Picos 2.2 l2 l3 Configuration Guide

Layer 2 and Layer 3
Configuration Guide
PicOS 2.2.0
March 2014
This guide provides the Layer 2 / Layer 3 configuration commands for PicOS 2.2.0
© 2012 Pica8 Inc. All Rights Configuration Guide

Reserved.
© Copyright 2009- 2014 Pica8, Inc. All rights reserved.
Pica8, Inc. makes no warranty of any kind with regard to this material, including, but not limited to, the implied
warranties of merchantability and fitness for a particular purpose. The information is provided “as is” without warranty
of any kind, and is subject to change without notice.
Layer 2 and Layer 3 Configuration Guide, PicOS 2.2.0

Table of Contents
Table of Contents
TABLE OF CONTENTS ........................................................................................................ 3
PREFACE ............................................................................................................................. 7
Intended Audience ................................................................................................................................................ 7
PicOS Documents ................................................................................................................................................ 7
Organization ......................................................................................................................................................... 7
CHAPTER 1 OVERVIEW ..................................................................................................... 8

Features List ......................................................................................................................................................... 8
CHAPTER 2 BOOT PROCESS AND MODE SELECTION ............................................... 10

Overview ............................................................................................................................................................. 10
The Boot Process ............................................................................................................................................... 10
Default Login ....................................................................................................................................................... 12
Modifying the Mode via the Configuration File ................................................................................................... 12
Modifying the Mode via an interactive Script ...................................................................................................... 13
Troubleshooting the PicOS Mode ....................................................................................................................... 14
CHAPTER 3 SYSTEM MANAGEMENT AND CONFIGURATION.................................... 15

Overview ............................................................................................................................................................. 15
From Linux Shell to Layer 2 / Layer 3 Shell ........................................................................................................ 15
Operation Mode and Configuration Mode .......................................................................................................... 15
Commit Failed and Exit Discard ......................................................................................................................... 15
Commit confirmed............................................................................................................................................... 16
Configuring DHCP and a Static IP Address ....................................................................................................... 16
Configuring DHCP relay ..................................................................................................................................... 17
Configuring DHCP option82 ............................................................................................................................... 18
Configuring DHCP snooping............................................................................................................................... 18
Configuring a User Account ................................................................................................................................ 19
Configuring Authentication/Authorization/Accounting ........................................................................................ 20
Configuring SSH and Telnet Parameters ........................................................................................................... 23
Configuring the Log-in ACL ................................................................................................................................ 24
Configuring NTP and the Time zone Parameter ................................................................................................ 25
Configuring IPFIX ............................................................................................................................................... 25
Configuring sFlow ............................................................................................................................................... 26
© 2014 Pica8 Inc. All Rights Reserved. Layer 2 / Layer 3 Configuration Guide P a g e |3
Table of Contents
Configuring SNMP .............................................................................................................................................. 28

Configuring the Syslog Log Level ....................................................................................................................... 30
Configuring the Syslog Disk................................................................................................................................ 31
Updating the PicOS Software and Platform ....................................................................................................... 32
Displaying System Information ........................................................................................................................... 33
Technical Support ............................................................................................................................................... 38
Flushing ARP and the Neighbor Table ............................................................................................................... 39
Rebooting the System ........................................................................................................................................ 39
Displaying the Debugging Message ................................................................................................................... 40
Installing Software .............................................................................................................................................. 40
Command List ..................................................................................................................................................... 44
CHAPTER 4.FILE MANAGEMENT CONFIGURATION ..................................................... 51

Managing Configuration Files ............................................................................................................................. 51
Displaying Your Current Configuration ............................................................................................................... 54
Displaying Your configuration of setting ............................................................................................................. 55
Rolling Back a Configuration .............................................................................................................................. 55
Managing Configuration Files ............................................................................................................................. 55
Saving, Applying, Executing and Loading Configuration Files ........................................................................... 57
Bash linux shell ................................................................................................................................................... 58
Set alias set_vlans as “PicOS commands”......................................................................................................... 60
Command List ..................................................................................................................................................... 61
CHAPTER 5 LAYER 2 SWITCHING CONFIGURATION .................................................. 62

