show radius-sum
packet
Clear statistics information about RADIUS
clear radius-sum
packet
Display related parameters and state of a
show radius-setting [ radius-server-name ]
RADIUS server group
show noresponse-acctstop-pkt { server
Display the stop accounting request packets
radius-server-name | session-id session-id | time
that have not received response
start-time stop-time | user-name username }
delete noresponse-acctstop-pkt { server
Delete the stop accounting request packets
radius-server-name | session-id session-id | time
that have not received response
start-time stop-time | user-name username }
Open RADIUS debugging switch debug radius
Close RADIUS debugging switch no debug radius
Open RADIUS packet debugging switch debug radius-pkt
Close RADIUS packet debugging switch no debug radius-pkt
18.5 Example of AAA and RADIUS Configuration
Since AAA/RADIUS commands are generally used together with 802.1x commands,
refer to the configuration examples in Chapter 17 802.1x Configuration.
18-18
18.6 Fault Diagnosis and Troubleshooting
RADIUS protocol of TCP/IP protocol suite is located on the application layer. It mainly
specifies how to exchange user information between the NAS and RADIUS server of
ISP. So it is very likely to be invalid.
I. Fault 1: User authentication/authorization always fails.
Troubleshooting:
1) ISP domain of the NAS may be configured improperly, which will make
authentication/authorization method not found.
To avoid this, check ISP domain configurations carefully including the adopted
authentication/authorization scheme and accounting scheme and RADIUS
server group.
2) The username may not be in the userid@isp-name format or the NAS has not
been configured with a default ISP domain.
To avoid this, use the usernames in proper format or configure the default ISP
domain on NAS.
3) The user may have not been configured in the RADIUS server database.
To avoid this, check the database and make sure that the configuration
information about the user does exist in the database.
4) The user may have input a wrong password.
To avoid this, make sure that the access user inputs the correct password.
5) The encryption keys of the RADIUS server and NAS may be different.
To avoid this, check carefully and make sure that they are identical.
6) There might be some communication fault between the NAS and RADIUS server,
which can be discovered through running ping RADIUS command server on
NAS.
To avoid this, make sure that the communication between the NAS and RADIUS
is normal.
II. Fault 2: RADIUS packet cannot be Sent to the RADIUS server.
Troubleshooting:
1) The lines (on physical layer or link layer) connecting the NAS and RADIUS
server may not work well.
To avoid this, make sure the lines work well.
2) The IP address of the corresponding RADIUS server may not have been set on
NAS.
18-19
To avoid this, set a proper IP address for the RADIUS server.

3) UDP ports of authentication/authorization/account services may not be set
properly.
To avoid this, make sure they are consistent with the ports provided by the
RADIUS server.
III. Fault 3: User cannot send charging bill to the RADIUS server after being
authenticated and authorized.
Troubleshooting:
1) If the ISP domain including the user has not adopted the accounting scheme and
the system is configured not to keep accounting by default, the users bill will not
be sent to the RADIUS server.
In this case, make sure that the ISP domain including the user explicitly adopts
RADIUS server for accounting.
2) The accounting port number may be set improperly.
To avoid this, set a proper number.
3) The accounting service and authentication/authorization service are provided on
different servers, but the NAS requires the services to be provided on one server
(by specifying the same IP address).
So make sure the settings of servers are based on the actual conditions.
4) Local accounting and disabling RADIUS accounting may have been configured
in the AAA accounting scheme.
So if accounting by RADIUS server is adopted, you need to enable RADIUS
accounting in AAA accounting scheme explicitly.
18-20
SmartAX MA5300/5303 Broadband Access System Chapter 19 PITP Configuration
Chapter 19 PITP Configuration
19.1 Overview
The MA5300 supports Policy Information Transfer Protocol (PITP). With PITP, the
MA5300 carries physical user port information in its PPPoE authentication request. In
this way, the MA5300 coordinates with the ISN8850 or the ESR8825 to implement
binding between the user account and the user port. This presents a solution to
broadband user identification.
The MA5300 supports 4k VLANs. Each user belongs to one VLAN, and is identified by
a VLAN ID.
19.2 Enabling/Disabling PITP
To enable PITP, run the global command pitp enable.

MA5300(config)#pitp enable
Now if you run the command show pitp config state, the display shows that PITP has
been enabled.
MA5300(config)#show pitp config state
PITP is enable.
To disable PITP, run the global command pitp disable.

MA5300(config)# pitp disable
Now if you run the command show pitp config state, the display shows that PITP has
been disabled.
MA5300(config)#show pitp config state
PITP is disable.
By default, PITP is enabled.
19.3 Setting PITP Ethernet Type
To set the PITP Ethernet type, namely the type of the Ethernet frames carried in PITP
packets, use the global command pitp ethernet-type.
MA5300(config)#pitp ethernet-type 0x8200
Now if you run the command show pitp config ethernet-type, the display shows that
the Ethernet type is the same as the one you have set.
19-1
SmartAX MA5300/5303 Broadband Access System Chapter 19 PITP Configuration
MA5300(config)#show pitp config ethernet-type

PITP protocol ethernet-type is: 0x8200.
Make sure that PITP has been enabled before you set the PITP Ethernet type.
19-2
SmartAX MA5300/5303 Broadband Access System Chapter 20 ISU Configuration
Chapter 20 ISU Configuration
20.1 Introduction to ISU
Besides the IP DSLAM device, the MA5300 also serves as the Intelligent Service Unit
(ISU) to perform the service management, bandwidth management and security
management for commercial subscribers. In this way, the MA5300 offers a commercial
subscriber bypass solution.
ISU can separate the common subscriber related traffic from the commercial
subscriber related traffic. As a result, the two types of traffic have different routes:
z The former passes through the main control system, and then goes upstream to
the convergence layer L3 or BAS for authentication, and finally enters the Internet.
z The later is first processed by ISU, then directly enters the metropolitan access
network through ISU's FE/GE port.
Consisting of the ISU board and related software, ISU supports PPPoE authentication,
VLAN binding authentication, and VLAN+Web (forced Portal, built-in Portal).
Meanwhile, it also supports accounting based on the traffic volume and service
duration.
ISU is located in the MA5300 frame. It can provide various FE/GE IP upstream ports.
20.2 MA5300s ISU Board
There are two types of ISU boards: ISUA board and ISUE board. Each of them provides
two subslots, which can be equipped with various subboards to offer diverse FE/GE
ports.
For the ISUA board, subslot 1 can be equipped with various FE/GE optical boards,
while subslot 2 can be equipped with various FE optical boards. If only one subboard is
needed, the subboard is always mounted to subslot 1.
For the ISUE board, subslot 1 can be equipped with various FE/GE optical boards,
while its subslot 2 is installed with the 4-port FE subboard.
ISU boards FE ports are numbered as 1 8.
ISU boards GE ports are numbered as 9 10. GE port 10 can connect with the
MA5300s ESM board through the backplane.
The ISU board always resides in slot 14 or 15 (slot 15 is recommended) of the MA5300.
20-1
SmartAX MA5300/5303 Broadband Access System Chapter 20 ISU Configuration
The connection between ISU board and ESM board can be set up through the
backplane and GE port or external FE/GE cables. To set up the connection through
backplane and GE port, run the command inner-isu in global mode. In this case, the
second GE channel provided by ISU boards subboard 1 serves as the communication
channel between the ISU board and the ESM board.
To view the information on the connection, run the command show inner-isu in global
mode.
MA5300(config)#show inner-isu
Inner-isu is enabled in slot 15.
MA5300(config)#
20.3 Configuring the ISU Board
For details about ISU board configuration, refer to Broadband Access Service
Processing Unit Operation Manual.
20-2
SmartAX MA5300/5303 Broadband Access System Chapter 21 Overview of IP Routing Protocol
Chapter 21 Overview of IP Routing Protocol
This chapter introduces the routing function of the MA5300. When the MA5300 runs a
routing protocol, it functions as a router.
Router that is described in this routing protocol module and its icon represents a router
or in general sense a MA5300 running routing protocols. To improve readability, this will
not be described in other parts of the manual.
21.1 IP Routing and Routing Table

21.1.1 Route and Route Segment
Routers are used for routing packets in the Internet. A router selects a suitable path
(through a network) according to the destination address contained in a received
packet, and sends the packet to the next router. The last router on the path will send the
packet to the destination host.
The router logically takes the path (from the network ingress to the network egress)
covered by a packet in a certain network as a route unit, which is called one Hop.
For example, as shown in Figure 211, three networks and two routers are traversed
from Host A to Host C and the hop count is three. If one node is connected to another
through a network, there is a segment between them, and they are adjacent in an
interconnected network.
Similarly, adjacent routers mean the two routers are connected to the same network.
The hop count from a router to a host in the local network should be taken as zero.
Figure 211 uses the bold arrow to indicate these route segments. However, the router
is not concerned about what physical links comprise a segment.
R R
A
Segment
R
R
R
C
Figure 211 Concept of route segment
21-1
As the network may vary greatly in size, the actual length of each route segment is
rather different. Therefore, the path length in different networks can be measured with
the number of route segments multiplied by a weighted coefficient.
Suppose that a router is a node in the networks, and a route segment is a link in the
interconnected networks, the routing in the interconnected networks is similar to that in
a simple network. A route with a minimum of hops may not be the optimal selection. For
example, the route passing three routing hops of LANs may be much faster than that
passing two route segments of WANs.
21.1.2 Route Selection through the Routing Table
The routing table is the key for a router to forward packets. Each router keeps a routing
table. Each route entry in the table shows through which physical interface of the router
a packet can be forwarded to a specific subnet or a host so as to reach the next router
along this path; Or the route entry can show that the packet can be sent to the
destination host in a interconnected network without passing other routers.
The routing table includes the following key items:
z Destination address
It is used to label the destination address or destination network of an IP packet.
z Network mask
It is used to identify the network segment address of the destination host or router
together with the destination address. The network segment address of the destination
host or router can be acquired by performing AND operation on the destination address
and the network mask. Suppose there is a host or a router (with the destination address
as 129.102.8.10 and with the mask as 255.255.0.0) is located in a segment with the
address 129.102.0.0. If the mask is comprised of consectutive 1s, it can be written in
dotted decimal format, or the count of consectutive 1s.
z Output interface
It indicates from which interface of the router an IP packet will be forwarded.
z Next hop IP address
It indicates the next router that an IP packet will pass.
z Routing protocol type
It includes local direct, OSPF, RIP, static.
z Route priority
It refers to the priority of a route in the IP routing table. For the same destination, there
may be several routes with different next hops. These routes may be discovered by
different routing protocols, or static routes configured manually. The route with the
highest priority (smallest value) will be the optimal one. Multiple routes with different
21-2
priorities to the same destination can be configured, and only one route is selected for
IP packet forwarding according to the priority.
Based on the destination of a route, the routes can be classified as:
z Subnetwork route, whose destination is a subnetwork.
z Host route, whose destination is a host.
Based on the connection mode between the destination and the router, it can be
classified as:
z Direct routing: network of the destination is directly connected to the router.
z Indirect routing: network of the destination is not directly connected to the router.
To avoide too large a routing table, a default route can be defined. Once a packet fails
to find a route in the routing table, the default route will be selected for forwarding.
For complex interconnected networks as in Figure 212, the digit in each network is the
network address. Router 8 is connected with three networks. It has three IP addresses
and three physical ports. Its routing table is as shown in the diagram.
16.0.0.2 16.0.0.3
Routing table of Router8
16.0.0.0
15.0.0.2 R7 10.0.0.2
R6
Network of the Forward from Via which
16.0.0.2 destination host which router port
15.0.0.0 R5 10.0.0.0
13.0.0.3 10.0.0.0 Directly 2
13.0.0.2 2 11.0.0.0 Directly 1
15.0.0.1 10.0.0.1
3 R8 12.0.0.0 11.0.0.2 1
R2 13.0.0.0
1 13.0.0.0 Directly 3
14.0.0.2 11.0.0.1
13.0.0.4
13.0.0.1 14.0.0.0 13.0.0.2 3
11.0.0.0
14.0.0.0 R3 15.0.0.0 10.0.0.2 2
16.0.0.0 10.0.0.2 2
R1 12.0.0.2 11.0.0.2
14.0.0.1 R4
12.0.0.0
12.0.0.3
12.0.0.1
Figure 212 Routing table
21.2 Route Management Policy

The MA5300 supports both static routes and dynamic routing protocols such as RIP
and OSPF. The MA5300 manages the user-configured static routes and the dynamic
routes discovered by routing protocols in an integrated manner. The static routes and
the routes discovered or configured by various routing protocols can be shared.
21.2.1 Routing Protocols and Routing Priority
Different routing protocols (including static routes) may find different routes to the same
destination, while not all the routes are the optimal ones. In fact, the current route to a
specific destination at a specific moment can be determined by one routing protocol
only. Each routing protocol (as well as the static route) is allocated a priority. When
21-3
multiple route information sources exist, the route discovered by the routing protocol
with higher priority will become the current route.
Table 211 lists various routing protocols and their default priorities for route
discovering. The smaller the value, the higher the priority. In this table, "0" indicates the
direct route, and "255" indicates any route from an unknown source.
Table 211 Routing protocols and their default routing priorities
Routing protocol or type Routing priority

DIRECT 0
OSPF 10
INTERNAL EIGRP 50
STATIC 60
RIP 100
OSPF ASE 150
EXTERNAL EIGRP 160
IBGP 256
EBGP 256
UNKNOWN 255
Except for the direct route (DIRECT) and the BGP (IBGP, EBGP), the priority of each
dynamic routing protocol can be defined as required. Additionally, the priority of each
static route can be different.
21.2.2 Load Sharing and Route Backup
Different routing protocols can find different routes as they use different algorithms. So
how to e share the discovered results among various routing protocols becomes a
problem.
The MA5300 is capable of redistributing the route discovered by one routing protocol
into another routing protocol. Each routing protocol has a corresponding route
redistributing mechanism. For details, refer to the relevant description on route
redistribution of each routing protocol.
21-4
SmartAX MA5300/5303 Broadband Access System Chapter 22 Static Route Configuration
Chapter 22 Static Route Configuration
22.1 Overview
22.1.1 Attributes and Function of Static Route
The static route is a special route. It is configured manually by the administrator.

Configuring static routes help build up an interconnected network. However, when a
network fault occurs, the static route will not change automatically; then it has to be
adjusted by the administrator.
In a simple network, the router runs well as long as the static routes are configured.
Careful configuration and usage of static routes will improve the network performance
and assure bandwidth for important applications.
All the following routes are static routes:
z Reachable route: A normal route is of this type. That is, the IP packet is sent to
the next hop by way of the route marked by the destination. It is a common type of
static routes.
z Unreachable route: When a static route to a destination has the "reject" attribute,
all the IP packets to this destination will be discarded, and the originating host will
be informed that the destination is unreachable.
z Blackhole route: When a static route to a destination is of the "blackhole"
attribute, all the IP packets to this destination will be discarded, and the originating
host will not be informed.
The attributes "reject" and "blackhole" are usually used to control the range of
reachable destinations of a router and help troubleshoot the network faults.
22.1.2 Default Route
A default route is also a static route. To put it simple, the default route is the route used
when no matched routing table ingress entry is found.
In a routing table, the default route is indicated as the route to network 0.0.0.0 (mask
0.0.0.0). You can use the command show ip route to view whether it has been
configured.
If the destination address of a packet cannot match any entry in the routing table, the
packet will select the default route.
If no default route is found and the destination address of the packet is not in the routing
table, the packet will be discarded. In addition, the router will return an Internet Control
Message Protocol (ICMP) packet to the source, indicating that this destination address
or network is unreachable.
22-1
The default route is very useful in a network. In a typical network with hundreds of
routers, the dynamic routing protocol may consume large bandwidth. Using default
routes, a link with proper bandwidth can be used to replace a high bandwidth link where
there are a great number of users.
22.2 Configuring Static Routes

Static route configuration involves:
z Configuring a static route
z Configuring a default route
z Querying a static route
22.2.1 Configuring a Static Route
Table 221 Configuring a static route
To Use
ip route ip-address { mask | mask-length } { interface-type interface -number |
Add a static route
gateway-address } [ preference preference-value ] [ reject | blackhole ]
no ip route ip-address { mask | mask-length } [ interface-type interface
Delete a static route
-number | gateway-address ] [ preference value ]
Parameter description:
1) IP address and mask
The ip-address is in dotted decimal notation. Since 1s in 32-bit mask must be
consecutive, the mask can be indicated either in the dotted decimal format or in mask
length. (Mask length refers to the number of 1s in a mask).
2) Sending interface or next hop address
In defining a static route, you can specify the sending interface (interface-type interface
number), or the next hop address (gateway-address).
Whether to specify the sending interface or the next hop address depends on the actual
conditions. In the following cases, the sending interface can be specified:
z For an interface supporting resolution from the network address to the link layer
address (such as the Ethernet interface that supports ARP), when ip-address and
mask (or mask-length) together specify a host address, and this destination
address is in the directly connected network, the sending interface can be
specified.
z For a point-to-point interface, the address of the peer interface connected to this
one is that of the next hop of the route. So you can specify the sending interface by
just designating the next hop address.
22-2
For configuring preference-value, you can apply the routing management policy
flexibly.
z Other parameters
The attributes reject and blackhole respectively indicate the unreachable route and
the blackhole route.
22.2.2 Configuring a Default Route
Table 222 Configuring a default route
To Use
Configure a default ip route 0.0.0.0 { 0.0.0.0 | 0 } { interface-type interface -number |
route gateway-address } [ preference value ] [ reject | blackhole ]
no ip route 0.0.0.0 { 0.0.0.0 | 0 } [ interface-type interface -number |
Delete a default route
gateway-address ] [ preference value ]
Meanings of the parameter are the same as those of the static route.
22.2.3 Querying a Static Route
The MA5300 supports multiple methods to display the routing table information. This is
helpful for monitoring and maintaining the routing table. After the above configurations,
you can use the show command to display the static route configuration and verify the
configuration.
Perform these operations in any mode except the common user mode.
Table 223 Querying a static route
To Use
Show summary of routing table show ip route
Show details on the routing table show ip route detail
Show information on a specified route show ip route ip-address
Show information on the radix routing table show ip route radix
Show the static routing table show ip route static
22-3
22.3 Example of Static Route Configuration

As shown in Figure 221, the masks of all the IP addresses in the figure are
255.255.255.0. It is required that all the hosts or MA5300s be interconnected in pairs
through static routes.
Host 1.1.5.1
1.1.5.2/24
1.1.2.2/24 1.1.3.1/24
MA5300 C
1.1.2.1/24
1.1.3.2/24
1.1.1.2/24 1.1.4.1/24
MA5300 A MA5300 B
C B
Host 1.1.1.1 Host 1.1.4.2
Figure 221 Networking diagram of the static route configuration example
! Configure the static route for MA5300 A.

MA5300 A(config)#ip route 1.1.3.0 255.255.255.0 1.1.2.2
! Configure the static route for MA5300 B.

MA5300 B(config)#ip route 1.1.2.0 255.255.255.0 1.1.3.1
! Configure the static route for MA5300 C.

