RAX711-R (A) Configuration Guide (Rel - 05)

www.raisecom.
com
RAX711-R (B)
Configuration Guide
(Rel_05)
Raisecom Technology Co., Ltd. provides customers with comprehensive technical support and services. For any
assistance, please contact our local office or company headquarters.
Website: http://www.raisecom.com
Tel: 8610-82883305
Fax: 8610-82883056
Email: export@raisecom.com
Address: Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian District, Beijing,
P.R.China
Postal code: 100094
-----------------------------------------------------------------------------------------------------------------------------------------
Notice
Copyright © 2018
Raisecom
All rights reserved.
No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom
Technology Co., Ltd.
is the trademark of Raisecom Technology Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Raisecom
RAX711-R (B) Configuration Guide Preface
Preface
Objectives
This document introduces features and related configurations supported by the RAX711-R,
including basic principles and configuration procedures of basic configurations, zero-
configuration, interface management, Ethernet, IP services, routing, MPLS, OAM, QoS,
network reliability, security, and system management and maintenance. In addition, this
document provides related configuration examples. The appendix of this document provides
terms, acronyms, and abbreviations involved in this guide.
This document helps you master principles and configurations of the RAX711-R
systematically, as well as networking with the RAX711-R.
Versions
The following table lists the product versions related to this document.
Product name Product version Hardware version

RAX711-R-4GC4E1-S (A.00) P100R002 A.00 or later
RAX711-R-4GC4E1-BL-S (A.00) P100R002 A.00 or later
RAX711-R-4GC (A.00) P100R002 A.00 or later
RAX711-R-4GE (A.00) P100R002 A.00 or later
RAX711-R-4GC4E1-S (A.10) P100R002 A.10 or later
RAX711-R-4GC4E1-BL-S (A.10) P100R002 A.10 or later
RAX711-R-4GC (A.10) P100R002 A.10 or later
RAX711-R-4GE (A.10) P100R002 A.10 or later
Conventions
Symbol conventions
The symbols that may be found in this document are defined as below.
Raisecom
Symbol Description
Indicate a hazard with a medium or low level of risk which, if
not avoided, could result in minor or moderate injury.
Indicate a potentially hazardous situation that, if not avoided,

could cause equipment damage, data loss, and performance
degradation, or unexpected results.
Provide additional information to emphasize or supplement
important points of the main text.
Indicate a tip that may help you solve a problem or save time.
General conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Arial Paragraphs in Warning, Caution, Notes, and Tip are in Arial.
Boldface Names of files, directories, folders, and users are in boldface.

For example, log in as user root.
Italic Book titles are in italics.
Lucida Console Terminal display is in Lucida Console.
Book Antiqua Heading 1, Heading 2, Heading 3, and Block are in Book

Antiqua.
Command conventions
Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.
[] Items (keywords or arguments) in square brackets [ ] are
optional.
{ x | y | ... } Alternative items are grouped in braces and separated by
vertical bars. Only one is selected.
[ x | y | ... ] Optional alternative items are grouped in square brackets and
separated by vertical bars. One or none is selected.
Raisecom
{ x | y | ... } * Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can be
selected.
[ x | y | ... ] * Optional alternative items are grouped in square brackets and
separated by vertical bars. A minimum of none or a maximum
of all can be selected.
User level conventions

User level Description
0–4 Checking level: execute basic commands for performing
network diagnostic function, clearing system information, and
showing command history.
5–10 Monitoring level: execute commands for system maintenance.
11–14 Configuration level: execute commands for configuring
services, such as VLAN and IP routing.
15 Management level: execute commands for running systems.
Change history
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Issue 05 (2018-02-10)
Fifth commercial release
 Added GRE tunnel.
 Added the emulated Ethernet test.
 Added the Y.1564 test.
 Modified the RFC2544 test.
 Modified BFD.
 Added configuration examples for some modules.
 Optimized some contents.
Issue 04 (2017-03-20)
Fourth commercial release
 Added LDP MD5.
 Added L3VPN PE-CE EBGP.
Raisecom
 Added the support for 31-bit mask.

 Fixed known bugs.
Issue 03 (2016-11-30)
Third commercial release
 Added the RAX711-R-4GC4E1-BL-S (A.10).
 Added the RAX711-R-4GC4E1-S (A.10).
 Added the RAX711-R-4GC (A.10).
 Added the RAX711-R-4GE (A.10).
Issue 02 (2015-08-20)
Second commercial release
 Added L2CP.
 Synchronous Ethernet is added.
 MPLS TE is added.
 MPLS TE protection is added.
 BFD for multiple PWs is added.
 PW redundancy is added.
 Interface backup is added.
 ISIS which supports multi-process is added.
 Expanded OAM which supports routing interface is added.
 Other functionalities are added.
Issue 01 (2015-03-20)
Initial commercial release
Raisecom
Contents
1 Basic configurations ..................................................................................................................... 1

1.1 CLI ................................................................................................................................................................... 1
1.1.1 Overview ................................................................................................................................................. 1
1.1.2 Levels ...................................................................................................................................................... 2
1.1.3 Modes...................................................................................................................................................... 2
1.1.4 Shortcut keys ........................................................................................................................................... 7
1.1.5 Viewing command history ...................................................................................................................... 9
1.1.6 Acquiring help ......................................................................................................................................... 9
1.2 Accessing device ............................................................................................................................................ 11
1.2.1 Accessing device through Console interface ......................................................................................... 11
1.2.2 Accessing device through Telnet ........................................................................................................... 13
1.2.3 Accessing device through SSHv2 ......................................................................................................... 14
1.2.4 Checking configurations ....................................................................................................................... 15
1.3 Backup and upgrade ....................................................................................................................................... 15
1.3.1 Introduction ........................................................................................................................................... 15
1.3.2 Backing up system software in system configuration mode ................................................................. 17
1.3.3 Upgrading system software in BootROM mode ................................................................................... 18
1.3.4 Upgrading system software in system configuration mode .................................................................. 20
1.3.5 Managing configuration files ................................................................................................................ 20
1.4 Remote zero-configuration ............................................................................................................................. 21
1.4.1 Preparing for configurations ................................................................................................................. 21
1.4.2 (Optional) configuring remote zero-configuration ................................................................................ 22
1.4.3 (Optional) configuring zero-configuraiton polling ................................................................................ 23
1.4.4 (Optional) configuring DHCP Relay ..................................................................................................... 23
1.5 Network management .................................................................................................................................... 24
1.5.2 Configuring SNMP basic functions ...................................................................................................... 24
1.5.3 Configuring Trap ................................................................................................................................... 25
1.5.4 Configuring KeepAlive ......................................................................................................................... 26
Raisecom
1.6 Configuring RMON ....................................................................................................................................... 27

1.6.1 Introduction ........................................................................................................................................... 27
1.6.3 Configuring RMON alarm group .......................................................................................................... 28
1.6.4 Configuring RMON event group .......................................................................................................... 28
1.6.5 Configuring RMON statistics ............................................................................................................... 28
1.6.6 Configuring RMON history statistics ................................................................................................... 28
2 System management ................................................................................................................... 30

2.1 User management ........................................................................................................................................... 30
2.1.1 Managing users ..................................................................................................................................... 30
2.2 Device management ....................................................................................................................................... 31
2.2.1 Configuring device name ...................................................................................................................... 31
2.2.2 Configuring temperature monitoring .................................................................................................... 31
2.2.3 Configuring fan monitoring .................................................................................................................. 31
2.3 Time management .......................................................................................................................................... 32
2.3.1 Introduction ........................................................................................................................................... 32
2.3.2 Configuring time and time zone ............................................................................................................ 34
2.3.3 Configuring DST .................................................................................................................................. 34
2.3.4 Configuring NTP/SNTP ........................................................................................................................ 34
2.4 Configuring system log .................................................................................................................................. 35
2.4.2 Configuring basic information about system log .................................................................................. 36
2.4.3 Configuring system log output destination ........................................................................................... 36
2.5 Configuring alarm management ..................................................................................................................... 37
2.5.2 Configuring basic functions of alarm management .............................................................................. 38
2.6 Configuring Banner ........................................................................................................................................ 40
2.6.2 Configuring Banner............................................................................................................................... 40
2.6.3 Enabling Banner display ....................................................................................................................... 41
2.7 Configuration examples ................................................................................................................................. 41
2.7.1 Example for outputting system logs to log host .................................................................................... 41
2.7.2 Example for configuring hardware monitoring alarm output ................................................................ 43
3 Interface management ................................................................................................................ 45

Raisecom
3.1 Configuring basic information about interface ............................................................................................... 45

3.1.2 Configuring interface working mode .................................................................................................... 46
3.1.3 Configuring interface flapping suppression .......................................................................................... 47
3.2 Configuring Ethernet interface ....................................................................................................................... 47
3.3 Configuring Ethernet sub-interface ................................................................................................................ 48
3.4 Configuring VLAN interface ......................................................................................................................... 48
3.5 Configuring optical module DDM ................................................................................................................. 49
3.5.2 Enable optical module DDM ................................................................................................................ 49
3.6 Configuring loopback interface ...................................................................................................................... 50
3.7 Configuring loopback ..................................................................................................................................... 50
3.7.2 Configuring interface loopback............................................................................................................. 50
3.8 Checking configurations ................................................................................................................................ 51
4 Ethernet ......................................................................................................................................... 52
4.1 Configuring VLAN ........................................................................................................................................ 52
4.1.2 Configuring VLAN properties .............................................................................................................. 53
4.1.3 Configuring VLANs based on Access interfaces .................................................................................. 53
4.1.4 Configuring VLANs based on Trunk interfaces .................................................................................... 54
4.2 Configuring MAC address table..................................................................................................................... 55
4.2.2 Configuring static MAC address table .................................................................................................. 55
4.2.3 Configuring dynamic MAC address table ............................................................................................. 55
4.2.4 Configuring blackhole MAC address .................................................................................................... 56
4.2.6 Maintenance .......................................................................................................................................... 57
4.3 Configuring QinQ .......................................................................................................................................... 58
4.3.2 Configuring basic QinQ ........................................................................................................................ 58
4.3.3 Configuring VLAN mapping based on QinQ ....................................................................................... 58
4.4 Configuring LLDP ......................................................................................................................................... 59
4.4.2 Enabling global LLDP .......................................................................................................................... 60
4.4.3 Enabling interface LLDP ...................................................................................................................... 60
4.4.4 Configuring LLDP basic functions ....................................................................................................... 60
4.4.5 Configuring LLDP Trap ........................................................................................................................ 61
Raisecom

4.5 Configuring loop detection ............................................................................................................................. 61
4.5.2 Configuring loop detection ................................................................................................................... 61
4.5.4 Maintenance .......................................................................................................................................... 62
4.6 Configuring L2CP .......................................................................................................................................... 63
4.6.2 Configuring L2CP ................................................................................................................................. 63
4.7.1 Example for configuring MAC address table........................................................................................ 64
4.7.2 Example for configuring VLAN and interface protection..................................................................... 65
4.7.3 Example for configuring basic QinQ .................................................................................................... 69
4.7.4 Example for configuring port mirroring ................................................................................................ 72
5 Clock synchronization ............................................................................................................... 74

5.1 Configuring clock synchronization based on synchronous Ethernet .............................................................. 74
5.1.2 Configuring clock source properties of synchronous Ethernet ............................................................. 75
5.1.3 Choosing clock source for synchronous Ethernet manually ................................................................. 75
5.2.1 Examples for configuring clock synchronization based on synchronous Ethernet ............................... 76
6 IP services ..................................................................................................................................... 79
6.1 Configuring interface IP address .................................................................................................................... 79
6.1.2 Configuring interface IPv4 address ....................................................................................................... 79
6.2 Configuring DHCPv4 client ........................................................................................................................... 80
6.3 Configuring ARP ............................................................................................................................................ 81
6.3.2 Configuring ARP .................................................................................................................................. 82
6.4 Configuring fault detection ............................................................................................................................ 83
6.4.1 Configuring task scheduling ................................................................................................................. 83
6.4.2 PING ..................................................................................................................................................... 83
6.4.3 Traceroute ............................................................................................................................................. 84
6.5 Maintenance ................................................................................................................................................... 84
6.6.1 Example for configuring DHCPv4 client .............................................................................................. 84
6.6.2 Example for configuring ARP ............................................................................................................... 86
Raisecom
7 IP routing ...................................................................................................................................... 88
7.1 Configuring routing management .................................................................................................................. 88
7.1.2 Configuring routing management ......................................................................................................... 88
7.1.3 Configuring IP FRR .............................................................................................................................. 89
7.1.4 Configuring BFD .................................................................................................................................. 89
7.2 Configuring static route .................................................................................................................................. 90
7.2.2 Configuring static route ........................................................................................................................ 90
7.3 Configuring routing policy ............................................................................................................................. 90
7.3.1 Configuring IP prefix-list ...................................................................................................................... 90
7.3.2 Configuring route mapping table .......................................................................................................... 91
7.4 Configuring OSPF .......................................................................................................................................... 94
7.4.1 Configuring OSPF routing process ....................................................................................................... 94
7.4.2 Configuring OSPF special area ............................................................................................................. 95
7.4.3 Configuring OSPF network type ........................................................................................................... 96
7.4.4 Configuring OSPF routing information control .................................................................................... 98
7.4.5 Configuring OSPF interface ................................................................................................................ 101
7.4.6 Configuring OSPF authentication mode ............................................................................................. 104
7.4.7 Configuring OSPF routing policy ....................................................................................................... 105
7.4.8 Configuring OSPF GR ........................................................................................................................ 107
7.4.9 Configuring BFD for OSPF ................................................................................................................ 107
7.4.10 Configuring OSPF for MPLS-TE ..................................................................................................... 108
7.4.11 Checking configurations ................................................................................................................... 108
7.4.12 Maintenance ...................................................................................................................................... 109
7.5 Configuring ISIS .......................................................................................................................................... 109
7.5.1 Configuring ISIS basic function.......................................................................................................... 109
7.5.2 Configuring ISIS routing property ...................................................................................................... 110
7.5.3 Configuring ISIS network ................................................................................................................... 111
7.5.4 Optimizing ISIS network .................................................................................................................... 112
7.5.5 Configure ISIS authentication ............................................................................................................. 115
7.5.6 Controlling ISIS routing information .................................................................................................. 115
7.5.7 Configuring ISIS BFD ........................................................................................................................ 116
7.5.8 Configuring ISIS GR .......................................................................................................................... 117
7.5.9 Configuring ISIS TE ........................................................................................................................... 117
7.5.11 Maintenance ...................................................................................................................................... 118
7.6 Configuring BGP ......................................................................................................................................... 118
7.6.1 Configuring BGP basic functions........................................................................................................ 118
7.6.2 Configuring BGP route advertisement ................................................................................................ 119
Raisecom
7.6.3 Configuring BGP redistributed routes ................................................................................................. 119

7.6.4 Configuring BGP routing properties ................................................................................................... 121
7.6.5 Configuring BGP network .................................................................................................................. 123
7.6.6 Configuring BGP GR .......................................................................................................................... 126
7.6.7 Configuring BFD for BGP .................................................................................................................. 126
7.6.8 Configuring BGP authentication ......................................................................................................... 127
7.6.9 Checking configurations ..................................................................................................................... 127
7.6.10 Maintenance ...................................................................................................................................... 127
7.7 Configuration examples ............................................................................................................................... 128
7.7.1 Example for configuring OSPF basic functions .................................................................................. 128
7.7.2 Example for configuring BGP basic functions .................................................................................... 132
7.7.3 Example for configuring IP FRR ........................................................................................................ 133
8 MPLS ........................................................................................................................................... 138

8.1 Configuring MPLS basic functions .............................................................................................................. 138
8.1.1 Preparing for configurations ............................................................................................................... 138
8.1.2 Configuring MPLS basic functions ..................................................................................................... 138
8.1.3 Configuring MPLS Tunnel .................................................................................................................. 139
8.1.4 Configuring MPLS Tunnel policy ....................................................................................................... 139
8.2 Configuring static LSP ................................................................................................................................. 140
8.2.2 Configuring static unidirectional LSP with IP capability .................................................................... 140
8.2.3 Configuring static unidirectional LSP without IP capability ............................................................... 141
8.2.4 Configuring static bidirectional LSP with IP capability ...................................................................... 141
8.2.5 Configuring static bidirectional LSP without IP capability ................................................................. 142
8.3 Configuring LDP LSP .................................................................................................................................. 144
8.3.2 Configuring global LDP ...................................................................................................................... 144
8.3.3 Configuring LDP on Layer 3 physical interface ................................................................................. 144
8.3.4 Configuring LDP remote session ........................................................................................................ 145
8.3.5 Configuring LDP FRR ........................................................................................................................ 145
8.3.6 Configuring LDP MD5 ....................................................................................................................... 146
8.4 Configuring MPLS TE ................................................................................................................................. 147
8.4.2 Enabling RSVP-TE ............................................................................................................................. 148
8.4.3 Enabling CSPE.................................................................................................................................... 148
8.4.4 Configuring explicit path and Tunnel.................................................................................................. 149
8.4.5 Configuring TE protection .................................................................................................................. 150
8.4.6 Configure BFD for RSVP-TE ............................................................................................................. 151
Raisecom

8.5 Configuring MPLS fault detection ............................................................................................................... 152
8.5.2 Configuring MPLS fault acknowledgment ......................................................................................... 152
8.5.3 Configuring MPLS fault location........................................................................................................ 153
8.6.1 Example for configuring static bidirectional LSP without IP capability ............................................. 153
8.6.2 Example for configuring LDP-based dynamic LSP ............................................................................ 158
8.6.3 Example for configuring RSVP-TE-based dynamic LSP ................................................................... 161
9 MPLS VPN ................................................................................................................................. 164

9.1 Configuring VPWS ...................................................................................................................................... 164
9.1.2 Configuring static L2VC ..................................................................................................................... 167
9.1.3 Configuring dynamic L2VC ............................................................................................................... 168
9.1.4 Configuring MS-PW ........................................................................................................................... 169
9.1.5 (Optional) configuring BFD for PW ................................................................................................... 171
9.2 Configuring VPLS........................................................................................................................................ 172
9.2.2 Configuring VSI .................................................................................................................................. 172
9.3 Configuring L3VPN ..................................................................................................................................... 174
9.3.2 Configuring VRF basic attributes ....................................................................................................... 174
9.3.3 Binding VRF with UNI ....................................................................................................................... 175
9.3.4 Configuring public routes ................................................................................................................... 175
9.3.5 Configuring public Tunnel .................................................................................................................. 176
9.3.6 Configuring MP-IBGP peer ................................................................................................................ 176
9.3.7 Configuring PE-CE route switching ................................................................................................... 176
9.3.8 Configuring VRF fault detection......................................................................................................... 179
9.4 Maintenance ................................................................................................................................................. 180
9.5.1 Example for configuring static Tunnel to carry static VPWS services ............................................... 180
9.5.2 Example for configuring RSVP-TE-based dynamic Tunnel to carry dynamic VPWS services ......... 183
9.5.3 Example for configuring MPLS L2VPN typical networking .............................................................. 185
9.5.4 Example for configuring MPLS L3VPN typical networking .............................................................. 197
10 TDMoP ...................................................................................................................................... 206

10.1 Configuring Tunnel .................................................................................................................................... 206
10.2 Configuring PW ......................................................................................................................................... 206
10.2.1 Preparing for configurations ............................................................................................................. 206
Raisecom
10.2.2 Configuring static L2VC ................................................................................................................... 207

10.2.3 Configuring dynamic L2VC ............................................................................................................. 207
10.3 Configuring TDMoP clock ......................................................................................................................... 208
10.3.2 Configuring Tx clock source of TDM interfaces .............................................................................. 209
10.3.3 Configuring sub-interface of adaptive recovery clock ...................................................................... 209
10.4 Maintenance ............................................................................................................................................... 209
11 OAM .......................................................................................................................................... 210

11.1 Configuring EFM ....................................................................................................................................... 210
11.1.1 Preparing for configurations.............................................................................................................. 210
11.1.2 Configuring EFM basic functions ..................................................................................................... 210
11.1.3 Configuring EFM active functions .................................................................................................... 211
11.1.4 Configuring EFM passive functions.................................................................................................. 212
11.1.5 Configuring link monitoring and fault indication ............................................................................. 213
11.1.6 Configuring extended OAM .............................................................................................................. 214
11.2 Configuring CFM ....................................................................................................................................... 216
11.2.1 Preparing for configurations .............................................................................................................. 216
11.2.2 Enabling CFM ................................................................................................................................... 216
11.2.3 Configuring CFM basic functions ..................................................................................................... 217
11.2.4 Configuring fault detection ............................................................................................................... 218
11.2.5 Configuring fault acknowledgement ................................................................................................. 219
11.2.6 Configuring fault location ................................................................................................................. 220
11.2.7 Configuring AIS ................................................................................................................................ 221
11.2.8 Configuring LCK .............................................................................................................................. 222
11.2.9 Configuring CSF ............................................................................................................................... 222
11.2.10 Checking configurations ................................................................................................................. 223
11.3 Configuring MPLS-TP OAM ..................................................................................................................... 224
11.3.2 Configuring MPLS-TP CFM............................................................................................................. 224
11.3.3 Configuring MPLS-TP fault detection .............................................................................................. 225
11.3.4 Configuring MPLS-TP fault acknowledgement ................................................................................ 226
11.3.5 Configuring MPLS-TP fault location ................................................................................................ 227
11.3.6 Configuring MPLS-TP AIS ............................................................................................................... 228
11.3.7 Configuring MPLS-TP CSF .............................................................................................................. 228
11.3.8 Configuring fault relay based on MPLS-TP OAM and BFD alarm association ............................... 229
11.4 Configuring BFD ........................................................................................................................................ 230
Raisecom
11.4.2 Configuring BFD for IP .................................................................................................................... 230

11.4.3 Configuring BFD for PW .................................................................................................................. 232
11.4.4 Configuring BFD for VRF ................................................................................................................ 233
11.4.5 Configuring BFD for LDP ................................................................................................................ 233
11.5 Configuring SLA ........................................................................................................................................ 234
11.5.2 Configuring SLA test operation ........................................................................................................ 235
11.5.3 Configuring RFC2544-based test operation ...................................................................................... 238
11.5.4 Configuring Y.1564-based test operation .......................................................................................... 240
11.6 Configuring link quality alarm ................................................................................................................... 242
11.6.2 Configuring link detection ................................................................................................................ 242
11.7 Maintenance ............................................................................................................................................... 243
11.8 Configuration examples ............................................................................................................................. 244
11.8.1 Examples for configuring BFD for IP single-hop detection .............................................................. 244
11.8.2 Examples for configuring BFD for PW detection ............................................................................. 247
11.8.3 Examples for configuring Y.1564 test ............................................................................................... 249
12 Network reliability ................................................................................................................. 257

12.1 Configuring link aggregation ..................................................................................................................... 257
12.1.2 Configuring manual link aggregation ............................................................................................... 258
12.1.3 Configuring static LACP link aggregation ........................................................................................ 258
12.1.4 Configuring manual backup link aggregation ................................................................................... 260
12.1.5 Configuring static LACP backup link aggregation ........................................................................... 260
12.2 Configuring interface backup ..................................................................................................................... 262
12.2.2 Configuring interface backup group ................................................................................................. 262
12.3 Configuring ELPS ...................................................................................................................................... 263
12.3.2 Creating protection lines ................................................................................................................... 263
12.3.3 Configuring ELPS fault detection modes .......................................................................................... 264
12.3.4 (Optional) configuring ELPS switching control ............................................................................... 265
12.4 Configuring ERPS ...................................................................................................................................... 266
12.4.2 Creating ERPS protection ring .......................................................................................................... 267
Raisecom
12.4.3 (Optional) creating ERPS protection sub-ring .................................................................................. 268

12.4.4 Configuring ERPS fault detection modes ......................................................................................... 269
12.4.5 (Optional) configuring ERPS switching control ............................................................................... 270
12.5 Configuring VRRP ..................................................................................................................................... 271
12.5.2 Configuration procedure ................................................................................................................... 271
12.5.3 Configuring VRRP backup group ..................................................................................................... 272
12.5.4 (Optional) configuring ping function of VRRP virtual IP address .................................................... 273
12.5.5 Configuring VRRP monitoring interface .......................................................................................... 273
12.5.6 Configuring BFD for VRRP ............................................................................................................. 274
12.6 Configure PW redundancy protection ........................................................................................................ 274
12.6.2 Configuring PW redundancy protection ........................................................................................... 275
12.6.3 Binding service PW with management PW ...................................................................................... 275
12.7 Configuring MPLS-TP linear protection switching ................................................................................... 276
12.7.2 Configuring MPLS-TP linear protection switching .......................................................................... 276
12.8 Configuring PW dual-homed protection switching .................................................................................... 278
12.8.2 Configuration flows .......................................................................................................................... 279
12.8.3 Configuring ICCP channel ................................................................................................................ 279
12.8.4 Configuring PW ................................................................................................................................ 280
12.8.5 Configuring PW dual-homed protection group ................................................................................. 280
12.8.6 Configuring PW dual-homed protection switching attributes ........................................................... 281
12.9 Configuring HA hot backup ....................................................................................................................... 282
12.9.2 Configuring HA switching ................................................................................................................ 282
12.10 Maintenance ............................................................................................................................................. 282
12.11 Configuration examples............................................................................................................................ 283
12.11.1 Example for configuring manual link aggregation .......................................................................... 283
12.11.2 Example for configuring static LACP link aggregation .................................................................. 284
12.11.3 Examples for configuring PW redundancy protection .................................................................... 286
12.11.4 Example for configuring PW dual-homed protection switching ..................................................... 296
13 Security...................................................................................................................................... 303
13.1 Configuring storm control .......................................................................................................................... 303
Raisecom
13.1.2 Configuring storm control ................................................................................................................. 304

13.2 Configuring RADIUS ................................................................................................................................ 304
13.2.2 Configuring RADIUS authentication ................................................................................................ 305
13.2.3 Configuring RADIUS accounting ..................................................................................................... 305
13.3 Configuring TACACS+ .............................................................................................................................. 306
13.3.2 Configuring TACACS+ authentication ............................................................................................. 306
13.3.3 Configuring TACACS+ accounting .................................................................................................. 307
13.4 Configuring Dot.1x .................................................................................................................................... 308
13.4.2 Configuring Dot.1x ........................................................................................................................... 308
13.5 Configuring URPF ..................................................................................................................................... 310
13.5.2 Configuring URPF ............................................................................................................................ 310
13.6 Configuring port mirroring ......................................................................................................................... 310
13.6.2 Configuring port mirroring ............................................................................................................... 310
13.7 Configuring interface isolation ................................................................................................................... 311
13.7.2 Configuring interface isolation ......................................................................................................... 312
13.8 Configuring CPU protection ...................................................................................................................... 312
13.8.2 Configuring global CPU protection .................................................................................................. 312
13.8.3 Configuring interface CPU preotection............................................................................................. 313
13.9 Configuring CPU monitoring ..................................................................................................................... 313
13.9.2 Viewing CPU monitoring information .............................................................................................. 314
13.9.3 Configuring CPU monitoring alarm .................................................................................................. 314
13.9.4 Checking configruations ................................................................................................................... 314
13.10 Configuring memory monitoring ............................................................................................................. 314
13.10.1 Preparing for configurations ........................................................................................................... 314
13.10.2 Configuring memory monitoring .................................................................................................... 315
13.10.3 Checking configruations ................................................................................................................. 315
13.11 Maintenance ............................................................................................................................................. 315
Raisecom
13.12 Configuration examples ........................................................................................................................... 315

13.12.1 Example for configuring storm control ........................................................................................... 315
13.12.2 Example for configuring RADIUS ................................................................................................. 316
13.12.3 Example for configuring TACACS+ ............................................................................................... 318
14 QoS ............................................................................................................................................. 319

14.1 Configuring ACL ....................................................................................................................................... 319
14.1.2 Configuring ACL .............................................................................................................................. 319
14.1.3 Configuring filter .............................................................................................................................. 321
14.2 Configuring priority trust and priority mapping ......................................................................................... 321
14.2.2 Configuring priority trust .................................................................................................................. 322
14.2.3 Configuring mapping between DSCP priority and local priority based on interface ........................ 322
14.2.4 Configuring mapping between CoS priority and local priority based on interface ........................... 323
14.2.5 Configuring mapping between Exp and local priority ...................................................................... 323
14.2.6 Configuring DSCP priority remarking .............................................................................................. 323
14.2.7 Configuring CoS priority remarking ................................................................................................. 324
14.2.8 Configuring Exp remarking .............................................................................................................. 324
14.3 Configuring traffic classification and traffic policy ................................................................................... 325
14.3.2 Creating and configuring traffic classification .................................................................................. 325
14.3.3 Creating and configuring traffic policing profile .............................................................................. 325
14.3.4 Creating and configuring traffic policy ............................................................................................. 326
14.4 Configuring congestion avoidance and queue shaping .............................................................................. 328
14.4.2 Configuring WRED profile ............................................................................................................... 328
14.4.3 Configuring flow profile ................................................................................................................... 329
14.4.4 Configuring queue shaping ............................................................................................................... 329
14.5 Configuring rate limiting ............................................................................................................................ 330
14.5.2 Configuring interface-based rate limiting ......................................................................................... 330
14.6 Configuring MPLS QoS ............................................................................................................................. 331
14.6.2 Configuring LSP QoS ....................................................................................................................... 331
14.6.3 Configuring PWE3 QoS.................................................................................................................... 331
14.6.4 Configuring VPLS QoS .................................................................................................................... 332
Raisecom
14.6.5 Configuring L3VPN QoS.................................................................................................................. 332

14.7 Configuring MPLS H-QoS......................................................................................................................... 333
14.7.2 Configuring H-QoS of LSP ............................................................................................................... 333
14.7.3 Configuring H-QoS of PWE3 ........................................................................................................... 334
14.7.4 Configuring H-QoS of VPLS. ........................................................................................................... 334
14.8 Configuration examples ............................................................................................................................. 335
14.8.1 Example for configuring ACL .......................................................................................................... 335
14.8.2 Example for configuring traffic policying based on traffic policy .................................................... 336
14.8.3 Example for configuring queue scheduling and congestion avoidance............................................. 339
14.8.4 Example for configuring interface-based rate limiting ..................................................................... 342
14.8.5 Examples for configuring MPLS QoS CAR ..................................................................................... 344
14.8.6 Examples for configuring MPLS H-QoS .......................................................................................... 346
15 Appendix .................................................................................................................................. 350

15.1 Terms .......................................................................................................................................................... 350
15.2 Abbreviations ............................................................................................................................................. 352
Raisecom
RAX711-R (B) Configuration Guide 1 Basic configurations
Figures
Figure 2-1 Outputting system logs to log host ..................................................................................................... 41

Figure 2-2 Configuring hardware monitoring alarm output ................................................................................. 43
Figure 4-1 Configuring MAC address table ......................................................................................................... 64

Figure 4-2 Configuring VLAN............................................................................................................................. 66
Figure 4-3 Configuring basic QinQ...................................................................................................................... 69
Figure 4-4 Configuring port mirroring ................................................................................................................. 72
Figure 5-1 Configuring clock synchronization based on synchronous Ethernet .................................................. 76
Figure 6-1 Configuring DHCPv4 relay ................................................................................................................ 85
Figure 6-2 Configuring ARP ................................................................................................................................ 86
Figure 7-1 Configuring OSPF basic functions ................................................................................................... 128
Figure 7-2 Configuring BGP basic functions ..................................................................................................... 132
Figure 7-3 Configuring IP FRR .......................................................................................................................... 134
Figure 8-1 Configuring static bidirectional LSP without IP capability .............................................................. 154
Figure 8-2 Configuring LDP-based dynamic LSP ............................................................................................. 158
Figure 8-3 Configuring RSVP-TE-based dynamic LSP..................................................................................... 161
Figure 9-1 MPLS L3VPN network topology ..................................................................................................... 174
Figure 9-2 Configuring static Tunnel to carry static VPWS services ................................................................. 180
Figure 9-3 Configuring RSVP-TE-based dynamic Tunnel to carry dynamic VPWS services ........................... 183
Figure 9-4 Configuring MPLS L2VPN services ................................................................................................ 186
Figure 9-5 L3VPN networking application ........................................................................................................ 197
Figure 11-1 BFD for IP single-hop detection ..................................................................................................... 244

Figure 11-2 Configuring BFD for PW detection ................................................................................................ 247
Figure 11-3 Y.1564 test ...................................................................................................................................... 250
Figure 12-1 VRRP configuration procedure....................................................................................................... 272
Figure 12-2 PW dual-home protection application scenario .............................................................................. 278
Figure 12-3 Flow for configuring PW dual-homed protection switching .......................................................... 279
Raisecom
Figure 12-4 Configuring manual link aggregation ............................................................................................. 283
Figure 12-5 Configuring static LACP link aggregation ..................................................................................... 285

Figure 12-6 CE accessing multi-section PWs asymmetrically ........................................................................... 286
Figure 12-7 Data preparation ............................................................................................................................. 287
Figure 12-8 Configuring PW dual-homed protection switching ........................................................................ 296

Figure 13-1 Configuring strom control .............................................................................................................. 316
Figure 13-2 Configuring RADIUS ..................................................................................................................... 317
Figure 13-3 Configuring TACACS+ .................................................................................................................. 318
Figure 14-1 Configuring ACL ............................................................................................................................ 335
Figure 14-2 Configuring rate limiting based on traffic policy ........................................................................... 337
Figure 14-3 Configuring queue scheduling and congestion avoidance .............................................................. 340
Figure 14-4 Configuring interface-based rate limiting ....................................................................................... 343
Figure 14-5 MPLS QoS CAR networking ......................................................................................................... 344
Figure 14-6 MPLS H-QoS networking .............................................................................................................. 347

Figure 14-7 MPLS H-QoS priority scheduling .................................................................................................. 347
Raisecom
Tables
Table 7-1 Data required for configuring IP FRR ................................................................................................ 134

Table 9-1 Exacting services of the sub-interface in symmetrical mode ............................................................. 164
Table 9-2 Exacting services of the sub-interface in asymmetrical mode............................................................ 165

Table 9-3 Configuration data .............................................................................................................................. 186
Table 9-4 Configuration data .............................................................................................................................. 198
Table 11-1 Data needed for BFD for PW detection............................................................................................ 247
Table 11-2 Data needed for Y.1564 test .............................................................................................................. 250
Table 12-1 Data preparation ............................................................................................................................... 296
Table 14-1 Bandwidth statistics in the case of MPLS QoS CAR configurations ............................................... 346
Raisecom
1 Basic configurations
This chapter describes basic information and configuration procedures of the RAX711-R, as
well as related configuration examples, including following sections:
 CLI
 Accessing device
 Backup and upgrade
 Remote zero-configuration
 Network management
 Configuring RMON
1.1 CLI
1.1.1 Overview
The Command-line Interface (CLI) is a medium for you to communicate with the RAX711-R.
You can configure, monitor, and manage the RAX711-R through the CLI.
You can log in to the RAX711-R through the terminal equipment or through a computer that
runs the terminal emulation program. Enter commands at the system prompt.
The CLI supports following features:
 Configure the RAX711-R locally through the Console interface.
 Configure the RAX711-R locally or remotely through Telnet/Secure Shell v2 (SSHv2).
 Commands are classified into different levels. You can execute the commands that
correspond to your level only.
 The commands available to you depend on which mode you are currently in.
 Shortcut keys can be used to execute commands.
 Check or execute a historical command by checking command history. The last 20
historical commands can be saved on the RAX711-R.
 Enter a question mark (?) at the system prompt to obtain online help.
Raisecom Proprietary and Confidential

1
Copyright © Raisecom Technology Co., Ltd.
Raisecom
 The RAX711-R supports multiple intelligent analysis methods, such as fuzzy match and
context association.
1.1.2 Levels
The RAX711-R classifies CLI into 16 levels in a descending order:
 0–4: checking level. You can execute basic commands, such as ping, clear, and history,
for performing network diagnostic function, clearing system information, and showing
command history.
 5–10: monitoring level. You can execute commands, such as show, for system
maintenance.
 11–14: configuration level. You can execute commands for configuring services, such as
Virtual Local Area Network (VLAN) and Internet Protocol (IP) routing.
 15: management level. You can execute commands for running systems.
1.1.3 Modes
The command mode is an environment where a command is executed. A command can be
executed in one or multiple certain modes. The commands available to you depend on which
mode you are currently in.
After connecting the RAX711-R, enter the user name and password to enter the user EXEC
mode, where the following command is displayed:
Raisecom>
Enter the enable command and press Enter. Then enter the correct password, and press
Enter to enter privileged EXEC mode. The default password is raisecom.
Raisecom>enable
Password:
Raisecom#
In privileged EXEC mode, enter the config command to enter global configuration mode.
Raisecom#config
Raisecom(config)#
 The CLI prompts Raisecom is a default host name. You can modify it by executing
the hostname string command in privileged EXEC mode.
 Commands executed in global configuration mode can also be executed in other
modes. The functions vary on command modes.

2
Raisecom
 You can enter the exit or quit command to return to the upper command mode.
However, in privileged EXEC mode, you need to execute the disable command to
return to user EXEC mode.
 You can enter the end command to return to privileged EXEC mode from any
modes but user EXEC mode or privileged EXEC mode.
Command modes supported by the RAX711-R are listed in the following table.
Mode Access mode Prompt

User EXEC Log in to the RAX711-R, and Raisecom>
then enter the correct user name
and password.
Privileged EXEC In user EXEC mode, enter the Raisecom#
enable command and correct
password.
Global configuration In privileged EXEC mode, enter Raisecom(config)#
the config command.
Layer 3 physical In global configuration mode, Raisecom(config-
interface enter the interface gigaethernetif)#
configuration { gigaethernet | Raisecom(config-
tengigethernet } tengigaethernetif)#
unit/slot/interface command.
Layer 2 physical In global configuration mode,
interface enter the interface
configuration { gigaethernet |
tengigethernet }
unit/slot/interface command and
then enter the portswitch
command.
SNMP interface In global configuration mode, Raisecom(config-
configuration enter the interface fastethernet fastethernetif)#
unit/slot/interface command.
Sub interface In global configuration mode, Raisecom(config-
configuration enter the interface gigaethernetsubif)#
{ gigaethernet | Raisecom(config-
tengigethernet } tengigaethernetsubif)#
unit/slot/interface.sub-interface
command.
VLAN interface In global configuration mode, Raisecom(config-
configuration enter the interface vlan vlan-id vlanif)#
command.
Tunnel interface In global configuration mode, Raisecom(config-
configuration enter the interface tunnel tunnelif)#
tunnel-id command.
Loopback interface In global configuration mode, Raisecom(config-
configuration enter the interface loopback loopbackif)#
interface-number command.

3
Raisecom

Aggregation group In global configuration mode, Raisecom(config-port-
configuration enter the interface port- channelif)#
channel channel-number
command.
Sub aggregation In global configuration mode, Raisecom(config-port-
group configuration enter the interface port- channelsubif)#
channel channel-numbe.sub-
channel-number command.
VRF configuration In global configuration mode, Raisecom(config-vrf)#
enter the ip vrf vrf-name
command.
Route mapping In global configuration mode, Raisecom(config-route-
configuration enter the route-map map-name map)#
{ permit | deny } number
command.
OSPF configuration In global configuration mode, Raisecom(config-router-
enter the router ospf process-id ospf)#
[ router-id router-id ]
command.
ISIS configuration In global configuration mode, Raisecom(config-router-
enter the router isis [ area-tag ] isis)#
command.
BGP configuration In global configuration mode, Raisecom(config-
enter the router bgp [ as-id ] router)#
command.
BGP VPNv4 address In BGP configuration mode, Raisecom(config-router-
family configuration enter the address-family vpnv4 af)#
[ unicast ] command.
BGP VPN instance In BGP configuration mode, Raisecom(config-router-
IPv4 unicast address enter the address-family ipv4 af)#
family configuration vrf vrf-name command.
ILSP configuration In global configuration mode, Raisecom(config-
enter the mpls bidirectional ingress-lsp)#
static-lsp ingress lsp-name lsr-
id egress-lsr-id tunnel-id
tunnel-id command.
ELSP configuration In global configuration mode, Raisecom(config-egress-
enter the mpls bidirectional lsp)#
static-lsp egress lsp-name lsr-id
ingress-lsr-id tunnel-id tunnel-
id command.

4
Raisecom

TLSP configuration In global configuration mode, Raisecom(config-
enter the mpls bidirectional transit-lsp)#
static-lsp transit lsp-name lsr-
id ingress-lsr-id egress-lsr-id
tunnel-id tunnel-id [ standby ] ]
command.
Explicit path In global configuration mode, Raisecom(config-mpls-
configuration enter the mpls explicit-path exp-path)#
path-name command.
Tunnel policy In global configuration mode, Raisecom(config-
configuration enter the tunnel-policy policy- tunnelpolicy)#
name command.
Remote peer In global configuration mode, Raisecom(config-ldp-
configuration enter the mpls ldp targeted remote-peer)#
neighbour ip-address
command.
VSI configuration In global configuration mode, Raisecom(config-vsi)#
enter the mpls vsi vsi-name
static command.
VLAN configuration In global configuration mode, Raisecom(config-vlan)#
enter the lan vlan-id command.
Basic IP ACL In global configuration mode, Raisecom(config-acl-
configuration enter the access-list acl-number ipv4-basic)#
command. The acl-number
parameter ranges from 1000 to
1999.
Extended IP ACL In global configuration mode, Raisecom(config-acl-
configuration enter the access-list acl-number ipv4-advanced)#
2999.
MAC ACL In global configuration mode, Raisecom(config-acl-
configuration enter the access-list acl-number mac)#
3999.
MPLS ACL In global configuration mode, Raisecom(config-acl-
configuration enter the access-list acl-number mpls)#
4999.
User-defined ACL In global configuration mode, Raisecom(config-acl-
configuration enter the access-list acl-number map)#
5999.

5
Raisecom

cos-remark In global configuration mode, Raisecom(cos-remark)#
configuration enter the mls qos mapping cos-
remark profile-id command.
cos-to-pri In global configuration mode, Raisecom(cos-to-pri)#
configuration enter the mls qos mapping cos-
to-local-priority profile-id
command.
dscp-mutation In global configuration mode, Raisecom(dscp-
configuration enter the mls qos mapping mutation)#
dscp-mutation profile-id
command.
dscp-to-pri In global configuration mode, Raisecom(dscp-to-pri)#
configuration enter the mls qos mapping
dscp-to-local-priority profile-id
command.
exp-to-pri In global configuration mode, Raisecom(exp-to-pri)#
configuration enter the mls qos mapping exp-
to-local-priority profile-id
command.
pri-to-exp In global configuration mode, Raisecom(pri-to-exp)#
configuration enter the mls qos mapping
local-priority-to-exp profile-id
command.
WRED profile In global configuration mode, Raisecom(wred)#
configuration enter the mls qos wred profile
profile-id command.
Flow profile In global configuration mode, Raisecom(flow-queue)#
configuration enter the mls qos flow-queue
profile command.
CMAP configuration In global configuration mode, Raisecom(config-cmap)#
enter the class-map class-map-
name command.
Traffic monitoring In global configuration mode, Raisecom(traffic-
profile configuration enter the mls qos policer- policer)#
profile policer-name [ single ]
command.
PMAP configuration In global configuration mode, Raisecom(config-pmap)#
enter the policy-map policy-
map-name command.
Traffic policy bound In PMAP configuration mode, Raisecom(config-pmap-
with traffic enter the class-map class-map- c)#
classification name command.
configuration

6
Raisecom

Service instance In global configuration mode, Raisecom(config-
configuration enter the service csi-id level md- service)#
level command.
BFD session In global configuration mode, Raisecom(config-bfd-
configuration enter the bfd session-id session)#
command.
In global configuration mode,
enter the bfd session-id bind
peer-ip ip-address ip-mask
[ vrf-name vrf-name ]
command.
peer-ip ip-address interface
gigaethernet interface-number
command.
ldp-lsp peer-ip ip-address ip-
mask nexthop ip-address
command.
mpls interface tunnel tunnel-if
cr-lsp command.
enter the bfd session-id bind pw
vc-id peer-ip [ pw-ttl ttl ]
command.
1.1.4 Shortcut keys

The RAX711-R supports following shortcut keys.
Keystroke Description
Press the up arrow (↑) key. The previous command is displayed. If no previous
command is available, no change is shown on the
screen after you press the key.
Press the down arrow (↓) key. The next command is displayed. If no previous
command is available, no change is shown on the
Press the left arrow (←) key. Move the cursor back one character. If the cursor is in
front of the command, no change is shown on the

7
Raisecom
Keystroke Description
Press the right arrow (→) key. Move the cursor forward one character. If the cursor is
behind the command, no change is shown on the
Press the Backspace key. Erase the character to the left of the cursor. If the
cursor is in front of the command, no change is shown
on the screen after you press the key.
Press the Tab key. When you press it after entering a complete keyword,
the cursor moves forward a space. When you press it
again, the keywords matching the complete keyword
are displayed.
When you press it after entering an incomplete
keyword, the system automatically executes some
commands:
 If the incomplete keyword matches a unique
complete keyword, the unique complete keyword
replaces the incomplete keyword, with the cursor
forward a space from the unique complete keyword.
 If the incomplete keyword matches no or more
complete keywords, the prefix is displayed. You can
press the Tab key to alternate the matched complete
keywords, with the cursor at the end of the matched
complete keyword. Then, press the Space bar to
enter the next keyword.
 If the incomplete keyword is wrong, you can press
the Tab key to wrap, and then error information is
displayed. However, the input incomplete keyword
remains.
Press Ctrl + A. Move the cursor to the beginning of the command line.
Press Ctrl + C. The ongoing command will be interrupted, such as
ping, and traceroute.
Press Ctrl + D or the Delete Delete the character at the cursor.
key.
Press Ctrl + E. Move the cursor to the end of the command line.
Press Ctrl + K. Delete all characters from the cursor to the end of the
command line.
Press Ctrl + X. Delete all characters from the cursor to the beginning
of the command line.
Press Ctrl + Z. Return to privileged EXEC mode from the current
mode (excluding user EXEC mode).
Press the Space bar or y. Scroll down one screen.
Press the Enter key. Scroll down one line.

8
Raisecom
1.1.5 Viewing command history

The RAX711-R support viewing or executing a historical command through the history
command in any command mode. By default, the last 20 historical commands are saved.
The RAX711-R can save a maximum of 20 historical commands through the terminal
history command in user EXEC mode.
1.1.6 Acquiring help
Complete help
You can acquire complete help under following three conditions:
 You can enter a question mark (?) at the system prompt to display a list of commands
and brief descriptions available for each command mode.
Raisecom>?
The output is displayed as below:
clear Clear screen

enable Turn on privileged mode command
exit Exit current mode and down to previous mode
help Message about help
history Most recent history command
language Language of help message
list List command
quit Exit current mode and down to previous mode
terminal Configure terminal
test Test command .
 After you enter a keyword, press the Space and enter a question mark (?), all correlated
commands and their brief descriptions are displayed if the question mark (?) matches
another keyword.
Raisecom(config)#ntp ?
peer Configure NTP peer

refclock-master Set local clock as reference clock
server Configure NTP server

9
Raisecom
 After you enter a parameter, press the Space and enter a question mark (?), associated
parameters and descriptions of these parameters are displayed if the question mark (?)
matches a parameter.
Raisecom(config)#interface ip ?
<0-14> IP interface number
Incomplete help
You can acquire incomplete help under following three conditions:
 After you enter part of a particular character string and a question mark (?), a list of
commands that begin with a particular character string is displayed.
Raisecom(config)#c?
cespw cespw
cfm Connectivity fault management protocol
class-map Set class map
clear Clear screen
clock-mgmt Clock management
command-log Log the command to the file
cpu Configure cpu parameters
create Create static VLAN
 After you enter a command, press the Space, and enter a particular character string and a
question mark (?), a list of commands that begin with a particular character string is
displayed.
Raisecom(config)#show li?
link-aggregation Link aggregation

link-state-tracking Link state tracking

10
Raisecom
 After you enter a partial command name and press the Tab, the full form of the keyword
is displayed if there is a unique match command.
Error messages
The following table lists some error messages that you might encounter while using the CLI
to configure the RAX711-R.
Error information Description
% Incomplete command. The input command is incomplete.

Error input in the position market by The keyword marked with "^" is invalid or does
'^' not exist.
Ambiguous input in the position The keyword marked with "^" is unclear.
market by '^'
% " * "Unconfirmed command. The input command is not unique.
% " * "Unknown command. The input command does not exist.
% You Need higher priority! You need more authority to exist the command.
1.2 Accessing device

1.2.1 Accessing device through Console interface
The Console interface of the RAX711-R is a Universal Serial Bus (USB) A-shaped
female interface, which is translated into a Universal Asynchronous
Receiver/Transmitter (UART) in the device.
The Console interface is used as an interface for the RAX711-R being connected to a PC that
runs the terminal emulation program. You can configure and manage the RAX711-R through
this interface. This management method does not involve network communication.
You must log in to the RAX711-R through the Console interface under the following 2
conditions:
 The RAX711-R is powered on for the first time.
 You cannot log in to the RAX711-R through Telnet.
To log in to the RAX711-R through the Console interface, follow these steps:
Before logging in to the RAX711-R through the USB interface, install the driver for
translating the USB interface into the UART interface to the PC. To download the
driver, visit http://www.raisecom.com.cn/support.php and then click
USB_Console_Driver.

11
Raisecom
Step 1Use the configuration cable with dual USB male interfaces to connect the Console interface
of the RAX711-R with the USB interface of the PC, as shown in Figure 1-1.
Figure 1-1 Accessing the device through the Console interface
Step 2Run the terminal emulation program on the PC, such as Hyper Terminal on Microsoft
Windows XP. Enter the connection name at the Connection Description dialog box and then
click OK.
Step 3Select COM N (N refers to the COM interface ID into which the USB interface is translated.)
at the Connect To dialog box and then click OK.
Step 4Configure parameters as shown in Figure 1-2 and then click OK
Figure 1-2 Configuring parameters for Hyper Terminal
Step 5 Enter the configuration interface and then enter the user name and password to log in to the
RAX711-R. By default, both the user name and password are set to raisecom.

12
Raisecom
Hyper Terminal is not available on Windows Vista or Windows 7 Operating System

(OS). If you use these OSs, you have to download Hyper Terminal package and
install it.
1.2.2 Accessing device through Telnet

Through Telnet, you can remotely log in to the RAX711-R through a PC. In this way, it is
unnecessary to prepare a PC for each RAX711-R.
Working as the Telnet Server, the RAX711-R provides the following Telnet services:
As shown in Figure 1-3, connect the PC and the RAX711-R and ensure that the route between
them is reachable. You can log in to and configure the RAX711-R by running Telnet Client
program on a PC.
Figure 1-3 Working as the Telnet Server
 After step 3, you can telnet to the device.

 In step 4, you can telnet to the client-side PE device through VRF, which is
independent from the previous and following steps.
 Step 5–step 7 is optional.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface fastethernet Enter out-of-band network management
1/0/1 interface configuration mode.
3 Raisecom(config-outband)#ip address ip- Configure the IP address of the out-of-band
address [ ip-mask ] network management interface.
Raisecom(config-outband)#exit Return to global configuration mode.
Raisecom(config)#exit Return to privileged EXEC mode.

4 Raisecom#telnet ip-address vrf vrf-name Telnet to the remote CPE through VRF.
Raisecom(config)#telnet-server accept (Optional) configure the interface that
interface-type interface-list supports Telnet.
6 Raisecom(config)#telnet-server close (Optional) close the specified Telnet session.
terminal-telnet session-number

13
Raisecom

7 Raisecom(config)#telnet-server max- (Optional) configure the maximum number of
session session-number Telnet sessions supported by the RAX711-R.
By default, up to 5 Telnet sessions are
available.
1.2.3 Accessing device through SSHv2

Telnet is an authentication mode that is lack of security. In addition, it adopts Transmission
Control Protocol (TCP) to transmit the password and data in clear text. It will cause malicious
attack, such as Deny of Service (DoS), IP address spoofing, and route spoofing because only
Telnet service is provided. With more attention is put on network security, the traditional
modes (TCP and FTP) for transmitting the password and data in clear text are not accepted
gradually.
SSHv2 is a network security protocol, which can effectively prevent the disclosure of
information in remote management through data encryption, and provides greater security for
remote login and other network services in network environment.
SSHv2 builds up a secure channel over TCP. Besides, SSHv2 is in support of other service
ports as well as standard port 22, thus to avoid illegal attack from network.
Before accessing the RAX711-R through SSHv2, you must log in to the RAX711-R through
the Console interface and enable SSH service.

2 Raisecom(config)#generate ssh- Generate local SSHv2 key pair and designate its length. By
key length default, the length of the local SSHv2 key pair is configured
to 512 bits.
3 Raisecom(config)#ssh2 server Start SSHv2 server. By default, the RAX711-R does not
start the SSHv2 server.
After the SSHv2 server is started, you can close the SSHv2
server through the no ssh2 server command.
4 Raisecom(config)#ssh2 server (Optional) configure SSHv2 authentication method. By
authentication { password | default, the RAX711-R adopts the password authentication
rsa-key } mode.
5 Raisecom(config)#ssh2 server (Optional) when the rsa-key authentication method is
authentication public-key adopted, type the public key of clients to the RAX711-R.
6 Raisecom(config)#ssh2 server (Optional) configure SSHv2 authentication timeout. The
authentication-timeout period RAX711-R refuses to authenticate and open the connection
when client authentication time exceeds the upper
threshold. By default, the SSHv2 authentication timeout is
configured to 600s.

14
Raisecom

7 Raisecom(config)#ssh2 server (Optional) configure the allowable times for SSHv2
authentication-retries times authentication failure. The RAX711-R refuses to
authenticate and open the connection when client
authentication failure times exceed the upper threshold. By
default, the allowable times for SSHv2 authentication
failure are set to 20.
8 Raisecom(config)#ssh2 server (Optional) configure the SSHv2 listening port ID. By
port port-number default, the SSHv2 listening port ID is configured to 22.
When configuring the SSHv2 listening port ID, the

input parameter cannot take effect immediately
without rebooting the SSHv2 service.
9 Raisecom(config)#ssh2 server (Optional) enable SSHv2 session. By default SSHv2
session session-list enable session is enabled.
You can disable SSHv2 session through the ssh2 server
session session-list disable command.
1.2.4 Checking configurations

No. Command Description
1 Raisecom#show interface fastethernet Show the IP address of the out-of-band network
1/0/1 management interface.
2 Raisecom#show ssh2 public-key Show the public key for SSHv2 authentication.
3 Raisecom#show ssh2 session Show SSHv2 session configurations.
4 Raisecom#show ssh2 server Show SSHv2 server configurations.
1.3 Backup and upgrade

1.3.1 Introduction
System files
System files are the software/files required for running the device, including the system
Bootrom file, system configuration file, system startup file, and FPGA file. In general, these
files are saved to the memory of the device.
File management refers to backing up, upgrading, loading, and deleting system files.

15
Raisecom
System Bootrom file

The system Bootrom file (BootROM software) is used to initialize the RAX711-R. After the
device is powered on, the BootROM software is running to initialize the device. You can
upgrade the BootROM software if a new version is available.
System startup file

The system startup file (with the ".z" suffix) is used to start and operate the device. It supports
the normal operating and realizes functions of the device. You can upgrade the system startup
file if a new version is available. In addition, to avoid a system fault, you can back up the
system startup file.
The RAX711-R supports 2 sets of system startup software simultaneously, providing master-
to-slave switching of dual systems.
PAF file
PAF, which has defined various specifications supported by the device, is for controlling the
function and specification of the device, such as zero-configuration for local and remote
devices. You can know the specification supported by the device through the values. The
following examples illustrate several main values.
 ZERO_CONFIG_MODE_CLIENT: if the value is configured to 0, it means that the
zero-configuration supported by the remote device is off; if the value is configured to 1,
it means that the zero-configuration supported by the remote device is on.
 ZERO_CONFIG_MODE_CLIENT: the prerequisite is that the
"ZERO_CONFIG_MODE_CLIENT=1". If the value is configured to 0, it means that the
zero-configuration supported by Telecom is off; if the value is configured to 1, it means
that the zero-configuration supported by Telecom is on. To realize the zero-configuration
scheme supported by Telecom, you have to apply for the IP address only on the uplink
interface.
 ZERO_CONFIG_MANAGE_VLAN: if the value is configured to 0, it means that the
management VLAN is not configured. Thus, the remote device will go through all the
VLANs while it is traversing the IP address automatically.
You can download the parameters to the device through the download command after they
are configured. They will take effect after the device is rebooted by the reboot command.
Other functions of PAF files:
 Customize the default IP address of the SNMP interface.
 Support naming conventions based on product version. For example, the PAF files can
be named "product version.paf".
System configuration file

The system configuration file (with the ".conf" suffix) is the configuration item to be loaded
when the device is booted at this time or next time.
After being powered on, the device reads the configuration file from the memory for
initialization. If there is no configuration file in the memory, the device will use the default
configuration file.
Configuration parameters in the configuration file are divided into the following 2 types:

16
Raisecom
 Configuration parameters used for initialization are startup configurations.

 Configuration parameters used when a device is running properly are running
configurations.
You can modify running configurations through CLI. To make these modified running
configurations as startup configurations when the device is powered on next time, you should
save running configurations to the memory (by using the write command) to form a
configuration file.
Operations on the system configuration file include loading, upgrading, backing up, and
deleting the system configuration file.
Backup
Backup refers to copying the saved system file from the device memory to the server memory
for recovering the backup file when the device fails. This ensures that the device works
properly. You need to recover the old system file in the following cases:
 The system file is lost or damaged because the device fails.
 The device works improperly because of upgrade failure.
The RAX711-R supports backing up the system configuration file, system startup file, and
system log file.
Upgrade
To resolve the following problems, you can upgrade the device:
 Adding new features to the device
 Releasing the new software after fixing Bugs of the current software
The RAX711-R supports being upgraded through the following 2 modes:
 FTP upgrade in BootROM mode
 FTP/TFTP upgrade in system configuration mode
The RAX711-R supports IPv4-based FTP/TFTP.
1.3.2 Backing up system software in system configuration mode

Before backing up the system software, you should build a FTP/TFTP environment, taking a
PC as the FTP/TFTP server and the RAX711-R as the client. Basic requirements are as below.
 The RAX711-R is connected to the PC through the SNMP interface, Client/Line
interface.
 Configure the IP address of the PC and ensure that the route between the PC and the
RAX711-R is reachable and can be pinged through.
1 Raisecom#upload { logging-file | startup- Upload the system startup file and system
config } { ftp ip-address user-name configuration file to the backup server.
password file-name | tftp ip-address
file-name }

17
Raisecom
1.3.3 Upgrading system software in BootROM mode

In the following cases, you need to upgrade system software in BootROM mode:
 The RAX711-R is booted for the first time.
 The system files are damaged.
 The RAX711-R cannot be booted properly.
Before upgrading the system software through BootROM, you should build a FTP
environment, taking a PC as the FTP server and the RAX711-R as the client. Basic
requirements are as below.
 The RAX711-R is connected to the FTP server through SNMP interface.
 Configure the FTP server and ensure that the FTP server is available.
 Configure the IP address of the FTP server and make the IP address in the same network
segment with IP addresses configured by the T command.
Step Operation
1 Log in to the RAX711-R through serial interface as the administrator and enter privileged EXEC
mode and then use the reboot command to reboot the RAX711-R.
Raisecom#reboot
Please input 'yes' to confirm:yes
Rebooting ...
begin...
ram size:128M testing...done
Init flash ...Done
RAX711-R-4GE_ BOOTSTRAP_5.1.5_20161224, Raisecom Compiled Dec 24 2016,18:05:41

Base Ethernet MAC address: 00:0e:5e:45:45:45
Press space into Bootstrap menu...

0

18
Raisecom
Step Operation
2 Press Space to enter the raisecom interface when "Press space into Bootstrap menu..." appears on the
screen, then input "?" to display the command list:
[Raisecom]:?
? print this list
h print this list
b boot system
uf filename upload file
ls list files
R filename remove file
i modify network manage port ip address
r reboot system
ss switch system
u update system
ub update bootrom
ul update license
The input letters are case sensitive.

3 Enter "u" to download the system boot file through FTP and replace the original one, the information
displayed is shown as below:
Index Partition Free Size(byte)

--------------------------------------------------
1 core/ 36143104
Please select a partition: 1
choose mode for updating core file.
-----------------------------------
- 1. | serial -
-----------------------------------
- 2. | network -
-----------------------------------
please input your choice:2
configure network information ...
host ip address: 192.168.4.1
user: raisecom
password: raisecom
filename: RAX711-RP1R2C20_package.z
Loading... Done
Saving file to flash...
Ensure the input file name is correct. In addition, the file name should not be longer than
80 characters.

19
Raisecom
Step Operation
4 Enter "ss" and correctly select the system boot file to be loaded when the RAX711-R is booted next
time.
[Raisecom]:ss
Current boot info:
primary:core/RAX711-RP1R2C20_package.zRAX711-R.z
current:core/RAX711-RP1R2C20-RP1R1C00_package.zRAX711-R
Index Partition Free Size(byte)
--------------------------------------------------
1 core/ 36143104
Please select a partition: 1
Index Filename system-version
---------------------------------------------------------------------------
1 RAX711-RP1R2C20-RP1R1C00_package.zRAX711-R
v1.0.0_20180125
Please select a image for next booting: 1
Save boot info...successful!
5 Enter "r" to execute the bootstrap file quickly. The RAX711-R will be rebooted and upload the
downloaded system boot file.
1.3.4 Upgrading system software in system configuration mode

Before upgrading the system software, you should build a FTP/TFTP environment, taking a
PC as the FTP/TFTP server and the RAX711-R as the client. Basic requirements are as below.
 The RAX711-R is connected to the server through the SNMP interface, Client/Line
interface.
 Configure the IP address of the PC and ensure that the route between the PC and the
RAX711-R is reachable and can be pinged through.
1 Raisecom#download { boot | file | Download the system software through FTP/TFTP.
license | paf | patch | system-boot |
startup-config } { ftp ip-address
username password filename | tftp ip-
address filename }
2 Raisecom#boot next-startup file-name Specify the system software for rebooting the
device next time.
3 Raisecom#reboot [ now ] Reboot the device. The device will load the newly-
downloaded system startup file automatically.
1.3.5 Managing configuration files


20
Raisecom

Raisecom(config)#auto-write enable Enable auto-saving.
2 Raisecom#erase [ file-name ] Delete files from the memory.
3 Raisecom#show startup-config Check the loading configuration while the
device is booting.
4 Raisecom#show running-config Check the current configuration of the device.
5 Raisecom#dir Check the files saved in the Flash of the
device.
6 Raisecom#show startup Check the files running on the device.

1 Raisecom#show version Show the version of the system.
1.4 Remote zero-configuration

1.4.1 Preparing for configurations
Scenario
The remote devices are scattered at the user side of the network. It consumes a lot of time and
efforts to configure them. Remote zero-configuration supports applying for network
management parameters, such as the management IP address, management VLAN, and
default gateway, after the devices are powered on. Therefore, devices can be managed quickly.
This improves the efficiency for configuring devices.
In general, remote devices can automatically apply for IP addresses when they are properly
connected to the local device and zero-configuration server of the local device is configured
properly. To change parameters about remote zero-configuration, see contents of this section.
Configurations in this section fit for RAX711-R remote devices that are connected to the
zero-configuration server indirectly.
 When the remote zero-configuration is configured based on DHCP, the remote device
support using the IP address automatically obtained on Loopback 1 and being managed
through the IP address of Loopback 1.
 When the remote zero-configuration is configured based on extended OAM, the remote
device support using the IP address automatically obtained on Loopback 1 and being
managed through the IP address of Loopback 1.