Configuring LLDP (Link Layer Discovery Protocol) ............................................................................................ 62
Static Link Aggregation Configuration ................................................................................................................ 64
Link Aggregation Control Protocol (LACP) Configuration .................................................................................. 65
MLAG Configuration Guide................................................................................................................................. 66
Configuring a Basic MLAG step-by-step procedure ........................................................................................... 69
Configuring a Basic MLAG example ................................................................................................................... 70
Configuring Switch A with Static and LACP LAG ............................................................................................... 70
Configuring Switch B with Static and LACP LAG ............................................................................................... 73
Configuring Switch C with LACP and LAG ......................................................................................................... 75
Configuring Server A with NIC1 and NIC2 as Static LAG .................................................................................. 76
Configuring a MLAG domain with MSTP example ............................................................................................. 77
Configuring Switch A with LACP LAG ................................................................................................................ 78
Configuring Switch B with LACP LAG ................................................................................................................ 81
Configuring an Aggregation Interface to VLAN Members .................................................................................. 81
Configuring Switch C and Switch D with LACP LAG .......................................................................................... 83
©2014 Pica8 Inc. All Rights Reserved. Layer 2 / Layer 3 Configuration Guide P a g e |4
Table of Contents
Ethernet Port Configuration ................................................................................................................................ 85

Storm Control in Ethernet Port Configuration ..................................................................................................... 87
Static MAC entries and Dynamic MAC Address Learning ................................................................................. 87
Cut-through Switching Method ........................................................................................................................... 88
Configuring Mirroring .......................................................................................................................................... 89
Basic Port Configuration ..................................................................................................................................... 89
Port Security Configuration ................................................................................................................................. 95
Q-in-Q Basic Port Configuration ....................................................................................................................... 100
MSTP Configuration ......................................................................................................................................... 112
PVST Configuration .......................................................................................................................................... 117
PVST Configuration Example ........................................................................................................................... 141
Buffer Management Configuration .................................................................................................................... 146
BPDU Tunneling Configuration......................................................................................................................... 147
Unidirectional Link Dectection Configuration .................................................................................................... 153
Configuring IPv6 RA Guard .............................................................................................................................. 154
Command List ................................................................................................................................................... 157
CHAPTER 6. LAYER3 ROUTING CONFIGURATION ..................................................... 168

Layer3 VLAN Interface Configuration ............................................................................................................... 168
ARP Configuration ............................................................................................................................................ 169
Dynamic ARP Inspection---DAI ........................................................................................................................ 170
Static Routing Configuration ............................................................................................................................. 172
Static Routing Configuration Example .............................................................................................................. 173
RIPv2 Routing Protocol Configuration .............................................................................................................. 178
RIPv2 Routing Configuration Example ............................................................................................................. 179
OSPF Routing Protocol Configuration .............................................................................................................. 184
OSPF Routing Basic Configuration Example ................................................................................................... 186
OSPF Configuration Example: NSSA/Stub/Normal ......................................................................................... 191
OSPF Stub Area/NSSA Summary .................................................................................................................... 195
OSPF Virtual Link Configuration Guide ............................................................................................................ 196
OSPF Area Range Configuration Guide ........................................................................................................... 202
Importing an External Route into an OSPF Area.............................................................................................. 204
BFD Protocol Configuration .............................................................................................................................. 207
BFD Basic Configuration Example ................................................................................................................... 210
BGP Configuration Guide ................................................................................................................................. 214
BGP Basic Configuration Example ................................................................................................................... 222
BGP Route Reflector Configuration Example................................................................................................... 231
BGP Confederation Configuration Example ..................................................................................................... 239
BGP Load Balancing Configuration Example ................................................................................................... 248
Table of Contents
Configuring ECMP (Equal-Cost Multipath Routing) ......................................................................................... 257

Configuring VRRP (Virtual Router Redundancy Protocol) ............................................................................... 259
IPv6 Neighbor Configuration............................................................................................................................. 261
IPv6 Static Routing Configuration ..................................................................................................................... 262
OSPFv3 Routing Protocol Configuration .......................................................................................................... 263
ACL and Filter Configuration ............................................................................................................................ 265
Command List ................................................................................................................................................... 268
CHAPTER 7. MULTICAST CONFIGURATION ................................................................ 280

IGMP Snooping Configuration .......................................................................................................................... 280
IGMP Configuration .......................................................................................................................................... 281
PIM-SM Configuration ...................................................................................................................................... 283
PIM-SM Configuration Example ....................................................................................................................... 285
Command List ................................................................................................................................................... 291
CHAPTER 8. QOS CONFIGURATION ............................................................................. 293