MA5300 C(config)#ip route 1.1.1.0 255.255.255.0 1.1.2.1
MA5300 C(config)#ip route 1.1.4.0 255.255.255.0 1.1.3.2
! Configure the default gateway of the Host A to be 1.1.1.2

! Configure the default gateway of the Host B to be 1.1.5.2
22-4
! Configure the default gateway of the Host C to be 1.1.4.1

By now, all the hosts or MA5300s in the figure can be interconnected in pairs.
22.4 Static Route Troubleshooting

Fault:
The router is not configured with any dynamic routing protocol. Both the physical status
of the interface and the link layer protocol status are in UP state. However, the IP packet
cannot be forwarded normally.
Troubleshooting:
z Use the show ip route static command to view whether the corresponding route
is correctly configured.
z Use the show ip route command to view whether the static route is valid.
22-5
SmartAX MA5300/5303 Broadband Access System Chapter 23 OSPF Configuration
Chapter 23 OSPF Configuration
23.1 Overview
23.1.1 Introduction to OSPF
Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link
state developed by IETF. At present, OSPF version 2 (RFC2328) is used. It has the
following features:
z Application scopeIt supports network of various scales and hundreds of
routers.
z Fast convergence It enables sending an update packet immediately after the
network topology is changed, so that the change can be synchronized in the
Autonomous System (AS).
z Loop-free As OSPF calculates the route with the shortest path tree algorithm
through the collected link state, no loop routes will be generated from the algorithm
itself.
z Area division The network of the AS is divided into areas. The routing
information between the areas becomes more abstract, reducing the bandwidth
occupation in the network.
z Equal route It supports multiple equal routes to the same destination address.
z Routing hierarchy Four types of routes are used in the order of preference:
intra-area routes, inter-area routes, external routes of type 1 and external routes of
type 2.
z Authentication It supports interface-based packet authentication to ensure the
security of route calculation.
z Multicast Packets can be broadcasted on the link layer using the multicast
address.
The whole network can be regarded as consisting of multiple ASs. Information
synchronization of the ASs can be realized through dynamical discovery and
transmission of the AS link status.
Each AS can also be further divided into servreral areas. If the interfaces of a router are
allocated to multiple areas, this router is called an Area Border Router (ABR). An ABR
is located at the area boundary and is connected to multiple areas.
All ABRs and the routers between the ABRs comprise a backbone area. (The
backbone area is identified with 0.0.0.0.) As all areas shall be connected with the
backbone area, the concept of virtual link is introduced to ensure that logical
connectivity remains between in the physically divided areas.
23-1
23.1.2 Process of OSPF Route Calculation
The calculating process for the OSPF route can be briefed as follows:
1) Each OSPF-enabled router maintains a Link-State DataBase (LSDB) that
describes the topological structure of the whole AS. Each router generates a
Link-State Advertisement (LSA) based on the topological structure of the
surrounding network and sends LSA to the neighbors in the network. In this way,
each router receives the LSAs from others and stores these LSAs in the LSDB.
2) As LSA describes the topological structure of the surrounding network of a router,
LSDB describes the topological structure of the whole network. It is easy for the
router to translate LSDB into a weighted, directed graph. This digraph shows
exactly the topological structure of the whole network. All routers in the same area
get the same graph.
3) Each router calculates a shortest path tree with the root being itself using the
OSPF algorithm. This tree gives the routes to all the nodes in the AS. External
routing information is the leaf node. An external route can be tagged by the router
that broadcasts it to record additional information of the AS. Each router gets a
different routing table.
In addition, multiple adjacency relations should be set up so that each router can
broadcast the local status information (such as available interface information,
reachable neighbor information) to the whole system. Consequently, the route change
of any router may be transmitted many times, which is unnecessary and wastes the
precious bandwidth resources.
To address the above proble, OSPF adopts the concept of Designated Router (DR). All
routers only send information to the DR. The DR will broadcast the network link state.
Then the number of adjacency relations between the routers on a multi-access network
is greatly reduced.
In OSPF, interface-based packet authentication is used to ensure the security of route
calculation; and packets can be transmitted and received in the IP multicast mode.
23.1.3 OSPF Packets
OSPF uses five types of packets:

z Hello Packet
It is the commonest packet which is periodically sent by a router to its peer. It contains
DR, BDR, the known peer and the values of some timers.
z Database Description (DD) Packet
When two routers synchronize their databases, they use the DD packets to describe
their own LSDBs, including the digest of each LSA. (The digest refers to the HEAD of
an LSA, which is used to uniquely identify the LSA). This can reduce the traffic between
23-2
the routers, since the HEAD of a LSA only occupies a small portion of the overall LSA
traffic. With the HEAD, the peer router can judge whether it has had the LSA.
z Link State Request (LSR) Packet
After exchanging the DD packets, the two routers know which LSAs of the peer routers
do not exist in the local LSDBs. In this case, they will send LSR packets to the peers to
request for the needed LSAs. The packets contain the digests of the needed LSAs.
z Link State Update (LSU) Packet
The packet is used to transmit the needed LSAs to the peer router. It contains a
collection of multiple LSAs (complete contents).
z Link State Acknowledgment (LSAck) Packet
The packet is used for acknowledging the received LSU packets. It contains the
HEAD(s) of LSA(s) requiring acknowledgement. (One packet can acknowledge
multiple LSAs).
23.1.4 Related Concepts
The following introduces some concepts associated with OSPF.
I. Router ID
To run OSPF, a router must have a router ID. If no ID is configured, the system will
automatically select an IP address from the current interface IP addresses as the
Router ID.
II. DR and BDR
z DR (stands for Designated Router)

Suppose there is a broadcast network where the routers are directly connected without
other in-between routing devices. To enable the individual routers to broadcast the
information of their local statuses to the whole AS, all routers in the environment should
set up adjacency. In this case, a route change of any router will result in many
information deliveries, which are both unnecessary and a waste of bandwidth.
In order to solve the problem, OSPF defines the "Designated Router" (DR). All the
routers only need to transmit information to the DR for broadcasting the network link
states.
Which router can be the DR in its segment is not specified manually. Rather, DR is
elected by all the routers in the segment. Refer to 23.2.6 Setting Interface Priority in
DR Election for details about the DR election.
z BDR (stands for Backup Designated Router)
If the DR fails due to some fault, a new DR must be elected by and synchronized with
the other routers on the segment. In this process, which will take a relatively long time,
the route calculation is incorrect. To shorten this process, BDR is defined in OSPF. BDR
23-3
is a backup for DR. DR and BDR are elected in the meantime. The adjacencies are also
set up between the BDR and all the routers on the segment, and routing information is
exchanged between them.
If the DR in use fails, the BDR will become a DR immediately.
III. Area
The network size keeps growing. If all the routers on a huge network are running OSPF,
the large number of routers will result in an enormous LSDB. It will consume an
enormous storage space, complicate the SPF algorithm, and add the CPU load as well.
Furthermore, as a network grows larger, the topology is more likely to change.
As a result, the network is always in turbulence, and a great deal of OSFP packets will
be generated and transmitted in the network. This will lower the network bandwidth
utility. In addition, each change will cause all the routes in the network to compute the
route again.
OSPF solves the above problem by dividing an AS into different areas. Areas logically
group the routers. The borders of areas are some routers. A router connects the
backbone area and a non-backbone area is called Area Border Router (ABR). An ABR
can connect to the backbone area either physically or logically.
IV. Backbone area and virtual link
z Backbone area
Not all OSPF areas are equal. One area is different from all the other areas. Its area ID
is 0 and it is usually called the backbone area.
z Virtual link
Since all OSPF areas should be connected logically, virtual link is adopted so that the
physically separated areas can still maintain the logic connectivity.
V. Route summary
AS is divided into different areas which are interconnected through OSPF ABRs. The
routing information between areas can be reduced through route summary. This help to
reduce the size of routing table and improve the calculation speed of the router. After
finding an intra-area route of an area, the ABR will look up the routing table and
encapsulate each OSPF route into an LSA and send it outside the area.
23.1.5 OSPF Features of the MA5300
The OSPF software implemented on the MA5300 complies with RFC2328. It has the
following features:
z Stub area
Stub area is defined in order to save the overhead on receiving ASE (Autonomous
System External) routes by local routers.
23-4
z NSSA (short for Not-So-Stubby Area)

NSSA has been defined as a solution to the limit of the Stub area in terms of topologies.
z Routing information sharing with other dynamic routing protocols
In OSPF, dynamic routing protocols and static routes can be redistributed to the AS as
the external routes of OSPF. Conversely, the routing information discovered by OSPF
can be distributed to other routing protocols.
z Authentication
OSPF supports two authentication means for adjacent routers in the same area:
plaintext string authentication and MD5 authentication.
z Flexible configuration of interface parameters of a router
On the interfaces of a router, parameters which can be configured with OSPF include:
Output cost
Hello packet transmit interval
Retransmit interval
Interface transmit delay
Routing preference
"Dead" time of adjacent routers
Packet authentication mode
Authentication key
z Virtual link
Virtual link can be set up for OSPF on the MA5300.
z Abundant debugging information
OSPF on the MA5300 provides abundant debugging information to help fault
diagnosis.
23.2 Configuring OSPF

Configuration of OSPF requires coordination among respective routers, including
intra-area routers, ABRs and Autonomous System Boundary Routers (ASBRs).
If no configuration is made, the default parameters will be used for the routers. Then no
authentication is required for transmiting and receiving packets. When default
parameters are changed, make sure that the configurations among respective routers
are consistent.
You must first enable OSPF and specify the interface and area number before
configuring other features. However, the interface-related features of configurations are
not restricted regardless of the enabling/disabling of OSPF. Note that the original
interface parameters would become invalid after OSPF is disabled.
23-5
OSPF configuration involves:

z Enabling/Disabling OSPF
z Specifying the interface and area ID
z Configuring router ID
z Configuring network type on the OSPF interface
z Configuring cost for interface transmit packets
z Setting interface priority in DR election
z Setting the neighbor
z Setting the transmit interval of the Hello packet
z Setting the dead interval between adjacent routers
z Setting the LSA Transmit Interval
z Setting the LSA retransmit interval between adjacent routers
z Configuring OSPF Stub Area
z Configuring OSPF NSSA
z Configuring route summarization between OSPF areas
z Configuring a virtual link
z Configuring packet authentication between OSPF areas
z Configuring packet authentication mode
z Redistributing routes of other protocols
z Configuring parameters for OSPF to redistribute external routes
z Redistributing default routes into the OSPF routing table
z Setting routing preference
z Configuring OSPF route filtering
z Configuring MTU filling for an interface transmiting DD packets
z Configuring sending of OSPF packets on an interface
z Querying OSPF information
23.2.1 Enabling/Disabling OSPF
Table 231 Enabling OSPF
To Use
Enable OSPF and enter the OSPF mode router ospf
Disable OSPF no router ospf
OSPF is disabled by default.
23.2.2 Specifying the Interface and Area ID
The OSPF protocol divides the AS into areas. That is, the router is divided into groups
logically.
23-6
One router may belong to different areas (such router is also called ABR), whereas a
network segment can be in one area only.
In other words, each interface running OSPF must be specified to a specific area. The
area is identified with an area ID. ABR transmits routing information between areas.
In addition, all routers in the same area should comply with the parameter configuration
of this area. Therefore, during the configuration of routers in the same area, most
configuration data should be taken into consideration based on this area. Wrong
configurations will make it impossible for adjacent routers to forward information to
each other, or may even lead to blocking or loop of routing information.
Perform these operations in OSPF mode.
Table 232 Specifying interface and area ID
To Use
Specify the interface and area ID network address wildcard-mask area area-id
Disable the running of OSPF on the interface no network address wildcard-mask area area-id
After the OSPF is enabled, you need to specify the interface running OSPF and the
area where the interface is located.
23.2.3 Configuring Router ID
The router ID is a 32-bit unsigned integer, which uniquely identifies a router in the AS.
So the router ID must be configured. In manual router ID configuration, make sure that
the there are no routers having the same ID within the AS. Uusally, the router ID is set
the same as the IP address of one of the routers interface.
Table 233 Configuring router ID
To Use
Configure router ID router id router-id
Cancel the router ID no router id
To ensure stability of OSPF, you should determine the division of router IDs and
manually configure them in network planning.
23.2.4 Configuring Network Type on the OSPF Interface
OSPF calculates the route based on the topological structure of the neighboring
network of this router. Each router describes the topology of its neighboring network
and advertises it to all other routers.
23-7
OSPF divides the network into the following four types based on the link layer protocol
types.
Table 234 OSPF network types
Link protocol Default network type

Ethernet, FDDI Broadcast
ATM NBMA
None Point-to-multipoint
PPP, LAPB, POS Point-to-point
Note:
No link layer protocol is taken as the Point-to-Multipoint type by default. No link layer protocol will be
considered as point-to-multipoint, since it must be forcedly modified from other network types. The most
common practice is to change a non-fully connected NBMA into a point-to-multipoint network.
NBMA refers to Non Broadcast MultiAccess networks. ATM network is a typical NBMA
network. You can specify the transmit interval for the Hello packet between adjacent
routers before the adjacency is set up. The following configurations are recommended:
z The interface can be configured as the non-broadcast mode on the broadcast
network without multi-access capability.
z If direct access is not available to all routers in the NBMA network, the interface
type can be configured as point-to-multipoint.
z If router has only one opposite end in the NBMA network, interface type can be
changed to point-to-point.
The following describes the differences between NBMA and point-to-multipoint:
z In OSPF, NBMA refers fully connected, nonbroadcast and multi-access networks.
In comparison, a point-to-multipoint network does not necessarily require the
network to be fully connected.
z Both DR and BDR should be elected on NBMA. However, there is no DR or BDR
in the point-to-multipoint network.
z NBMA is a default network type. For example, if the link layer protocol is ATM,
OSPF regards the network type is NBMA by default (no matter whether the
network is fully connected or not). However, point-to-multipoint network is not the
default network type. You have to manually change another nework type to
point-to-multipoint. (The most common practice is to change a non-fully connected
NBMA into a point-to-multipoint network.)
z In the NBMA network, packet is unicast. The neighbors must be configured
manually. However, in the point-to-multipoint network, the packet is broadcast.
23-8
Since the link layer of the MA5300 is Ethernet, OSPF takes the network type as
broadcast. Usually, the network type is not to be changed.
Perform these operations in VLAN interface mode.
Table 235 Configuring OSPF network type
To Use
ip ospf network { broadcast | non-broadcast |
Configure interface network type
point-to-multipoint | point-to-point }
Recover the default interface network type no ip ospf network
After the interface has been configured with a new network type, the original network
type of the interface is removed automatically.
23.2.5 Configuring Cost for Interface Transmit Packets
You can configure the cost for interface transmit packets. Or, OSPF will automatically
calculate the cost according to the bandwidth of the current interface.
Table 236 Configuring the cost for interface transmit packets
To Use
Configure the overhead for interface transmit packets ip ospf cost cost
Restore the default value of the cost for interface transmit packets no ip ospf cost
By default, the system calculates the cost automatically based on the interface
baudrate:
z When the baudrate is smaller than 2,000 bit/s, the default cost for the transmit
packet is: 100,000,000/64,000 = 1562.
z When the baudrate is larger than 100,000,000 bit/s, the default cost for the
transmit packet is: 100,000,000/100,000,000 = 1.
z In other circumstances, the default cost for the transmit packet is:
100,000,000/Interface baudrate.
23.2.6 Setting Interface Priority in DR Election
The priority of router interface determines the qualification of the interface in DR

election. The interface with higher priority would be considered first when conflict arises
in terms of voting right.
23-9
DR is not manually designated. It is elected by all routers in the local network segment.
The routers whose priority is greater than 0 in the local network segment can be used
as the "candidates".
The router with the highest priority will be selected among all routers that claim to be
the DR. If two routers have the same priority, the one with greater Router ID is
selectedc. The ballot is a Hello packet. Each router writes its DR into the Hello packet
and sends it to all other routers in the network segment.
When two routers in the same network segment claim to be the "Designated Router"
(DR), the one with higher priority is selected. If the priorities are the same, the one with
greater router ID is selected. If the priority of a router is 0, it will not be elected as
"Designated Router" (DR) or "Backup Designated Router" (BDR).
If the DR is unavailable due to some fault, a new DR should be elected and be
synchronized. This may be time consuming, and route calculation is incorrect during
the process. To shorten the process, OSPF puts forward the concept of BDR (Backup
Designated Router). BDR is actually a backup of DR and is elected together with DR.
BDR also creates adjacency with all routers in the local network segment and
exchanges routing information with them. When DR fails, BDR will become DR
immediately without re-election. With the adjacency already created, this takeover
process is instant. Of course, a new BDR needs to be elected again. It may take a long
time, but this will not affect the route calculation.
The following shall be noted:
z DR in the network segment is not necessarily the router with the highest priority.
Similarly, BDR is not necessarily the router with the second highest priority. For
example, if a new router is added after the DR and BDR are elected, this new
router will not become the DR of the network segment even it has the highes
priority.
z DR is a concept adopted in a specific network segment, and defined in regard to
the interface of the router. A router may be DR on one interface or BDR or DR
Other on another interface.
z DR will be elected only on a broadcast interface or an NBMA interface. It is
unnecessary for DR election on a point-to-point interface or a point-to-multipoint
interface.
Table 237 Setting interface priority in DR election
To Use
Set interface priority in DR election ip ospf priority priority_num
Restore the default priority of the interface no ip ospf priority
23-10
By default, the priority of the Interface is 1 in the DR election. The value can be taken
from 0 to 255.
23.2.7 Setting the Neighbor
For an NBMA network, some special configurations are required. Since an NBMA
interface on the network cannot discover the adjacent router through broadcasting the
Hello packets, you need to specify an IP address for the adjacent router, and whether
the adjacent router is eligible for election.
The neighbor ip-address command is used to make the settings. If priority_num is not
specified, the adjacent router will be regarded as ineligible.
Table 238 Configuring the neighbor
To Use
Configure the neighbor of NBMA interface neighbor ip-address [ priority priority_num ]
Cancel the neighbor of NBMA interface no neighbor ip-address [ priority priority_num ]
By default, the preference for the neighbor of NBMA interface is 1.
23.2.8 Setting the Transmit Interval of the Hello Packet
Hello packet is the most common packet. It is sent to the adjacent routers periodically to
find and maintain adjacency, as well as elect the DR and BDR. You can set the value of
Hello interval (namely the interval for sending the Hello packet). The smaller the hello
interval is, the sooner the network change will be discovered, but the more network
resources will be consumed. The Hello interval of routers in the same network segment
must be the same.
When a router is enabled, it sends Hello packets only to adjacent nodes whose
preference is larger than 0.
After the DR and BDR in the network segment are elected, the DR and BDR will then
send Hello packets to all neighbors to set up adjacency.
If an adjacent router fails, the router will periodically send Hello packets based on the
poll interval defined in the command ospf timer poll, until the adjacent router is
available again. The poll interval should at least triple the hello interval.
Table 239 Setting the Hello interval
To Use
Set the hello interval of the interface ip ospf hello-interval seconds
23-11
To Use
Restore the default hello interval of the interface no ip ospf timer hello
Set the poll interval of the NBMA interface ip ospf poll-interval seconds
Restore the default poll interval no ip ospf poll-interval
By default, Hello interval of point-to-point and broadcast interfaces is 10s and that of
point-to-multipoint and nonbroadcast interfaces is 30s.
23.2.9 Setting the Dead Interval Between Adjacent Routers
Dead interval between adjacent routers refers to the period during which the router fails
to receive Hello packet from a neighboring router and then considers the neighboring
router as unavailable.
You can set the value of dead interval, namly the interval upon which the remote router
becomes invalid. The dead interval should be at least four times that of Hello interval,
while dead interval of all routers in the same network segment should be the same.
Table 2310 Setting dead interval between adjacent routers
To Use
Configure a dead interval between the adjacent routers ip ospf dead-interval seconds
Restore the default dead interval of the adjacent routers no ip ospf dead-interval
By default, the value of dead interval between adjacent routers on point-to-point and
broadcast interfaces is 40s and that on point-to-multipoint and NBMA
(non-broadcast) interfaces is 120s.
Note that after the network type is modified, hello interval and dead interval are both
restored to the default values.
23.2.10 Setting the LSA Transmit Interval
An LSA expires in the LSDB of the local router (1 is added per second), but not in the
process of network transmission. Therefore, it is necessary to add transmit delay
(namely the LSA transmit interval) to the expiration time before the transmission. This
configuration is very important for low-speed networks.
23-12
Table 2311 Setting the LSA transmit interval
To Use
Configure the the LSA transmit interval ip ospf transmit-delay seconds
Restore the default LSA transmit interval no ip ospf transmit-delay
By default, the interval for sending link-state update packet is 1 second.
23.2.11 Setting the LSA Retransmit Interval Between Adjacent Routers
When a router sends an LSA to its neighbor, it should wait for an ACK from them. If no
ACK is received from the neighbor within the retransmit interval, this LSA should be
retransmitted. You can set the value of retransmit interval.
Table 2312 Setting the LSA retransmit interval between adjacent routers
To Use
Configure the LSA retransmit interval between adjacent
ip ospf retransmit-interval seconds
routers
Restore the default LSA retransmit interval between
no ip ospf retransmit-interval
adjacent routers
By default, LSA retransmit interval between adjacent routers is 5 seconds.