21
Raisecom
Prerequisite
 Both the local and remote devices are configured with zero-configuration mode.
 No interface of the remote device is configured with the management VLAN.
 The uplink interface is UP.
1.4.2 (Optional) configuring remote zero-configuration

IP addresses obtained through zero-configuration are permanently valid without lease limit.

2 Raisecom(config)#ip dhcp client (Optional) configure the RAX711-R to work as the
mode { zeroconfig | normal } zero-configuration remote device or common DHCP
client.
By default, the RAX711-R works as the zero-
configuration remote device.
After the RAX711-R obtains network

management parameters and configurations
are complete in remote zero-configuration
mode, it cannot be changed to the common
DHCP client in principle.
3 Raisecom(config)#interface Enter Layer 3 physical interface configuration mode.
interface-type interface-number
4 Raisecom(config-port)#ip address Enable remote zero-configuration, meanwhile, you can
dhcp [ server-ip ip-address ] specify the IP address of the local DHCP server. If you
specify the IP address of the DHCP server, the remote
device receives IP addresses assigned by the specified
DHCP server.
5 Raisecom(config-port)#ip dhcp Configure information about the DHCP client,
client { class-id class-id | including the host name, class ID, and client ID. The
client-id client-id | hostname information is added to the DHCP packet sent by the
host-name } DHCP client.
 If the remote device has obtained an IP address through DHCP, it is believed

that the remote device has obtained an IP address successfully regardless of
whether the default gateway is configured successfully or not.
 IP addresses, which are obtained in extended OAM mode, can be overridden by
the manually-configured ones on the same interface, such as the Layer 3
physical interface, sub interface, or VLAN interface.
 IP addresses, which are obtained in DHCP mode, can be overridden by the
manually-configured ones on the same interface, such as the Layer 3 physical
interface, sub-interface, or VLAN interface.

22
Raisecom
 You can configure the IP address manually based on the Layer 3 physical
interface, sub-interface, VLAN interface, or Layer 3 Trunk interface.
1.4.3 (Optional) configuring zero-configuraiton polling

2 Raisecom(config)#ip dhcp client Configure the zero-configuration polling period. It
zeroconfig polling period hour ranges from 1 to 24 hours.
By default, it is configured to 2 hours.
1.4.4 (Optional) configuring DHCP Relay

The remote device can be connected downlink to the level-2 remote devices. When the level-
1 remote device obtains the IP address through zero-configuration, it can be enabled with
Relay on its downlink interface and trigger zero-configuration of the level-2 remote device.

2 Raisecom(config)#interface interface- Enter Layer 3 physical interface configuration
type interface-number mode.
The interface is connected to the downlink

interface of the level-2 remote device and should
be configured with IP address.
3 Raisecom(config-port)#ip dhcp relay Enable DHCP Relay.
4 Raisecom(config-port)#ip dhcp relay (Optional) configure the destination IP address.
target-ip ip-address The IP address can either be the IP address of
DHCP Server or the IP address of DHCP Relay.

1 Raisecom(config)#show ip dhcp client Show configurations and automatically-obtained
information about the DHCP client.

23
Raisecom
1.5 Network management

Scenario
When you need to log in to the RAX711-R through the NView NNM system, you need to
configure SNMP basic functions for the RAX711-R.
Prerequisite
 Configure the IP address of the SNMP interface.
 Configure the route, making the route between the RAX711-R and the NView NNM
system reachable.
1.5.2 Configuring SNMP basic functions
Configuring SNMP v3
1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#snmp-server access group-name [ read Create and configure the
view-name ] [write view-name ] [notify view- SNMP access group.
name ][ context context-name { exact | prefix } ] usm
{ noauthnopriv | authnopriv | authpriv }
3 Raisecom(config)#snmp-server group name user user usm (Optional) configure the
mapping between users and
the SNMP access group.
4 Raisecom(config)#snmp-server contact syscontact (Optional) configure the
identifier and contact
information of the
administrator.
5 Raisecom(config)#snmp-server host ip-address version 3 Configure the IP address of
{ noauthnopriv | authnopriv | authpriv } user-name the SNMP target host.
[ udpport udpport ]
6 Raisecom(config)#snmp-server location sysLocation (Optional) specify the physical
location of the RAX711-R.
7 Raisecom(config)#snmp-server user user-name [ remote Create the user name and
engine-id ] authentication { md5 | sha } key-word configure the authentication
mode.
8 Raisecom(config)#snmp-server view view-name oid-tree Configure the SNMP view.
[ mask] { included | excluded }

24
Raisecom
Configuring SNMP v1/SNMP v2c

2 Raisecom(config)#snmp-server community
name [ view view ] { ro | rw } Create the community name and configure
the related view and authority.
3 Raisecom(config)#snmp-server contact
contact (Optional) configure the identifier and
contact mode of the administrator.
4 Raisecom(config)#snmp-server host ip- Configure the IP address of the SNMP target

address version { 1 | 2c } community- host. Send Traps to the target host.
string [ udpport port-id ] [ vrf instance-
name ] Support sending Traps to the specified
L3VPN.
5 Raisecom(config)#snmp-server location (Optional) specify the physical location of
location the RAX711-R.
6 Raisecom(config)#snmp-server traps enable (Optional) enable CPU utilization rate TCA.
cpu-threshold
7 Raisecom(config)#snmp-server listen vrf (Optional) enable the feature of monitoring
instance-name SNMP operation messages which come from
L3VPN.
1.5.3 Configuring Trap
Steps for configuring Trap of SNMP v1, v2c, and V3 are identical except the step for
configuring the SNMP target host. Configure the SNMP target host as required.
Trap refers to unrequested information sent to the NView NNM system automatically, which
is used to report some critical events.
You need to do the following operations before configuring Trap:
 Configure SNMP basic functions. The user name and SNMP view are required for
SNMP v3.
 Configure the routing protocol, making the route between the RAX711-R and the NView
NNM system reachable.
2 Raisecom(config)#interface interface-type Enter Layer 3 physical interface
interface-number configuration mode.
3 Raisecom(config-port)#ip address ip-address
vlan-id Configure the IP address of the RAX711-R.

25
Raisecom

4 Raisecom(config-port)#exit Exit Layer 3 physical interface configuration
mode and enter global configuration mode.
5 Raisecom(config)#snmp-server host ip-
address version 3 { noauthnopriv | (Optional) configure SNMP Trap target host
authnopriv | authpriv } name [ udpport based on SNMP v3.
udpport ]
6 Raisecom(config)#snmp-serverhost ip-address
(Optional) configure SNMP Trap target host
version { 1 | 2c } name [udpport udpport ]
based on SNMP v1 and v2c.
1.5.4 Configuring KeepAlive

When the RAX711-R is sending KeepAlive Trap, the NM will find it in a short time, thus
improving the working efficiency and alleviating the pressure for the NM personnel.
The prerequisite for this configuration is that the route between the device and the NMS is
reachable.
To avoid multiple devices sending KeepAlive Trap at the same time during the same period
which may lead to the overload of the NM, the KeepAlive Trap is sent randomly within the
sending period plus 5s.

2 Raisecom(config)#snmp-server keepalive-trap  Enable sending KeepAlive Trap.
enable
 Disable sending KeepAlive Trap by
default.
3 Raisecom(config)#snmp-server keepalive-trap
interval period
 (Optional) configure the period for
sending KeepALive Trap.
 The period is 300s by default.
4 Raisecom(config)#snmp-server keepalive-trap (Optional) pause sending KeepAlive Trap.

pause

1 Raisecom#show snmp access Show SNMP access group configurations.
2 Raisecom#show snmp community Show SNMP community configurations.
3 Raisecom#show snmp config Show SNMP basic configurations.

26
Raisecom

4 Raisecom#show snmp group Show the mapping between SNMP users and the SNMP
access group.
5 Raisecom#show snmp host Show Trap target host information.
6 Raisecom#show snmp statistics Show SNMP statistics.
7 Raisecom#show snmp user Show SNMP user information.
8 Raisecom#show snmp view Show SNMP view information.
9 Raisecom#show keepalive Show SNMP KeepAlive configurations.
1.6 Configuring RMON

1.6.1 Introduction
Remote Network Monitoring (RMON) is a standard stipulated by Internet Engineering Task
Force (IETF) for network data monitoring through different network Agent and NMS. RMON
is derived from SNMP. Compared with SNMP, RMON can monitor remote devices more
actively and more effectively, network administrators can track the network, network segment
or device malfunction more quickly. This approach reduces the data flows between NMS and
Agent, makes it possible to manage large networks simply and powerfully, and makes up the
limitations of SNMP in the ever-growing distributed Internet.
RMON implements 4 function groups: statistics group, history group, alarm group, and event
group.
 Statistics group: gather statistics on each interface, including number of received packets
and packet size distribution statistics.
 History group: similar with the statistics group, but it only collects statistics in an
assigned detection period.
 Alarm group: monitor an assigned MIB object, configure the upper and lower thresholds
in an assigned time interval, and trigger an event if the monitored object exceeds the
threshold.
 Event group: cooperating with the alarm group, when alarm triggers an event, it records
the event, such as sending Trap or writing it into the log, and so on.
Scenario
RMON helps monitor and gather statistics about network traffics.
Compared with SNMP, RMON is a more efficient monitoring method. After you specify an
alarm threshold, the iTN8800 actively sends alarms when the threshold is exceeded without
obtaining variable information. This helps reduce traffic of Central Office (CO) and managed
devices and facilitates network management.

27
Raisecom
Prerequisite
The route between the iTN8800 and the NView NNM system is reachable.
1.6.3 Configuring RMON alarm group

2 Raisecom(config)#rmon alarm alarm- Configure related parameters of
id mibvar [ interval second ] the RMON alarm group.
{ absolute | delta } rising-
threshold rising-num [ rising-
event ] falling-threshold falling-
num [ falling-event ] [ owner
owner-name ]
1.6.4 Configuring RMON event group

mode.
2 Raisecom(config)#rmon event event-id Configure related parameters of
[ log ] [ trap ] [ description the RMON event group.
string ] [ ownerowner-name ]
1.6.5 Configuring RMON statistics

2 Raisecom(config)#rmon Enable RMON statistics on an interface
statistics { interface-type and configure related parameters.
interface-number | ip if-
number }[ owner owner-name ] By default, RMON statistics on all
interfaces is enabled.
1.6.6 Configuring RMON history statistics


28
Raisecom

2 Raisecom(config)#rmon history Enable RMON history statistics on
{ interface-type interface-number an interface and configure related
| ip if-number }[ shortinterval parameters.
period ] [ longinterval period ]
[ buckets buckets-number ] By default, RMON history statistics
[ ownerstring ] on all interfaces is disabled.

Use the following commands to check configuration results.

1 Raisecom#show rmon Show RMON configurations.
2 Raisecom#show rmon alarms Show information about the RMON
alarm group.
3 Raisecom#show rmon events Show information about the RMON
event group.
4 Raisecom#show rmon statisttics Show information about the RMON
statistics group.
5 Raisecom#show rmon history Show information about the RMON
interface-type interface- history group.
number

29
Raisecom
RAX711-R (B) Configuration Guide 2 System management
2 System management
This chapter introduces the system management and configuration process of the RAX711-R
and illustrates relevant configuration examples.
 User management
 Device management
 Time management
 Configuring system log
 Configuring alarm management
 Configuring Banner
 Configuration examples
2.1 User management

2.1.1 Managing users
When you start the RAX711-R for the first time, you need to connect the PC through Console
interface to the device, input the initial user name and password in Hyper Terminal to log in to
and configure the RAX711-R.
By default, both the user name and password are raisecom.

If there is not any privilege restriction, any remote can log in to the RAX711-R through
Telnet or establish Point to Point Protocol (PPP) connection with the RAX711-R, when the
Simple Network Management Protocol (SNMP) interface or other service interfaces of device
are configured with IP addresses. This is unsafe for both the device and network. Therefore,
you need to Create user and set password and privilege to manage login users and ensure
network and device security.

1 Raisecom#user name user-name Create or modify the user name and password.
password password [ cipher |
simple ]
You can delete a created user through the no username
command.

30
Raisecom

2 Raisecom#user name user-name Configure the level and privilege of the user.
privilege privilege-level
3 Raisecom#user user-name Configure the priority rule for the user to perform the
{ allow-exec | disallow-exec } command line.
first-keyword [ second-
keyword ] The allow-exec parameter will allow the user to perform
commands higher than the current priority.
The disallow-exec parameter disallows the user to perform
commands lower than the current priority.

1 Raisecom#show user { active | table } Show the user information/user information table.
2.2 Device management

2.2.1 Configuring device name
1 Raisecom#hostname hostname Configure the device name.
By default, the name is Raisecom.
2.2.2 Configuring temperature monitoring

2 Raisecom(config)#temperature alarm Configure the high-temperature alarm threshold.
threshold high value
By default, it is configured to 65ºC.
3 Raisecom(config)#temperature alarm Configure the low-temperature alarm threshold.
threshold low value
By default, it is configured to -10ºC.
2.2.3 Configuring fan monitoring

When the RAX711-R is in a hot environment, over-high temperature will influence the heat-
dissipation performance of the RAX711-R. In this case, you need to configure fan monitoring,

31
Raisecom
which makes the fan adjust the rotational speed automatically based on the surrounding
temperature. Therefore, the RAX711-R can work properly.

2 Raisecom(config)#fan work mode (Optional) configure the working mode of the
{ intelligent | non-intelligent } fan. By default, the fan works in intelligent mode.
3 Raisecom(config)#fans speed level level Configure the fan speed level when the fan works
in non-intelligent mode.
By default, it is 2_level.

1 Raisecom#show fans Show fan monitoring configurations.
2 Raisecom#show temperature Show the device temperature.
3 Raisecom#show power Show the power supply status.
4 Raisecom#show memory [utilization Show the memory utilization.
threshold ]
5 Raisecom#show manufacture info [ slot Show factory information.
slot-id | all ]
6 Raisecom#show shelf Show the device and chassis.
7 Raisecom#show version [ slot slot- Show the version of the device or subcard.
id ]
2.3 Time management

2.3.1 Introduction
Device time
To ensure that the RAX711-R can cooperate with other devices, you need to configure system
time and time zone precisely for the RAX711-R.
DST
Daylight Saving Time (DST) is set locally to save energy. About 110 countries around the
world apply DST in summer, but vary in details. Thus, you need to consider detailed DST
rules locally before configuration.
The RAX711-R supports being configured with DST.

32
Raisecom
Time protocol
With development and extension of Internet in all aspects, multiple applications involved in
time need accurate and reliable time, such as online real-time transaction, distributed network
calculation and processing, transport and flight management, and database management. In
the network, you can release the time information through time protocols. At present,
Network Time Protocol (NTP) and Simple Network Time Protocol (SNTP) are commonly-
used time protocols.
NTP is a standard protocol for time synchronization in telecommunication network. It is
defined by RFC1305. It is used to perform time synchronization between the distributed time
server and clients. NTP transmits data based on UDP, using UDP port 123.
NTP is used to perform time synchronization on all hosts and switches in the network.
Therefore, these devices can provide various applications based on the uniformed time. In
addition, NTP can ensure a very high accuracy with an error about 10ms.
Devices, which support NTP, can both be synchronized by other clock sources and can
synchronize other devices as the clock source. In addition, these devices can be synchronized
mutually through the NTP packet.
The RAX711-R supports performing time synchronization through multiple NTP working
modes:
 Server/Client mode
In this mode, the client sends clock synchronization message to different servers. The servers
work in server mode automatically after receiving the synchronization message and send
response messages. The client receives response messages, performs clock filtering and
selection, and is synchronized to the preferred server.
The client and server are relative. The device used for providing the time standard is a server
and then device used for receiving time services is a client.
In this mode, the client can be synchronized to the server but the server cannot be
synchronized to the client.
 Symmetric peer mode
In this mode, there are the symmetric active peer and symmetric passive peer. The device,
which sends the NTP synchronization packet actively, is the symmetric active peer.The device
working in the symmetric active mode, sends clock synchronization messages to the device
working in the symmetric passive mode. The device that receives this message automatically
enters the symmetric passive mode and sends a reply. By exchanging messages, the
symmetric peer mode is established between the two devices. Then, the two devices can
synchronize, or be synchronized by each other.
The RAX711-R supports working as the NTP v1/v2/v3 client to be synchronized by the
server.
The SNTP is the simplification of the NTP. Compared with the NTP, SNTP supports the
server/client mode, which is defined by RFC1361.
The RAX711-R supports working as the SNTP client to be synchronized by the server.

33
Raisecom
2.3.2 Configuring time and time zone

1 Raisecom#clock set hour minute second year  Configure the system time.
month day
 By default, the system time is
configured to 8:00:00, Jan 1, 2000.
2 Raisecom#clock timezone { + | - } hour Configuring system time zone. By default, it
minute timezone-name is GMT+8:00.
2.3.3 Configuring DST

1 Raisecom#clock summer-time enable Enable DST on the RAX711-R.
By default, DST is disabled.
2 Raisecom#clock summer-time recurring Configure the begin time, end time, and
{ start-week | last } { sun | mon | tue | offset of DST.
wed | thu | fri | sat } start-month hour
minute { end-week | last } { sun | mon |
tue | wed | thu | fri | sat } end-month-
hour minute offset
 For example, if DST starts from 02:00 a.m. second Monday of April to 02:00 a.m.
second Monday of September, the clock is moved ahead 60 minutes. Thus, the
period between 02:00 and 03:00 second Monday of April does not exist.
Configuring time during this period will fail.
 DST in the Southern Hemisphere is opposite to that in the Northern Hemisphere.
It is from September this year to April next year. If the starting month is later than
the ending month, the system judges that it is located in the Southern
Hemisphere.
2.3.4 Configuring NTP/SNTP

2 Raisecom(config)#ntp server ip-address (Optional) configure the NTP server address
[ version version-number ] for the client that works in server/client mode.
3 Raisecom(config)#ntp peer ip-address (Optional) configure the NTP symmetric peer
[ version version-number ] address for the RAX711-R that works in
symmetric peer mode.

34
Raisecom

4 Raisecom(config)#sntp server ip-address (Optional) configure the SNTP server address
for the device that works in the SNTP client
mode.
5 Raisecom(config)#ntp reclock-master ip-  Set the RAX711-R to the NTP master
address [ stratum ] clock (reference clock source).
 By default, the RAX711-R is not the
reference clock source.
 If the RAX711-R is configured as the NTP reference clock source, it cannot be

configured as the NTP server or NTP symmetric peer; and vice versa.
 SNTP and NTP are mutually exclusive. If you configure the SNTP server
address on the RAX711-R, you cannot configure NTP on the device, and vice
versa.

1 Raisecom#show clock [ summer-time Show configurations on the system time, time
recurring ] zone, and DST.
2 Raisecom#show sntp Show SNTP configurations.
3 Raisecom#show ntp status Show NTP configurations.
4 Raisecom#show ntp associations Show NTP association configurations.
[ detail ]
2.4 Configuring system log

Scenario
The RAX711-R generates critical information, debugging information, or error information of
the system to system logs and outputs the system logs to log files or transmits them to the host,
Console interface, or monitor for viewing and locating faults.
Prerequisite
N/A

35
Raisecom
2.4.2 Configuring basic information about system log

2 Raisecom(config)#logging on (Optional) enable system log.
By default, system log is enabled.
3 Raisecom(config)#logging time- (Optional) configure the timestamp of system log.
stamp { debug | log }
{ datetime | none | uptime } The optional parameter debug is used to assign debug-
level (7) system log timestamp. By default, this system log
does not have timestamp
The optional parameter log is used to assign levels 0–6
system log timestamp. By default, these system logs adopt
date-time as timestamp.
4 Raisecom(config)#logging rate- (Optional) configure the transport rate of system log.
limit rate
By default, no transport rate is configured.
5 Raisecom(config)#logging (Optional) configure the log discriminator.
discriminator distriminator-
number { facility | mnemonics |
msg-body } { drops | includes }
key
Raisecom(config)#logging
discriminator distriminator-
number { facility | mnemonics |
msg-body } none
6 Raisecom(config)#logging buginf (Optional) send Level 7 (debugging) log.

[ high | normal | low | none ]
7 Raisecom(config)#logging (Optional) enable the sequence number field of the log.
sequence-number
Use the no form of this command to disable the sequence
number field of the log.
2.4.3 Configuring system log output destination

2 Raisecom(config)#logging console [ log-level | (Optional) output system logs to
alerts | critical | debugging | discriminator | the Console interface.
emergencies | errors | informational |
notifications | warnings ]
3 Raisecom(config)#logging host ip-address[ log- (Optional) output system logs to
level| alerts | critical | debugging | the log host.
discriminator discriminator-number | emergencies |
errors | informational | notifications | warnings ]

36
Raisecom

4 Raisecom(config)#logging monitor[ log-level | (Optional) output system logs to
alerts | critical | debugging | emergencies | the monitor.
5 Raisecom(config)#logging facility { alert | audit | (Optional) configure the facility
auth | clock | cron | daemon | ftp | kern | local0 field of the system log output to
| local1 | local2 | local3 | local4 | local5 | the log host.
local6 | local7 | lpr | mail | news | ntp |
security | syslog | user | uucp }
6 Raisecom(config)#logging buffered [ log-level | (Optional) output system logs to
alerts | critical | debugging | emergencies | the log buffer.
7 Raisecom(config)#logging buffered size size (Optional) configure the log
buffer size.
8 Raisecom(config)#logging history (Optional) output system logs to
the log history table.
9 Raisecom(config)#logging history size size (Optional) configure the log
history table size.
10 Raisecom(config)#logging trap [level | alerts | (Optional) translate logs output to
critical | debugging | emergencies | errors | the log history table to Traps.
informational | notifications | warnings]

1 Raisecom#show logging Show system log configurations.
2.5 Configuring alarm management

Scenario
When the RAX711-R fails, the alarm management module will collect the fault information
and output the alarm in a log. The alarm information includes the time when the alarm is
generated, the name and descriptions of the alarm. It helps you quickly locate the fault.
If the RAX711-R is configured with the NView NNM system, alarms can be report to the
NView NNM system directly. The NView NNM system can provide reasons that may cause
alarms, as well as processing suggestions. This helps to troubleshoot faults immediately.
If the RAX711-R is configured with hardware monitoring, when the operating environment of
the device is abnormal, the RAX711-R supports saving to the hardware monitoring alarm
table, sending Trap to the NView NNM system, and outputting to the system log. It notifies
users to process the fault and prevent the fault from occurring.
37
Raisecom
With alarm management, you can directly perform following operations on the RAX711-R:
alarm inhibition, alarm auto-report, alarm monitoring, alarm inverse, alarm delay, alarm
storage mode, alarm clearing, and alarm viewing.
Prerequisite
After hardware monitoring is configured on the RAX711-R,
 When alarms are output in Syslog form, alarms are generated to the system log. When
needing to send alarms to the log host, you need to configure the IP address of the log
host on the RAX711-R.
 When needing to send alarms to the NView NNM system in a Trap form, you need to
configure the IP address of the NView NNM system on the RAX711-R.
2.5.2 Configuring basic functions of alarm management

2 Raisecom(config)#alarm inhibit enable (Optional) enable alarm inhibition.
By default, alarm inhibition is
enabled.
3 Raisecom(config)#alarm auto-report all enable (Optional) enable alarm auto-
report.
Raisecom(config)#alarm auto-report alarm-restype (Optional) enable alarm auto-report
alarm-restype-value enable with specified alarm source.
Raisecom(config)#alarm auto-report type alarm-type (Optional) enable alarm auto-report
enable with specified alarm type.
Raisecom(config)#alarm auto-report type alarm-type (Optional) enable alarm auto-report
alarm-restype alarm-restype-value enable with specified alarm source and
alarm type.
4 Raisecom(config)#alarm monitor all enable (Optional) enable alarm
monitoring.
Raisecom(config)#alarm monitor alarm-restype (Optional) enable alarm monitoring
alarm-restype-value enable with specified alarm source.
Raisecom(config)#alarm monitor type alarm-type (Optional) enable alarm monitoring
enable with specified alarm type.
Raisecom(config)#alarm monitor type alarm-type (Optional) enable alarm monitoring
alarm-restype alarm-restype-value enable with specified alarm source and
alarm type.
5 Raisecom(config)#alarm inverse interface-type (Optional) configure the alarm
interface-number { none | auto | manual } inverse mode.
By default, the alarm inverse mode
is configured to none (non-
inverse).

38
Raisecom

6 Raisecom(config)#alarm { active | clear } delay (Optional) configure the time for
second delaying an alarm to be generated.
By default, alarm delay is
configured to 0s.
7 Raisecom(config)#alarm active storage-mode { loop (Optional) configure the alarm
| stop} storage mode.
By default, the alarm storage mode
is configured to stop.
8 Raisecom(config)#alarm clear all (Optional) clear all current alarms.
Raisecom(config)#alarm clear index index (Optional) clear current alarms
with specified alarm index.
Raisecom(config)#alarm clear alarm-restype alarm- (Optional) clear current alarms
restype-value with specified alarm source.
Raisecom(config)#alarm clear type alarm-type (Optional) clear current alarms
with specified alarm type.
Raisecom(config)#alarm clear type alarm-type (Optional) clear current alarms
alarm-restype alarm-restype-value with specified alarm type and
alarm source.
9 Raisecom(config)#alarm syslog enable (Optional) enable alarm Syslog.
By default, it is enabled.
10 Raisecom(config)#exit (Optional) show current alarms.
Raisecom#show alarm active [ module_name |
severity severity ]
Raisecom#show alarm cleared [ module_name | (Optional) show historical alarms.
severity severity ]
All functional modules that support alarm management can be configured with the
function of enabling/disabling alarm monitoring, alarm auto-report, and alarm clearing.

1 Raisecom#show alarm management Show current alarm parameters.
[ alarm_type ]
Alarm parameters displayed by this command
include alarm inhibition, alarm inverse mode,
alarm delay, alarm storage mode, alarm buffer
size, and alarm log size.
2 Raisecom#show alarm log Show alarm management module
configurations.

39
Raisecom

3 Raisecom#show alarmmanagement statistics Show alarm management module statistics.
4 Raisecom#show alarm active Show the current alarm table.
2.6 Configuring Banner

Scenario
Banner is a prompt displayed when you log in to or exit the device, such as the precautions or
disclaimer.
You can configure the Banner of the RAX711-R as required. In addition, the RAX711-R
provides the Banner switch. After Banner display is enabled, the configured Banner
information appears when you log in to or out of the RAX711-R.
After configuring Banner, you should use the write command to save configurations.
Otherwise, Banner information will be lost when the RAX711-R is restarted.
Prerequisite
N/A
2.6.2 Configuring Banner

2 Raisecom(config)#ba Configure the Banner contents. Enter the banner
nner login word login and the start identifier "word", press Enter,
Press Enter. enter the Banner contents, and then end with the
Enter text message "word" character.
followed by the
character ’word’ to
finish.User can
stop configuration
 The word parameter is a 1-byte character. It is the
by inputing’
beginning and end mark of the Banner contents.
Ctrl+c’
These 2 marks must be the identical characters.
message word We recommend selecting the specified character
that will not occur at the message.
 The message parameter is the Banner contents.
Up to 2560 characters are supported.
3 Raisecom(config)#cl (Optional) clear contents of the Banner.
ear banner login

40
Raisecom
2.6.3 Enabling Banner display

2 Raisecom(config)#ba Enable Banner display.
nner enable
By default, Banner display is disabled.

1 Raisecom#show Show Banner status and contents of the configured Banner.
banner login
2.7 Configuration examples

2.7.1 Example for outputting system logs to log host
Networking requirements
As shown in Figure 2-1, configure system log to output system logs of the RAX711-R to the
log host, facilitating view them at any time.
Figure 2-1 Outputting system logs to log host
Configuration steps
Step 1 Configure the IP address of the RAX711-R.
Raisecom#config
Raisecom(config)#interface gigaethernet 1/0/1
Raisecom(config-outband)#ip address 20.0.0.6 255.0.0.0 1
Raisecom(config-outband)#exit
Step 2 Output system logs to the log host.

41
Raisecom
Raisecom(config)#logging on
Raisecom(config)#logging host 20.0.0.168 warnings
Raisecom(config)#logging rate-limit 2
Checking results
Use the show logging command to show system log configurations.
Raisecom#show logging
Syslog logging: enable
Dropped Log messages: 0
Dropped debug messages: 0
Rate-limited: 2 messages per second
Squence number display: disable
Debug level time stamp: none
Log level time stamp: datetime
Log buffer size: 4kB
Debug level: low
Syslog history logging: disable
Syslog history table size:1
Dest Status Level LoggedMsgs DroppedMsgs Discriminator
----------------------------------------------------------------------
buffer disable informational(6) 0 0 0
console enable informational(6) 3 0 0
trap disable warnings(4) 0 0 0
file disable warnings(4) 0 0 0
Log host information:
Max number of log server: 10
Current log server number: 1
Target Address Level Facility Sent Drop Discriminator
-------------------------------------------------------------------------
20.0.0.168 warnings(4) local7 0 0 0
View whether the log information is displayed on the terminal emulation Graphical User
Interface (GUI) of the PC.
07-01-2014 11:31:28Local0.Debug 20.0.0.6JAN 01 10:22:15 RAX711-R: CONFIG-7-

CONFIG:USER " raisecom " Run " logging on "
07-01-2014 11:27:41Local0.Debug 20.0.0.6JAN 01 10:18:30 RAX711-R: CONFIG-7-
CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.0 1 "
07-01-2014 11:27:35Local0.Debug 20.0.0.10 JAN 01 10:18:24 RAX711-R: CONFIG-
7-CONFIG:USER " raisecom " Run " ip address 20.0.0.6 255.0.0.1 1 "
7-CONFIG:USER " raisecom " Run " logging host 20.0.0.168 local0 7 "
7-CONFIG:USER " raisecom " Run " logging on"

42
Raisecom
2.7.2 Example for configuring hardware monitoring alarm output
As shown in Figure 2-2, configure hardware monitoring to monitor the temperature of the
RAX711-R. When the temperature value exceeds the threshold, an alarm is generated and is
reported to the NView NNM system in a Trap form, notifying users to take related actions to
prevent the fault.
Figure 2-2 Configuring hardware monitoring alarm output
Configuration steps
Step 1 Configure the IP address of the RAX711-R.
Raisecom#config
Raisecom(config-gigaethernet 1/1/1)#ip address 20.0.0.6 255.255.255.0
Raisecom(config-gigaethernet 1/1/1)#exit
Step 2 Enable Trap.
Raisecom(config)#snmp-server enable traps

Raisecom(config)#snmp-server host 20.0.0.1 version 2c public
Step 3 Configure temperature monitoring.
Raisecom(config)#temperature alarm threshold high 55

Raisecom(config)#temperature alarm threshold low 10
Checking results
Use the show snmp config command to show Trap configurations.
Raisecom#show snmp config

Contact information: support@Raisecom.com
Device location : World China Raisecom
SNMP trap status: enable

43
Raisecom
SNMP engine ID: 800022B603000001020304
Use the show snmp host command to show Trap target host configurations.
Raisecom(config)#show snmp host

Index: 0
IP family: IPv4
IP address: 20.0.0.1
Port: 162
User Name: public
SNMP Version: v2c
Security Level: noauthnopriv
TagList: bridge config interface rmon snmp ospf

44
Raisecom
RAX711-R (B) Configuration Guide 3 Interface management
3 Interface management
This chapter describes the configuration of basic function on the interface including following
sections:
 Configuring basic information about interface
 Configuring Ethernet interface
 Configuring Ethernet sub-interface
 Configuring VLAN interface
 Configuring optical module DDM
 Configuring loopback interface
 Configuring loopback
 Checking configurations
3.1 Configuring basic information about interface

Configuring basic information about interface
3 Raisecom(config-port)#ip address ip-address Configure the primary/secondary IP
[ ip-mask ] [ sub ] address and subnet mask of the Layer 3
physical interface.
4 Raisecom(config-port)#description string Configure the interface description.
5 Raisecom(config-port)#portswitch (Optional) configure the interface to Layer
2 physical interface configuration mode.
6 Raisecom(config-port)#sfp fiber-tx track (Optional) configure the fiber Tx track Rx
fiber-rx enable status on the interface.

45
Raisecom

7 Raisecom(config-port)#medium-type { auto | (Optional) configure the type of Combo
fiber | copper } interface.
8 Raisecom(config-port)#shutdown (Optical) shut down the interface.
3.1.2 Configuring interface working mode

2 Raisecom(config)#interface interface-type Enter Layer 3 physical interface configuration
interface-number mode.
3 Raisecom(config-port)#mode { l2 | l3 } Configure Layer 3 physical interface working
mode.
 L2: access L2VPN.
 L3: access L3VPN.
Configuring Jumboframe on the interface

The Ethernet interface may receive Jumboframe, which is greater than the standard frame size,
when transmitting high-throughput data. The system will discard these Jumboframes directly.
After you configure allowing Jumboframes to pass, the system will continue to process them
when the Ethernet interface receives Jumboframes, whose size is greater than the standard
size but within the specified size range.

2 Raisecom(config)#interface Enter interface configuration mode.
3 Raisecom(config-port)#jumboframe Configure the Jumboframe that is allowed to pass
frame-size through the interface.
By default, the size of the Jumboframe is configured
to 9600 Bytes.
Configuring MTU of interface

Maximum Transmission Unit (MTU) refers to the largest packet byte size that can be
transmitted through a physical network. After Jumboframe is configured to pass, at the IP
layer, the device will compare the MTU value with the size of the data packet to be
transmitted. If the size of the data packet is greater than the MTU value, the data packet will
be fragmented at the IP layer. The fragmented data can be equal to or smaller than the MTU.
When MTU values on interface of 2 connected devices are inconsistent, these 2 devices will
fail to communicate with each other. In this case, you need to configure the MTU value.

46
Raisecom

3 Raisecom(config-port)#mtu size Configure the MTU of the interface. By default, the
MTU of the interface is configured to 1500 Bytes.
Configuring MAC address of interface

2 Raisecom(config)#interface interface- Enter interface configuration mode.
type interface-number
3 Raisecom(config-port)#mac mac-address Configure the MAC address of the interface.
4 Raisecom(config-port)#shutdown Restart the interface to make the MAC address
Raisecom(config-port)#no shutdown effective.
3.1.3 Configuring interface flapping suppression

In network application, the interfaces may go up and down alternately and frequently due to
various reasons, such as physical signal interference and configuration errors at the link layer.
The frequent Up and Down of interfaces cause the repeated flapping of routing protocols,
which severely affects the network and device performance or even paralyse partial devices,
making the network unavailable.
You can configure the suppression period for interface flapping, reducing the times of
alternate Up and Down of interfaces.

2 Raisecom(config)#interface interface-type Enter interface configuration mode.
interface-number
3 Raisecom(config-port)#vibration-suppress Configure the suppression period for
peroid second interface flapping.
By default, the suppression period is 3s.
3.2 Configuring Ethernet interface


47
Raisecom

2 Raisecom(config)#interface interface-type Enter interface configuration mode. By
interface-number default, the interface is in Layer 3 physical
interface configuration mode.
3 Raisecom(config-port)#tpid { 8100 | 9100 Configure the TPID of the interface. By
| 88a8 } default, the TPID of the interface is
configured to 0x8100.
3.3 Configuring Ethernet sub-interface

2 Raisecom(config)#interface interface-type Enter interface configuration mode. By
interface-number default, the interface is in Layer 3 physical
interface configuration mode.
3 Raisecom(config-port)#interface In Layer 3 physical interface configuration
gigaethernet unit/slot/port.sub-interface mode, enter GE sub-interface configuration
mode.
4 Raisecom(config-subif)#encapsulation Configure the VLAN ID of the VLAN Tag on
dot1Q vlan-id-1 [ to vlan-id-2 ] the GE sub-interface.
Support extracting L2VPN services based on
VLAN ID or VLAN list.
5 Raisecom(config-subif)#encapsulation qinq Configure the VLAN ID of the dual VLAN
svlan svlan-id cvlan cvlan-id [ to vlan- Tag encapsulated on the GE sub-interface.
id ]
6 Raisecom(config-subif)#mode { l2 | l3 } Configure the working mode of Layer 3
physical sub-interfaces.
 L2: access L2VPN services.
 L3: access L3VPN services.
7 Raisecom(config-subif)#vlan translate In L2VPN mode, configure VLAN translation
[ svlan { untag | vlan-id } ] [ cvlan for the GE Ethernet sub-interface.
{ untag | vlan-id } ]
3.4 Configuring VLAN interface

The prerequisite is that the related VLAN ID is created.


48
Raisecom

2 Raisecom(config)#interface vlan vlan-id Enter VLAN interface configuration mode.
3 Raisecom(config-vlanif)#ip address ip- Configure primary and slave IP addresses and
address [ ip-mask ] [ sub ] subnet masks of the VLAN interface.
3.5 Configuring optical module DDM

Scenario
Optical module DDM can provide users with a method to detect the performance parameters
of SFP optical transceiver. Users can, according to the test data, predict the life of the optical
transceiver, isolate system faults, and verify the compatibility of the optical transceiver during
the on-site installation.
Prerequisite
N/A
3.5.2 Enable optical module DDM

3 Raisecom(config-port)#transceiver ddm Configure enabling optical module DDM.
enable
By default, it is disabled.

1 Raisecom#show transceiver [interface- Show history information about optical module
type interface-number history { 15m | DDM.
24h } ]
2 Raisecom#show transceiver ddm Show information about optical module DDM.
interface-type interface-list
[ detail ]

49
Raisecom
3.6 Configuring loopback interface

2 Raisecom(config)#interface loopback Enter loopback interface configuration mode.
interface-number
3 Raisecom(config-port)#ip address ip- Configure primary and slave IP addresses and
address [ ip-mask ] [ sub ] subnet mask of the loopback interface.
3.7 Configuring loopback

Scenario
Network maintenance personnel can test and analyse the fault on the interface and network
through interface loopback.
The ingress packet and egress packet is defined as bellows:
 Ingress packet: test packets received by the interface
 Egress interface: test packets retuned to the remote device after loopback
Prerequisite
The current interface is in the Forwarding status and it can forward packets received from it or
report them to the CPU.
3.7.2 Configuring interface loopback


interface-number
3 Raisecom(config-port)#loopback { interal | Enable interface loopback.
exteral } [ access-list acl-number ] [ swap
sip ip-address ] [ swap smac mac-address ]
[ swap vcid vc-id peerid peer-ip ] [ swap
dip-disable ] [ swap dmac-disable ] [ swap
dport-disable ]

50
Raisecom
 The first 3 bytes of the destination MAC address cannot be configured as

0x0180C2.
 The source MAC address cannot be multicast or broadcast address.

1 Raisecom(config)#show loopback Show configurations of
loopback.
3.8 Checking configurations

1 Raisecom#show interface interface-type interface-number Show interface status.

51
Raisecom
RAX711-R (B) Configuration Guide 4 Ethernet
4 Ethernet
This chapter describes principles and configuration procedures of Ethernet, as well as related
configuration examples, including following sections:
 Configuring VLAN
 Configuring MAC address table
 Configuring QinQ
 Configuring LLDP
 Configuring loop detection
 Configuring L2CP
4.1 Configuring VLAN

Scenario
The main function of VLAN is to carve up logic network segments. There are 2 typical
application modes:
 Small LAN: on one Layer 2 device, the LAN is carved up to several VLANs. Hosts that
connect to the device are carved up by VLANs. So hosts in the same VLAN can
communicate, but hosts between different VLANs cannot communicate. For example,
the financial department needs to be separated from other departments and they cannot
access each other. In general, the port connected to the host is in Access mode.
 Big LAN or enterprise network: multiple Layer 2 devices connect to multiple hosts and
these devices are concatenated. Packets take VLAN Tag for forwarding. Ports of
multiple devices, which have identical VLAN, can communicate, but hosts between
different VLANs cannot communicate. This mode is used for enterprises that have many
people and need a lot of hosts, and the people and hosts are in the same department but
different positions. Hosts in one department can access each other, so you have to carve
up VLAN on multiple devices. Layer-3 devices like a router are required if you want to
communicate among different VLANs. The concatenated ports among devices are in
Trunk mode.

52
Raisecom
Prerequisite
N/A
4.1.2 Configuring VLAN properties

2 Raisecom(config)#create vlan vlan-list Create a VLAN. By default, there is no VLAN
active and the interface is not added to any VLAN.
3 Raisecom(config)#vlan vlan-id Enter VLAN configuration mode.
4 Raisecom(config-vlan)#name vlan-name (Optional) configure the VLAN name.
Raisecom(config-vlan)#exit
5 Raisecom(config)#interface interface- Enter physical interface configuration mode.
6 Raisecom(config-port)#portswitch Enter Layer 2 interface configuration mode.
7 Raisecom(config-port)#switchport mode Configure the current interface to be an
{ access | trunk } Access/Trunk interface. By default, all interfaces
are Access interfaces.
 VLANs that are created by using the vlan vlan-id command are in active status.
 All configurations of a VLAN cannot take effect until the VLAN is activated.
4.1.3 Configuring VLANs based on Access interfaces

Raisecom(config-port)#portswitch
3 Raisecom(config-port)#switchport mode Set the interface mode to Access.
access
4 Raisecom(config-port)#switchport access Configure the interface Access VLAN.

vlan vlan-id
5 Raisecom(config-port)#switchport access Configure the VLAN list available for the Access
egress-allowed vlan { all | vlan-list } interface.
[ confirm ]

53
Raisecom
4.1.4 Configuring VLANs based on Trunk interfaces

3 Raisecom(config-port)#switchport mode Set the interface mode to Trunk.
trunk
4 Raisecom(config-port)#switchport trunk Configure the interface Native VLAN.

native vlan vlan-id
5 Raisecom(config-port)#switchport trunk (Optional) configure the VLAN list available for

allowed vlan { all | vlan-list } the Trunk interface.
[ confirm ]
6 Raisecom(config-port)#switchport trunk (Optional) configure the Untagged VLAN list
untagged vlan { all | vlan-list } available for the Trunk interface.
[ confirm ]
 The Trunk interface permits Native VLAN packets passing regardless of

configurations for Trunk Allowed VLAN list and Trunk Untagged VLAN list on the
interface. And forwarded packets do not carry VLAN TAG.
 When configuring a Native VLAN, the system will automatically create and
activate a VLAN if you do not create the VLAN in advance.
 The interface permits Trunk Allowed VLAN packets passing. If the VLAN is a
Trunk Untagged VLAN, the VLAN TAG of the packet is removed on the egress
interface. Otherwise, the packet is not modified.
 If the configured Native VLAN is not the default VLAN and there is no default
VLAN in the VLAN list on the Trunk interface, the interface will not allow packets
in the default VLAN to pass.
 When configuring a Trunk Untag VLAN list, the system automatically adds all
Untagged VLAN to the Trunk allowed VLAN.
 Trunk allowed VLAN list and Trunk Untagged VLAN list are valid for the static
VLAN only.

1 Raisecom#show vlan [ vlan-list | static | Show configurations and status of all
dynamic ] [ detail ] VLANs or a specified VLAN.
2 Raisecom#show switchport interface Show interface switching configurations.

54
Raisecom
4.2 Configuring MAC address table

Scenario
When configuring the MAC address table, you can configure static MAC addresses for fixed
and important devices to prevent illegal users from accessing the network from other
locations.
To avoid saving too many dynamic MAC addresses to the MAC address table and exhausting
resources of the MAC address table, you need to configure the aging time of dynamic MAC
addresses to ensure upgrading dynamic MAC addresses effectively.
Prerequisite
N/A
4.2.2 Configuring static MAC address table

2 Raisecom(config)#mac-address static Add a static unicast MAC address to the MAC
unicast mac-address vlan vlan-id address table.
Raisecom(config)#mac-address static
unicast mac-address vsi vsi-name
It must be a unicast MAC address. The
interface-type interface-number local MAC address, multicast address, all-
Raisecom(config)#mac-address static F, and all-0 MAC addresses cannot be set
unicast mac-address vsi vsi-name vc-id to the static MAC address.
vc-id peer ip-address
4.2.3 Configuring dynamic MAC address table

Commands for steps 3 to 5 are used to configure dynamic MAC address limit in interface
configuration mode. Commands for steps 8 to 10 and 12 are used to configure dynamic MAC
address limit in VLAN configuration mode and VSI configuration mode respectively.

Raisecom(config-port)#portswitch Configure the interface to switching mode.
3 Raisecom(config-port)#mac-address Enable MAC address learning.
learning enable
By default, MAC address learning is enabled.

55
Raisecom

4 Raisecom(config-port)#mac-address (Optional) configure dynamic MAC address
threshold threshold-value limit.
By default, no dynamic MAC address limit is
configured.
5 Raisecom(config-port)#mac-address move- (Optional) configure constraints on MAC
restrain enable address drift.
Raisecom(config-port)#exit
6 Raisecom(config)#mac-address aging-time (Optional) configure the aging time of MAC
second address.
By default, it is 300s.
If the value is 0, the MAC address will not be
aged out.
7 Raisecom(config)#vlan vlan-id Enter VLAN configuration mode.
8 Raisecom(config-vlan)#mac-address Enable MAC address learning.
learning enable
By default, MAC address learning is enabled.
9 Raisecom(config-vlan)#mac-address (Optional) configure dynamic MAC address
threshold threshold-value limit.
By default, no dynamic MAC address limit is
configured.
10 Raisecom(config-vlan)#exit (Optional) exit VLAN configuration mode and
enter global configuration mode.
11 Raisecom(config)#mpls vsi vsi-name (Optional) create a VSI and enter VSI
static configuration mode.
12 Raisecom(config-vsi)#mac-address (Optional) configure dynamic MAC address
threshold threshold-value limit. By default, no dynamic MAC address
limit is configured.
4.2.4 Configuring blackhole MAC address

2 Raisecom(config)#mac-address blackhole Create the blackhole MAC address. By default,
mac-address { vlan vlan-id | vsi vsi- no blackhole MAC address is configured.
name }

56
Raisecom

1 Raisecom#show mac-address count [ vlan vlan-id ] [ interface- Show the number
type interface-number ] of MAC
Raisecom#show mac-address count vsi vsi-name [ interface-type addresses.
interface-number]
Raisecom#show mac-address count vsi vsi-name [ vc-id vc-id peer
ip-address ]
2 Raisecom#show mac-address { all | static | dynamic } [ vlan Show MAC

vlan-id ] [ interface-type interface-number ] addresses.
Raisecom#show mac-address { all | static | dynamic } vsi vsi-
name [ interface-type interface-number ]
Raisecom#show mac-address { all | static | dynamic } vsi vsi-
name [ vc-id vc-id peer ip-address ]
Raisecom#show mac-address mac-address [ vlan vlan-id | vsi vsi-
name ]
Raisecom#show mac-address blackhole [ vlan vlan-id | vsi vsi-
name ]
3 Raisecom#show mac-address learning vlan-list vlan-list Show the enabled
Raisecom#show mac-address learning interface [ interface-type
information about
interface-number ]
the automatic
learning of MAC
address table.
4.2.6 Maintenance
1 Raisecom(config)#clear mac-address dynamic Clear MAC addresses.
Raisecom(config)#clear mac-address dynamic [ vlan
vlan-id ] [ interface-type interface-number ]
Raisecom(config)#clear mac-address dynamic vsi vsi-
name [ interface-type interface-number ]
Raisecom(config)#clear mac-address dynamic vsi vsi-
name [ vc-id vc-id peer ip-address ]
Raisecom(config)#clear mac-address dynamic mac-
address [ vlan vlan-id | vsi vsi-name ]

57
Raisecom
4.3 Configuring QinQ

Scenario
With basic QinQ, you can add outer VLAN Tag and freely plan your own private VLAN ID.
Therefore, the data between devices on both ends of the Internet Service Provider (ISP)
network can be transparently transmitted, without conflicting with the VLAN ID in the ISP
network.
VLAN mapping based on QinQ can be applied to the following scenarios:
 N:1 VLAN mapping
 Single-layer VLAN to double-layer VLAN
 2:2 VLAN mapping
 Double-layer VLAN to single-layer VLAN
Prerequisite
 Connect interfaces and configure physical parameters of interfaces. Make the physical
layer Up.
 Create a VLAN.
4.3.2 Configuring basic QinQ

3 Raisecom(config-port)#dot1q-tunnel Enable basic QinQ on the interface.
4 Raisecom(config-port)#switchport mode Configure the interface mode to Access and
access configure the default VLAN ID of the access
Raisecom(config-port)#switchport access interface.
vlan vlan-id
4.3.3 Configuring VLAN mapping based on QinQ

3 Raisecom(config-port)#switchport qinq Enable the basic QinQ on the interface.
dot1q-tunnel

58
Raisecom

4 Raisecom(config-port)#vlan-mapping Configure 1:1 or N:1 VLAN mapping.
dot1q vlan-id-1 [ to vlan-id-n ]
translate vlan-id-after
Raisecom(config-port)#vlan-mapping Configure adding outer layer VLAN.
dot1q vlan-id-1 [ to vlan-id-n ]
translate svlan svlan-id [ cos cos ]
cvlan cvlan-id-1 [ to cvlan-id-n ]
Raisecom(config-port)#vlan-mapping qinq Configure 2:2 VLAN mapping rule
svlan svlan-id cvlan cvlan-id-1 [ to
cvlan-id-n ] translate svlan svlan-id
cvlan cvlan-id-1 [ to cvlan-id-n ]
Raisecom(config-port)#vlan-mapping qinq Configure mapping from double-layer VLAN to
svlan svlan-id cvlan cvlan-id translate single-layer VLAN.
vlan vlan-id
5 Raisecom(config-port)#vlan-mapping miss (Optical) enable discarding the packet when the
discard VLAN carried by the packet fails to match with
the VLAN mapping rule.

1 Raisecom#show vlan Show basic QinQ configurations.
2 Raisecom#show vlan-mapping interface Show interface VLAN mapping rule.
interface-type interface-list
4.4 Configuring LLDP

Scenario
When you obtain connection information between devices through the NView NNM system
for topology discovery, you need to enable LLDP on the RAX711-R. Therefore, the RAX711-
R can notify its information to the neighbours mutually, and store neighbour information to
facilitate the NView NNM system querying information.
Prerequisite
N/A

59
Raisecom
4.4.2 Enabling global LLDP
After global LLDP is disabled, you cannot re-enable it immediately. Global LLDP
cannot be enabled unless the restart timer times out.
2 Raisecom(config)#lldp enable Enable global LLDP. By default, global LLDP is disabled.
4.4.3 Enabling interface LLDP

3 Raisecom(config-port)#lldp enable Enable interface LLDP.
By default, interface LLDP is enabled.
4.4.4 Configuring LLDP basic functions
When configuring the delivery delay timer and the delivery period timer, set the value
of the delivery delay timer to be smaller than or equal to one quarter of the value of
the delivery period timer.
2 Raisecom(config)#lldp message- (Optional) configure the delivery period timer of the
transmission interval second LLDP packet. By default, it is configured to 30s.
3 Raisecom(config)#lldp message- (Optional) configure the delivery delay timer of the
transmission delay second LLDP packet. By default, it is configured to 2s.
4 Raisecom(config)#lldp message- (Optional) configure the aging coefficient of the
transmission hold-multiplier LLDP packet. By default, it is configured to 4.
coefficient
5 Raisecom(config)#lldp restart-delay (Optional) configure the restart timer. After global
second LLDP is disabled, it cannot be enabled unless the
restart timer times out. By default, it is configured to
2s.

60
Raisecom
4.4.5 Configuring LLDP Trap

You need to enable LLDP Trap to send topology update Trap to the NView NNM system
immediately when the network changes.

2 Raisecom(config)#lldp trap-interval (Optional) configure the LLDP Trap delivery period
second timer. By default, it is configured to 5s.
After enabled with LLDP Trap, the RAX711-R will send Traps after detecting aged
neighbors, newly-added neighbors, and changed neighbor information.

1 Raisecom#show lldp local config Show LLDP local configurations.
2 Raisecom#show lldp local system-data Show LLDP local system information.
[ interface-type interface-number ]
3 Raisecom#show lldp remote [ interface- Show LLDP neighbor information.
type interface-number ] [ detail ]
4 Raisecom#show lldp statistic [ interface- Show LLDP packet statistics.
type interface-number ]
4.5 Configuring loop detection

Scenario
In the network, hosts or Layer 2 devices connected to access devices may form a loopback
intentionally or involuntary. Enable loop detection on downlink interfaces of all access
devices to avoid the network congestion generated by unlimited copies of data traffic. Once a
loopback is detected on a port, the interface will be blocked.
Prerequisite
Configure physical parameters on an interface and make the physical layer Up.
4.5.2 Configuring loop detection

For step 3 and step 4, you do not need to do both. It is ok to choose one of them.

61
Raisecom
Loop detection and STP are mutually exclusive. They cannot be enabled
simultaneously.
For directly connected devices, you cannot enable loop detection on both ends
simultaneously.
interface-number
3 Raisecom(config-port)#portswitch Choose any interface mode for
configuration.
4 Raisecom(config-port)#mode l2
5 Raisecom(config-port)#loopback-detection Enable loop detection on a required

[ pkt-vlan { untag | vlan-id } ] [ hello- interface.
time second ] [ restore-time second ]
[ action { block | trap-only | shutdown } ] Simultaneously, you can configure the
VLAN of the transmitted packet
(optional), hello period (optional), restore
time (optional), and loopback action.
6 Raisecom(config-port)#loopback-detection Manually release the interface blocked
manual restore because of the detected loop.

1 Raisecom#show loopback-detection [ statistics ] Show loop detection
[ interface-type interface-number ] configurations on interfaces.
4.5.4 Maintenance
1 Raisecom(config)#clear loopback-detection statistic Clear loop detection statistics.
[ interface-type interface-list ]

62
Raisecom
4.6 Configuring L2CP

Scenario
You can configure the process methods of Layer 2 control packets in the user network on the
access device within MAN according to the services provided by carriers. It can be
configured on the interface of the device at user network.
Prerequisite
N/A
4.6.2 Configuring L2CP

interface-number
3 Raisecom(config-port)#l2cp drop protocol Configure the action to discarding L2CP
{ stp | lacp | oam | dot1x | elmi | lldp packets, which means that the packet will be
| pagp | udld | pvst | cdp | vtp | mac- discarded when the type of the packet or
address mac-address } destination MAC address matches with the
discarding rule.
4 Raisecom(config-port)#l2cp tunnel { pw Configure the action to transparently transmit
vc-id peer ip-address | mac mac-address | L2CP packets, which means that when the
vlan vlan-id | port interface-type type of the packet matches with the
interface-number } protocol { stp | lacp transparent transmission rule, the packet will
| oam | dot1x | elmi | lldp | pagp | udld be transmitted transparently.
| pvst | cdp | vtp }

1 Raisecom#show l2cp tunnel statistics [ port-name | Show statistics of the
channel-name ] transparent transmission
packets.

By default, all physical interfaces of the RAX711-R work in Layer 3 physical interface
configuration mode. For all examples in this section, we need to configure physical interfaces

63
Raisecom
of the RAX711-R to work in Layer 2 physical interface configuration mode. For details, refer
to section 3.1 Configuring basic information about interface.
4.7.1 Example for configuring MAC address table
As shown in Figure 4-1, the switch is connected uplink to the IP network through interface
GE 1/2/1 of iTN A to make PC 2 and PC 3 access the IP network. Configure a static unicast
MAC address on interface GE 1/2/1 for forwarding packets from the switch to the IP network.
Meanwhile, enable dynamic MAC address learning on iTN A. Configuration parameters are
shown as below:
 MAC address of the switch : 000E.5E03.0405
 VLAN and interface type of interface GE 1/2/1: VLAN 10 and Access
 Aging time of dynamic MAC addresses: 500s
Figure 4-1 Configuring MAC address table
Configuration steps
Step 1 Create and activate VLAN 10. Add interface GE 1/2/1 to VLAN 10.
Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config-port)#switchport access vlan 10

64
Raisecom
Step 2 Configure a static MAC address, which is in VLAN 10.
Raisecom(config)#mac-address static unicast 000e.5e03.0405 vlan 10

gigaethernet 1/2/1
Step 3 Set the aging time of the MAC address to 500s.
Raisecom(config)#mac-address aging-time 500

Raisecom(config)#exit
Checking results
Use the show mac-address static command to show MAC address configurations.
Raisecom#show mac-address static

Mac Address Vlan VSI-Name Port/Vc-id:Peer Flags
----------------------------------------------------------
000E.5E03.0405 10 -- GE1/2/1 static
4.7.2 Example for configuring VLAN and interface protection
As shown in Figure 4-2, PC 1, PC 2, and PC 5 are in VLAN 10; PC 3 and PC 4 are in VLAN
20. iTN A and iTN B are connected through a Trunk interface and disallow packets of VLAN
20 to pass. Therefore, PC 3 and PC 4 cannot communicate with each other. Enable interface
protection on PC 1 and PC 2 to make them fail to communicate. However, PC 1 and PC 2 can
communicate with PC 5 respectively.

65
Raisecom
Figure 4-2 Configuring VLAN
Configuration steps
Step 1 Create and activate VLAN 10 and VLAN 20 on iTN A and iTN B respectively.
 Configure iTN A.
iTNA#config
iTNA(config)#create vlan 10,20 active
 Configure iTN B.
iTNB#config
iTNB(config)#create vlan 10,20 active
Step 2 Add interface GE 1/2/1 (Access) and interface GE 1/2/2 (Access) of iTN B to VLAN 10. Add
interface GE 1/2/3 (Access) to VLAN 20. Interface GE 1/1/1 is in Trunk mode and allows
packets of VLAN 10 to pass.
iTNB(config)#interface gigaethernet 1/2/1

iTNB(config-port)#portswitch
RiTNB(config-port)#switchport mode access
iTNB(config-port)#switchport access vlan 10
iTNB(config-port)#exit
iTNB(config-port)#switchport mode access

66
Raisecom

iTNB(config-port)#switchport mode trunk
iTNB(config-port)#switchport trunk allow vlan 10
Step 3 Add interface GE 1/2/1 (Access) of iTN A to VLAN 10 and interface GE 1/2/2 (Trunk) to
VLAN 20. Interface GE 1/1/1 works in Trunk mode and allows packets of VLAN 10 to pass.
iTNA(config)#interface gigaethernet 1/2/1

iTNA(config-port)#portswitch
iTNA(config-port)#switchport mode access
iTNA(config-port)#switchport access vlan 10
iTNA(config-port)#exit
iTNA(config-port)#switchport mode trunk
iTNA(config-port)#switchport trunk native vlan 20
iTNA(config-port)#switchport trunk allow vlan 10
Step 4 Enable interface protection on interfaces GE 1/2/1 and GE 1/2/2 on iTN B.

iTNB(config-port)#switchport protect
iTNB(config-port)#switchport protect
Checking results
Use the show vlan command to show VLAN configurations.
Take iTN B for example.
iTNB#show vlan
Switch Mode: --

67
Raisecom
VLAN Name State Status Priority Member-Ports

-------------------------------------------------------------------------
1 VLAN0001 active static --
10 VLAN0010 active static --gigaethernet1/1/1
gigaethernet1/2/1 gigaethernet1/2/2
20 VLAN0020 active static --gigaethernet1/2/3
Use the show interface switchport command to show VLAN configurations on the interface.
Take iTN B for example.
iTNB#show interface switchport gigaethernet 1/2/1

Interface: gigaethernet1/2/1
Switch Mode: switch
Reject frame type: none
Administrative Mode: access
Operational Mode: access
Access Mode VLAN: 10
Administrative Access Egress VLANs:
Operational Access Egress VLANs: 10
Trunk Native Mode VLAN: 0
Administrative Trunk Allowed VLANs:
Operational Trunk Allowed VLANs:
Administrative Trunk Untagged VLANs:
Operational Trunk Untagged VLANs:
Administrative private-vlan host-association:
Administrative private-vlan mapping:
Operational private-vlan: --
Use the show switchport protect command to show configurations of interface protection.
iTNB#show switchport protect

Port Protected State
--------------------------
GE1/1/1 disable
GE1/1/2 disable
GE1/1/3 disable
GE1/1/4 disable
GE1/2/1 enable
GE1/2/2 enable
Use the ping command to learn allowable VLANs for the Trunk interface.
68
Raisecom
 If PC1 can ping through PC 5, VLAN 10 communicates properly.

 If PC 2 can ping through PC 5, VLAN 10 communicates properly.
 If PC 3 cannot ping through PC 4, VLAN 20 communicates improperly.
By executing the ping command between PC 1 and PC 2, check configurations of interface
protection.
If PC1 cannot ping through PC 2, interface protection takes effect.
4.7.3 Example for configuring basic QinQ
As shown in Figure 4-3, iTN A and iTN B are connected to VLAN 100 and VLAN 200
respectively. To communicate through the ISP, Department A and Department C, Department
B and Department D should set the outer Tag to VLAN 1000. Configure interfaces GE 1/2/1
and GE 1/2/2 on iTN A and iTN B working in dot1q-tunnel mode and being connected to
VLAN 100 and VLAN 200. Interface GE 1/1/1 is used to connect the ISP network, which
works in Trunk mode and allows packets with double tag to pass. The TPID is configured to
9100.
Figure 4-3 Configuring basic QinQ
Configuration steps
Step 1 Create and activate VLAN 100, VLAN 200, and VLAN 1000.

69
Raisecom
iTNA#config
iTNA(config)#create vlan 100,200,1000 active
iTNB#config
iTNB(config)#create vlan 100,200,1000 active
Step 2 Configure interfaces GE 1/2/1 and GE 1/2/2 working in dot1q-tunnel mode. Set the outer
TPID to 9100.

iTNA(config-port)#tpid 9100
iTNA(config-port)#switchport mode access
iTNA(config-port)#switchport access vlan 1000
iTNA(config-port)#switchport qinq dot1q-tunnel
iTNA(config-port)#tpid 9100
iTNA(config-port)#switchport trunk native vlan 1000
iTNA(config-port)#switchport qinq dot1q-tunnel

iTNB(config-port)#tpid 9100
iTNB(config-port)#switchport qinq dot1q-tunnel
iTNB(config-port)#tpid 9100
iTNB(config-port)#switchport trunk native vlan 1000
iTNB(config-port)#switchport qinq dot1q-tunnel

70
Raisecom
Step 3 Configure interface GE 1/1/1 allowing packets with double Tag to pass.

iTNA(config-port)#switchport trunk allowed vlan 1000

iTNB(config-port)#switchport trunk allowed vlan 1000
Checking results
Use the show switchport qinq command to show QinQ configurations.
Take iTN A for example.
iTNA(config-port)#show switchport qinq

Inner TPID: 0x9100
Interface QinQ Status Outer TPID on port
----------------------------------------------------------
gigaethernet1/1/1 -- 0x9100
gigaethernet1/2/1 Dot1q-tunnel 0x9100
gigaethernet1/2/2 Dot1q-tunnel 0x9100
port-channel1 -- 0x9100

71
Raisecom
4.7.4 Example for configuring port mirroring
As shown in Figure 4-4, user network 1 is connected to the RAX711-R through interface GE
1/2/1 and user network 2 is connected to the RAX711-R through interface GE 1/2/2. The
network administrator needs to monitor packets transmitted to and sent by user network 1
through the Monitor PC and then get anomalous data traffic and analyze causes and address
problems.
The monitor PC is connected to the RAX711-R through interface GE 1/2/3.
Figure 4-4 Configuring port mirroring
Configuration steps
Step 1 Create port mirroring group 1.
Raisecom#config
Raisecom(config)#mirror group 1
Step 2 Set interface GE 1/2/2 to the monitor port.

Raisecom(config-port)#mirror-group 1 monitor-port
Set successfully.
Step 3 Set interface GE 1/2/1 to the mirroring port and set the mirroring rule to ingress.