Configuring SP .................................................................................................................................................. 293
Configuring WRR .............................................................................................................................................. 294
Configuring WFQ .............................................................................................................................................. 295
Command List ................................................................................................................................................... 296
CHAPTER 9. OPENFLOW CONFIGURATION ................................................................ 297

OpenFlow Introduction ..................................................................................................................................... 297
OpenFlow Basic Configuration ........................................................................................................................ 300
Group table Configuration ................................................................................................................................. 307
Crossflow Configuration Example .................................................................................................................... 310
Command List ................................................................................................................................................... 316
CHAPTER 10. ZERO TOUCH PROVISIONING ............................................................... 319

Zero touch provisioning .................................................................................................................................... 319
APPENDIX ........................................................................................................................ 325

Other Command List ......................................................................................................................................... 325
Preface
Preface
Intended Audience
This guide is intended for data center administrators, system administrators, and customer service staffs responsible
for monitoring or configuring PicOS Layer 2 / Layer 3.
PicOS Documents
The PicOS documents are available on our Pica8 website:
http://www.pica8.com/portal/
Organization
This configuration guide is organized as follows:
Chapter Description
Chap 1. Overview Provides an overview of the Layer 2 / Layer 3

switch
Chap 2. System Management Describes system management configurations

Configuration
Chap 3. File Management Configuration Describes file management configurations
Chap 4. Layer 2 Switching Configuration Describes Layer2 switching configuration steps
Chap 5. Layer 2 Switching Configuration Describes Layer 3 routing configuration steps
Chap 6. Multicast Configuration Describes Multicast configuration steps
Chap 7. QoS Configuration Describes QoS configuration steps
Chap 8. OpenFlow Configuration Describes OpenFlow configuration steps
Preface
Chapter 1 Overview
This chapter provides an overview of PicOS Layer 2 / Layer 3 features, including Layer2 switching and Layer3 routing.
Features List
PicOS Layer 2 / Layer 3 supports Layer 2 switching (STP, RSTP, MSTP, MAC learning, Q-in-Q) and Layer 3 routing
(static routing, RIPv2, OSPF, IGMP, PIM-SM, IPv6).
Table 1-1 Layer 2 / Layer 3 Features List
Category Functional Requirement

Support for clock/date setting and NTP
Support for inbound IP access via any routed interface
Support for DHCP client, DHCP relay ,DHCP Option82 and DHCP snooping
System Support for multiple local user accounts
Management&
Administration Support for SSHv2 protocol
Ability to enable debugging for a specific module
Support for Read Only and Read Write access SNMP
Support for IPFIX, monitors data flow in specified server
Device configuration can be saved to flash on the device
Support for configuration versioning and rollback; compares the two configurations for
differences
Device
Configuration, Ability to import/export configuration files, device software, and logs from a file on a
Software,& File remote server (tftp/scp as possible options)
Management
Ping tool and Trace route tool from CLI
SSH tool and telnet tool from CLI
Ability to view and configure MAC/ARP table information
Support for LLDP protocols for detecting devices on a link
Support for LACP protocol and hashing of traffic using Src/Dst MAC address, Src/Dst IP
address, and Layer4 port information and flag
Support for 802.1q trunked interfaces, for both single and LAG interfaces
Support for 802.1q tagged/untagged interfaces and native tags
Layer2
Forwarding and Support for Q-in-Q
Protocol Support for Jumbo Frame
Support for 802.1d Spanning Tree Protocol (STP)
Support for 802.1w rapid STP (RSTP)and Per-VLAN Spanning Tree(PVST)
Support for 802.1s Multiple Spanning Tree protocol (MSTP)
Support for functionality of BPDU Guard / Filter/UDLD etc.
System Management and Configuration
Category Functional Requirement

Support for storm-control for unicast, multicast, broadcast
Support for ingress/egress port mirroring
Support for 802.1p in Layer2 forwarding
Support for Flow control per-interface
Support for IGMP snooping enable per-VLAN
Support for IGMP snooping query per-VLAN
Full support for dual stacked IPv4 and IPv6 addressing.
Support for 6 members in a Layer3 LAG interface
Support for IPv4 and IPv6 static route configuration
Support for OSPFv2 (IPv4)
Support for stub, normal, and NSSA OSPF area types
Support for up to 32 equal-cost routes in OSPF
Layer3 Support for RIP routing protocol
Forwarding and
Routing Protocol Support for BGP routing protocol and BFD
Support for 128 equal-cost routes in the device’s routing/forwarding tables
Support for ECMP routing with hashing of traffic using Src/Dst IP and Port
Support the ToS and DSCP in Layer3 forwarding
Support for IGMP v1/v2
Support for PIM-SM multicast routing
Support for VRRP protocol
Preface
Chapter 2 Boot Process and Mode Selection