seconds: should be greater than the period when a packet is transmitted between two
routers for a round.
Note that do not set the value of retransmit interval too small, or unnecessary
retransmission will be incurred.
23.2.12 Configuring OSPF Stub Area
Stub area refers to the type of LSA areas that do not broadcast the received external
routes. In the Stub area, the size of routing table and amount of routing information
transmitted will be greatly reduced.
Stub area is an optional attribute, but not all areas comply with the configuration
condition. Usually, a Stub area is located at the boundary of the autonomous system,
namely a non-backbone area where there is only one ABR.
To ensure that the route outside the area is still reachable, ABR of this area generates a
default route (0.0.0.0) and advertise it to other non-ABR routers in the area.
In Stub area configuration, pay attention to the following points:
23-13
z The backbone area cannot be configured as a Stub area and virtual link cannot go
through a Stub area.
z To configure an area as a Stub area, all routers in this area must be configured
with this attribute.
z There should be no ASBRs in Stub area. That is, the external routes of AS cannot
be redistributed to the interior of the area.
Table 2313 Configuring OSPF Stub area
To Use
Configure an area as a Stub area area area-id stub [ no-summary ]
Cancel the configured Stub area no area area-id stub
Configure the cost of the default route sent to Stub area area area-id default-cost cost
Cancel the cost of the default route sent to Stub area no area area-id default-cost
By default, Stub area is not configured. The cost for sending the route to the Stub area
is 1.
Two configuration commands are available for Stub area: area stub and area
default-cost:
z Use the area stub command to configure all routers in the Stub area with the stub
attribute.
z The area default-cost command only applies to the ABR connected to this area.
This command is used to configure the cost for sending the default route sent by
the ABR to the Stub area.
To reduce LSAs sent to the Stub area, the option no-summary can be configured to
prohibit the ABR to send Type 3 LSAs to Stub area.
23.2.13 Configure OSPF NSSA
In RFC1587, a new area is added NSSA Area; and a new LSA is added NSSA LSA
(also called Type-7 LSA).
NSSA area is actually a deformation of Stub area. It is similar in Stub area in many ways.
Neither of them generates or imports AS-External-LSA (namely Type-5 LSA), and both
of them can generate and import Type-7 LSA.
Type-7 LSA is generated by ASBR of NSSA area, which can only advertise in NSSA
area. When Type-7 LSA reaches ABR of NSSA, ABR will select whether to transform
Type-7 LSA into AS-External-LSA so as to advertise to other areas.
For example, in the networking in Figure 231, the AS running OSPF comprises three
areas: Area 1, Area 2 and Area 0. Among them, Area 0 is the backbone area.
23-14
Also, there are other two ASs respectively running RIP. Area 1 is defined as an NSSA.
After RIP routes of the Area 1 are propagated to the NSSA ASBR, the NSSA ASBR will
generate Type-7 LSAs which will be propagated in Area 1. When the Type-7 LSAs
reach the NSSA ABR, the NSSA ABR will transform it into Type-5 LSA, which will be
propagated to Area 0 and Area 2.
On the other hand, RIP routes of the AS running RIP will be transformed into Type-5
LSAs that will be propagated in the OSPF AS. However, Type-5 LSAs will not reach
Area 1 because Area 1 is an NSSA. NSSAs and Stub areas have the same approach in
this aspect.
Similar to a Stub area, the NSSA cannot be configured with virtual links.
RIP NSSA
ABR
area 1 NSSA
NSSA ASBR
area 0
area 2
RIP
Figure 231 NSSA area
Perform this operation in OSPF mode.
Table 2314 Configuring OSPF NSSA
To Use
area area-id nssa [ default-information-originate ]
Configure an area to be the NSSA area
[ no-redistribute ] [ no-summary ]
Cancel the configured NSSA no area area-id nssa
Configure the default cost value of the
area area-id default-cost cost
route to the NSSA
Restore the default cost value of the
no area area-id default-cost
route to the NSSA area
z All the routers connected to the NSSA should use the nssa command to configure
the area with the NSSA attribute.
z The keyword default-information-originate is used to generate the default
Type-7 LSAs. The default Type-7 LSA route will be generated on an ABR, even
though no default route 0.0.0.0 is in the routing table. On an ASBR, however, the
default Type-7 LSA route can be generated only if the default route 0.0.0.0 is in the
routing table.
z The keyword no-redistribute is used on the ASBR to prevent the external routes
that OSPF imported through the import-route command from advertising to the
23-15
NSSA. Generally, if an NSSA router is both the ASBR and ABR, this keyword will
be used.
z The keyword no-summary defined on the ABR is used to disable ABRs sending
of summary_net LSAs (Type-3 LSA) to the NSSA. This is to reduce the number of
LSAs sent to the NSSA.
z The keyword default-cost is used on the ABR attached to the NSSA. Using this
command, you can configure the default route cost on the ABR to NSSA.
By default, the NSSA is not configured, and the cost of the default route to the NSSA is
1.
23.2.14 Configuring Route Summarization Between Areas
Route summarization means that the ABR summarizes all route information with the
same prefix to one route and then sent it to other areas.
One area can be configured with multiple summarized segments so that OSPF can
summarize multiple network segments. When the ABR sends routing information to
other areas, Sum_net_Lsa (Type 3 LSA) will be generated in the unit of network
segment.
If an area contains a continuous range of network segments, they can be summarized
into one segment through the area range command. Then the ABR only sends one
summarized LSA, and all LSAs within the summarized segment specified by the
command will not be sent out separately. This process downsizes the LSDBs in other
areas.
For example, there are two network segments in an area as follows:
202.38.160.0 255.255.255.0
202.38.180.0 255.255.255.0
They are to be summarized into one network segment: 202.38.0.0 255.255.0.0
Once the summarized network segment of a specific network is added to an area, the
internal routes within this summarized segment of the area will not be broadcast
separately to other areas. Instead, only the route summary of the entire summarized
network segment will be broadcast.
If the network segment range is defined with the key word notadvertise, the route
summary of the network segment will not be broadcast. This network segment is
described with the IP address/mask. Receiving the summarized network segment and
defining the network segment can reduce the volume of the routing information
exchanged between areas.
Note that route summarization is only effective when configured on an ABR.
23-16
Table 2315 Configuring OSPF route summarization between areas
To Use
area area-id range ip_address ip_mask
Cancel the route summarization between areas
[ advertise | notadvertise ]
Cancel the route summarization between areas no area area-id range ip_address ip_mask
By default, routes are not summarized between areas.
23.2.15 Configuring a Virtual Link
After OSPF area division, not all areas are equal. There is a special area called the
backbone area, whose area ID is 0.0.0.0.
OSPF route updating between non-backbone areas is carried out through the
backbone area. OSPF stipulates that all non-backbone areas must be connected with
the backbone area. That is, at least one interface on ABR should be in the area 0.0.0.0.
If there is no physical connection between a non-backbone area and a backbone area,
a virtual link must be set up.
If physical connectivity cannot be ensured due to the limitation of the network
topological structure, setting up a virtual link can address this requirement. A virtual link
is a logic connection created in the internal route area of a non-backbone area between
two ABRs. At both ends of the virtual link are two ABRs. Vitrula link configuration will be
effective only when it is configured at both ends simultaneously. The virtual link is
identified by the peer router ID.
The area providing the internal route in a non-backbone area is called a Transit Area.
Its area ID should also be specified in virtual link configuration.
The virtual link will be activated after the route passing through the Transit Area has
been calculated. This is like a point-to-point connection between two end points. On
this virtual, various interface parameters (such as the transmit interval of the Hello
packet) can be configured, just as the same case on a physical interface.
"Logic Channel" means that multiple routers running OSPF between two ABRs only
function to forward packets (since destination addresses of the protocol packets are not
the routers, the packets are transparent to the routers and are transmitted as ordinary
IP packets.); whereas routing information are transmitted directly between two ABRs.
The synchronization mode of routers in this Transit Area is not changed.
Note that if the AS is divided into more than one area, the following conditions must be
met:
z One of them must be the backbone area.
z Other areas must be connected with the backbone area directly or logically.
z The backbone area itself should be connected.
23-17
Table 2316 Creating and configuring virtual link
To Use
area area-id virtual-link router-id [hello-interval seconds ]
[retransmit-interval seconds ] [transmit-delay seconds ]
Create and configure a virtual link
dead-interval seconds ][authentication-key key]
[message-digest-key keyid md5 key]
Cancel the created virtual link no area area-id virtual-link router-id
By default, area-id and router-id have no default values. hello-interval is 10 seconds,

retransmit-interval is 5s, transmit-delay is 1s and dead-interval is 40s.
23.2.16 Configuring Packet Authentication between OSPF Areas
Authentication types of all routers in one area must be consistent. The authentication
types can be any of these:
z Not supporting authentication
z Supporting plaintext authentication
z Supporting MD5 authentication
Authentication passwords of all routers in one segment must be consistent. Use area
area-id authentication-key to configure the plaintext authentication password in this
area, and area area-id message-digest-key to configure MD5 authentication
password in this area.
Table 2317 Configuring packet authentication between OSPF areas
To Use
area area-id authentication
Configure the area to support MD5 packet authentication
[ message-digest ]
Cancel the MD5 packet authentication supported by the area no area area-id authentication
By default, the area does not support packet authentication.
23.2.17 Configuring Packet Authentication Mode
OSPF supports plaintext authentication or MD5 authentication between adjacent

routers.
23-18
Table 2318 Configuring packet authentication mode
To Use
ip ospf authentication-key
Configure plaintext authentication for packets on the interface
password
Cancel the use of plaintext authentication for packets on the
no ip ospf authentication-key
interface
Configure the use of MD5 authentication for packets on the ip ospf message-digest-key
interface key-id md5 key
Cancel the use of MD5 authentication for packets on the interface no ip ospf message-digest-key
By default, the interface is not configured with any plaintext authentication or MD5
authentication.
23.2.18 Redistributing Routes of Other Protocols
Dynamic routing protocols on the routers can share the routing information. Due to
OSPF features, the routes that discovered by other routing protocols are always
regarded as the routes outside the AS in processing. In receiving commands, such
parameters as the cost type of the route, cost and tag can be specified to overwrite
default routing parameters.
OSPF uses four different types of routes, as listed below in the order of their
preferences:
z Intra-area route
z Inter-area route
z External route Type 1
z External route Type 2
The Intra-area route and inter-area route describe the network structure inside the AS.
The external route describes how to select the route to a destination outside the AS.
External route Type 1: indicates that IGP routes are received (such as RIP, STATIC).
Since this type of routes is more credible, the calculated cost of the external route and
the cost of the route inside the AS are in the same numeric level and it is comparable
with the cost of the OSPF route. That is, Cost of Type 1 external route = Cost from the
local router to the corresponding ASBR = Cost from the ASBR to the destination
address of the route.
External route Type 2: indicates that EGP routes are received. Since this type of route
is less credible, OSPF protocol considers that the cost from the ASBR to the outside of
the AS is much greater than that from inside the AS to the ASBR. Only the former cost
is taken into consideration when calculating the routing cost. That is, Cost to external
route Type 2 = Cost from ASBR to the route destination address. If the values are equal,
then also consider the cost from the local router to the corresponding ASBR.
23-19
Table 2319 Redistributing routes of other protocols
To Use
Redistribute route information of other redistribute protocol [ metric metric ] [ tag
protocols tag-value ] [ type 1 | 2 ] [ route-map map-name ]
Cancel redistribution of routing information of
no redistribute protocol
other protocols
By default, OSPF does not redistribute routing information of other protocols.

protocol specifies the source routing protocols that can be redistributed. At present,
they are connected, static, rip, is-is and BGP.
23.2.19 Configuring Parameters for OSPF to Redistribute External Routes
When OSPF redistributes routes discovered by other routing protocols as the external
routing information of its own AS, certain parameters are needed, including the default
cost and default tag of the route. Route tag is used to identify protocol-related
information. For example, it is used to differentiate the AS number when OSPF
receives BGP routing information.
Table 2320 Configuring parameters for OSPF to redistribute external routes
To Use
default redistribute interval
Configure the interval when OSPF to redistribute external routes
seconds
Restore the default interval when OSPF redistributes external
no default redistribute interval
routes
Configure the upper limit for the routes that OSPF redistributes
default redistribute limit routes
each time
Restore the default upper limit for the external routes that can be
no default redistribute limit
imported at a time
Configure the cost for the OSPF to redistribute external routes default redistribute metric metric
Restore the default cost for the OSPF to redistribute external
no default redistribute metric
routes
Configure the tag for the OSPF to redistribute external routes default redistribute tag tag
Restore the default tag for the OSPF to redistribute external
no default redistribute tag
routes
Configure the type of external routes that OSPF will redistribute default redistribute type { 1 | 2 }
Restore the default type of the external routes redistributed by
no default redistribute type
OSPF
23-20
By default:
z Neither cost nor tag value is available when the external routes are being
received.
z Type 2 routes are redistributed.
z The interval for redistributing route is 1 second.
z Up to 1000 routes can be redistributed every time.
23.2.20 Redistributing Default Routes into the OSPF Routing Table
Default routes cannot be redistributed through the command redistribute. To

redistribute default routes into the routing table, use the commands as shown in the
table below.
Run the following commands in OSPF mode.
Table 2321 Redistributing default routes into the OSPF routing table
To Use
Redistribute default routes into the default-information originate [ always ] [ metric
OSPF routing table metric-value ] [ type type-value ] [ route-map map-name ]
Cancel the redistributed default routes no default-information originate
By default, OSPF does not redistribute any default route.
23.2.21 Setting Route Preference
As multiple dynamic routing protocols may run on the router at the same time, the
problem of information sharing and selection between the routing protocols occurs. The
system sets a preference for every routing protocol. When several protocols find the
same route, the protocol with higher preference will prevail.
Table 2322 Setting routing preference
To Use
Configure OSPF protocol preference between routing protocols preference [ ase ] preference
Restore default preference of the protocol no preference [ ase ]
By default, OSPF preference is 10, and the preference of the redistributed external
routing protocol is 150.
23.2.22 Configuring OSPF Route Filtering
23-21
I. Configuring filtering of routes redistributed by OSPF
Table 2323 Configuring OSPF filtering the distributed route
To Use
Configure OSPF filtering of the redistributed distribute-list {access-list-number | prefix-list
route prefix-list-name [gateway prefix-list-name ] }in
Cancel OSPF filtering of the redistributed no distribute-list {access-list-number | prefix-list
route prefix-list-name [gateway prefix-list-name ] }in
II. Configuring the filtering of routes advertised by OSPF
Table 2324 Configuring OSPF filtering of the advertised route
To Use
Configure OSPF filtering of the advertised distribute-list {access-list-num| prefix
route prefix-list-name} out [ connected | rip | static]
Cancel OSPF filtering of the advertised no distribute-list {access-list-num| prefix
route prefix-list-name} out [ connected | rip | static]
By default, OSPF does not filter the redistributed or advertised routing information.
23.2.23 Configuring MTU Filling for an Interface Transmiting DD Packets
OSPF-enabled routers use the Database Description (DD) packets to describe their
own LSDBs when synchronizing the databases.
You can manually specify an interface to fill in the Maximum Transmission Unit (MTU)
field in a DD packet when it transmits the packet. The MTU should be set to the real
MTU on the interface.
Table 2325 Configuring whether the MTU field will be filled in for an interface transmiting DD packets
To Use
Enable an interface to fill in the MTU field when transmitting DD packets ip ospf mtu-enable
Disable the interface to fill MTU when transmitting DD packets no ip ospf mtu-enable
By default, the interface does not fill in the MTU field when transmitting DD packets.
That is, MTU in the DD packets is 0.
23-22
23.2.24 Configuring Sending of OSPF Packets on an Interface
To prevent OSPF routing information from being obtained by the routers on a certain
network, use the passive-interface command to disable the interface to transmit
OSPF packets.
Perform the following configurations in OSPF mode.
Table 2326 Configuring sending of OSPF packets on an interface
To Use
Disable the interface to send OSPF packets passive-interface interface-type interface-number
Enable the interface to send OSPF packets no passive-interface interface-type interface-number
By default, all the interfaces are allowed to transmit and receive OSPF packets.
After an OSPF-enabled interface is set to be in Silent status, the interface can still
advertise its direct route. However, the OSPF Hello packets of the interface will be
blocked, and ajacency cannot be set up on the interface.
This configuration is to enhance OSPFs adaptability to the network and reduce
consumption of system resources.
23.2.25 Querying OSPF Information
After the above configurations, you can use the show command to display the OSPF
configuration and verify the configuration. You can also use the debug command to
carry out OSPF debugging in privileged mode.
Table 2327 Querying OSPF information
To Use
Display general information of OSPF routing show ip ospf
Display OSPF statistics show ip ospf cumulative
show ip ospf database [ adv-router ip-address ]
[ asbr-summary | database-summary |external |
Display OSPF LSDB information
network | router | self-originate | summary ]
[ ip-address ][ adv-router ] [ self-originate ]
Display OSPF neighbor information show ip ospf neighbor
Display OSPF next hop information show ip ospf nexthop
Display OSPF routing table information show ip ospf routing
Display OSPF virtual link information show ip ospf virtual-links
Display OSPF request-lists show ip ospf request-list
Display OSPF retransmission-lists show ip ospf retrans-list
23-23
To Use
Display OSPF ABR and ASBR information show ip ospf border-routers
Display OSPF interface information show ip ospf interface
Display OSPF error information show ip ospf error
debug ip ospf packet [ ack | dd | hello | request I
Enable OSPF packet information debugging
update ]
Enable OSPF event information debugging debug ip ospf event
Enable OSPF LSA information debugging debug ip ospf lsa
Enable OSPF SPF information debugging debug ip ospf spf
23.3 OSPF Configuration Examples