Raisecom(config)#mirror-group 1 source-port ingress

72
Raisecom
Checking results
Use the show mirror-group command to show port mirroring configurations.
Raisecom#show mirror-group
Mirror Group 1 :
Monitor Port :
gigaethernet1/2/3
Source Port :
gigaethernet1/1/1 : egress
gigaethernet1/2/1 : ingress

73
Raisecom
RAX711-R (B) Configuration Guide 5 Clock synchronization
5 Clock synchronization
This chapter describes principles and configuration procedures of clock synchronization, as

well as related configuration examples, including following sections:
 Configuring clock synchronization based on synchronous Ethernet
5.1 Configuring clock synchronization based on

synchronous Ethernet
Scenario
In the PTN, to communicate properly, the sender must put the pulse in the specified timeslot
when sending the digital pulse signal and the receiver can extract the pulse from the specified
timeslot. To realize this, you must resolve the synchronization problem.
The synchronous Ethernet technology can perform clock synchronization in the PTN.
Because it does not support phase synchronization and supports frequency synchronization
only, synchronous Ethernet technology is applied for the base station, fixed network TDM
relay, leased clock network relay, and wireless base stations which have no requirement on
phase synchronization, such as Global System for Mobile Communications (GSM) and
Wideband Code Division Multiple Access (WCDMA).
The RAX711-R supports selecting the optimum clock source automatically. You just need to
configure clock source properties of synchronous Ethernet. In addition, the RAX711-R
supports selecting the specified clock source manually.
Prerequisite
N/A

74
Raisecom
5.1.2 Configuring clock source properties of synchronous Ethernet
The SyncE supports the clock source which is based on link aggregation interface.
2 Raisecom(config)#synce enable Enable synchronous Ethernet.
By default, synchronous Ethernet is disabled.
3 Raisecom(config)#synce operation- Configure the working status of synchronous Ethernet.
type { auto-select | forced-freerun
| forced-holdover }
By default, it works in the compulsory shock status.
4 Raisecom(config)#synce source Configure the SSM quality level property of the
{ internal | interface { clock0 | synchronous Ethernet clock source.
clock1 | interface-type interface-
number | tdm interface-number }
priority priority [ quality-level
level ] [ ring-outside ]
[ lockout ]
5 Raisecom(config)#synce ssm Configure the function that SSM quality level of the
{ standard | extend | disable } synchronous Ethernet participates in selecting source
[ transmit-threshold threshold ] and configure the threshold.
6 Raisecom(config)#synce switch-mode (Optional) enable automatic recovery of synchronous
{ revertive [ wtr-time time ] | Ethernet clock source and configure the WTR of the
non-revertive } clock source.
By default, the automatic recovery of clock source is
enabled.
7 Raisecom(config)#synce source hold- Configure the hold-off time of the clock source.
off-time time
8 Raisecom(config)#clock interface (Optional) configure 2M clock mode.
{ clock0 | clock1 } mode { digital
[ sa sa ] | digital-crc [ sa sa ] |
anolog } [ shutdown-threshold
quality-level level ]
5.1.3 Choosing clock source for synchronous Ethernet manually

mode.
2 Raisecom(config)#synce manual-source { internal | Switch the clock source
interface { clock0 | clock1 | interface-type manually.
interface-type interface-number } }
3 Raisecom(config)#synce forced-source { internal | Switch the clock source
interface { clock0 | clock1 | interface-type forcibly.
interface-number } }

75
Raisecom

1 Raisecom#show synce Show global configurations of synchronous Ethernet.
2 Raisecom#show synce source Show configurations of synchronous Ethernet clock source.
3 Raisecom#show clock interface Show configuration on the interface of the clock.
4 Raisecom#show synce ssm Show the SSM configurations of the synchronous Ethernet.

5.2.1 Examples for configuring clock synchronization based on
synchronous Ethernet
As shown in Figure 5-1, the RNC device transmits clock information to the iTN A through the
synchronous Ethernet. iTN A is connected to Carrier's NodeB. Clock signals are transmitted
to NodeB stations through downlink GE.
Figure 5-1 Configuring clock synchronization based on synchronous Ethernet
Configuration steps
Configure clock source properties.
Configure iTN A.
Raisecom#hostname iTNA
iTNA#config
iTNA(config)#synce enable
iTNA(config)#synce ssm standard

76
Raisecom
iTNA(config)#synce source interface gigaethernet 1/2/1 priority 1

quality-level 2
iTNA(config)#synce operation-type auto-select
Configure iTN B.
Raisecom#hostname iTNB
iTNB#config
iTNB(config)#synce enable
iTNB(config)#synce ssm standardiTNB(config)#synce source interface
gigaethernet 1/1/1 priority 1 1iTNB(config)#synce operation-type auto-
select
Checking results
Use the show synce command to show clock synchronization configurations of the
synchronous Ethernet.
iTNA#show synce
Synce : enable
Synce running status(PLL): locked(auto-select)
Current clock source: gigaethernet 1/2/1(Ql:2)
Previous clock source: null(Ql:--)
Revertive mode : enable
Latest switch time : 2000-11-07,02:49:45.083
Holdoff time(ms) : 1800
Wait restore time(min): 5
iTNB#show synce
Synce : enable
Synce running status(PLL): freerun(auto-select)
Current clock source: gigaethernet 1/2/1 (Ql:2)
Previous clock source: null(Ql:--)
Revertive mode : enable
Latest switch time : 2000-11-07,02:49:45.083
Holdoff time(ms) : 1800
Wait restore time(min): 5
Use the show synce ssm command to show SSM status of the synchronous Ethernet.
iTNA#show synce ssm

Quality level mode : standard
Ssm source name : gigaethernet 1/2/1
Ssm quality level : 2
Transmit quality level threshold: 0
Source Admin-Qlevel Recv-Qlevel Info-Rx Info-Tx
Event-Rx Event-Tx Src-Id Valid Out
-------------------------------------------------------------------------
gigaethernet1/1/1 2 -- 215 245 0

77
Raisecom
0 0000.0000.0000 True True

iTNB#show synce ssm
Quality level mode : standard
Ssm source name : gigaethernet 1/1/1
Ssm quality level : 2
Transmit quality level threshold: 0
Source Admin-Qlevel Recv-Qlevel Info-Rx Info-Tx
Event-Rx Event-Tx Src-Id Valid Out
-------------------------------------------------------------------------
gigaethernet1/1/1 -- -- 245 215 0
0 0000.0000.0000 True True

78
Raisecom
RAX711-R (B) Configuration Guide 6 IP services
6 IP services
This chapter describes principles and configuration procedures of IP services, as well as

related configuration examples, including following sections:
 Configuring interface
 Configuring DHCPv4 client
 Configuring ARP
 Configuring fault detection
 Maintenance
6.1 Configuring interface IP address

Scenario
You need to configure the IP address and MTU before configuring IP services.
Prerequisite
N/A
6.1.2 Configuring interface IPv4 address

3 Raisecom(config-port)#ip address ip- Configure the IP address on the interface.
address

79
Raisecom

1 Raisecom#show interface interface-type Show interface.
interface-number
6.2 Configuring DHCPv4 client

Scenario
When working as the DHCPv4 client, the RAX711-R can obtain an IP address from the
DHCPv4 server. You can use the IP address to manage the RAX711-R.
When IP addresses are assigned in a dynamic mode, the IP address assigned to the DHCPv4
client has a lease period. When the lease period expires, the DHCPv4 server will withdraw the
IP address. If the DHCPv4 client wishes to continue to use the IP address, it needs to renew
the IP address. If the lease period does not expire and the DHCPv4 client does not need to use
the IP address, it can release the IP address.
The RAX711-R supports configuring DHCP Client on the Layer 3 interface only.
Prerequisite
The RAX711-R is not enabled with DHCPv4 Server and works in common DHCP Client
mode.
6.2.2 (Optional) configuring DHCPv4 client information
Before enabling the DHCPv4 client on the Layer 3 interface to apply for the IP
address, configure DHCPv4 client information.
2 Raisecom(config)#interface Enter Layer 3 interface configuration mode.
3 Raisecom(config-port)#ip dhcp client Configure DHCPv4 client information, including the

{ class-id class-id | client-id class ID, client ID, and host name.
client-id | hostname hostname } The command is valid on the Layer 3 interface only.

80
Raisecom
6.2.3 Configuring DHCPv4 Client on Layer 3 interface

3 Raisecom(config-port)#ip address Configure DHCPv4 Client and specify the IP address

dhcp [ server-ip ip-address ] of the DHCPv4 server. It means enabling the DHCPv4
client to apply for the IP address.
The command is valid on the Layer 3 interface only.
6.2.4 (Optional) renewing/releasing IPv4 address

3 Raisecom(config-port)#ip dhcp Renew the IPv4 address.

client renew The command is valid on the Layer 3 interface only.
4 Raisecom(config-port)#no ip address Release the IPv4 address.
dhcp The command is valid on the Layer 3 interface only.

1 Raisecom#show ip dhcp client Show DHCPv4 client configurations.
6.3 Configuring ARP

Scenario
Address Resolution Protocol (ARP) is a protocol used for resolution of IP addresses into
Ethernet MAC addresses (physical addresses).

81
Raisecom
Prerequisite
Configure the IP address of the interface. For details, refer to section 3.1 Configuring basic
information about interface.
6.3.2 Configuring ARP

2 Raisecom(config)#arp mode { learn-all | Configure ARP mode.
learn-reply-only }
By default, learn MAC addresses of all hosts.
3 Raisecom(config)#arp aging-time time (Optional) configure the aging time of dynamic
ARP entries.
By default, the aging time is configured to 1200s.
4 Raisecom(config)#arp ip-address mac- (Optional) configure the static ARP entry.
address [ vrf vrf-name | vid vlan-id ]
Raisecom(config)#arp ip-address mac-
address [ vrf vrf-name ] vid vlan-id
[ cevid vlan-id ] [ interface
interface-type interface-number ]
6 Raisecom(config-port)#arp learning Enable dynamic ARP learning on the interface.
enable
By default, dynamic ARP learning is enabled on
the interface.
7 Raisecom(config-port)#arp max-learning- Configure the maximum number of dynamically-
num number learned ARP entries.
8 Raisecom(config-port)#arp proxy enable Enable proxy ARP on the interface.

9 Raisecom(config-port)#gratuitous-arp- Configure free ARP learning on the interface.
learning {enable | disable }

1 Raisecom#show arp [ vrf vrf-name ] [ ip-address Show ARP information.
| interface interface-type interface-number |
static | [ vid vlan-id ] [ cevid vlan-id ] ]
2 Raisecom# show arp learning info Show ARP learning information.

82
Raisecom
6.4 Configuring fault detection

6.4.1 Configuring task scheduling
When you need to use some commands to perform periodical maintenance on the RAX711-R,
you can configure task scheduling. The RAX711-R supports achieving task scheduling
through the schedule list and CLI. You can use commands to perform periodical operation just
by specifying the begin time, period, and end time of a specified task in the schedule list and
bind the schedule list to the CLI.

2 Raisecom(config)#schedule-list list-number start Create and configure the schedule
date-time mm-dd-yyyy hh:mm:ss list.
Raisecom(config)#schedule-list list-number start
date-time mm-dd-yyyy hh:mm:ss every { day |
week } stop mm-dd-yyyy hh:mm:ss

date-time mm-dd-yyyy hh:mm:ss every days-interval
time-interval [ stop mm-dd-yyyy hh:mm:ss ]

up–time days-after-startup hh:mm:ss

up–time days-after-startup hh:mm:ss every days-
interval time-interval [ stop days-after-startup
hh:mm:ss ]
3 Raisecom#show schedule-list Show schedule list configurations.
6.4.2 PING
1 Raisecom#ping ip-address [ count count ] Use the ping command to test IPv4
[ size size ] [ waittime period ] [ source- network connectivity.
ip ip-address ] [ df-bit ]
The RAX711-R cannot perform other operations in the process of Ping. It can
perform other operations only when Ping is finished or Ping is broken off by pressing
Ctrl+C.

83
Raisecom
6.4.3 Traceroute
2 Raisecom(config)#interface interface-type Enter Layer 3 interface configuration mode.
interface-number
3 Raisecom(config-port)#ip address ip- Configure the IP address of the interface.
address [ ip-mask ]
4 Raisecom(config-port)#exit Exit Layer 3 interface configuration mode and
enter global configuration mode.
5 Raisecom(config)#exit Exit global configuration mode and enter
privileged EXEC mode.
6 Raisecom#traceroute ip-address [ firstttl (Optional) use the traceroute command to
fitst-ttl ] [ maxttl max-ttl ] [ port test the IPv4 network connectivity and view
port-number ] [ waittime period ] [ count nodes passed by the packet.
times ] [ size size ]
By default, the initial TTL is configured to 1;
the maximum TTL is configured to 30; the
interface ID is configured to 33433; the
timeout is configured to 3s; the number of
detection packets is configured to 3.
6.5 Maintenance
Command Description
Raisecom(config)#clear arp [ all | vrf vrf-name ] [ ip- Clearing ARP entries.
address | interface interface-type interface-number | |
[ vid vlan-id ] [ cevid vlan-id ] ]

6.6.1 Example for configuring DHCPv4 client
As shown in Figure 6-1, the RAX711-R works as the DHCPv4 client with the host name
being set to raisecom. The RAX711-R accesses to the DHCPv4 server and the NView NNM
system through the service interface. The DHCPv4 server assigns an IP address to the
RAX711-R. Therefore, the NView NNM system can discover and manage the RAX711-R.

84
Raisecom
Figure 6-1 Configuring DHCPv4 relay
Configuration steps
Step 1 Configure DHCPv4 relay.
Raisecom#config
Raisecom(config-ip)#ip dhcp client hostname raisecom
Step 2 Apply for an IP address through the DHCP mode.
Raisecom(config-ip)#ip address dhcp server-ip 192.168.1.1
Checking configurations
Use the show ip dhcp client command to show DHCPv4 relay configurations.
Raisecom#show ip dhcp client

dhcp client mode: zeroconfig
Hostname: raisecom
Class-ID: Raisecom-RITP_5.1.2
Client-ID: Raisecom-000e5e454545-IF0
DHCP Client is requesting for a lease.
Assigned IP Addr: 0.0.0.0
Subnet mask: 0.0.0.0
Default Gateway: --
Client lease Starts: Jan-01-1970 08:00:00
Client lease Ends: Jan-01-1970 08:00:00
Client lease duration: 0(sec)
DHCP Server: 0.0.0.0
Tftp server name: --
Tftp server IP Addr: --
Startup_config filename: --
NTP server IP Addr: --
Root path: --
85
Raisecom
6.6.2 Example for configuring ARP
As shown in Figure 6-2, the RAX711-R is connected to hosts. In addition, it connects to the
Router through interface GE 1/1/1. The IP address and MAC address of the Router are set to
192.168.27.1/24 and 000e.5e12.1234 respectively.
Set the aging time of dynamic ARP entries to 600s. To enhance security of communication
between the RAX711-R and the Router, you need to configure static ARP entries on the
RAX711-R.
Figure 6-2 Configuring ARP
Configuration steps
Step 1 Add a static ARP entry.
Raisecom(config)#arp 192.168.27.1 000e.5e12.1234
Step 2 Set the aging time of dynamic ARP entries to 600s.
Raisecom(config)#arp aging-time 600
Checking results
Use the show arp command to show information about all ARP entries in the ARP table.

86
Raisecom
Raisecom#show arp
ARP table aging-time: 600 seconds(default: 1200s)
ARP mode: Learn reply only
Ip Address Mac Address Type Interface ip
-----------------------------------------------------------
192.168.27.1 000E.5E12.1234 static 0
192.168.27.2 BC30.5BCA.ACE0 dynamic 0
192.168.27.12 F04D.A22D.F0F6 dynamic 0
192.168.27.16 D4BE.D9E4.F8EE dynamic 0
192.168.27.51 BC30.5BAD.6FBA dynamic 0
192.168.27.57 000C.292A.D21A dynamic 0
192.168.27.73 14FE.B5E6.F42F dynamic 0
Total: 7
Static: 1
Dynamic:6

87
Raisecom
RAX711-R (B) Configuration Guide 7 IP routing
7 IP routing
This chapter describes principles and configuration procedures of IP routing, as well as

 Configuring routing management
 Configuring static route
 Configuring routing policy
 Configuring OSPF
 Configuring ISIS
 Configuring BGP
7.1 Configuring routing management

Scenario
Dynamic routing protocols require the Router ID. If no Router ID is specified when these
dynamic routing protocols are enabled, the Router ID of routing management will be used.
The RAX711-R has the capability to establish and refresh the routing table. In addition, it can
forward data packets based on the routing table. By viewing the routing table, you can learn
network topology structure and locate faults.
Prerequisite
N/A
7.1.2 Configuring routing management


88
Raisecom

2 Raisecom(config)#router id router-id Configure the Router ID. By default, the Router ID
is configured to 192.168.1.1.
3 Raisecom(config)#route recursive- Configure iterating untagged public network
lookup tunnel [ ip-prefix listname ] routing to LSP tunnel.
7.1.3 Configuring IP FRR

2 Raisecom(config)#ip frr route-map map-name Configure IP FRR.
[ wtr-timer timer ]
7.1.4 Configuring BFD

2 Raisecom(config)#ip route ip-address mask-address Bind a static route with a BFD
{ next-hop | NULL 0 | interface-type interface- session. In this way, the device can
num } [ distance distance ] [ description text ] rapidly respond to the faults and
[ tag tag ] [ track bfd-session bfd-session-id ] conduct route switching.

1 Raisecom#show router id Show the Router ID.
2 Raisecom#show ip route [ all | vrf vrf-name ] Show the routing table.
[ protocol { static | connected | bgp | ospf |
isis } ] [ detail ]
3 Raisecom#show ip route [ vrf vrf-name ] ip- Show the route to the destination
address [ mask-address ] [ longer-prefixes ] address.
[ detail ]
4 Raisecom#show ip route [ vrf vrf-name ] ip- Show the route between 2 IP
address1 [ mask-address1 ] ip-address2 [ mask- addresses.
address2 ] [ detail ]
5 Raisecom#show ip route [ vrf vrf-name ] summary Show route summary.

89
Raisecom
7.2 Configuring static route

Scenario
The static route has the following advantages:
 Consume less time for the CPU to process them.
 Facilitate the administrator to learn the route.
 Be configured easily.
However, when configuring the static route, you need to consider the whole network. If the
network structure is changed, you need to modify the routing table manually. Once the
network scale is enlarged, it will consume lots of time to configure and maintain the network.
In addition, it may cause more errors.
The default route is a specific static route. It will be used when no matched route is found in
the routing table.
Prerequisite
N/A
7.2.2 Configuring static route

2 Raisecom(config)#ip route [ vrf vrf- Configure the static route.
name ] ip-address { mask-address |
mask-length } { next-hop | null 0 |
tunnel tunnel-if-num } * [ distance
distance ] [ description text ] [ tag
tag ] [ track bfd-session session-
id ]
3 Raisecom(config)#ip route static (Optional) configure the default administration
distance distance distance of the static route. By default, it is
configured to 1.
7.3 Configuring routing policy

7.3.1 Configuring IP prefix-list

90
Raisecom

2 Raisecom(config)#ip prefix-list prefix- Create an IP prefix-list or add a node to the IP
name seq seq-number { deny | permit } prefix-list.
any
Raisecom(config)#ip prefix-list prefix-
If no prefix-list ID (seq-number) is configured,
name seq seq-number { deny | permit }
the system will generate a prefix-list ID
ip-address/mask [ ge min-length ] [ le
automatically. The generated pre-fix list ID has
max-length ] 5 digits.
3 Raisecom(config)#ip prefix-list prefix- Configure descriptions of the IP prefix-list.
name description string
If the length of descriptions exceeds 80
characters, the first 80 characters are available.
 If one record is in permit type, all mismatched routes are in deny type by default.
Only matched routes can pass filtering of the IP prefix-list.
 If one record is in deny type, all mismatched routes are in deny type by default.
Even matched routes cannot pass filtering of the IP prefix-list. Therefore, you
need to add a permit record after multiple deny records to allow other routes to
pass.
 If there are multiple records in the IP prefix-list, there must be a record in permit
type.
7.3.2 Configuring route mapping table

2 Raisecom(config)#ip as-path access-list (Optional) configure the filter that is based on
access-list-number { permit | deny } the AS path of the BGP route.
regexp
3 Raisecom(config)#ip community-list (Optional) configure the filter that is based on
{ standard-list-number | standard the standard or advanced community
standard-list-name }{ permit | deny } properties of the BGP route.
community-number [ internet ] [ local-
as ] [ no-advertise ] [ no-export ]
Raisecom(config)#ip community-list
{ expanded-list-number | expanded
expanded-list-name } { permit | deny }
regexp
4 Raisecom(config)#ip extcommunity-list (Optional) configure the filter that is based on
{ standard-list-number | standard the standard community properties of the BGP
standard-list-name }{ permit | deny } rt route.
rout-target-number
5 Raisecom(config)#ip rd-filter rd-filter- (Optional) configure the filter that is based on
number { permit | deny } rd-number the RD property of the BGP route.
6 Raisecom(config)#route-map map-name Create the route mapping table and enter route
{ permit | deny } number mapping configuration mode.

91
Raisecom

7 Raisecom(config-route-map)#description (Optional) configure descriptions of the route
string mapping table.
If there is any space in descriptions,
descriptions should be within quotes.
8 Raisecom(config-route-map)#on-match next (Optional) set the on-match sub-clause to
continuing to match at the next node.
By default, the process is finished after
matching.
9 Raisecom(config-route-map)#on-match goto (Optional) set the on-match sub-clause to
number continuing to match at some node.
matching.
10 Raisecom(config-route-map)#call map-name (Optional) continue to match routes by
scheduling other routing table after matching
the route.
matching.
11 Raisecom(config-route-map)#match ip next- (Optional) set the match sub-clause to
hop acl-number matching the next hop based on the extended
IP ACL.
12 Raisecom(config-route-map)#match ip next- (Optional) set the match sub-clause to
hop prefix-list prefix-name matching the next hop based on the IP prefix-
list.
13 Raisecom(config-route-map)#match ip (Optional) set the match sub-clause to
address acl-number matching the IP address based on the extended
IP ACL.
14 Raisecom(config-route-map)#match ip (Optional) set the match sub-clause to
address prefix-list prefix-name matching the IP address based on the IP
prefix-list.
15 Raisecom(config-route-map)#match (Optional) set the match sub-clause to
interface name matching the interface name.
16 Raisecom(config-route-map)#match metric (Optional) set the match sub-clause to the
metric matching rule that is based on the route metric
value.
17 Raisecom(config-route-map)#match tag tag (Optional) set the match sub-clause to the
matching rule that is based on the Tag field of
the route tagging.
18 Raisecom(config-route-map)#match as-path (Optional) set the match sub-clause to the
path-list-number BGP routing information matching rule that is
based on the AS-Path filter.
19 Raisecom(config-route-map)#match (Optional) set the match sub-clause to the
community { community-list-number | BGP routing information matching rule that is
community-list-name } [ exact-match ] based on the community filter.

92
Raisecom

20 Raisecom(config-route-map)#match (Optional) set the match sub-clause to the
extcommunity { extcommunity-list-number | BGP routing information matching rule that is
extcommunity-list-name } based on the extcommunity filter.
21 Raisecom(config-route-map)#match ip (Optional) set the match sub-clause to the
route-source prefix-list prefix-name BGP routing information matching rule that is
based on the prefix-list matching with source
address of the route.
22 Raisecom(config-route-map)#match rd- (Optional) set the match sub-clause to the
filter rd-filter-number BGP routing information matching rule that is
based on the RD property filter.
23 Raisecom(config-route-map)#set metric [ + (Optional) set the set sub-clause to modifying
| - ] metric the route metric value after matching.
24 Raisecom(config-route-map)#set metric- (Optional) set the set sub-clause to modifying
type { type-1 | type-2 } the route metric type after matching.
25 Raisecom(config-route-map)#set src ip- (Optional) set the set sub-clause to modifying
address the source IP address after matching.
26 Raisecom(config-route-map)#set ip next- (Optional) set the set sub-clause to modifying
hop ip-address the next-hop IP address of the route after
matching.
27 Raisecom(config-route-map)#set tag tag (Optional) set the set sub-clause to modifying
the routing information tag after matching.
28 Raisecom(config-route-map)#set origin (Optional) set the set sub-clause to modifying
{ egp as-number | igp | incomplete } the route source of the BGP routing
information that matches with the routing
policy.
29 Raisecom(config-route-map)#set as-path (Optional) set the set sub-clause to modifying
prepend as-number the as-path property of the BGP routing
policy.
30 Raisecom(config-route-map)#set local- (Optional) set the set sub-clause to modifying
preference preference the local priority of the BGP routing
policy.
31 Raisecom(config-route-map)#set community (Optional) set the set sub-clause to setting or
{ community-number | internet | local-as deleting the community property of the BGP
| no-advertise | no-export } * routing information that matches with the
[ additive ] routing policy.
Raisecom(config-route-map)#set community
none
32 Raisecom(config-route-map)#set comm-list (Optional) set the set sub-clause to deleting
{ community-list-number | community-list- the community property of the BGP routing
name } delete information that matches with the routing
policy.

93
Raisecom

33 Raisecom(config-route-map)#set (Optional) set the set sub-clause to adding or
extcommunity rt route-target-number modifying the community property of the
[ additive ] BGP routing information that matches with
the routing policy.

Command Description
Raisecom#show ip as-path access-list access-list-number Show filter information about the
AS path list.
7.4 Configuring OSPF

7.4.1 Configuring OSPF routing process
2 Raisecom(config)#router ospf process-id Enable an OSPF process and enter OSPF
[ vrf vrf-name ] [ router-id router-id ] configuration mode.
3 Raisecom(config-router-ospf)#network ip- Advertise networks in the OSPF process, that
address wild-card-mask area area-id is, configure the network segments involved
in the OSPF process and specify the local area
of the network segment in which the IP
address of the OSPF-enabled interface is
included.
 If you manually configure the router-id parameter through the optional

parameters in the router ospf process-id [ vrf vrf-name ] [ router-id router-id ]
command, the OSPF process will select the router-id parameter first. Otherwise,
the parameter is selected automatically.
 If the OSPF process is configured or selects the router-id parameter, after being
modified, the router-id parameter takes effect after the OSPF process is
rebooted.

94
Raisecom
7.4.2 Configuring OSPF special area
Configuring Stub area

For the non-backbone area at the edge of Autonomous System (AS), you can configure the
stub command on all routers in the area to configure the area to a Stub area. In this case,
Type5 LSA, which is used to describe external routes of the AS cannot be flooded in the Stub
area. This facilitates reducing the routing table size.

2 Raisecom(config)#router ospf Enable an OSPF process and enter OSPF configuration
process-id [ vrf vrf-name ] mode.
3 Raisecom(config-router- Configure the area to a Stub area.
ospf)#area area-id stub [ no-
summary ]
The no-summary parameter is used to disable the ABR from
sending Summary LSA to the Stub area, which means that
the Stub area is a Totally Stub area.
This parameter is only applicable to the ABR for the Stub
area.
By default, no area is a Stub area.
4 Raisecom(config-router- Configure the default route cost of the Stub area.
ospf)#area area-id default-
cost cost
This command is available for the ABR in the Stub area only.
By default, it is 1.
 All routers in the Stub area must be configured with the Stub property through the
area area-id stub command.
 To configure an area as a Totally Stub area, all routers in the area must be
configured through the area area-id stub command. In addition, all ABRs in the
area must be configured through the area area-id stub no-summary command.
 The backbone area cannot be configured to a Stub area.
 ASBR should not be in the Stub area, which means that routes outside the AS
cannot be transmitted in the Stub area.
Configuring OSPF NSSA area

2 Raisecom(config)#router ospf process-id Start an OSPF process and enter the OSPF
[ router-id router-id ] configuration mode.

95
Raisecom

3 Raisecom(config-router-ospf)#area area-id Configure the area to be NSSA area. Only
nssa [ no-summary ] non-backbone area can be a NSSA area.
By default, the non-backbone areas are all
common areas.
7.4.3 Configuring OSPF network type
Configuring broadcast network

3 Raisecom(config-port)#ip ospf network Configuring the network type of the Layer 3
broadcast interface to broadcast.
By default, the IP interface network is a broadcast
network.
4 Raisecom(config-port)#ip ospf priority Configure the priority of the router interface.
priority
Configuring NBMA network

interface-number
3 Raisecom(config-port)#ip ospf network non- Configure the Layer 3 interface network
broadcast mode to NBMA.
By default, the IP interface network is a
broadcast network.
4 Raisecom(config-port)#ip ospf priority Configure the priority of the router
priority interface.
5 Raisecom(config-port)#exit Exit Layer 3 interface configuration
mode.
6 Raisecom(config)#router ospf process-id Enable an OSPF process and enter
[ router-id router-id ] OSPF configuration mode.

96
Raisecom

7 Raisecom(config-router-ospf)#neighbor ip- Configure the NBMA neighbor and its
address [ priority priority ] priority.
By default, no NBMA neighbor is
configured and the priority is 0 when
you configure the NBMA neighbor.
Priorities configured through the neighbour and ip ospf priority priority commands
are different:
 The priority configured through the neighbor command indicates that whether the
neighbor has the right for election. If you configure the priority to 0 when
configuring the neighbor, the local router believes that the neighbor has no right
for election and will not send Hello packets to the neighbor. This method helps
reduce the number of Hello packets transmitted through the network during DR
and BDR election processes. However, if the local router is a DR or BDR, it will
send the Hello packet to the neighbor, whose priority is configured to 0, to
establish the neighboring relationship.
 The priority configured by the ip ospf priority priority command is used for actual
DR election.
Configuring P2MP network

3 Raisecom(config-port)#ip ospf Configure the Layer 3 interface type to P2MP.
network ptmp
network.
4 Raisecom(config-port)#exit Exit Layer 3 interface configuration mode.
5 Raisecom(config)#router ospf Enter an OSPF process and enter OSPF
process-id [ router-id router-id ] configuration mode.
6 Raisecom(config-router- Configure P2MP neighbor and its priority.
ospf)#neighbor ip-address [ priority
priority ] By default, a neighbor is not configured. The priority
is 0 when you configure a neighbor.
Configuring P2P network


97
Raisecom

3 Raisecom(config-port)#ip ospf Configure Layer 3 interface network to a P2P
network ptp network.
network.
7.4.4 Configuring OSPF routing information control
Configuring OSPF redistributed routes

2 Raisecom(config)#router ospf process-id Start an OSPF process and enter OSPF
3 Raisecom(config-router- Configure an OSPF route redistribution polity.
ospf)#redistribute { static | connected
| isis | ospf | bgp } [ metric metric ] By default, no external route is redistributed.
[ metric-type { 1 | 2 ) ] [ tag tag- When an external route is redistributed:
value ] [ route-map map-name ]  When the directly-connected and static route is
Raisecom(config-router- redistributed, the metric is 1 by default. When
ospf)#redistribute ospf [ process-id ] other routes are redistributed, use the original
[ vrf vrf-name ] [ metric metric ] metric of the external route as the metric of the
[ metric-type { 1 | 2 ] [ tag tag- LSA.
value ] [ route-map map-name ]  If no Metric-type is specified, the Metric-type
is Type2 by default.
 If no Tag is specified, take the original Tag of
the external route as the Tag of the LSA.

4 Raisecom(config-router- Configure the threshold of redistributed OSPF
ospf)#redistribute limit limit-number external routes.
By default, no threshold is configured.
Configuring inter-area route aggregation

If there are sequent network segments in the area, you can configure route aggregation on the
ABR to aggregate these network segments to a network segment. When sending routing
information, the ABR generates Type3 LSA by taking the network segment as the unit.

2 Raisecom(config)#router ospf process- Start an OSPF process and enter OSPF configuration
id [ router-id router-id ] mode.

98
Raisecom

3 Raisecom(config-router-ospf)#area Configure the inter-area route aggregation.
area-id range ip-address ip-mask
[ not-advertise ] By default, no inter-area route aggregation is
configured. When you configure the aggregated
route, the cost is the maximum Metric of the LSA by
default. In addition, the aggregated route is
redistributed.
Aggregating redistributed external routes

After the external route is redistributed, configure route aggregation on the ASBR. The
RAX711-R just puts the aggregated routes on the ASE LSA for advertising them out. This
helps reduces the number of LSAs in the Link State Database (LSDB).

3 Raisecom(config-router-ospf)#summary- Aggregate external routes.
address ip-address ip-mask [ not-
advertise ] [ metric metric ]
By default, external routes are not aggregated.
When external aggregates are aggregated, the
Metric is the maximum Metric of the LSA by
default.
Configuring advertisement of default route

2 Raisecom(config)#router ospf Start an OSPF process and enter OSPF configuration mode.
process-id [ router-id router-
id ]
3 Raisecom(config-router- Advertise the default route. If you select the always
ospf)#default-information parameter, the device will always advertise the default
originate [ always ] [ metric route.
metric ] [ type { 1 | 2 } ]
By default, no default route is generated. When the default
LSA is generated, if the always parameter is specified, the
default Metric is 1. If the always key parameter is not
specified, the Metric is 10.

99
Raisecom
Configuring DR election priority

Configuring load balancing

3 Raisecom(config-router-ospf)#maximum load- Configure the maximum path number of IP
balancing number equal-cost multi-path load balancing.
Maximizing LSA metric

3 Raisecom(config-router-ospf)#max-metric Enable maximum metric of OSPF LSA
router-lsa [ include-stub ] [ on-startup packets. The metric of LSA packet in the
time ] corresponding area will be automatically
configured to 0xFFFF.
Configuring SPF calculation interval

When the OSPF LSDB changes, the SPF will re-calculate the shortest path. If the network
changes frequently and it needs to calculate the shortest path immediately, it will occupy a
great amount of system resources and affect efficiency of the router. By adjusting the SPF
calculation interval, you can prevent some effects brought by frequent network changes.


100
Raisecom

3 Raisecom(config-router-ospf)#timers spf Configure the calculation delay and
delay-time hold-time interval of the OSPF route.
By default, the calculation delay is 2s and
the calculation interval is 3s.
Configuring compatible RFC 1583

3 Raisecom(config-router-ospf)#compatible Configure OSPF-compatible RFC1583.
rfc1583
By default, OSPF is compatible with
RFC1583.
Configuring OSPF administrative distance

3 Raisecom(config-router-ospf)#distance Configure the OSPF administration
administrative-distance distance. By default, it is configured to
110.
4 Raisecom(config-router-ospf)#distance ospf Configure the administration distance of
{ intra-area | inter-area | external } OSPF specified route.
distance
By default, it is configured to 0. However,
it takes 110 as the standard.
7.4.5 Configuring OSPF interface
Configuring interface cost value


101
Raisecom

3 Raisecom(config-port)#ip ospf cost cost Configure the route cost of the IP interface.
By default, interface route cost is not configured.
(Optional) configuring OSPF packet timer

interface-number
3 Raisecom(config-port)#ip ospf dead-interval Configure the OSPF neighbor dead
seconds interval.
By default, it is 4 times of Hello packet
delivery interval. If no Hello packet
delivery interval is configured, it is
configured to 40s for P2P and
Broadcast interfaces and 120s for
P2MP and NBMA interfaces by
default.
4 Raisecom(config-port)#ip ospf hello-interval Configure the ODPF Hello packet
seconds delivery interval.
By default, it is configured to 10s for
P2P and Broadcast interfaces and 30s
for P2MP and NBMA interfaces
5 Raisecom(config-port)#ip ospf poll-interval Configure the OSPF Poll timer interval.
seconds
By default, it is configured to 120s.
6 Raisecom(config-port)#ip ospf retransmit- Configure the LAS retransmission
interval seconds interval on the IP interface.
7 Raisecom(config-port)#ip ospf transmit-delay Configure the LSA retransmission
seconds delay on the IP interface.
 When the dead-interval is not manually configured, after hello-interval is

configured, dead-interval and poll-interval is changed to 4 times of hello-interval.
 When the dead-interval is manually configured, after hello-interval is configured,
no effect is brought to the dead-interval and poll-interval. No matter whether you
configure the poll interval or not, the poll-interval changes with the dead-interval.
Therefore, we recommend configure these 3 values in the following order: hello-
interval, dead-interval, and poll-interval.

102
Raisecom
Configuring OSPF passive interface

To make some OSPF routing information not obtained by some router in the network, you can
configure the interface to an OSFP passive interface to disable the interface from sending
OSPF packets.

interface-number
3 Raisecom(config-port)#ip ospf passive- Enable passive interface on the OSPF
interface enable interface. By default, it is disabled.
(Optional) configuring MTU ignorance

By default, the value of MTU domain in the DD packet is the MTU value of the interface,
which sends the DD packet. Default MTU values may vary on devices. In addition, if the
MTU value of the DD packet is greater than the one of the interface, the DD packet will be
discarded. To ensure receiving the DD packet properly, enable MTU ignorance to set the
MTU value to 0. Therefore, all devices can receive the DD packet.

interface-number
3 Raisecom(config-port)#ip ospf mtu-ignore Enable MTU ignorance on the IP
enable interface. By default, MTU ignorance is
disabled on the IP interface to check MTU
of the OSPF Hello packet.
(Optional) configuring bandwidth reference value

3 Raisecom(config-router-ospf)#reference- Configure the reference bandwidthof the link.
bandwidth bandwidth
By default, the reference bandwidthis 100
Mbit/s.

103
Raisecom
 After the routing cost is manually configured through the ip ospf cost command,
the manually-configured routing cost takes effect.
 If the routing cost is not configured manually but the link reference bandwidthis
configured, the routing cost is automatically configured based on link bandwidth
reference value. The formula is: cost = link reference bandwidth (bit/s) / link
bandwidth. If the cost value is greater than 65535, it is configured to 65535. If no
link reference bandwidth is configured, it is configured to 100 Mbit/s by default.
7.4.6 Configuring OSPF authentication mode
Configuring OSPF area authentication mode

All routers in an area need to be configured with the identical area authentication mode (non-
authentication, simple authentication, or MD5 authentication). The OSPF area has no
authentication password but adopts the interface authentication password. If no interface
authentication password is configured, the empty password will be used for authentication.

2 Raisecom(config)# router ospf process-id Enable an OSPF process and enter OSPF
3 Raisecom(config-router-ospf)#area area-id Configure the area authentication mode.
authentication { md5 | simple } By default, it is configured to non-
authentication.
Configuring OSPF interface authentication mode

Packet authentication prioritizes selecting the interface authentication mode. If the interface
authentication mode is configured to non-authentication mode, the area authentication mode
will be selected. OSPF interfaces cannot establish the neighbor relationship unless the
authentication mode and authentication password are identical.

interface-number
3 Raisecom(config-port)#ip ospf authentication Configure the authentication mode of the
{ md5 | simple } IP interface. By default, it is configured to
non-authentication. It means adopting the
area authentication mode.
4 Raisecom(config-port)#ip ospf Configure the authentication password of
authentication-key { simple [ 0 | 7 ] the IP interface.
password | md5 { [ key-id [ 0 | 7 ]
password ] | keychain keychain-name } }

104
Raisecom
7.4.7 Configuring OSPF routing policy
Configuring OSPF receiving policy

2 Raisecom(config)#ip prefix-list list-name Configure the address prefix list.
[ index number ] { permit | deny } ip-
address mask-length [ ge ge-length ] [ le
le-length ]
3 Raisecom(config)#ip-access-list acl-number Configure the IP ACL rules.
{ deny | permit } ip any { destination-ip-
address ip-mask At present, the device only supports the
destination IP address and mask specified
in the IP ACL for matching the address
prefix.
5 Raisecom(config-router-ospf)#distribute-list Configure the OSPF filtering policy for
{ ip-access-list acl-number | prefix-list receiving the OSPF inter-area routes, intra-
list-name } in area routes, and AS external routes.
 Before configuring OSPF receiving policy, ensure that the IP ACL used by the
OSPF receiving policy has been created.
 When the RAX711-R performs filtering based on IP ACL, if the ACL mode is
configured to permit, all routes, which match with the ACL, can pass. Others are
filtered.
 You cannot modify the IP ACL unless it is not used by any routing policy.
 Different from IP ACL, the IP prefix-list can be modified even it is being used.
 If the configured IP prefix-list does not exist, do not filter received routes.
Configuring OSPF releasing policy

2 Raisecom(config)#ip prefix-list list-name Configure the IP prefix-list.
address mask-length [ ge ge-length ] [ le You can use the no ip prefix-list list-name
le-length ] command to delete the configuration.
3 Raisecom(config)#ip-access-list acl-number Configure the ACL rule and enter ACL
{ deny | permit } ip any { destination-ip- mode. Enter basic IP ACL configuration
address ip-mask mode when the value of acl-number ranges
from 1000 to 1999.

105
Raisecom

Raisecom(config-ipv4-basic)#rule [ rule-id ] Configure basic IP ACL rule.
{ deny | permit } { source-ip-address
source-ip-mask | any } [ vrf vrf-id ]
5 Raisecom(config-router-ospf)#distribute-list Configure the filtering policy that the
{ ip-access-list acl-number | prefix-list OSPF releases 5 types of LSAs to the AS.
list-name } out
6 Raisecom(config-router-ospf)#distribute-list Configure the OSPF releasing policy.
{ ip-access-list acl-number | prefix-list
list-name } out [ static | connected | rip |
isis | bgp ]
Raisecom(config-router-ospf)#distribute-list
{ ip-access-list acl-number | prefix-list
list-name } out ospf process-id [ vrf vrf-
name ]
 Before configuring OSPF global releasing policy, ensure that the IP ACL used by
the OSPF global releasing policy has been created.
 You cannot modify the IP ACL unless it is not used by any routing policy.
 Different from IP ACL, the IP prefix-list can be modified even it is being used.
 After global releasing policy is configured, routes cannot be redistributed to the
local LSDB unless it passes the global releasing policy. After protocol releasing
policy is configured, the route can be redistributed through the protocol releasing
policy.
 After protocol releasing policy is configured, the redistributed protocol route can
be redistributed to the local LSDB through the protocol releasing policy. If global
releasing policy is also configured, the route must be redistributed through the
global releasing policy.
Configuring Type3 LSA filtering policy

2 Raisecom(config)#ip prefix-list list-name Configure the IP prefix-list.
address mask-length [ greater-equal ge- You can use the no ip prefix-list list-name
length ] [ less-equal le-length ] command to delete the configuration.
3 Raisecom(config)# router ospf process-id Enable an OSPF process and enter OSPF
4 Raisecom(config-router-ospf)#area area-id Configure Type3 LSA filtering policy in
filter prefix-list list-name { in | out } the area.

106
Raisecom
If the configured filtering policy does not exist, it believes that the command fails to
configure the filtering policy and no filtering operation is performed on received routes.
7.4.8 Configuring OSPF GR

3 Raisecom(config-router-ospf)#capability Enable OSPF Opaque LSA.
opaque
4 Raisecom(config-router-ospf)#capability Configure OSPF GR.
restart { graceful | signaling }
 Graceful: standard GR
 Signaling: non-standard GR
5 Raisecom(config-router-ospf)#ospf (Optional) configure OSPF standard GR period.
restart grace-period seconds
By default, the OSPF standard GR period is
120s.
6 Raisecom(config-router-ospf)#ip ospf (Optional) configure the interval from GR to re-
resync-timeout seconds synchronization.
By default, the interval is the same with the
invalid time of OSPF neighbor.
7 Raisecom(config-router-ospf)#ospf (Optional) start GR helper rules in OSPF
restart helper { never | planned-only } standard GR mode.
7.4.9 Configuring BFD for OSPF

2 Raisecom(config)#router ospf process-id Enter OSPF configuration mode.
3 Raisecom(config-router-ospf)#bfd all- Enable global BFD.
interfaces
4 Raisecom(config-router-ospf)#exit Enter global configuration mode.
interface-number
6 Raisecom(config-port)#ip ospf bfd Enable BFD on the interface.

107
Raisecom
 If global BFD is enabled through the bfd all-interfaces command, no matter

what BFD configurations are set on the interface, BFD is enabled.
 If global BFD is disabled, BFD configurations on the interface take effect.
7.4.10 Configuring OSPF for MPLS-TE

3 Raisecom(config-router-ospf)#capability Enable OSPF opaque LSA.
opaque
4 Raisecom(config-router-ospf)#mpls traffic- Enable TE in the OSPF area.
eng area area-id
5 Raisecom(config-router-ospf)#mpls traffic- Configure the Router ID of the MPLS-TE
eng router-id router-id router.

1 Raisecom#show ip ospf [ process-id ] [ vrf Show OSPF basic information.
vrf-name ]
2 Raisecom#show ip ospf [ process-id ] [ vrf Show OSPF interface information.
vrf-name ] interface [interface-type
interface-number ]
3 Raisecom#show ip ospf [ process-id ] [ vrf Show OSPF neighbor information.
vrf-name ] neighbor [interface-type interface-
number ] [ neighbor-id ]
4 Raisecom#show ip ospf [ process-id ] [ vrf Show OSPF routing information.
vrf-name ]route
5 Raisecom#show ip ospf [ process-id ] [ vrf Show OSPF link status database
vrf-name ] database [ max-age | self- information and statistics.
originate ]
Raisecom#show ip ospf [ process-id ] [ vrf
vrf-name ] database [ router | network |
summary | asbr-summary | external ]
[ linkstate-id ] [ adv-router ip-address |
self-originate ]
Raisecom#show ip ospf [ process-id ] [ vrf
vrf-name ] database statistics
6 Raisecom#show ip ospf [ process-id ] [ vrf Show information about routers at edges
vrf-name ] border-routers of the area and AS.

108
Raisecom

7 Raisecom#show ip ospf [ process-id ] [ vrf Show OSPF statistics or OSPF neighbor
vrf-name ] neighbor statistics statistics.
8 Raisecom#show ip ospf [ process-id ] [ vrf Show OSPF ASBR external route
vrf-name ] summay-address aggregation information.
9 Raisecom#show cspf tedb [ detail ] Show TEDB database.
7.4.12 Maintenance
Command Description
Rasiecom#clear ip ospf [ process-id | vrf vrf-name ] Reboot the OSPF process.
process [ graceful ]
7.5 Configuring ISIS

7.5.1 Configuring ISIS basic function
To run ISIS normally, two steps need to be done: start ISIS process and configure the name of
network entity. The following table lists two ways to start the ISIS process:
 Use the router isis command to start ISIS process.
 Use the ip router isis command to start ISIS process on the interface.
step Command Description
2 Raisecom(config)#router isis [ area-tag ] Start an ISIS process and enter ISIS
configuration mode.
3 Raisecom(config)#interface interface-type (Optional) enter interface configuration mode.
interface-number
4 Raisecom(config-port)#ip router isis (Optional) start an ISIS process on the
[ area tag ] interface.
configuration mode.
6 Raisecom(config-router-isis)#net network- Configure the network identifier entity of ISIS
entity routing process.

109
Raisecom
7.5.2 Configuring ISIS routing property
Configure router type

configuration mode.
3 Raisecom(config-router-isis)#is-type Configure router type.
{ level-1 | level-1-2 | level-2-only }
By default, the type is level-1-2.
4 Raisecom(config-router-isis)#hostname (Optional) enable the switching mechanism
dynamic of dynamic hostname.
Configuring overhead
The ISIS overhead can be configured automatically or manually. After the automatic
calculation of the overhead on the interface is enabled, the ISIS will automatically calculate
the overhead on the interface according to the following rules:
 When the type of overhead is configured to wide, ISIS will automatically calculate the
value according to the interface rate, the formula is: overhead on the interface =
reference rate/interface rate × 10, and the max value obtained is 16777214.
 When the type of overhead is configured to narrow, the interface overhead is:
– 60 for interface rate between 1 and 10 Mbit/s
– 10 for other conditions

configuration mode.
3 Raisecom(config-router-isis)#metric-style Configure the type of ISIS overhead.
{ narrow | transition | wide }
Raisecom(config-router-isis)#exit
By default, it is narrow.
4 Raisecom(config-router-isis)#auto-metric Enable automatic calculation of overhead
{ enable | disable } on the interface.

110
Raisecom

interface-number
6 Raisecom(config-port)#isis metric metric Configure the overload value on the
[ level-1 | level-2 ] interface.
Configure reference rate

2 Raisecom(config)#router isis [ area- Start an ISIS process and enter ISIS
tag ] configuration mode.
3 Raisecom(config-router-isis)#reference- Configure reference rate referred to while
bandwidth bandwidth calculating technical link overhead.
By default, it is 100 Mbit/s.
Configure ISIS management distance

2 Raisecom(config)#router isis [ area-tag ] Start an OSPF process and enter PSPF
configuration mode.
3 Raisecom(config-router-isis)#distance Configure the management distance of
distance [ ip-address mask-address ] ISIS routing.
7.5.3 Configuring ISIS network
Configuring type of ISIS network

interface-number
3 Raisecom(config-port)#isis network point-to- Configure the type of interface network to
point P2P.
By default, the type is broadcast.

111
Raisecom
Adjacencies
This configuration is only applied to Level-1-2 routers.
 If the host is Level-1-2 router, it needs to establish association with peer router in certain
area (Level-1 or Level-2). Configuring an area for establishing adjacency can restrain the
interface from receiving and sending the Hello packet only from that certain area.
 In the point-to-point link, the interface can only receive and send one type of Hello
packet. Configuring an area for establishing adjacency can reduce the processing time
between routers and save bandwidth.
interface-number
3 Raisecom(config-port)#isis circuit-type Configure an area for establishing interface
{ level-1 | level-1-2 | level-2-only } adjacency.
By default, it is Level-1-2.
Configuring DIS priority

The Designated Intermedia System (DIS) election of the ISIS is preemptive and predictable.
There is not backup DIS in the ISIS. Therefore, when one DIS does not work, another DIS
will be elected. The rules for electing the DIS are as below:
 The router with highest DIS election priority will be elected. If all routers have the same
priority, the router with biggest MAC address will be elected.
 The DIS in Level-1 and Level-2 are elected respectively but the result may be not the
same IS.
 The interval between sending Hello packet by DIS is 1/3 times of that by common
routers, which can ensure that the invalid DIS be detected in no time.
interface-number
3 Raisecom(config-port)#isis priority priority Configure the DIS priority on the interface
[ level-1 | level-2 ] in different areas.
7.5.4 Optimizing ISIS network
Configuring ISIS packet timer

The invalid number of Hello packet is decided by the Holddown time. If the router cannot
receive Hello packet sent by the peer router within the Holddown time, the peer router can be

112
Raisecom
considered invalid. The Holddown time is configured based on the interface and different
router in the same area can set different Holddown time.
By changing the time interval for sending Hello packet of ISIS or the invalid number of Hello
packet, you can adjust the Holddown time.

3 Raisecom(config-port)#isis hello- Configure the interval between sending Hello
interval seconds [ level-1 | level-2 ] packets on the interface of different areas.
4 Raisecom(config-port)#isis hello- Configure the number of invalid ISIS neighbor
multiplier number [ level-1 | level-2 ] Hello packets on the interface of different areas.
5 Raisecom(config-port)#isis csnp-interval Configure the interval between sending CSNP
seconds [ level-1 | level-2 ] packets on the interface of different areas in the
broadcast network.
Configuring LSP

3 Raisecom(config-port)#isis lsp-interval Configure the interval between sending LSP
milliseconds packets.
By default, it is 33ms.
4 Raisecom(config-port)#isis retransmit- Configure retransmission interval between
interval seconds sending LSP packets on the point-to-point link.
5 Raisecom(config)#router isis [ area- Configure the interval between generating LSP.
tag ]
Raisecom(config-router-isis)#lsp-gen- By default, it is 5s.
interval seconds [ level-1 | level-2 ]
6 Raisecom(config-router-isis)#max-lsp- Configure the longest TTL of the LSP
lifetime seconds [ level-1 | level-2 ] generated.
7 Raisecom(config-router-isis)#lsp- Configure the refresh time of LSP.
refresh-interval seconds [ level-1 |
level-2 ] By default, it is 900s.
8 Raisecom(config-router-isis)#ignore-lsp- Enable ignoring the checkout for LSP.
errors

113
Raisecom
Configuring the interval for calculating SPF

configuration mode
3 Raisecom(config-router-isis)#spf-interval Configure the interval for calculating SPF
seconds [ level-1 | level-2 ] in the ISIS.
4 Raisecom(config-router-isis)#set-overload- (Optional) enable overload bit.
bit
Configure ISIS passive interface

If you do not wish the ISIS routing information to be obtained by the router in certain network,
you can configure the interface to ISIS passive interface to prevent it from sending ISIS
packets.

interface-number
3 Raisecom(config-port)#isis passive Enable the passive function on ISIS interface.
Configure Hello packet padding

Hello packet padding refers to padding Hello packet with MTU field, thus notifying peer and
local interface of the MTU.

configuration mode.
3 Raisecom(config-router-isis)#hello padding Enable Hello Packet padding.
By default, all types of interface are padded
with standard Hello packet.

114
Raisecom
7.5.5 Configure ISIS authentication

configuration mode.
3 Raisecom(config-router-isis)#area-password Configure Level-1 area authentication.
{ clear password | md5 password }
[ authenticate snp { send-only | validate } ]
4 Raisecom(config-router-isis)#domain-password Configure Level-2 area authentication.
{ clear password | md5 password }
[ authenticate snp { send-only | validate } ]
Configure ISIS interface authentication

The packet authentication gives preference to interface authentication mode. If the interface
authentication mode is no authentication, the area authentication mode will be selected. Only
when the authentication mode and the password are the same, can the OSPF interface
establish neighborship.

interface-number
3 Raisecom(config-port)#isis password { clear Configure the ISIS authentication mode
password | md5 password } [ level-1 | level-2 ] and password on the interface.
7.5.6 Controlling ISIS routing information
Configuring ISIS redistributed routes

configuration mode.
3 Raisecom(config-router-isis)#redistribute Configure protocol route redistributed
{ connected | static | rip | ospf process-id | policy.
isis area-tag | bgp } [ route-map map-name ]
[ level-1 | level-2 | level-1-2 ] [ metric
By default, ISIS does not redistribute
metric ] [ metric-type { external | other protocol routes. If you do not
internal } ] specify the area when it redistributes
routes, it will redistribute routes to
Level-2 by default.

115
Raisecom

4 Raisecom(config-router-isis)#redistribute isis Configure ISIS route redistributed
ip level-2 into level-1 policy among areas. By default, the
routing information in level-2 will not
be distributed to Level-1.
Configuring redistributing default route

configuration mode.
3 Raisecom(config-router-isis)#default- Configure redistributing Level-2
information originate default route.
Configuring ISIS route aggregation

Route aggregation can not only reduce the scale of routing table but also shrink the size of
LSP packet generated by the local router and reduce the scale of LSDP.
 The route aggregated can be the route found by the ISIS and can also be the route
redistributed externally.
 The overload of aggregated route takes the minimum overload among all the routes
aggregated.
 The route only aggregates the route generated in the local LSP.
configuration mode.
3 Raisecom(config-router-isis)#summary-address Configure route aggregation among areas.
ip-address mask-address [ level-1 | level-2
| level-2-only ]
By default, there is no route aggregation.
The overload while configuring route
aggregation is the maximum Metric in the
LSA. And the route aggregation will be
advertised.
7.5.7 Configuring ISIS BFD


116
Raisecom

configuration mode.
3 Raisecom(config-router-isis)#isis bfd enable Enable global ISIS BFD.
4 Raisecom(config-router-isis)#bfd all-interfaces Enable ISIS BFD on all interfaces.
7.5.8 Configuring ISIS GR

Configure ISIS graceful restart and the consecutive master-to-slave switching while booting.

configuration mode.
3 Raisecom(config-router-isis)#graceful-restart Enable ISIS graceful restart.
4 Raisecom(config-router-isis)#graceful-restart Enable the interval of ISIS graceful
interval seconds restart.
5 Raisecom(config-router-isis)#graceful-restart Enable ISIS graceful restart to restrain
sa enable the neighbor device from advertising
routes.
7.5.9 Configuring ISIS TE

configuration mode.
3 Raisecom(config-router-isis)#mpls traffic-eng Enable MPLS-TE and configure
{ level-1 | level-2 } MPLS-TE level.
4 Raisecom(config-router-isis)#mpls traffic-eng Configure the Router ID of MPLS-TE
router-id router-id router.
By default, the ISIS Router ID is used.

117
Raisecom

1 Raisecom#show isis interface [ detail ] Show information about ISIS interface.
2 Raisecom#show isis neighbor [ system-id | Show information about ISIS
detail ] neighbors.
3 Raisecom#show isis hostname Show the mapping between host name
and system ID.
4 Raisecom#show isis route Show information about ISIS IPv4
route.
5 Raisecom#show isis topology [ level-1 | level- Show information about ISIS topology.
2 ]
6 Raisecom#show isis database [ lsp-id | detail ] Show database about ISIS status.
7 Raisecom#show isis summary Show basic configurations about ISIS.
8 Raisecom#show isis mpls traffic-eng Show interface information advertised
advertisements by the router.
7.5.11 Maintenance
1 Rasiecom#clear isis area-tag [ graceful-restart ] Clear information about ISIS.
2 Rasiecom#clear isis neighbor [ system-id ] Clear information about ISIS
neighbors.
7.6 Configuring BGP

7.6.1 Configuring BGP basic functions
2 Raisecom(config)#router bgp as-id Enable BGP and create a BGP instance.
Enter BGP configuration mode.
3 Raisecom(config-router)#bgp router-id router-id Configure the BGP Router ID.

118
Raisecom
7.6.2 Configuring BGP route advertisement

2 Raisecom(config)#router bgp as-id Enter BGP configuration mode.
3 Raisecom(config-router)#network ip-address Advertise routes to the BGP routing table.
[ mask-address ] [ route-map route-map-
name ]
7.6.3 Configuring BGP redistributed routes
Configuring BGP peer

BGP uses the TCP connection. Therefore, when configuring BGP, you need to configure the
IP address of the BGP peer. The BGP peer can be a non-adjacent router. You can establish a
BGP peer relationship through logical links. To enhance stability of the BGP connection, we
recommend using the loopback interface address to establish the connection.
Specified IP addresses of BGP peers are divided into 2 types:
 Interface IP address of the directly-connected BGP peer
 Loopback interface address of the BGP peer which is reachable. In this mode, you need
to configure the route update source to ensure that the BGP peer is established properly.
3 Raisecom(config-router)#neighbor ip- Create a BGP peer and specify the AS ID of
address remote-as as-id the BGP peer.
 When the peer AS ID is the same with the
local AS ID, this peer is an IBGP peer.
 When the peer AS ID is different from the
local AS ID, this peer is an EBGP peer.

By default, there is no BGP peer.
4 Raisecom(config-router)#neighbor ip- Configure to use the specified local source
address1 update-source ip-address2 interface for establishing the BGP connection.
Raisecom(config-router)#neighbor ip-
address1 update-source interface-type
The BGP connection can be established
interface-number
successfully when any end is configured with
the update source properly. However, it may
take more time to establish the connection. To
ensure that the stability of the connection, we
recommend configure update source addresses
for both ends.
5 Raisecom(config-router)#neighbor ip- Configure the weight of the route learned
address weight weight from the BGP peer.
By default, it is configured to 0.

119
Raisecom

6 Raisecom(config-router)#neighbor ip- Enable the BGP peer to exchange the
address activate specified address family route.
By default, enable the BGP peer to exchange
the IPv4 unicast address family route only.
7 Raisecom(config-router)#neighbor ip- Enable the RAX711-R to send the default
address default-originate route to the BGP peer.
By default, the RAX711-R is disabled from
sending the default route to the BGP peer.
8 Raisecom(config-router)#neighbor ip- Configure descriptions of the BGP peer.
address description string
By default, there is no description of the BGP
peer.
9 Raisecom(config-router)#neighbor ip- Configure the router to modify the next-hop
address next-hop-self address of the route to the IP address of the Tx
end, when the router releases the route to the
BGP peer.
By default, when the router advertises the
route to the BGP peer, the next-hop address of
the route is identical to the next-hop IP
address of the route in the local BGP routing
table.
10 Raisecom(config-router)#bgp log-neighbor- Enable the log which is used to inform the
changes BGP peer of state change.
11 Raisecom(config-router)#neighbor ip- (Optional) disable establishment of the BGP
address shutdown connection with the specified BGP peer.
By default, enable establishment of the BGP
connection with the BGP peer.
12 Raisecom(config-router)#neighbor ip- (Optional) allow establishing the EBGP
address ebgp-multihop [ ttl ] connection with BGP peers in the indirectly-
connected network. In addition, specify the
maximum hops allowable for the specified
EBGP connection.
By default, only physically directly-connected
BGP peers can establish the EBGP
connection.
13 Raisecom(config-router)#bgp redistribute- Redistribute routing information, learned from
internal the IBGP peer, to the IGP.
By default, disable redistribution of the IBGP
route to the IGP.

120
Raisecom
Configuring BGP redistributed routes

The BGP cannot discover the route. Therefore, it needs to redistribute routes based on other
protocols (such as IGP or static route) to the BGP routing table to make these routes to be
transmitted in or between ASs.

3 Raisecom(config-router)#redistribute Configure the BGP to redistribute routes,
{ connected | static | ospf | isis } which is based on other protocols, to the
[ metric metric ] [ route-map map ] BGP routing table.
Configuring redistributing default route

3 Raisecom(config-router)#default-information Configure the BGP to redistribute the
originate default route.
7.6.4 Configuring BGP routing properties
Configuring BGP administration distance

3 Raisecom(config-router)#distance bgp ebgp Configure the administration distance of
distance1 ibgp distance2 local distance3 the BGP route.
 The administration distance of external
routes (routes learned through the EBGP)
is configured to 20 by default.
 The administration distance of internal
routes (routes learned through the IBGP)

is configured to 200 by default.
 The administration distance of local
routes (BGP routes redistributed through

the aggregation command) is configured
to 200 by default.

121
Raisecom
Configuring policy for selecting BGP

3 Raisecom(config-router)#bgp (Optional) configure the BGP not to consider the
deterministic-med receiving sequence when selecting the route.
By default, the BGP considers the receiving
sequence when selecting the route.
4 Raisecom(config-router)#bgp always- Configure the BGP to compare the MED for all
compare-med paths.
5 Raisecom(config-router)#bgp bestpath Set the BGP optimum path selection policy to
compare-routerid selecting the route with the minimum Router ID.
By default, the BGP selects the BGP route which is
received earliest.
6 Raisecom(config-router)#bgp bestpath Configure the BGP to ignore the AS-PATH
as-path ignore property when selecting the optimum path.
Configuring BGP and IGP route synchronization

After BGP synchronization is enabled,
 The BGP route can participate into selection if it meets the following requirements. And
if it is selected, the RM is applied to the routing table.
– In the RM, the BGP route learned through IBGP can exactly match the route learned
through IGP.
– The administration distance of the IGP route is shorter than the administration
distance of the BGP route.
 The BGP route status will flap and sometimes it may participate into selection, but
sometimes not if it meets the following requirements:
– The BGP route learned through IBGP can exactly match the route learned through
IGP.
– The administration distance of the IGP route is greater than the administration
distance of the BGP route.
3 Raisecom(config-router)#synchronization Enable BGP and IGP route synchronization.

122
Raisecom
Configuring route dampening

One main form of route instability is Route Flapping. Route flapping refers to that a route
appears and then disappears alternatively. However, route dampening can be used to
overcome route flapping.