Overview
This chapter describes the boot process and the mode selection. Pica8 switches can run in two different modes:
 Open vSwitch mode (OVS)
 Layer 2 / Layer 3 mode (L2/L3)
In OVS mode, the L2/L3 daemon is not running; only OVS is accessible.
The Boot Process

You can follow the boot process via the console port.
Verify that the switch is connected in the console port with the correct baud rate, data bits value, and stop bits value.
 The baud rate is 115200.
 The data bits value is 8.
 The stop bits value is 1.

A common output for a boot-up is shown below as an example:
U-Boot 1.3.0 (Mar 8 2011 - 16:39:03)
CPU: 8541, Version: 1.1, (0x80720011)

Core: E500, Version: 2.0, (0x80200020)
Clock Configuration:
CPU: 825 MHz, CCB: 330 MHz,
DDR: 165 MHz, LBC: 41 MHz
L1: D-cache 32 kB enabled
I-cache 32 kB enabled
I2C: ready
DRAM: Initializing
initdram robin1
initdram robin2
robin before CFG_READ_SPD
robin after CFG_READ_SPD
initdram robin3
DDR: 512 MB
FLASH: 32 MB
L2 cache 256KB: enabled
In: serial
Out: serial
Err: serial
Net: TSEC0, TSEC1
IDE: Bus 0: OK
Device 0: Model: CF 512MB Firm: 20060911 Ser#: TSS25016070309051750
© 2014 Pica8 Inc. All Rights Reserved. Layer 2 / Layer 3 Configuration Guide P a g e | 10
Type: Hard Disk

Capacity: 495.1 MB = 0.4 GB (1014048 x 512)
Hit any key to stop autoboot: 5
You can modify the baud rate of the switch. For that, enter the U-Boot and configure the baud rate or other
parameters. For example:
U-Boot 1.3.0 (Sep 8 2010 - 17:20:00)
CPU: 8541, Version: 1.1, (0x80720011)

Core: E500, Version: 2.0, (0x80200020)
I2C: ready
DRAM: Initializing
DDR: 512 MB
FLASH: 32 MB
Set ethaddr MAC address = c8:0a:a9:04:49:1a
Set eth1addr MAC address = c8:0a:a9:04:49:1b
In: serial
Out: serial
Err: serial
Net: TSEC0, TSEC1
IDE: Bus 0: OK
Device 0: Model: CF Card Firm: Ver2.35 Ser#: 7DF70707030700224009
Type: Hard Disk
Capacity: 1923.9 MB = 1.8 GB (3940272 x 512)
Hit any key to stop autoboot: 0
[Interrupt the Boot sequence to enter the “U-boot” mode.]
=>
=>
=> printenv
flash_bootcmd=setenv bootargs root=/dev/ram console=ttyS0,$baudrate; bootm ffd00000 ff000000 ffee0000
cfcard_bootcmd=setenv bootargs root=/dev/ram console=ttyS0,$baudrate; ext2load ide 0:1 0x1000000
/uImage;ext2load ide 0:1 0x2000000 /uInitrd2m;ext2load ide 0:1 0x400000 /LB9A.dtb;bootm 1000000 2000000
400000
bootdelay=5
baudrate=115200
loads_echo=1
rootpath=/nfsroot
netmask=255.255.255.0
hostname=LB9A_X
loadaddr=4000000
ethact=TSEC0
©2014 Pica8 Inc. All Rights Reserved. Layer 2 / Layer 3 Configuration Guide P a g e | 11
ipaddr=10.10.50.60
gatewayip=10.10.50.1
serverip=10.10.50.16
bootfile=u-boot.bin
filesize=100000
fileaddr=2000000
=> set baudrate115200