23.3.1 Configuring DR Election by OSPF Preference
Four MA5300s (MA5300 A, MA5300 B, MA5300 C and MA5300 D), which can perform
the router functions and run OSPF, are located on the same segment, as shown in the
Figure 232.
It is required to enable MA5300 A and MA5300 C to be DR and BDR respectively.
Preference of MA5300 A is 100, the highest on the network, so MA5300 A is elected as
the DR. MA5300 C has the second highest preference, so it is elected as the BDR.
Preference of MA5300 B is 0, which means that it cannot be a DR. MA5300 D has no
preference, so its default preference is 1.
MA5300 A 1.1.1.1 MA5300 D 4.4.4.4
DR
192.1.1.1/24 192.1.1.4/24
192.1.1.2/24 192.1.1.3/24
BDR
MA5300 B 2.2.2.2 MA5300 C 3.3.3.3
Figure 232 Configure DR election by OSPF preference
23-24
! Configure MA5300 A.
MA5300 A(config)#interface vlan-interface 1
MA5300 A(config-Vlan-Interface1)#ip address 192.1.1.1 255.255.255.0
MA5300 A(config-Vlan-Interface1)#ip ospf priority 100
MA5300 A(config)#router id 1.1.1.1
MA5300 A(config)#router ospf
MA5300 A(config-router-ospf)#network 192.1.1.0 0.0.0.255 area 0
! Configure MA5300 B.
MA5300 B(config)#interface vlan-interface 1
MA5300 B(config-Vlan-Interface1)#ip address 192.1.1.2 255.255.255.0
MA5300 B(config-Vlan-Interface1)#ip ospf priority 0
MA5300 B(config)#router id 2.2.2.2
MA5300 B(config)#router ospf
MA5300 B(config-router-ospf)#network 192.1.1.0 0.0.0.255 area 0
! Configure MA5300 C.
MA5300 C(config)#interface vlan-interface 1
MA5300 C(config-Vlan-Interface1)#ip address 192.1.1.3 255.255.255.0
MA5300 C(config-Vlan-Interface1)#ip ospf priority 2
MA5300 C(config)#router id 3.3.3.3
MA5300 C(config)#router ospf
MA5300 C(config-router-ospf)#network 192.1.1.0 0.0.0.255 area 0
! Configure MA5300 D.
MA5300 D(config)#interface vlan-interface 1
MA5300 D(config-Vlan-Interface1)#ip address 192.1.1.4 255.255.255.0
MA5300 D(config)#router id 4.4.4.4
MA5300 D(config)#router ospf
MA5300 D(config-router-ospf)#network 192.1.1.0 0.0.0.255 area 0
Run show ip ospf neighbor on MA5300 A to show OSPF neighbor. Note that MA5300
A has three neighbors.
MA5300 A(config)#show ip ospf neighbor
Neighbor pri State Address Interface
4.4.4.4 1 full/DRother 192.1.1.4 Vlan-Interface1
3.3.3.3 2 full/BDR 192.1.1.3 Vlan-Interface1
The status of every neighbor is FULL, which means that MA5300 A has created
adjacency with all neighbors. Only DR and BDR have created adjacency with all
routers on the network. MA5300 A is DR and MA5300 C is BDR on the network. All
other neighbors are DOther, which means that they are neither DR nor BDR.
23-25
! Change the preference of MA5300 B to 200.

MA5300 B(config-Vlan-Interface2000)#ip ospf priority 200
Run show ip ospf neighbor on MA5300 A to show OSPF neighbors. Note that
preference of MA5300 B has been changed to 200, but it is not DR.
MA5300 A(config)#show ip ospf neighbor
Only when the existing DR does not exist on the network, will DR be changed. Shut
down MA5300 A and run show ip ospf neighbor on MA5300 D to show neighbors.
Note that MA5300 C, which used to be BDR, now becomes DR; and MA5300 B now
becomes BDR.
MA5300 D(config)#show ip ospf neighbor
3.3.3.3 2 full/DR 192.1.1.3 Vlan-Interface1
If all routers are moved from the network and then added into the network again,
MA5300 B will be chosen as DR (whose preference is 200) and MA5300 A will become
BDR (whose preference is 100). Shut down all MA5300s and reboot them. This
operation will bring about a new election of DR/BDR.
MA5300 D(config)#show ip ospf neighbor
Neighbor pri State Deadtime Address Interface
1.1.1.1 100 full/BDR 00:00:33 192.1.1.1 Vlan-Interface1
3.3.3.3 2 2way/DRother 00:00:33 192.1.1.3 Vlan-Interface1
2.2.2.2 200 full/DR 0:00:30 192.1.1.2 Vlan-Interface1
23.3.2 Configuring OSPF Virtual Links
Area 2 is not directly connected with area 0 in Figure 233. Area 1 serves as the Transit
Area to connect area 2 and area 0. A virtual link is configured between MA5300 B and
MA5300 C in Area 1.
23-26
MA5300 A
1.1.1.1
Area 0 192.1.1.1/24
192.1.1.2/24
MA5300 B
193.1.1.2/24
2.2.2.2
Virtual
Area 1 Link 193.1.1.1/24
152.1.1.1/24
MA5300 C Area 2
3.3.3.3
Figure 233 Configure OSPF virtual link
1) Configure MA5300 A.
MA5300 A(config)#interface vlan-interface 1
MA5300 A(config-Vlan-Interface1)#ip address 192.1.1.1 255.255.255.0
MA5300 A(config)#router id 1.1.1.1
MA5300 A(config)#router ospf
MA5300 A(config-router-ospf)#network 192.1.1.0 0.0.0.255 area 0
2) Configure MA5300 B.
MA5300 B(config)#routerid 2.2.2.2
MA5300 B(config)#router ospf
MA5300 B(config-router-ospf)#area 1 virtual-link 3.3.3.3
3) Configure MA5300 C.
MA5300 C(config)#router id 3.3.3.3
MA5300 C(config)#router ospf
MA5300 C(config-router-ospf)#network 193.1.1.0 0.0.0.255 area 1
MA5300 C (config-router-ospf)#network 152.1.1.0 0.0.0.255 area 2
MA5300 C(config-router-ospf)#area 1 virtual-link 2.2.2.2
23-27
23.4 OSPF Troubleshooting

Fault: The OSPF is configured according to the above procedures, but the router OSPF
cannot operate normally.
To remove the fault, make the following checkups.
I. Local fault removal
Firstly, check whether the protocol between two directly connected routers is in normal
operation. The normal sign is the neighbor status machine between the two routers IS
in FULL state. (Note that in the Broadcast and NBMA network, the neighbor status
machine between two DROther routers cannot achieve the FULL state. Rather, it is in 2
way state. But Full State is achieved between the DR, BDR and all the other routers).
Run the show ip ospf neighbor command to view the information about OSPF
neighbors.
MA5300#show ip ospf neighbor
Interface: 202.38.160.1 Area: 0.0.0.2
Neighbors:
RouterID: 2.2.2.2 Address: 202.38.160.2
State:FULL Mode: None Priority: 0
DR: 202.38.160.1 BDR: 202.38.160.1
Last Hello: 14:04 Last Exchange: 0
Run show ip ospf interface command to view the OSPF information in the interface.
Check whether the physical connections and the lower level protocols operate normally.
You can run ping command to test the network connectivity. If the local router cannot
reach the remote router, it indicates that the physical connection and the lower level
protocols cannot operate normally.
If the physical connection and the lower level protocols are normal, then check the
OSPF parameters configured on the interface. Ensure the consistency of parameters
(such as the hello interval, dead interval and authentication mode) on its adjacent router.
The area IDs should be the same, and the network segments and the masks should
also be consistent (but segments and masks of point-to-point network and virtual linked
network can be different).
z Make sure the value of the dead-interval in the same interface is at least four times
the value of the hello-interval.
z If the network type is NBMA, you must manually specify the neighbor.
z If the network type is Broadcast or NBMA, the priority of at least one interface
should be larger than 0.
z If an Area is set as the Stub area, then the area must be set as a Stub area in all
the routers connected to this area.
z The interface types of two adjacent routers should be consistent.
23-28
z If more than two areas are configured, then at least one area should be configured
as the backbone area. That is the area ID is 0.
z Ensure the backbone area is connected with all the other areas.
z The virtual links cannot pass through the Stub area.
II. Global fault removal
If the above procedures are correct, but the OSPF still cannot find the remote routes,
check the following configurations.
z If a router is configured with more than two areas, then at least one area should be
configured as the backbone area.
As is shown in the following figure, only an area is configured in RTA and RTD, but two
areas are configured in RTB (area0, area1) and RTC (area1, area2) respectively. In
which, RTB has an area with the ID of 0, so it meets the requirement. But the two areas
in RTC are not 0, so a virtual link should be set up between RTC and RTB so as to
guarantee the connection of area2 and area0 (the backbone area).
area0 area1 area2

RTA RTB RTC RTD
Figure 234 Schematic diagram of OSPF areas
z The virtual link cannot pass through the Stub area, and the backbone area (area 0)
cannot be configured as the Stub area, i.e. if a virtual link is set up between RTB
and RTC, then area 1 cannot be configured as the Stub area and area 0 cannot be
configured as the Stub area either. In the above figure, only area 2 can be
configured as the Stub area.
z The router in the Stub area cannot receive external routes.
z Make sure in the backbone area the connections between various nodes are
normal.
23-29
HUAWEI

system
Operation Manual
Operation Manual - Maintenance Operations
Table of Contents
Chapter 1 Loading and Backup ................................................................................................... 1-1

1.1 Loading .............................................................................................................................. 1-1
1.1.1 Loading Host Program Files.................................................................................... 1-1
1.1.2 Loading Multi-language Resource File ................................................................... 1-6
1.1.3 Loading the Program of Service Board................................................................... 1-7
1.2 Backup ............................................................................................................................... 1-8
1.2.1 Viewing and Saving System Configuration Files .................................................... 1-8
1.2.2 Backing Up the System Data Using TFTP............................................................ 1-11
1.2.3 Backing Up the System Data Using FTP .............................................................. 1-12
Chapter 2 Patch Management ...................................................................................................... 2-1

2.1 Overview ............................................................................................................................ 2-1
2.2 Procedure for Patch Operations ........................................................................................ 2-2
2.3 Patch Loading Examples ................................................................................................... 2-2
Chapter 3 Logs and Alarms.......................................................................................................... 3-1

3.1 Log Management ............................................................................................................... 3-1
3.1.1 Querying Logs ......................................................................................................... 3-1
3.1.2 Configuring Log Host .............................................................................................. 3-2
3.2 Configuring Alarms ............................................................................................................ 3-2
3.2.1 Querying Alarm Records......................................................................................... 3-4
3.2.2 Querying Alarm Configurations ............................................................................... 3-5
3.2.3 Setting Alarm Levels ............................................................................................... 3-5
3.2.4 Setting Alarm Output on a CLI Terminal ................................................................. 3-6
3.2.5 Setting Alarm Statistics ........................................................................................... 3-7
3.2.6 Setting Alarm Threshold.......................................................................................... 3-9
3.2.7 Querying Alarm Statistics...................................................................................... 3-10
3.2.8 Clearing Alarm Statistics ....................................................................................... 3-10
3.2.9 Querying Basic Alarm Information ........................................................................ 3-10
Chapter 4 File Management.......................................................................................................... 4-1

4.1 Configuring File System..................................................................................................... 4-1
4.1.1 Directory-Related Operations.................................................................................. 4-1
4.1.2 File-Related Operations .......................................................................................... 4-1
4.1.3 Memory Device Related Operations ....................................................................... 4-2
4.2 Configuring FTP................................................................................................................. 4-3
4.2.1 Overview ................................................................................................................. 4-3
4.2.2 Enabling/Disabling FTP Server ............................................................................... 4-3
4.2.3 Configuring Authentication and Authorization of FTP Server ................................. 4-4
i
4.2.4 Setting FTP Timeout ............................................................................................... 4-4

4.2.5 Querying FTP Server Information ........................................................................... 4-4
4.2.6 FTP Client ............................................................................................................... 4-5
4.3 Configuring TFTP............................................................................................................... 4-5
4.3.1 Overview ................................................................................................................. 4-5
4.3.2 Setting Transfer Mode............................................................................................. 4-5
4.3.3 Configuring File Downloading ................................................................................. 4-6
4.3.4 Configuring File Uploading...................................................................................... 4-6
Chapter 5 Environment Monitoring Management ...................................................................... 5-1

5.1 Overview ............................................................................................................................ 5-1
5.2 Configuration Procedures .................................................................................................. 5-2
5.3 Configuring EMU................................................................................................................ 5-2
5.3.1 Adding/Deleting/Querying an EMU ......................................................................... 5-3
5.4 Configuring EMU H303ESC ........................................................................................... 5-5
5.4.1 Configuring H303ESC Environment Monitor Parameter......................................... 5-5
5.4.2 Displaying H303ESC Environment Information ...................................................... 5-6
5.5 Configuring EMU Power 4875/4845 ............................................................................... 5-7
5.5.1 Configuring 4875/4845 Power Module.................................................................... 5-7
5.5.2 Querying Information on POWER4875/4845.......................................................... 5-8
5.6 Configuring EMU DIS ..................................................................................................... 5-9
5.6.1 Configuring DIS Parameters ................................................................................... 5-9
5.6.2 Displaying DIS Information.................................................................................... 5-10
5.7 Configuration Examples................................................................................................... 5-10
5.7.1 Configuring H303ESC........................................................................................... 5-10
5.7.2 Configuring a DIS .................................................................................................. 5-13
Chapter 6 Active/Standby Switchover......................................................................................... 6-1

6.1 Overview ............................................................................................................................ 6-1
6.1.1 Basic Principles ....................................................................................................... 6-1
6.1.2 Active/Standby Switchover Modes.......................................................................... 6-2
6.2 Preconditions for Active/Standby Switchover .................................................................... 6-3
6.3 MA5300+Double ISUs Active/Standby Switchover ........................................................... 6-3
6.4 ESM+EIU Active/Standby Switchover ............................................................................... 6-8
6.4.1 Establishing Switch-over Environment.................................................................... 6-8
6.4.2 Active/Standby Switchover Configuration Commands............................................ 6-8
6.4.3 Configuring Automatic Switchover .......................................................................... 6-9
6.4.4 Configuring Manual Switchover ............................................................................ 6-10
ii
SmartAX MA5300/5303 Broadband Access System Chapter 1 Loading and Backup
Chapter 1 Loading and Backup
1.1 Loading
The MA5300 manages the following program files: host software program files,
multi-language resource file and service board program files.
The storage media used in the MA5300 includes BootRom, SDRAM, SRAM and Flash
memory.
z BootRom stores the BIOS program files which are used to initialize the system.
z SDRAM stores the host software programs.
z SRAM stores the operation logs and alarm information.
z Flash memory stores the host software programs, configuration files and
multi-language resource files.
Note that the BIOS includes the basic BIOS and the extended BIOS. The basic BIOS is
the system boot program, while the extended BIOS is the board initialization program
allowing on-line upgrade.
The following are the system loading procedures.

1) Run the command write to save the configuration data.
2) Use the Trivial File Transfer Protocol (TFTP) application or File Transfer Protocol
(FTP) application to back up the configuration file.
3) Run the command load program to upgrade the programs of service board.
4) Run the command load program to upgrade the programs of the ESM board.
5) Run the command reboot to reboot the system.
6) Run the command load language to load the local language.
7) Run the commands show version and show board to confirm the success of
upgrade.
8) Run the command save to save the configuration data.
During the loading, you can use the command show progress load to view the
progress of the loading. If the system makes no response for a long time, you can use
the command load cancel to exit the ongoing program loading process.
1.1.1 Loading Host Program Files
Upgrade system software refers to loading new program files. You can use the
command load program to load programs for the ESM board and service boards.
1-1
Note:
z To load the ESM programs and configuration files, make selections in the [Boot] menu. When
rebooting the system, press <Ctrl+B> according to the prompt on the serial port maintenance terminal,
and then follow the prompt on the screen to load the programs.
z It is prohibited to load programs and configuration files through the network port of the standby board.
When you are executing the program loading command, the system will prompt you to
enter the following information.
z Specify the protocol used in program loading. The loading can be performed either
through the serial port or the maintenance network port. In loading through the
serial port, Xmodem is used. In loading through network port, TFTP is used.
z In loading through the network port, you need to specify the name of the file to be
loaded and the IP address of the PC where the file is saved, and activate the TFTP
server in the PC.
z In loading through the serial port, you should use the file sending function of
HyperTerminal to send program files. Select Xmodem as the protocol used to
send files.
z Specify the slot number for the board to be loaded. For service boards, you can
enter the keyword all to load all boards of the same type. For the ESM board, you
cannot load the active ESM and standby ESM at the same time.
z Specify the board to be loaded.
Note:
z All service boards of the same type can be loaded simultaneously, except the active/standby ESM
boards.
z The TFTP server and the MA5300 should be set to share the same network segment. Otherwise,
additional setting of gateway is required.
I. Loading files using Xmodem
1) Start HyperTerminal.
Connect the serial port of the host with the configuration serial port of the ESM using
serial port cable, and start HyperTerminal. Telnet users are prohibited to load files using
Xmodem protocol.
2) Run the command load program.
Run the global command load program, and select Xmodem as the desired protocol.
1-2
MA5300#load program xmodem 0/7

Current baud rate is 9600bps, and it can be modified via 'baudrate' command.
Are you sure to use this baud rate? (y/n)[n]:y
Whether to load other boards of same type ? (y/n):[n]n
Board name[ESMA]:ESMA
Whether to start loading? (y/n)[n]:y
Load (backup, duplicate,...) begins, please wait and notice the rate of
progress.
Any operation such as reboot or switchover will cause failure
and unpredictable result.
Please select the menu [Transmit\Send File] to begin sending file...
3) Send files.
In HyperTerminal, select [Send/Send Files], select Xmodem as the desired protocol
and select the name of the file to be sent, and then click <Send>.
See Figure 11.
Figure 11 Send files using the Xmodem protocol
File downloaded to ESMA successfully, please wait...

Begin to send data... (Frame:0 Slot:7)
Data sent to slave board successfully, please wait... (Frame:0 Slot:7)
writing FLASH... (Frame:0 Slot:7)
Write FLASH successfully, resetting board... (Frame:0 Slot:7)
II. Loading files using TFTP
1) Configure the IP address of PCs network port.

Connect the serial port of a PC with the configuration serial port of the ESM board, and
then log in to the ESM board through the PC. Set the IP address of the network port of
the PC so that the PC network port and the ESMs Ethernet port share the same
network segment.
1-3
Given that the address of the ESM maintenance network port is 10.11.104.142, and the
subnet mask is 255.255.252.0. Therefore, the address of the PC network port can be
set to 10.11.104.141, and the subnet mask to 255.255.252.0. Make sure that the host is
able to ping the IP address of the ESMs network maintenance port.
2) Run TFTP application.
Run the TFTP program in the PC, and click <Settings>. In the pop-up dialog box, enter
the directory in the Base Directory text box for the program file to be loaded.
See Figure 12 and Figure 13.
Figure 12 TFTP application
Figure 13 Setting TFTP
3) Load programs.
Run the global command load program to load the host program and select TFTP as
the desired protocol.
MA5300#load program tftp 10.11.104.141 0/7
Whether to load other boards of same type ? (y/n):[n]n
1-4
Board name[ESMA]:ESMA
File name [ESMA.bin]: 5300.esm
Whether to start loading? (y/n)[n]:Y
Load (backup, duplicate) begins, please wait and notice the rate of progress.
Any operation such as reboot or switchover will cause failure
and unpredictable result.
MA5300(config)#
! 1[2003-01-06 04:16:39]:ALM-3-AlarmInfo:
ALARM 5334 INFO MAJOR 0x0b200001 ----- 2003-01-06 04:16:39

ALARM NAME : Load start
PARAS INFO : FrameID: 0, SlotID: 7, Load type: Host program
DESCRIPTION : Load start
REASON : Load start
ADVICE : Not need to process
--- END
4) View the progress of loading.