3 Raisecom(config-router)#bgp dampening Enable BGP route dampening or modify the
[ half-life reuse suppress max-suppress- BGP route dampening parameter.
time]
By default, BGP route dampening is disabled.
After BGP dampening is enabled, the default
values of all parameters are shown as below.
 Half-life: 15min
 Reuse value: 750
 Dampening threshold: 2000
 Maximum suppress time: 60min.
7.6.5 Configuring BGP network
Configuring RR
Prefix notification rules of the Router Reflector (RR) are shown as below:
 Rule 1: the RR just notifies or reflects the optimum path to which it returns.
 Rule 2: the RR always notifies the prefix to the BGP neighbor.
 Rule 3: when notifying the prefix, the RR client follows the common IBGP loopback
prevention rule.
 Rule 4: to notify the IBGP neighbor, client, or non-client of the prefix, follow rules 5, 6,
and 7.
 Rule 5: the RR notifies all its clients and non-clients of the prefix, which is learned from
the external BGP neighbor.
 Rule 6: the RR notifies all its clients of the prefix, which reaches the RR through a non-
client IBGP neighbor.
 Rule 7: the RR notifies other clients and non-clients of the route, if the prefix reaches the
RR through a client.
In some networks, clients of the RR have established a full connection. They can
exchange routing information directly without using route reflection. In this case, you
can use the no bgp client-to-client reflection command to disable route reflection
among clients of the RR.
To enhance network reliability and prevent faults from occurring at a single node, you
need to configure one or more RRs in a cluster. You can configure the identical
cluster ID for all RRs in the cluster to identify the cluster. This helps avoid loopback.

123
Raisecom

3 Raisecom(config-router)#neighbor ip-address Configure the device to the RR and set
route-reflector-client the specified neighbor as the client of the
RR.
By default, route reflection is disabled.
4 Raisecom(config-router)#bgp client-to-client Enable route reflection among clients of
reflection the RR.
By default, route reflection among clients
of the RR is enabled.
5 Raisecom(config-router)#bgp cluster-id Configure the cluster ID of the RR.
cluster-id
By default, it is configured to the Router
ID.
Configuring default local priority of BGP

3 Raisecom(config-router)#bgp default local- Configure BGP default local priority.
preference priority
Configuring BGP timer

3 Raisecom(config-router)#bgp scan-time time Configure the interval for scanning the
BGP routing table.
4 Raisecom(config-router)#timers bgp keep-alive- Configure the lifetime and maintenance
time hold-time time of the global BGP connection.
By default, the lifetime and
maintenance time of the global BGP
connection are set to 60s and 180s
respectively.

124
Raisecom

5 Raisecom(config-router)#neighbor ip-address Configure the lifetime and maintenance
timers keep-alive-time hold-time time of the neighbor.
By default, the lifetime and
maintenance time of the neighbor are
identical to the ones of the global BGP
connection.
Configuring BGP route aggregation

 At present, the RAX711-R supports BGP manual aggregation. Manual aggregation is
only valid for existing routes in the BGP local routing table. If there is no route whose
mask size is greater than 16 bytes in the BGP routing table, the BGP will not release the
aggregated route even you use the aggregate 10.1.1.1 255.255.0.0 command to
aggregate the route.
 The aggregated route cannot be set to the default route (0.0.0.0/0).
3 Raisecom(config-router)#aggregate-address Configure BGP route aggregation and
ip-address mask-address release the aggregated route and detail
route.
4 Raisecom(config-router)#aggregate-address Configure BGP route aggregation, release
ip-address mask-address summary-only the aggregated route only and dampens the
detail route.
5 Raisecom(config-router)#aggregate-address Configure BGP route aggregation and set
ip-address mask-address as-set the AS_SET option. The generated
aggregated route includes all AS IDs in the
AS_PATH and takes them as an AS_SET
to prevent the route loop.
Configuring BGP route filtering

2 Raisecom(config)#ip as-path access-list Configure the filter of the AS_PATH list.
access-list-number { permint | deny } regexp
4 Raisecom(config-router)#neighbor ip-address Configure the BGP route filtering policy
filter-list access-list-number { in | out } based on the AS_PATH list.
5 Raisecom(config-router)#neighbor ip-address Apply the routing policy to the specified
route-map map-name { in | out } neighbor to filter or release the route.

125
Raisecom

6 Raisecom(config-router)#distribute-list Filter BGP routing information based on
prefix list-name{ in | out } the IP prefix-list.
7 Raisecom(config-router)#distribute-list Filter routes redistributed to the BGP
prefix list-name out [ connected | static | routing table based on the IP prefix-list.
rip | ospf | isis ]
8 Raisecom(config-router)#neighbor ip-address Configure the specified neighbor to filter
prefix-list prefix-list-name { in | out } received or released routes based on the IP
prefix-list.
7.6.6 Configuring BGP GR

After being started, BGP Graceful Restart (GR) helps to prevent interrupting the forward
process caused by protocol restart.

3 Raisecom(config-router)#bgp graceful-restart Enable BGP GR.
all
4 Raisecom(config-router)#bgp graceful-restart Configure the maximum time used for re-
restart-time seconds establishing the neighboring relationship
during the GR process.
5 Raisecom(config-router)#bgp graceful-restart Configure the maximum time for the
stalepath-time seconds Helper to keep the Stale route during the
GR process.
7.6.7 Configuring BFD for BGP

3 Raisecom(config-router)#neighbor ip-address Enable BFD for BGP.
fall-over bfd

126
Raisecom
7.6.8 Configuring BGP authentication

3 Raisecom(config-router)#neighbor ip-address Enable performing MD5 authentication on
password password the BGP message when the BGP neighbor
establishes the TCP connection.

1 Raisecom#show ip bgp Show contents of the local BGP routing
table.
2 Raisecom#show ip bgp ip-address [ ip-mask ] Show information about the specified
network in the local BGP routing table.
3 Raisecom#show ip bgp vpnv4 { all | rd rd } Show BGP VPNv4 routing information.
4 Raisecom#show ip bgp vpnv4 all labels Show label information carried by the
BGP VPNv4 route.
5 Raisecom#show ip bgp vpnv4 all network-address Show routing information about the
[ network-mask ] specified BGP VPNv4.
6 Raisecom#show ip bgp dampening dampened-paths Show dampened routing information.
7 Raisecom#show ip bgp dampening parameters Show route dampening parameters.
8 Raisecom#show ip bgp dampening flap-statistics Show route flapping statistics.
9 Raisecom#show ip bgp [ ipv4 unicast | vpnv4 Show summaries of the BGP neighbor.
all ] summary
10 Raisecom#show ip bgp [ ipv4 unicast | vpnv4 Show detailed status information about
all ] neighbors [ ip-address ] the BGP neighbor.
11 Raisecom#show ip as-path access-list access- Show information about the filter of the
list-number AS_PATH list.
7.6.10 Maintenance
Command Description
Rasiecom#clear ip bgp dampening [ network- Clear all route dampening information.
address [ network-mask ] ]

127
Raisecom
Command Description
Rasiecom#clear ip bgp { all | ip-address | Reset all or specified BGP connections in the public
external | internal } [ ipv4 unicast | network.
vpnv4 unicast ]
Rasiecom#clear ip bgp [ ipv4 unicast |
vpnv4 unicast ]as-id
Rasiecom#clear ip bgp { all | ip-address | Update all or specified BGP routes of the public
external | internal } [ ipv4 unicast | network without breaking the BGP connecting.
vpnv4 unicast ] { in | out | soft }
Rasiecom#clear ip bgp [ ipv4 unicast |
vpnv4 unicast ] as-id { in | out | soft }

7.7.1 Example for configuring OSPF basic functions
As shown in Figure 7-1, all devices in the network are initiated with OSPF. The whole AS is
divided into Area 0, Area 1, and Area 2. After OSPF basic functions are configured, devices
can communicate with each other. In addition, all devices share the whole AS routing
information.
Figure 7-1 Configuring OSPF basic functions
Configuration steps
Step 1 Configure the IP address and encapsulated VLAN for the sub-interface.
iTNA#config
iTNA(config)#create vlan 10 active
iTNA(config)#interface gigaethernet 1/2/1.1
iTNA(config-subif)#encapsulation dot1Q 10

128
Raisecom
iTNA(config-subif)#ip address 192.168.10.1 255.255.255.0

iTNA(config-subif)#exit
iTNB#config
iTNB(config)#create vlan 10,20 active
iTNB(config)#interface gigaethernet 1/2/1.1
iTNB(config-subif)#encapsulation dot1Q 10
iTNB(config-subif)#ip address 192.168.10.2 255.255.255.0
iTNB(config-subif)#exit
iTNB(config-subif)#encapsulation dot1Q 20
iTNB(config-subif)#ip address 192.168.20.1 255.255.255.0
iTNB(config-subif)#exit
 Configure iTN C.
Raisecom#hostname iTNC
iTNC#config
iTNC(config)#create vlan 20,30 active
iTNC(config)#interface gigaethernet 1/2/2.1
iTNC(config-subif)#encapsulation dot1Q 20
iTNC(config-subif)#ip address 192.168.20.2 255.255.255.0
iTNC(config-subif)#exit
iTNC(config)#interface gigaethernet 1/2/1.1
iTNC(config-subif)#encapsulation dot1Q 30
iTNC(config-subif)#ip address 192.168.30.1 255.255.255.0
iTNC(config-subif)#exit
 Configure iTN D.
Raisecom#hostname iTND
iTND#config
iTND(config)#create vlan 30 active
iTND(config)#interface gigaethernet 1/2/1.1
iTND(config-subif)#encapsulation dot1Q 30
iTND(config-subif)#ip address 192.168.30.2 255.255.255.0
iTND(config-subif)#exit
Step 2 Create the OSPF instance and OSPF area and add the IP address to the OSPF area.

129
Raisecom
iTNA(config)#router ospf 1 router-id 10.0.0.1

iTNA(config-router-ospf)#area 1 range 192.168.10.1 255.255.255.0
iTNB(config)#router ospf 1 router-id 10.0.0.2

iTNB(config-router-ospf)#area 0 range 192.168.20.1 255.255.255.0
iTNB(config-router-ospf)#area 1 range 192.168.10.2 255.255.255.0
iTNC(config)#router ospf 1 router-id 10.0.0.3

iTNC(config-router-ospf)#area 0 range 192.168.20.2 255.255.255.0
iTNC(config-router-ospf)#area 2 range 192.168.30.1 255.255.255.0
 Configure iTN D.
iTND(config)#router ospf 1 router-id 10.0.0.4

iTND(config-router-ospf)#area 2 range 192.168.30.2 255.255.255.0
Checking results
Use the show ip ospf command to show OSPF basic information about the RAX711-R. Take
iTN A for example.
iTNA#show ip ospf
OSPF information
Ospf instance 1
---------------------------------------------
Router id: 10.0.0.1
Admin status: UP
Operate status: UP
Version: 2
Max equal cost paths: 1
RFC1583 Compatibility: NO
Opaque lsa support: YES
TE support: YES
Min lsa generation interval: 5000
Min lsa arrival: 1000
Spf schedule interval: 5000
Area border router: NO
Autonomous System border router:YES
External lsa(Type 5) count: 0
External lsa checksum: 0

130
Raisecom
Use the show ip ospf lsdb command to show LSDB information about the RAX711-R. Take
iTN A for example.
iTNA#show ip ospf lsdb

Process Area-id Router-id Ls-id Type
-----------------------------------------------------------------
Process Area-id Router-id Ls-id Type
-----------------------------------------------------------------
1 0.0.0.1 10.0.0.1 10.0.0.1 router
1 0.0.0.1 10.0.0.2 10.0.0.2 router
1 0.0.0.1 10.0.0.2 192.168.10.2 network
1 0.0.0.1 10.0.0.2 192.168.20.0 summary
1 0.0.0.1 10.0.0.2 192.168.30.0 summary
1 0.0.0.1 10.0.0.2 10.0.0.3 as-summary
1 0.0.0.1 10.0.0.2 10.0.0.4 as-summary
1 0.0.0.1 10.0.0.1 1.0.0.1 area-opaque
1 0.0.0.1 10.0.0.2 1.0.0.1 area-opaque
Use the show ip route ospf command to show routing table information about the RAX711-R.
Take iTNA for example.
iTNA#show ip route ospf

Codes:IA - OSPF inter area route,E1 - OSPF external type 1 route,E2 -
OSPF external type 2 route
Flags: D - download to forwarding table
-------------------------------------------------------------------------
------------
ospf routes: 3
Destination/Mask Proto Pre Cost Flags Nexthop Interface
RpmIndex Codes
192.168.10.0/24 ospf 30 1 0.0.0.0 ip0
1
192.168.20.0/24 ospf 30 2 D 192.168.10.2 ip0
1 IA
192.168.30.0/24 ospf 30 3 D 192.168.10.2 ip0
1 IA
Use the show ip ospf neighbor command to show OSPF neighbor information about the
RAX711-R. Take iTNA for example.
iTNA#show ip ospf neighbor

OSPF Process 1 's neighbors:
-----------------------------
Router ID: 10.0.0.2
IP Address: 192.168.10.2
Area ID: 0.0.0.1
State: full
Options: 0X42 E O
Hello suppressed: NO

131
Raisecom
Priority 1
Hold time 38
7.7.2 Example for configuring BGP basic functions
As shown in Figure 7-2, there are multiple ASs in a network. To efficiently transmit routes
between ASs and make them communicate with each other, all iTN devices should run the
BGP. Establish the EBGP connection between iTN A and iTN B and establish IBGP between
iTN B and iTN C. Ensure that iTN C can access the network segment (with the IP address and
subnet mask being set to 6.1.1.0 and 255.255.255.0 respectively) directly connected with iTN
A.
Figure 7-2 Configuring BGP basic functions
Configuration steps
Step 1 Configure the IBGP connection.
Raisecom(config)#router bgp 200

Raisecom(config-router)#bgp router-id 2.2.2.2
Raisecom(config-router)#neighbor 4.1.1.2 remote 200

Step 2 Configure EBGP connection.


132
Raisecom


Step 3 Configure iTN A to release the route to the network segment, whose IP address and subnet
mask is configured to 6.1.1.0 and 255.255.255.0 respectively.

Raisecom(config-router)#network 6.1.1.0 255.255.255.0
Step 4 Configure iTN B to redistribute the directly-connected route.

Raisecom(config-router)#redistribute connected
Checking results
Use the show ip bgp command to show local configurations.
Local router ID is 100.0.0.1
Status codes: s - suppressed, d - damped, h - history, * - valid, > -

best i - internal, S - Stale, R - Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 3.1.1.0 3.1.1.1 0 ? ?
7.7.3 Example for configuring IP FRR
As shown in Figure 7-3, iTN A↔iTN B serves as the active route while iTN A↔iTN C↔iTN
B serves as the standby route. When a link between iTN A↔iTN B fails, the devices are
required to fast respond to the faults and switch services to the standby route iTN A↔iTN
C↔iTN B to recover services as soon as possible.

133
Raisecom
After IP FRR is configured, a standby route will be generated. Therefore, when the active link
fails, services can be fast switched to the standby link.
Figure 7-3 Configuring IP FRR
Configuration principle
 Enable OSPF routes on iTN A, iTN B, and iTN C respectively and make routes among
devices reachable.
 Configure a routing policy on iTN A and apply it when IP FRR is enabled. Therefore,
when the link between iTN A and iTN B fails, the standby link iTN A↔iTN C↔iTN B
can be quickly started.
 Configure BFD.
Data preparation
Table 7-1 lists the data required for configuring IP FRR.
Table 7-1 Data required for configuring IP FRR

Device Route-ID Interface IP address
iTN A 1.1.1.1 gigaethernet 1/1/1 10.10.10.1/24
gigaethernet 1/1/2 20.10.10.1/24
loopback 2 1.1.1.1/32
iTN B 2.2.2.2 gigaethernet 1/1/1 10.10.10.2/24
gigaethernet 1/1/2 30.10.10.2/24
loopback 2 2.2.2.2/32
iTN C 3.3.3.3 gigaethernet 1/1/1 20.10.10.2/24
gigaethernet 1/1/2 30.10.10.1/24
loopback 2 3.3.3.3/32
Configuration steps
Step 1 Configure the IP address of the interface.
134
Raisecom
iTN A
iTNA#config
iTNA(config)#interface loopback 2
iTNA(config-loopback2)#ip address 1.1.1.1 255.255.255.255
iTNA(config-loopback2)#interface gigaethernet 1/1/1
iTNA(config-gigaethernet1/1/1)#ip address 10.10.10.1 255.255.255.0
iTNA(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
iTNA(config-gigaethernet1/1/2)#ip address 20.10.10.1 255.255.255.0
iTNA(config-gigaethernet1/1/2)#exit
iTN B
iTNB#config
iTNB(config)#interface loopback 2
iTNB(config-loopback2)#ip address 2.2.2.2 255.255.255.255
iTNB(config-loopback2)#interface gigaethernet 1/1/1
iTNB(config-gigaethernet1/1/1)#ip address 10.10.10.2 255.255.255.0
iTNB(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
iTNB(config-gigaethernet1/1/2)#ip address 30.10.10.2 255.255.255.0
iTNB(config-gigaethernet1/1/2)#exit
iTN C
iTNC#config
iTNC(config)#interface loopback 2
iTNC(config-loopback2)#ip address 3.3.3.3 255.255.255.255
iTNC(config-loopback2)#interface gigaethernet 1/1/1
iTNC(config-gigaethernet1/1/1)#ip address 20.10.10.2 255.255.255.0
iTNC(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
iTNC(config-gigaethernet1/1/2)#ip address 30.10.10.1 255.255.255.0
iTNC(config-gigaethernet1/1/2)#exit
Step 2 Create an OSPF routing process, and define the IP addresses on which OSPF runs and the
area ID for the interface.
iTN A
iTNA(config)#router opsf 1
iTNA(config-router-ospf)#network 1.1.1.1 0.0.0.0 area 0
iTNA(config-router-ospf)#exit
iTN B

135
Raisecom
iTNB(config)#router opsf 1
iTNB(config-router-ospf)#network 2.2.2.2 0.0.0.0 area 0
iTNB(config-router-ospf)#exit
iTN C
iTNC(config)#router opsf 1
iTNC(config-router-ospf)#network 3.3.3.3 0.0.0.0 area 0
iTNC(config-router-ospf)#exit
Step 3 Configure a routing policy used to match IP address based on IP prefix list and enable IP FRR.
iTN A
iTNA(config)#ip prefix-list pfl-1 permit any

/*select the configuration parameters according to the actual need.*/
iTNA(config)#route-map map-1 permit 10
iTNA(config-route-map)#match ip address prefix-list pfl-1
iTNA(config-route-map)#set ip backup-nexthop 20.10.10.2
/*Configure the next hop IP address of the standby route.*/
iTNA(config-route-map)#set ip backup-interface gigaethernet 1/1/2
/*configure the egress interface of the standby route.*/
iTNA(config-route-map)#exit
iTNA(config)#ip frr route-map map-1
/*enable IP FRR.*/
Step 4 Configure BFD.

iTN A
iTNA(config)#bfd 1 bind peer-ip default-ip interface gigaethernet 1/1/1

iTNA(config-bfd-session)#session enable
iTN B
iTNB(config)#bfd 1 bind peer-ip default-ip interface gigaethernet 1/1/1

iTNB(config-bfd-session)#session enable

136
Raisecom
Checking results
After configurations are complete, you can use the show ip route detail command to check
whether the IP FRR standby route is successfully created.
iTNA(config)#show ip route 2.2.2.2 detail

Destination: 2.2.2.2/32
Protocol: ospf Process ID: 1
Distance: 110 Metric: 2
NextHop: 10.10.10.2 Neighbour: 0.0.0.0
NextHopIndex: 14 Interface: GE1/1/1
Label: 0 TunnelID:
State: Active Fib Age: 01:16:31
Tag: 0 XC Index: 0
BKNextHop: 20.10.10.2 BkInterface: GE1/1/2
/*IP FRR standby route*/
BKLabel: 0 BkXCIndex: 0
BKNextHopIndex: 8

137
Raisecom
RAX711-R (B) Configuration Guide 8 MPLS
8 MPLS
This chapter describes principles and configuration procedures of MPLS-TP, as well as

 Configuring MPLS basic functions
 Configuring static LSP
 Configuring LDP LSP
 Configuring MPLS TE
 Configuring MPLS fault detection
8.1 Configuring MPLS basic functions

Scenario
Configurations on MPLS basic functions are prerequisites for making other MPLS functions
effective. The Label Switching Router (LSR) is the network device, which can exchange and
forward the MPLS label. The LSR is also called the MPLS node. The LSR is the basic
element in the MPLS network. All LSRs support MPLS. To enable global MPLS function,
you must enable the LSR ID.
Prerequisite
N/A
8.1.2 Configuring MPLS basic functions

2 Raisecom(config)#mpls lsr-id lsr-id Configure the LSR ID of the device.
3 Raisecom(config)#mpls enable Enable global MPLS function.

138
Raisecom
8.1.3 Configuring MPLS Tunnel

2 Raisecom(config)#interface tunnel Enter Tunnel interface configuration mode.
interface-number
3 Raisecom(config-tunnelif)#tunnel mode Configure the Tunnel mode.
{ gre | mpls }
By default, the Tunnel is in MPLS mode.
4 Raisecom(config-tunnelif)#description (Optional) configure descriptions of the Tunnel
description interface.
5 Raisecom(config-tunnelif)#destination Configure the destination IP address of the
ip-address Tunnel interface.
6 Raisecom(config-tunnelif)#mpls signal- Configure the protocol type of the Tunnel
protocol { rsvp-te | static } interface.
By default, the protocol type of the Tunnel
interface is configured to the static protocol.
7 Raisecom(config-tunnelif)#mpls tunnel- Configure the Tunnel ID of the Tunnel interface.
id tunnel-id
8 Raisecom(config-tunnelif)#mpls te (Optional) set the current Tunnel to the bypass
bypass-tunnel Tunnel.
9 Raisecom(config-tunnelif)#mpls te hot- (Optional) configure the WTR of the hot standby
standby wtr wtr-time of the Tunnel interface.
10 Raisecom(config-tunnelif)#mpls te Configure the properties of the Tunnel interface
commit to take effect.
8.1.4 Configuring MPLS Tunnel policy

2 Raisecom(config)#tunnel-policy policy- Enter Tunnel policy configuration mode.
name
3 Raisecom(config-tunnelpolicy)#tunnel Configure Tunnel policy selection sequence.
select-seq { lsp | cr-lsp | gre } *

1 Raisecom#show mpls Show global MPLS configurations.
2 Raisecom#show mpls te tunnel Show Tunnel information.

139
Raisecom

3 Raisecom#show interface tunnel Show information about the Tunnel interface.
4 Raisecom#show mpls te hot-standby Show information about hot standby of the
state { all | interface tunnel Tunnel interface.
interface-number }
8.2 Configuring static LSP

Scenario
The static LSP is established by the administrator by manually assigning labels for all FECs.
It is suitable for simple and stable small-size network. To manually assign labels, the outgoing
label value of the last node is the incoming label value of the next mode.
The static LSP does not use the label distribution protocol and does not exchange the control
packet. Therefore, it consumes fewer resources. However, the LSP, established by statically
assigning labels, cannot be dynamically adjusted according to the network topology changes.
The administrator needs to manually adjust the static LSP.
Prerequisite
Configure MPLS basic functions.
8.2.2 Configuring static unidirectional LSP with IP capability

mode.
2 Raisecom(config)#mpls static-lsp ingress lsp-name Configure the static
dest-network mask nexthop ip-address out-label out- unidirectional LSP Ingress
label lsr-id egress-lsr-id tunnel-id tunnel-id node.
3 Raisecom(config)#mpls static-lsp transit lsp-name in- Configure the static
label in-label nexthop ip-address out-label out-label unidirectional LSP Transit
lsr-id ingress-lsr-id egress-lsr-id tunnel-id tunnel- node.
id
4 Raisecom(config)#mpls static-lsp egress lsp-name in- Configure the static
label in-label lsr-id ingress-lsr-id tunnel-id unidirectional LSP Egress node.
tunnel-id
5 Raisecom(config)#mpls static-lsp egress lsp-name (Optional) configure the
diffserv-mode pipe [ exp-to-local-priority profile- differential service mode of the
number ] static unidirectional LSP Egress
Raisecom(config)#mpls static-lsp egress lsp-name node.
diffserv-mode uniform [ exp-to-local-priority
profile-number ]

140
Raisecom
8.2.3 Configuring static unidirectional LSP without IP capability
When creating the static unidirectional LSP without IP capability, you should
configure the physical interface to work in Layer 3 physical interface mode.
Otherwise, configurations will fail.
mode.
2 Raisecom(config)#mpls static-lsp ingress lsp-name Configure the static
dest-network nexthop-mac mac-address interface-type unidirectional LSP Ingress
interface-number out-label out-label lsr-id egress- node.
lsr-id tunnel-id tunnel-id
3 Raisecom(config)#mpls static-lsp transit lsp-name in- Configure the static
label in-label nexthop-mac mac-address interface-type unidirectional LSP Transit
interface-number out-label out-label lsr-id ingress- node.
lsr-id egress-lsr-id tunnel-id tunnel-id
4 Raisecom(config)#mpls static-lsp egress lsp-name in- Configure the static
label in-label lsr-id ingress-lsr-id tunnel-id unidirectional LSP Egress node.
tunnel-id
5 Raisecom(config)#mpls static-lsp egress lsp-name (Optional) configure the
diffserv-mode pipe [ exp-to-local-priority profile- differential service mode of the
number ] static unidirectional LSP Egress
Raisecom(config)#mpls static-lsp egress lsp-name node.
diffserv-mode uniform [ exp-to-local-priority
profile-number ]
8.2.4 Configuring static bidirectional LSP with IP capability
Configuring static bidirectional LSP Ingress node

mode.
2 Raisecom(config)#mpls bidirectional static-lsp Create the static bidirectional
ingress lsp-name lsr-id egress-lsr-id tunnel-id co-routed LSP and enter Ingress
tunnel-id node LSP configuration mode.
3 Raisecom(config-ingress-lsp)#forward dest-network Configure the next hop of the
mask nexthop ip-address out-label out-label Ingress node forward LSP.
4 Raisecom(config-ingress-lsp)#backward in-label in- Configure the incoming label of

label the Ingress node backward LSP.

141
Raisecom
Configuring static bidirectional LSP Transit node

mode.
transit lsp-name lsr-id ingress-lsr-id egress-lsr-id co-routed LSP and enter Transit
tunnel-id tunnel-id node LSP configuration mode.
3 Raisecom(config-transit-lsp)#forward in-label in- Configure the next hop of the
label nexthop ip-address out-label out-label Transit node forward LSP.
4 Raisecom(config-transit-lsp)#backward in-label in- Configure the incoming label of

label nexthop ip-address out-label out-label the Transit node backward LSP.
Configuring static bidirectional LSP Egress node

mode.
2 Raisecom(config)#mpls bidirectional static-lsp egress Create the static bidirectional
lsp-name lsr-id ingress-lsr-id tunnel-id tunnel-id co-routed LSP and enter Egress
node LSP configuration mode.
3 Raisecom(config-egress-lsp)#forward in-label in-label Configure the incoming label of
the Egress node forward LSP.
4 Raisecom(config-ingress-lsp)#backward dest-network Configure the outgoing label of
mask nexthop ip-address out-label out-label the Egress node backward LSP.
8.2.5 Configuring static bidirectional LSP without IP capability
When creating the static bidirectional LSP without IP capability, you should configure
the physical interface to work in Layer 3 physical interface mode. Otherwise,
configurations will fail.
Configuring static bidirectional LSP Ingress node

mode.
ingress lsp-name lsr-id egress-lsr-id tunnel-id co-routed LSP and enter Ingress
tunnel-id node LSP configuration mode.

142
Raisecom

3 Raisecom(config-ingress-lsp)#forward dest-network Configure the next hop of the
[ mask ] nexthop-mac mac-address interface-type Ingress node forward LSP.
interface-number out-label out-label
4 Raisecom(config-ingress-lsp)#backward in-label in- Configure the incoming label of
label the Ingress node backward LSP.
Configuring static bidirectional LSP Transit node

mode.
transit lsp-name lsr-id ingress-lsr-id egress-lsr-id co-routed LSP and enter Transit
tunnel-id tunnel-id node LSP configuration mode.
3 Raisecom(config-transit-lsp)#forward in-label in- Configure the next hop of the
label nexthop-mac mac-address interface-type Transit node forward LSP.
4 Raisecom(config-transit-lsp)#backward in-label in- Configure the next hop of the
label nexthop-mac mac-address interface-type Transit node backward LSP.
Configuring static bidirectional LSP Egress node

mode.
2 Raisecom(config)#mpls bidirectional static-lsp egress Create the static bidirectional
lsp-name lsr-id ingress-lsr-id tunnel-id tunnel-id co-routed LSP and enter Egress
node LSP configuration mode.
3 Raisecom(config-egress-lsp)#forward in-label in-label Configure the incoming label of
the Egress node forward LSP.
4 Raisecom(config-egress-lsp)#backward dest-network Configure the next hop of the
[ mask ] nexthop-mac mac-address interface-type Egress node backward LSP.

1 Raisecom#show mpls lsp statistics Show all LSP configurations

143
Raisecom

2 Raisecom#show mpls bidirectional static-lsp Show static bidirectional LSP
[ lsp-name ] configurations.
3 Raisecom#show mpls static-lsp [ lsp-name ] Show static unidirectional LSP
Raisecom#show mpls static-lsp [ egress | ingress configurations.
| transit ]
4 Raisecom#show mpls lsp static [ ingress | transit Show static LSP configurations.
| egress ]
8.3 Configuring LDP LSP

Scenario
The LDP LSP is the dynamic LSP created through the LDP. The LDP is used to dynamically
assign labels for LSRs to establish the LSP dynamically. The LDP is used to exchange label
information among LSRs. Therefore, when forwarding the packet, the LSR can add related
tag to the packet based on the label requirement of the next-hop LSP. Then, the packet can be
processed properly at the next-hop LSR.
Prerequisite
Enable MPLS.
8.3.2 Configuring global LDP

2 Raisecom(config)#mpls ldp Enable global LDP.
3 Raisecom(config)#lsp-trigger { all | Configure the LDP to dynamically establish the
host | none } LSP trigger policy.
By default, Host-based trigger policy is adopted.
8.3.3 Configuring LDP on Layer 3 physical interface


144
Raisecom

3 Raisecom(config-port)#mpls ldp Enable LDP on the Layer 3 physical interface.
4 Raisecom(config-port)#mpls ldp (Optional) set the transport address of the LDP
transport-address interface local session to the IP address of the current
interface.
By default, the transport address of the local
session is configured to LSR ID.
5 Raisecom(config-port)#mpls ldp timer (Optional) configure the Hello-hold timer of the
hello-hold hello-time LDP remote session.
By default, the Hello-hold timer of the LDP remote
session is configured to 45s.
6 Raisecom(config-port)#mpls ldp timer (Optional) configure the Keepalive-hold timer of
keepalive-hold keepalive-time the LDP remote session.
By default, the Keepalive-hold timer of the LDP
remote session is configured to 45s.
8.3.4 Configuring LDP remote session

2 Raisecom(config)#mpls ldp targeted Enable LDP remote discovery and enter remote
neighbour ip-address neighbor configuration mode.
The RAX711-R supports 16 neighbors.

3 Raisecom(config-ldp-remote-peer)#mpls Configure the Hello-hold timer of the LDP
ldp timer hello-hold hello-time remote session.
By default, the Hello-hold timer of the LDP
4 Raisecom(config-ldp-remote-peer)#mpls Configure the Keepalive-hold timer of the LDP
ldp timer keepalive-hold keepalive-time remote session.
By default, the Hello-hold timer of the LDP
8.3.5 Configuring LDP FRR
Automatic LDP FRR


145
Raisecom

2 Raisecom(config)#mpls ldp auto- Configure a policy that the backup route triggers
frrlsp-trigger { all | host | none } the LDP to create a backup LSP.
By default, the policy to create a backup LSP is
triggered based on host routes.
This configuration takes effect only on the

Ingress and Egress nodes where the
standby LSPs will be created.
Manual LDP FRR

3 Raisecom(config-port)#mpls ldp frr Enable LDP FRR and specify the IP address of the
nexthop nexthop-address next hop.
By default, LDP FRR is disabled.
8.3.6 Configuring LDP MD5

The LDP Message-Digest Algorithm 5 (MD5) can implement tamper-proofing check on LDP
packets, improving information security. This kind of encryption method is stricter than the
general TCP check.
Step 2 and step 3 can implement different types of encryption. Configure them as required.

2 Raisecom(config)#mpls ldp md5- Configure LDP MD5 cleartext password.
password plain peer-ip-address
password Run the show running-config command, the
password will be shown in clear text.

146
Raisecom

3 Raisecom(config)#mpls ldp md5- Configure LDP MD5 ciphertext password.
password cipher [ encrpty ] peer-ip-
address password Support cleartext and ciphertext inputs.
 Cleartext input: support letters, numbers, and
special characters. Run the show running-config
command, the password will be shown in clear
text.
 Ciphertext input: support entering MD5-specific
ciphertext password. Run the show running-
config command, the password will be shown in
cipher text.

1 Raisecom#show mpls ldp Show LDP global information.
2 Raisecom#show mpls ldp interface [ interface-type Show LDP interface information.
interface-number ] [ detail ]
3 Raisecom#show mpls ldp targeted neighbour [ ip- Show remote neighbor information.
address ]
4 Raisecom#show mpls ldp session [ detail ] Show LDP session information.
5 Raisecom#show mpls ldp peer Show LDP neighbor information.
6 Raisecom#show mpls ldp lsp Show LDP LSP information.
7 Raisecom#show mpls ldp adjacency Show LDP adjacency information.
8.4 Configuring MPLS TE

Scenario
MPLS TE is for solving the traffic congestion on the link caused by unbalanced load which
cannot be resolved by traditional routing. It can accurately control traffic paths to avoid
congestion nodes, thus solving the problem of some paths being overloaded but some paths
being unoccupied.
RSVP is used for dynamically creating public network LSP tunnel in the MPLS TE. It can
create, maintain, and remove MPLS TE LSP and provide false alarm.
The device supports choosing the shortest path through Constraint-based Shortest Path First
(CSPE) and supports 32 neighbors at most.

147
Raisecom
Prerequisite
The MPLS is enabled.
8.4.2 Enabling RSVP-TE

2 Raisecom(config)#mpls rsvp-te Enable global RSVP-TE.
3 Raisecom(config)#mpls rsvp-te hello Enable the feature of sending RSTP-TE Hello
packets.
4 Raisecom(config)#mpls rsvp-te graceful- Enable RSVP-TE graceful restart.
restart
6 Raisecom(config-port)#mpls rsvp-te Enable RSVP-TE on the Layer 3 physical
interface.
7 Raisecom(config-port)#mpls rsvp-te Enable sending RSVP-TE Hello packets.
hello
Raisecom(config-port)#exit Exit Layer 3 physical interface configuration
mode.
8 Raisecom(config)#mpls rsvp-te hello Configure the interval of sending RSVP-TE
interval interval-time Hello packets.
9 Raisecom(config)#mpls rsvp-te hello Configure the maximum times of not receiving
lost lost-time RSVP-TE Hello packets consecutively.
10 Raisecom(config)#mpls rsvp-te graceful- Configure the recovery time of RSVP-TE
restart recovery-time recovery-time graceful restart.
11 Raisecom(config)#mpls rsvp-te graceful- Configure the time of RSVP-TE graceful restart.
restart restart-time restart-time
8.4.3 Enabling CSPE

CSPE is the core of MPLS TE for choosing path and is mainly for calculating and
establishing path. MPLS-TE calculates the shortest path to various nodes through the CSPF
algorithm which supports OSPF, ISIS, and multi-process.

148
Raisecom

2 Raisecom(config)#cspf enable [ isis- Enable CSPE.
preferred | ospf-preferred ]
 Choose isis-preferred command, calculation
will be done based on ISIS.
 Choose ospf-preferred, calculation will be
done based on OSPE protocol.

3 Raisecom(config)#router ospf process- Start an OSPF process and enter OSPF
id [ vrf vrf-name ] [ router-id configuration mode.
router-id ]
4 Raisecom(config-router- Enable OSPF opaque LSA.
ospf)#capability opaque
5 Raisecom(config-router-ospf)#mpls Enable OSPF TE.
traffic-eng area area-id
6 Raisecom(config-router-ospf)#mpls Configure the Router ID of the MPLS-TE router.
traffic-eng router-id router-id
8.4.4 Configuring explicit path and Tunnel

2 Raisecom(config)#mpls explicit-path Create MPLS-TE explicit path and enter explicit
path-name path configuration mode.
3 Raisecom(config-mpls-exp-path)#next-hop Specify the next node of the explicit path.
ip-address { exclude | loose | strict }
Raisecom(config-mpls-exp-path)#exit Exit explicit path configuration mode.
4 Raisecom(config)#interface tunnel Enter tunnel interface configuration mode.
interface-number
5 Raisecom(config-tunnel)#description (Optional) configure the description information
description about Tunnel interface.
6 Raisecom(config-tunnel)#destination ip- Configure the destination IP address on the
address Tunnel interface.
7 Raisecom(config-tunnel)#mpls signal- Configure the protocol type of Tunnel interface
protocol { rsvp-te | static } and choose RSVP-TE.
By default, it is static protocol.
8 Raisecom(config-tunnel)#mpls tunnel-id Configure Tunnel ID on the Tunnel interface.
tunnel-id
9 Raisecom(config-tunnelif)#mpls Configure binding Tunnel interface with explicit
explicit-path path-name [ secondary ] path or with backup explicit path.
Backup explicit path is used for LSP hot backup
protection.

149
Raisecom

10 Raisecom(config-tunnelif)#mpls te Hand configuration information about MPLS
commit Tunnel interface, including Tunnel ID and
destination IP address.
11 Raisecom(config)#mpls label-advertise Configure the label allocation mode popped up in
{ implicit-null | non-null } the last but one hop.
8.4.5 Configuring TE protection
Configuring FRR protection

The RSVP-TE is enabled and the explicit path and related function of Tunnel is configured.

2 Raisecom(config)#interface tunnel Enter Tunnel interface configuration mode.
interface-number
3 Raisecom(config-tunnel)#mpls signal- Configure the protocol type of Tunnel.
protocol { rsvp-te | static }
By default, it is static protocol.
4 Raisecom(config-tunnelif)#mpls te fast- Enable FRR on Tunnel interface.
reroute [ node-protect ]
5 Raisecom(config-tunnel)#mpls te bypass- (Optical) configure the current Tunnel to bypass
tunnel Tunnel.
6 Raisecom(config-tunnelif)#exit Exit Tunnel interface configuration mode.
Raisecom(config-port)#mpls te backup- Configure FRR bypass Tunnel on Layer 3
path tunnel interface-number physical interface.
Configuring LSP hot backup

The RSVP-TE is enabled and the explicit path and related function of Tunnel is configured.

2 Raisecom(config)#interface tunnel Enter tunnel interface configuration mode.
interface-number
3 Raisecom(config-tunnelif)#mpls Bind Tunnel interface with explicit path or with
explicit-path path-name [ secondary ] backup explicit path.
The backup explicit path is used for LSP hot
backup protection.

150
Raisecom

4 Raisecom(config-tunnelif)#mpls te hot- (Optional) configure hot backup switch-back
standby wtr interval time on MPLS tunnel interface. This function
only takes effect on RSVP-TE.
By default, the WTR is 10s.
8.4.6 Configure BFD for RSVP-TE


2 Raisecom(config)#mpls rsvp-te bfd all- Enable BFD based on RSVP-TE globally.
interface [ detect-multiplier detect-
multiplier | min-rx-interval min-rx-
interval | min-tx-interval min-tx-
interval ]
3 Raisecom(config)#mpls rsvp-te bfd Enable BFD based on RSVP-TE on the interface.
[ detect-multiplier detect-multiplier |
min-rx-interval min-rx-interval | min-
tx-interval min-tx-interval ]

1 Raisecom#show mpls rsvp-te Show status of RSVP-TE
globally.
2 Raisecom#show mpls rsvp-te interface [ interface- Show status of RSVP-TE on the
type interface-number ] interface.
3 Raisecom#show mpls rsvp-te session [ destination Show RSVP-TE session.
ip-address tunnel-id tunnel-id ]
4 Raisecom#show interface tunnel Show information about Tunnel
interface.
5 Raisecom#show mpls te tunnel Show information about Tunnel.
6 Raisecom#show mpls te hot-standby state { all | Show hot backup information on
interface tunnel interface-number } Tunnel interface.
7 Raisecom)#show mpls te bypass-tunnel [ interface- Show information about bypass
number ] Tunnel.
8 Raisecom#show mpls explicit-path [ path-name ] Show information about explicit
path.
9 Raisecom#show mpls te frr protecting [ bypass- Show information about FRR
tunnel tunnel interface-number ] protection.
10 Raisecom#show cspf tedb [ detail | ip-address ] Show information about TEDB
database.

151
Raisecom
8.5 Configuring MPLS fault detection

Scenario
At the MPLS control plane, you cannot detect the fault when the traffic is forwarded along the
LSP. However, you can acknowledge and locate the fault through Ping and Traceroute
operations.
Prerequisite
 Establish the path before the Ping test is performed.
 Establish the path before the Traceroute test is performed.
8.5.2 Configuring MPLS fault acknowledgment

1 Raisecom#ping mpls ipv4 ip-address/mask Configure the MPLS LSP Ping test.
[ generic ] [ nexthop ip-address ] [ interval
interval ] [ count count ] [ waittime seconds ]
[ ttl ttl ] [ reply dscp dscp-value ] [ reply
mode udp | reply mode udp-alert ] [ reply pad-
tlv ] [ size size ] [ source ip-address ] [ tc
tc-value ]
2 Raisecom#ping mpls te tunnel tunnel-interface Configure the MPLS Tunnel Ping test.
[ interval interval ] [ count count ]
[ waittime seconds ] [ ttl ttl ] [ reply dscp
dscp-value ] [ reply mode udp | reply mode udp-
alert ] [ reply pad-tlv ] [ size size ]
[ source ip-address ] [ tc tc-value ]
3 Raisecom#ping mpls vc-id vc-id destination ip- Configure the MPLS PW Ping test.
address [ interval interval ] [ count count ]
alert | reply mode control-channel ] [ reply
pad-tlv ] [ size size ] [ source ip-address ]
[ tc tc-value ]
4 Raisecom#ping mpls vsi vsi-name mac mac-address Configure the MPLS VPLS Ping test.
[ interval interval ] [ count count ]
alert | reply mode control-channel ] [ reply
pad-tlv ] [ size size ] [ source ip-address ]
[ tc tc-value ]

152
Raisecom
8.5.3 Configuring MPLS fault location

1 Raisecom#traceroute mpls ipv4 ip- Configure the MPLS LSP Traceroute test.
address/mask [ generic ] [ nexthop ip-
address ] [ waittime seconds ] [ maxttl ttl]
[ reply dscp dscp-value ] [ reply mode udp |
reply mode udp-alert ] [ reply pad-tlv ]
[ flags fec ]
2 Raisecom#traceroute mpls te tunnel tunnel- Configure the MPLS Tunnel Traceroute
interface [ waittime seconds ] [ maxttl ttl] test.
[ reply dscp dscp-value ] [ reply mode udp |
reply mode udp-alert ] [ reply pad-tlv ]
[ flags fec ]
3 Raisecom#traceroute mpls vc-id vc-id Configure the MPLS PW Traceroute test.
destination ip-address [ waittime seconds ]
[ maxttl ttl] [ reply dscp dscp-value ]
[ reply mode udp | reply mode udp-alert ]
[ reply pad-tlv ] [ source ip-address ] [ tc
tc-value ] [ flags fec ]
4 Raisecom#traceroute mpls vsi vsi-name mac Configure the MPLS VPLS Traceroute
mac-address [ waittime seconds ] [ maxttl test.
ttl] [ reply dscp dscp-value ] [ reply mode
udp | reply mode udp-alert ] [ reply pad-
tlv ] [ source ip-address ] [ tc tc-value ]
[ flags fec ]

8.6.1 Example for configuring static bidirectional LSP without IP
capability
As shown in Figure 8-1, the user has branches in areas A and B. Branches need to exchange
point-to-point VPN leased-line services. Because the network scale is small and the topology
is stable, you can configure bidirectional static LSP between PE A and PE B to work as the
public Tunnel of the L2VPN. By default, devices are configured with IP addresses.

153
Raisecom
Figure 8-1 Configuring static bidirectional LSP without IP capability
Configuration steps
Step 1 Enable MPLS.
 Configure PE A.
PEA(config)#mpls lsr-id 192.168.1.1

PEA(config)#mpls enable
 Configure P.
P(config)#mpls lsr-id 192.168.1.2

P(config)#mpls enable
 Configure PE B.
PEB(config)#mpls lsr-id 192.168.4.2

PEB(config)#mpls enable
Step 2 Configure Tunnel basic functions.

 Configure PE A.
PEA(config)#interface tunnel 1/1/1

PEA(config-tunnel1/1/1)#destination 192.168.4.2
PEA(config-tunnel1/1/1)#mpls signal-protocol static
PEA(config-tunnel1/1/1)#mpls te commit
PEA(config-tunnel1/1/1)#mpls tunnel-id 11
PEA(config-tunnel1/1/1)#exit

154
Raisecom
 Configure PE B.
PEB(config)#interface tunnel 1/1/1

PEB(config-tunnel1/1/1)#destination 192.168.1.1
PEB(config-tunnel1/1/1)#mpls signal-protocol static
PEB(config-tunnel1/1/1)#mpls te commit
PEB(config-tunnel1/1/1)#mpls tunnel-id 11
PEB(config-tunnel1/1/1)#exit
Step 3 Configure the static bidirectional LSP.

 Configure Ingress node PE A.
PEA(config)#mpls bidirectional static-lsp ingress lspAB lsr-id

192.168.4.2 tunnel-id 1
PEA(config-ingress-lsp)#forward 192.168.4.0 nexthop-mac 000e.5e11.1112
gigaethernet 1/1/1 out-label 1001
PEA(config-ingress-lsp)#backward in-label 2001
 Configure Transit node P.
P(config)#mpls bidirectional static-lsp transit lspAB lsr-id 192.168.1.1

192.168.4.2 tunnel-id 1
P(config-transit-lsp)#forward in-label 1001 nexthop-mac 000e.5e11.1113
gigaethernet 1/1/2 line 2 out-label 1002
P(config-transit-lsp)#backward in-label 2002 nexthop-mac 000e.5e11.1111
gigaethernet 1/1/1 out-label 2001
 Configure Egress node PE B.
PEB(config)#mpls bidirectional static-lsp egress lspAB lsr-id 192.168.1.1

tunnel-id 1
PEB(config-egress-lsp)#forward in-label 1002
PEB(config-egress-lsp)#backward 192.168.1.0 nexthop-mac 000e.5e11.1112
gigaethernet 1/1/1 gigaethernet 1/1/1 out-label 2002
Use the show mpls bidirectional static-lsp command to show configurations of the static
bidirectional LSP on PE A, P, and PE B.
 Configurations on Ingress node PE A are shown as below.

155
Raisecom
PEA(config)#show mpls bidirectional static-lsp lspAB

LSP-Index: 1
LSP-Name: lspAB
LSR-Role: Ingress
LSP-Flag: Working
Ingress-Lsr-Id: 192.168.1.1
Egress-Lsr-Id: 192.168.4.2
Forward Destination: 192.168.4.0
Forward In-Label: --
Forward Out-Label: 1001
Forward In-Interface: --
Forward Out-Interface: gigaethernet1/1/1
Forward Next-Hop: --
Forward Next-Mac: 000E.5E11.1112
Forward Vlan-Id: --
Forward XcIndex: 1
Forward Ds mode: Uniform
Forward PipeServClass: --
Forward Exp2LocalPriMap: 0
Forward LocalPri2ExpMap: 0
Backward Destination: --
Backward In-Label: 2001
Backward Out-Label: --
Backward In-Interface: all interfaces
Backward Out-Interface: --
Backward Next-Hop: --
Backward Next-Mac: --
Backward Vlan-Id: --
Backward XcIndex: 1
Backward Ds mode: Uniform
Backward PipeServClass: --
Backward Exp2LocalPriMap: 0
Backward LocalPri2ExpMap: 0
Tunnel-Id: 1
LSP Status: Down
 Configurations on Transit node P are shown as below.
P(config)#show mpls bidirectional static-lsp lspAB

LSP-Index: 1
LSP-Name: lspAB
LSR-Role: Transit
LSP-Flag: Working
Forward Destination: --
Forward In-Label: 1001
Forward In-Interface: all interfaces
Forward Out-Interface: gigaethernet1/1/2
Forward Next-Mac: 000E.5E11.1113
Forward Vlan-Id: --

156
Raisecom
Forward XcIndex: 7
Backward Out-Label: 2001
Backward Out-Interface: gigaethernet1/1/1
Backward Next-Mac: 000E.5E11.1111
Backward XcIndex: 8
Tunnel-Id: 1
LSP Status: Down
 Configurations on Egress node PE B are shown as below.
PEB(config)#show mpls bidirectional static-lsp lspAB

LSP-Index: 1
LSP-Name: lspAB
LSR-Role: Egress
LSP-Flag: Working
Forward Destination: --
Forward In-Label: 1002
Forward Out-Label: --
Forward In-Interface: all interfaces
Forward Out-Interface: --
Forward Next-Mac: --
Forward Vlan-Id: --
Forward XcIndex: 9
Backward Destination: 192.168.1.0
Backward In-Label: --
Backward Out-Label: 2002
Backward In-Interface: --
Backward Out-Interface: gigaethernet1/1/1
Backward Next-Mac: 000E.5E11.1112
Backward XcIndex: 10

157
Raisecom
Tunnel-Id: 1
LSP Status: Down
8.6.2 Example for configuring LDP-based dynamic LSP
point-to-point VPN leased-line services. To facilitate network maintenance and reduce manual
intervention, you can configure the dynamic LSP between PE A and PE B to work as the
public Tunnel of the L2VPN. By default, devices are configured with IP addresses.
Figure 8-2 Configuring LDP-based dynamic LSP
Configuration steps
Step 1 Enable MPLS and LDP globally.
 Configure PE A.

PEA(config)#mpls ldp
PEA(config)#mpls rsvp-te
 Configure P.

P(config)#mpls ldp
P(config)#mpls rsvp-te

158
Raisecom
 Configure PE B.

PEB(config)#mpls ldp
PEB(config)#mpls rsvp-te
Step 2 Enable MPLS and LDP on the interface and configure LDP basic properties.
 Configure PE A.
PEA(config)#interface gigaethernet 1/1/1

PEA(config-port)#ip address 1.1.1.1 255.255.255.0
PEA(config-port)#mpls ldp
PEA(config-port)#mpls ldp timer hello-hold 3
PEA(config-port)#mpls ldp timer keepalive-hold 30
PEA(config-port)#mpls rsvp-te
PEA(config-port)#exit
 Configure P.
P(config)#interface gigaethernet 1/1/1

P(config-port)#ip address 1.1.1.2 255.255.255.0
P(config-port)#mpls ldp
P(config-port)#mpls ldp timer hello-hold 3
P(config-port)#mpls rsvp-te
P(config-port)#interface gigaethernet 1/1/2
P(config-port)#mpls enable
P(config-port)#rsvp-te
P(config-port)#exit
 Configure PE B.
PEB(config)#interface gigaethernet 1/1/1

PEB(config-port)#ip address 2.1.1.2 255.255.255.0
PEB(config-port)#mpls ldp
PEB(config-port)#mpls rsvp-te
PEB(config-port)#exit
Step 3 Configure the IP address of the Loopback interface and OSPF route.
 Configure PE A.

159
Raisecom
PEA(config)#interface loopback 1
PEA(config-loopbackif)#ip address 192.168.1.1 255.255.255.0
PEA(config-loopbackif)#exit
PEA(config)#router ospf 1
PEA(config-router-ospf)#network 0.0.0.0 255.255.255.255 0.0.0.0
PEA(config-router-ospf)#exit
 Configure P.
P(config)#interface loopback 1
P(config-loopbackif)#ip address 192.168.1.2
P(config)#router ospf 1
P(config-router-ospf)#network 0.0.0.0 255.255.255.255 area 0.0.0.0
P(config-router-ospf)#exit
 Configure PE B.
PEB(config)#interface loopback 1
PEB(config-loopbackif)#ip address 192.168.4.2 255.255.255.0
PEB(config)#router ospf 1
PEB(config-router-ospf)#network 0.0.0.0 255.255.255.255 area 0.0.0.0
PEB(config-router-ospf)#exit
Checking results
Use the show mpls lsp ldp command to show LSP configurations on PE A, P, and PE B.
 Configurations on PE A
PEA(config)#show mpls lsp ldp
 Configurations on P
P(config)#show mpls lsp ldp
 Configurations on PE B
PEB(config)#show mpls lsp ldp

160
Raisecom
8.6.3 Example for configuring RSVP-TE-based dynamic LSP
point-to-point VPN leased-line services. To provide accurate bandwidth guarantee, you can
configure the RSVP-TE LSP between PE A and PE B to work as the public Tunnel of the
L2VPN. By default, devices are configured with IP addresses.
Figure 8-3 Configuring RSVP-TE-based dynamic LSP
Configuration steps
Step 1 Configure RSVP-TE basic functions.
 Configure PE A.

PEA(config)#mpls ldp
PEA(config)#mpls rsvp-te
PEA(config-port)#ip address 1.1.1.1 255.255.255.0
PEA(config-port)#mpls enable
PEA(config-port)#mpls ldp
PEA(config-port)#mpls rsvp-te
PEA(config-port)#exit
 Configure P.

P(config)#mpls ldp
P(config)#mpls rsvp-te

161
Raisecom
P(config-port)#mpls rsvp-te
P(config-port)#interface gigaethernet 1/1/2
P(config-port)#rsvp-te
P(config-port)#exit
 Configure PE B.

PEB(config)#mpls ldp
PEB(config)#mpls rsvp-te
PEB(config-port)#ip address 2.1.1.2 255.255.255.0
PEB(config-port)#mpls enable
PEB(config-port)#mpls ldp
PEB(config-port)#mpls rsvp-te
PEB(config-port)#exit
Step 2 Configure the explicit path.

 Configure PE A.
PEA(config)#mpls explicit-path PathAB

PEA(config-mpls-exp-path)#next-hop 1.1.1.2 strict
PEA(config-mpls-exp-path)#next-hop 2.1.1.2 strict
 Configure PE B.
PEB(config)#mpls explicit-path PathBA

PEB(config-mpls-exp-path)#next-hop 2.1.1.1 strict
PEB(config-mpls-exp-path)#next-hop 1.1.1.1 strict
Step 3 Configure the RSVP-TE Tunnel.

 Configure PE A.

PEA(config-tunnel1/1/1)#mpls signal-protocol rsvp-te
PEA(config-tunnel1/1/1)#mpls explicit-path PathAB

162
Raisecom
 Configure PE B.

PEB(config-tunnel1/1/1)#mpls signal-protocol rsvp-te
PEB(config-tunnel1/1/1)#mpls explicit-path PathAB
Checking results
Use the show mpls rsvp-te lsp command to show RSVP-TE LSP configurations.
PEA(config)#show mpls rsvp-te lsp
 Configurations on P
P(config)#show mpls rsvp-te lsp
PEB(config)#show mpls rsvp-te lsp

163
Raisecom
RAX711-R (B) Configuration Guide 9 MPLS VPN
9 MPLS VPN
This chapter describes principles and configuration procedures of MPLS VPN, as well as
 Configuring VPWS
 Configuring VPLS
 Configuring L3VPN
 Maintenance
9.1 Configuring VPWS

Scenario
VPWS is a point-to-point L2VPN technology. It forms a service mode that multiple services
can be provided in a network. Therefore, the carrier can provide Layer 2 services and Layer 3
services in a MPLS network.
L2VPN extracts services from the sub-interface based on the access mode. Therefore the
system processes VLAN Tags of Ethernet packets in symmetrical and asymmetric modes, as
listed in Table 9-1 and Table 9-2.
Table 9-1 Exacting services of the sub-interface in symmetrical mode
Sub interface Function VPWS/VSI

of sub-
interface Raw Tagged encapsulation
encapsulation
Dot1q sub- Inbound No action Add the outermost Tag of the packet. The TPID and
interface direction of VLAN Tag can be configured. By default, the TPID is
the interface configured to 0x8100 and the VLAN Tag is configured
to 0.

164
Raisecom
Sub interface Function VPWS/VSI

of sub-
interface Raw Tagged encapsulation
encapsulation
Outbound No action Remove the outermost Tag of the packet.

direction of
the interface
QinQ sub- Inbound No action Add the outermost Tag of the packet. The TPID and
to 0.
direction of
the interface
Ethernet Inbound No action Replace the outermost Tag of the packet. The TPID and
to 0.
direction of
the interface
Table 9-2 Exacting services of the sub-interface in asymmetrical mode
Sub Function of VPWS/VSI

interface sub-interface
Raw encapsulation Tagged encapsulation
Dot1q sub- Ingress interface Remove the outermost Tag Remove the outermost Tag of the packet
interface of the packet. and then add the outermost Tag based on
You need to use the vlan interface configurations.
translation svlan untag You need to use the vlan translation
command to enable svlan untag command to enable removing
removing the outermost the outermost Tag. Otherwise, the
Tag. Otherwise, the outermost Tag cannot be removed.
outermost Tag cannot be By default, for the added outermost Tag,
removed. the TPID is configured to 0x8100 and the
VLAN Tag is configured to 0.

165
Raisecom

Egress interface Add the outermost Tag of Replace the outermost Tag of the packet.
the packet. You need to use the vlan translation
You need to use the vlan svlan untag command to enable adding
translation svlan untag the outermost Tag. Otherwise, the
command to enable adding outermost Tag cannot be removed and the
the outermost Tag. new Tag cannot be added. The added Tag
Otherwise, the outermost is the SVLAN encapsulated for the sub-
Tag cannot be removed. interface.
The added Tag is the
SVLAN encapsulated for
the sub-interface.
QinQ sub- Ingress interface Remove the outermost Tag Remove the outermost Tag of the packet
interface of the packet. and then add the outermost Tag based on
You need to use the vlan interface configurations.
command to enable svlan untag command to enable removing
removing the outermost the outermost Tag. Otherwise, the
Tag. Otherwise, the outermost Tag cannot be added.
outermost Tag cannot be By default, for the added outermost Tag,
removed. the TPID is configured to 0x8100 and the
Remove the outermost 2 Remove the outermost 2 Tags of the
Tags of the packet. packet and then add the outermost Tag
You need to use the vlan based on interface configurations.
cvlan untag command to svlan untag cvlan untag command to
enable removing the enable removing the outermost 2 Tags.
outermost 2 Tags. Otherwise, the outermost Tag cannot be
Otherwise, the outermost 2 added.
Tags cannot be removed. By default, for the added outermost Tag,
the TPID is configured to 0x8100 and the
Egress interface Add the outermost Tag of Replace the outermost Tag of the packet.
the packet. You need to use the vlan translation
You need to use the vlan svlan untag command to enable adding
translation svlan untag the outermost Tag. Otherwise, the
command to enable adding outermost Tag cannot be removed and the
the outermost Tag. new Tag cannot be added. The added Tag
Otherwise, the outermost is the SVLAN encapsulated for the sub-
Tag cannot be removed. interface.
The added Tag is the
SVLAN encapsulated for
the sub-interface.

166
Raisecom

Add the outermost 2 Tags Remove the outermost Tag of the packet
of the packet. and then add the outermost 2 Tags based
You need to use the vlan on interface configurations.
cvlan untag command to svlan untag cvlan untag command to
enable adding the enable removing the outermost Tag.
outermost 2 Tags. Otherwise, the outermost 2 Tags cannot be
Otherwise, the outermost 2 added.
Tags cannot be removed.
The added Tags are the
SVLAN and CVLAN
encapsulated for the sub-
interface.
Prerequisite
 Configure basic properties of the Layer 3 physical interface, sub-interface, and LAG
interface.
 Configure MPLS basic functions.
 Configure Tunnel functions.
9.1.2 Configuring static L2VC
The Tunnel label and PW label of a device should be in a label domain. That is, these
2 labels are different.
Raisecom(config)#interface interface-type Enter sub-interface configuration mode.
interface-number.subif
Raisecom(config-port)#encapsulation dot1Q Configure the VLAN encapsulated in the
vlan-id-1 [ to vlan-id-2 ] ingress packet on the sub-interface or the
encapsulated segment VLAN ID.
That is, the device supports service
extraction based on VLAN ID or VLAN
ID list.

167
Raisecom

3 Raisecom(config-port)#mode l2 Set the VPN mode of the Layer 3
physical interface to L2VPN.
By default, the VPN mode of the Layer 3
physical interface is configured to
L3VPN.
4 Raisecom(config-port)#mpls static-l2vc Configure the static L2VC by specifying
destination ip-address raw vc-id vc-id in- the incoming label and outgoing label.
label in-label out-label out-label [ tunnel- Set the encapsulation mode of the PW
policy policy-name | tunnel tunnel-number ] packet to RAW, that is, no VLAN Tag.
[ no-control-word ] [ mtu mtu ] [ tpid tpid ]
[ backup | bypass ]
Raisecom(config-port)#mpls static-l2vc Configure the static L2VC by specifying
destination ip-address [ tagged ] vc-id vc-id the incoming label and outgoing label.
in-label in-label out-label out-label Set the encapsulation mode of the PW
[ tunnel-policy policy-name | tunnel tunnel- packet to Tagged. The VLAN ID of the
number ] [ no-control-word ] [ mtu mtu ] service provider can be configured
[ tpid tpid ] [ svlan vlan-id ] [ backup | optionally.
bypass ]
Raisecom(config-port)# mpls static-l2vc Configure static L2VC based on TDM
destination ip-address vc-id vc-id in-label service.
in-label out-label out-label [ tunnel-policy
policy-name | tunnel tunnel-number ]
[ jitter-buffer buffer ] [ tdm-encapsulation
number ] [ rtp-header ]
5 Raisecom(config-port)#interface interface- (Optional) enter sub-interface
type interface-number configuration mode.
6 Raisecom(config-subif)#l2vpn access-mode (Optional) set the access mode for the
asymmetry interface extracting L2VPN service to
work in asymmetrical mode.
By default, it is configured to the
symmetrical mode.
7 Raisecom(config-subif)#vlan translation svlan (Optional) encapsulate the outermost
untag VLAN Tag of the sub-interface.
Raisecom(config-subif)#vlan translation svlan (Optional) encapsulate the outermost 2
untag cvlan untag VLAN Tags of the sub-interface.
9.1.3 Configuring dynamic L2VC

2 Raisecom(config)#mpls l2vpn default martini Enable global Martini.
interface-number

168
Raisecom

Raisecom(config)#interface interface-type Enter sub-interface configuration
interface-number.subif mode.
Raisecom(config-port)#encapsulation dot1Q vlan- Configure the VLAN encapsulated in
id-1 [ to vlan-id-2 ] the ingress packet on the sub-
interface or the encapsulated segment
VLAN ID.
That is, the device supports service
extraction based on VLAN ID or
VLAN ID list.
4 Raisecom(config-port)#mode l2 Configure the VPN of Layer 3
interface to be L2VPN.
By default, the VPN of Layer 3
interface is L3VPN.
5 Raisecom(config-port)#mpls l2vc destination ip- Configure the dynamic L2VC. Set the
address raw vc-id vc-id [ tunnel-policy policy- encapsulation mode of PW packets to
name | tunnel tunnel-number ] [ no-control- Raw, that is, no VLAN Tag.
word ] [ mtu mtu ] [ tpid tpid ] [ backup |
bypass ]
Raisecom(config-port)#mpls l2vc destination ip- Configure the dynamic L2VC. Set the
address [ tagged ] vc-id vc-id [ tunnel-policy encapsulation mode of the PW packet
policy-name | tunnel tunnel-number ] [ no- to Tagged. The VLAN ID of the
control-word ] [ mtu mtu ] [ tpid tpid ] [ svlan service end can be configured
vlan-id ] [ backup | bypass ] optionally.
Raisecom(config-port)#mpls l2vc destination ip- Configure dynamic L2VC based on
address vc-id vc-id [ tunnel-policy policy-name TDM.
| tunnel tunnel-number ] [ jitter-buffer
buffer ] [ tdm-encapsulation number ] [ rtp-
header ]
9.1.4 Configuring MS-PW

Steps 2-5 are optional. Configure them as required.

mode.
2 Raisecom(config)#mpls switch-l2vc ip-address vc-id Configure MS-PW switching
in-label in-label out-label out-label [ tunnel-policy based on encapsulation of
policy-name | tunnel tunnel-number ] between ip- Ethernet packet.
address vc-id [ in-label in-label out-label out-
label ] [ tunnel-policy policy-name | tunnel tunnel-
number ] { raw | tagged } [ no-control-word ] [ mtu
mtu ]

169
Raisecom

Raisecom(config)#mpls switch-l2vc ip-address vc-id
[ tunnel-policy policy-name | tunnel tunnel-number ]
between ip-address vc-id [ in-label in-label out-
label out-label ] [ tunnel-policy policy-name |
tunnel tunnel-number ] { raw | tagged } [ no-control-
word ] [ mtu mtu ]
3 Raisecom(config)#mpls switch-l2vc ip-address vc-id Configure MS-PW switching
in-label in-label out-label out-label [ tunnel-policy based on encapsulation of CES
policy-name | tunnel tunnel-number ] between ip- packet.
number ] { cesopsn-basic | cesopsn-cas | satop-e1 }
[ tdm-encapsulation frame-number ] [ rtp-header ]
[ timeslotnum timeslotnum ]
tunnel tunnel-number ] { cesopsn-basic | cesopsn-cas
| satop-e1 } [ tdm-encapsulation frame-number ]
[ rtp-header ] [ timeslotnum timeslotnum ]
4 Raisecom(config)#mpls switch-l2vc ip-address vc-id (Optional) configure MS-PW
in-label in-label out-label out-label [ tunnel-policy with backup protection based
policy-name | tunnel tunnel-number ] between ip- on encapsulation of Ethernet
address vc-id [ in-label in-label out-label out- packet.
number ] { raw | tagged } [ no-control-word ] [ mtu
mtu ] backup ip-address vc-id [ in-label in-label
out-label out-label ] [ tunnel-policy policy-name |
tunnel tunnel-number ]
word ] [ mtu mtu ] backup ip-address vc-id [ in-label
in-label out-label out-label ] [ tunnel-policy
5 Raisecom(config)#mpls switch-l2vc ip-address vc-id (Optional) configure MS-PW
in-label in-label out-label out-label [ tunnel-policy with backup protection based
policy-name | tunnel tunnel-number ] between ip- on encapsulation of CES
address vc-id [ in-label in-label out-label out- packet.
number ] { cesopsn-basic | cesopsn-cas | satop-e1 }
[ tdm-encapsulation frame-number ] [ rtp-header ]
[ timeslotnum timeslotnum ] backup ip-address vc-id
[ in-label in-label out-label out-label ] [ tunnel-
policy policy-name | tunnel tunnel-number ]

170
Raisecom

word ] [ mtu mtu ] backup ip-address vc-id [ in-label
in-label out-label out-label ] [ tunnel-policy
policy-name | tunnel tunnel-number ] backup ip-
number ]
MS-PW supports the following switching modes:

 static PW to static PW
 static PW to dynamic PW
 dynamic PW to static PW
 dynamic PW to dynamic PW
In the command line of the above configuration steps, you can distinguish static PW from
dynamic PW by configuring different parameters.
 If parameters in-label in-label and out-label out-label are specified, it will be a static
PW.
 If you do not specify the control word and MTU, it will be a dynamic PW.
9.1.5 (Optional) configuring BFD for PW

After configuring PW, you can configure PW-based BFD.