You can use the command show progress load to view the loading progress.
MA5300(config)#show progress load
FrameID/SlotID: 0/7
Board name: ESMA
Operation type: Load
File type: Host program
Operation phase: Transfer file from outside to inside.
Rate of process: 7%
By now, the loading complets. If everything goes normal, when the loading completes,
the system will prompt you with the following:
MA5300#
Note: the new database or program will take effect after system is restarted
! 1[2003-01-06 04:19:25]:ALM-3-AlarmInfo:
ALARM 5335 INFO MAJOR 0x0b200002 ----- 2003-01-06 04:19:25
ALARM NAME : Load complete
PARAS INFO : FrameID: 0, SlotID: 7, Load type: Host program
DESCRIPTION : Load complete
REASON : Load complete
ADVICE : Not need to process
--- END
1-5
The above display shows that the program has been successfully loaded and saved in
the Flash memory of the ESM board.
Note:
If the loading fails, you should check these items:
z Whether the address of the TFTP server is correctly entered.
z Whether the TFTP server can ping the address of the ESM Ethernet port.
z Whether the TFTP program in the TFTP server is activated.
z Whether the directory for the TFTP program is correctly set.
z Whether the name of the file to be loaded is correctly entered.
After the loading completes, run the command reboot to reset the system, and then run
the newly loaded program if necessary. If the loaded program is new, you should aslo
load the associated multi-language resource file after it restarts.
Next, use the command show version to query the version of the system and verify
whether the version of the loaded program is correct.
1.1.2 Loading Multi-language Resource File
The multi-language resource file is used to output the system information in multiple
languages. Loading multi-language resource file will allow you to update the language
of the system information output.
Note:
z The multi-language resource file to be loaded should match the version of the in-service system.
Otherwise, the loading will fail. If the newly loaded program and configuration file are of a new version,
you should restart them before loading the new multi-language resource file.
z The common language resource file is loaded together with the host programs. So upon completion of
loading the host program, you need only to load the local language resource file.
The multi-language resource file can be loaded either through the serial port or the
network port. The information to be entered in the loading process is similar to that for
loading program file.
1-6
This example shows how to load the multi-language resource file info_loc.res to the
active ESM board through the network port. Assume the IP address of the TFTP server
is 10.105.33.44.
MA5300#load language local tftp 10.105.33.44 info_loc.res active
The procedures involved are similar to that for loading the program of the ESM board
using the network port.
This example shows how to load the multi-language resource file info_loc.res to the
active ESM board through a serial port.
MA5300#load language local xmodem active
The procedures involved are similar to that for loading the program of the ESM board
using the serial port.
1.1.3 Loading the Program of Service Board
You can use the command load program to load program for both the service board
and the ESM board. The information to be entered in the loading process is similar to
that for loading the host program file.
In terms of the internal processing procedure of the host, the loading of the service
board is different from that of the ESM board. The difference is shown as follows.
z The loading process of the ESM board:
1) The file is first loaded from an external PC to the memory of the ESM board
through a serial port or a network port.
2) Then it is saved in Flash memory.
z The loading process of the service board:
3) The file is first loaded from the server to the memory of the ESM board through a
serial port or a network port.
4) It is then sent from the ESM board to the service board.
5) After the program is loaded to the service boards memory, it will be saved in Flash
memory.
6) Finally, resets the service board to validate the new program. This comples the
service board loading.
1-7
Note:
z When loading service boards, you can enter the keyword all to replace f/s. This command enables
you to load all boards of the same type in the system.
z If the service board has a maintenance serial port or network port, you can use either of them (usually
embedded in the board) to load the software of the board. The process involved is similar to that of
loading the host software.
z When the board loading completes, the system will automatically reset to run the new board programs.
This is different from loading the ESM board.
1.2 Backup
To ensure the usability of the system and the security of configuration files, you can to
save and backup the configuration files.
Table 1-1 lists the differences in file saving and file backup.
Table 1-1 The comparison between file saving and file backup.
To Save Backup
Source of the configuration file SDRAM (active/standby board) MA5300 Flash (active board)
Destination Flash (active/standby board) PC or network terminal
Program
Object of management Data Data
Language
In addition, the MA5300 also allows you to erase the configuration file as desired during
the service configuration.
1.2.1 Viewing and Saving System Configuration Files
The MA5300 configuration files are saved in Flash memory in the form of text file.
Make sure these requirements for the format of configuration file are met:
z The configuration file is saved in the command format.
z To save space, only the non-default parameters are save. For the default value of
every configuration parameter, refer to the following chapters.
z Commands are organized based on command modes. Commands in the same
mode are organized together, forming a segment. Two segments are usually
separated with a blank line or comment line (beginning with !).
1-8
z The segment is usually arranged in the order of global configuration, physical port
configuration and logical port configuration.
z The configuration file is ended with end.
I. Viewing the current configuration files and initializing configuraiton files
When powered up, the MA5300 reads the configuration files in Flash Memory for
initialization. These configuration files in Flash Memory are referred to as initializing
configurations. If no configuration file is available in Flash memory, the equipment will
use the default parameters for initializing.
In contrast with the initializing configurations, the configuration files that are serving the
MA5300 operation are referred to as the current configurations.
To view the initializing configurations, use the command show startup-config.
To view the current configurations, use the show running-config command.

MA5300#show startup-config
!
no user name all
user name hwmusa &\U+'0"92QW^"/4=&Ê1DQ!! 17 1 none none 0
user name root G3FD;(D+S;W^"/4=&Ê1DQ!! 15 1 none none 0
user name nihao ;6FCJVÙ@Q;^"/4=&Ê1DQ!! 10 2 123 15 1
user name 123 KPU#!7M,6\G^"/4=&Ê1DQ!! 10 1 000 none 1
user name huawei Z,QE`W<A=WG^"/4=&Ê1DQ!! 1 3 support@huawei.com 26530880 1
user name mch >.SDJ+a9DDG^"/4=&Ê1DQ!! 10 2 none none 1
user name 5300 #I+4(K7&PaS^"/4=&Ê1DQ!! 10 2 none none 1
!
radius-server host default
!
aaa authentication Default radius next local
aaa accounting Default enable offline
user 111 password 0 111 state active service-type exec privilege 1

user 53 password 7 P'Z18=G_3:M")THNAI[aJQ!! state active service-type 8021x
a
ccess-limit disable idle-cut disable
user 5300 password 0 5300 state active service-type 8021x access-limit disabl
e idle-cut disable
!
MA5300#show running-config
!
1-9
no user name all

user name hwmusa &\U+'0"92QW^"/4=&Ê1DQ!! 17 1 none none 0
user name root G3FD;(D+S;W^"/4=&Ê1DQ!! 15 1 none none 0
user name nihao ;6FCJVÙ@Q;^"/4=&Ê1DQ!! 10 2 123 15 1
user name 123 KPU#!7M,6\G^"/4=&Ê1DQ!! 10 1 000 none 1
user name huawei Z,QE`W<A=WG^"/4=&Ê1DQ!! 1 3 support@huawei.com 26530880 1
user name mch >.SDJ+a9DDG^"/4=&Ê1DQ!! 10 2 none none 1
user name 5300 #I+4(K7&PaS^"/4=&Ê1DQ!! 10 2 none none 1
!
radius-server host default
!
aaa authentication Default radius next local
aaa accounting Default enable offline
user 111 password 0 111 state active service-type exec privilege 1

user 53 password 7 P'Z18=G_3:M")THNAI[aJQ!! state active service-type 8021x
a
ccess-limit disable idle-cut disable
user 5300 password 0 5300 state active service-type 8021x access-limit disabl
e idle-cut disable
!
II. Saving configuration files
The system data are saved in the memory after they have been configured. The system
should save the configuration data in Flash memory to avoid loss of configuration files
due to accidental restarting.
If the system fails to do so, you can use the command write to save the configuration
data.
MA5300#write
The switch configuration will be written to flash.
Are you sure?[Y/N]y
Now writing running configuration to flash memory.
Please wait for a while...
Write running configuration to flash memory successfully.
III. Erasing configuation file
To erase the configuration files in the MA5300s Flash Memory, use the command
erase.
1-10
After a configuration file is erased, the equipment will use the default configuration
parameters for initialization at the next startup.
In either of the following conditions, you can consider to erase the configuration files in
Flash memory:
z Mismatch between the equipment software and the configuration file resulting
probably from the MA5300 software upgrade.
z Damage to the configuration file in Flash memory resulting probably from loading
of a wrong configuration file.
MA5300#erase
Note:
z Run the command erase with caution and under the technicians instructions.
z Before erasing a configuration file, you should back up the system configuration files to avoid loss of
important configuration files.
1.2.2 Backing Up the System Data Using TFTP
This example shows how to back up the configuration files using TFTP. The procedures
for backing up program files are the same.
1) Configure IP address of the network port.
Connect the serial port of PC with the configuration serial port of the ESM board, and
then log on to the ESM board through the PC. Next, set the IP address of the PC
network port to enable it to share the same network segment with the maintenance
network port or Ethernet network port of the ESM board.
2) Run TFTP application.
Start the TFTP application, and then click <Settings> to enter the window shown in
Figure 14, where you can set the basic attributes of TFTP. For example, you can enter
the directory where the backup configuration file is to be placed in the Base Directory
text box.
1-11
Figure 14 Selecting the directory for the configuration file using TFTP
3) Run the command tftp.

Run the command tftp in privileged mode, and select TFTP as the desired protocol.
MA5300(config)#tftp put vrpcfg.txt //10.71.53.108/vrpcfg.txt
.
Uploading succeeds!
The progress of backup will be shown, as illustrated in Figure 15.
Figure 15 Backing up the configuration file using TFTP
By now, you can find the backup file of vrpcfg.txt in D:\WINDOWS\Desktop\load.
1.2.3 Backing Up the System Data Using FTP
This example shows how to back up the configuration files using FTP. The procedures
for backing up program files are the same.
1) Configure IP address of the network port.
1-12
Connect the serial port of the PC with the configuration serial port of the ESM board,
and then log on to the ESM board through the PC. Next, set the IP address of the PC
network port to enable it to share the same network segment with the maintenance
network port or Ethernet network port of the ESM board.
2) Run FTP application.
Start the FTP application, and select [Security/Users/rights] to enter the window
shown in Figure 16. In the pop-up window, you can set the basic attributes of the FTP.
For example, in the Home Directory text box, you can enter the directory for the
backup configuration file to be placed, or select New User] to add an FTP user.
Figure 16 Setting the configuration file directory and user name using FTP
3) Run the command ftp.

Run the command ftp on the MA5300:
MA5300(config)#ftp 10.71.53.108
Trying ...
Connected.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):5300
331 Give me your password, please
Password:
230 Logged in successfully
ftp>put vrpcfg.txt
200 PORT command okay
150 "D:\WINDOWS\DESKTOP\LOAD\vrpcfg.txt" file ready to receive in ASCII mode
226 Transfer finished successfully.
FTP: 1956 byte(s) sent in 0.440 second(s) 4.44Kbyte(s)/sec.
At this moment, the FTP application will display the progress of the backup process.
See Figure 17.
1-13
Figure 17 Backing up configuration files using FTP
By now, you can find the backup file of vrpcfg.txt in D:\WINDOWS\Desktop\load.
1-14
SmartAX MA5300/5303 Broadband Access System Chapter 2 Patch Management
Chapter 2 Patch Management
2.1 Overview
The MA5300 needs to work for a long time without interruption. When performing
troubleshooting for or adding new functions to the host software, you are required to
load patches to the host software so as to modify the host software without suspending
the services.
For the MA5300, patch files may be in three statuses.

z Idle: the initial status. It indicates that there is no patch.
z Deactive: it means the patch files have been loaded to the host, but not activated
yet. That is, the patch code has not been validated.
z Active: the patch code has been validated. You can modify the status of the patch
files using the command run or deactivate.
z Running: the patch files are running. You cannot deactivate but delete the patch
files in this status.
Note:
z The running status differs from the Active status only in that patch files in the Running status can be
restored to the Running status after system rebooting, while patch files in the Active status can be
restored to the Deactive status.
z The Active status can be comprehended as running the patch on trial basis. Through the trial running,
you can confirm whether the patch file is up to the expectation in functionality. The patches passing the
trial running can then be put into normal operation.
In the MA5300, the patch files in the active ESM and those in the standby ESM are
managed separately. You can distinguish them with the commands active and
standby. By far, the MA5300 does not support standby ESM patch files.
The system provides the following patch-related commands:

z Loading patch files: load patch
z Activating patch files: patch activate
z Deactivating patch files: patch deactivate
z Running patch files formally: patch run
z Deleting patch files: patch delete
2-1
z Querying patch files: show patch
2.2 Procedure for Patch Operations
Run patch files in the following sequence:
Use the command load patch to load the patch file to the target ESM board. After the
loading succeeds, use the command show patch to view the patch-related
information.
After verifying that the patch is correct, run the activate command to activate it, and
then carry out the patch function test.
When the function test completes, you can use the command patch run to run the
patch. This will enable the patch to restore to the running status automatically after the
system reboots.
2.3 Patch Loading Examples
The patch source file can be loaded through a serial port or a network interface. The
information to be entered during loading is similar to that for loading program files.
The following describes the patch file loading procedures:

z Querying patch files
z Loading patch files
z Activating patch files
z Running patch files
z Querying the status of patch files (in running status) for confirmation
I. Querying patch files in the system
This example shows how to query patch files in the system.

MA5300(config)#show patch all active
Host version: MA5300V100R002
Patch version:
Patch number: 0
Number of formal patch: 0
Number of temporary patch: 0
Number of run patch: 0
Number of active patch: 0
Number of deactive patch: 0
II. Loading patch files
This example shows how to load patch files of MA5300V100R002SP01.
2-2
MA5300(config)#load patch tftp 10.11.136.183 MA5300V100R002SP01

load(backup,clone) begin, the course may take several minutes and

Patch version: MA5300V100R002SP01
Patch number: 1
III. Aactivating patch files
This example shows how to activate patch files of MA5300V100R002SP01.

MA5300(config)#patch activate all
patch operation success
Patch number: 1
IV. Running patch files
This example shows how to run patch files.

MA5300(config)#patch run all
patch operation success
This example shows how to query the status of patch files (in running status) for
confirmation.
Patch number: 1
2-3
By far, the patch files of SP01 have been loaded successfully. They are in the running
status.
2-4
SmartAX MA5300/5303 Broadband Access System Chapter 3 Logs and Alarms
Chapter 3 Logs and Alarms
3.1 Log Management
Logs can serve as major references in system maintenance and fault locating. In the
MA5300 you can query the executed commands recorded in logs or record important
information using the log host.
3.1.1 Querying Logs
The MA5300 host can automatically keep logs of the latest 512 operations. A system
administrator can query the latest operation commands using the command show log.
You can obtain the information on operations performed by different users or performed
within different periods of time, by setting the command parameters accordingly. The
operation log information includes user name, commands executed, operation time,
login mode, and the IP address of the login user.
Up to of 512 logs can be stored in the system. When there are more than 512 records,
the old records will be overwritten automatically. Therefore, you should immediately
query the system logs and make records in the case of system failure, for fear that the
logs that may be helpful for fault locating are overwritten. Meanwhile, to correctly record
the operation information, you should make sure that the system time is correct before
performing service configuration.
This example shows how to view operation logs of the user root (indexes 3 5).
MA5300(config)#show log root index 3 to 5
--------------------------------------------------------------------
No. UserName Date&Time LogMode IP-Address
5 root 2003-06-18 08:21:48 AUX --
Cmd: line 1
--------------------------------------------------------------------
4 root 2003-06-18 08:21:43 AUX --
Cmd: exit
--------------------------------------------------------------------
3 root 2003-06-18 08:03:53 AUX --
Cmd: parity none
--------------------------------------------------------------------
3-1
3.1.2 Configuring Log Host
The MA5300 can record important operation logs in the UNIX host (also referred to as
log server) of internal network through the syslog mechanism.
Tasks for setting log host are:

z Adding a log host: loghost add
z Activating a log host: loghost active
z Viewing information about log hosts: show loghost list
3.2 Configuring Alarms
The MA5300 features superor alarm function, enabling you to get informed whenever
any abnormal event occurs to the system host or the services.
Alarms may come from various modules in the host, or various service boards.
z By class, alarms can be divided into running alarms, fault alarms and recovery
alarms. Each fault alarm corresponds to a recovery alarm.
z By severity, alarms can be divided into critical alarms, major alarms, minor alarms
and warning alarms (in descending order).
Upon the occurrence of alarms, the system will, based on the configuration of each
terminal, broadcast the information to all terminals (including Network Management
System (NMS) workstation users and Command Line Interface (CLI) users). Whether
an alarm should be reported to a terminal depends on the associated definition for such
an alarm by the alarm control function.
I. Alarm public property description
1) Alarm ID.
An alarm ID consists of 4 bytes, and corresponds to only one alarm. It can be queried
using the command show alarm list.
2) Alarm serial number.
It is an integer. Every alarm is assigned with a different serial number. Generally
speaking, the serial number is associated with the sequence of alarm occurrence.
Therefore, it corresponds to one (and only one) alarm specifically.
3) Alarm levels.
The alarm level is used to indicate the severity level of an alarm. Available alarm levels
are: critical, major, minor and warning (in descending order).
z The critical alarm, such as power circuit fault or output clock fault, refers to the
global alarm that affects the normal equipment operation and should be eliminated
immediately.
3-2
z The major alarm, such as broken fiber or physical line fault, refers to the local
board or line alarm that may lead to abnormality in services if not handled in time.
z The minor alarm refers to the general fault alarm or event alarm which describes
whether every board or line is normal. For example, such alarms may indicate the
occurrence of bit errors in a specific physical line.
z The warning alarm refers to the change of status or occurrence of events that do
not affect the system performance and service running, but may interest the
operators. Some of them are the prompt information concerning the recovery of
the system to normality.
4) Alarm classes.
Alarms can be divided into 3 classes, namely running alarms (event), fault alarms (fault)
and recovery alarms (restore).
5) Alarm types.
Alarms can be divided into 5 types, namely communication alarms, service-quality
alarms, process-error alarms, equipment alarms and environmental alarms.
6) Alarm parameters.
They are included in a reported alarm to describe the location of the alarm. For
example, in the case of board alarm, the parameters mainly include the frame number,
slot number and port number.
7) Reporting alarms to NMS workstations.
The system can support a maximum of 32 NMS workstations. Whether an alarm should
be sent to NMS workstations or not is decided by the associated switch.
8) Reporting alarms to CLI terminals.
You can use relevant commands to set whether some alarms should be sent to the CLI
terminals.
9) Alarm management.
The alarm management function is used to record alarms, set alarms and count alarms.
It helps to maintain the MA5300, making the equipment running efficiently.
Alarm management involves:

z Querying alarm records
z Querying alarm configurations
z Setting alarm levels
z Setting the alarm output of CLI terminals.
z Enabling/Disabling alarm statistics collection function
z Setting alarm threshold
z Querying alarm statistics
z Clearing alarm statistics
z Querying basic alarm statistics
3-3
3.2.1 Querying Alarm Records
Alarms are saved in the host and can be queried at any time.
The information in an alarm record includes: time of occurrence, serial number, alarm
level, alarm class, alarm type and alarm parameters.
Up to 1,000 alarms can be saved in the system. If more than that number of alarms
occur, the latest alarm records will overwrite the old ones. Therefore, once a system
fault occurs, you should immediately query the alarm information and make records, for
fear that the alarm that may be helpful for fault locating is overwritten.
The following introduces how to query the latest alarm records.

1) Querying by alarm serial number.
show alarm history alarmsn sn
It is the most direct method to query alarm records based on the serial number. Each
alarm has a unique serial number based on the sequence of its occurrence.
2) Querying by alarm ID.
show alarm history alarmid id [startnum number]
Use this command if you want to know whether an alarm has occurred.
You can use the command show alarm list to view the names of alarms corresponding
to an alarm ID.
3) Querying by alarm level.
show alarm history alarmlevel level [startnum number]
Use this command if you are only concerned about alarms of a certain level.
4) Querying by alarm type.
show alarm history alarmtype type_value [startnum number]
Use this command to query the alarms based on alarm type.
type_value: It refers to the alarm type. The available values are: communication,
service_quality, process_error, equipment and environmental.
5) Querying by alarm class.
show alarm history alarmclass class [startnum number]
Use this command to query alarms based on alarm class.

6) Querying by time.
show alarm history alarmtime datebegin timebegin dateend timeend [startnum
number]
Use this command to query alarms generated during a certain period of time.
3-4
7) Querying alarms generated recently.

show alarm history all [startnum number]
Use this command to query alarms generated recently.
Note:
The system has saved 1000 history alarms in the host. To view even earlier history alarms, you can resort
to the databases in the NMS.
3.2.2 Querying Alarm Configurations
For the MA5300, the properties of an alarm include: alarm ID, alarm name, alarm level,
default alarm level, alarm class, alarm type, command line output flag, statistics flag,
number of parameters, 15-minute threshold, 24-hour threshold, detailed alarm
description and so on.
To view the settings of an alarm, you can use the command show alarm configuration
alarmid.
3.2.3 Setting Alarm Levels
Every alarm has its own default alarm level and current alarm level. You can use the
command alarm level alarmid alarmlevel to set a new alarm level or restore it to the
default one.
You can set the alarm level as any of the four levels. In general, the default alarm level
is a reasonable choice. Therefore, you can set the alarm level either by selecting any of
the available levels or by restoring it to the default value.
1) Setting alarm level.
You can use the command alarm level alarmid alarmlevel to set the alarm level.
You can use the command alarm level alarmid default to restore the alarm level to its
default value.
2) Querying command execution result.
To view the alarm level and verify the execution of a command, use the command
show alarm configuration alarmid.
3-5
Note:
z Care should be taken whenever you set the alarm level. In usual conditions, the default alarm level is a
reasonable one. You can restore the default alarm level if the change in the alarm level proves not
desirable.
z The system can automatically keep a recovery alarm and the corresponding fault alarm at the same
level. That is, when you set the alarm level of a fault alarm, the system will set the alarm level of its
corresponding recovery alarm to the same level. Similarly, when you set the alarm level of a recovery
alarm, the alarm level of the corresponding fault alarm will be the same.
3.2.4 Setting Alarm Output on a CLI Terminal
By default, any alarm generated in the system will be reported to the CLI terminal. As
different users have different concerns, the MA5300 provides the alarm output
screening function.
Each type of alarms has an output flag, which not only determines whether to output
the alarms to the CLI, but also decides setting of alarm output.
The system offers four modes for you to set the output of alarms to the CLI, namely
setting by alarm ID, setting by alarm level, setting by alarm type and setting all.
The output flag of recovery alarm is the same as that of fault alarm.
To set whether alarms should be output to CLI, use the (no) alarm output command.
no is optional. You can use no alarm output to disable the output of alarms of specific
category to the CLI, or alarm output to enable the output of alarms of specific category
to the CLI.

1) Setting by alarm ID.
(no) alarm output alarmid id
As alarm ID is unique, this command can be used to enable/disable the output of a

specific alarm to the CLI.
2) Setting by alarm level.
no alarm output alarmlevel level
If you are not concerned about alarms of a low level, use this command to disable the
output of alarms of a specific level.
3) Setting by alarm type.
(no) alarm output alarmtype type_value
3-6
Use this command to set the output of alarms based on alarm type.
4) Setting once for all.
(no) alarm output all
After the completion of above settings, you may find it hard to remember all of the alarm
output statuses in the system, and it is also troublesome to query them one by one. The
system provides the (no) alarm output all command allowing you to set the output
flags for all alarms.
5) Viewing the result of the command running.
Using the command show alarm configuration alarmid, you can query whether an
alarm has been output to the CLI and verify the execution of a command.
Note:
z When the output of a specific alarm to the CLI is enabled or disabled, it applies to all of the CLI
terminals.
z The alarm screening function mentioned above is inapplicable for the NM terminal, as the NM terminal
will offer more powerful alarm screening function.
z The alarm output settings have no impact on alarm generation. Alarms generated in the system will
still be recorded and can be traced.
z The modes offered for alarm output setting may affect each other. Whether or not to output an alarm is
determined by the latest setting. Suppose an alarm is both a major alarm and a communication alarm.
If the output for the alarm as major alarms is disabled, but enabled as communication alarms, this
alarm in question will be output as the latter setting is more decisive.
z The system can automatically keep a recovery alarm and the corresponding fault alarm to be of the
same output tag. That is, when you set the output tag of a fault alarm, the system will set the output tag
of its corresponding recovery alarm to the same. Similarly, when you set the output tag of a recovery
alarm, the output tag of the corresponding fault alarm will be the same.
3.2.5 Setting Alarm Statistics
Alarm statistics refer to totalizing and counting the alarms of a specific type generated
within a certain period of time. It can inform you the frequency of alarm occurrence, and
send you the threshold-crossing alarm based on the alarm threshold.
The MA5300 collects alarm statistics every 15 minutes and 24 hours.
Alarms of a specific class refer to alarms with the same ID.
3-7
Each alarm has a statistics flag indicating whether statistics collection for such an alarm
is required. By default, no alarm is required to be counted. You can enable the statistics
flag for alarms you are concerned about.
Similar to setting alarm output, you can set alarm statistics flag by alarm ID, by alarm
level, by alarm type or once for all.
To set the alarm statistics, use the (no) alarm statistics command.
no is optional. You can use the alarm statistics command to enable statistics
collection for a certain type of alarms, or the no alarm statistics command to disable
the statistics collection for a certain type of alarms.

1) Setting alarm statistics by alarm ID.
(no) alarm statistics alarmid id
As alarm ID is unique, this command can be used to set the alarm statistics function for
alarms of a specific class.
2) Setting alarm statistics by alarm level.
(no) alarm statistics alarmlevel level
If you are not concerned about low-level alarms, but interested in high-level alarms, use
this command to enable statistics collection for alarms of a specific level.
3) Setting alarm statistics by alarm type.
(no) alarm statistics alarmtype type_value
Use this command to set the alarm statistics flag based on alarm type
4) Enabling CLI output by all.
(no) alarm statistics all
Similar to setting alarm output, after the above settings complete, you may find it is hard
to remember all of the alarm statistics in the system, and it is also troublesome to query
them one by one. The system provides the (no) alarm statistics all command allowing
you to set the statistics flags for all alarms.
show alarm configuration alarmed
Use the command to query alarm statistics flag and verify the execution of a command.
3-8
Note:
z The modes offered for alarm statistics setting may affect each other. Whether statistics collection for
an alarm is enabled is determined by the latest setting. Suppose an alarm is both a major alarm and a
communication alarm. If the statistics collection for the alarm as major alarms is disabled, but enabled
as communication alarms, statistics collection for this alarm in question will be enabled.
z In practice, the statistics flag of recovery alarm may differ from that of fault alarm. The concerns for
them may also vary. Therefore, the fault alarm and recovery alarm should be set separately.
z It is prohibited to set statistics flag for a threshold-crossing alarm.
3.2.6 Setting Alarm Threshold
When you are concerned about the statistics on alarms of a certain category, you can
enable the alarm statistics flag to allow the system to collect statistics for these alarms
based on various parameters.
There are two threshold values for alarms of each type, namely 15-minute threshold
and the 24-hour threshold. Set the threshold as 0 if you are not concerned about
whether the alarm statistics have exceeded the threshold. Set it as non-0 if you intend
the system to generate a threshold alarm whenever the alarm statistics collected within
a certain period of time exceed the threshold. The default alarm threshold is 0.

1) Setting alarm threshold.
To set the alarm threshold, use the command alarm threshold. alarm threshold
alarmid threshold15m threshold24h
alarm threshold alarmid threshold15m threshold24h
The 15-minitue threshold is required to be no more than the 24-hour threshold.

You can use the command show alarm configuration to query alarm threshold and
verify the execution of command.
Note:
z In practice, the statistics for recovery alarm may differ from that for fault alarm. Their importance may
also be different. Therefore, the fault alarm and recovery alarm should be set separately.
z If you are not concerned about the threshold alarm for certain type of alarms, set the corresponding
threshold as 0 to disable threshold alarm reporting.
3-9
3.2.7 Querying Alarm Statistics
You may care about the occurrence frequency of some alarms generated within a
certain period of time. These statistics may help you to know the working status of
equipment and locate the potential faults.
You can make statistics for alarms generated within four periods, namely, next 15
minutes, next 24 hours, last 15 minutes and last 24 hours. In other words, the system
can save statistics in two days.
To query the statistics, use the command show alarm statistics alarmid [startnum
number].
3.2.8 Clearing Alarm Statistics
If the equipment has been idle for a long time, or the alarm statistics have been
damaged, you can clear manually all statistics collected by using the clear alarm
statistics command.
This command clears all alarm statistics.
Note:
The system will automatically clear the associated statistics if alarms of a certain type have not been
generated for a long time (within two days). Therefore, you do not need to clear such statistics in usual
conditions.
3.2.9 Querying Basic Alarm Information
To query the basic information about alarms in the system, use the command below:
show alarm list { alarmlevel level_value | alarmtype type_value| statistics

statistics_flag | alarmclass class_value | all | from alarmid1 to alarmid2 } [startnum
number]
Using this command you can query information such as alarm ID, alarm output status,
alarm statistics status and alarm name.
Use the command show alarm list all to show the alarm name corresponding to an
alarm ID.
3-10
SmartAX MA5300/5303 Broadband Access System Chapter 4 File Management
Chapter 4 File Management
4.1 Configuring File System
File system is intended to manage the memory devices. It can perform the following:
z Creating a file system.
z Creating/Deleting/Modifying/Renaming files and directories.
z Showing file content.
Note that single-stage directory name or file name can have as much as 64 characters.
4.1.1 Directory-Related Operations
File system can create and delete a directory, and show the working directory and the
information on a file or directory. By default, the current directory is flash:, namely the
default working path.
The following table lists the commands for directory-related operations.
Table 4-1 Directory-related operations
To Use In ... mode

Create a directory mkdir directory Privileg mode
Delete a directory rmdir directory Privileg mode
Show the working directory pwd Privileg mode
Show directory or file information dir [ /all ] [ file-url ] Privileg mode
Change the working directory cd directory Privileg mode
4.1.2 File-Related Operations
File system can perform the following file-related operations:

z Deleting a file
z Restoring a deleted file
z Clearing a file in the recycle bin
z Showing file content
z Renaming a file
z Copying a file
4-1
z Moving a file
z Showing the content of a specific file
The following table lists the commands for file-related operations.
Table 4-2 Operations with a file
To Use In ... mode

Delete a file delete [ / unreserved ] file-url Privileg mode
Restore a file undelete file-url Privileg mode
Clear a file in the recycle
squeeze file-url Privileg mode
bin
Show file content more file-url Privileg mode
Rename a file rename fileurl-source fileurl-dest Privileg mode
Copy a file copy fileurl-source fileurl-dest Privileg mode
Move a file move fileurl-source fileurl-dest Privileg mode
Show file content dir [ /all ] [ file-url ] Privileg mode
Set file prompt mode file prompt { alert | quiet } Global mode
4.1.3 Memory Device Related Operations
File system can format a specific memory device.
Use the format command to format a specific memory device.
Table 4-3 Operation with the memory device
To Use In ... mode

Format the memory device format filesystem Privileg mode
Note:
It is recommended to use the command under guidance of supporting technicians.
This example shows how to modify the current path and creates a directory.
MA5300# cd flash:
MA5300# pwd
flash:
MA5300#mkdir test
4-2
MA5300# dir
Directory of flash:/
0 -rw- 2529212 Apr 13 2003 10:58:42 5300.esm

1 -rw- 5621 Apr 17 2003 11:47:45 vrpcfg.txt
2 -rw- 3816 Mar 26 2003 16:07:05 v.txt
3 -rw- 688125 Mar 28 2003 11:45:44 5300.evd
4 -rw- 1151980 Apr 16 2003 16:19:40 5300.ead
16256000 bytes total (9056256 bytes free)
4.2 Configuring FTP
4.2.1 Overview
FTP is an application protocol for file transfer between remote hosts.
FTP services available in the MA5300 include:

z FTP Server: you can run FTP client to log in to the MA5300.
z FTP Client: after logging in to the MA5300, you can enter the FTP command to
get access to files in FTP server.
Configuration of FTP server involves:
z Enabling/Disabling FTP server
z Configuring authentication and authorization of FTP server
z Configuring FTP timeout
z Showing FTP server information
4.2.2 Enabling/Disabling FTP Server
The MA5300 can serve as an FTP server to support logins by multiple users at the
same time. FTP users send requests to the MA5300, which will perform the
corresponding actions and feed back results. To enable the MA5300 as an FTP server,
run the command ftp server enable, whereas to disable the function, run the no ftp
server command.
This example shows how to enable the MA5300 as an FTP server:

MA5300(config)#ftp server enable
4-3
4.2.3 Configuring Authentication and Authorization of FTP Server
Authorization of FTP server refers to authorizing FTP users to access the working
directory. Only the user that has passed the authentication and got the authority can
obtain services from the FTP server (namely the MA5300).
You can use the user command to configure the name, password of an FTP user and
the authorized working directory, or use the no user command to delete an FTP user.
In the following example, FTP username is 5300, password is huawei (in plain-text),
and the authorized working directory is flash:/ftp/Quidway.
MA5300(config)# user 5300 service-type ftp ftp-directory flash:/5300 password
0 huawei
4.2.4 Setting FTP Timeout
To prevent unauthorized user access, connection between an FTP client and the
MA5300 will be terminated if no request is received from the FTP user for some time.
You can use the ftp timeout command to configure the FTP timeout, or use the no ftp
timeout command to restore the default value, which is 30 minutes.
This example shows how to set the FTP timeout to 10 minutes:

MA5300(config)#ftp timeout 10
4.2.5 Querying FTP Server Information
You can use the following commands to view FTP server running status and online FTP
users.
You can use the show ftp-server command to query the current configuration of the
FTP server, including the maximum number of users supported and FTP timeout. You
can also use the show ftp-user command to query the detailed information on the
online FTP users.
This example shows how to query FTP server configurations.

MA5300# show ftp-server
Ftp server is running
Max user number 5
User count 0
Timeout(minute) 30
This example shows how to query information on an online FTP user.

MA5300# show ftp-user
username password host port topdir idle
5300 huawei 10.110.3.5 1074 flash:/5300 2
4-4
4.2.6 FTP Client
FTP Client is an application module provided by the MA5300. If an FTP user is

connected to the MA5300 as the FTP client, the FTP user can run commands to
perform some operations, such as creating or deleting directories.
For details about the commands relavant to FTP client, refer to MA5300/5303
Broadband Access System Command Help.
4.3 Configuring TFTP
4.3.1 Overview
Compared to FTP, TFTP is simpler, because it does not require complicated interactive
access interface and authentication interface. TFTP is applicable when the interaction
between the client and server is not too complicated. It is implemented based on User
Datagram Protocol (UDP).
TFTP is initiated by the client. To download files from the TFTP server, the client sends
a read request to the server and receives data from the server. When the downloading
completes, the client sends an ACK message to the server.
To upload files, the client sends a write request to the server and transmits data to the
server. When the uploading completes, the client receives an ACK message from the
server. TFTP transfers programs in binary mode, and transfers text files in ASCII code.
TFTP configuration involves:

z Configuring transfer mode
z Configuring file downloading
z Configuring file uploading
4.3.2 Setting Transfer Mode
TFTP transfers programs in binary mode, and text files in ASCII code mode. By default,
TFTP transfers files in binary mode. You can use the global command tftp { ascii |
binary } to configure the transfer mode.
This example shows how to set the file transfer mode of TFTP to binary mode.
MA5300(config)#tftp binary
4-5
4.3.3 Configuring File Downloading
When the MA5300 needs to download files from the TFTP server, it sends a read
request to the server as a client, and receives data from the server. When the
downloading completes, the MA5300 sends an ACK message to the server. You can
use the command tftp get to download a file through TFTP.
This example shows how to download the file text.txt through TFTP.
MA5300(config)#tftp get //10.71.53.108/test.txt test.txt
4.3.4 Configuring File Uploading
When the MA5300 needs to upload files, it sends a write request to the server as a
client, and transmits data to the TFTP server. When the uploading completes, the
MA5300 receives an ACK message from the server. You can use the global command
tftp put to download a file through TFTP.
This example shows how to upload a file text.txt through TFTP.