2 Raisecom(config)#bfd session-id bind pw vc-id Create BFD session detection PW
peer-ip [ pw-ttl ttl ] and enter BFD session mode.
You have to specify TTL and you

can configure BFD for MS-PW. For
example, if TTL is configured to 2,
it means that the packet hops once
on the MS-PW.

171
Raisecom

4 Raisecom(config-port)#mpls l2vpn pw bfd [ min-tx- Configure PW-based BFD.
interval tx-interval ] [ min-rx-interval rx-
interval ] [ detect-multiplier multiplier ]
[ backup ]

1 Raisecom#show mpls l2vc [ static ] [ statistics ] Show L2VPN functions.
[interface-type interface-number ]
2 Raisecom#show mpls switch-l2vc [ ip-address vc-id ] Show MS-PW information.
9.2 Configuring VPLS

Scenario
VPLS is a L2VPN technology which is based on MPLS and Ethernet technology. VPLS can
provide point-to-multipoint VPN networking topology. VPLS provides a more perfect
solution for carriers, who use point-to-point L2VPN services. In addition, it does not need to
manage internal routing information about users, which is required in L3VPN.
Prerequisite
 Configure basic properties of the Layer 3 physical interface, sub-interface, and LAG
interface.
 Configure related functions of Tunnel.
9.2.2 Configuring VSI
The Tunnel label and PW label of a device should be in a label domain. That is, these
2 labels are different.
2 Raisecom(config)#mpls vsi vsi-name Create a VSI and enter VSI configuration mode.
static
3 Raisecom(config-vsi)#vsi-id id Configure the VSI ID.

172
Raisecom

4 Raisecom(config-vsi)#vsi-mtu mtu Configure the VSI MTU.
5 Raisecom(config-vsi)#encapsulation Configure the encapsulation mode of VSI
{ raw | tagged } services.
6 Raisecom(config-vsi)#mpls static-peer Configure the VSI static peer. Create a PW and
ip-address [ vc-id vc-id ] in-label in- specify the Tunnel for the PW to isolate ACs.
label out-label out-label [ tunnel-
policy policy-name | tunnel tunnel-
number ] [ no-control-word ] [ upe |
upe-isolate ]
7 Raisecom(config-vsi)#mpls peer ip- Configure the VSI dynamic peer. Create a PW
address [ vc-id vc-id ] [ tunnel-policy and specify the Tunnel for the PW to isolate ACs.
[ no-control-word ] [ upe | upe-
isolate ]
8 Raisecom(config-vsi)#ratelimit Configure VSI rate limiting.
{ broadcast | unknown-multicast | dlf }
cir cir-value [ cbs cbs-value ]
9 Raisecom(config-vsi)#storm-control Enable VSI storm control.
{ broadcast | multicast | dlf | all }
enable
10 Raisecom(config-vsi)#exit Exit VSI configuration mode.
Raisecom(config)#interface interface- Enter interface configuration mode.
11 Raisecom(config-port)#mpls l2blinding Bind VPLS services.
vsi vsi-name [ isolate ]

1 Raisecom)#show mpls vsi detail [ vsi-name ] Show VSI detailed information.
2 Raisecom#show mpls vsi pw [ vsi-name ] Show VSI PW configurations.
3 Raisecom#show mpls vsi services [ vsi-name ] Show VSI service information.
4 Raisecom#show mpls vsi statistics Show VSI statistics.
5 Raisecom#show mac-address-table [ static ] vsi vsi- Show the VSI-based unicast MAC
name address.

173
Raisecom
9.3 Configuring L3VPN

Scenario
MPLS L3VPN is a PE-based L3VPN technology for ISP's solutions. It uses the BGP to
release the VPN route and uses MPLS to forward VPN packets in the ISP network.
As shown in Figure 9-1, in the MPLS L3VPN scenario, the PE device and CE device
exchange routes through EBGP. They also support static routes and OSPF routes.
Figure 9-1 MPLS L3VPN network topology
MPLS L3VPN provides a flexible networking mode and is of good expansibility. In addition,
it supports MPLS QoS and MPLS TE well. Therefore, it is applied to increasing larger scales.
Prerequisite
 Configure the basic attributes of the Layer 3 physical interface, sub-interface, link
aggregation interface, and so on.
 Configure basic functions of MPLS.
 Configure related functions of Tunnel.
9.3.2 Configuring VRF basic attributes

Configure VRF on the PE device in the backbone network, connecting the CE device to the
PE device.

2 Raisecom(config)#ip vrf vrf-name Create a VRF and enter VRF configuration mode.
3 Raisecom(config-vrf)#rd rd Configure the VRF RD.
4 Raisecom(config-vrf)#route-target Configure the VRF RT.
[ export | import | both ] rt

174
Raisecom

5 Raisecom(config-vrf)#tunnel-policy (Optional) configure the VRF Tunnel policy and
policy-name enter Tunnel policy configuration mode.
6 Raisecom(config-tunnelpolicy)#tunnel (Optional) configure Tunnel sequence.
select-seq { lsp | cr-lsp } *
9.3.3 Binding VRF with UNI

In this configuration, the UNI of the PE device in the backbone network is bound with a VRF.
After configurations are complete, PE devices can ping through their respectively connected
CE devices. The configuration assumes that the IP addresses of the PE UNI and CE interface
have been configured.

2 Raisecom(config)#interface Enter Layer 3 physical interface, VLAN sub-interface,
interface-type interface-number and sub-interface configuration modes.
3 Raisecom(config-port)#ip vrf Apply VRF to the Layer 3 physical interface, VLAN
forwarding vrf-name sub-interface, sub-interface, Port+VLAN interface, and
QinQ sub-interface.
Before applying VRF in Layer 3 sub-interface

configuration mode, set the encapsulated VLAN
of the sub-interface to Dot1.Q or QinQ.
9.3.4 Configuring public routes

Configure IGP routes on the PE and P devices in the backbone. After configurations are
complete, PE device and P device can establish IGP neighbor relationship, after which they
can ping through each other.

3 Raisecom(config-router-ospf)#network ip- Advertise the network.
address wild-card-mask area area-id
That is, to define the IP address of the
interface or the network which participates in
the OSPF process and to specify the area to
which the interface or network belongs.

175
Raisecom
9.3.5 Configuring public Tunnel

Public network tunnels can be static LSP tunnels or dynamic LDP tunnels. Establish MPLS
tunnels by configuring MPLS basic functions, static LSPs, or MPLS LDP functions on the PE
and P devices in the backbone network. After the configuration is complete, public network
tunnels are established between the PE devices at both ends.
For the configuration of the public network tunnel, see section 9 MPLS VPN.
9.3.6 Configuring MP-IBGP peer

Configure MP-IBGP VPNv4 neighbor relations on the PE devices at both end in the backbone
network, transferring VPN routes.

2 Raisecom(config)#router bgp as-id Enable BGP and create a BGP instance and
enter BGP configuration mode.
3 Raisecom(config-router)#bgp router-id Configure BGP router ID.
router-id
4 Raisecom(config-router)#neighbor ip- Create the MP-IBGP peer and specify the peer
address remote-as as-id AS ID. The peer AS ID should be the same
with the local AS ID.
5 Raisecom(config-router)#neighbor ip- Configure the device to use the specified route
address1 update-source ip-address2 to update the source interface while
establishing BGP connections.
6 Raisecom(config-router)#address-family Enter BGP VPNv4 address family
vpnv4 configuration mode.
7 Raisecom(config-router-af)#neighbor ip- Enable the function of exchanging
address activate information about the specified VPNv4
address family among BGP neighbors.
8 Raisecom(config-router-af)#neighbor ip- Enable the function of BGP sending extended
address send-community extended community attribute to the peer.
9 Raisecom(config-router-af)#exit-address- Exit BGP VPNv4 address family
family configuration mode.
9.3.7 Configuring PE-CE route switching

Static routes, OSPF routes or EBGP routes can be used for PE-CE route switching. Select one
mode according to the actual network requirement.
Configuring PE-CE static routes.

Configure the PE device as below.

176
Raisecom

2 Raisecom(config)#ip route vrf vrf-name Configure static routes in the specified
destination-address mask-address { next-hop VRF.
| NULL 0 } * [ distance distance ]
[ description text ] [ tag tag ]
3 Raisecom(config)#router bgp as-id Enable BGP. Create a BGP instance and
enter BGP configuration mode.
4 Raisecom(config-router)#address-family ipv4 Specify the IPv4 unicast address family
vrf vrf-name routing table of the specified VPN instance
and enter VPN instance IPv4 unicast
address family configuration mode.
5 Raisecom(config-router-af)#redistribute Redistribute routes to the IPv4 unicast
static address family routing table of the VPN
instance.
Configure the CE device as below.

2 Raisecom(config)#ip route destination-address Configure static routes from CE to
{ mask-address | mask-length } { next-hop | NULL PE.
0 } * [ distance distance ] [ description text ]
[ tag tag ]
Configure PE-CE EBGP routes

Configure the PE device as below.

3 Raisecom(config-router)#address- Create BGP VRF and enter IPv4 unicast address family
family ipv4 vrf vrf-name configuration mode.
4 Raisecom(config-router- Configure the CE as the VPN EBGP peer and specify
af)#neighbor ip-address remote-as the peer AS ID. The peer AS ID and the local AS ID is
as-id different.

177
Raisecom

5 Raisecom(config-router- Enable the feature of switching IPv4 unicast address
af)#neighbor ip-address activate family routes with the EBGP peer.
By default, switching IPv4 unicast address family routes
with the EBGP peer is enabled. Switching route
information about other address families is prohibited.
6 Raisecom(config-router- Redistribute CE routes.
af)#redistribute { connected |
static | ospf } [ metric metric ] Redistribute the CE routes to the VPN routing table to
[ route-map map ] advertise them to the peer PE.
Raisecom(config-router- Advertise local routes.
af)#network ip-address [ mask-
address ] [ route-map route-map- Advertise routes of the specified network segments to
name ] the VPN routing table.
Configure the CE device as below.

3 Raisecom(config-router)#neighbor Configure the PE as the EBGP peer and specify the peer
ip-address remote-as as-id AS ID.
4 Raisecom(config- Redistribute VPN routes.
router)#redistribute { connected
| static | ospf } [ metric
CE advertises the address of the VPN network segment
metric ] [ route-map map ] that it can arrive to the accessed PE and then PE will
send the information to the peer CE.
Raisecom(config-router)#network Advertise local routes.
ip-address [ mask-address ]
[ route-map route-map-name ]
Advertise the routes of the specified network segment to
the EBGP peer, namely, the accessed PE.
Configuring PE-CE OSPF routes

Configure the PE device as below:

2 Raisecom(config)#router ospf process-id Start an OSPF process, bind it with the already-
vrf vrf-name [ router-id router-id ] known VPN instance, and enter OSPF
configuration mode.

178
Raisecom

3 Raisecom(config-router-ospf))#network Advertise routes, that is, to define the interface or
ip-address wild-card-mask area area-id network which participates in the OSPF process
and specify the area to which the interface or
network belongs.
Configure the CE device as below:

3 Raisecom(config-router-ospf))#network Advertise private network routes to the OSPF
ip-address wild-card-mask area area-id process.
9.3.8 Configuring VRF fault detection

1 Raisecom#ping vrf vpn-name ip-address [ count count ] Configure VRF PING
[ df-bit ] [ size size ] [ source ip-address ] detection.
[ waittime seconds ]

1 Raisecom#show ip vrf vrf-name Show VRF information.
2 Raisecom#show tunnel-policy [ policy-name ] Show Tunnel policy information.
3 Raisecom#show ip bgp vpnv4 vrf vrf-name Show summary of VRF-based BGP peer.
summary
4 Raisecom#show ip bgp vpnv4 vrf vrf-name Show details of VRF-based BGP peer.
neighbour [ ip-address ]
5 Raisecom#show ip bgp vpnv4 vrf vrf-name Show VRF-based BGP routes.
network-address [ mask-address ]
6 Raisecom#show ip ospf [ process-id ] [ vrf Show OSPF routes.
vrf-name ] route
7 Raisecom#show ip bgp [ ip-address [ ip- Show BGP routes.
mask ] ]

179
Raisecom
9.4 Maintenance
Command Description
Raisecom(config)#clean pw-proxy { arp | ndp } vpn- Clear the learned ARP and NDP
interface interface-type interface-number entries.
Rasiecom#clear ip bgp [ all | ip-address | external ] Reconfigure all or the specified BGP
vrf vrf-name [ as-id ] connections in the VRF.
Rasiecom#clear ip bgp [ all | ip-address | external ] Update all or the specified BGP routes
vrf vrf-name [ as-id ] { in | out | soft } in VRF without disconnecting BGP
connections, namely, soft
reconfiguration.

9.5.1 Example for configuring static Tunnel to carry static VPWS
services
As shown in Figure 9-2, the user has branches in areas A and B. Branches communicate with
each other through the point-to-point VPN leased-line. Because the network scale is small and
the topology is stable, you can configure bidirectional static LSP between PE A and PE B to
work as the public Tunnel of the L2VPN. By default, devices are configured with IP addresses.
Figure 9-2 Configuring static Tunnel to carry static VPWS services
Configuration steps
Step 1 Configure the static Tunnel. For details, refer to section 8.6.1 Example for configuring static
bidirectional LSP without IP capability.
Step 2 Configure static L2VC.

180
Raisecom
 Configure PE A.

PEA(config-gigaethernet1/2/1)#mode l2
PEA(config-gigaethernet1/2/1)#mpls static-l2vc destination 192.168.4.2
raw vc-id 1 in-label 101 out-label 101 tunnel 1/1/1 mtu 9600
PEA(config-gigaethernet1/2/1)#exit
 Configure PE B.

PEB(config-gigaethernet1/2/1)#mode l2
PEB(config-gigaethernet1/2/1)#mpls static-l2vc destination 192.168.1.1
raw vc-id 1 in-label 101 out-label 101 tunnel 1/1/1 mtu 9600
PEB(config-gigaethernet1/2/1)#exit
Checking results
Use the show mpls l2vc static command to show static VPWS configurations on PE A and
PE B.
 Show static VPWS configurations on PE A.
PEA(config)#show mpls l2vc static

Client interface : gigaethernet1/2/1
Pw index : 2
Vc id : 101
Encapsulation type : raw
Tunnel type : static
Destination : 192.168.4.2
Tunnel policy : --
Tunnel number : 1
Local vc label : 101
Remote vc label : 101
Ac status : down
Pw state : down
Vc state : down
Vc signal : manual
Local cw : enable
Operational cw : enable
Local vc mtu : 9600
Remote vc mtu : --
Tpid : 0x9100
Svlan : --
Pw role : PrimaryPw
Pw work status : Working
Pw access mode : mesh
Pw QosMode : --

181
Raisecom
Pw Bandwidth Cir : --
Pw Bandwidth Pir : --
Pw Bandwidth Valid : InValid
Pw Weight : --
Pw Flow Queue : --
Pw DsMode : Uniform
Pw PipeServClass : --
Pw Exp2LocalPriMap : 0
Pw LocalPri2ExpMap : 0
Create time : 2000-11-11,14:38:16
Up time : 0 days, 0 hours, 0 minutes, 0 seconds
Last change time : 2000-11-11,14:38:16
 Show static VPWS configurations on PE B.
PEB(config)#show mpls l2vc static

Pw index : 4
Vc id : 1
Tunnel type : static
Tunnel policy : --
Tunnel number : 1
Ac status : down
Pw state : down
Vc state : down
Vc signal : manual
Local cw : enable
Local vc mtu : 9600
Remote vc mtu : --
Tpid : 0x9100
Svlan : --
Pw role : PrimaryPw
Pw QosMode : --
Pw Weight : --
Pw Flow Queue : --
Pw DsMode : Uniform
Create time : 2000-11-11,16:18:27
Last change time : 2000-11-11,16:18:27

182
Raisecom
9.5.2 Example for configuring RSVP-TE-based dynamic Tunnel to

carry dynamic VPWS services
point-to-point VPN leased-line services. To facilitate network maintenance and reduce manual
intervention, you can configure the RSVP-TE-based dynamic Tunnel to carry dynamic VPWS
services to meet user's leased-line telecommunication requirements. By default, devices are
configured with IP addresses.
Figure 9-3 Configuring RSVP-TE-based dynamic Tunnel to carry dynamic VPWS services
Configuration steps
Step 1 Configure RSVP-TE-based dynamic Tunnel. For details, refer to section 8.6.3 Example for
configuring RSVP-TE-based dynamic LSP.
Step 2 Configure dynamic L2VC.
 Configure PE A.

PEA(config-gigaethernet1/2/1)#mpls l2vc destination 20.1.1.1 raw vc-id 1
tunnel 1/1/1 mtu 9600
PEA(config-gigaethernet1/2/1)#exit
 Configure PE B.

PEB(config-gigaethernet1/2/1)#mpls l2vc destination 10.1.1.1 raw vc-id 1
tunnel 1/1/1 mtu 9600

183
Raisecom
Checking results
Use the show mpls l2vc command to show static VPWS configurations on PE A and PE B.
 Show static VPWS configurations on PE A.
PEA(config)#show mpls l2vc gigaethernet 1/2/1

Pw index : 4
Session State : down
Vc id : 1
Tunnel type : mplsTe
Tunnel policy : --
Tunnel number : 1
Remote vc label : --
Ac status : down
Pw state : down
Vc state : down
Local statuscode : 0xa
Remote statuscode : 0x0
Vc signal : pwIdFecSignaling
Local cw : enable
Local vc mtu : 9600
Remote vc mtu : --
Tpid : 0x9100
Svlan : --
Pw role : PrimaryPw
Pw QosMode : --
Pw Weight : --
Pw Flow Queue : --
Pw DsMode : Uniform
Create time : 2014-07-25,09:58:14
Last change time : 2014-07-25,09:58:14
----------------------------------------
 Show static VPWS configurations on PE B.
PEB(config)#show mpls l2vc gigaethernet 1/2/1

Client interface : gigaethernet 1/2/1
Pw index : 4
Session State : down

184
Raisecom
Vc id : 1
Tunnel policy : --
Tunnel number : 1
Remote vc label : --
Ac status : down
Pw state : down
Vc state : down
Local statuscode : 0xa
Remote statuscode : 0x0
Vc signal : pwIdFecSignaling
Local cw : enable
Local vc mtu : 9600
Remote vc mtu : --
Tpid : 0x9100
Svlan : --
Pw role : PrimaryPw
Pw QosMode : --
Pw Weight : --
Pw Flow Queue : --
Pw DsMode : Uniform
Create time : 2014-07-25,10:13:17
Last change time : 2014-07-25,10:13:17
----------------------------------------
9.5.3 Example for configuring MPLS L2VPN typical networking
As shown in Figure 9-4, the headquarter G exchange private-line services with branch A over
the IP RAN where end-to-end communication is implemented through multi-section PW and
protection implemented by deploying active/standby Tunnel and active/standby PW. In this
networking topology, the IP RAN device is named based on the network where it resides,
which should be the same with the carrier network name. For example, U1 is the client-side
IPRAN access device. A2 is the network-side access device. And B is the aggregation core
layer device.
 Deploy active/standby static PWs between U1-1 and A2-1, and U3 and A2-1.
 Deploy active/standby dynamic PWs between A2-1 and B-1, and A2-2 and B-2.
 Deploy dynamic PWs between B-1 and B-2, and B-3 and B-4.
185
Raisecom
 Configure static-to-dynamic PW on A2-1 and A2-2 respectively.

 Configure dynamic-to-dynamic PW on B-1, B-2, B-3, and B-4.
 The configuration process is similar, so this section only takes the configurations of B-
1/B-3 device from the branch side to the core network for example. Configurations for
the headquarter-side devices will not be detailed.
Figure 9-4 Configuring MPLS L2VPN services
Configuration strategy
 Configure LSR-ID on U1, U2, and B. Enable MPLS globally. Enable LDP on A2 and B.
 Configure the IP address of the service interface and loopback interface planned by U1,
A2, and B.
 Configure the active/standby static Tunnel between U1-1 and A2-1 and configure the
active/standby static PW.
 Enable OSPF on A2-1, B-1, and B-3. Advertise and learn routes over the entire network.
 Enable LDP sessions on A2-1, B-1, and B-3 and establish LDP remote sessions
respectively, preparing for the assignment of PW labels.
 Configure active/standby PWs A2-1, B-1, and B-3 respectively. The labels are
automatically distributed according to the LDP protocol.
 Configure the static-to-dynamic PW on A2.
 Enable BFD and establish PW redundancy protection.
 (Optional) configure QoS rate limiting for the PW.
Configuration data
Table 9-3 lists configuration data.
Table 9-3 Configuration data

Device LSR-ID Interface IP address
U1-1 1.1.1.1 gigaethernet 1/1/1 10.10.1.1/24
gigaethernet 1/2/1.100 10.10.10.2/24
loopback 2 1.1.1.1/24
A2-1 2.2.2.2 gigaethernet 1/1/1 10.10.1.2/24

186
Raisecom

gigaethernet 1/1/2 10.10.2.1/24
gigaethernet 1/1/3 100.10.1.1/24
loopback 2 2.2.2.2/32
B-1 3.3.3.3 gigaethernet 1/1/1 10.10.2.2/24
loopback 2 3.3.3.3
B-3 5.5.5.5 gigaethernet 1/1/1 10.10.5.1/24
loopback 2 5.5.5.5/32
Loopback 1 is a dedicated interface for the DCN network management. To prevent conflicts,
loopback 1 interface is prohibited. You can enable another loopback interface of which the IP
address can be used as the IP address of the LSR-ID. Loopback 2 is used in this example.
Configuration steps
Step 1 Configure MPLS globally.
U1-1
U1-1(config)#mpls lsr-id 1.1.1.1

U1-1(config)#mpls enable
A2-1
A2-1(config)#mpls lsr-id 2.2.2.2

A2-1(config)#mpls enable
A2-1(config)#mpls ldp
B-1
B-1(config)#mpls lsr-id 3.3.3.3

B-1(config)#mpls enable
B-1(config)#mpls ldp
B-3

187
Raisecom
B-3(config)#mpls lsr-id 5.5.5.5

B-3(config)#mpls enable
B-3(config)#mpls ldp
Step 2 Configure the IP address of the planning interface and enable LDP session.
U1-1
U1-1(config)#interface loopback 2
U1-1(config-loopback2)#ip address 1.1.1.1 255.255.255.255
U1-1(config-loopback2)#interface gigaethernet 1/1/1
U1-1(config-gigaethernet1/1/1)#ip address 10.10.1.1 255.255.255.0
U1-1(config-gigaethernet1/1/1)#exit
A2-1
A2-1(config)#interface loopback 2
A2-1(config-loopback2)#ip address 2.2.2.2 255.255.255.255
A2-1(config-loopback2)#interface gigaethernet 1/1/1
A2-1(config-gigaethernet1/1/1)#ip address 10.10.1.2 255.255.255.0
A2-1(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
A2-1(config-gigaethernet1/1/2)#mpls ldp
A2-1(config-gigaethernet1/1/2)#interface gigaethernet 1/1/3
A2-1(config-gigaethernet1/1/3)#mpls ldp
/*configure the IP address of the interface on the ring and enable LDP.
B-1
B-1(config)#interface loopback 2
B-1(config-loopback2)#ip address 3.3.3.3 255.255.255.255
B-1(config-loopback2)#interface gigaethernet 1/1/1
B-1(config-gigaethernet1/1/1)#ip address 10.10.2.2 255.255.255.0
B-1(config-gigaethernet1/1/1)#mpls ldp
B-3
B-3(config)#interface loopback 2
B-3(config-loopback2)#ip address 5.5.5.5 255.255.255.255
B-3(config-loopback2)#interface gigaethernet 1/1/1
B-3(config-gigaethernet1/1/1)#ip address 10.10.5.1 255.255.255.0
B-3(config-gigaethernet1/1/1)#mpls ldp

188
Raisecom
Step 3 Configure static active/stanby Tunnel between U1-1 and A2-1.

 Configure active Tunnel on U1-1.
U1-1(config)#interface tunnel 1/1/1

U1-1(config-tunnel1/1/1)#mpls tunnel-id 1
U1-1(config-tunnel1/1/1)#destination 2.2.2.2
U1-1(config-tunnel1/1/1)#mpls te commit
U1-1(config-tunnel1/1/1)#exit
U1-1(config)#mpls bidirectional static-lsp ingress lsp1-1 lsr-id 2.2.2.2
tunnel-id 1
U1-1(config-ingress-lsp)#forward 2.2.2.2 255.255.255.255 nexthop
10.10.1.2 out-label 101
U1-1(config-ingress-lsp)#backward in-label 102
U1-1(config-ingress-lsp)#exit
 Configure a standby Tunnel on U1-1.
U1-1(config)#interface tunnel 1/1/2

U1-1(config-tunnel1/1/2)#mpls tunnel-id 2
U1-1(config-tunnel1/1/2)#destination 2.2.2.2
U1-1(config-tunnel1/1/2)#mpls te commit
U1-1(config-tunnel1/1/2)#exit
U1-1(config)#mpls bidirectional static-lsp ingress lsp1-2 lsr-id 2.2.2.2
tunnel-id 2
U1-1(config-ingress-lsp)#forward 2.2.2.2 255.255.255.255 nexthop
10.10.1.2 out-label 103
U1-1(config-ingress-lsp)#backward in-label 104
 Configure active Tunnel on A2-1.
A2-1(config)#interface tunnel 1/1/1

A2-1(config-tunnel1/1/1)#mpls tunnel-id 1
A2-1(config-tunnel1/1/1)#destination 1.1.1.1
A2-1(config-tunnel1/1/1)#mpls te commit
A2-1(config-tunnel1/1/1)#exit
A2-1(config)#mpls bidirectional static-lsp egress lsp1-1 lsr-id 1.1.1.1
tunnel-id 1
A2-1(config-ingress-lsp)#forward in-label 101
A2-1(config-ingress-lsp)#backward 1.1.1.1 255.255.255.255 nexthop
10.10.1.1 out-label 102
 Configure standby Tunnel on A2-1.
A2-1(config)#interface tunnel 1/1/2

A2-1(config-tunnel1/1/1)#mpls tunnel-id 2

189
Raisecom
A2-1(config-tunnel1/1/1)#destination 1.1.1.1
A2-1(config-tunnel1/1/1)#mpls te commit
A2-1(config-tunnel1/1/1)#exit
A2-1(config)#mpls bidirectional static-lsp egress lsp1-1 lsr-id 1.1.1.1
tunnel-id 2
A2-1(config-ingress-lsp)#forward in-label 103
A2-1(config-ingress-lsp)#backward 1.1.1.1 255.255.255.255 nexthop
10.10.1.1 out-label 104
Step 4 Configure a static PW between U1-1 and A2-1.
U1-1(config)#interface gigaethernet 1/2/1.1

U1-1(config-gigaethernet1/2/1.1)#encapsulation dot1Q 1
U1-1(config-gigaethernet1/2/1.1)#mode l2
U1-1(config-gigaethernet1/2/1.1)#mpls static-l2vc destination 2.2.2.2 raw
vc-id 1 in-label 201 out-label 201 tunnel 1/1/1
U1-1(config-gigaethernet1/2/1.1)#mpls static-l2vc destination 2.2.2.2 raw
vc-id 2 in-label 202 out-label 202 tunnel 1/1/2 backup
Step 5 Enable OSPF on U1, A2, and B and advertise routes.

U1-1
U1-1(config)#router ospf 1
U1-1(config-router-ospf)#network 1.1.1.1 255.255.255.255 area 0
U1-1(config-router-ospf)#network 10.10.1.1 255.255.255.255 area 0
U1-1(config-router-ospf)#exit
A2-1
A2-1(config)#router ospf 1
A2-1(config-router-ospf)#network 2.2.2.2 255.255.255.255 area 0
A2-1(config-router-ospf)#exit
B-1
B-1(config)#router ospf 1
B-1(config-router-ospf)#network 3.3.3.3 255.255.255.255 area 0
B-1(config-router-ospf)#exit

190
Raisecom
B-3
B-3(config)#router ospf 1
B-3(config-router-ospf)#exit
Step 6 Establish LDP sessions between A2-1, B-1, and B-3.

A2-1
A2-1(config)#mpls ldp targeted neighbour 3.3.3.3

/*configure an active LDP poiting to B-1.*/
A2-1(config)#mpls ldp targeted neighbour 5.5.5.5
/*Configure a standby LDP pointing to B-3.*/
B-1
B-1(config)#mpls ldp targeted neighbour 2.2.2.2

/*Configure a standby LDP pointing to A2-1.*/
B-3
B-3(config)#mpls ldp targeted neighbour 2.2.2.2

/*Configure a standby LDP pointing to A2-1.*/
Step 7 Configure a static-to-dynamic PW on A2-1.
A2-1(config)#mpls switch-l2vc 1.1.1.1 1 in-label 201 out-label 201 tunnel

1/1/1 between 3.3.3.3 14 raw
/*static-to-dynamic active PW*/
A2-1(config)#mpls switch-l2vc 1.1.1.1 2 in-label 202 out-label 202 tunnel
1/1/2 between 5.5.5.5 15 raw
/* static-to-dynamic standby PW*/
Step 8 Enable BFD on U1-1 and establish PW FRR redundancy protection.
U1-1(config)#interface gigaethernet 1/2/1.1

U1-1(config-gigaethernet1/2/1.1)#mpls l2vpn pw bfd
U1-1(config-gigaethernet1/2/1.1)#mpls l2vpn pw bfd backup

191
Raisecom
U1-1(config-gigaethernet1/2/1.1)#mpls l2vpn redundancy master switch-mode

revertive wtr-time 120
Checking results
 After step 4, you can use the show mpls l2vc command to show PW working status.
U1-1#show mpls l2vc

Client interface : gigaethernet1/2/1.1
Pw index : 1
Vc id : 1
Access mode : symmetry
Tunnel policy : --
Tunnel number : 1/1/1
Ac status : up(bfd:up, cc:up)
Pw state : up(bfd:up, cc:up)
Vc state : up
/*If the above three items are all Up, the PW is configured successfully
and devices can communicate with each other. If AC is Down, it indicates
that the UNI is not Up. If PW is Down, it indicates that the NNI is not
Up, the PW parameters are inconsistent, or the network-side routes are
non-reachable.*/
Vc signal : manual
Local cw : enable
Local vc mtu : 9600
Remote vc mtu : --
Tpid : 0x8100
Svlan : --
Pw role : PrimaryPw
Pw QosMode : --
Pw Weight : --
Pw Flow Queue : --
Pw DsMode : Uniform
Pw Exp2LocalPriMap : Default
Pw LocalPri2ExpMap : Default
Create time : 1970-03-21,12:36:32
Last change time : 1970-03-21,12:36:32
----------------------------------------
Pw index : 3
Vc id : 2

192
Raisecom

Access mode : symmetry
Tunnel policy : --
Pw state : up(bfd:up, cc:up)
Vc state : up
Vc signal : manual
Local cw : enable
Local vc mtu : 9600
Remote vc mtu : --
Tpid : 0x8100
Svlan : --
Pw role : SecondaryPw
Pw work status : NoWorking
Pw QosMode : --
Pw Weight : --
Pw Flow Queue : --
Pw DsMode : Uniform
Create time : 1970-03-21,12:37:36
Last change time : 1970-03-21,12:37:36
----------------------------------------
Total l2vc : 2 2 up 0 down
 After step 6, you can use the show mpls ldp targeted neighbour command to check
status of LDP neighbor sessions.
A2-1#show mpls ldp targeted neighbor

LDP Remote Entity Information
-------------------------------------------------------------------------
Remote Peer IP : 3.3.3.3 LDP ID : 2.2.2.2:0
Transport Address : 2.2.2.2 LDP AdminStatus : Up
LDP OperStatus : Up Configured Keepalive Timer : 45Sec
Configured Hello Timer : 45 Sec Negotiated Hello Timer : 45Sec
BFD configuration : Disable Bfd Session ID : 0
Hello Packet sent/received : 40698/44929
-------------------------------------------------------------------------
Remote Peer IP : 5.5.5.5 LDP ID : 2.2.2.2:0
Transport Address : 2.2.2.2 LDP AdminStatus : Up
LDP OperStatus : Up Configured Keepalive Timer : 45Sec

193
Raisecom
Configured Hello Timer : 45 Sec Negotiated Hello Timer : 45Sec

BFD configuration : Disable Bfd Session ID : 0
Hello Packet sent/received : 40698/44929
-------------------------------------------------------------------------
TOTAL : 2 Remote-Peer(s) Found.
/*the remote LDP session exists and it is Up, which indicates that it is
normal.*/
 After step 6, you can use the show mpls ldp interface command to show whether
physical layer interface is enabled with LDP.
A2-1#show mpls ldp interface
LDP Interface Information

-------------------------------------------------------------------------
If-Name LDP STATUS LAM TransportAddress HelloSent/Rcv LDP OperStatus
-------------------------------------------------------------------------
GE1/1/1 Disable DU -- 0/0
GE1/1/2 Enable DU 2.2.2.2 99809/12682 Up
GE1/1/3 Enable DU 2.2.2.2 122206/122129 Up
GE1/1/4 Disable DU -- 0/0 --
GE1/2/1 Disable DU -- 0/0 --
……
-------------------------------------------------------------------------
LAM: Label Advertisement Mode IF-Name: Interface name
 After step 6, you can use the show mpls ldp session command to show LDP sessions
and the running status.
A2-1#show mpls ldp session
LDP Session Information

LDP Session Count : 2
-------------------------------------------------------------------------
Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
-------------------------------------------------------------------------
3.3.3.3:0 Operational DU Passive 0000:06:37 1587/1587
5.5.5.5:0 Operational DU Passive 0000:06:37 1587/1587
-------------------------------------------------------------------------
TOTAL: 2 Session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDDD:HH:MM
 After step 7, you can use the show mpls switch-l2vc command to show configurations
of PW switching.
A2-1#show mpls switch-l2vc

Switch-l2vc type : SVC <---> LDP (BACKUP)

194
Raisecom
Peer ip address : 1.1.1.1 <---> 3.3.3.3 --

Encapsulation type : raw <---> raw --
/*The RAW/TAG mode of the two PW segments must be the same. */
Vc id : 1 <---> 14 --
Fault relay : off
Vc state : up <---> up --
Local statuscode : 0x0 <---> 0x0 --
Remote statuscode : 0x0 <---> 0x0 --
Pw state : up <---> up --
Bfd state : up <---> up --
Cc state : up <---> up --
Sd state : up <---> up --
In label : 201 <---> 10247 --
Out label : 201 <---> 10241 --
/*The VC-Label of the dynamic PW is automatically assigned. It must have
a value.*/
Local cw : enable <---> enable --
Operational cw : enable <---> enable --
Local vc mtu : 9600 <---> 9600 --
Remote vc mtu : 9600 <---> 9600 --
/*The MTUs of the two PW segments must be the same.*/
Tunnel policy : -- <---> -- --
Tunnel number : 1/1/1 <---> -- --
Out xc index : -- <---> 1522 --
/*LSP interface index, for dynamic PW, this item must have a value.*/
Out ecmp index : -- <---> -- --
Pw QosMode : -- <---> -- --
Pw Bandwidth Cir : -- <---> -- --
Pw Bandwidth Pir : -- <---> -- --
Pw Bandwidth Valid : InValid <---> InValid --
Pw Weight : -- <---> -- --
Pw Flow Queue : -- <---> -- --
Work satus : working <---> working --
---------------------------------------------------------------------
Switch-l2vc type : SVC <---> LDP (BACKUP)
Peer ip address : 1.1.1.1 <---> 3.3.3.3 --
Encapsulation type : raw <---> raw --
Vc id : 2 <---> 15 --
Fault relay : off
Vc state : up <---> up --
Local statuscode : 0x0 <---> 0x0 --
Remote statuscode : 0x0 <---> 0x0 --
Pw state : up <---> up --
Bfd state : up <---> up --
Cc state : up <---> up --
Sd state : up <---> up --
In label : 202 <---> 10248 --
Out label : 202 <---> 10242 --
Local cw : enable <---> enable --
Operational cw : enable <---> enable --
Local vc mtu : 9600 <---> 9600 --
Remote vc mtu : 9600 <---> 9600 --
Tunnel policy : -- <---> -- --
Tunnel number : 1/1/2 <---> -- --
Out xc index : -- <---> 1523 --

195
Raisecom
Out ecmp index : -- <---> -- --

Pw QosMode : -- <---> -- --
Pw Bandwidth Cir : -- <---> -- --
Pw Bandwidth Pir : -- <---> -- --
Pw Bandwidth Valid : InValid <---> InValid --
Pw Weight : -- <---> -- --
Pw Flow Queue : -- <---> -- --
Work satus : working <---> working --
 After all configurations are complete, you can execute the Ping operation based on
MPLS VC to check the connectivity of the L2VPN.
U1-1#ping mpls vc-id 1 destination 2.2.2.2

Sending 5, 200-byte MPLS Echoes to 2.2.2.2,VC ID is 1, timeout is 3
seconds,send interval is 1 seconds,
Press CTRL + C to abort:
Reply from 3.3.3.3: bytes=84, Sequence=1, time<1ms.
---- PING Statistics----
5 packets transmitted,5 packets received,
Success rate is 100 percent(5/5),
round-trip (ms) min/avg/max = 0/0/0
 After completing Step 9, you can use the show bfd state command to show BFD status.
U1-1#show bfd state

SessionId State co-Tx-Interval(ms) co-Rx-Interval(ms) co-Detect-
Interval(ms)
------------------------------------------------------------------
129 Up 10 10 30
130 Up 10 10 30
Common questions
After a LDP session is configured, it is not Up.
 Check whether the network-side interface IP address is correctly configured.
 Check whether the OSPF route is enabled and whether the entire network routes have
been advertised and learned.
 Check whether the NNI interface is enabled with LDP.
 Check if the NNI interface is up.
After static-to-dynamic PW switching is configured, the PW is not Up.
 Check whether the UNI of PE3 is configured with a dynamic PW.
 Check whether the UNI of PE3 is Up.

196
Raisecom
 Check whether the binding between the static tunnel and the PW is correct in the PW
switching configuration. That is, the tunnel should be bound to the static PW at the local
end.
 Check whether the MTU, Raw/Tag, MTU, TPID, and control word of the two PWs are
the same.
The end-to-end PW cannot be pinged through.
 Check whether the configuration of the tunnel parameters is correct and whether the
status is Up.
 Check whether LDP is Up.
 Check whether the static PW and dynamic PW are up.
 Check whether the interface planning is consistent with the network topology.
 Check whether the configuration process is correct.
9.5.4 Example for configuring MPLS L3VPN typical networking
Figure 9-5 shows a backhaul CE+L3VPN network solution. The base station accesses device
A which functions as the CE device on the service network. CE 1 and CE 2 belong to VPN 1.
They access the MPLS L3VPN network through PE 1 and PE 2 respectively. The RT of VPN
1 is 100:1. Different VPN users cannot access each other. OSPF runs between PE 1 and PE 2.
Establish public routes for interconnection. Configure MP-BGP between PE 1 and PE 2 to
advertise L3VPN routes. Configure static routes between PEs and CEs. This completes the
deployment of the mobile backhaul network.
Figure 9-5 L3VPN networking application
 Configure basic MPLS functions on PE devices and configure VRF.
 Configure the IP addresses of the interfaces on PE and CE devices.
 After configuring the IP address of the PE client-side interface, bind the VRF to the
client-side interface.
 Enable OSPF public network routes between PE 1 and PE 2.
 Configure a MPLS static public network tunnel between PE 1 and PE 2.
 Enable MP-IBGP routes between PE 1 and PE 2, and enable VPNv4.

197
Raisecom
 Configure a static route between the PE and the CE. Configure the static VRF-based
private network route to the CE on the PE and configure the gateway from the CE to the
PE.
Configuration data
Table 9-4 lists configuration data.
Table 9-4 Configuration data

CE 1 – gigaethernet 1/1/1 10.10.10.1/24
Loopback 2 5.5.5.5/32
PE 1 1.1.1.1 gigaethernet 1/1/1 10.10.10.2/24
gigaethernet 1/1/2 10.10.1.1/24
Loopback 2 1.1.1.1/24
P 2.2.2.2 gigaethernet 1/1/1 10.10.1.2/24
gigaethernet 1/1/2 10.10.3.1/24
Loopback 2 2.2.2.2/32
PE 2 4.4.4.4 gigaethernet 1/1/1 10.10.4.1/24
gigaethernet 1/1/2 10.10.3.2/24
Loopback 2 4.4.4.4/32
CE 2 – gigaethernet 1/1/1 10.10.4.2/24
Loopback 2 6.6.6.6/32
Configuration steps
Step 1 Configure VRF on PE 1 and PE 2.
PE 1
PE1#config
PE1(config)#ip vrf VPN1
PE1(config-vrf)#rd 100:1
PE1(config-vrf)#route-target import 100:1
PE1(config-vrf)#route-target export 100:1PE1(config-vrf)#exit
PE 2
PE2#config

198
Raisecom
PE2(config)#ip vrf VPN1

PE2(config-vrf)#rd 100:1
PE2(config-vrf)#route-target import 100:1
PE1(config-vrf)#route-target export 100:1
PE2(config-vrf)#exit
Step 2 Configure the IP addresses of the interfaces on CE 1, CE 2, PE 1, PE 2, and P devices. The

configuration method is similar. Only PE 1 is used as an example. .
PE 1
PE1(config)#interface gigaethernet 1/1/2

PE1(config-gigaethernet1/1/2)#ip address 10.10.1.1 255.255.255.0
PE1(config-gigaethernet1/1/2)#interface Loopback 2
PE1(config-Loopback2)#ip address 1.1.1.1 255.255.255.255
PE1(config-Loopback2)#exit
Step 3 Configure the IP addresses of the client-side interfaces on PE 1 and PE 2.

PE 1

PE 2

Step 4 Bind client-side interfaces of PE 1 and PE 2 with VRFs.

PE 1

PE1(config-gigaethernet1/1/1)#ip vrf forwarding vpn1
PE1(config-gigaethernet1/1/1)#exit
PE 2

PE2(config-gigaethernet1/1/1)#ip vrf forwarding vpn1

199
Raisecom
Step 5 Configure public network routes between PE 1 and PE 2.
PE1(config)#router ospf 1
PE1(config-router-ospf)#network 10.10.1.0 0.0.0.255 area 0
PE1(config-router-ospf)#exit
P1(config)#router ospf 1
P1(config-router-ospf)#network 10.10.1.0 0.0.0.255 area 0
P1(config-router-ospf)#exit
PE 2
PE2(config)#router ospf 1
PE2(config-router-ospf)#network 10.10.3.0 0 0 0.0.0.255 area 0
Step 6 is for configuring the static public network tunnels. Step 7 is for configuring
dynamic public network tunnels. You can choose one as required.
Step 6 (Optional) configure a static public network tunnel between PE 1 and PE 2.
PE 1
PE1(config)#mpls lsr-id 1.1.1.1

PE1(config)#mpls enable
PE1(config)#interface tunnel 1/1/1
PE1(config-tunnel1/1/1)#destination 4.4.4.4
PE1(config-tunnel1/1/1)#mpls tunnel-id 200
PE1(config-tunnel1/1/1)#mpls te commit
PE1(config-tunnel1/1/1)#exit
PE1(config)#mpls static-lsp ingress lsp12 10.10.3.2 255.255.255.255
nexthop 10.10.1.2 out-label 1001 lsr-id 4.4.4.4 tunnel-id 200
PE1(config)#mpls static-lsp egress lsp21 in-label 2003 lsr-id 4.4.4.4
tunnel-id 200

200
Raisecom
P1(config)#mpls lsr-id 2.2.2.2

P1(config)#mpls enable
P1(config)#mpls static-lsp transit lsp12 in-label 1001 nexthop 10.10.3.2
out-label 1003 lsr-id 1.1.1.1 4.4.4.4 tunnel-id 200
P1(config)#mpls static-lsp transit lsp21 in-label 2001 nexthop 10.10.1.1
out-label 2003 lsr-id 4.4.4.4 1.1.1.1 tunnel-id 200
PE 2

PE2(config)#mpls static-lsp egress lsp12 in-label 1003 lsr-id 1.1.1.1
tunnel-id 200
PE2(config)#mpls static-lsp ingress lsp21 10.10.1.1 255.255.255.0 nexthop
10.10.2.2 out-label 2001 lsr-id 1.1.1.1 tunnel-id 200
Step 7 (Optional) configure a dynamic public network tunnel between PE 1 and PE 2.

PE 1

PE1(config-gigaethernet1/1/2)#mpls ldp

P(config-gigaethernet1/1/1)#mpls ldp
P(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
P(config-gigaethernet1/1/)# mpls ldp
PE 2

PE2(config)#interface gigaethernet1/1/2

201
Raisecom
Step 8 Establish a MP-IBGP peer between PE 1 and PE 2.

PE 1
PE1(config)#router bgp 1
PE1(config-router)#bgp router-id 1.1.1.1
PE1(config-router)#neighbor 4.4.4.4 remote-as 1
/*The Ass at both ends must be the same. If they are the same, the device
is in IBGP routing mode. Otherwise the device is in EBGP mode.*/
PE1(config-router)#neighbor 4.4.4.4 update-source 1.1.1.1
PE1(config-router)#address-family vpnv4
/*Configure a public network neighbor and ensure that the public network
routes are reachable, that is, the LSR-ID of the peer is reachable. If
there are multiple PE devices, you need to configure multiple public
network neighbors which are irrelevant with IPv4 private network
neighbors.*/
PE1(config-router-af)#neighbor 4.4.4.4 activate
PE1(config-router-af)#neighbor 4.4.4.4 send-community extended
/*You must adopt the extended mode. L3VPN is implemented based on
extended BGP.*/
PE1(config-router-af)#exit-address-family
PE1(config-router)#address-family ipv4 vrf vpn1
/*Configure IPv4 private network neighbors to match VRFs. If there are
multiple VRFs, configure multiple IPv4 neighbors and configure multiple
IPv4 private network neighbors on the peer end. This does not affect
VPNv4 public network neighbors.*/
PE1(config-router-af)#redistribute static
PE1(config-router-af)#redistribute connected
PE1(config-router)#exit
PE 2
PE2(config)#router bgp 1
PE2(config-router)#bgp router-id 4.4.4.4
PE2(config-router)#neighbor 1.1.1.1 remote-as 1
PE2(config-router)#neighbor 1.1.1.1 update-source 4.4.4.4
PE2(config-router)#address-family vpnv4
PE2(config-router-af)#neighbor 1.1.1.1 activate
PE2(config-router-af)#neighbor 1.1.1.1 send-community extended
PE2(config-router)#address-family ipv4 vrf vpn1
PE2(config-router-af)#redistribute static
PE2(config-router-af)#redistribute connected
PE2(config-router)#exit
Step 9 Configure a static route pointing to CE 1 on PE 1 and configure a static route pointing to CE 2
on PE 2.
PE 1
202
Raisecom
PE1(config)#ip route vrf vpn1 5.5.5.5 255.255.255.255 10.10.10.1
PE 2
PE2(config)#ip route vrf vpn1 6.6.6.6 255.255.255.255 10.10.1.2
Step 10 Configure the gateway IP address on CE 1 and CE 2 respectively.

CE 1
CE1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.2
CE 2
CE2(config)#ip route 0.0.0.0 0.0.0.0 10.10.4.1
Checking results
 Use the show ip vrf detail command to check whether VRF configurations on PE 1 and
PE 2 are correct respectively.
PE 1
PE1(config)#show ip vrf detail

Total VRF configured : 1
VRF: vpn1 ID: 1

Creation time: 2016/02/14 03:22:40
Up time: 1d18h04m
Route Distinguisher: 100:1
Import RT: 100:1
Export RT: 100:1
Label policy: label per vrf Label: 10241
PE 2
PE2(config)#show ip vrf detail

Total VRF configured : 1
VRF: vpn1 ID: 1

Creation time: 2016/02/14 03:22:40
Up time: 1d18h04m
Import RT: 100:1

203
Raisecom
Export RT: 100:1

Label policy: label per vrf Label: 10241
 Use the show ip route command to show whether the public network routes learned by
the PE and P devices are correct. Take PE 1 for example.
PE 1
PE1(config)#show ip route
Routing Tables: Default-IP-Routing-Table
-------------------------------------------------------------------------
--
Flag: C - connected, S - static, R - RIP, B - BGP, O - OSPF, I - IS-IS
P - Protocol, s - States, > - selected , * - active, Dis - Distance
P&s Destination/Mask Dis/Metric NextHop Age Interface
C>* 1.0.0.0/8 0/0 1.1.1.2 1d20h13m GE1/1/1

C>* 1.1.1.2/32 0/0 127.0.0.1 1d20h13m lo0
O>* 132.1.84.18/32 110/2 132.1.84.18 00:12:42 GE1/1/1.4094
C>* 10.10.1.0/24 0/0 10.10.1.2 04w4d21h GE1/1/2
C>* 172.16.70.82/32 0/0 127.0.0.1 04w4d21h lo0
 Use the show interface tunnel command to show whether tunnel configurations on PE 1
and PE 2 are correct. Take PE 1 for example.
PE 1
PE1(config)#show interface tunnel

tunnel1/1/1 is DOWN, Admin status is UP
Hardware is NULL, MAC is 0000.0000.0000
Peer Address is 0.0.0.0
MTU 1500 bytes
Last 300 seconds period input rate 0 bytes/sec, 0 packets/sec
Last 300 seconds period output rate 0 bytes/sec, 0 packets/sec
Input Statistics:
0 ifInPkts,
0 ifInBytes,
0 ifInDropPkts,
0 ifInDropBytes,
Output Statistics:
0 ifOutPkts,
0 ifOutBytes,
0 ifOutDropPkts,
0 ifOutDropBytes,
 Use the show ip bgp neighbor command to show whether PE 1 and PE 2 have
established the BGP neighbor.

204
Raisecom
PE1(config)#show ip bgp neighbor

BGP neighbor is 4.4.4.4, remote AS 1, local AS 1, internal link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:10:57, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 0 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Total: 0 0
Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast

0 accepted prefixes
For address family: VPNv4 Unicast

Community attribute sent to this neighbor(extended)
0 accepted prefixes
Connections established 0; dropped 0

Last reset never
Next connect timer due in 73 seconds
Read thread: off Write thread: off
BFD session ID:0
 Use the show ip bgp vpnv4 all command to check whether the PE has learned the
VPNv4 neighbor.
PE1(config)#show ip bgp vpnv4 all

Local router ID is 1.1.1.1
Status codes: s - suppressed, d - damped, h - history, * - valid, > -
best, i - internal, S - Stale, R - Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path

*> 30.0.0.0 100.0.0.10 0 32768 ?
Routes of vpn-instance: 1
*> 30.0.0.0 100.0.0.10 0 32768 ?

205
Raisecom
RAX711-R (B) Configuration Guide 10 TDMoP
10 TDMoP
This chapter describes principles and configuration procedures of TDMoP, as well as related
configuration examples, including the following sections:
 Configuring Tunnel
 Configuring PW
 Configuring TDMoP clock
 Maintenance
10.1 Configuring Tunnel

The Tunnel is the tunnel to carry the Pseudo Wire (PW) to traverse the Packet Switching
Network (PSN). Before configuring the PW, you must create the Tunnel.
For a MPLS Tunnel, its properties are defined by MPLS LSP and L2VPN. For details about
how to create the MPLS Tunnel, see chapter 8 MPLS.
10.2 Configuring PW
Scenario
After being received by the TDM interface, TDM service data flows are encapsulated into PW
packets. PW packets of the same type will form PW service flows and traverse the PSN. After
reaching the other end of the PSN, PW service flows are decapsulated to TDM service flows,
which are forwarded through the TDM interface.
Prerequisite
The TDMoP card is in place.

206
Raisecom
10.2.2 Configuring static L2VC

2 Raisecom(config)#interface tdm 1/slot- Enter TDM interface configuration mode.
id/interface-number
3 Raisecom(config-tdm-1/*/*)#tdm-type Set the link type of TDM interface to E1 framed.
{ e1-unframed | e1-framed | e1-crc-
framed }
By default, the link type of TDM interfaces is set
to E1 unframed.
4 Raisecom(config-tdm-1/*/*.*)#interface (Optional) enter TDM sub-interface configuration
tdm 1/slot-id/interface-number.sub- mode.
interface-number
Proceed this step when the link type is set to E1

framed
5 Raisecom(config-tdm-1/*/*.*)#timeslot (Optional) configure the TS associated by the
timeslot TDM sub-interface.

framed, otherwise, close all TSs.
6 Raisecom(config-tdm-port)#mpls static- Create the static L2VC.
l2vc destination ip-address vc-id vc-id
in-label in-label out-label out-label
[ tunnel-policy policy-name | tunnel
tunnel-number ] [ jitter-buffer
buffer ] [ tdm-encapsulation number ]
[ rtp-header ]
10.2.3 Configuring dynamic L2VC

2 Raisecom(config)#interface tdm 1/slot- Enter TDM interface configuration mode.
id/interface-number
3 Raisecom(config-tdm-1/*/*)#tdm-type Set the link type of TDM interface to E1 framed.
{ e1-unframed | e1-framed | e1-crc-
framed } By default, the link type of TDM interfaces is set
to E1 unframed.

207
Raisecom

4 Raisecom(config-tdm-1/*/*.*)#interface Enter TDM sub-interface configuration mode.
tdm 1/slot-id/interface-number.sub-
interface-number

framed
5 Raisecom(config-tdm-1/*/*.*)#timeslot (Optional) configure the TS associated by the
timeslot TDM sub-interface.

framed, otherwise, close all TSs.
6 Raisecom(config-tdm-1/*/*.*)# mpls l2vc Configure the dynamic L2VC.
destination ip-address vc-id vc-id
[ tunnel-policy policy-name | tunnel
tunnel-number ] [ jitter-buffer
buffer ] [ tdm-encapsulation number ]
[ rtp-header ]

1 Raisecom#show mpls l2vc [ static ] [interface-type Show L2VPN status.
interface-number ]
10.3 Configuring TDMoP clock

Scenario
The TDMoP system supports clock synchronization in nature. The PTN is an STDM-based
best-effort network. It may cause end-to-end delay. TDM services are encapsulated into
Ethernet packets and then are transmitted cross the PTN. This also influences the performance
for de-encapsulating TDM services. However, TDMoP clock recovery technology can reduce
impact caused by PTN delay.
The clock recovery mechanism adopted by the TDMoP system depends on the Rx clock
source of the TDM interface.
Prerequisite
A PW is created.

208
Raisecom
10.3.2 Configuring Tx clock source of TDM interfaces

2 Raisecom(config)#interface tdm Enter TDM interface configuration mode.
1/slot-id/interface-number
3 Raisecom(config-tdm-1/*/*)#clk tx- Configure the clock source of a TDM interface.
src { acr| dcr | loopback }
By default, the clock source of the TDM interface is
set to system clock.
10.3.3 Configuring sub-interface of adaptive recovery clock

2 Raisecom(config)#interface tdm Enter TDM interface configuration mode.
1/slot-id/interface-number.sub-
interface-number
3 Raisecom(config-tdm-1/*/*.*)#clk acr Configure the sub-interface of the adaptive recovery
clock.

1 Raisecom(config)#show interface tdm Show clock configurations of the current
{ 1/slot-id/interface-number | 1/slot- TDM interface.
id/interface-number.sub-interface-number }
10.4 Maintenance
Command Description
Raisecom(config-tdm-port)#loopback Configure the loopback mode of TDM interfaces.
{ internal | external |
bidirectional }
By default, there is no loopback on the TDM interface.
You can use the no loopback command to configure the
TDM interface not to perform loopback.

209
Raisecom
RAX711-R (B) Configuration Guide 11 OAM
11 OAM
This chapter describes principles and configuration procedures of OAM, as well as related
 Configuring EFM
 Configuring CFM
 Configuring MPLS-TP OAM
 Configuring BFD
 Configuring SLA
 Configuring link quality alarm
 Maintenance
11.1 Configuring EFM

Scenario
Deploying EFM between directly-connected devices can effectively improve the management
and maintenance capability of Ethernet links and ensure network running smoothly.
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical layer
Up.
11.1.2 Configuring EFM basic functions


210
Raisecom

2 Raisecom(config)#oam send-period (Optional) configure the OAM PDU delivery
period-number timeout time period and timeout.
By default, the OAM PDU delivery time is
configured to 1s (the parameter is configured to 10,
10 ×100ms = 1s) and the timeout is configured to
5s.
3 Raisecom(config)#interface Enter Layer 2/Layer 3 physical interface
gigaethernet interface-number configuration mode.
4 Raisecom(config-port)#oam { active | Configure a working mode of EFM.
passive }
By default, the RAX711-R works in passive mode.
5 Raisecom(config-port)#oam enable Enable EFM OAM of the link.
11.1.3 Configuring EFM active functions
EFM active functions can be configured when the RAX711-R is in active mode.
(Optional) configuring RAX711-R to initiate EFM remote loopback
 You can discover network faults in time by periodically detecting loopbacks. By

detecting loopbacks in segments, you can locate exact areas where faults occur
and you can troubleshoot these faults.
 When a link is in the loopback status, the RAX711-R returns all packets but OAM
packets received by the link to the peer. At this time, the user data packet cannot
be forwarded properly. Therefore, disable this function immediately when
detection is not required.
2 Raisecom(config)#interface gigaethernet Enter Layer 2/Layer 3 physical interface
3 Raisecom(config-port)#oam remote- Enable the Layer 2/Layer 3 physical interface to
loopback initiate remote loopback.
4 Raisecom(config-port)#oam loopback (Optional) configure the timeout for the Layer
timeout time 2/Layer 3 physical interface to initiate remote
loopback. By default, it is configured to 3s.

211
Raisecom

5 Raisecom(config-port)#oam loopback retry (Optional) configure the retry times for the
times Layer 2/Layer 3 physical interface to initiate
remote loopback. By default, it is configured to
2 times.
(Optional) viewing current variable values of peer device
By getting the current variable values of the peer, you can get current link status.
IEEE 802.3 Clause 30 defines and explains supported variables and their denotation
gotten by OAM in details. The variable takes Object as the maximum unit. Each
object contains Package and Attribute. A package contains several attributes.
Attribute is the minimum unit of a variable. When an OAM variable is obtained, object,
package, branch, and leaf description of attributes are defined by Clause 30 to
describe requesting object, and the branch and leaf are followed by variable to
denote object responds variable request. The RAX711-R supports getting OAM
information and interface statistics.
Peer variable cannot be obtained unless EFM connection is established.
1 Raisecom#show oam peer oam-info [ gigaethernet Show OAM basic information
interface-number ] about the peer device.
Raisecom#show oam peer [ gigaethernet interface-
number ]
11.1.4 Configuring EFM passive functions
The passive functions of EFM can be configured regardless of the RAX711-R is in

active or passive mode.
(Optional) configuring RAX711-R to respond to EFM remote loopback
The peer EFM remote loopback will not take effect until the remote loopback
response is configured on the local device.
gigaethernet interface-number

212
Raisecom

3 Raisecom(config)#oam loopback Configure the Layer 2 physical interface to
{ ignore | process } ignore/respond to EFM remote loopback sent by the
peer device. By default, the Layer 2 physical interface
ignores EFM remote loopback.
11.1.5 Configuring link monitoring and fault indication
(Optional) configuring OAM link monitoring
OAM link monitoring is used to detect and report link errors in different conditions.
When detecting a fault on a link, the RAX711-R provides the peer with the generated
time, window, and threshold, etc. by OAM event notification packets. The peer
receives event notification and reports it to the NView NNM system through SNMP
Trap. Besides, the local device can directly report events to the NView NNM system
through SNMP Trap.
By default, the system sets default value for error generated time, window, and
threshold.
2 Raisecom(config)#interface gigaethernet Enter Layer 2 physical interface configuration
3 Raisecom(config-port)#oam errored-frame Configure the monitor window and threshold
window framewindow threshold for an error frame event.
framethreshold
By default, the monitor window is configured
to 1s and the threshold is configured to 1 error
frame.
4 Raisecom(config-port)#oam errored-frame- Configure the monitor window and threshold
period window frameperiodwindow threshold for an error frame period event.
frameperiodthreshold
to 1000ms and the threshold is configured to 1
error frame.
5 Raisecom(config-port)#oam errored-frame- Configure the monitor window and threshold
seconds window framesecswindow threshold for an error frame seconds event.
framesecsthreshold
to 60s and the threshold is configured to 1s.
6 Raisecom(config-port)#oam errored-symbol- Configure the monitor window and threshold
period window symperiodwindow threshold for an error symbol event.
symperiodthreshold
to 1s and the threshold is configured to 1 error
frame.