MA5300(config)#tftp put test.txt //10.71.53.108/test.txt
4-6
SmartAX MA5300/5303 Broadband Access System Chapter 5 Environment Monitoring Management
Chapter 5 Environment Monitoring Management
5.1 Overview
The MA5300 can monitor in realtime the various environment parameters. These
parameters show status of power supply, distribution, fan, temperature, humidity,
smoke, water and alarm. It can also generate alarms when faults occur. This can
guarantee the normal environment and high reliability for the device.
The MA5300 supports various envoroment monitor modules, also known as the
Environment Monitor Units (EMUs), inlcuding:
z H303ESC. It monitors the enviorment.
z Other built-in monitor modules. They monitor the associated function modules
respectively.
Fan frame EMU (FAN).
Power frame EMU (power4875 and power 5845).
Power distribution frame EMU (DIS).
I. Composition of the EMU system
In terms of hardware, the EMU consists of the environment monitoring board and some
outer sensors to perform the data collection and controlling of the environment
parameters (inside and outside the cabinet) and some supply parameters.
In terms of software, various environment data is displayed and configured through the
command line in the environment monitoring mode and the NMS.
II. Object of the EMU
The object monitored by the EMU includes the distribution frame, access control,
temperature (inside and outside the cabinet), humidity, smoke, water, fire alarm,
burglary and other environment parameters, as well as the power parameters of power
and battery.
III. Functin of the EMU
EMUs have the following functions:

z Managing and controlling the running and configuration of the monitoring board.
5-1
z Checking the monitor parameters of the power, frame and distribution, and
generating the exception alarm.
z Describing the configuration of environment monitor module and the relevant data.
IV. Main Content
The following sections include the following parts:

z Configuring EMU
z Configuring H303ESC
z Configuring POWER4875
z Configuring POWER4845
z Configuring Dial in-line Package (DIS)
z Examples
When the MA5300 is equipped with the EMU, it is required to configure bits 15 of the
DIP Switch as ON. The five bits are used to define the subnode address by which the
DIS EMU communicates with the MA5300 host. If they are all ON, it indicates the
subnode address is 0, indicating the subnode number allocated to the DIS EMU by the
MA5300.
5.2 Configuration Procedures
The configuration of EMU involves two major steps:

1) Define the EMU in the global mode, including the EMUID, EMU type, physical
position, and communication method with ESM.
2) Enter the EMU mode, configure the EMU parameters and query the reported
information.
Note:
A maximum of two EMUs (one FAN and one other EMU) can be configured in one MA5300 cabinet.
The following describes the configuration methods based on the sequences to

configure the EMUs.
5.3 Configuring EMU
After EMU has been connected correctly with the monitor serial port, proceed with the
following configurations on the operation interface of the MA5300.
5-2
5.3.1 Adding/Deleting/Querying an EMU
I. Adding an EMU
To configure the environment monitoring function, first you need to add an EMU. In the
global mode, use the command emu add emuid emutype frameid subnode com
[name].
emuid: used to add an EMU. The emuid entered should be unused. You can use the
command show emu to query the emuid and state of all EMUs
emutype: EMU type, including FAN, POWER4875, POWER4845, DIS and H303ESC.
frameid: the frame number of MA5300 connected with the EMU.
subnode: subnode number. When the MA5300 and EMU communicate by means of
subnode, you need set the subnode number when configuring the EMU for the cabinet.
Note:
z The subnode number for H303ESC is always 30.
z The default subnodes for FAN, POWER4875, POWER4845 and DIS are 0. You can configure these
subnodes, but they must be consistent with the DIP settings on the hardware.
z No subnode is allowed to conflict with others when the system monitors multiple EMUs at the same
time.
com: the method for communication between the EMU and the ESM board, which can
be back, fore and random.
back means the EMU shall communicate with the ESM board through the serial
port on the backplane of the cabinet.
fore means the EMU shall communicate with the ESM board through the serial
port on the front panel of the ESM board.
random means the EMU shall use either the back or fore mode to
communicate. It is applicable to the communication between slave frames.
5-3
Note:
Pay attention to the following when selecting the communication method:
z The EMU FAN can only work in back mode.
z Other EMUs can only work in fore mode.
This example shows how to add an H303ESC.

MA5300(config)#emu add 0 h303esc 0 30 fore
{ <cr>|name<S><1,19> }:
MA5300(config)#
! 1[2003-07-17 17:08:13]:ALM-3-AlarmInfo:
ALARM 484 FAULT MAJOR 0x15410000 ENVIRONMENTAL 2003-07-17 17:08:13

ALARM NAME : Emu abnormal
PARAS INFO : EMU ID: 0 EMU Type: H303ESC Name:
DESCRIPTION : EMU is faulty or cannot communicate with the host.
REASON : (1) EMU fault, (2) Communication serial port damaged or line
fault, (3) EMU reset manually
ADVICE : (1) Replace the EMU, (2) Check the communication serial port
and line.
--- END
II. Deleting an EMU
To delete an EMU, use the command emu del emuid.
Note:
z The EMU type cannot be changed after the configuration. If you need to change it, first delete the EMU,
and then add a new one.
z If an EMU in the cabinet has been replaced, first delete the original EMU, and then add the new one.
III. Displaying an EMU
To display the attributes and running states of all EMUs, use the command show emu.
5-4
MA5300(config)#show emu 0
EMU ID: 0
--------------------------------------------------------------------
EMU name : mdpower
EMU type : H303ESC
Used or not : Used
EMU state : Normal
Frame ID : 0
Subnode : 30
COM Port : Fore
--------------------------------------------------------------------
IV. Entering the EMU Configuration Mode
After an EMU has been added successfully, use the command interface emu to enter
the EMU mode of such EMU to query the state of the monitoring device and configure
the relevant environment parameters.
This example shows how to enter the EMU mode of the H303ESC, whose EMUID is 0.
MA5300(config)#interface emu 0
MA5300(config-if-h303esc-0)#
5.4 Configuring EMU H303ESC
The following sections introduce how to configure the H303ESC.
5.4.1 Configuring H303ESC Environment Monitor Parameter
I. Setting fan control parameters
The command esc fan is used to set the status control parameters for the H303ESC
fan frame. The status of the fan frame can be opened, closed or auto.
The default status control is auto. It means that the temperatures for the fan auto-on
and auto-off must be set. The default temperatures for fan auto-on and auto-off are
45C and 30C respectively.
II. Setting analog parameters
To set the upper and lower thresholds of analog parameters like temperature and
humidity, use the command esc analog.
5-5
III. Setting digital parameters
To set the digital parameters like MDF state, access control state and normal state of
the digital parameters, use the command esc digital.
IV. Setting extended serial port parameters
To set the extended serial port parameters, including the baudrate and databit, use the
command esc com.
V. Specifying the power module monitored by H303ESC
You need to add a power module using the command esc power before configuring
the related parameters. The power module supported at present is the 4810 power
module.
VI. Setting the 4810 power module parameters
After the power module to be monitored by H303ESC has been added, you can use the
command esc 4810 to set the power parameters.
VII. Displaying H303ESC system parameters
The command show esc system parameter is used to display the H303ESC system
parameters, which include: fan running mode, analog, digital, extended serial port
parameters and power module parameters.
5.4.2 Displaying H303ESC Environment Information
I. Displaying 4810 power module information
The command show esc 4810 is used to display the configuration of the 4810 power
module, work status and running information.
II. Displaying environment information
The command show esc environment info is used to display the setting of
environment factors like temperature, humidity, access control and fire sensors.
III. Displaying alarm information
The command show esc alarm is used to display the alarm information on the
environment.
5-6
5.5 Configuring EMU Power 4875/4845
The following sections introduce how to configure the 4875/4845 power module.
5.5.1 Configuring 4875/4845 Power Module
I. Setting the backup analog of 4875 power module
The command power analog-backup is used to set the backup analog of the 4875
power module.
II. Setting 4875/4845 battery parameters
The command power battery is used to set the management and temperature
parameters of the battery that connects with the 4875/4845 power modules.
III. Setting 4875/4845 battery charging parameters
The command power charge is used to set the charging parameters for the battery
that connects with the 4875/4845 power module, including the charging mode and
charging voltage.
IV. Setting 4875/4845 environment parameters
The command power environment is used to set the environment parameters of the
4875/4845 power module, including the temperature and humidity.
V. Setting the quantity of 4875/4845 power module
The command power module-num is used to set the quantity of 4875/4845 power
module.
VI. Configuring 4875/4845 on/off control
The command power module-parameter is used to configure the on/off status control
of the 4875/4845 power module. By default, the power module is on, which means the
power module is supplying power at present.
VII. Setting 4875/4845 power-off threshold
The power-off occurs in two cases: loading power-off and battery power-off.
When the mains supply is cut off, the MA5300 cabinet will be powered by the batteries.
If the output voltage of the batteries drops under the loading power-off threshold, the
power for the traffic load will be cut off. If the output voltage of the batteries keeps
5-7
dropping and goes below the battery power-off threshold, the batteries will stop
working.
The command power off is used to configure the power-off thresholds for the load and
the batteries. Note that the 4875 power module does not support the loading power-off
function.
Make sure these conditions are met in the configuration:

z DC overvoltage > battery even charging voltage > battery float charging voltage >
DC undervoltage > loading power-off voltage > battery power-off voltage.
z DC overvoltage > (float charging voltage + 2).
z Float charging voltage > (DC undervoltage + 2).
VIII. Setting 4875/4845 power supply parameter
The command power supply-parameter is used to set the power distribution

parameters of the 4875/4845 power module, including the overvoltage/undervoltage
alarm thresholds for AC and DC power supplies.
IX. Setting 4875/4845 power backup digital
The command power digital-backup is used to set the backup digital of the 4875/4845
power module.
X. Setting 4845 power-off temperature
The command power temperature-off is used to set the power-off temperature for the
4845 power module.
5.5.2 Querying Information on POWER4875/4845
I. Displaying 4875/4845 power alarm information
The command show power alarm is used to display the alarm information on the
4875/4845 power module.
II. Displaying 4875/4845 power environment information
The command show power environment info is used to display the environment
information on the 4875/4845 power module.
III. Displaying 4875/4845 power environment parameters
The command show power environment parameter is used to display the

environment parameters of the 4875/4845 power module.
5-8
IV. Displaying 4875/4845 power running information
The command show power run info is used to display the running information on the
4875/4845 power module.
V. Displaying 4875/4845 power system parameters
The command show power system parameter is used to display the 4875/4845
power system parameters.
5.6 Configuring EMU DIS
The following sections introduce how to configure the DIS.
5.6.1 Configuring DIS Parameters
I. Enabling/supressing DIS alarm parameterso nb
To enable or suppress the DIS alarm parameters, use the command distribution
alarmset.
The DIS alarm parameters include: temperature and humidity of the power distribution
frame, -48V input to the frame, internal/external sensors for digital, and sensors for
analog.
II. Configuring buzzers for the power distribution frame
To open or close the buzzer on the power distribution frame, use the command
distribution buzzers.
III. Setting the alarm parameters
z The command distribution humidity is used to set the upper and lower threshold
of humidity alarm.
z The command distribution temperature is used to set the upper and lower
threshold of temperature alarm.
z The command distribution input is used to set the upper and lower threshold of
-48V input to the power distribution frame.
z The command distribution outside_analog is used to set the parameters of
external sensors of the power distribution frame for analog.
z The command distribution outside_digital is used to set the parameters of
external sensors of the power distribution frame for digital.
z The command distribution lamp is used to set the lamp parameter of the cabinet.
5-9
5.6.2 Displaying DIS Information
I. Displaying the configuration parameter of distribution frame
The command show distribution system parameter is used to display the

configuration parameters of the distribution frame.
II. Displaying the environment prarmeter of distribution frame
The command show distribution environment info is used to display the

environment parameter of the distribution frame.
5.7 Configuration Examples
The following sections are examples on configuring the H303ESC and DIS.
5.7.1 Configuring H303ESC
This example shows how to add an EMU connected to the environment monitoring port
of the ESM board for frame 0. The EMU ID is 0 and the EMU type is H303ESC.
MA5300(config)#emu add 0
{ DIS<K>|H303ESC<K>|POWER4845<K>|POWER4875<K>|FAN<K> }:h303ESC
{ frameid<0,63> }:0
{ subnode<0,31> }:30
{ back<K>|fore<K>|random<K> }:fore
{ <cr>|name<S><1,19> }:
MA5300(config)#emu add 0 h303ESC 0 30 fore
MA5300(config)#
! 1[2003-07-17 17:59:01]:ALM-3-AlarmInfo:
ALARM 493 FAULT MAJOR 0x15410000 ENVIRONMENTAL 2003-07-17 17:59:01

ALARM NAME : Emu abnormal
PARAS INFO : EMU ID: 0 EMU Type: H303ESC Name:
DESCRIPTION : EMU is faulty or cannot communicate with the host.
REASON : (1) EMU fault, (2) Communication serial port damaged or line
fault, (3) EMU reset manually
ADVICE : (1) Replace the EMU, (2) Check the communication serial port
and line.
--- END
5-10
Note:
The subnode number for EMU-H303ESC is always 30.
This example shows how to display the state of H303ESC.

EMU ID: 0
-------------------------------------------------------------------
EMU name : -
EMU type : H303ESC
Used or not : Used
EMU state : Normal
Frame ID : 0
Subnode : 30
COM Port : Fore
-------------------------------------------------------------------
Note:
If the state of EMU is Fault, check the following:
z Whether H303ESC works normally.
z Whether the physical connection is correct.
z Whether the EMU type, cabinet ID, subnode number and communication serial port are correct.
Enter H303ESC mode to check the environment information.

MA5300(config)#interface emu 0
MA5300(config-if-h303esc-0)#show esc environment info
EMU ID: 0 H303ESC environment state
Fan control mode :Auto Fan run state: Open
-----------------Analog Environment Info--------------------------
ID Name State Value AlmUpper AlmLower Unit
0 Temperature Normal 34.26 20 5 C
1 Humidity Normal 30.98 80 0 %R.H.
2 - Normal -128.00 127 -128 -
3 - Normal -128.00 127 -128 -
4 - Normal -128.00 127 -128 -
5 - Normal -128.00 127 -128 -
6 - Normal -128.00 127 -128 -
5-11
7 - Normal -128.00 127 -128 -

----------------Digital Environment Info---------------------------
ID Name State Value |ID Name State Value
0 Wring Normal 1 |1 Door1 Alarm 1
2 Door2 Normal 1 |3 Fire_Alarm Normal 1
4 Theft_Alarm Normal 1 |5 Fog Normal 1
6 Water_Alarm Normal 1 |7 Peculiar_Smell Normal 1
8 Window_Broken Normal 1 |9 - Normal 1
10 - Normal 1 |11 - Normal 1
--------------------------------------------------------------------
Note:
If there is a temperature alarm and access control alarm when you check the environment state, modify
the temperature threshold and the level of the access control respectively to eliminate these alarms. Too
high a temperature is prompted because the upper threshold for temperature alarm is set to only 20
degrees centigrade; while the access control alarm is generated since the door is not closed.
This example shows how to set the temperature alarm, with the upper and threshold as
55 and 5 centigrade respectively.
MA5300(config-if-h303esc-0)#esc analog
{ analogid<0,7> }:0
{ alarm-upper-limit<S><1,4> }:55
{ alarm-lower-limit<S><1,4> }:5
{ <cr>|measure-upper-limit<S><1,4> }:
This example shows how to set the effective level of access control to a high level.
MA5300(config-if-h303esc-0)#esc digital
{ digitalid<0,21> }:1
{ low-level<K>|high-level<K> }:high-level
{ <cr>|name<S><0,19> }:
This example shows how to query the environment information again.

MA5300(config-if-h303esc-0)#show esc environment info
EMU ID: 0 H303ESC environment state
5-12
Fan control mode :Auto Fan run state: Open

------------------Analog Environment Info--------------------------
0 Temperature Normal 34.26 55 5 C
1 Humidity Normal 31.37 80 0 %R.H.
2 - Normal -128.00 127 -128 -
3 - Normal -128.00 127 -128 -
4 - Normal -128.00 127 -128 -
5 - Normal -128.00 127 -128 -
6 - Normal -128.00 127 -128 -
7 - Normal -128.00 127 -128 -
---------------Digital Environment Info---------------------------
0 Wring Normal 1 |1 Door1 Normal 1
2 Door2 Normal 1 |3 Fire_Alarm Normal 1
4 Theft_Alarm Normal 1 |5 Fog Normal 1
6 Water_Alarm Normal 1 |7 Peculiar_Smell Normal 1
8 Window_Broken Normal 1 |9 - Normal 1
--------------------------------------------------------------------
Now the states of both temperature and access control are normal.
5.7.2 Configuring a DIS
This example shows how to add an EMU, with EMU ID as 1 and type as DIS.
MA5300(config)#emu add 1 dis 0 0 fore
{ <cr>|name<S><1,19> }:
MA5300(config)#
This example shows how to show the DIS state.

EMU ID: 1
--------------------------------------------------------------------
EMU name : -
EMU type : DIS
Used or not : Used
EMU state : Normal
5-13
Frame ID : 0
Subnode : 0
COM Port : Fore
Note:
If the EMU state is Fault, check the following:
z Whether the physical connection is correct.
z Whether the connection line between distribution frame and MA5300 is correct and functions well.
z Whether bits 1 5 of the DIP switch S1 on the DIS has been set to ON.
z Whether the EMU type, frame ID, subnode number and communication serial port are configured
correctly.
Enter the DIS mode to check the environment information.

MA5300(config-if-dis-1)#show distribution environment info
MA5300(config-if-dis-1)#
EMU ID: 1 distribution environment info
------------------Analog Environment Info--------------------------
0 input -48V 1 Normal 52.00 60 42 volt
1 input -48V 2 Normal 53.00 60 42 volt
2 temperature Normal 30.00 55 5 C 3 humidity
Normal 36.00 80 0 %R.H.
4 out_analog1(out_analog1) Normal -128.00 127 -128 -
5 out_analog2(out_analog2) Normal -128.00 127 -128 -
----------------Digital Environment Info---------------------------
0 output ctrl digital 1Normal - |1 output ctrl digital 2Normal 2 output
ctrl digital 3Normal - |3 output ctrl digital 4Normal
4 board +12V Normal - |5 board +24V Normal -
6 LightningproofBoard1Normal - |7 LightningproofBoard2Normal -
8 out_digital 1 Normal 0 |9 out_digital 2 Normal 0
--------------------------------------------------------------------
By now you can configure various environment parameters of DIS.
The configuration processes for different EMUs are similar, so you can refer to the
above two examples in configuring other EMUs. For related commands, refer to the
previous description in this chapter.
5-14
Note that the key words of configuration commands in the EMU mode are different. For
example, the key word for H303ESC is esc, for FAN is fan, for the power 4875 and
power 4845 is power, and for DIS is distribution.
5-15
SmartAX MA5300/5303 Broadband Access System Chapter 6 Active/Standby Switchover
Chapter 6 Active/Standby Switchover
6.1 Overview
As a carrier class device, the MA5300 features excellent operation reliability and fault
tolerance. It is capable of making quick response to any occurrence of fault. This can
minimize the negative impact on the ongoing services.
To enable the fault tolerance function, the MA5300 incorporates the active/standby
switchover design.
6.1.1 Basic Principles
The active/standby switchover involves two basic elements: data synchronization and
smoothness. They are the preconditions for the realization of active/standby
switchover.
I. Data synchronization
The MA5300 implements data synchronization in a centralized manner: The data

synchronization module offers the unified synchronization interface, the software
modules register the data to be synchronized, and finally the data synchronization
module accomplishes the data synchronization for the active/standby boards.
The data that can be synchronized include configuration data, basic running data, and
dynamic service data.
There are two statuses of data synchronization.