213
Raisecom
(Optional) configuring OAM fault indication

2 Raisecom(config)#interface gigaethernet Enter Layer 2 physical interface configuration
3 Raisecom(config-port)#oam notify Enable OAM notification of fault information
{ critical-event | dying-gasp | errored- and OAM link events.
frame | errored-frame-period | errored-
frame-seconds | errored-symbol-period } By default, OAM notification of all links is
enable enabled.
4 Raisecom(config-port)#oam event trap Enable OAM Trap of local OAM link events.
enable
5 Raisecom(config-port)#oam peer event Enable OAM Trap of peer OAM link events.
trap { enable | disable }
11.1.6 Configuring extended OAM

Both Layer 2 and Layer 3 interfaces of the device support extended OAM. Configuring OAM
on layer 3 interface does not affect the configurations of its sub-interfaces.

2 Raisecom(config)#interface interface- Enter physical interface configuration mode.
3 Raisecom(config-port)#oam enable Enable OAM on the interface.
4 Raisecom(config-port)#oam { active | Configure the working mode of OAM.
passive }
By default, it is Passive.
5 Raisecom(config-port)#remote-device Enter remote configuration mode.
6 Raisecom(config-remote)#hostname Configure the host name for remote device.
hostname

214
Raisecom

7 Raisecom(config-remote)#ip address ip- Configure the IP address of the remote device.
address [ ip-mask ] [ vlan-id ]
 It is not recommended that you use

this command together with zero-
configuration, because it may cause the
remote device out of control.
 When the remote device belongs to
IPRAN, you should configure its IP

address on Loopback 1. If you configure
the management VLAN ID, the sub-
interface (father interface is enabled
with OAM) will borrow the IP address of
Loopback 1, otherwise, it will not.
 When the remote device belongs to
the PTN, you should configure its IP

address on IP interface 0. If you
configure the management VLAN ID,
the VLAN will associate with IP interface
0.
After entering remote configuration mode, you can show the command list supported by the
remote device by executing list command. Then you can manage the remote device by
executing those commands. For example:
 Use the snmp-server community command to configure the network management for
the remote device.
 Use the switch-mode dot1q-vlan native-vlan command to configure VLAN for the
remote device.
 Use the reboot command to reboot the remote device.
 Use the erase command to delete configuration files from the remote device.
There are still a lot of commands that you can use to monitor and manage the remote device
by the extended OAM. I will not list them one by one, you can use them according to your
actual need. The function of some related command line is the same as the command executed
locally.

1 Raisecom#show oam [ gigaethernet interface- Show configurations of OAM basic
number ] functions.
2 Raisecom#show oam event [ gigaethernet Show local OAM link events.
interface-number ] [ critical ]

215
Raisecom

3 Raisecom#show oam loopback [ gigaethernet Show OAM remote loopback
interface-number ] configurations.
4 Raisecom#show oam notify [ gigaethernet Show OAM notification configurations.
interface-number ]
5 Raisecom#show oam peer event [ gigaethernet Show information about OAM peer events.
interface-number ] [ critical ]
6 Raisecom#show oam peer link-statistic Show peer OAM link statistics.
[ gigaethernet interface-number ]
7 Raisecom#show oam statistics [ gigaethernet Show OAM statistics.
interface-number ]
8 Raisecom#show oam trap [ gigaethernet Show OAM Trap information.
interface-number ]
11.2 Configuring CFM

Scenario
To expand application of Ethernet technologies at a Telecom-grade network, the Ethernet
must ensure the same QoS as the Telecom-grade transport network. CFM solves this problem
by providing overall OAM tools for the Telecom-grade Ethernet.
CFM can provide following OAM functions:
 Fault detection (Continuity Check, CC)
 Fault acknowledgement (LoopBack, LB)
 Fault location (LinkTrace, LT)
 Alarm Indication Signal (AIS)
 Ethernet lock signal (Lock, LCK)
 Client Signal Fail (CSF)
Prerequisite
 Connect interfaces and configure physical parameters of the interfaces. Make the
physical layer Up.
 Create a VLAN.
 Add interfaces to the VLAN.
11.2.2 Enabling CFM
 CFM fault detection and CFM fault location functions cannot take effect until the
CFM is enabled.

216
Raisecom
 To enable CFM on an interface, you need to enable global CFM in global

configuration mode and then enable CFM on the interface.
 When global CFM is disabled, it does not affect enabling/disabling EFM on the
interface.
 Ethernet LM cannot take effect unless CFM is enabled on the ingress interface
of the service packet and MEP-related interfaces.
 CFM is configured in Layer 2 physical interface configuration mode only.
2 Raisecom(config)#ethernet cfm enable Enable global CFM.
3 Raisecom(config)#interface gigaethernet Enter physical layer interface configuration
Raisecom(config-port)#portswitch Switch the interface mode to Layer 2

physical interface mode.
4 Raisecom(config-port)#ethernet cfm enable Enable CFM on Layer 2 physical interface.
11.2.3 Configuring CFM basic functions

2 Raisecom(config)#ethernet cfm mode Configure the CFM working mode.
{ master | slave } By default, it is in slave mode.
3 Raisecom(config)#ethernet cfm domain Create a MD.
[ md-name domain-name ] level md-  If a MD name is assigned by the md-name
level parameter, it indicates that the MD is in 802.1ag
style. And all MAs and CCMs in the MD are in
802.1ag style.
 If a MD name is not assigned, the MD is in Y.1731
style and all MAs and CCMs in the MD are in

Y.1731 style.
 Support configuring Y.1731 and 802.1ag CFM
concurrently.
 If the MD name is specified, it must be globally
unique.
 Levels of different MDs must be different.
4 Raisecom(config)#service csi-id Create a service instance and enter service instance

level md-level configuration mode.
5 Raisecom(config-service)#service Configure the VLAN related to the MA.
vlan-list vlan-list [ primary vlan-
id ]

217
Raisecom

6 Raisecom(config-service)#service mep Configure the MEP based on the service instance.
[ up | down ] mpid mep-id Before configuring MEP, relating the service
[ interface-type interface-number ] instance to the VLAN.
Configure the MEP in Layer 2 physical

interface mode.
7 Raisecom(config-service)#service Add static remote MEP of the service instance
remote-mep mep-list interface-type manually.
interface-number
Raisecom(config-service)#service
remote-mep mep-list remote-mac mac- 802.1ag down MEP needs to manually add
address [ interface-type interface- the remote MEP and specify the interface. It
number ] fails to find the remote MEP automatically.
8 Raisecom(config-service)#service (Optional) configure remote MEP learning. Add
remote-mep learning active dynamically learned remote MEPs to the static
remote MEP list.
9 Raisecom(config-service)#service Enable alarm inhibition.
suppress-alarms enable mep { mep-
list | all } By default, it is enabled.
11.2.4 Configuring fault detection

2 Raisecom(config)#ethernet cfm remote (Optional) configure the aging time of remote
mep age-time minutes MEPs.
3 Raisecom(config)#ethernet cfm errors (Optional) configure the archive-hold time of error
archive-hold-time minutes CCMs.
By default, it is configured to 100min.
4 Raisecom(config)#service csi-id level Enter service instance configuration mode.
md-level
5 Raisecom(config-service)#service cc (Optional) configure the delivery period of CCMs.

interval { 3ms | 10ms | 100ms | 1 |
10 | 60 | 600 }
6 Raisecom(config-service)#service cc Enable MEP to send CCMs.

enable mep { mep-list | all }
7 Raisecom(config-service)#service (Optional) enable checking remote MEPs.

remote-mep cc-check enable By default, it is disabled.
8 Raisecom(config-service)#service (Optional) configure the CVLAN of the MA.
cvlan vlan-id

218
Raisecom

9 Raisecom(config-service)#service (Optional) configure the priority of CFM OAM
priority priority packets.
11.2.5 Configuring fault acknowledgement

2 Raisecom(config)#service csi-id level md- Enter service instance configuration
level mode.
3 Raisecom(config-service)#ping mac-address Perform Layer 2 Ping for acknowledging
[ count count-number ] [ size size ] faults.
[ source mep-id ] [ timeout time ]
[ padding { null | null-crc | prbs | prbs- By default, 5 LBMs are sent. The TLV
crc } ] length of a packet is configured to 64.
The RAX711-R automatically looks for
Raisecom(config-service)#ping mep mep-id
an available source MEP.
[ ttl ttl ] [ count count-number ] [ size
size ] [ source mep-id ] [ timeout time ]
[ padding { null | null-crc | prbs | prbs-
crc } ]
To perform Ping MEP operation,
802.1ag down MEP needs to be
configured with the static remote
MAC address.
4 Raisecom(config-service)#ping ethernet Perform Layer 2 multicast Ping for
multicast [ size size ] [ timeout time ] acknowledging faults.
crc } ]
 Before executing this command, you must ensure that global CFM is enabled.
Otherwise, the Ping operation fails.
 If there is no MEP in a service instance, Ping operation will fail because of failing
to find source MEP.
 Ping operation will fail if the specified source MEP is invalid. For example, the
specified source MEP does not exist or CFM is disabled on the interface where
the specified source MEP is.
 Ping operation will fail if the Ping operation is performed based on the specified
destination MEP ID and the MAC address of destination is not found based on
the MEP ID.
 Ping operation will fail if other users are using the specified source MEP to
perform Ping operation.

219
Raisecom
11.2.6 Configuring fault location

md-level
3 Raisecom(config-service)#traceroute Perform Layer 2 Traceroute for locating faults.

mac-address [ ttl ttl ] [ source mep-
id ] By default, the TLV length of a packet is
configured to 64. The RAX711-R automatically
Raisecom(config-service)#traceroute mep looks for an available source MEP.
mep-id [ ttl ttl ] [ source mep-id ]
[ interface-mode ] [ timeout time ]
To perform Traceroute MEP operation,

802.1ag down MEP needs to be
configured with the static remote MAC
address.
Raisecom(config-service)#traceroute mip Perform MPLS-TP Traceroute for locating faults.
icc icc-code code-id [ ttl ttl ]
[ interface-num interface-number ]
[ timeout time ]
Raisecom(config-service)#exit
4 Raisecom(config)#ethernet cfm (Optional) enable LinkTrace cache.

traceroute cache enable When LinkTrace cache is enabled, you can use
the show ethernet cfm traceroute cache
command to learn the routes discovered through
the cache storage protocol. When LinkTrace
cache is disabled, the result will be automatically
erased by the traceroute command.
By default, LinkTrace cache is disabled.
5 Raisecom(config)#ethernet cfm (Optional) configure the hold time of data in the
traceroute cache { hold-time minute | LinkTrace cache and LinkTrace cache size.
size size }
By default, the hold time is configured to 100min
and the LinkTrace cache size is configured to
100.
 Before executing this command, you must ensure that global CFM is enabled.
Otherwise, the Traceroute operation fails.
 If there is no MEP in a service instance, Traceroute operation will fail because of
failing to find source MEP.
 Traceroute operation will fail if the specified source MEP is invalid. For example,
the specified source MEP does not exist or CFM is disabled on the interface
where the specified source MEP is.

220
Raisecom
 Traceroute operation will fail if the Ping operation is performed based on the
specified destination MEP ID and the MAC address of destination is not found
based on the MEP ID.
 If the CC feature is invalid, you can ensure Layer 2 Traceroute operation works
normally by configuring static RMEP and specifying MAC address.
 Traceroute operation will fail if other users are using the specified source MEP to
perform Traceroute operation.
 If the service instance associates with the emulated Ethernet PW, when LB is
performed, you need to enable global CFM and Ethernet CFM on the AC-side
Ethernet interface.
11.2.7 Configuring AIS
Configuring AIS on server-layer devices

[ md-name domain-name ] level md-level

md-level
4 Raisecom(config-service)#service ais Configure the level of the MD to which AIS is

level md-level sent.
The MD level must be higher than the

service instance level.
5 Raisecom(config-service)#service ais (Optional) configure the AIS delivery period.
period { 1 | 60 } By default, the AIS delivery period is
configured to 1s.
6 Raisecom(config-service)#service ais Enable AIS delivery.
enable
By default, AIS delivery is disabled.
Configuring AIS on client-layer devices

2 Raisecom(config)#ethernet cfm domain [ md- Create a MD.
name domain-name ] level md-level
3 Raisecom(config)#service csi-id level md- Enter service instance configuration mode.

level
4 Raisecom(config-service)#service suppress- Enable alarm inhibition.

alarms enable mep { mep-list | all } By default, alarm inhibition is enabled.

221
Raisecom
11.2.8 Configuring LCK
Configuring LCK on server-layer devices


level
4 Raisecom(config-service)#service lck level Configure the level for sending the LCK
md-level [ vlan vlan-id ] packet. The level must be higher than the
service instance level.
By default, use the level of the MIP, which
is higher than the MEP level, to send the
LCK packet.
5 Raisecom(config-service)#s service lck (Optional) configure the LCK packet
period { 1 | 60 } delivery period. By default, the LCK packet
delivery period is configured to 1s.
6 Raisecom(config-service)#service lck start Configure the MEP to send the LCK packet.
mep { mep-list | all }
By default, the MEP does not send the LCK
packet.
Configuring LCK on client-layer devices


level
4 Raisecom(config-service)#service suppress- Enable alarm inhibition.

alarms enable mep { mep-list | all } By default, alarm inhibition is enabled.
11.2.9 Configuring CSF
Configuring LCK on server-layer devices


222
Raisecom

[ md-name domain-name ] level md-level

md-level
4 Raisecom(config-service)#service csf (Optional) configure the CSF packet delivery

period { 1 | 60 } period. By default, the CSF packet delivery
period is configured to 1s.
5 Raisecom(config-service)#service csf Enable the MEP to send the LCK packet.
enable mpid mep-id
6 Raisecom(config-service)#service csf (Optional) enable CSF Trap.
trap enable

1 Raisecom#show cfm csf Show CSF information.
2 Raisecom#show ethernet cfm Show CFM global configurations.
3 Raisecom#show ethernet cfm ais [ level md-level ] Show AIS information.
[ source ]
802.1ag MDs do not support

AIS.
4 Raisecom#show ethernet cfm domain [ level md- Show MD configurations.
level ]
5 Raisecom#show ethernet cfm errors [ level md- Show error CCM information.
level ]
6 Raisecom#show ethernet cfm lck [ level md-level ] Show LCK information.
[ source ]
802.1ag MDs do not support

LCK.
7 Raisecom#show ethernet cfm local-mp [ interface Show local MEP configurations.
interface-type interface-number ]
Raisecom#show ethernet cfm local-mp [ level md-
level ]
8 Raisecom#show ethernet cfm remote-mep [ level md- Show remote MEP configurations.
level [ service csi-id [ mpid mep-id ] ] ]
9 Raisecom#show ethernet cfm remote-mep static Show remote static MEP
[ level md-level ] configurations.
10 Raisecom#show ethernet cfm traceroute-cache Show information about routes in
the LinkTrace cache.

223
Raisecom
11.3 Configuring MPLS-TP OAM

Scenario
To extend the application of MPLS-TP technology in Telecom-grade network, the MPLS-TP
network needs to achieve the same service level as the Telecom-grade transport network.
Connectivity Fault Management (CFM) helps the MPLS-TP network to resolve the problem
by providing complete OAM tools.
CFM can provide the following OAM functions for the MPLS-TP network:
 Fault detection (Continuity Check, CC)
 Fault acknowledgement (LoopBack, LB)
 Fault location (LinkTrace, LT)
 Alarm Indication Signal (AIS)
 Client Signal Fail (CSF)
 Lock (LCK)
 Packet Delay and Packet Delay Variation Measurements (DM)
 Frame Loss Measurements (LM)
The principle of MPLS-TP OAM is similar to the one of Ethernet-based OAM. Only the
carrying modes of related packets are different.
To ensure that users can get qualified network services. The Carrier and users sign a Service
Level Agreement (SLA). To effectively fulfil the SLA, the carrier needs to deploy the SLA
feature on the device to measure the network performance and takes the measurement result
as the basis for ensuring the network performance.
SLA selects 2 detection points, configures, and schedules the SLA operation on one detection
point to detect the network performance between the 2 detection points.
The SLA feature counts the round-trio packet loss ratio, round-trip/unidirectional (SD/DS)
delay, jitter, jitter variance, and jitter distribution and reports them to the upper monitoring
software (such as the NView NNM system). And then the upper monitoring software analyses
the network performance to get a data meeting users' requirements.
Prerequisite
 Connect the interface and configure physical parameters of the interface. Make the
physical layer Up.
 Before configuring SLA, deploy CFM between devices that need to detect the network
performance.
11.3.2 Configuring MPLS-TP CFM


224
Raisecom

2 Raisecom(config)#mpls-tp cfm domain level Create a MPLS-TP MD.
level
3 Raisecom(config)#mpls-tp service ma-name Create a service instance and enter service
level ma-level instance configuration mode.
4 Raisecom(config-service)#service vc-id Associate the service instance to the VC ID.
vc-id destination ip-address [ ttl ttl ]
5 Raisecom(config-service)#service lsp Associate the service instance to the specified
{ bidirection lsp-name | ingress lsp-in ingress, egress, and bidirectional LSP.
egress lsp-out }
6 Raisecom(config-service)#service lsp Create a service instance that based on the
transit bidirection lsp-name lsrid lsr-id subnet connection.
ttl ttl
Raisecom(config-service)#service lsp
transit forward lsp-in backward lsp-out
ttl ttl
7 Raisecom(config-service)#service mep [ up Create a MEP that is based on the service
| down ] mpid mep-id instance.
8 Raisecom(config-service)#service pw Associate the service instance to the subnet
transit forward vc-id vc-id destination connection PW.
ip-address backward vc-id vc-id
destination ip-address
9 Raisecom(config-service)#service section Associate the service instance to the Section
{ dest-mac mac-address | interface-type and configure the Section-layer CC destination
interface-number } MAC address.
10 Raisecom(config-service)#service Enable MEP fault inhibition.
suppress-alarms enable mep { all | mep-
list }
12 Raisecom(config-service)#service priority Configure the priority of the CFM packet.
priority
14 Raisecom(config-service)#service remote- Create a static remote MEP.
mep mep-list [ interface-type interface-
number ]
15 Raisecom(config-service)#service lm- Enable LM response.
response enable
Before enabling CFM packet delivery, configure the association relationship between
the service instance and the static L2VC.
11.3.3 Configuring MPLS-TP fault detection


225
Raisecom

2 Raisecom(config)#mpls-tp cfm remote mep (Optional) configure the aging time of remote
age-time minutes MEPs.
3 Raisecom(config)#mpls-tp cfm errors (Optional) configure the archive-hold time of
archive-hold-time minutes error CCMs.
When the new archive-hold time is configured,
the system will check data in the database and
will clear data whose archive-hold time
expires.
4 Raisecom(config)#mpls-tp service ma-name Enter service instance configuration mode.
level ma-level
5 Raisecom(config-service)#service cc Enable MEP to send CC packets.
enable mep { mep-list | all }
By default, the MEP does not send CC
packets.
6 Raisecom(config-service)#service cc (Optional) configure the interval for sending
interval { 3ms | 10ms | 100ms | 1 | 10 | service instance CC packets.
60 | 600 }
If CC packet delivery is enabled, the
configuration does not take effect.
7 Raisecom(config-service)#service remote- Configure remote MEP learning to add
mep learning active dynamically-learned remote MEPs to the static
remote MEP list.
11.3.4 Configuring MPLS-TP fault acknowledgement

2 Raisecom(config)#mpls-tp service ma-name Enter service instance configuration mode.
level ma-level
3 Raisecom(config-service)#ping { ingress | Perform MPLS-TP Ping for
egress } ttl ttl [ count count-number ] acknowledging faults.
[ size size ] [ source mep-id ] [ timeout
time ] [ padding { null | null-crc | prbs | By default, 5 LBMs are sent. The TLV
prbs-crc } ] length of a packet is configured to 64. The
Raisecom(config-service)#ping mep mep-id
RAX711-R automatically looks for an
[ ttl ttl ] [ count count-number ] [ size
available source MEP.
size ] [ source mep-id ] [ timeout time ]
crc } ]

226
Raisecom

Raisecom(config-service)#ping mip icc icc-
code code-id [ interface-num interface-
number ] ttl ttl [ count count-number ]
[ size size ] [ source mep-id ] [ timeout
time ] [ padding { null | null-crc | prbs |
prbs-crc } ]
 If no MEP is configured for the service instance, the Ping operation will fails
because no source MEP is found.
 The Ping operation will fail if the specified source MEP is invalid. For example,
the specified source MEP does not exist or CFM is disabled on the interface
where the specified source MEP is.
 The Ping operation will fail if another user is using the specified source MEP to
initiate the Ping operation.
11.3.5 Configuring MPLS-TP fault location

2 Raisecom(config)#mpls-tp service ma-name Enter service instance configuration
level ma-level mode.
3 Raisecom(config-service)#traceroute ttl ttl Perform MPLS-TP Traceroute for
[ interface-mode ] [ timeout time ] locating faults.
Raisecom(config-service)#traceroute mep mep-
id [ ttl ttl ] [ source mep-id ] [ interface-
mode ] [ timeout time ]
Raisecom(config-service)#traceroute mip icc
icc-code code-id [ ttl ttl ] [ interface-num
interface-number ] [ timeout time ]
 If no MEP is configured for the service instance, the Traceroute operation will
fails because no source MEP is found.
 The Traceroute operation will fail if the specified source MEP is invalid. For
example, the specified source MEP does not exist or CFM is disabled on the
interface where the specified source MEP is.
 The Traceroute operation will fail if another user is using the specified source
MEP to initiate the Traceroute operation.

227
Raisecom
11.3.6 Configuring MPLS-TP AIS

2 Raisecom(config)#mpls-tp service ma- Enter service instance configuration mode.
name level ma-level
3 Raisecom(config-service)#service ais Configure the level of the client-layer MD, to
{ level md-level [ vlan vlan-id ] | which the AIS is sent and the AIS delivery
period { 1 | 60 } } period.
 Specify the VLAN only when you configure the
AIS Level in PW service instance.
 When the service instance is configured with
PW OAM and the specified Level is configured

with Ethernet OAM, you need to specify the
VLAN when executing this command. In
addition, the specified VLAN is the primary
VLAN of Ethernet OAM.
By default, the AIS delivery period is configured
to 1s.
4 Raisecom(config-service)#service ais Enable AIS delivery.
enable
By default, AIS delivery is disabled.
5 Raisecom(config-service)#service Enable alarm inhibition.
suppress-alarms enable mep { mep-list | By default, alarm inhibition is enabled.
all }
11.3.7 Configuring MPLS-TP CSF

2 Raisecom(config)#mpls-tp service Enter service instance configuration mode.
ma-name level ma-level
3 Raisecom(config-service)#service Enable CSF packet delivery. It is available for PW
csf enable mpid mep-id OAM only.
By default, CSF packet delivery is disabled.
4 Raisecom(config-service)#service Configure the CSF packet delivery period. It is
csf period { 1 | 60 } available for PW OAM only.
By default, the CSF packet delivery period is
configured to 1s.
5 Raisecom(config-service)#service Enable CSF Trap. It is available for PW OAM only.
csf trap enable
By default, CSF Trap is disabled.

228
Raisecom
11.3.8 Configuring fault relay based on MPLS-TP OAM and BFD

alarm association
By configuring the alarm association between MPLS-TP OAM and BFD, the fault at the AC
end can be switched to the PW end and vice versa, thus triggering the protection switching,
that is to switch the traffic on the master link to the slave link. If AC does not support MPLS-
TP OAM and BFD, the fault at the PW end can be switched to the CE under the condition that
the interface in the PE is Down, thus triggering the master/slave switching.
MS-PW fault association is also supported in the PTN-IPRAN networking. The fault at the
PTN end can be switched to the IPRAN end and vice versa.
By default, the fault relay based on MPLS-TP OAM and BFD alarm association is enabled.

3 Raisecom(config-port)#mode l2 Configure the VPN mode on Layer 3 interface to be
L2VPN.
By default, the VPN mode on Layer 3 is L3VPN.
4 Raisecom(config-port)#l2vpn fault-action (Optional) when the MPLS-TP OAM and BFD are not
if-down supported at AC end, you can use this command to
configure the fault relay when the interface is Down.
The configuration only takes effect on the physical
interface.
Raisecom(config-port)#exit Exit interface configuration mode.
5 Raisecom(config)#mpls switch-l2vc Configure fault relay based on MPLS-TP OAM and

ip-address vc-id fault-relay BFD alarm association in the MS-PW.

1 Raisecom(config-service)#show cfm mip Show CFM global configurations.
2 Raisecom(config)#show mpls-tp cfm Show MPLS-TP CFM global configurations.
3 Raisecom(config)#show mpls-tp cfm ais Show MPLS-TP AIS information.
[ level md-level ] [ source ]
4 Raisecom(config)#show mpls-tp cfm domain Show MD configurations.
[ level md-level ]
5 Raisecom(config)#show mpls-tp cfm errors Show error CCMs.
[ level md-level ]
6 Raisecom(config)#show mpls-tp cfm local- Show local MEP configurations.
mp [ level md-level ]

229
Raisecom

7 Raisecom(config)#show mpls-tp cfm Show remote MEP configurations.
remote-mep [ level md-level [ service
csi-id [ mpid mep-id ] ] ]
8 Raisecom(config)#show mpls-tp cfm Show static remote MEP configurations.
remote-mep static [ level md-level ]
9 Raisecom(config)#show mpls-tp cfm Show alarm inhibition configurations.
suppress-alarms [ level md-level ]
10 Raisecom(config)#show mpls-tp cfm lck Show MPLS-TP LCK configurations.
[ level md-level ] [ source ]
11.4 Configuring BFD

Scenario
To reduce effect of faults on the device and improve network availability, the RAX711-R
needs to detect communication faults with adjacent devices. Therefore, it can take actions
immediately to ensure service being transmitted properly.
BFD is one-way detection. Therefore, it must be enabled on the local end and peer end
together. Otherwise, BFD fails.
Prerequisite
Configure an IP address for the device to be tested and ensure all routes among devices are
reachable.
11.4.2 Configuring BFD for IP
Creating BFD for IP sessions

When creating a BFD binding:
 If only the peer IP address is specified, it indicates that the multi-hop route is detected.
 If both the local interface and the peer IP address are specified at the same time, a single-
hop link is detected, which means a fixed route with the interface as the outbound
interface and peer-ip as the next hop address will be detected.
2 Raisecom(config)#bfd session-id bind peer-ip Create BFD session detection multi-hop
ip-address source-ip ip-address route and enter BFD session mode.
You must configure a source IP address.

230
Raisecom

3 Raisecom(config)#bfd session-id bind peer-ip Create a BFD session detection single-hop
default-ip interface interface-type route, bind it to a Layer 2 physical
interface-number interface or Layer 2 link aggregation
interface, enter BFD session mode.
4 Raisecom(config)#bfd session-id bind peer-ip Create a static BFD session detection
ip-address interface interface-type single-hop route, bind it to a Layer 3
interface-number [ source-ip ip-address ] physical interface, sub-interface, VLAN
interface or Layer 3 link aggregation
interface, and enter BFD session mode.
Configuring BFD session parameters

2 Raisecom(config)#bfd session-id Enter BFD session mode.
You cannot use this command to enter

BFD session mode unless you create the
BFD and bind the related path.
3 Raisecom(config-bfd- Configure descriptions of the BFD session.
session)#description description
4 Raisecom(config-bfd-session)#local (Optional) configure the local identifier of the
discriminator value BFD session.
By default, the local identifier is displayed as 0,
which indicates that no local identifier is
configured.
This parameter is only for static BFD. If not

configured, it will be generated
automatically.
5 Raisecom(config-bfd-session)#min send- Configure the minimum delivery interval of the
interval interval BFD session. By default, it is configured to 10ms.
6 Raisecom(config-bfd-session)#min Configure the minimum receiving interval of the
receive-interval interval BFD session. By default, it is configured to 10ms.
7 Raisecom(config-bfd-session)#detect- Configure the local detection times of the BFD
multiplier multiplier session. By default, it is configured to 3 times.

231
Raisecom

8 Raisecom(config-bfd-session)#remote (Optional) configure the remote identifier of the
discriminator value BFD session.
By default, the remote identifier is displayed as 0,
which indicates that no remote identifier is
configured.
This parameter is only for static BFD. If not

configured, it will be generated
automatically.
9 Raisecom(config-bfd-session)#session Enable BFD session.
enable
10 Raisecom(config-bfd-session)#wtr wtr Configure the WTR.
BFD sessions are unidirectional. When

using the WTR timer, you need to
configure both ends of the link with the
same WTR. Otherwise, if one end of the
session state changes, the other end of the
BFD session state will be inconsistent with
it.
11.4.3 Configuring BFD for PW
Create a BFD for PW session

After completing PW-related configurations, you can configure PW-based BFD. The
following configuration steps are for creating dynamic or half-dynamic BFD for PWs.

2 Raisecom(config)#bfd session-id bind pw vc-id Create a BFD PW and enter BFD
peer-address [ pw-ttl ttl ] session configuration mode.

For the configuration process, refer to Configuring BFD session parameters in section 11.4.2
Configuring BFD for IP.

232
Raisecom
Configure dynamic BFD for PW

3 Raisecom(config-port)#mode l2 Enter L2VPN configuration mode.
4 Raisecom(config-port)#mpls l2vpn pw bfd [ min- Configure PW-based dynamic BFD.
tx-interval tx-interval ] [ min-rx-interval
rx-interval ] [ detect-multiplier multiplier ]
[ backup ]
11.4.4 Configuring BFD for VRF
Create a BFD for VRF

2 Raisecom(config)#bfd session-id bind peer-ip Create a BFD VRF and enter BFD session
ip-address vrf-name vrf-name [ interface mode.
interface-type interface-number ] [ source-
ip ip-address ]

11.4.5 Configuring BFD for LDP

2 Raisecom(config)#bfd session-id bind ldp-lsp Create a BFD LDP LSP link and enter
peer-ip ip-address ip-mask BFD session mode.
3 Raisecom(config)#bfd session-id bind mpls Create a BFD CR-LSP and enter BFD
interface tunnel tunnel-if cr-lsp session mode.

233
Raisecom

4 Raisecom(config)#bfd session-id bind peer-ip Configure a single-hop IP detection which
ip-address interface interface-type should be used together with the BFD
interface-number CR-LSP. Otherwise configurations fail.
When BFD is configured on the peer

device, BFD CR-LSP points to the
local PEER IP address, and the
peer PEER IP address points to the
local CR-LSP.
5 Raisecom(config)#bfd session-id bind mpls Create a BFD Tunnel and enter BFD
interface tunnel tunnel-if session mode.
6 Raisecom(config)#bfd session-id bind pw vc- Create a BFD PW and enter BFD session
id peer-ip [ pw-ttl ttl ] [ type-4 ] mode.
7 Raisecom(config)#bfd trap enable (Optional) enable BFD Trap.
By default, BFD Trap is disabled.


1 Raisecom#show bfd Show BFD global configurations.
2 Raisecom#show bfd session-id config Show configurations about the specified BFD
session.
3 Raisecom#show bfd session-id state Show status about the specified BFD session.
4 Raisecom#show bfd session-id statistics Show statistics about the specified BFD session.
11.5 Configuring SLA

Scenario
To provide users with qualified network services, the carrier signs a SLA with users. To carry
out SLA effectively, the ISP needs to deploy SLA feature on devices to measure the network
234
Raisecom
performance, taking the measured results as an evidence for ensuring the network
performance.
By selecting two detection points (source and destination RAX711-R devices), SLA
configures and schedules SLA operations on a detection point. Therefore, network
performance between these 2 detection points can be detected.
SLA takes statistics on round-trip packet loss ratio, round-trip/unidirectional (SD/DS) delay,
jitter, throughput, and LM packet loss ratio test. In addition, it reports these data to the upper
monitoring software (such as the NView NNM system) to help analyze network performance
for getting an expected result.
When configuring SLA on the RAX711-R, note the following matters:

 Up to 16 operations can be configured and scheduled concurrently.
 Before scheduling a SLA operation, you have to establish the CFM environment.
 Do not modify the scheduling information or re-schedule the SLA operation if the
current scheduling does not stop.
 Up to 20 detections are available for one test and up to 5 pieces of statistics
records are shown.
Prerequisite
 When configuring Layer 2 test operations, you should deploy CFM between local and
remote devices that need to be detected. Layer 2 Ping operation succeeds between local
and remote devices.
 When configuring Layer 3 test operations (icmp-echo and icmp-jitter), Layer 3 Ping
operation succeeds between local and remote devices.
11.5.2 Configuring SLA test operation
Configuring Ethernet Y.1731 test operation

Steps 2–6 are in any sequence. Choose them as required.

2 Raisecom(config)#sla oper-num icmp latency [ vrf Create the Layer 3 SLA delay test
instance-name ] dest-ipaddr ip-address [ dscp dscp- operation.
value ] [ interval period ] [ packets packets-num ]
3 Raisecom(config)#sla oper-num y1731 latency remote- Configure the Y1731-echo delay
mep mep-id level level svlan vlan-id [ cvlan cvlan- test operation based on the
id ] [ cos cos-value ] [ interval interval-num ] destination MEP ID.
[ packets packet-num ] [ size size-value ] [ dm ]
4 Raisecom(config)#sla oper-num y1731 latency remote- Configure the Y1731-echo delay
mac mac-address level level svlan vlan-id [ cvlan test operation based on the
cvlan-id ] [ cos cos-value ] [ interval interval- destination MAC address.
num ] [ packets packet-num ] [ size size-value ]
[ dm ]

235
Raisecom

5 Raisecom(config)#sla oper-num y1731 pkt-loss Configure the Y1731-echo packet
[ slm ] remote-mep mep-id level level svlan vlan-id loss ratio test operation based on
[ cvlan cvlan-id ] [ cos cos-value ] [ interval the destination MEP ID.
interval-num ] [ packets packet-num ]
When you perform packet

loss ratio test operation, we
recommend specifying the
MAC address of the remote
MEP, when you use the
service remote-mep
command to configure it.
6 Raisecom(config)#sla oper-num y1731 pkt-loss Configure the Y1731-echo packet
[ slm ] remote-mac mac-address level level svlan loss ratio test operation based on
vlan-id [ cvlan cvlan-id ] [ cos cos-value ] the destination MAC address.
[ interval interval-num ] [ packets packet-num ]
Configuring Ethernet Y.1731 test operation

Steps 2–8 are in any sequence. Choose them as required.

2 Raisecom(config)#sla oper-num mpls-y1731 latency Configure the MPLS-Y1731 PW
level level vcid vc-id peer-address ip-address delay test operation.
[ interval period ] [ packets packets-num ] [ size
size ] [ tc tc ]
3 Raisecom(config)#sla oper-num mpls-y1731 latency Configure the MPLS-Y1731 LSP
level level lsp-ingress lspingress-name lsp-egress delay test operation.
lspegress-name [ interval period ] [ packets
packets-num ] [ size size ] [ tc tc ]
4 Raisecom(config)#sla oper-num mpls-y1731 latency Configure the MPLS-Y1731
level level section { interface-tpye interface- section delay test operation.
number | port-channel port-channel } [ interval
period ] [ packets packets-num ] [ size size ] [ tc
tc ]
5 Raisecom(config)#sla oper-num mpls-y1731 pkt-loss Configure the MPLS-Y1731 PW
level level vcid vc-id peer-address ip-address packet loss ratio test operation.
[ interval period ] [ packets packets-num ] [ sd ]
[ tc tc ]
6 Raisecom(config)#sla oper-num mpls-y1731 pkt-loss Configure the MPLS-Y1731 LSP
level level lsp-ingress lspingress-name lsp-egress packet loss ratio test operation.
lspegress-name [ interval period ] [ packets
packets-num ] [ sd ] [ tc tc ]

236
Raisecom
7 Raisecom(config)#sla oper-num mpls-y1731 pkt-loss Configure the MPLS-Y1731

level level section { interface-tpye interface- section packet loss ratio test
number | port-channel port-channel } [ interval operation.
period ] [ packets packets-num ] [ sd ] [ tc tc ]
8 Raisecom(config)#sla mpls-y1731-pkt-loss count-all (Optional) enable the function of
enable gathering statistics about MPLS
Y.1731 packet loss operation
packets based on priority.
Configuring MPLS Emulated Ethernet test operation

mode.
2 Raisecom(config)#sla oper-num mpls-y1731-ethpw latency Configure MPLS Y.1731
level level vcid vc-id peer-address ip-address [ cos emulated Ethernet delay
cos ] [ interval period ] [ packets packets-num ] operation.
[ size size ]
3 Raisecom(config)#sla oper-num mpls-y1731-ethpw pkt- Configure MPLS Y.1731
loss level level vcid vc-id peer-address ip-address emulated Ethernet packet loss
[ cos cos ] [ interval period ] [ packets packets- operation.
num ] [ size size ]
 After configuring one operation (differed by operation ID), you cannot modify or
configure it again. You need to delete the operation in advance if you need to
configure it again.
 SLA supports scheduling up to 16 operations at one time. Before you stop
scheduling the same operation, you cannot modify scheduling information or re-
schedule the operation. If you need to reschedule the operation, you need to
finish the scheduling (reach scheduling life time or stop scheduling) before
performing the next scheduling.
 During Ethernet SLA measurement, the operation performs delay and jitter
measurement in hardware mode, when you create the DOWN MEP (specify the
MD name when you configure the MD) and use the DM packet to create the
operation. The delay and jitter measurement accuracy in hardware mode is at a
microsecond level. Other modes are realized in software mode. The delay and
jitter measurement accuracy in software mode is at a millisecond level.
 During MPLS-TP SLA, no MEP direction is distinguished and no MD name
needs to be specified. The operation, created through the DM packet, performs
delay and jitter measurement in hardware mode. The delay and jitter
measurement accuracy in hardware mode is at a microsecond level. The
software mode is unavailable.

237
Raisecom
Scheduling test operation

mode.
2 Raisecom(config)#sla schedule oper-num [ life forever | Schedule SLA operation.
life life-time] [ period period ]
 The operation life period should be no shorter than the interval for executing the
SLA operation.
 The interval for executing the SLA operation shall be no shorter than 20s.
11.5.3 Configuring RFC2544-based test operation

In general, RFC2544-based operation is used to do the following matters:
 Test network performance before initiating services.
 Test network performance once services are interrupted, after service is initiated.
Configuring delay test operation

2 Raisecom(config)#sla oper-num rfc2544 latency Configure RFC2544 delay test
interface interface-tpye interface-number [ eth operation.
dest-mac mac-address ] [ cvlan vlan-id ]
 Ethernet-based test when associating
[ svlan vlan-id ] [ cos cos ] [ pkt-size pkt-
size ] [ rate rate ] [ vcid vc-id peer-address Layer 2 interface
 MPLS-based test when associating
ip-address ]
Raisecom(config)#sla oper-num rfc2544 latency
the sub-interface
interface interface-tpye interface-number ipv4
dest-ip ip-address [ source-ip ip-address ]
[ dest-udp-port port-id ] [ source-udp-port
port-id ] [ tc tc ] [ ttl ttl ] [ pkt-size pkt-
size ] [ rate rate ] [ vcid vc-id peer-address
ip-address ]
Configuring packet loss rate test operation


238
Raisecom

2 Raisecom(config)#sla oper-num rfc2544 pkt-loss Configure RFC2544 packet loss rate
interface interface-tpye interface-number [ eth operation.
dest-mac mac-address ] [ cvlan vlan-id ]
[ svlan vlan-id ] [ pkt-size pkt-size ] [ rate
rate ] [ vcid vc-id peer-address ip-address ] Layer 2 interface
Raisecom(config)#sla oper-num rfc2544 pkt-loss
interface interface-tpye interface-number ipv4
the sub-interface
dest-ip ip-address [ source-ip ip-address ]
[ dest-udp-port port-id ] [ source-udp-port
port-id ] [ tc tc ] [ ttl ttl ] [ pkt-size pkt-
size ] [ rate rate ] [ vcid vc-id peer-address
ip-address ]
Configuring throughput test operation

2 Raisecom(config)#set-rfc2544 throughput Configure the start bandwidth of
bandwidth bandwidth RFC2544 throughput test.
3 Raisecom(config)#sla oper-num rfc2544 Configure RFC2544 throughput
throughput interface interface-tpye interface- operation.
number [ eth dest-mac mac-address ] [ cvlan
vlan-id ] [ svlan vlan-id ] [ pkt-size pkt-
size ] [ threshold threshold ] [ vcid vc-id Layer 2 interface
peer-address ip-address ]
Raisecom(config)#sla oper-num rfc2544
the sub-interface
throughput interface interface-tpye interface-
number ipv4 dest-ip ip-address [ source-ip ip-
address ] [ dest-udp-port port-id ] [ source-
udp-port port-id ] [ tc tc ] [ ttl ttl ] [ pkt-
size pkt-size ] [ threshold threshold ] [ vcid
vc-id peer-address ip-address ]
Configuring performance test operation

2 Raisecom(config)#sla oper-num rfc2544 Configure RFC2544 performance test
performance interface interface-type interface- operation.
number eth dest-mac mac-address [ cvlan vlan-
id ] [ svlan vlan-id ] [ pkt-size pkt-size ]
bandwidth bandwidth tc tc [ group-id group-id ] Layer 2 interface
[ vcid vc-id peer-address ip-address ]

239
Raisecom

Raisecom(config)#sla oper-num rfc2544  MPLS-based test when associating
performance interface interface-type interface- the sub-interface
number ipv4 dest-ip ip-address [ source-ip ip-
address ] [ dest-udp-port port-id ] [ source-
udp-port port-id ] [ ttl ttl ] [ pkt-size pkt-
size ] bandwidth bandwidth tc tc [ group-id
group-id ] [ vcid vc-id peer-address ip-
address ]

mode.
2 Raisecom(config)#sla schedule oper-num [ life forever | Schedule the SLA operation.
life life-time] [ period period ]
3 Raisecom(config)#sla schedule group-id group-id life Configure SLA RFC2544
[ forever | life-time ] ] { throughput | performance | performance test operation.
rfc2544 }
11.5.4 Configuring Y.1564-based test operation
Configuring throughput test operation

2 Raisecom(config)#sla oper-num y1564 throughput Configure Y.1564 Layer 2 throughput
{ interface | nni-interface } interface-type test operation.
interface-number eth dest-mac mac-address
[ cvlan vlan-id [ tpid tpid ] [ cos cos ] [ cfi
cfi ] ] [ svlan vlan-id [ tpid tpid ] [ cos
cos ] [ cfi cfi ] ] [ pkt-size { random |
increase | pkt-size } ] [ frame-pattern { null
| prbs } ] [ cir cir cbs cbs ] [ eir eir ebs
ebs ] [ mode [ { cir [ step step ] | eir |
overload } ] [ group-id group-id ] [ vcid vc-
id ] [ peer-address ip-address ]

240
Raisecom

3 Raisecom(config)#sla oper-num y1564 throughput Configure Y.1564 Layer 3 throughput
interface-number ipv4 dest-ip ip-address
source-ip ip-address [ dest-udp-port udp-port ]
[ source-udp-port udp-port ] [ tc tc ] [ svlan
svlan-id ] [ nexthop-ip ip-address ] [ smac
mac-address ] [ ttl ttl ] [ pkt-size { random |
| prbs } ] [ cir cir cbs cbs ] [ eir eir ebs
ebs ] [ mode [ { cir [ step step ] | eir |
overload } ] [ group-id group-id ] [ vcid vc-
id ] [ peer-address ip-address ]
Configuring performance test operation

2 Raisecom(config)#sla oper-num y1564 performance Configure Y.1564 Layer 2 performance
interface-number eth dest-mac mac-address
[ cvlan vlan-id [ tpid tpid ] [ cos cos ] [ cfi
cfi ] ] [ svlan vlan-id [ tpid tpid ] [ cos
cos ] [ cfi cfi ] ] [ pkt-size { random |
| prbs } ] bandwidth bandwidth tc tc [ group-id
group-id ] [ vcid vc-id ] [ peer-address ip-
address ]
3 Raisecom(config)#sla oper-num y1564 performance Configure Y.1564 Layer 3 performance
interface-number ipv4 dest-ip ip-address
source-ip ip-address [ dest-udp-port port-id ]
[ source-udp-port port-id ] [ svlan svlan-id ]
[ nexthop-ip ip-address ] [ smac mac-address ]
[ ttl ttl ] [ pkt-size { random | increase |
pkt-size } ] [ frame-pattern { null | prbs } ]
bandwidth bandwidth tc tc [ group-id group-id ]
[ vcid vc-id ] [ peer-address ip-address ]

2 Raisecom(config)#sla schedule oper-num [ life Schedule SLA operation and execute
forever | life life-time] [ period period ] the operation of the specified operation
ID.

241
Raisecom

3 Raisecom(config)#sla schedule group-id group-id Schedule SLA Y1564 performance test
life life-time based on group, which can execute
operations within the group
concurrently.
 The operation lifetime should not be shorter than the interval for scheduling the
SLA operation.
 The interval for scheduling the SLA operation should not be shorter than 20s.

1 Raisecom#show sla { all | oper-num } Show configurations about SLA operations.
configuration
2 Raisecom#show sla { all | oper-num } Show the last test information about an
result operation.
3 Raisecom#show sla { all | oper-num } Show operation scheduling statistics.
statistic
4 Raisecom#show sla group-id group-id Show configurations of the RFC2544
configuration { throughput | performance performance test.
| rfc2544 }
5 Raisecom#show sla group-id group-id Show test results of the RFC2544 performance
result { throughput | performance | test operation.
rfc2544 }
11.6 Configuring link quality alarm

Scenario
By enabling link quality alarm, you can test the transmission error code rate on the interface.
When the error code rate reaches the preconfigured threshold, link status alarm will be
triggered, thus through link quality can be monitored.
Prerequisite
N/A
11.6.2 Configuring link detection

Link quality detection is based on interface. However, it does not support LAG interface.
242
Raisecom

interface-number
3 Raisecom(config-port)#link-quality low bit- Configure the error code rate threshold for
error-threshold error-ratio bit-error- triggering link quality alarm and the error
confficient bit-error-power resume-ratio code rate threshold for recovering the link
bit-error-confficient bit-error-power quality.
4 Raisecom(config-port)#bit-error test enable Configure the link quality detection
[ interval interval-value ] [ window window- algorithm and enable detection.
value ] [ period period-value ]

1 Raisecom#show bit-error-config interface-type Show configurations of link
interface-number quality detection.
2 Raisecom#show bit-error-test result interface-type Show results of link quality
interface-number detection.
11.7 Maintenance
Command Description
Raisecom(config)#clear oam config Clear OAM configurations.
Raisecom(config-port)#clear oam event Clear OAM event statistics.

Raisecom(config-port)#clear oam statistics Clear OAM statistics.
Raisecom(config)#clear { ais | lck | csf | ccm } Clear AIS, LCK, CSF, and CCM
packet statistic statistics.
Raisecom(config)#clear ethernet cfm errors [ level Clear error CCM records.
md-level ]
Raisecom(config)#clear ethernet cfm remote-mep Clear information about discovered
[ level md-level ] remote MEPs.
Raisecom(config)#clear ethernet cfm suppress-alarm Clear alarm inhibition information

source about MEPs.
Raisecom(config)#clear ethernet cfm traceroute-cache Clear LinkTrace cache configurations.

Raisecom(config)#clear bfd session-id statistics Clear statistics about specified BFD
sessions.

243
Raisecom
Command Description
Raisecom(config)#clear mpls-tp cfm errors [ level md- Clear MPLS-TP error CCM records.
level ]
Raisecom(config)#clear mpls-tp cfm remote-mep [ level Clear configurations about MPLS-TP
md-level ] discovered remote MEPs.
Raisecom(config)#clear cfm suppress-alarm source Clear alarm inhibition information
about MPLS-TP MEPs.
Raisecom(config)#clear mpls-tp cfm suppress-alarm Clear source information about
source inhibited MPLS-TP AIS/LCK alarms.
Raisecom(config)#clear { ais | lck | csf | ccm } Clear MPLS-TP AIS, LCK, CSF, and
packet statistic CCM statistics.

11.8.1 Examples for configuring BFD for IP single-hop detection
As shown in Figure 11-1, sub-interface Gigaethernet 1/5/1.10 on iTN A and sub-interface
Gigaethernet 1/5/1 on iTNB are directly connected through Switch E and Switch F which are
for emulating fault nodes and detecting BFD alarm. Configure BFD for IP single-hop
detection on the iTN A and iTN B.
Figure 11-1 BFD for IP single-hop detection
Configuration steps
When configuring the BFD session ID, configure the local end and remote end with
the same ID.
Step 1 Configure the sub-interface to encapsulate the VLAN and IP address. Then iTN A and iTN B
can ping through each other.
iTN A

244
Raisecom
iTNA#config
iTNA(config-gigaethernet 1/5/1.10)#encapsulation dot1Q 10
iTNA(config-gigaethernet 1/5/1.10)#ip address 1.1.1.1
iTNA(config-gigaethernet 1/5/1.10)#exit
iTN B
iTNB#config
iTNB(config-gigaethernet 1/5/1.10)#encapsulation dot1Q 10
iTNB(config-gigaethernet 1/5/1.10)#ip address 1.1.1.2
iTNB(config-gigaethernet 1/5/1.10)#exit
Step 2 Configure BFD for IP single-hop detection without configuring the default value of the
parameter.
iTN A
iTNA(config)#bfd 1 bind peer-ip 1.1.1.2 interface gigaethernet 1/5/1.10

iTNA(config-bfd-session)#local discriminator 30
iTNA(config-bfd-session)#remote discriminator 40
iTNA(config-bfd-session)#session enable
iTNA(config-bfd-session)#exit
iTN B
iTNB(config)#bfd 1 bind peer-ip 1.1.1.1 interface gigaethernet 1/5/1.10

iTNB(config-bfd-session)#local discriminator 40
iTNB(config-bfd-session)#remote discriminator 30
iTNB(config-bfd-session)#session enable
iTNB(config-bfd-session)#exit
Checking results
 After configuring the IP address of the sub-interface, use the show ip route command to
show the route learning status.
iTNA#show ip route
Routing Tables: Default-IP-Routing-Table
-------------------------------------------------------------------------
Flag: C - connected, S - static, R - RIP, B - BGP, O - OSPF, I - IS-IS
P - Protocol, s - States, > - selected , * - active, Dis - Distance

245
Raisecom
P&s Destination/Mask Dis/Metric NextHop Age Interface
C>* 1.1.1.0/24 0/0 1.1.1.2 1d05h48m GE1/5/1.10

C>* 172.16.67.132/32 0/0 127.0.0.1 1d05h48m lo0
S>* 172.16.68.0/24 1/0 172.16.67.1 1d05h48m FE1/0/1
S>* 172.16.70.0/24 1/0 172.16.67.1 1d05h48m FE1/0/1
 After configuring BFD for sub-interface, use the show bfd config command to show
BFD configurations.
iTNA#show bfd config

Session Id: 1
Configuration Type: static
Session Description: --
Session Bind Type: single-hop
Interface: gigaethernet1/5/8.10
Peer Ip Address: 1.1.1.2
Source Ip Address: 1.1.1.1
Ldp Lsp: 0.0.0.0, 0.0.0.0
Tunnelif: --
Pw Id: 0/--
Pw TTL: 0
Pw Type: 1
Session Mode: AsyncWithOutEcho
Bind Application: --
Local Discriminator: 30
Remote Discriminator: 40
Min Send Interval(ms): 10
Min Receive Interval(ms): 10
Detection Multiplier: 3
Session Wtr(s): 0
Role State: Active
Enable State: Enable
 Disconnect the link between Switch E and Switch F to create a fault. Use the show bfd
state command to show BFD status.
iTNA#show bfd state

SessionId State co-Tx-Interval(ms) co-Rx-Interval(ms) co-Detect-
Interval(ms)
---------------------------------------------------------------
1 AdminUP 1000 1000 --

246
Raisecom
11.8.2 Examples for configuring BFD for PW detection
Network requirements
As shown in Figure 11-2, iTN A and iTN B access user services through their respective GE
1/2/1.10 interfaces. User services are transmitted to the peer through the PW links deployed
on iTN devices. To detect the connectivity of PW links between iTN devices, enable BFD for
PW on iTN A and iTN B to detect the status of the PW link. Once a fault is detected, an alarm
will be reported.
Figure 11-2 Configuring BFD for PW detection
 Configure the IP address of the device interface.
 Configure basic MPLS functions, such as LSP and PW.
 Configure BFD for PW detection.
Data preparation
Table 11-1 lists data needed for BFD for PW detection.
Table 11-1 Data needed for BFD for PW detection

iTN A 1.1.1.1 gigaethernet 1/1/1.10 10.10.10.1/24
gigaethernet 1/2/1.10 20.10.10.1/24
Loopback 2 1.1.1.1/32
iTN B 2.2.2.2 gigaethernet 1/1/1.10 10.10.10.2/24
gigaethernet 1/2/1.10 30.10.10.1/24
Loopback 2 2.2.2.2/32

247
Raisecom
Configuration steps
Step 1 Configure the IP address of the device interface. Take iTN A for example. Configuration
steps for iTN B are similar.
iTN A
iTNA#config
iTNA(config)#interface Loopback 2
iTNA(config-Loopback2)#ip address 1.1.1.1 255.255.255.255
iTNA(config-Loopback2)#interface gigaethernet 1/1/1.10
iTNA(config-gigaethernet1/1/1.10)#encapsulation dot1Q 10
iTNA(config-gigaethernet1/1/1.10)#ip address 10.10.10.1 255.255.255.0
iTNA(config-gigaethernet1/1/1.10)#interface gigaethernet 1/2/1.10
iTNA(config-gigaethernet1/2/1.10)#ip address 20.10.10.1 255.255.255.0
iTNA(config-gigaethernet1/2/1.10)#exit
Step 2 Configure MPLS basic functions, LSP, and PW.

iTN A
iTNA(config)#mpls lsr-id 1.1.1.1

iTNA(config)#mpls enable
iTNA(config)#interface tunnel 1/1/1
iTNA(config-tunnel1/1/1)#destination 2.2.2.2
iTNA(config-tunnel1/1/1)#mpls tunnel-id 1
iTNA(config-tunnel1/1/1)#mpls te commit
iTNA(config-tunnel1/1/1)#exit
iTNA(config)#mpls bidirectional static-lsp ingress lspAB lsr-id 2.2.2.2
tunnel-id 1
iTNA(config-ingress-lsp)#forward 2.2.2.2 255.255.255.255 nexthop
10.10.10.2 gigaethernet 1/1/1.10 out-label 10
iTNA(config-ingress-lsp)#backward in-label 20
iTNA(config-ingress-lsp)#exit
iTNA(config-gigaethernet1/2/1.10)#mode l2
iTNA(config-gigaethernet1/2/1.10)#mpls static-l2vc destination 2.2.2.2
tagged vc-id 1 in-label 101 out-label 101 tunnel 1/1/1 mtu 9600
iTN B
iTNB(config)#mpls lsr-id 2.2.2.2

iTNB(config)#mpls enable
iTNB(config)#interface tunnel 1/1/1
iTNB(config-tunnel1/1/1)#destination 1.1.1.1
iTNB(config-tunnel1/1/1)#mpls tunnel-id 1

248
Raisecom
iTNB(config-tunnel1/1/1)#mpls te commit
iTNB(config-tunnel1/1/1)#exit
iTNB(config)#mpls bidirectional static-lsp ingress lspAB lsr-id 1.1.1.1
tunnel-id 1
iTNB(config-ingress-lsp)#forward 1.1.1.1 255.255.255.255 nexthop
10.10.10.1 gigaethernet 1/1/1.10 out-label 20
iTNB(config-ingress-lsp)#backward in-label 10
iTNB(config-ingress-lsp)#exit
iTNB(config-gigaethernet1/2/1.10)#encapsulation dot1Q 10
iTNB(config-gigaethernet1/2/1.10)#mode l2
iTNB(config-gigaethernet1/2/1.10)#mpls static-l2vc destination 1.1.1.1
iTNB(config-gigaethernet1/2/1.10)#exit
Step 3 Configure dynamic BFD for PW detection.

iTN A

iTNA(config-gigaethernet1/2/1.10)#mpls l2vpn pw bfd
iTN B

iTNB(config-gigaethernet1/2/1.10)#mpls l2vpn pw bfd
Checking results
After completing configurations, use the show bfd config command to check the
configuration results.
11.8.3 Examples for configuring Y.1564 test
As shown in Figure 11-3, configure the Y.1564 test type on the iTN A device, create test
services and configure the test packet attributes to implement configuration test and
performance test on the target network. Configure loopback on the iTN B device to loop the
data flow to iTN A for analysis. The AC-side interface of the iTN A is GE 1/2/1.10, and the
AC-side interface of the iTN B is GE 1/2/1.10, which are used to access user services.
Configure Tunnel and PW on iTN A and iTN B respectively to carry user services for
transmission over the IP RAN network.

249
Raisecom
Figure 11-3 Y.1564 test
 Configure basic MPLS functions, such as LSP, tunnel, and PW on iTN A and iTN B.
 Configure the Y.1564 test operation on iTN A.
 Configure loopback on iTN B.
 Schedule the Y.1564 test operation.
Data preparation
Table 11-2 lists data needed for Y.1564 test.
Table 11-2 Data needed for Y.1564 test

iTN A 1.1.1.1 gigaethernet 1/1/1.10 10.10.10.1/24
loopback 2 1.1.1.1/32
iTN B 2.2.2.2 gigaethernet 1/1/1.10 10.10.10.2/24
loopback 2 2.2.2.2/32
Configuration steps
Step 1 Refer to Table 11-2. Configure the IP addresses of interfaces on iTN A and iTN B.
For details, refer to section 6.1 Configuring interface IP address.
Step 2 Configure OSPF routing.
iTN A
iTNA(config)#router ospf 1 router-id 1.1.1.1

iTN B
iTNB(config)#router ospf 1 router-id 2.2.2.2

250
Raisecom
Step 3 Configure basic MPLS functions on iTN A and iTN B, such as LSP and PW.
iTN A
iTNA(config)#mpls lsr-id 1.1.1.1

iTNA(config)#mpls enable
iTNA(config)#interface tunnel 1/1/1
iTNA(config-tunnel1/1/1)#destination 2.2.2.2
iTNA(config-tunnel1/1/1)#mpls tunnel-id 1
iTNA(config-tunnel1/1/1)#mpls te commit
iTNA(config-tunnel1/1/1)#exit
iTNA(config)#mpls bidirectional static-lsp ingress lspAB lsr-id 2.2.2.2
tunnel-id 1
iTNA(config-ingress-lsp)#forward 2.2.2.2 255.255.255.255 nexthop
10.10.10.2 out-label 10
iTNA(config-ingress-lsp)#backward in-label 20
iTNA(config-ingress-lsp)#exit
iTNA(config-gigaethernet1/2/1.10)#mode l2
iTNA(config-gigaethernet1/2/1.10)#mpls static-l2vc destination 2.2.2.2
iTN B
iTNB(config)#mpls lsr-id 2.2.2.2

iTNB(config)#mpls enable
iTNB(config)#interface tunnel 1/1/1
iTNB(config-tunnel1/1/1)#destination 1.1.1.1
iTNB(config-tunnel1/1/1)#mpls tunnel-id 1
iTNB(config-tunnel1/1/1)#mpls te commit
iTNB(config-tunnel1/1/1)#exit
iTNB(config)#mpls bidirectional static-lsp egress lspAB lsr-id 1.1.1.1
tunnel-id 1
iTNB(config-ingress-lsp)#forward out-label 20
iTNB(config-ingress-lsp)#backward 1.1.1.1 255.255.255.255 nexthop
10.10.10.1 in-label 10
iTNB(config-ingress-lsp)#exit
iTNB(config-gigaethernet1/2/1.10)#encapsulation dot1Q 10
iTNB(config-gigaethernet1/2/1.10)#mode l2
iTNB(config-gigaethernet1/2/1.10)#mpls static-l2vc destination 1.1.1.1
Step 4 Configure Y.1564 test operation on iTN A.