z Sufficient data synchronization: When all data variations of the active board are
completely synchronized with the data of standby board, such synchronization is
called sufficient data synchronization.
z Insufficient data synchronization: When only part of data variations of the
active board is synchronized with the data of the standby board, such
synchronization is called insufficient data synchronization.
II. Smoothness
The active/standby switchover means changing the standby board to the active one.
Before implementing active/standby switchover, the MA5300 needs to check the
consistency between the data blocks to be synchronized and generate new data. This
process is generally referred to as smoothness.
6-1
6.1.2 Active/Standby Switchover Modes
There are two types of active/standby switchover modes:

z Auto active/standby switchover.
When the active board is faulty, the system automatically carries out active/standby
switchover by resetting the active board and changing the standby board to the active
one. This can ensure the continuity of the ongoing service.
z Manual active/standby switchover.
There are multiple ways to implement manual active/standby switchover:
Run the active/standby switchover command.
Reset the active board.
Reset the active board manually or unplug the active board.
Based on the data synchronization mode, the active/standby switchover can be divided
into normal active/standby switchover and forced active/standby switchover.
z Normal active/standby switchover.
Normal active/standby switchover refers to the active/standby switchover which is
implemented on the basis of sufficient data synchronization. It can maintain the
continuity of the ongoing service.
z Forced active/standby switchover.
Forced active/standby switchover refers to the active/standby switchover which is
implemented on the basis of insufficient data synchronization. Insufficient data
synchronization occurs in three circumstances: insufficient configuration data
synchronization, insufficient basic running data synchronization, and insufficient
dynamic service data synchronization. To implement active/standby switchover in
these three circumstances will have different impact on the system.
In insufficient configuration data synchronization, the system prohibits using the

active/standby switchover command for forced active/standby switchover. Other forced
switching approaches, such as manual active board resetting and unplugging active
board, will lead to the loss of basic data. In this circumstance, the system will, instead of
active/standby switchover, perform simple board resetting and enable low-level system
recovery function to ensure the normality of the system.
In insufficient running data synchronization, the system prohibits using the

active/standby switchover command for forced active/standby switchover. Other forced
switching approaches will not lead to system resetting or affect the configuration files.
However, it may lead to service board resetting.
6-2
In insufficient service data synchronization, the system allows using active/standby

switchover command for forced active/standby switchover. The active/standby
switchover will not affect the original services, alarms, logs and connections.
6.2 Preconditions for Active/Standby Switchover
To implement active/standby switchover, you need to satisfy these requirements:

z The active and the standby boards should be of the same version. Both of them
are working normally.
z The subboards, if any, of the active and standby boards should be of the same
version and type.
z The active and standby boards are configured with the same version
In addition, it is recommended that the active and standby boards have the same
programs, data and multi-language files. Otherwise, it can result in abnomalities.
The active/standby switchover has no specific requirement on service boards.
6.3 MA5300+Double ISUs Active/Standby Switchover
MA5300+ double ISUs active/standby switchover supports built-in ISU backup and
double uplinks. It can implement ISU/ESM and uplink redundant backup.
In Figure 61, system 1 comprises ESM1 and ISU1; system 2 comprises ESM2 and
ISU2.
Assume that system 1 (or system 2) is used as the active one, if any uplink interface of
ESM or ISU is faulty, the two systems will exchange their respective active or standby
status. The active one turns into the standby one and the standby one turns into the
active one. In this way, system reliability is greatly improved.
6-3
ISU1
GATEWAY:4.0.0.1/24
IP POOL4.0.0.2-4.0.0.100
ip route-static 0.0.0.0 0.0.0.0 4.0.1.100
ip route-static 0.0.0.0 0.0.0.0 4.0.2.2
preference 200
ISU2
GATEWAY:4.0.0.1/24
IP POOL4.0.0.2-4.0.0.100
ip route-static 0.0.0.0 0.0.0.0 4.0.1.100 PC2
ip route-static 0.0.0.0 0.0.0.0 4.0.2.1
MA5300
ID C
preference 200
4.0.1.100/16
G7/1/1 G8/1/1 G9 G9
A TRUNK E E TRUNK
I I
D S S S S
7x 8x 9x 10x 11x 1 2x 7x 8x 9x 1 0x 1 1x 12 x
Et hernet
C
7 8 9 101 11 2
A 1 2 3 4 5 6 1x 2x 3x 4x 5x 6x 1x 2x 3x 4x 5x 6x
S M M U U
A B
HUB
L 1 2 1 2
4.0.1.1/24 E6 E6 4.0.1.1/24
4.0.2.1/24 E7 E7 4.0.2.2/24
ADSL1/0/0
7 8 14 15
T AL K / D ATA
TAL K R S C S TR R D TD CD
MT800
PC1
Figure 61 Networking of MA5300+ double ISUs active/standby switchover
The following section describes the configuration procedures.
I. Configuring ESM1 and ESM2
Since only one of ESM1 and ESM2 is in active status, you just need to configure the
active ESM. The configuration data will be synchronized to the standby ESM
automatically. The following introduces how to configure the ESM.
1) Configure port Gigabit Ethernet 7/1/1 as Trunk port to allow the pass-through of all
VLANs.
MA5300(config-if-GigabitEthernet7/1/1)#switchport trunk allowed vlan all
Please wait........................................... Done.
MA5300(config-if-GigabitEthernet7/1/1)#
2) Create VLAN 2, designate port ADSL1/0/0 to VLAN 2 and activate port
ADSL1/0/0.
6-4
MA5300(config-vlan2)#switchport adsl1/0/0
MA5300(config)#adsl activate adsl1/0/0
3) Configure PPPoA and IPOA parameters.
As the two BAS boards are designated with different MAC addresses, you can run
these commands to set the destination MAC addresses for PPPoA and IPOA:
MA5300(config)#atm-terminated dest-mac pppoa support-misu slot7
00e0.fc26.0830 slot8 00e0.fc00.1122
MA5300(config)#atm-terminated dest-mac ipoa support-misu slot7
00e0.fc26.0830 slot8 00e0.fc00.1122
The first MAC address is the MAC address of ISU1 connected with the ESM board
residing in Slot 7; the second MAC address is the MAC address of ISU2 board
connected with the ESM board residing in slot 8.
4) Set the connection type of ADSL1/0/0 as auto.
MA5300(config)#adsl connect-type auto adsl1/0/0
5) Enable the uplink interface of the standby ESM board.
MA5300(config)#interface g7/1/1
MA5300(config-if-GigabitEthernet7/1/1)#slave-up
By default, the GE and FE interfaces of standby ESM board are disabled. You need to
enable these interfaces used for packet transmission manually.
6) Add two ISU boards through the device management function.
MA5300(config)#inner-isu support-misu
If using the command inner-isu, you can only add one ISU board. If using the above
command, you can add two ISU boards at the same time. At this moment, you can see
two ISU board using the command show board.
7) Configure MISU.
MA5300(config)#misu uplink-port slot 7 interface GigabitEthernet7/1/1
MA5300(config)#misu uplink-port slot 8 interface GigabitEthernet7/1/1
MA5300(config)#misu enable
These commands are used to specify a port of the two ESM boards for ISU
active/standby switchover, and then enable double ISUs active/standby switchover.
The ports connecting to the ISU board must be the same on the two ESM boards.
II. Configuring ISU1 and ISU2
As ISU1 and ISU2 are two independent devices, you need to configure them one by
one manually.
The following introduces how to configure ISU1 and ISU2.

1) Configure the access type and account.
6-5
This configuration can be performed in the same manner as configuring a single ISU.
Designate port Ethernet6 for PPP and VLAN access, and then add several user
accounts. For details, refer to Intelligent Service Unit Processing Unit Operation
Manual.
2) Enable PPPoA function.
[ISU] pppoa enable
To offer PPPoA access, you need to enable PPPoA function first.

3) Add a default upstream route and a default route for the communication between
two ISUs.
ISU1 configuration:
[ISU]inter eth 6.0
[ISU-Ethernet6.0]ip address 4.0.1.1 255.255.255.0
[ISU-Ethernet6.0]quit
[ISU]inter eth 7.0
[ISU]portvlan eth 6 vlan 0
[ISU-ethernet6-6-vlan0-0]access-type interface
[ISU-ethernet6-6-vlan0-0]quit
[ISU]ip route-static 0.0.0.0 0.0.0.0 4.0.1.100
[ISU]ip route-static 0.0.0.0 0.0.0.0 4.0.2.2 preference 200
ISU2 configuration:
[ISU]inter eth 6.0
[ISU]inter eth 7.0
[ISU]ip route-static 0.0.0.0 0.0.0.0 4.0.1.100
[ISU]ip route-static 0.0.0.0 0.0.0.0 4.0.2.1 preference 200
6-6
To enable NMS devices in the public network to access the two ISU boards at the same
time, you need to add a low-priority default route between the ISUs ports ethernet7.
4) Enable HRP function.
[ISU]hrp uplink Ethernet6
[ISU]hrp downlink GigabitEthernet9
[ISU]hrp enable
The above commands configure the uplink/downlink port needed for the double ISUs
active/standby switchover, and enable the HRP packet reception function.
III. Verifying the active/standby switchover
When the system is in normal status, run the command show misu on the ESM board.
MA5300(config)#show misu
[MISU information]
function status: Enable
shakehand timer: 3 (sec)
upper-port of ESM board in slot 8: GigabitEthernet7/1/1
ESM board in slot 8 is in master status
ISU board status is Normal
upper-port of ISU board is up
upper-port of ESM board in slot 7: GigabitEthernet7/1/1
ESM board in slot 7 is in slave status
ISU board status is Normal
upper-port of ISU board is administratively down
The above shows that the two ISUs are in normal status, the uplink port of the ISU
board connected with the active ESM board is enabled, while the uplink port of the ISU
board connected with standby ESM board is disabled.
When viewing the indicators of the hub, you can find that one of the two ports
connecting the uplink ports of two ISU boards is UP and the other is DOWN.
The following introduces how to view the the indicators of the hub:
1) Configure PPPoA access on the MT800 (an ADSL Modem). The system prompts
success and allocates an IP address.
2) Disconnect the uplink port of ISU board (connected with ESM) with the hub.
Several seconds later, the system starts to implement ESM active/standby
switchover. The original active ESM board prints Master board is ready to reset
for isu connection down. The original standby ESM board becomes the active
one.
3) Interrupt MT800s PPPoA access, and then redial. The PPPoA access is restored.
You can ping PC2 using PC1.
4) View the hubs indicators. You can find that the UP one of the two uplink ports
connected with ISU turns into DOWN, and the other turns into UP.
6-7
6.4 ESM+EIU Active/Standby Switchover
6.4.1 Establishing Switch-over Environment
Insert two ESM boards in slots 7 and 8, serving as active and standby ESM boards
respectively. While in slot 15, insert an EIUA board.
As an interface board, the EIUA board provides two subboard slots: one for GE
subboard, and the other for EF subboard. Similar to the subboard slot arrangement in
the ESM board, the GE subboard is above the FE subboard.
6.4.2 Active/Standby Switchover Configuration Commands
The follong introduces how to perform active/standby switchover.
I. Enabling/Disabling switch for synchronizing configuration files on

active/standby boards
Before starting the write operation on the active ESM board, you can run the command
standby backup configure to automatically synchronize the configuration data in the
active board with those in the standby board; or you can use the command no standby
backup configure to disable configuration data synchronization.
Once the active/standby data synchronization switch is enabled through the command
standby backup configure, the configuration data saved in active board through the
command write will also be saved in the backup board. To disable the synchronization
switch for active/standby board configuration data, run the command no standby
backup configure. By default, the configuration file synchronization switch for
active/standby board is enabled.
1) Enable the switch for synchronizing configuration files on active/standby boards.
MA5300#standby backup configure
Config file automatic backup to standby board switch status: On.
2) Disable the switch for synchronizing configuration files on active/standby boards.
MA5300#no standby backup configure
Config file automatic backup to standby board switch status: Off.
II. Synchronizing configuration data manually
To maintain the consistency in configuration data between the active board and the
standby board, use the command standby update configure in Privileged mode.
This method is used to synchronize data in the active/standby board manually.

MA5300#standby update configure
The configureuration file will be written to the flash memory of standby board.
6-8
Are you sure to continue? (y/n)[n]:y

Now synchronizing startup-configure to standby.
Please wait for a while(2 minutes in worst case)...
Synchronize startup-configure to standby successfully.
III. Switching the ESM board manually
To switch the active and standby ESM boards manually, run the command system
switch-over in Privileged mode. Unless considered necessary, do not use the
command.
To perform o perform active/standby switchover between the two ESM boards, follow
the steps below strictly:
1) Enable the switch for synchronizing configuration files on active/standby boards
using the command standby backup configure.
2) Synchronize the configuration data in the active board with those in the standby
board using the command standby update configure.
3) Switch the ESM board manually using the command system switch-over.
This example shows how to perform ESM board switchover manually.
Configure file automatic backup to standby board switch status: On
MA5300#standby update configure
The configureuration file will be written to the flash memory of standby board
Are you sure to continue? (y/n)[n]:y
Now synchronizing startup-configure to standby.
Please wait for a while(2 minutes in worst case)...
Synchronize startup-configure to standby successfully.
MA5300#system switch-over
Are you sure to switch over? (y/n)[n]:n
6.4.3 Configuring Automatic Switchover
To configure automatic switchover, you only need to run the command standby
backup configure in privileged mode of the active ESM board.
This operation can be omitted, because the switch for synchronizing configuration files
on active/standby boards is enabled by default.
Configure file automatic backup to standby board switch status: On.
After the completion of data configuration in the active ESM board, you can run the
command write to save the configuration data. At the mean time, the system saves the
configuration data in the standby board by synchronizing the active/standby
configuration data.
6-9
When the active ESM board is unplugged or is faulty, the system automatically
switches it to the standby board to ensure normality of the ongoing service.
6.4.4 Configuring Manual Switchover
The first steps for configuring automatic switchover and manual switchover are the
same: That is to run the command standby backup configure in privileged mode of
the active ESM board to enable the switch for synchronizing configuration files on
active/standby boards. This operation can be omitted, because the switch for
synchronizing configuration files on active/standby boards is enabled by default.
Configure file automatic backup to standby board switch status: On.
After the completion of data configuration in the active ESM board, you can run the
command write to save the configuration data. At the mean time, the system saves the
configuration data in the standby board by synchronizing the active/standby
configuration data.
When the active ESM board is unplugged, you can use the command system
switch-over to perform active/standby switchover manually. This can change the
standby board into the active one, ensuring the normality of system running.
MA5300#system switch-over
Are you sure to switch over? (y/n)[n]:n
6-10
HUAWEI

system
Operation Manual
Appendix
Operation Manual - Appendix
Table of Contents
Appendix A Acronyms and Abbreviations .................................................................................A-1
i
SmartAX MA5300/5303 Broadband Access System Appendix A Acronyms and Abbreviations
Appendix A Acronyms and Abbreviations
A
AAA Authentication, Authorization and Accounting
ABR Area Border Router
ACK Acknowledgement
ACL Access Control List
ADSL Asymmetrical Digital Subscriber Loop
APP Application Program
ARP Address Resolution Protocol
AS Autonomous System
ASBR Autonomous System Boundary Router
B
BAS Broadband Access Server
BDR Backup Designated Router
BGP Border Gateway Protocol
C
CAR Committed Access Rate
CLI Command Line Interface
CO Central Office
COS Class of Service
D
DD Database Description
DHCP Dynamic Host Configuration Protocol
DIS Dial in-line Package
DR Designated Router
DSLAM Digital Subscriber Line Access Multiplexer
D-V Distance Vector Routing Algorithm
E
ESM Ethernet Switch Main Control board
EAD Ethernet ADSL access board
ESH Ethernet SHDSL board
A-1
ESP Ethernet Splitter board

EVD Ethernet over VDSL access board
F
FE Fast Ethernet
FTP File Transfer Protocol
G
GARP Generic Attribute Registration Protocol
GE Gigabit Ethernet
GMRP GARP Multicast Registration Protocol
GVRP GARP VLAN Registration Protocol
H
HDP Huawei Discovery Protocol
HTP Huawei Topology Protocol
HGMP Huawei Group Management Protocol
I
IAB Internet Architecture Board
ICMP Internet Control Message Protocol
IETF Internet Engineering Task Force
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
ISU Intelligent Service Unit
L
LSDB Link-State DataBase
LSA Link-State Advertisement
LSR Link State Request
LSU Link State Update
LSAck Link State Acknowledgment
M
MAC Medium Access Control
MIB Management Information Base
MTU Maximum Transmission Unit
N
NAS Network Access Server
A-2
NBMA Non Broadcast MultiAccess

NIC Network Information Center
NMS Network Management System
NSSA Not-So-Stubby Area
NVRAM Nonvolatile Random Access Memory
O
OSPF Open Shortest Path First
P
PIM-DM Protocol-Independent Multicast-Dense Mode
PIM-SM Protocol-Independent Multicast-Sparse Mode
PPPoE Point-to-Point Protocol Over Ethernet
PQ Priority Queuing
PVC Permanent Virtual Channel
Q
QoS Quality of Service
R
RIP Routing Information Protocol
RMON Remote Network Monitoring
RSTP Rapid Spanning Tree Protocol
S
SHDSL Single-pair High-speed Digital Subscriber Line
SNMP Simple Network Management Protocol
STP Spanning Tree Protocol
SYN Synchronization
T
TCP/IP Transmission Control Protocol/ Internet Protocol
TFTP Trivial File Transfer Protocol
TOS Type of Service
TTL Time To Live
U
UDP User Datagram Protocol
V
VCI Virtual Channel Identifier
VPI Virtual Path Identifier
A-3
VDSL Very-high-data-rate Digital Subscriber Line

VLAN Virtual LAN
VOD Video On Demand
VT Virtual Terminal
VTP VLAN Trunk Protocol
VTY Virtual Type Terminal
W
WRR Weighted Round Robin
X
xDSL x Digital Subscriber Line
A-4

SmartAX MA5300

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SmartAX MA5300

Uploaded by

Copyright:

Available Formats

Basic Operations

Table of Contents ......................................................................................... i

SmartAX MA5300/5303 Broadband Access System

Manual Version T2-051692-20040707-C-1.50

Product Version V100R005

Huawei Technologies Co., Ltd.

Address: Administration Building, Huawei Technologies Co., Ltd.,

Bantian, Longgang District, Shenzhen, P. R. China

Postal Code: 518129

All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any

, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

Difference between the MA5300 and the MA5303

See the following table.

Difference between the MA5300 and the MA5303

Part 2 Service Configuration describes configuration of VDLS, ADSL and Ethernet

Part 3 Maintenance Operations elaborates on maintenance operations including

Appendix lists acronyms and abbreviations involved in this manual.

The manual is intended for the following readers:

The manual uses the following conventions:

III. GUI conventions

IV. Keyboard operation

Caution: Means reader be extremely careful during the operation.

Note: Means a complementary description.

General Table of Contents

SmartAX MA5300/5303 Broadband Access

Chapter 1 Maintenance Terminal Configuration ........................................................................ 1-1

Chapter 2 Basic Operations ......................................................................................................... 2-1

Chapter 3 User Management........................................................................................................ 3-1

Chapter 4 Line Configuration....................................................................................................... 4-1

Chapter 5 Board Management ..................................................................................................... 5-1

Chapter 6 MAC Address Management ........................................................................................ 6-1

Chapter 7 ARP Configuration....................................................................................................... 7-1

Chapter 8 Network Management Configuration......................................................................... 8-1

Chapter 9 RMON Configuration ................................................................................................... 9-1

Chapter 10 DHCP Relay Configuration ..................................................................................... 10-1

Chapter 11 IP Performance Configuration................................................................................ 11-1

Chapter 1 Maintenance Terminal Configuration

Configuration of the maintenance terminal mainly involves:

1.1 Configuring Serial Terminal

The following introduces how to set up the serial terminal environment.

RS-232 port MA5300

Figure 1-1 Setting up serial port configuration environment

2) Select [Start/Program/Accessories/Communication/HyperTerminal] to start the

Figure 1-2 Selecting the serial port for connection

See Figure 1-3:

Figure 1-3 Setting console port parameters

4) Click <OK> to pop up the HyperTerminal interface, as shown in Figure 1-4.

Figure 1-4 HyperTerminal interface

5) Select [File/Properties] menu in the HyperTerminal interface, and then click

Figure 1-5 Defining the terminal type

6) Next, click [ASCCII Setup] to set the property of ASCII code.

Figure 1-6 Setting ASCII code

1.2 Configuring Remote Serial Terminal

Figure 1-7 Configuring remote serial terminal

1.3 Configuring Telnet Environment

I. Configuring the outband port /inband port

II. Setting up configuration environment

1) Set up local configuration environment.

See Figure 1-8.

LAN established through

Figure 1-8 Setting up local configuration environment through LAN

2) Set up remote configuration environment.

See Figure 1-9.