251
Raisecom
iTNA(config)#sla 1 y1564 performance interface gigaethernet 1/2/1.10 ipv4

dest-ip 2.2.2.2 source-ip 1.1.1.1 pkt-size 1024 bandwidth 500000 tc 0
group-id 1
/*configure a performance test operation which is based on AC-side
interface.*/
iTNA(config)#sla 2 y1564 throughput interface gigaethernet 1/2/1.10 ipv4
dest-ip 2.2.2.2 source-ip 1.1.1.1 pkt-size 1518 mode cir step 1
/*configure a throughput test operation which is based on AC-side
interface.*/
Step 5 Configure internal loopback on the AC-side interface (PW service extraction interface) on
iTNB, looping data flow back to iTN A.

iTNB(config-gigaethernet1/2/1.10)#loopback internal
Step 6 Schedule Y.1564 test operation on iTN A.
iTNA(config)#sla schedule group-id 1 life 5 performance

iTNA(config)#sla schedule 2 period 60
Checking results
 After completing Step 1, use the show mpls bidirection static-lsp command to show
LSP configuration results.
iTNA(config)#show mpls bidirectional static-lsp

LSP-Index: 1
LSP-Name: lspab
LSR-Role: Ingress
LSP-Flag: Working
Tunnel-Id: 1
LSP Status: Up
/*LSP is UP.*/
Forward Destination: 2.2.2.2
Forward In-Label: --
Forward In-Interface: --
Forward Out-Interface: gigaethernet1/1/1.10
Forward Next-Hop: 10.10.10.2
Forward Next-Mac: --
Forward Vlan-Id: --
Forward XcIndex: 1

252
Raisecom
Forward Exp2LocalPriMap: Default

Forward LocalPri2ExpMap: Default
Backward Out-Label: --
Backward Out-Interface: --
Backward Next-Mac: --
Backward XcIndex: 2
Backward Exp2LocalPriMap: Default
Backward LocalPri2ExpMap: Default
 After completing Step 1, use the show mpls l2vc command to show PW configuration
results.
iTNA(config)#show mpls l2vc

Pw index : 1
Vc id : 1
Encapsulation type : tagged
Ac fault relay action : relay
Tunnel policy : --
/*AC is UP.*/
Pw state : up(bfd<L0,R0>:up, cc:up, sd:up, cd:up)
/*PW is UP.*/
Vc state : up
/*VC is UP.*/
Vc signal : manual
Local cw : enable
Local vc mtu : 9600
Remote vc mtu : --
Tpid : 0x8100
Svlan : --
Pw role : PrimaryPw
Pw QosMode : --
Pw Weight : --
Pw Flow Queue : --

253
Raisecom
Pw DsMode : Uniform
Create time : 1972-06-22,09:02:04
Last change time : 1972-06-22,09:02:04
----------------------------------------
Total l2vc : 1 1 up 0 down
/*L2VC is UP, which means that it is normal.*/
 Use the ping mpls vc-id destination command to check whether PW path is well
connected.
iTNA#ping mpls vc-id 1 destination 2.2.2.2

Sending 5, 200-byte MPLS Echoes to 2.2.2.2,VC ID is 1, timeout is 3
seconds,send interval is 1 seconds,
Press CTRL + C to abort:
---- PING Statistics----
5 packets transmitted,5 packets received,
Success rate is 100 percent(5/5),
round-trip (ms) min/avg/max = 0/0/0
 After configurations are complete, you can use the show sla group-id configuration
command to check configuration results of performance test.
iTNA#show sla group-id 1 configuration performance

------------------------------------------------------------------------
Operation <1>:
Type: Y1564-PERFORMANCE
Frame type: IPV4
------------------------------------------------------------------------
UNI: gigaethernet1/2/1.10
Destination IP Address: 2.2.2.2
Destination UDP Port : 7
Source IP Address: 1.1.1.1
Source UDP Port : 49184
Service Vlan ID: 0
Nexthop IP Address: 0.0.0.0
TTL Value: 255
Frame Size: 1024
Frame pattern: null
TC: 0
BandWidth(Kbit/s): 500000
Group Id: 1

254
Raisecom
 After configurations are complete, use the show sla configuration command to show
configuration results of throughput test.
iTNA#show sla 2 configuration

------------------------------------------------------------------------
Operation <2>:
Type: Y1564-THROUGHPUT
Frame type: IPV4
------------------------------------------------------------------------
UNI: gigaethernet1/2/1.10
Destination IP Address: 2.2.2.2
Destination UDP Port : 7
Source IP Address: 1.1.1.1
Source UDP Port : 49184
TC: 0
Service Vlan ID: 0
Nexthop IP Address: 0.0.0.0
TTL Value: 255
Frame Size: 1518
Frame pattern: null
Mode: Cir
Cir Step: 1
Group Id: 0
 Use the show sla group-id result command to show performance test results.
iTNA#show sla group-id 1 result performance

------------------------------------------------------------------------
Group<1>:
Performance-Test:
Id: 1
Status: Completed
Min Mean Max
Flr(0.001%): 0 0 0
Ftd(us): 57 58 60
Fdv(us): 0 0 2
Ir(Mbit/s): 500.000 500.000 500.000
Delay range(us): 3
BER(ES): 0
Available(%): 100
Result: PASS
 Use the show sla result command to show throughput test results.
iTNA#show sla 2 result

------------------------------------------------------------------------
Operation <2>:
Schedule Status: Active
Throughput-Test:
Cir Test:

255
Raisecom
Step 1(25%):
Min Mean Max
Flr(0.001%): 0 0 0
Ftd(us): 76 77 89
Fdv(us): 0 0 12
Ir(Mbit/s): 250.000 250.000 250.000
Delay range(us): 13
BER(ES): 0
Available(%): 100
Result: PASS

256
Raisecom
RAX711-R (B) Configuration Guide 12 Network reliability
12 Network reliability
This chapter describes principles and configuration procedures of network reliability, as well
as related configuration examples, including following sections:
 Configuring link aggregation
 Configuring interface backup
 Configuring ELPS
 Configuring ERPS
 Configuring VRRP
 Configure PW redundancy protection
 Configuring MPLS-TP linear protection switching
 Configuring HA hot backup
 Maintenance
12.1 Configuring link aggregation

Scenario
When needing to provide greater bandwidth and reliability for a link between two devices,
you can configure manual or static LACP link aggregation.
Prerequisite
 Configure physical parameters of the interface and make the physical layer Up.
 In a LAG, member interfaces that share loads must be identically configured. Otherwise,
data cannot be forwarded properly. These configurations include QoS, QinQ, VLAN,
interface properties, and MAC address learning.
– QoS: traffic policing, traffic shaping, congestion avoidance, rate limiting, SP queue,
WRR queue scheduling, WFQ queue, interface priority, and interface trust mode.
– QinQ: QinQ status on the interface, added outer VLAN tag, policies for adding outer
VLAN Tags for different inner VLAN IDs.
257
Raisecom
– VLAN: the allowed VLAN, default VLAN, and the link type (Trunk, Hybrid, and
Access) on the interface, and whether VLAN packets carry Tag.
– Interface properties: speed, duplex mode, and link Up/Down status.
– MAC address learning: MAC address learning status and MAC address limit.
12.1.2 Configuring manual link aggregation

2 Raisecom(config)#interface port-channel Enter aggregation group configuration mode.
channel-number
3 Raisecom(config-port-channelif)#mode Set the working mode of the aggregation group to
manual manual link aggregation.
4 Raisecom(config-port-channelif)#{ max- (Optional) configure the maximum/minimum
active | min-active } links value number of active links of the LACP LAG.
threshold
By default, the maximum and minimum numbers
of active links are set to 8 and 1 respectively.
5 Raisecom(config-port-channelif)#load- (Optional) configuring the load-balancing mode
sharing mode { dst-ip | dst-mac | label of the LAG. By default, load sharing mode is
| src-dst-ip | src-dst-mac | src-ip | configured to sxordmac, which means selecting
src-mac } the forwarding interface according to OR
operation result of source MAC address and
destination MAC address.
6 Raisecom(config-port-channelif)#exit Return to global configuration mode.
8 Raisecom(config-port)#portswitch Choose any interface mode for configuration.
Raisecom(config-port)#mode l2
9 Raisecom(config-port)#port-channel Add the interface to the link aggregation group.
channel-number
12.1.3 Configuring static LACP link aggregation

2 Raisecom(config)#lacp system-priority (Optional) configure the system LACP priority.
system-priority
The smaller the value is, the higher the system
LACP priority is. The end with a higher system
LACP priority is the active end. LACP selects the
active interface and standby interface based on
configurations on the active end. If the system
LACP priorities are identical, select the one with
a smaller MAC address as the active end.
By default, the system LACP priority is
configured to 32768.

258
Raisecom

3 Raisecom(config)#lacp timeout { fast | (Optional) configure the LACP timeout mode.
slow }
By default, it is configured to slow.
channel-number
lacp static LACP link aggregation.
6 Raisecom(config-port-channelif)#{ max- (Optional) configure the maximum/minimum
active | min-active } links value number of active links of the LACP LAG.
threshold
By default, the maximum and minimum numbers
of active links are set to 8 and 1 respectively.
10 Raisecom(config-port)#port-channel Add the interface to the link aggregation group.
channel-number
11 Raisecom(config-port)#lacp mode (Optional) configure the LACP mode of member
{ active | passive } interfaces. LACP connection fails if both ends of
a link are in passive mode.
By default, the LACP mode is active.
12 Raisecom(config-port)#lacp port- (Optional) configure the interface LACP priority.
priority port-priority The interface LACP priority affects the selection
of LACP default interface. The smaller the
number is, the higher the priority is.
13 Raisecom(config-port)#exit Return to global configuration mode.
 In a static LACP LAG, a member interface can be an active/standby one. Both

the active interface and standby interface can receive and send LACPDU.
However, the standby interface cannot forward user packets.
 The system selects a default interface based on the following conditions in order:
whether the neighbor is discovered, maximum interface speed, highest interface
LACP priority, smallest interface ID. The default interface is in active status.
Interfaces, which have the same speed, peer device, and operation key of the
operation key with the default interface, are in active status. Other interfaces are
in standby status.

259
Raisecom
12.1.4 Configuring manual backup link aggregation

channel-number
manual backup manual backup link aggregation.
4 Raisecom(config-port-channelif)#master- Configure the master interface of link
port interface-type interface-number aggregation.
5 Raisecom(config-port- Configure the revertive mode and delay recovery
channelif)#restore-mode { non-revertive time of the LAG.
| revertive [ restore-delay second ] }
By default, the revertive mode is configured to
non-revertive.
9 Raisecom(config-port)#port-channel Add member interfaces to the LAG.
channel-number
12.1.5 Configuring static LACP backup link aggregation

2 Raisecom(config)#lacp system-priority (Optional) configure the system LACP priority.
system-priority
The smaller the value is, the higher the system
LACP priority is. The end with a higher system
LACP priority is the active end. LACP selects the
active interface and standby interface based on
configurations on the active end. If the system
LACP priorities are identical, select the one with
a smaller MAC address as the active end.
3 Raisecom(config)#lacp timeout { fast | (Optional) configure the LACP timeout mode.
slow }
channel-number
lacp [ backup ] static LACP backup link aggregation.

260
Raisecom

6 Raisecom(config-port-channelif)#master- Configure the master interface of link
port interface-type interface-number aggregation.
7 Raisecom(config-port- Configure the revertive mode and delay recovery
channelif)#restore-mode { non-revertive time of the LAG.
| revertive [ restore-delay second ] }
By default, the revertive mode is configured to
non-revertive.
11 Raisecom(config-port)#port-channel Add interfaces to the LAG.
channel-number
12 Raisecom(config-port)#lacp mode (Optional) configure the LACP mode of member
{ active | passive } interfaces. By default, the LACP mode is
configured to active. LACP connection fails if
both ends of a link are in passive mode.
13 Raisecom(config-port)#lacp port- (Optional) configure the interface LACP priority.
priority port-priority The interface LACP priority affects the selection
of LACP default interface. The smaller the
number is, the higher the priority is.

1 Raisecom#show lacp internal Show local system LACP interface status, identifier, interface
priority, management key, operation key, and interface status
machine.
2 Raisecom#show lacp neighbor Show neighbor LACP information, including identifier,
interface priority, device ID, Age, operation key ID, interface
ID, and interface status machine.
3 Raisecom#show lacp statistics Show interface LACP statistics, including total number of
received LACP packets, number of received and transmitted
Marker packets, number of received and transmitted Marker
Response packets, and number of error packets.
4 Raisecom#show lacp sys-id Show local system LACP global enabling status, device ID,
LACP priority, and MAC address.

261
Raisecom

5 Raisecom#show port-channel Show whether the current system is enabled with link
aggregation, link aggregation load-balancing mode, member
interfaces and currently-active member interfaces in all
current aggregation groups.
Currently active member interfaces refers to

interfaces in UP status in the aggregation group.
12.2 Configuring interface backup

Scenarios
In a dual-uplink networking scenario, you can realize redundancy backup of the
primary/secondary link and fast switching of services through interface backup, thus
improving service reliability.
Prerequisite
N/A
12.2.2 Configuring interface backup group

The RAX711-R supports interface backup based on interface or interface+VLAN. Choose
one from step 3 and step 4. By configuring optional parameters of the command, you can
switch services of the specified VLAN or all services on the interface when faults occur based
on interface backup.

3 Raisecom(config-port)# port (Optional) create a backup interface based on interface
backup port-name port-number for the primary interface. Interface-based interface
[ vlanlist vlanlist primaryvlan backup supports switching or restoring services of the
vlanid ] specified VLAN or all services on the interface.
4 Raisecom(config-port)#port backup (Optional) create a backup interface based on
port-name port-number vlanlist interface+VLAN for the primary interface.
vlanlist separate
5 Raisecom(config-port)#port backup Configure the restoration mode and restoration delay of
restore-mode { non-revertive | interface backup.
revertive [ restore-delay delay-
time ] }
262
Raisecom

6 Raisecom(config-port)#port backup Configure the fault detection mode of interface backup.
fault-detect { cfm | bfd | lldp }

No. Item Description
1 Raisecom#show port backup Show basic information about interface backup.
2 Raisecom#show port backup pb Show information about the interface backup group.
3 Raisecom#show port backup group Show interface status of the interface backup group.
12.3 Configuring ELPS

Scenario
To make the Ethernet reliability up to Telecom-grade (network self-heal time less than 50ms),
you can deploy ELPS at Ethernet. ELPS is used to protect the Ethernet connection. It is an
end-to-end protection technology.
ELPS provides 3 modes to detect a fault.
 Detect faults based on the physical interface status: learning link fault quickly and
switching services immediately, suitable for detecting the fault between neighbor devices.
 Detect faults based on CFM: suitable for multi-device crossing detection.
 Detect faults based on the physical interface and CFM: sending Trap when detecting a
fault on the physical link/CFM.
Prerequisite
 Connect interfaces and configure physical parameters for them. Make the physical layer
Up.
 Create the management VLAN and VLANs of the working and protection interfaces.
 Configure CFM detection between devices (preparing for CFM detection mode).
12.3.2 Creating protection lines


263
Raisecom

2 Raisecom(config)#ethernet line- Create the ELPS protection line and configure the
protection line-id working protection mode.
{ interface-type interface-number |
port-channel channel-number } vlan- The protection group is in non-revertive mode if you
list protection interface-type configure the non-revertive parameter.
interface-number vlan-list one-to-  In revertive mode, when the working line recovers
one [ non-revertive ] [ protocol- from a fault, traffic is switched from the protection
vlan vlan-id ] line to the working line.
 In non-revertive mode, when the working line
recovers from a fault, traffic is not switched from the
protection line to the working line.
3 Raisecom(config)#ethernet line- (Optional) configure a name for the ELPS protection
protection line-id name string line.
4 Raisecom(config)#ethernet line- (Optional) configure the WTR timer. In revertive
protection line-id wtr-timer wtr- mode, when the working line recovers from a fault,
timer traffic is not switched to the working line unless the
WTR timer times out.
By default the WTR time value is configured to 5min.
We recommend that WTR timer configurations

on both ends keep consistent. Otherwise, we
cannot ensure 50ms quick switching.
5 Raisecom(config)#ethernet line- (Optional) configure the HOLDOFF timer. Hold-off
protection line-id hold-off-timer timer configurations on both ends should be
holdoff-timer consistent.
By default, the HOLDOFF timer value is configured
to 0.
If the HOLDOFF timer value is over great, it

may influence 50ms switching performance.
Therefore, we recommend setting the
HOLDOFF timer value to 0.
6 Raisecom(config)#ethernet line- (Optional) enable ELPS Trap.
protection trap enable
By default, ELPS Trap is disabled.
12.3.3 Configuring ELPS fault detection modes
 Fault detection modes of the working line and protection line can be different.
However, we recommend that fault detection mode configurations of the working
line and protection line keep consistent.

264
Raisecom
 When configuring end-to-end fault detection mode for the working/protection line,
we do not recommend using the physical link detection mode if there are other
devices along the link. We recommend using the CC fault detection mode.
2 Raisecom(config)#ethernet line-protection Set the fault detection mode of the working
line-id { working | protection } failure- line/protection line to failure-detect
detect physical-link physical-link.
By default, the fault detection mode is
configured to failure-detect physical-link.
Raisecom(config)#ethernet line-protection Set the fault detection mode of the working
line-id { working | protection } failure- line/protection line to failure-detect cc.
detect cc [ md md-name ] ma ma-name level
level mep local-mep-id remote-mep-id This fault detection mode cannot take effect
unless you finish related configurations on
CFM.
Raisecom(config)#ethernet line-protection Set the fault detection mode of the working
line-id { working | protection } failure- line/protection line to failure-detect
detect physical-link-or-cc [ md md-name ] physical-link-or-cc.
ma ma-name level level mep local-mep-id
remote-mep-id In this mode, it believes that the link fails
when a fault is detected on the physical
link/CC.
This fault detection mode cannot take effect
unless you finish related configurations on
CFM.
12.3.4 (Optional) configuring ELPS switching control
By default, traffic is automatically switched to the protection line when the working
line fails. Therefore, you need to configure ELPS switching control in some special
cases.
2 Raisecom(config)#ethernet line- Lock protection switching. After this configuration,
protection line-id lockout the traffic is not switched to the protection line even
the working line fails.
3 Raisecom(config)#ethernet line- Switch the traffic from the working line to the
protection line-id force-switch protection line forcedly.
4 Raisecom(config)#ethernet line- Switch the traffic from the working line to the
protection line-id manual-switch protection line manually. Its priority is lower than
the one of forced switch and APS.

265
Raisecom

5 Raisecom(config)#ethernet line- In non-revertive mode, switch the traffic from the
protection line-id manual-switch-to- protection line to the working line.
work
After you perform the MS-W operation (Traffic is switched from the protection line
back to the working line.), if a fault/recovery event occurs or if other protection group
commands, such as lockout, force-switch, or manual-switch, are executed, both ends
of the protection group may select different lines. In this case, you should use the
clear ethernet line-protection line-id end-to-end command command to delete
configured protection group command to make both ends of the protection group
select the identical line.

1 Raisecom#show ethernet line-protection [ line- Show protection line configurations.
id ]
2 Raisecom#show ethernet line-protection statistics Show protection line statistics.
3 Raisecom#show ethernet line-protection aps Show APS information.
12.4 Configuring ERPS

Scenario
With development of Ethernet to Telecom-grade network, voice and video multicast services
bring higher requirements on Ethernet redundant protection and fault-recovery time. The
fault-recovery time of current STP system is in second level that cannot meet requirements.
By defining different roles for nodes on a ring, ERPS can block a loopback to avoid broadcast
storm in normal condition. Therefore, the traffic can be quickly switched to the protection line
when working lines or nodes on the ring fail. This helps eliminate the loopback, perform
protection switching, and automatically recover from faults. In addition, the switching time is
shorter than 50ms.
The RAX711-R supports the single ring, intersecting ring, and tangent ring.
ERPS provides 3 modes to detect a fault:
 Detect faults based on the physical interface status: learning link fault quickly and
switching services immediately, suitable for detecting the fault between neighbor devices.

266
Raisecom
 Detect faults based on CFM: suitable for unidirectional detection or multi-device

crossing detection.
 Detect faults based on the physical interface and CFM: sending Trap when detecting a
fault on the physical link/CFM.
Prerequisite
 Connect interfaces and configure physical parameters for them. Make the physical layer
Up.
 Create the management VLAN and VLANs of the working and protection interfaces.
 Configure CFM detection between devices (preparing for CFM detection mode).
12.4.2 Creating ERPS protection ring
 Only one device on the protection ring can be set to the Ring Protection Link
(RPL) Owner and one device is configured to RPL Neighbor. Other devices are
set to ring forwarding nodes.
 In actual, the tangent ring consists of 2 independent single rings. Configurations
on the tangent ring are identical to the ones on the common single ring. The
intersecting ring consists of a master ring and a sub-ring. Configurations on the
master ring are identical to the ones on the common single ring. For details
about configurations on the sub-ring, see section 12.4.3 (Optional) creating
ERPS protection sub-ring.
2 Raisecom(config)#ethernet ring-protection Create a protection ring and set the node to
ring-id east { interface-type interface- the RPL Owner.
number } west { interface-type interface-
number | port-channel channel-number } By default, there is no ERPS protection ring.
node-type rpl-owner rpl { east | west }
[ not-revertive ] [ protocol-vlan vlan-
id ] [ block-vlanlist vlan-list ]
The east and west interfaces cannot be
the same one.
Raisecom(config)#ethernet ring-protection Create a protection ring and set the node to
ring-id east { interface-type interface- the RPL Neighbour.
number | port-channel channel-number }
west { interface-type interface-number |
port-channel channel-number } node-type
rpl-neighbour rpl { east | west} [ not-
revertive ] [ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]
Raisecom(config)#ethernet ring-protection Create a protection line and set the node to
ring-id east { interface-type interface- the protection forwarding node.
number | port-channel channel-number }
west { interface-type interface-number |
port-channel channel-number } [ not-
revertive ] [ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]

267
Raisecom

3 Raisecom(config)#ethernet ring-protection (Optional) configure a name for the
ring-id name string protection ring.
4 Raisecom(config)#ethernet ring-protection (Optional) configure the G.8032 protocol
ring-id version { 1 | 2 } version. By default, version 1 is available.
5 Raisecom(config)#ethernet ring-protection (Optional) after the ring Guard timer is
ring-id guard-time guard-timer configured, the failed node does not process
APS packets during a period. By default, the
ring Guard timer is configured to 500ms.
6 Raisecom(config)#ethernet ring-protection (Optional) configure the ring WTR timer. In
ring-id wtr-time wtr-timer revertive mode, when the working line
recovers from a fault, traffic is not switched
to the working line unless the WTR timer
times out.
By default, the ring WTR time value is
configured to 5min.
7 Raisecom(config)#ethernet ring-protection (Optional) configure the ring HOLDOFF
ring-id holdoff-time holdoff-timer timer. Hold-off timer configurations on both
ends should be consistent.
By default, the ring HOLDOFF timer value
is configured to 0.
If the ring HOLDOFF timer value is

over great, it may influence 50ms
switching performance. Therefore, we
recommend setting the ring HOLDOFF
timer value to 0.
8 Raisecom(config)#ethernet ring-protection (Optional) enable ERPS Trap.
trap enable
By default, ERPS Trap is disabled.
12.4.3 (Optional) creating ERPS protection sub-ring
 Only the intersecting ring consists of a master ring and a sub-ring.

 Configurations on the master ring are identical to the ones on the single
ring/tangent ring. For details, refer to section 12.4.2 Creating ERPS protection
ring.
 Configurations of non-intersecting nodes of the intersecting ring are identical to
the ones on the single ring/tangent ring. For details, refer to section 12.4.2
Creating ERPS protection ring.

268
Raisecom

2 Raisecom(config)#ethernet ring- Create the sub-ring on the intersecting node and set
protection ring-id { east { interface- the intersecting node to the RPL Owner.
type interface-number | port-channel
channel-number } | west { interface- By default, the protocol VLAN is configured to 1.
type interface-number | port-channel Blocked VLANs range from 1 to 4094.
channel-number } } node-type rpl-owner
[ not-revertive ] [ protocol-vlan
vlan-id ] [ block-vlanlist vlan-list ]
The links between 2 intersecting nodes
belong to the master ring. Therefore, when
you configure the sub-ring on the
intersecting node, you can only configure the
west or east interface.
Raisecom(config)#ethernet ring- Create the sub-ring on the intersecting node and set
protection ring-id { east { interface- the intersecting node to the RPL Neighbour.
channel-number } | west { interface-
channel-number } } node-type rpl-
neighbour [ not-revertive ]
[ protocol-vlan vlan-id ] [ block-
vlanlist vlan-list ]
Raisecom(config)#ethernet ring- Create the sub-ring on the intersecting node and set
protection ring-id { east { interface- the intersecting node to the protection forwarding
type interface-number | port-channel node.
channel-number } | west { interface-
channel-number } } [ not-revertive ]
[ protocol-vlan vlan-id ] [ block-
vlanlist vlan-list ]
3 Raisecom(config)#ethernet ring- (Optional) configure the sub-ring virtual channel
protection ring-id raps-vc { with | mode on the intersecting node. By default, the sub-
without } ring virtual channel adopts the with mode.
Transmission modes on 2 intersecting nodes

must be identical.
4 Raisecom(config)#ethernet ring- Enable the ring Propagate switch on the
protection ring-id propagate enable intersecting node.
By default, the ring Propagate switch is disabled.
12.4.4 Configuring ERPS fault detection modes


269
Raisecom

2 Raisecom(config)#ethernet ring-protection Set the ERPS fault detection mode to failure-
ring-id { east | west } failure-detect detect physical-link.
physical-link
By default, the ERPS fault detection mode is
configured to failure-detect physical-link.
Raisecom(config)#ethernet ring-protection Set the ERPS fault detection mode to failure-
ring-id { east | west } failure-detect cc detect cc.
[ md md-name ] ma ma-name level level mep
local-mep-id remote-mep-id This ERPL fault detection mode cannot take
effect unless you finish related configurations
on CFM.
If you configure the MD, the MA should be
below the configured md-level.
Raisecom(config)#ethernet ring-protection Set the ERPS fault detection mode to failure-
ring-id { east| west } failure-detect detect physical-link-or-cc.
physical-link-or-cc [ md md-name ] ma ma-
name level level mep local-mep-id remote- In this mode, it believes that the link fails
mep-id when a fault is detected on the physical
link/CC.
This ERPL fault detection mode cannot take
effect unless you finish related configurations
on CFM.
If you configure the MD, the MA should be
below the configured md-level.
12.4.5 (Optional) configuring ERPS switching control
By default, traffic is automatically switched to the protection line when the working
line fails. Therefore, you need to configure ERPS switching control in some special
cases.
2 Raisecom(config)#ethernet ring- Switch the traffic on the protection ring to the west/east
protection ring-id force-switch interface forcedly.
{ east | west }
 east: block the east interface.
 west: block the west interface.
3 Raisecom(config)#ethernet ring- Switch the traffic on the protection ring to the west/east
protection ring-id manual-switch interface manually. Its priority is lower than the one of
{ east | west } forced switch and APS.

270
Raisecom

1 Raisecom)#show ethernet ring-protection Show ERPS protection ring configurations.
[ ring-id ]
2 Raisecom)#show ethernet ring-protection Show ERPS protection ring status.
[ ring-id ] status
3 Raisecom)#show ethernet ring-protection Show ERPS protection ring statistics.
[ ring-id ] statistics
12.5 Configuring VRRP

Scenario
In general, we configure a default route to the breakout gateway for all devices in a LAN.
Therefore, these devices can communicate with the external network. If the gateway fails,
devices in the LAN fail to communicate with the external network.
The VRRP technology combines multiple routers to form a backup group. By configuring a
virtual IP address for the backup group, you can set the default gateway to the virtual IP
address of the backup group to make devices in the LAN communicate with the external
network.
VRRP helps improve network reliability. It facilitates avoiding network interruption caused
by failure of s single link and prevents changing routing configurations because of link failure.
Interfaces of the router, which support VRRP, include the Layer 3 physical interface,
VLAN interface, and sub-interface.
Prerequisite
N/A
12.5.2 Configuration procedure

Figure 12-1 shows the VRRP configuration procedure.

271
Raisecom
Figure 12-1 VRRP configuration procedure
12.5.3 Configuring VRRP backup group

VRRP backup group is available for the Layer 3 physical interface, VLAN interface, and sub-
interface. In this section, take configurations on the Layer 3 physical interface for examples.

3 Raisecom(config-port)#vrrp group- Create a VRRP backup group and configure a virtual IP
id ip ip-address address for the VRRP backup group. The virtual IP
address must be at the same network segment with the
interface IP address.
4 Raisecom(config-port)#vrrp group- (Optional) configure descriptions of the VRRP backup
id description description group.

272
Raisecom

5 Raisecom(config-port)#vrrp group- (Optional) enable the preemption mode of the VRRP
id preempt [ delay-time second ] backup group.
By default, the newly-created VRRP backup group is in
preemption mode. The preemption delay is configured
to 0s.
6 Raisecom(config-port)#vrrp group- Configure the priority of the device in the VRRP backup
id priority priority group.
By default, the priority of the newly-created VRRP
backup group is configured to 100.
7 Raisecom(config-port)#vrrp group- (Optional) configure the interval for the VRRP backup
id timers advertise-interval group sending the notification packet.
seconds
8 Raisecom(config-port)#vrrp group- Enable VRRP.
id enable
12.5.4 (Optional) configuring ping function of VRRP virtual IP

address
2 Raisecom(config)#vrrp ping Enable pinging the virtual IP address of the VRRP backup
group.
By default, ping the virtual IP address of the newly-created
VRRP backup group.
12.5.5 Configuring VRRP monitoring interface

VRRP monitoring interface is available for the Layer 3 physical interface, VLAN interface,
and sub-interface. In this section, take configurations on the Layer 3 physical interface for
examples.

3 Raisecom(config-port)#vrrp group-id track Configure VRRP monitoring
interface-type interface-number [ reduce priority ] interface.

273
Raisecom
12.5.6 Configuring BFD for VRRP

VRRP fast switching is available for the Layer 3 physical interface, VLAN interface, and sub-
interface. In this section, take configurations on the Layer 3 physical interface for examples.

3 Raisecom(config-port)#vrrp group-id Configure the VRRP backup group to monitor
track bfd-session session-id [ increased the BFD session to realize fast switching.
priority | reduce priority ]

1 Raisecom#show vrrp group-id Show VRRP backup group configurations.
2 Raisecom#show vrrp interface interface-type Show VRRP backup group configurations
interface-number [ group-id ] on the interface.
3 Raisecom#show vrrp interface interface-type Show VRRP backup group statistics on the
interface-number [ group-id ] statistics interface.
4 Raisecom#show vrrp [ group-id ] track Show monitoring information about the
VRRP backup group.
12.6 Configure PW redundancy protection

Scenario
PW redundancy protection is used in the networking scenario of CE connecting to 3 PEs
asymmetrically, multiple CEs connecting to Multiple PEs, and CE accessing a networking
with MS-PW, etc.
Prerequisite
 The AC link between dual-homed CE and PE supports E-Trunk or E-APS link protection.
 PE can access each other through IGP routing protocol.
 PW or MS-PW is created.

274
Raisecom
12.6.2 Configuring PW redundancy protection

Both Layer 3 physical interface and sub-interface support PW redundancy. When the Layer 3
physical interface or sub-interface at the AC end breaks down, it will trigger the PW
redundancy protection switching.

3 Raisecom(config-port)#mode l2 Configure the VPN mode on Layer 3
physical interface to L2VPN.
By default, the VPN mode on Layer 3
physical interface is L3VPN.
4 Raisecom(config-port)#mpls l2vpn redundancy Configure L2VPN to support PW
{ independent | master [ switch-mode { non- redundancy preotection based on VPWS.
revertive | revertive [ wtr-time wtr-
time ] } ]
5 Raisecom(config-port)#mpls l2vpn switchover Configure manually switching the service
flow from the master PW to slave PW.
12.6.3 Binding service PW with management PW

The master/slave PW status detection in the PW redundancy protection group is based on
BFD. While conducting the BFD for PW detection, each service PW is bound with BFD
detection packet and session, which increases the number of BFD sessions, thus wasting
resources. By configuring the management PW, you can only create one BFD session for PWs
with the same destination address, thus saving network resources.
You have to ensure that the management PW is created on the corresponding Loopback
interface before configuring the service PW to be bound with management PW.

3 Raisecom(config-port)#mode l2 Configure the VPN mode on Layer 3
physical interface to be L2VPN.
By default, the VPN mode on Layer 3
physical interface is L3VPN.
4 Raisecom(config-port)#mpls l2vc [ backup | Configure service PW binding management
bypass ] track admin-pw loopback loopback- PW.
number

275
Raisecom

1 Raisecom#show mpls l2vc Show configurations about PW redundancy protection.
12.7 Configuring MPLS-TP linear protection switching

Scenario
MPLS-TP linear protection switching protects the primary link by providing a backup link.
Therefore, it provides end-to-end protection for LSP links between devices.
Prerequisite
 Configure the static LSP.
 Configure MPLS-TP OAM.
 Create the working PW, protection PW, protection MS-PW/tributary PW.
12.7.2 Configuring MPLS-TP linear protection switching
Creating LSP 1:1 linear protection pair

2 Raisecom(config)#mpls line-protection aps- Create a MPLS LSP linear protection pair
id { lsp | transit-lsp } working lsp- and configure the working line, protection
ingress-name lsp-egress-name protection line, and protection mode.
lsp-ingress-name lsp-egress-name [ ttl
ttl ] one-to-one [ non-revertive ]
Creating PW 1:1 linear protection pair

2 Raisecom(config)#mpls line-protection aps- Create a MPLS PW linear protection pair
id { pw | ms-pw } working vc-id vc-id and configure the working line, protection
destination ip-address protection vc-id vc- line, and protection mode.
id destination ip-address [ ttl ttl ] one-
to-one [ non-revertive ]

276
Raisecom
Configuring basic properties of protection pair

2 Raisecom(config)#mpls line-protection (Optional) configure the name of the MPLS
aps-id name string linear protection pair.
3 Raisecom(config)#mpls line-protection Configure the Hold off timer.
aps-id hold-off-timer hold-off-timer
4 Raisecom(config)#mpls line-protection Configure the WTR timer.
aps-id wtr-timer wtr-timer
5 Raisecom(config)#mpls line-protection Enable MPLS linear protection Trap.
trap enable
Configuring switching control commands

Select any step from steps 2-5 as required. And use the clear mpls line-protection command
command to clear switching control commands of the protection pair immediately.

2 Raisecom(config)#mpls line-protection aps- (Optional) switch the traffic to the protection
id force-switch line forcedly.
By default, the traffic is automatically
switched to the protection line, when the
working line fails.
3 Raisecom(config)#mpls line-protection aps- (Optional) configure MPLS linear protection
id lockout switching lockout.
working line fails.
4 Raisecom(config)#mpls line-protection aps- (Optional) switch the traffic to the protection
id manual-switch line manually.
working line fails.
5 Raisecom(config)#mpls line-protection aps- (Optional) switch the traffic back to the
id manual-switch-to-work working line manually.

277
Raisecom

1 Raisecom(config)#show mpls line- Show MPLS linear protection pair configurations.
protection [ aps-id ] config
2 Raisecom(config)#show mpls line- Show MPLS linear protection pair statistics.
protection [ aps-id ] statistic
3 Raisecom(config)#show mpls line- Show MPLS linear protection pair status.
protection [ aps-id ] status
12.8 Configuring PW dual-homed protection switching

Scenario
PW dual-homed protection switching protects client-side access links and network-side
working PWs by cooperating with the working PW, protection PW, and bypass PW. By
bridging any two nodes among the service PW, DNI-PW, and access link, dual-homed
protection can prevent access-side faults from triggering network-side faults, and vice versa.
For example, when the client-side access interface of the PE node fails, the working node will
bridge the working PW and bypass PW to a multi-section PW and the protection node will
bridge the bypass PW with the access link, transmitting the service flow on the working PW,
bypass PW, and access PW. Figure 12-2 shows the application.
Figure 12-2 PW dual-home protection application scenario
Prerequisite
Configure MPLS basic functions, create a LSP, and associate the Tunnel interface.

278
Raisecom
12.8.2 Configuration flows

Figure 12-3 shows the flow for configuring PW dual-homed protection switching.
Figure 12-3 Flow for configuring PW dual-homed protection switching
12.8.3 Configuring ICCP channel

In the PW dual-homed protection scenario, devices at the user side accesses the network
through two PE devices. The two PE devices should establish an ICCP tunnel between them
for carrying DNI-PW (namely, bypass PW).
Configure the MC-PW working node and the protection node as below.

2 Raisecom(config)#iccp local-ip ip- Configure the local IP address of the ICCP channel.
address
The IP address is usually the one of the physical
interface or the LAG interface.
3 Raisecom(config)#iccp channel Create an ICCP channel and enter ICCP configuration
channel-id mode.
4 Raisecom(config-iccp)#member-ip ip- Configure the remote IP address of the ICCP channel.
address
5 Raisecom(config-iccp)#iccp enable Enable ICCP channel.

279
Raisecom
12.8.4 Configuring PW
Configuring working PW
For configuring the working PW, see section 9.1.2 Configuring static L2VC or section 9.1.3
Configuring dynamic L2VC.
 Configure the working PW pointing to the PE B on PEA.
 Configure the working PW pointing to the PE A on PE B.
Configuring protection PW
For configuring the protection PW, see section 9.1.2 Configuring static L2VC or section 9.1.3
Configuring dynamic L2VC.
 Configure the protection PW pointing to the PE C on PE A.
 Configure the DNI-PW pointing to the PE C on PE B.
 Configure the DNI-PW pointing to the PE B on PE C.
 Configure the active PW which is pointing to PE A as the protection PW of the
protection node on PE C.
12.8.5 Configuring PW dual-homed protection group
Configuring PW 1:1 protection group

Configure PW 1:1 protection group on node PE A. For details, refer to section 12.7
Configuring MPLS-TP linear protection switching.
Configuring the working nodes of MC-PW protection group

When the network is normal, the working node bridges the working PW and the access link.
When the network fails, the working node bridges the working PW and the DNI-PW.
Configure the PE B as below

2 Raisecom(config)#mpls line-protection aps- Create the MC-PW protection pair on the
id mc-pw working vc-id vc-id destination working node and associate it with the PW
ip-address [ ttl ttl ] of this working node.
When enabling MC-PW protection

group on the SPE device, you must
choose the TTL value and configure it
properly. Otherwise, switching will fail.
3 Raisecom(config)#mpls line-protection aps- Associate the MC-PW protection group with
id binding-channel channel-id the ICCP tunnel on the working node.

280
Raisecom
Configuring protection node of MC-PW protection group

When the network fails, the protection node bridges DNI-PW and the access link.
Configure the PE C as below.

2 Raisecom(config)#mpls line-protection aps- Configure the MC-PW protection group on
id mc-pw working vc-id vc-id destination the working node and associate it with the
ip-address [ ttl ttl ] protection PW of the working node.
When enabling MC-PW protection

group on the SPE device, you must
choose the TTL value and should
configure it properly. Otherwise,
switching will fail.
3 Raisecom(config)#mpls line-protection aps- Associate the MC-PW protection group with
id binding-channel channel-id the ICCP tunnel on the working node.
12.8.6 Configuring PW dual-homed protection switching attributes

2 Raisecom(config)#mpls line- (Optional) forcedly switch services to the protection line.
protection aps-id force-switch
By default, when the working line fails, it will
automatically switch the services to the protection line.
3 Raisecom(config)#mpls line- (Optional) lock link protection switching.
protection aps-id lockout
4 Raisecom(config)#mpls line- (Optional) switch services to the protection line manually.
protection aps-id manual-switch
5 Raisecom(config)#mpls line- (Optional) configure the Hold-off timer.
protection aps-id hold-off-timer
hold-off-timer By default, the value is 0.
6 Raisecom(config)#mpls line- (Optional) configure the WTR timer.
protection aps-id wtr-timer wtr-
timer By default, the value is 5 min.
7 Raisecom(config)#mpls line- (Optional) enable MPLS linear protection to report Trap.
protection trap enable

281
Raisecom
12.9 Configuring HA hot backup

Scenario
High Availability (HA), including hot backup, batch backup, and realtime backup, is used to
provide high reliability of the system. Devices which support HA hot backup should be
equipped with 2 cards. The master card works in Master mode and the slave card works in
Slave mode. Whenever the master card fails, the slave card will be activated and continue to
work to ensure that the system can run properly.
Prerequisite
The RAX711-R is inserted with the active and standby MCCs.
12.9.2 Configuring HA switching

2 Raisecom(config)#ha switchover Switch the active and standby MCCs manually.

1 Raisecom(config)#show ha state Show HA hot backup status.
12.10 Maintenance
Command Description
Raisecom(config)#clear lacp statistics Clear LACP statistics.
[ interface-type interface-number ]
Raisecom(config)#clear mlacp mlacp-group Clear statistics of received and transmitted packets
[ icg-id ] statistics of the chassis group.
Raisecom(config)#clear ethernet line- Clear statistics of the protection group.
protection statistics
Raisecom(config)#clear ethernet line- Clear end-to-end switching control commands.
protection aps-id end-to-end command
Raisecom(config)#clear ethernet ring- Clear statistics of the protection ring, including the
protection ring-number statistics number of transmitted APS packets, the number of
received APS packets, the last switching time, and
the fault detection mode.

282
Raisecom
Command Description
Raisecom(config)#clear ethernet ring- Clear switching control commands of the
protection ring-number command protection ring, including the force-switch and
manual-switch commands.
Raisecom(config)#clear mpls line-protection Clear switching control commands of the MPLS

aps-id command linear protection pair.
Raisecom(config)#clear mpls line-protection Clear statistics of the MPLS linear protection pair.
[ aps-id ] statistics
Raisecom(config)#clear iccp channel Clear statistics of ICC received and transmitted

[ channel-id ] statistics packets.
Raisecom#clear vrrp statistics Clear packet statistics of all VRRP backup groups.

12.11.1 Example for configuring manual link aggregation
As shown in Figure 12-4, to improve the reliability of the link between iTN A and iTN B, you
can configure manual link aggregation on iTN A and iTN B. Add GE 1/1/1 and GE 1/1/2 to a
LAG to form a single logical interface. The LAG performs load-balancing according to the
source MAC address.
Figure 12-4 Configuring manual link aggregation
Configuration steps
Configuration procedures for iTN A and iTN B are identical. In this section, take
configurations on iTN A for examples.
Step 1 Create a manual LAG.

283
Raisecom
iTNA#config
iTNA(config)#interface port-channel 1
iTNA(config-port-channelif)#mode manual
iTNA(config-port-channelif)#exit
Step 2 Add interfaces to the LAG.

iTNA(config-port)#port-channel 1
Step 3 Configure the load-balancing mode of the LAG.
iTNA(config-port-channelif)#load-sharing mode src-mac
Checking results
Use the show port-channel command to show global configurations on manual link
aggregation.
iTNA#show port-channel
Group 1 information:
Mode : Manual Load-sharing mode : src-mac
MinLinks: 1 Max-links : 8
UpLinks : 0 Priority-Preemptive: Disable
Member Port: gigaethernet1/1/1 gigaethernet1/1/2
Efficient Port:
12.11.2 Example for configuring static LACP link aggregation
As shown in Figure 12-5, to improve the reliability of the link between iTN A and iTN B, you
can configure static LACP link aggregation on iTN A and iTN B. Add GE 1/1/1 and GE 1/1/2
to a LAG to form a logical interface.

284
Raisecom
Figure 12-5 Configuring static LACP link aggregation
Configuration steps
Step 1 Configure the static LACP LAG on iTN A and set iTN A to the active end.
iTNA#config
iTNA(config)#lacp system-priority 1000
iTNA(config-port-channelif)#mode lacp
iTNA(config-port-channelif)#exit
iTNA(config-port)#lacp port-priority 1000
iTNA(config-port)#lacp mode active
iTNA(config-port)#lacp mode active
Step 2 Configure the static LACP LAG on iTN B.
iTNB#config
iTNB(config)#interface port-channel 1
iTNB(config-port-channelif)#mode lacp
iTNB(config-port-channelif)#exit
iTNB(config-port)#port-channel 1
iTNB(config-port)#port-channel 1

285
Raisecom
Checking results
Use the show port-channel command on iTN A to show global configurations on static
LACP link aggregation.
iTNA#show port-channel 1
Group 1 information:
Mode : Lacp Load-sharing mode : src-dst-mac
MinLinks: 1 Max-links : 8
UpLinks : 0 Priority-Preemptive: Disable
Member Port: gigaethernet1/1/1 gigaethernet1/1/2
Efficient Port:
12.11.3 Examples for configuring PW redundancy protection
As shown in Figure 12-6, CE 1 services are transmitted through PE 1 and PE 2 respectively.
PE 1 and PE 2 are connected to the PE 4 which locates at the core layer through the static PW
carried by the static Tunnel. The services of the peer CE 2 are transmitted through PE 3 which
is also connected to the core-layer PE 5 through the static PW. The PE devices at the core
layer are enabled with the dynamic PW which is carried by the LDP LSP dynamically. The
core-layer devices include PE 4, PE 5, PE 6, and PE 7. The devices at the access side are all
configured with two static PWs (master/slave) and enabled with PW redundancy protection.
To implement service transmission and protection at the core layer, you can enable static-to-
dynamic PW conversion on PE 4 and PE 5 and enable dynamic PW conversion on PE 6 and
PE 7.
Figure 12-6 CE accessing multi-section PWs asymmetrically

286
Raisecom
 Configure MPLS basic functions on the PE devices, configure MPLS LDP, and establish
Tunnels between PE devices.
 Enable OSPF on PE 4, PE 5, PE 6, and PE 7 and ensure that routes are reachable
between PE devices.
 Configure static routes among PE 1, PE 2, and PE 4 and configure static routes between
PE 3 and PE 5.
 Configure the static-to-dynamic PW conversion on PE 4 and configure static-to-dynamic
PW conversion on PE 5.
 Configure static PWs among PE 1, PE 2, and PE 4 and configure static PWs on PE 3 and
PE 5.
 Configure PW redundancy.
Data preparation
Figure 12-7 shows the data preparation.
Figure 12-7 Data preparation

Device LSR-ID Interface IP address VC ID
PE 1 1.1.1.1 gigaethernet 1/2/1.100 – Master: 101
Slave: 201
gigaethernet 1/1/1 20.0.0.1/24 –
loopback 2 1.1.1.1/24 –
PE 2 2.2.2.2 gigaethernet 1/2/1.100 – Master: 301
Slave: 401
gigaethernet 1/1/1 40.0.0.1/24 –
loopback 2 2.2.2.2/24 –
PE 4 4.4.4.4 gigaethernet 1/5/1 20.0.0.2/24 –
gigaethernet 1/5/2 40.0.0.2/24 –
gigaethernet 1/5/3 60.0.0.1/24 –
gigaethernet 1/5/4 70.0.0.1/24 –
loopback 2 4.4.4.4/24 –
PE 6 6.6.6.6 gigaethernet 1/1/1 60.0.0.2/24 –
gigaethernet 1/1/2 30.0.0.1/24 –
loopback 1 6.6.6.6/24 –
PE 7 7.7.7.7 gigaethernet 1/1/1 70.0.0.2/24 –
gigaethernet 1/1/2 50.0.0.1/24 –
loopback 2 7.7.7.7/24 –

287
Raisecom
Device LSR-ID Interface IP address VC ID

PE 5 5.5.5.5 gigaethernet 1/5/1 80.0.0.1/24 –
gigaethernet 1/5/3 30.0.0.2/24 –
gigaethernet 1/5/4 50.0.0.2/24 –
loopback 2 5.5.5.5/24 –
PE 3 3.3.3.3 gigaethernet 1/1/1 80.0.0.2/24 –
gigaethernet 1/1/2 90.0.0.2/24 –
gigaethernet 1/2/1.100 – Master: 501
Slave: 601
gigaethernet 1/2/1.200 – Master: 701
Slave: 801
loopback 2 3.3.3.3/24 –
Configuration steps
Step 1 Enable MPLS and LDP globally.
 Configure PE 1.

PE1(config)#mpls ldp
 Configure PE 2, PE 3, PE 4, PE 5, PE 6, and PE 7. The methods are the same as

configuring PE 1.
Step 2 Configure the IP address of the network-side interfaces and enable LDP.
 Configure PE 1.

 Configure PE 6.


288
Raisecom
PE6(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2

 Configure PE 2, PE 3, PE 4, PE 5, and PE 7. The methods are the same as configuring

PE 1 or PE 6.
Step 3 Configure the IP address of the Loopback interface and configure OSPF.
 Configure PE 1.
PE1(config)#interface loopback 2
PE1(config-loopback2)#ip address 1.1.1.1 255.255.255.0
PE1(config-loopback2)#exit
 Configure PE 2.
 Configure PE 4.
PE4(config)#router id 4.4.4.4
PE4(config)#router ospf 1 router-id 4.4.4.4
 Configure PE 6.

289
Raisecom
 Configure PE 7.
 Configure PE 5.
 Configure PE 3.
Step 4 Configure static routes among PE devices.

 Configure PE 1.
PE1(config)#ip route 4.4.4.4 255.255.255.0 20.0.0.2
 Configure PE 2.
 Configure PE 3.

290
Raisecom
 Configure PE 4.

 Configure PE 5.
Step 5 Establish LDP sessions among PE devices.

 Configure PE 4.
PE4(config)#mpls ldp targeted neighbor 6.6.6.6

 Configure PE 5.

 Configure PE 6.

 Configure PE 7.

Step 6 Create a static Tunnel and static LSP.

 Configure PE 1.

291
Raisecom

PE1(config)#mpls bidirectional static-lsp ingress lspin1 lsr-id 4.4.4.4
tunnel-id 1
PE1(config-ingress-lsp)#forward 4.4.4.4 255.255.255.255 nexthop 20.0.0.2
out-label 1004
PE1(config-ingress-lsp)#backward in-label 4001
PE1(config-ingress-lsp)#exit
 Configure PE 2.

tunnel-id 2
out-label 2004
 Configure PE 3.

tunnel-id 3
out-label 3005
 Configure the Tunnel from PE 4 to PE 1 on PE 4.


292
Raisecom

tunnel-id 1
out-label 4001
 Configure the Tunnel from PE 4 to PE 2 on PE 4.

tunnel-id 2
out-label 4002
 Configure PE 5.

tunnel-id 3
out-label 5003
Step 7 Create a static PW and enable PW redundancy protection.

 Configure PE 1 and activate services based on VLAN 100.
PE1(config)#interface gigaethernet 1/2/1.100

PE1(config-gigaethernet1/2/1.100)#encapsulation dot1q 100
PE1(config-gigaethernet1/2/1.100)#mode l2
PE1(config-gigaethernet1/2/1.100)#mpls static-l2vc destination 4.4.4.4
PE1(config-gigaethernet1/2/1.100)#mpls l2vpn redundancy master
PE1(config-gigaethernet1/2/1.100)#mpls l2vpn pw traffic enable

293
Raisecom
PE1(config-gigaethernet1/2/1.100)#mpls l2vpn pw bfd

PE1(config-gigaethernet1/2/1.100)#mpls l2vpn pw bfd backup



Step 8 Configure switching static PW to dynamic PW.

294
Raisecom
 Configure PE 4.
PE4(config)#mpls switch-l2vc 1.1.1.1 101 in-label 1001 out-label 1001

tunnel 1/1/1 between 6.6.6.6 1011 tagged
 Configure PE 5.

 Configure PE 6.
PE6(config)#mpls switch-l2vc 5.5.5.5 1011 between 4.4.4.4 1011 tagged

 Configure PE 7.

After configurations are complete, use the following commands to check whether LDP LSP is
correctly created and whether the status is Up and check whether the status of PW, VC, and
AC are Up.
 show mpls ldp session
 show mpls ldp targeted neighbour
 show mpls lsp ldp
 show mpls l2vc
 show mpls switch-l2vc

295
Raisecom
12.11.4 Example for configuring PW dual-homed protection

switching
Figure 12-8 shows the scenario of the PW dual-homing protection applied to the mobile
backhaul network. There is a working PW between PE A and PE B, a protection PW between
PE A and PE C, and a bridge PW (bypass PW) between PE B and PE C. Service data will be
switched to the protection PW for transmission when the working PW fails to work. When
some AC at the RNC side fails, the bypass is bridged with the working/protection PW to form
a MS-PW. The MS-PW provides PW dual-homed protection switching to protect service data.
Figure 12-8 Configuring PW dual-homed protection switching
Table 12-1 Data preparation

Device LSR-ID Interface IP address PW ID
PE A 132.0.0.1 gigaethernet 1/1/1 10.0.0.10/8 Working PW: 1
gigaethernet 1/1/2 30.0.0.10/8 Protection PW: 3
loopback 1 132.0.0.1/24 –
PE B 132.0.0.2 gigaethernet 1/1/1 10.0.0.20/8 Working PW: 1
gigaethernet 1/1/2 20.0.0.20/8 DNI-PW: 2
loopback 1 132.0.0.2/24 –
PE C 132.0.0.3 gigaethernet 1/1/1 30.0.0.30/8 Protection PW: 3
gigaethernet 1/1/2 20.0.0.30/8 DNI-PW: 2
loopback 1 132.0.0.3/24 –

296
Raisecom
Configuration steps
Step 1 Configure the IP addresses of Layer 3 physical interfaces on PE A, PE B, and PE C.
PE A
PEA#config
PEA(config-gigaethernet1/1/1)#ip address 10.0.0.10 255.0.0.0
PEA(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
PEA(config-gigaethernet1/1/2)#ip address 30.0.0.10 255.0.0.0
PEA(config-gigaethernet1/1/2)#interface loopback 1
PEA(config-loopback1)#ip address 132.0.0.1 255.255.255.0
PEA(config-loopback1)#exit
PE B
PEB(config-gigaethernet1/1/1)#ip address 10.0.0.20 255.0.0.0
PEB(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
PEB(config-gigaethernet1/1/2)#ip address 20.0.0.20 255.0.0.0
PEB(config-gigaethernet1/1/2)#interface loopback 1
PEB(config-loopback1)#ip address 132.0.0.2 255.255.255.0
PEB(config-loopback1)#exit
PE C
PEC(config)#interface gigaethernet 1/1/1

PEC(config-gigaethernet1/1/1)#ip address 30.0.0.30 255.0.0.0
gigaethernet1/1/1PEC(config-gigaethernet1/1/1)#interface gigaethernet
1/1/2
PEC(config-gigaethernet1/1/2)#ip address 20.0.0.30 255.0.0.0
PEc(config-gigaethernet1/1/2)#interface loopback 1
PEc(config-loopback1)#ip address 132.0.0.3 255.255.255.0
PEC(config-loopback1)#exit
Step 2 Configure MPLS basic properties of PE A, PE B, and PE C.

 PE A

 PE B

297
Raisecom

 PE C
PEC(config)#mpls lsr-id 132.0.0.3

PEC(config)#mpls enable
Step 3 Configure ICCP on PE B and PE C.

PE B
PEB(config)#iccp local-ip 20.0.0.20

PEB(config)#iccp channel 1
PEB(config-iccp)#member-ip 20.0.0.30
PEB(config-iccp)#iccp enable
PEB(config-iccp)#exit
PE C
PEC(config)#iccp local-ip 20.0.0.30

PEC(config)#iccp channel 1
PEC(config-iccp)#member-ip 20.0.0.20
PEC(config-iccp)#iccp enable
PEC(config-iccp)#exit
Step 4 Configure Tunnel on PE A, PE B, and PE C.

 PE A

PEA(config-tunnel1/1/1)#interface tunnel 1/1/2
PEA(config-tunnel1/1/2)#exit
 PE B

298
Raisecom
PEB(config-tunnel1/1/1)#interface tunnel 1/1/2
PEB(config-tunnel1/1/2)#exit
 PE C
PEC(config)#interface tunnel 1/1/1

PEC(config-tunnel1/1/1)#destination 20.0.0.20
PEC(config-tunnel1/1/1)#mpls tunnel-id 1
PEC(config-tunnel1/1/1)#mpls te commit
PEC(config-tunnel1/1/1)#interface tunnel 1/1/2
PEC(config-tunnel1/1/2)#destination 30.0.0.10
PEC(config-tunnel1/1/2)#mpls tunnel-id 3
PEC(config-tunnel1/1/2)#mpls te commit
PEC(config-tunnel1/1/2)#exit
Step 5 Configure LSP of PE A, PE B, and PE C.

 PE A
PEA(config)#mpls static-lsp ingress lspab 10.0.0.20 255.255.255.0 nexthop

PEA(config)#mpls static-lsp egress lspba in-label 100 lsr-id 132.0.0.2
tunnel-id 1
PEA(config)#mpls static-lsp ingress lspac 30.0.0.30 255.255.255.0 nexthop
PEA(config)#mpls static-lsp egress lspca in-label 200 lsr-id 132.0.0.2
tunnel-id 3
 PE B
PEB(config)#mpls static-lsp ingress lspba 10.0.0.10 255.255.255.0 nexthop

PEB(config)#mpls static-lsp egress lspab in-label 101 lsr-id 132.0.0.1
tunnel-id 1
PEB(config)#mpls static-lsp ingress lspbc 20.0.0.30 255.255.255.0 nexthop
PEB(config)#mpls static-lsp egress lspcb in-label 300 lsr-id 132.0.0.3
tunnel-id 2
 PE C

299
Raisecom
PEC(config)#mpls static-lsp ingress lspca 30.0.0.10 255.255.255.0 nexthop

PEC(config)#mpls static-lsp egress lspac in-label 201 lsr-id 132.0.0.1
tunnel-id 3
PEC(config)#mpls static-lsp ingress lspcb 20.0.0.20 255.255.255.0 nexthop
PEC(config)#mpls static-lsp egress lspbc in-label 301 lsr-id 132.0.0.2
tunnel-id 2
Step 6 Configure PW on PE A, PE B, and PE C.

 PE A

PEA(config-gigaethernet1/2/1)#mpls static-l2vc destination 20.0.0.20 raw
PEA(config-gigaethernet1/2/1)#mpls static-l2vc destination 30.0.0.30 vc-
id 3 in-label 18 out-label 18 tunnel 1/1/2 backup
 PE B

PEB(config-gigaethernet1/2/1)#mpls static-l2vc destination 10.0.0.10 raw
PEB(config-gigaethernet1/2/1)#mpls static-l2vc destination 30.0.0.30 vc-
id 2 in-label 17 out-label 17 tunnel 1/1/2 bypass
 PE C
PEC(config)#interface gigaethernet 1/2/1

PEC(config-gigaethernet1/2/1)#mode l2
PEC(config-gigaethernet1/2/1)#mpls static-l2vc destination 10.0.0.10 raw
PEC(config-gigaethernet1/2/1)#mpls static-l2vc destination 20.0.0.20 vc-
id 2 in-label 17 out-label 17 tunnel 1/1/1 bypass
PEC(config-gigaethernet1/2/1)#exit
Step 7 Configure the working nodes and protection nodes for PW 1:1 protection group and MC-PW
protection group.
PE A

300
Raisecom
PEA(config)#mpls line-protection 1 pw working vc-id 1 destination

20.0.0.20 protection vc-id 2 destination 30.0.0.30 ttl 1 one-to-one
PE B
PEB(config)#mpls line-protection 2 mc-pw working vc-id 1 destination

10.0.0.10 ttl 1
PE C
PEC(config)#mpls line-protection 2 mc-pw protection vc-id 3 destination 10.0.0.10 ttl 1
Step 8 Asscoiate the MC-PW protection groups of PE B and PE C with ICCP channels respectively.
PE B
PEB(config)#mpls line-protection 2 binding-channel 1
PE C
PEC(config)#mpls line-protection 2 binding-channel 1
Checking results
Use the show iccp channel command to show ICCP configurations on PE B.
Iccp local ip address : 20.0.0.20

inter-chassis communication channel number : 1
member ip address : 20.0.0.30
binding number : 0
state : enable
machine state : iccpBegin
Use the show mpls line-protection config command to show MPLS protection switching
configurations on PE A, PE B, and PE C.
PEA(config)#show mpls line-protection config

Trap State:Enable

301
Raisecom
Id:1
Name:--
Working Entity Information:
Vc-Id:1 destination:20.0.0.20
State/LCK/M: Active/N/N
Link State:failure
Protection Entity Information:
State/F/M: Standby/N/N
Link State:failure
Wtr(m):5
Holdoff(100ms):0
PEB(config)#show mpls line-protection config

Trap State:Enable
Id:1
Name:--
Link State:failure
Vc-Id:-- destination:--
State/F/M: --/N/N
Link State:failure
Wtr(m):5
Holdoff(100ms):0
Icc:0
Icc State:non-operational
 Configurations on PE C
PEC(config)#show mpls line-protection config

Trap State:Enable
Id:1
Name:--
Link State:failure
Vc-Id:-- destination:--
State/F/M: --/N/N
Link State:failure
Wtr(m):5
Holdoff(100ms):0
Icc:0
Icc State:non-operational

302
Raisecom
RAX711-R (B) Configuration Guide 13 Security
13 Security
This chapter describes principles and configuration procedures of security, as well as related
 Configuring storm control
 Configuring RADIUS
 Configuring TACACS+
 Configuring Dot.1x
 Configuring URPF
 Configuring port mirroring
 Configuring interface isolation
 Configuring CPU protection
 Configuring CPU monitoring
 Configuring memory monitoring
 Maintenance
13.1 Configuring storm control

Scenario
In the Layer 2 network, after storm control is configured, it can inhabit generation of
broadcast storm when unknown multicast, unknown unicast, and broadcast packets increase,
thus ensuring forwarding normal packets.
Prerequisite
Configure physical parameters on an interface and make the physical layer Up.

303
Raisecom
13.1.2 Configuring storm control

3 Raisecom(config-vlan)#storm-control Enable storm control. By default, storm control of

{ broadcast | unknown-multicast | dlf | broadcast packets, unknown multicast packets,
all } enable and unknown unicast packets is disabled.
Raisecom(config-port)#storm-control
{ broadcast | unknown-multicast | dlf |
all } enable
4 Raisecom(config-vlan)#ratelimit Configure the rate limiting threshold of storm
{ broadcast | unknown-multicast | dlf } control. By default:
 Broadcast traffic: cir-value 0 and cbs-value = 0
Raisecom(config-port)#ratelimit
 Unknown multicast traffic: cir-value 0 and cbs-
{ broadcast | unknown-multicast | dlf }
value = 0
 Unknown unicast traffic: cir-value 0 and cbs-
value = 0
When storm control is enabled, you can configure rate limiting. However,
configurations cannot take effect. When storm control is disabled, rate limiting
configurations take effect automatically.

1 Raisecom#show storm-control [ vlan vlan-id | Show storm control configurations to
interface interface-type interface-number ] see whether it is right or wrong.
13.2 Configuring RADIUS

Scenario
To control users accessing devices and network, you can deploy the RADIUS server at the
network to authenticate and account users. The RAX711-R can be used as a Proxy of the
RADIUS server to authenticate users based on results returned by the RADIUS server.

304
Raisecom
Prerequisite
N/A
13.2.2 Configuring RADIUS authentication

1 Raisecom#radius [ backup ] ip-address Specify the IP address and port ID of the RADIUS
[ auth-port port-id ] [ vpn-instance authentication server.
vpn-instance-name ] [ sourceip source-
ip-address ] The backup parameter is used to specify a backup
RADIUS authentication server.
2 Raisecom#radius-key string Configure the shared key for RADIUS
authentication.
3 Raisecom#user login { local-user | Configure the authentication mode for login when
radius-user | local-radius | radius- RADIUS authentication is applied.
local [ server-no-response ] }
4 Raisecom#enable login{ local-user | Configure the authentication mode for entering
radius-user | local-radius | radius- privileged EXEC mode when RADIUS
local [ server-no-response ] } authentication is applied.
13.2.3 Configuring RADIUS accounting

1 Raisecom#aaa accounting Enable RADIUS accounting.
login enable
By default, RADIUS accounting is disabled.
2 Raisecom#radius [ backup ] Specify the IP address and port ID of the RADIUS accounting
accounting-server ip- server. By default, the UDP port ID is configured to 1813.
address [ account-port ]
The backup parameter is used to specify a backup RADIUS
accounting server.
3 Raisecom#radius Configure the shared key used for communicating with the
accounting-server key RADIUS accounting server. The shared key must be identical to
string the one configured on the RADIUS accounting server. Otherwise,
accounting operation fails.
By default, the shared key is empty.
4 Raisecom#aaa accounting Configure the processing policy for accounting failure.
fail { online | offline}
By default, the processing policy is configured to online. In
indicates that users are allowed to log in if accounting operation
fails.

305
Raisecom

5 Raisecom#aaa accounting Configure the interval for sending Accounting Update packets. If
update period the interval is configured to 0, it indicates that no Accounting
Update packet is sent.
By default, the interval for sending Accounting Update packets is
configured to 0.
With the accounting begin packet, Accounting Update

packet, and accounting end packet, the RADIUS server
can record the access time and operations of each user.

1 Raisecom#show radius-server Show configurations of the RADIUS server.
13.3 Configuring TACACS+

Scenario
To control users accessing devices and network, you can deploy the RADIUS server in the
network to authenticate and account users. Compared with RADIUS, TACACS+ is more
secure and reliable. The RAX711-R can be used as a Proxy of the TACACS+ server to
authenticate users based on results returned by the TACACS+ server.
Prerequisite
N/A
13.3.2 Configuring TACACS+ authentication

1 Raisecom#tacacs-server[ backup ] ip-address Specify the IP address and port ID of
[ vpn-instance vpn-instance-name ] [ sourceip the TACACS+ authentication server.
source-ip-address ]
The backup parameter is used to
specify a backup TACACS+
authentication server.

306
Raisecom

2 Raisecom#tacacs-server key string Configure the shared key for
TACACS+ authentication.
The secret key can contain spaces.
3 Raisecom#user login { local-user | tacacs-user | Configure the authentication mode
local-tacacs | tacacs-local [ server-no- for login when TACACS+
response ] | local-radius | radius-local authentication is applied.
[ server-no-response ] | radius-user }
4 Raisecom#enable login { local-user | tacacs-user Configure the authentication mode
| local-tacacs | tacacs-local [ server-no- for entering privileged EXEC mode
response ] | local-radius | radius-local when TACACS+ authentication is
[ server-no-response ] | radius-user } applied.
13.3.3 Configuring TACACS+ accounting

1 Raisecom#aaa accounting login enable Enable TACACS+ accounting.
2 Raisecom#tacacs [ backup ] Configure the IP address of the TACACS+
accounting-server ip-address [ vpn- accounting server.
instance vpn-instance-name ]
[ sourceip source-ip-address ] If selecting the backup parameter, you will
configure the IP address of the backup TACACS+
accounting server.
3 Raisecom#aaa accounting fail Configure the policy for processing failed
{ offline | online } accounting.
4 Raisecom#aaa accounting update Configure the period for sending Accounting Update
period packets. If it is configured to 0, the system never
sends Accounting Update packets.

1 Raisecom#show tacacs-server Show configurations of the TACACS+ server.

307
Raisecom
13.4 Configuring Dot.1x

Scenario
Dot.1X is the abbreviation of IEEE 802.1X. It is an access control and authentication protocol
based on Client/Server. The main purpose is to solve the problem of access authentication for
WLAN users. The network space of the WLAN features openness and terminal mobility, so it
is difficult to define whether the terminal belongs to the network through the physical space.
Therefore, how to prevent illegal access by an external user through interface authentication is
a problem facing the wireless network. IEEE 802.1X, an authentication technology, is
designed to meet this demand.
The IEEE 802.1X protocol focuses only on the opening and closing of an interface. The
interface is opened for legitimate users who log in through an account and password. When an
unauthorized user accesses the interface or there is no user access, the interface is closed. The
result of the IEEE 802.1X authentication lies in the change of the interface status, and does
not involve the IP address negotiation and allocation that must be considered in the normal
authentication technology. It is the most simplified implementation scheme in various
authentication technologies.
The IEEE 802.1X architecture consists of three parts:
 Supplicant System applicant: the WLAN client-side host installed with the IEEE 802.1X
Client.
 Authenticator: a WLAN access device installed with an IEEE 802.1X authenticator.
 Authentication Server: it is usually deployed in the AAA center of the carrier and is an
IEEE 802.1X authentication service system.
Prerequisite
N/A
13.4.2 Configuring Dot.1x

2 Raisecom(config)#dot1x auth-mode Configure Dot.1x authentication mode, such as local
{ local | radius | tacacs+ | none } authentication, RADIUS authentication, TACACS+
authentication, and non-authentication.
By default, the Dot.1x authentication mode is
RADIUS.
3 Raisecom(config)#dot1x auth-method Configure Dot.1x authentication mode, such as EAP
{ pap | chap | eap } relay, CHAP termination, and PAP termination.
By default, the Dot.1x authentication mode is PAP.

308
Raisecom

4 Raisecom(config)#dot1x auth-type Configure Dot.1x authentication type, such as
{ port | mac } interface-based authentication and MAC address-
based authentication.
By default, the Dot.1x authentication mode is
interface-based authentication.
5 Raisecom(config)#dot1x auth timeout Configure the timeout of all Dot.1x packets.
timeout-value
By default, the timeout is 20s. The packets will be
retransmitted for 3 times after timeout.
6 Raisecom(config)#dot1x reauth Enable Dot.1x re-authentication and configure re-
interval interval-value authentication timer.
By default, the time of the re-authentication timer is
0s.
7 Raisecom(config)#dot1x keepalive Configure the timer which sends KeepAlive packets to
interval interval-value the Dot.1x client.
By default, the time of the timers is 60s.
9 Raisecom(config-port)#dot1x Enable Dot.1x.
{ enable | disable }
Configure a Client on the device as below.

2 Raisecom(config)#dot1x auth-mode Configure the Dot.1X authentication mode, including
{ local | radius | tacacs+ | none } local authentication, RADIUS authentication,
TACACS+ authentication, and non-authentication.
By default, the Dot.1X authentication mode is
RADIUS authentication.

1 Raisecom#show dot1x interface-type Show Dot.1x configurations of the interface.
interface-number
2 Raisecom#show dot1x interface-type Show Dot.1x authentication statistics of the
interface-number statistics interface.

309
Raisecom
13.5 Configuring URPF

Scenario
You can enable Unicast Reverse Path Forwarding (URPF) on the routing interface to avoid
network attacks which are based on source address spoofing. After it is enabled, the interface
will legally check the source address of the packet upon receiving the packet. If the packet
passes the legal check, the interface will match it with the forwarding table and then forward
it, otherwise, it will be discarded.
Prerequisite
N/A
13.5.2 Configuring URPF

3 Raisecom(config-port)#ip urpf { loose | Enable URPF on the interface.

strict } [ allow-default-route ]
13.6 Configuring port mirroring

Scenario
Port mirroring refers to mirroring packets of the specified mirroring port to the destination
port or aggregation group without affecting packet forwarding. With port mirroring, users can
monitor sending and receiving status of one or more interfaces for analyzing network status.
Prerequisite
N/A
13.6.2 Configuring port mirroring


310
Raisecom

2 Raisecom(config)#mirror-group group-id Create a port mirroring group.
3 Raisecom(config)#interface interface-type (Optional) enter interface configuration
interface-number mode and configure the interface as the
Raisecom(config-port)#mirror-group group-id monitoring port.
monitor-port
Raisecom(config)#interface port-channel (Optional) enter link aggregation
channel-number configuration mode and configure the
Raisecom(config-port-channel*)#mirror-group interface as the monitoring port.
group-id monitor-port
Raisecom(config-port-channel*)#exit
4 Raisecom(config)#interface interface-type (Optional) enter interface configuration
interface-number mode, configure the interface as the
Raisecom(config-port)#mirror-group group-id source interface, and configure the port
source-port [ ingress | egress ] mirroring rule. The packets in the
ingress, egress, or both directions on the
source interface can be mirrored.
Raisecom(config)#interface port-channel (Optional) enter link aggregation
channel-number configuration mode, configure the link
Raisecom(config-port-channel*)#mirror-group aggregation group as the source
group-id source-port [ ingress | egress ] interface, and configure the port
mirroring rule. The packets in the
ingress, egress, or both directions on the
source interface can be mirrored.

1 Raisecom#show mirror-group [ group-id ] Show basic information about port mirroring.
13.7 Configuring interface isolation

Scenario
To isolate Layer 2 data of interfaces in the same VLAN and provide physical isolation
between interfaces, you need to configure interface isolation.
By adding interfaces that need to be controlled to a VLAN protection group, you can enhance
network security and provide flexible networking scheme for users.
Interface isolation helps isolate interfaces in a VLAN, enhance network security, and provide
flexible networking schemes.
311
Raisecom
Prerequisite
N/A
13.7.2 Configuring interface isolation

3 Raisecom(config-port)#switchport protect Enable interface protection.

1 Raisecom#show switchport protect Show interface protection configurations.
13.8 Configuring CPU protection

Scenario
When the RAX711-R receives a great number of attack packets in a short period, the CPU
will run with full load and its utilization rate will reach to 100%, which may cause the
breakdown of the device. CPU CAR helps efficiently limit the rate of packets entering the
CPU.
Prerequisite
N/A
13.8.2 Configuring global CPU protection

2 Raisecom(config)#cpu-protect car Configure the protocol type, rate limiting mode,
{ arp | dhcp | global | icmp | igmp | CIR, and CBS of global CPU packet protection.
tcp } { kbps | pps } cir cir cbs cbs
By default, the CIR and CBS are respectively
configured to 500 pps and 500 kpt globally.

312
Raisecom
13.8.3 Configuring interface CPU preotection

3 Raisecom(config-port)#cpu-protect car Configure the CIR and CBS of Layer 3 physical
{ arp | dhcp | global | icmp | igmp | interface CPU packet protection.
By default, default configurations of CPU CAR are
adopted.
4 Raisecom(config)#portswitch Enter Layer 2 physical interface configuration
mode.
5 Raisecom(config-port)#cpu-protect car Configure CIR, and CBS of Layer 2 physical
{ arp | dhcp | global | icmp | igmp | interface CPU packet protection.
By default, CPU CAR default configurations are
adopted.

1 Raisecom#show cpu-protect car statistics Show interface CPU CAR statistics.
13.9 Configuring CPU monitoring

Scenario
CPU monitoring is used for monitoring task status, CPU utilization rate, and stack usage in
real time. It provides CPU utilization threshold alarm to facilitate discovering and eliminating
a hidden danger, helping the administrator locate the fault quickly.
Prerequisite
To output CPU monitoring alarms in a Trap form. You need to configure the IP address of
Trap target host on the RAX711-R, that is, the IP address of the NView NNM system.

313
Raisecom
13.9.2 Viewing CPU monitoring information

1 Raisecom#show cpu-utilization [ dynamic Show CPU utilization rate.

| history { 10min | 1min | 2hour |
5sec } ]
2 Raisecom#show process [ dead | sorted Show task status.
{ normal-priority | process-name } |
taskname ]
3 Raisecom#show process cpu [ sorted Show CPU utilization rate of all tasks.
[ 10min | 1min | 5sec | invoked ] ]
13.9.3 Configuring CPU monitoring alarm

2 Raisecom(config)#cpu rising-threshold (Optional) configure the upper CPU threshold
rising-threshold-value and lower CPU threshold.
The upper CPU threshold must be greater than
the lower CPU threshold.
By default, the upper CPU threshold is 100%
3 Raisecom(config)#cpu falling-threshold (Optional) configure lower CPU threshold.
falling-threshold-value
By default, the lower CPU threshold is 1%.
4 Raisecom(config)#cpu interval interval- (Optional) configure CPU sampling interval.
value
By default, the sampling interval is configured to
60s.
13.9.4 Checking configruations

1 Raisecom#show cpu-utilization Show CPU utilization rate and related configurations.
13.10 Configuring memory monitoring

Scenario
The RAM utilization monitoring can be used for monitoring the RAM utilization in real time.
It provides CPU utilization threshold alarm to facilitate discovering and eliminating a hidden
danger, helping the administrator locate the fault quickly.
314
Raisecom
Prerequisite
To output RAM utilization rate monitoring alarms in the form of a Trap. You need to
configure the IP address of the Trap target host on the RAX711-R, that is, the IP address of
the NMS.
13.10.2 Configuring memory monitoring

1 Raisecom#memory utilization threshold Configure the upper alarm threshold of RAM
threshold-value utilization rate.
By default, the threshold is 70, which means 70%.
2 Raisecom#memory utilization monitor Enable memory monitoring utilization rate.
enable
13.10.3 Checking configruations

1 Raisecom#show memory [ utilization Show CPU utilization rate.
threshold ]
13.11 Maintenance
Command Description
Raisecom(config)#clear filter statistics Clear statistics of the filter.

13.12.1 Example for configuring storm control
As shown in Figure 13-1, to prevent the iTN A from being affected by broadcast, you need to
configure storm control on the iTN A to limit broadcast and unknown unicast with the
threshold being set to 2000pps.

315
Raisecom
Figure 13-1 Configuring strom control
Configuration steps
Configure storm control on iTN A.
Raisecom#config
Raisecom(config-port)#storm-control broadcast enable
Raisecom(config-port)#storm-control broadcast enable
Raisecom(config)#storm-control pps 2000
Actual Storm control pps: 2000 pps
Checking results
Use the show storm-control interface command to show whether the configuration is right
or not.
Raisecom#show storm-control interface
Threshold: 2000 pps
Threshold: 2000 pps
Interface Broadcast Multicast Unicast
----------------------------------------------------------------
gigaethernet1/1/1 Enable Disable Disable
13.12.2 Example for configuring RADIUS
As shown in Figure 13-2, to control users accessing iTN A, you need to deploy RADIUS
authentication and accounting features on iTN A to authenticate users logging in to iTN A and
record their operations.
316
Raisecom
Set the interval for sending Accounting Update packet to 2min. Set the processing policy for
accounting failure to offline.
Figure 13-2 Configuring RADIUS
Configuration steps
Step 1 Authenticate login users through RADIUS.
Raisecom#radius 192.168.1.1
Raisecom#radius-key raisecom
Raisecom#user login radius-user
Step 2 Account login users through RADIUS.
Raisecom#aaa accounting login enable

Raisecom#radiusaccounting-server 192.168.1.1
Raisecom#radius accounting-server key raisecom
Raisecom#aaa accounting fail offline
Raisecom#aaa accounting update 120
Checking results
Use the show radius-server command to show RADIUS configurations.
Raisecom#show radius-server
Authentication server IP: 192.168.1.1 port:1812
Backup authentication server IP:0.0.0.0 port:1812
Authentication server key: raisecom
Accounting server IP: 192.168.1.1 port:1813
Backup accounting server IP: 0.0.0.0 port:1813
Accounting server key: raisecom
Accounting login: enable
Update interval(min.): 120
Accounting fail policy: offline

317
Raisecom
13.12.3 Example for configuring TACACS+
As shown in Figure 13-3, to control users accessing iTN A, you need to deploy TACACS+
authentication on iTN A to authenticate users logging in to iTN A.
Figure 13-3 Configuring TACACS+
Configuration steps
Authenticate login users through TACACS+.
Raisecom#tacacs-server 192.168.1.1
Raisecom#tacacs-serverkey raisecom
Raisecom#user login tacacs-user
Checking results
Use the show tacacs-server command to show TACACS+ configurations.
Raisecom#show tacacs-server
Server Address: 192.168.1.1
Backup Server Address: --
Sever Shared Key: raisecom
Accounting server Address: --
Backup Accounting server Address: --
Total Packet Sent: 0
Total Packet Recv: 0
Num of Error Packets: 0

318
Raisecom
RAX711-R (B) Configuration Guide 14 QoS
14 QoS
This chapter describes principles and configuration procedures of QoS, as well as related
 Configuring ACL
 Configuring priority trust and priority mapping
 Configuring traffic classification and traffic policy
 Configuring congestion avoidance and queue shaping
 Configuring rate limiting
 Configuring MPLS QoS
 Configuring MPLS H-QoS
14.1 Configuring ACL

Scenario
To filter data packets, the device needs to be configured with ACL to identify data packets to
be filtered. Devices allow/disallow related data packets to pass based on pre-configured
policies unless they identify specified data packets.
Prerequisite
N/A
14.1.2 Configuring ACL

Select steps 3–7 as required.


319
Raisecom

2 Raisecom(config)#access-list acl-number Create an ACL and enter ACL
configuration mode.
The value of acl-number parameter
defines the type of ACL configuration
mode.
 Values 1000–0999: basic IP ACL
 Values 2000–2999: extended IP
ACL
 Values 3000–3999: MAC ACL
 Values 4000–4999: MPLS ACL
 Values 5000–5999: MAP ACL
3 Raisecom(config-acl-ipv4-basic)#rule [ rule-id ] (Optional) configure the basic IP

{ deny | permit } { source-ip-address source-ip- ACL rule.
mask | any }
4 Raisecom(config-acl-ipv4-advanced)#rule [ rule- (Optional) configure the extended IP
id ] { deny | permit } { protocol-id | icmp | ACL rule.
igmp | ip } { source-ip-address source-ip-mask |
any } { destination-ip-address destination-ip-
mask | any } [ dscp dscp-value ] [ ttl ttl-
value ]
Raisecom(config-acl-ipv4-advanced)#rule [ rule-
id ] { deny | permit } { tcp | udp } { source-
ip-address source-ip-mask | any } [ source-
port ]{ destination-ip-address destination-ip-
mask | any } [ destination-port ] [ dscp dscp-
value ] [ ttl ttl-value ]
5 Raisecom(config-acl-mac)#rule [ rule-id ] { deny (Optional) configure the MAC ACL
| permit } { source-mac-address source-mac-mask rule.
| any } { destination-mac-address destination-
mac-mask | any } [ ethertype { ethertype
[ ethertype-mask ] | ip | arp } ] [ svlan
svlanid svlan-cos svlan-cos ] [ cvlan cvlanid
cvlan-cos cvlan-cos ]
6 Raisecom(config-acl-mpls)#rule [ rule-id ] (Optional) configure the MPLS ACL
{ deny | permit } label { label-value | any } rule.
[ exp exp-value ] [ ttl ttl-value ] [ second-
label { label-value | any } [ second-exp exp-
value ] [ second-ttl ttl-value ] ] [ third-label
{ label-value | any } [ third -exp exp-value ]
[ third -ttl ttl-value ] ]
7 Raisecom(config-acl-map)#rule [ rule-id ] { deny (Optional) configure the MAP ACL
| permit } [ source-mac source-mac-address rule.
source-mac-mask ] [ dest-mac destination-mac-
address destination-mac-mask ] [ ethertype
{ ethertype [ ethertype-mask ] | ip | arp } ]
[ svlan svlanid svlan-cos svlan-cos ] [ cvlan
cvlanid cvlan-cos cvlan-cos ] rule-string rule-
mask offset
8 Raisecom(config)#access-list copy dest-acl- Copy to generate the same ACL.
number source-acl-number

320
Raisecom
14.1.3 Configuring filter

2 Raisecom(config)#interface interface-type Enter interface configuration
3 Raisecom(config-port)#filter { ingress | egress } Apply the ACL to the interface.
access-list acl-number [ statistics ]
The ACL rule on the interface
cannot be changed and the
number of the rule should be over
0.

1 Raisecom#show access-list [ acl-number ] Show information about ACL.
2 Raisecom#show acl resource Show information about ACL
resource.
3 Raisecom#show filter interface Show information about filter.
Raisecom#show filter interface interface-type
interface-number [ ingress | egress ]
Raisecom#show filter interface interface-type
interface-number [ ingress | egress ] [ access-list
acl-number ]
14.2 Configuring priority trust and priority mapping

Scenario
For packets from upstream devices, you can select to trust the priorities taken by these packets.
For packets whose priorities are not trusted, you can process them with traffic classification
and traffic policy. In addition, you can modify DSCP priorities by configure interface-based
DSCP priority remarking. After configuring priority trust, the RAX711-R can perform
different operations on packets with different priorities, providing related services.
Before performing queue scheduling, you need to assign a local priority for a packet. For
packets from the upstream device, you can map the outer priorities of these packets to various
local priorities. In addition, you can directly configure local priorities for these packets based
on interfaces. And then device will perform queue scheduling on these packets basing on local
priorities.

321
Raisecom
In general, for IP packets, you need to configure the mapping between DHCP priority and
local priority. For VLAN packets, you need to configure the mapping between CoS priority
and local priority. For MPLS packets, you need to configure the mapping between the Exp
field and the local priority.
Prerequisite
N/A
14.2.2 Configuring priority trust

interface-number
3 Raisecom(config-port)#mls qos trust { cos | Configure the priority trusted by an
dscp } interface.
By default, the Layer 2 interface trusts
the CoS priority and the Layer 3
interface trusts the DHCP priority.
4 Raisecom(config-port)#mls qos priority Configure the interface priority.
untagged priority
14.2.3 Configuring mapping between DSCP priority and local

priority based on interface
2 Raisecom(config)#mls qos mapping dscp-to- Create the DSCP-to-local priority (color)
local-priority profile-id mapping profile and enter dscp-to-pri
configuration mode.
3 Raisecom(dscp-to-pri)#dscp dscp-value to Configure mapping between the DSCP
local-priority localpri-value [ color priority and local priority (color).
{ green | red | yellow } ]
4 Raisecom(dscp-to-pri)#exit Exit dscp-to-pri configuration mode.
Raisecom(config)#interface interface-type
interface-number
Enter interface configuration mode.
5 Raisecom(config-port)#mls qos dscp-to-local- Apply the DSCP-to-local priority (color)
priority profile-id mapping profile to an interface.

322
Raisecom
14.2.4 Configuring mapping between CoS priority and local priority

based on interface
2 Raisecom(config)#mls qos mapping cos-to- Create the CoS-to-local priority (color)
local-priority profile-id mapping profile and enter cos-to-pri
configuration mode.
3 Raisecom(dscp-to-pri)#cos cos-value to Configure mapping between the CoS
local-priority localpri-value [ color priority and local priority (color).
4 Raisecom(dscp-to-pri)#exit Exit cos-to-pri configuration mode.
interface-number
5 Raisecom(config-port)#mls qos cos-to-local- Apply the CoS-to-local priority (color)
priority profile-id mapping profile to an interface.
14.2.5 Configuring mapping between Exp and local priority

2 Raisecom(config)#mls qos mapping exp-to- Create the Exp-to-local priority (color)
local-priority profile-id mapping profile and enter exp-to-pri
configuration mode.
3 Raisecom(dscp-to-pri)#exp exp-value to Configure mapping between the Exp and
local-priority localpri-value [ color local priority (color).
14.2.6 Configuring DSCP priority remarking

2 Raisecom(config)#mls qos mapping dscp- Create the DSCP remarking profile and
mutation profile-id enter dscp-mutation configuration mode.
3 Raisecom(dscp-to-pri)#dscp dscp-value to Remark the DSCP priority of specified
new-dscp dscp-value packets.
4 Raisecom(dscp-to-pri)#exit Exit dscp-mutation configuration mode.
interface-number
5 Raisecom(config-port)#mls qos dscp-mutation Apply the DSCP remarking profile to an
profile-id interface.

323
Raisecom
14.2.7 Configuring CoS priority remarking

2 Raisecom(config)#mls qos mapping cos-remark Create the CoS remarking profile and enter
profile-id dscp-remark configuration mode.
3 Raisecom(dscp-to-pri)#local-priority Configure the mapping between the local
localpri-value to cos cos-value priority and CoS priority.
4 Raisecom(dscp-to-pri)#exit Exit cos-remark configuration mode.
interface-number
5 Raisecom(config-port)# mls qos cos-remark- Enable local priority-to-CoS mapping.
mapping enable
6 Raisecom(config-port)#mls qos cos-remark Apply the CoS remarking profile to an
profile-id interface.
14.2.8 Configuring Exp remarking

2 Raisecom(config)#mls qos mapping local- Create the local priority-to-Exp mapping
priority-to-exp profile-id profile and enter pri-to-exp configuration
mode.
3 Raisecom(dscp-to-pri)#local-priority Configure the mapping between the local
localpri-value to exp exp-value priority and Exp.

1 Raisecom#show mls qos mapping dscp-to-local- Show information about the DSCP-to-
priority [ default | profile-id ] local priority (color) mapping profile.
2 Raisecom#show mls qos mapping cos-to-local- Show information about the CoS-to-local
priority [ default | profile-id ] priority (color) mapping profile.
3 Raisecom#show mls qos mapping exp-to-local- Show information about the Exp-to-local
priority [ default | profile-id ] priority (color) mapping profile.
4 Raisecom#show mls qos mapping dscp-mutation Show information about the DSCP
[ default | profile-id ] remarking profile.
5 Raisecom#show mls qos mapping cos-remark Show information about the CoS
[ default | profile-id ] remarking profile.

324
Raisecom

6 Raisecom#show mls qos mapping local-priority- Show information about the local
to-exp [ default | profile-id ] priority-to-Exp mapping profile.
7 Raisecom#show mls qos interface [ interface- Show QoS information on the interface.
type interface-number ]
14.3 Configuring traffic classification and traffic policy

Scenario
Traffic classification is the basis of QoS. For packets from upstream devices, you can classify
them according to ACL rules. After traffic classification, the device can provide related
operations for different packets, providing differentiated services.
After configurations, the traffic classification cannot take effect until being bound to traffic
policy. The selection of traffic policy depends on the packet status and current network load
status. In general, when a packet is sent to the network, you need to limit the speed according
to Committed Information Rate (CIR) and remark the packet according to the service feature.
Prerequisite
N/A
14.3.2 Creating and configuring traffic classification

2 Raisecom(config)#class-map class-map-name Create traffic classification and enter
CMAP configuration mode.
3 Raisecom(config-cmap)#match acl acl-number Define the ACL matched with the traffic
classification. ACL rules cannot be
modified once they are applied to the
interface. The number of ACL rules must
be greater than 0.
14.3.3 Creating and configuring traffic policing profile

To perform traffic policing on packets, you need to configure traffic policing profile and then
quote this profile under the traffic classification, which is bound to traffic policy.
On the traffic policing profile, you can configure traffic policing rules or perform relate
operations on specified packets based on the color.

325
Raisecom
The single bucket does not support the color-sensitive mode or commands with the yellow
key word.

2 Raisecom(config)#mls qos policer-profile Create the traffic policing profile and enter
policer-name single traffic policing profile configuration mode.
3 Raisecom(traffic-policer)#drop-color (Optional) discard packets with specified
{ red | yellow } * color.
4 Raisecom(traffic-policer)#set-cos { green (Optional) configure the mapping between
green-value | red red-value | yellow packet color and CoS priority.
yellow-value } *
5 Raisecom(traffic-policer)#set-dscp (Optional) configure the mapping between
{ green green-value | red red-value | packet color and DHCP priority.
yellow yellow-value } *
6 Raisecom(traffic-policer)#set-pri { green (Optional) configure the mapping between
green-value | red red-value | yellow packet color and local priority.
yellow-value } *
7 Raisecom(traffic-policer)#recolor (Optional) re-color the packet.
{ green-recolor { red | yellow } | red-
recolor { green | yellow } | yellow- QoS use the CAR to classify and color the
recolor { green | red } } * packet. The downstream network can accept
the color result of the upstream network or re-
color the packet based on its classification
standard.
8 Raisecom(traffic-policer)#cir cir cbs cbs (Optional) configure rate limiting parameters.
[ ebs ebs ]
Raisecom(traffic-policer)#cir cir cbs cbs
eir eir ebs ebs [ coupling ]
Raisecom(traffic-policer)#cir cir cbs cbs
pir pir pbs pbs
14.3.4 Creating and configuring traffic policy

Steps 5–10 are coordinate. You can select one as required.

2 Raisecom(config)#policy-map policy-map- Create a traffic policy and enter PMAP
name configuration mode.

326
Raisecom

3 Raisecom(config-pmap)#class-map class- Add the traffic classification to the traffic policy
map-name and enter CMAP configuration mode.
The traffic classification, bound with the

traffic policy, must be based on at least one
rule. Otherwise, the binding operation fails.
When the traffic policy is applied to an
interface, you cannot delete the bound
traffic classification or modify its
configuration.
One traffic classification can be applied to
multiple traffic policies.
4 Raisecom(config-pmap-c)#police policer- Import a traffic policing profile (policer) into the
name traffic policy.
5 Raisecom(config-pmap-c)#set { cos cos- (Optional) configure packet remarking.
value | ip dscp ip-dscp-value | local-
priority value }
Raisecom(config-pmap-c)#set { inner-
vlan inner-vlan-id | vlan vlan-id }
6 Raisecom(config-pmap-c)#add outer-vlan (Optional) configure the VLAN ID of the added
vlan-id outer VLAN Tag.
7 Raisecom(config-pmap-c)#redirect-to (Optional) configure the redirection rule to
interface-type interface-number forward matched packets through the specified
interface.
8 Raisecom(config-pmap-c)#copy-to-mirror (Optional) copy the traffic to the mirroring
group-id monitoring group.
9 Raisecom(config-pmap-c)#forward-to-cpu (Optional) forward traffic to the CPU.
10 Raisecom(config-pmap-c)#statistics (Optional) enable traffic statistics.
enable
11 Raisecom(config-pmap-c)#exit Exit CMAP configuration mode.
Raisecom(config-pmap)#exit
Raisecom(config)#interface interface-
Exit PMAP configuration mode.
type interface-number Enter interface configuration mode.
12 Raisecom(config-port)#service-policy Apply the traffic policy to an interface.
{ ingress | egress } policy-map-name

1 Raisecom#show class-map [ class-map-name ] Show traffic classification
information.
2 Raisecom#show mls qos policer-profile [ policer- Show traffic policing rules.
name ]

327
Raisecom

3 Raisecom#show policy-map [ policy-map-name ] [ class Show traffic policy information.
class-map-name ]
4 Raisecom#show service-policy interface Show information about applied
Raisecom#show service-policy interface interface- policies.
type interface-number [ egress | ingress ]
5 Raisecom#show service-policy statistics interface Show statistics about applied
interface-type interface-number { egress | ingress } traffic policies.
policy-map policy-map-name [ class-map class-map-
name ]
14.4 Configuring congestion avoidance and queue shaping

Scenario
To prevent network congestion from occurring and to resolve TCP global synchronization,
you can configure congestion avoidance to adjust the network traffic and resolve network
overload. The RAX711-R supports WRED-based congestion avoidance.
When the interface speed of downstream devices is smaller than the one of upstream devices,
congestion avoidance may occur on interfaces of downstream devices. At this time, you can
configure queue and traffic shaping on the egress interface of upstream devices to shape
upstream traffic.
Prerequisite
N/A
14.4.2 Configuring WRED profile

2 Raisecom(config)#mls qos wred profile Create the WRED profile and enter WRED
profile-id profile configuration mode.
3 Raisecom(wred)#wred [ color { green | red Configure WRED profile information.
| yellow } ] start-drop-threshold start-
drop end-drop-threshold end-drop max- For non-TCP packets, it does not distinguish
drop-probability max-drop the color. You need to configure the wred
start-drop-threshold/wred color green
parameter.

328
Raisecom
14.4.3 Configuring flow profile

2 Raisecom(config)#mls qos flow-queue profile Create a flow profile and enter flow profile
flow-profile-id configuration mode.
3 Raisecom(flow-queue)#scheduler { drr| wrr } Configure the queue scheduling policy.
By default, it is configured to DRR.
4 Raisecom(flow-queue)#queue queue-id [ weight Configure the queue, weight, shaping, and
weight-value ] [ shaping cir cir-value [ cbs WRED information of the flow profile. If
cbs-value ] pir pir-value [ pbs pbs- no weight is configured, SP scheduling
value ] ] [ wred profile profile-id ] mode is adopted.
5 Raisecom(flow-queue)#exit Exit flow profile configuration mode.
interface-number
6 Raisecom(config-port)# mls qos flow-queue Apply the flow profile to an interface.

profile-id
14.4.4 Configuring queue shaping

interface-number
3 Raisecom(config-port)#mls qos shaping Configure queue shaping for queues of the
{ ingress | egress } pir pir-value [ pbs interface.
pbs-value ]

1 Raisecom#show mls qos wred profile [ profile- Show WRED profile configurations.
list ]
2 Raisecom#show mls qos flow-queue profile Show flow profile configurations.
flow-profile-list
3 Raisecom#show mls qos queue interface Show interface queue information.
4 Raisecom#show mls qos shaping interface Show queue shaping information.
[ interface-type interface-number [ ingress |
egress ] ]
5 Raisecom#show mls qos queue statistics Show queue statistics of the interface.
interface interface-type interface-number

329
Raisecom
14.5 Configuring rate limiting

Scenario
To avoid/remit network congestion, you can configure interface-based rate limiting. Rate
limiting is used to make packets transmitted at a relative average speed by controlling the
burst traffic on an interface.
Prerequisite
N/A
14.5.2 Configuring interface-based rate limiting

interface-number
3 Raisecom(config-port)#rate-limit { egress | Configure interface-based rate limiting.
ingress } cir cir-value cbs cbs-value pir
pir-value pbs pbs-value
 By default, no interface-based rate limiting is configured.

 Adopt the drop processing mode for packets on the ingress interface, if they
exceed the configured rate limit.
 When you configure the rate limit and burst value for an interface, if the
configured rate limit is smaller than 256 kbit/s, the burst value should not be
much greater. Otherwise, packets may be inconsecutive.
 When the rate limit is too small, we recommend that the burst value is 4 times
greater than then rate limit. If packets are inconsecutive, reduce the burst value
or increase the rate limit.
 Rate limiting packet loss ratio of the egress interface will be included in the one
of the ingress interface.

1 Raisecom#show rate-limit interface Show interface-based rate limiting.
Raisecom#show rate-limit interface
interface-type interface-number [ ingress |
egress ]

330
Raisecom
14.6 Configuring MPLS QoS

Scenario
The MPLS-TP QoS technology is used to ensure the instantaneity and integrity of services
when the MPLS network is overloaded or congested. In addition, it is used to ensure the
whole MPLS-TP network to run efficiently.
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical layer
Up.
14.6.2 Configuring LSP QoS

2 Raisecom(config)#interface tunnel interface- Enter Tunnel interface configuration
number mode.
3 Raisecom(config-tunnel)#bandwidth car [ cir cir- Configure the LSP bandwidth.
value pir pir-value ]
4 Raisecom(config-tunnel)#traffic-statistics Enable LSP statistics.
enable
5 Raisecom(config-tunnel)#diffserv-mode { pipe Configure the Tunnel differential
exp-value | uniform [ local-priority-to-exp service mode.
profile-id ] }
6 Raisecom(config-tunnel)#exit Exit Tunnel interface configuration
Raisecom(config)#mpls static-lsp egress lsp-name mode.
diffserv-mode { pipe exp-value [ exp-to-local- Configure Egress differential service
priority profile-id ] | uniform [ exp-to-local- mode.
priority profile-id ] }
14.6.3 Configuring PWE3 QoS

2 Raisecom(config)#interface interface-type interface- Enter interface configuration
number mode.
3 Raisecom(config-port)#mode l2 Enter L2 mode.
3 Raisecom(config-port)#mpls l2vpn pw bandwidth car Configure PWE3 applied
[ cir cir-value pir pir-value ] [ backup ] bandwidth.

331
Raisecom

5 Raisecom(config-port)#mpls l2vpn pw traffic- Enable PW statistics.
statistics enable
6 Raisecom(config-port)#mpls l2vpn pw diffserv-mode Configure the PWE3 differential
{ pipe exp-value [ exp-to-local-priority profile- service mode.
id ] | uniform [ exp-to-local-priority profile-id ]
[ local-priority-to-exp profile-id ] } [ backup ]
14.6.4 Configuring VPLS QoS

2 Raisecom(config)#mpls vsi vsi-name static Create a VSI and enter VSI
configuration mode.
3 Raisecom(config-vsi)#mpls peer peer-ip-address Configure VPLS applied bandwidth.
vc-id vc-id bandwidth car [ cir cir-value pir
pir-value ] [ backup ]
4 Raisecom(config-vsi)#traffic-statistics [ peer Enable VPLS statistics.
peer-ip-address vc-id vc-id ] enable
5 Raisecom(config-vsi)#diffserv-mode { pipe exp- Configure VPLS differential service
value [ exp-to-local-priority profile-id ] | mode.
uniform [ exp-to-local-priority profile-id ]
[ local-priority-to-exp profile-id ] }
14.6.5 Configuring L3VPN QoS

To avoid or alleviate network congestion, you can configure L3VPN QoS.

2 Raisecom(config)#ip vrf vrf-name Create a VRF and enter VRF
configuration mode.
3 Raisecom(config-vrf)#bandwidth car [ cir cir-value Configure the bandwidth limit
pir pir-value ] peer ip-address based on the peer.
4 Raisecom(config-vrf)#traffic-statistics enable Enable L3VPN VRF statistics.
5 Raisecom(config-vrf)#diffserv-mode { pipe exp-value Configure the L3VPN differential
[ exp-to-local-priority profile-id ] | uniform service mode.
[ exp-to-local-priority profile-id ] [ local-
priority-to-exp profile-id ] }
6 Raisecom(config-vrf)#ttl { pipe | uniform } Configure the TTL mode.
By default, it is configured to
Pipe mode.

332
Raisecom

1 Raisecom#show mpls te traffic-statistics tunnel Show LSP statistics.
unit/slot/port
2 Raisecom#show mpls l2vpn pw traffic-statistics Show PW statistics.
interface-type interface-number [ backup ]
3 Raisecom#show mpls vsi traffic-statistics vsi-name Show VPLS statistics.
[ peer peer-ip-address vc-id vc-id ]
4 Raisecom#show vrf traffic-statistics vrf-name Show VPLS statistics.
14.7 Configuring MPLS H-QoS

Scenario
H-QoS is generally used under the conditions which require distinguishing services, users,
and user groups. For example,
 User services are divided into voice and Internet services. Users are divided into
department manager and employees. User groups are divided into president office and
property management department. All services are accessed to the upper network
through one interface.
 Through H-QoS, all services in the president office can be prioritized, all services of the
manager in the president office can be prioritized, and all voice services of the manager
in the president office can be prioritized.
Prerequisite
MPLS QoS CAR and MPLS H-QoS conflict with each other. Make sure that the device is not
configured with MPLS QoS CAR before configuring H-QoS.
14.7.2 Configuring H-QoS of LSP

2 Raisecom(config)#interface tunnel interface- Enter Tunnel interface configuration
number mode.
3 Raisecom(config-tunnel)#bandwidth hqos [ cir Configure LSP hierarchical
cir-value pir pir-value ] [ weight weight- bandwidth.
value ]
4 Raisecom(config-tunnel)#traffic-statistics Enable LSP statistics.
enable

333
Raisecom

5 Raisecom(config-tunnel)#diffserv-mode { pipe Configure the differential service
exp-value | uniform [ local-priority-to-exp mode of Tunnel.
profile-id ] }
6 Raisecom(config-tunnel)#exit Exit Tunnel interface configuration
Raisecom(config)#mpls static-lsp egress lsp-name mode.
diffserv-mode { pipe [ exp-to-local-priority
profile-id ] | uniform [ exp-to-local-priority Configure the differential service
profile-id ] } mode of egress.
14.7.3 Configuring H-QoS of PWE3

Configure the RAX711-R as below. Make sure that the corresponding interfaces are
configured with the following services before configuring H-QoS of PWE3.
 The interface should be in the routed mode. By default, it is in the routed mode. If the
interface is configured to the switch mode, use the no portswitch command to switch the
interface to routed mode.
 Use the mode l2 command to enter L2VPN mode to access L2VPN services.
2 Raisecom(config)#interface interface-type interface- Enter interface configuration
number mode.
3 Raisecom(config-port)#mpls l2vpn pw bandwidth hqos Configure the PWE3 bandwidth
[ cir cir-value pir pir-value ] [ weight weight- template.
value ] [ flow-queue queue-number ]
4 Raisecom(config-port)#mpls l2vpn pw traffic- Enable PW statistics.
statistics enable [ backup ]
5 Raisecom(config-port)#mpls l2vpn pw diffserv-mode Configure the differential
{ pipe exp-value [ exp-to-local-priority profile- service mode of PWE3.
id ] | uniform [ exp-to-local-priority profile-id ]
[ local-priority-to-exp profile-id ] }
14.7.4 Configuring H-QoS of VPLS.

1 Raisecom#config Enter global configuration mode
2 Raisecom(config)#mpls vsi vsi-name static Creat a VSI and enter VSI
configuration mode.
3 Raisecom(config-vsi)#mpls peer peer-ip-address [ vc- Configure a VPLS flow
id vc-id ] bandwidth hqos [ cir cir-value pir pir- template.
value ] [ weight weight-value ] [ flow-queue queue-
number ]
4 Raisecom(config-vsi)#traffic-statistics [ peer peer- Enable VPLS statistics.
ip-address [ vc-id vc-id ] ] enable

334
Raisecom

1 Raisecom#show mpls te tunnel Show LSP H-QoS configurations.
2 Raisecom#show mpls l2vc Show PWE3 H-QoS configurations.
3 Raisecom#show mpls vsi detail Show VPLS H-QoS configurations.

14.8.1 Example for configuring ACL
As shown in Figure 14-1, to control users accessing the server, you can deploy ACL on iTN A
to disallow 192.168.1.1 to access 192.168.1.100.
Figure 14-1 Configuring ACL
Configuration steps
Step 1 Configure IP ACL.
Raisecom#config
Raisecom(config)#access-list 2001
Raisecom(config-acl-ipv4-advanced)#rule 1 deny ip 192.168.1.1
255.255.255.0 192.168.1.100 255.255.255.0
Step 2 Apply the ACL to interface GE 1/2/1 of iTN A.

Raisecom(config-port)#filter ingress access-list 2001

335
Raisecom
Checking results
Use the show access-list command to show IP ACL configurations.
Raisecom#show access-list 2001

advanced-ipv4 ACL 2001, 1 rules
ACL's step is 10
rule 1 deny ip 192.168.1.1 255.255.255.0 192.168.1.100 255.255.255.0
Use the show filter command to show filter configurations.
Raisecom#show filter interface gigaethernet 1/2/1

Interface Direction Acl-Num
-----------------------------------------
gigaethernet1/2/1 ingress 2001
14.8.2 Example for configuring traffic policying based on traffic

policy
As shown in Figure 14-2, User A, User B, and User C are respectively connected to the
RAX711-R through Router A, Router B, and Router C.
User A transmits voice and video services; User B transmits voice, video, and data services;
User C transmits video and data services.
According to users' requirements, make following rules:
 For User A, provide 25 Mbit/s bandwidth; set the burst traffic to 100B, and discard the
redundant traffic.
 For User B, provide 35 Mbit/s bandwidth; set the burst traffic to 100 KB, and discard the
redundant traffic.
 For User C, provide 30 Mbit/s bandwidth; set the burst traffic to 100 KB, and discard the
redundant traffic.

336
Raisecom
Figure 14-2 Configuring rate limiting based on traffic policy
Configuration steps
Step 1 Create and configure traffic classification.
Raisecom#config
Raisecom(config-acl-ipv4-basic)#rule 1 permit 1.1.1.1 255.255.255.0
Raisecom(config-acl-ipv4-basic)#exit
Raisecom(config)#class-map usera
Raisecom(config-cmap)#match acl 1001
Raisecom(config-cmap)#exit
Raisecom(config)#class-map userb
Raisecom(config)#class-map userc
Step 2 Create traffic policing profiles and configure traffic policing rules.
Raisecom(config)#mls qos policer-profile usera single

Raisecom(traffic-policer)#cir 25000 cbs 100
Raisecom(traffic-policer)#drop-color red
Raisecom(traffic-policer)#exit

337
Raisecom
Raisecom(config)#mls qos policer-profile userb single

Raisecom(config)#mls qos policer-profile userc single
Step 3 Create and configure traffic policies.
Raisecom(config)#policy-map usera
Raisecom(config-pmap)#class-map usera
Raisecom(config-pmap-c)#police usera
Raisecom(config-pmap-c)#exit
Raisecom(config-port)#service-policy ingress usera
Raisecom(config)#policy-map userb
Raisecom(config-pmap)#class-map userb
Raisecom(config-pmap-c)# police userb
Raisecom(config-port)#service-policy ingress userb
Raisecom(config)#policy-map userc
Raisecom(config-pmap)#class-map userc
Raisecom(config-pmap-c)#police userc
Raisecom(config-port)#service-policy ingress userc
Checking results
Use the show class-map command to show traffic classification configurations.
Raisecom#show class-map usera

Class Map usera (id 0) (ref 1)
Match acl 1001
Raisecom#show class-map userb
Class Map userb (id 1) (ref 1)
Match acl 1002
Raisecom#show class-map userc
Class Map userb (id 2) (ref 0)
Match acl 1003

338
Raisecom
Use the show mls qos policer-profile command to show traffic policing rule configurations.
Raisecom#show mls qos policer-profile
single-policer: 123 mode:flow color:blind

cir: 0 kbps cbs: 0 kB
single-policer: po mode:flow color:blind

red drop
single-policer: test2 mode:flow color:blind

single-policer: user mode:flow color:blind

single-policer: user0a mode:flow color:blind

single-policer: usera mode:flow color:blind

red drop
Use the show policy-map command to show traffic policy configurations.
Raisecom#show policy-map usera

Policy Map usera
Class-map usera
police usera
Raisecom#show policy-map userb
Policy Map userb
Class-map userb
police userb
Raisecom#show policy-map userc
Policy Map userc
Class-map userc
police userc
14.8.3 Example for configuring queue scheduling and congestion

avoidance
As shown in Figure 14-3, User A transmits voice and video services; User B transmits voice,
video, and data services; User C transmits video and data services.
CoS priorities for voice, video and, data services are configured with 5, 4, and 2 respectively.
And these three CoS priorities are mapped to local priorities 6, 5, and 2 respectively.

339
Raisecom
Make following rules based on service types.

 Perform SP scheduling on voice service to ensure that the traffic is first transmitted.
 Perform WRR scheduling on video service and set the weight to 50.
 Perform WRR scheduling on data service and set the weight to 20. In addition, you need
to set the drop threshold to 50 to avoid network congestion caused by too large burst
traffic.
Figure 14-3 Configuring queue scheduling and congestion avoidance
Configuration steps
Step 1 Create a WRED profile.
Raisecom#config
Raisecom(config)#mls qos wred profile 1
Raisecom(wred)#wred start-drop-threshold 50 end-drop-threshold 90 max-
drop-probability 60
Raisecom(wred)#exit
Step 2 Configure the priority trust and congestion avoidance on interfaces.
Raisecom(config)#mls qos flow-queue profile 6

Raisecom(flow-queue)#scheduler wrr
Raisecom(flow-queue)#queue 6 weight 50
Raisecom(flow-queue)#queue 3 weight 20 wred profile 1
Raisecom(flow-queue)#exit
Raisecom(config-port)# mls qos flow-queue 6
Raisecom(config-port)#mls qos trust cos

340
Raisecom
Step 3 Configure the mapping between the CoS priority and local priority.
Raisecom(config)#mls qos mapping cos-to-local-priority 1

Raisecom(cos-to-pri)#cos 5 to local-priority 6
Raisecom(cos-to-pri)#exit
Raisecom(config)#interface interface gigaethernet 1/2/1
Raisecom(config-port)#mls qos cos-to-local-priority 1
Raisecom(config-port)#interface interface gigaethernet 1/2/2
Raisecom(config-port)#interface interface gigaethernet 1/2/3
Checking results
Use the show mls qos mapping cos-to-local-priority command to show mapping
configurations on specified priorities.
Raisecom#show mls qos mapping cos-to-local-priority

G:GREEN
Y:Yellow
R:RED
cos-to-localpriority(color)
Index Description CoS: 0 1 2 3 4 5 6 7
-------------------------------------------------------------------------
1 localpri(color): 0(G) 1(G) 2(G) 3(G) 5(G) 6(G) 6(G) 7(G)
Use the show mls qos command to show configurations of priority trust and queue
scheduling mode on specified interfaces.
Raisecom#show mls qos interface gigaethernet 1/2/1

Interface TrustMode UntaggedPriority Cos-PriProfile Dscp-PriProfile
Dscp-Mutation Cos-Remark
-----------------------------------------------------------------------

341
Raisecom
gigaethernet1/2/1 cos 5 0 0
0 0
Use the show mls qos flow-queue command to show queue scheduling configurations.
Raisecom#show mls qos flow-queue profile 2

CIR: Committed information rate,unit:Kbps
CBS: Committed burst size,unit:KB
PIR: Peak information rate,unit:Kbps
PBS: Peak burst size,unit:KB
ProfileIndex :2
Flow-Queue-Description :
Flow-Queue-Reference :3
Flow-Queue-Scheduler :wrr
QueueId Weight Wred CIR(Kbps) CBS(KB) PIR(Kbps) PBS(KB)
----------------------------------------------------------------
1 0 0 -- -- -- --
2 0 0 -- -- -- --
3 0 1 -- -- -- --
4 0 0 -- -- -- --
5 0 0 -- -- -- --
6 20 0 -- -- -- --
7 50 0 -- -- -- --
8 0 0 -- -- -- --
Use the show mls qos wred profile command to show WRED profile configurations.
Raisecom#show mls qos wred profile

GSDT:Green Start Drop Threshold
GEDT:Green End Drop Threshold
GDP :Green Drop Probability
YSDT:Yellow Start Drop Threshold
YEDT:Yellow End Drop Threshold
YDP :Yellow Drop Probability
RSDT:Red Start Drop Threshold
REDT:Red End Drop Threshold
RDP :Red Drop Probability
Index Description Ref GSDT GEDT GDP YSDT YEDT YDP RSDT REDT RDP
-------------------------------------------------------------------------
1 3 50 90 60 50 90 60 50 90 60
14.8.4 Example for configuring interface-based rate limiting
As shown in Figure 14-4, User A, User B, and User C are connected to the RAX711-R
through Switch A, Switch B, and Switch C.

342
Raisecom
User A transmits voice and video services; User B transmits voice, video, and data services;
User C transmits video and data services.
According to users' requirements, make following rules:
 For User A, provide 25 Mbit/s bandwidth; set the burst traffic to 100 KB; set the PIR to
50 Mbit/s, and set the PBS to 200 KB.
 For User B, provide 35 Mbit/s bandwidth; set the burst traffic to 100 KB; set the PIR to
 For User A, provide 30 Mbit/s bandwidth; set the burst traffic to 100 KB; set the PIR to
Figure 14-4 Configuring interface-based rate limiting
Configuration steps
Configure interface-based rate limiting.
Raisecom#config
Raisecom(config-port)#rate-limit ingress cir 25000 cbs 100 pir 50000 pbs
200
Raisecom(config-port)# rate-limit ingress cir 35000 cbs 100 pir 70000 pbs
200
Raisecom(config-port)# rate-limit ingress cir 30000 cbs 100 pir 60000 pbs
200
Checking results
Use the show rate-limit interface command to show interface-based rate limiting
configurations.
343
Raisecom

Interface Direction Cir(kbps) Cbs(kB) Pir(kbps) Pbs(kB)
CirOper(kbps) CbsOper(kB) PirOper(kbps) PbsOper(kB)
-------------------------------------------------------------------------
-------------------------------------------------
gigaethernet1/2/1 ingress 25000 100 50000 200 25000
100 50000 200
100 70000 200
100 60000 200
14.8.5 Examples for configuring MPLS QoS CAR
As shown in Figure 14-5, User B is connected to the iTN8800 through the RAX711-R. The
iTN8800 accesses voice, video, and data services of User B through its sub-interfaces
GE1/2/2.1, GE1/2/2.2, and GE1/2/2.3 (these sub-interfaces are configured with the IP address,
LSP, and so on).
User B has purchased the leased line services with a total bandwidth of 20 Mbit/s. According
to the service requirements, the following rules are formulated:
 Voice service bandwidth: CIR 500 kbit/s; video service bandwidth: CIR 4.5 Mbit/s; data
service bandwidth: CIR 5 Mbit/s
 The voice service is of the highest priority, followed by the video services, and the data
services.
 The idle bandwidth is shared by the three services. Services which have exceeded PIR
will be discarded.
Figure 14-5 MPLS QoS CAR networking
Configuration steps
Step 1 Configure the sub-interface to access different user services and configure the bandwidth limit
and priority for the services.
 Configure the device to access the highest-priority voice services.

344
Raisecom
Raisecom#config
Raisecom(config)#interface gigaethernet 1/2/2.1
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vc destination 1.1.4.1 tagged
vc-id 1 tunnel-interface 1 svlan 1
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vpn pw bandwidth car cir 500
pir 10500
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vpn pw diffserv-mode pipe 5
 Configure accessing the second-highest-priority video services.
Raisecom#config
pir 14500
 Configure accessing the lowest-priority data services.
Raisecom#config
pir 15000
Step 2 Configure limit on the total bandwidth of User B, namely, Tunnel bandwidth limit.
Raisecom#config
Raisecom(config)#interface tunnel 1/2/2
Raisecom(config-tunnel1/2/2)#bandwidth car cir 10000 pir 20000
Checking results
 Use the show mpls l2vpn pw traffic-statistics command to show PW statistics.
 Use the show mpls te traffic-statistics tunnel command to show Tunnel statistics.
When sending 10 Mbit/s voice services, 10 Mbit/s video services, and 10 Mbit/s data services
during a test, the user obtained the practical bandwidth, as shown in Table 14-1.

345
Raisecom
Table 14-1 Bandwidth statistics in the case of MPLS QoS CAR configurations
Service type Voice service Video service Data service Total
Configured 500 kbit/s 4.5 Mbit/s 5 Mbit/s 10 M (PIR
bandwidth CIR is 20
Mbit/s)
Sent bandwidth 10 Mbit/s 10 Mbit/s 10 Mbit/s 30 Mbit/s
Actual bandwidth 10 Mbit/s 5 Mbit/s 5 Mbit/s 20 Mbit/s
The CIR bandwidth (10 Mbit/s in total) of the three services is met first. The amount
of bandwidth of the three services which has exceeded the CIR is 9.5 Mbit/s, 5.5
Mbit/s, and 5 Mbit/s. According to the service priority, 9.5 Mbit/s bandwidth will be
assigned to voice services first, and the left 0.5 Mbit/s will be assigned to video
services. There is no extra bandwidth for the data services. Therefore, the traffic
being transmitted is 10 Mbit/s for voice services, 5 Mbit/s for video services, and 5
Mbit/s for data services.
14.8.6 Examples for configuring MPLS H-QoS
As shown in Figure 14-6, User A, User B, and User C are connected to iTN8800 respectively
through the RAX711-R. The iTN8800 accesses different types of user services through the
sub-interfaces (all sub-interfaces are configured with the IP address, LSP, and so on).
User A requires voice and video services. User B requires voice, video, and data services.
User C requires video and data services. Services of User A, User B, and User C are
aggregated on the iTN8800 in the headquarter.
The headquarter has purchased the leased line services with 150 Mbit/s bandwidth. According
to the service requirements of different users, the following rules are formulated:
 The total traffic of User A should not exceed 80 Mbit/s, among which the committed
bandwidth is 50 Mbit/s.
 The total traffic of User B should not exceed 50 Mbit/s, among which the committed
 The total traffic of User C should not exceed 50 Mbit/s, among which the committed
 The total traffic of User A, User B, and User C together should not exceed 150 Mbit/s.
 Once the total traffic of User A, User B, and User C is congested, it is required that the
ratio of the high priority service traffic among User A, User B, and User C should be
5:3:1.
 The service priority of all service from high to low is voice, video, and data.
Figure 14-7 shows the priority scheduling of the configuration scheme according to the
above-mentioned networking requirements.

346
Raisecom
Figure 14-6 MPLS H-QoS networking
Figure 14-7 MPLS H-QoS priority scheduling
Configuration steps
Step 1 Configure the sub-interface to access different user services and configure the service priority
of the user (distinguish the priority of different services according to weight and traffic queue).
The following configurations are based on accessing User B services.
 Access the highest-priority VoIP services.
Raisecom#config
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vpn pw bandwidth hqos weight
5 flow-queue 5

347
Raisecom
 Access the second-highest-priority IPTV services.
Raisecom#config
3 flow-queue 12
 Access the lowest-priority DATA services.
Raisecom#config
1 flow-queue 21
Step 2 Configure user-level bandwidth guarantee, limit, and weight.

 Configure the H-QoS of User A.
Raisecom#config
Raisecom(config-tunnel1/2/1)#bandwidth hqos cir 50000 pir 80000 weight 5
 Configure the H-QoS of User B.
Raisecom#config
 Configure the H-QoS of User C.
Raisecom#config
Step 3 Configure interface-based rate limit.
Raisecom#config

348
Raisecom

Raisecom(config-gigaethernet1/1/1)#rate-limit egress cir 150000 cbs 100
pir 180000 pbs 200
Checking results
 Use the show mpls l2vpn pw traffic-statistics command to show PW statistics.
 Use the show mpls te traffic-statistics tunnel command to show Tunnel statistics.
 Use the show rate-limit interface command to show whether the interface-based
bandwidth limit configurations are correct.

Interface Direction Cir(kbps) Cbs(kB) Pir(kbps) Pbs(kB)
CirOper(kbps) CbsOper(kB) PirOper(kbps) PbsOper(kB)
-------------------------------------------------------------------------
-------------------------------------------------
gigaethernet1/1/1 egress 150000 100 180000 200 150000
100 150000 200

349
Raisecom
RAX711-R (B) Configuration Guide 15 Appendix
15 Appendix
This chapter lists terms and abbreviations involved in this document, including the following
sections
 Terms
 Abbreviations
15.1 Terms
A
A series of ordered rules composed of permit | deny sentences. These
Access
rules are based on the source MAC address, destination MAC address,
Control List
source IP address, destination IP address, interface ID, etc. The device
(ACL)
decides to receive or refuse the packets based on these rules.
C
A standard defined by IEEE. It defines protocols and practices for OAM
Connectivity
(Operations, Administration, and Maintenance) for paths through 802.1
Fault
bridges and local area networks (LANs). Used to diagnose fault for EVC
Management
(Ethernet Virtual Connection). Cost-effective by fault management
(CFM)
function and improve Ethernet maintenance.
E
Encapsulation A technology used by the layered protocol. When the lower protocol
receives packets from the upper layer, it will map packets to the data of
the lower protocol. The outer layer of the data is encapsulated with the
lower layer overhead to form a lower protocol packet structure. For
example, an IP packet from the IP protocol is mapped to the data of
802.1Q protocol. The outer layer is encapsulated by the 802.1Q frame
header to form a VLAN frame structure.

350
Raisecom
Complying with IEEE 802.3ah protocol, EFM is a link-level Ethernet

Ethernet in OAM technology. It provides the link connectivity detection, link fault
the First Mile monitoring, and remote fault notification, etc. for a link between two
(EFM) directly-connected devices. EFM is mainly used for the Ethernet link on
edges of the network accessed by users.
L
Link A computer networking term which describes using multiple network
Aggregation cables/ports in parallel to increase the link speed beyond the limits of any
one single cable or port, and to increase the redundancy for higher
availability.
P
In data communication field, packet is the data unit for switching and
transmitting information. In transmission, it will be continuously
encapsulated and decapsulated. The header is used to define the
Packet
destination address and source address. The trailer contains information
indicating the end of the packet. The payload data in between is the
actual packet.
In packet switching network, data is partitioned into multiple data
segments. The data segment is encapsulated by control information, such
as, destination address, to form the switching packet. The switching
Packet
packet is transmitted to the destination in the way of storage-forwarding
switching
in the network. Packet switching is developed based on the storage-
forwarding method and has merits of both circuit switching and packet
switching.
Q
QinQ QinQ is (also called Stacked VLAN or Double VLAN) extended from
802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a
simple layer-2 VPN tunnel technology, encapsulating outer VLAN Tag
for client private packets at carrier access end; the packets take double
VLAN Tag passing through trunk network (public network). In public
network, packets only transmit according to outer VLAN Tag, the private
VLAN Tag are transmitted as data in packets.
V
Virtual Local VLAN is a protocol proposed to solve broadcast and security issues for
Area Ethernet. It divides devices in a LAN into different segments logically
Network rather than physically, thus implementing multiple virtual work groups
(VLAN) which are based on Layer 2 isolation and do not affect each other.

351
Raisecom
VLAN mapping is mainly used to replace the private VLAN Tag of the
Ethernet service packet with the ISP's VLAN Tag, making the packet
transmitted according to ISP's VLAN forwarding rules. When the packet
VLAN
is sent to the peer private network from the ISP network, the VLAN Tag
mapping
is restored to the original private VLAN Tag according to the same
VLAN forwarding rules. Thus, the packet is sent to the destination
correctly.
15.2 Abbreviations
A
ACL Access Control List
APS Automatic Protection Switching
C
CE Customer Edge
CFM Connectivity Fault Management
CoS Class of Service
D
DHD Dual Home Device
DRR Deficit Round Robin
DSCP Differentiated Services Code Point
E
EFM Ethernet in the First Mile
F
FTP File Transfer Protocol
G
GPS Global Positioning System
GSM Global System for Mobile Communications

352
Raisecom
HA High Availability
I
ICCP Inter-Chassis Communication Protocol
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IP Internet Protocol
International Telecommunications Union - Telecommunication
ITU-T
Standardization Sector
L
LACP Link Aggregation Control Protocol
LBM LoopBack Message
LBR LoopBack Reply
LLDP Link Layer Discovery Protocol
LLDPDU Link Layer Discovery Protocol Data Unit
LTM LinkTrace Message
LTR LinkTrace Reply
M
MA Maintenance Association
MAC Medium Access Control
MD Maintenance Domain
MEG Maintenance Entity Group
MEP Maintenance associations End Point
MIB Management Information Base
MIP Maintenance association Intermediate Point
MTU Maximum Transfered Unit
N
NTP Network Time Protocol

353
Raisecom
OAM Operation, Administration and Maintenance
P
PDU Protocol Data Unit
PE Provider Edge
PSN Packet Switched Network
PTN Packet Transport Network
PW Pseudo Wire
PWE3 Pseudo Wire Emulation Edge-to-Edge
Q
QoS Quality of Service
R
RMEP Remote Maintenance association End Point
RMON Remote Network Monitoring
S
SAToP Structure-Agnostic TDM over Packet
SFP Small Form-factor Pluggables
SLA Service Level Agreement
SNMP Simple Network Management Protocol
SNTP Simple Network Time Protocol
SP Strict-Priority
SSH Secure Shell
T
TCI Tag Control Information
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
TLV Type Length Value
ToS Type of Service
TPID Tag Protocol Identifier

354
Raisecom
V
VPN Virtual Private Network
VLAN Virtual Local Area Network
W
WRR Weight Round Robin

355
Address: Raisecom Building, No. 11, East Area, No. 10 Block, East
Xibeiwang Road, Haidian District, Beijing, P.R.China Postal
code: 100094 Tel: +86-10-82883305
Fax: 8610-82883056 http://www.raisecom.com Email:

RAX711-R (A) Configuration Guide (Rel - 05)

Uploaded by

Copyright:

Available Formats

You might also like

RAX711-R (A) Configuration Guide (Rel - 05)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RAX711-R (A) Configuration Guide (Rel - 05)

Uploaded by

Copyright:

Available Formats

www.raisecom.

is the trademark of Raisecom Technology Co., Ltd.

Product name Product version Hardware version

Indicate a potentially hazardous situation that, if not avoided,

Boldface Names of files, directories, folders, and users are in boldface.

Book Antiqua Heading 1, Heading 2, Heading 3, and Block are in Book

Boldface The keywords of a command line are in boldface.

User level conventions

 Added the support for 31-bit mask.

1 Basic configurations ..................................................................................................................... 1

1.6 Configuring RMON ....................................................................................................................................... 27

2 System management ................................................................................................................... 30

3 Interface management ................................................................................................................ 45

3.1 Configuring basic information about interface ............................................................................................... 45

4.4.6 Checking configurations ....................................................................................................................... 61

5 Clock synchronization ............................................................................................................... 74

7.6.3 Configuring BGP redistributed routes ................................................................................................. 119

8 MPLS ........................................................................................................................................... 138

8.4.7 Checking configurations ..................................................................................................................... 151

9 MPLS VPN ................................................................................................................................. 164

10 TDMoP ...................................................................................................................................... 206

10.2.2 Configuring static L2VC ................................................................................................................... 207

11 OAM .......................................................................................................................................... 210

11.4.2 Configuring BFD for IP .................................................................................................................... 230

12 Network reliability ................................................................................................................. 257

12.4.3 (Optional) creating ERPS protection sub-ring .................................................................................. 268

13.1.2 Configuring storm control ................................................................................................................. 304

13.12 Configuration examples ........................................................................................................................... 315

14 QoS ............................................................................................................................................. 319

14.6.5 Configuring L3VPN QoS.................................................................................................................. 332

15 Appendix .................................................................................................................................. 350

Figure 2-1 Outputting system logs to log host ..................................................................................................... 41

Figure 4-1 Configuring MAC address table ......................................................................................................... 64

Figure 4-3 Configuring basic QinQ...................................................................................................................... 69

Figure 4-4 Configuring port mirroring ................................................................................................................. 72

Figure 5-1 Configuring clock synchronization based on synchronous Ethernet .................................................. 76

Figure 6-1 Configuring DHCPv4 relay ................................................................................................................ 85

Figure 6-2 Configuring ARP ................................................................................................................................ 86

Figure 7-1 Configuring OSPF basic functions ................................................................................................... 128

Figure 7-2 Configuring BGP basic functions ..................................................................................................... 132

Figure 7-3 Configuring IP FRR .......................................................................................................................... 134

Figure 8-2 Configuring LDP-based dynamic LSP ............................................................................................. 158

Figure 8-3 Configuring RSVP-TE-based dynamic LSP..................................................................................... 161

Figure 9-1 MPLS L3VPN network topology ..................................................................................................... 174

Figure 9-4 Configuring MPLS L2VPN services ................................................................................................ 186

Figure 9-5 L3VPN networking application ........................................................................................................ 197

Figure 11-1 BFD for IP single-hop detection ..................................................................................................... 244

Figure 11-3 Y.1564 test ...................................................................................................................................... 250

Figure 12-1 VRRP configuration procedure....................................................................................................... 272

Figure 12-2 PW dual-home protection application scenario .............................................................................. 278

Figure 12-4 Configuring manual link aggregation ............................................................................................. 283

Figure 12-5 Configuring static LACP link aggregation ..................................................................................... 285

Figure 12-7 Data preparation ............................................................................................................................. 287

Figure 12-8 Configuring PW dual-homed protection switching ........................................................................ 296

Figure 13-2 Configuring RADIUS ..................................................................................................................... 317

Figure 13-3 Configuring TACACS+ .................................................................................................................. 318

Figure 14-1 Configuring ACL ............................................................................................................................ 335

Figure 14-5 MPLS QoS CAR networking ......................................................................................................... 344