=> save
Saving Environment to Flash...
Un-Protected 1 sectors
Erasing Flash...
. done
Erased 1 sectors
Writing to Flash... done
Protected 1 sectors
=> reset
Do not interrupt the default boot process unless you are upgrading, fixing the file system, or changing the console port
settings (see documentation about upgrading or downgrading a Pica8 Switch).
Default Login
PicOS can run in two different modes:

 Open vSwitch mode (OVS). In this mode the switch is completely dedicated to Open vSwitch.
 Layer 2 / Layer 3 mode (L2/L3). It is the default mode, used for traditional Layer 2 / Layer 3 switch/routing and for
OpenFlow operation (it is mostly a superset of the OVS mode with L2/L3 capacities)
In OVS mode, the L2/L3 daemon is not running; only OVS is accessible.
The system has two default users: root and admin. The default password for both is pica8. If you login as
root, the system defaults to a Linux shell with Linux root privileges. If you login as admin, you will log into the
L2/L3 Shell (also called XORP Shell).
The following section describe how to change the PicOS mode of operation (From L2/L3 to OVS or OVS to
L2/L3).
Modifying the Mode via the Configuration File

The PicOS main configuration file can be found at:
/etc/picos/picos_start.conf
To change the mode (OVS or L2/L3), you have to change the option picos_start in this file (via an editor like vi) and
restart the PicOS Service.
With the change below, the system will use the OVS mode.
picos_start=ovs
With the change below, the system will use the L2/L3 mode (or XORP Plus).
picos_start=xorpplus
Once the configuration file is updated, you must restart the PicOS service to activate the change (or restart the switch).
To restart the PicOS service, use the command:
service picos restart
The OVS Mode is using the standard Linux Shell as CLI.

The L2/L3 mode is using the XORPPLUS CLI.
To use the XORPPLUS CLI from the Linux shell, you can use the command “pica_sh”.
The login in the L2/L3 shell should look like the following:
Synchronizing configuration...OK.
Pica8 PicOS Version 2.1
Welcome to PicOS L2/L3 on XorPlus
XorPlus>
Modifying the Mode via an interactive Script

Another option to modify the PicOS mode (OVS or L2/L3) is to use the built-in interactive script to modify the PicOS
configuration file automatically. Log in as root and use the command picos_boot. The switch will display the software
menu as follows:
XorPlus login: root
Password:
root@XorPlus#picos_boot
Please configure the default system start-up options:
(Press other key if no change)
[1] PicOS L2/L3
[2] PicOS Open vSwitch/OpenFlow
[3] No start-up options * default
Enter your choice (1,2,3):
Option 1, PicOS is XorPlus. When you choose option 1, after a reboot PicOS will load XorPlus.
Option 2, Open vSwitch (OVS), is an open source project ported to PicOS (refer to PicOS OVS Configuration Guide
for details) when you choose option 2, after a reboot PicOS will load Open vSwitch.
An alternative to reboot the switch is to reload the PicOS service.

To restart the PicOS service, use the command:
service picos restart
This configuration guide is describing the behavior of PicOS in L2/L2 mode (Option 1).
In L2/L3 mode, the login session should look like the following:
Synchronizing configuration...OK.
Pica8 PicOS Version 2.1
Welcome to PicOS L2/L3 on XorPlus
XorPlus>
Troubleshooting the PicOS Mode

In L2/L3 mode (Or XORP), the XORP system is running. For example:
root@XorPlus$ps aux | grep xorp | grep -v grep
root 16383 0.0 1.2 18100 6596 ? S Jan29 5:26 xorp_policy
root 16385 0.3 2.5 34980 13380 ? Ss Jan29 99:20 /pica/bin/xorp_rtrmgr -d -L local0.info
-P /var/run/xorp_rtrmgr.pid
root@XorPlus$ps aux | grep ovs | grep -v grep
In OVS mode, only the OVS daemon is running.

root@Fabric-TOR1#ps aux | grep xorp | grep -v grep
root@Fabric-TOR1#
root@Fabric-TOR1#
root@Fabric-TOR1#ps aux | grep ovs | grep -v grep
root 19982 0.1 0.6 19316 3392 ? S Feb14 7:45 ovsdb-server /ovs/ovs-vswitchd.conf.db
--remote=ptcp:6653:172.16.0.205 --remote=punix:/ovs/var/run/openvswitch/db.sock
root 19984 5.5 2.4 28504 12772 ? Sl Feb14 398:02 ovs-vswitchd --pidfile=ovs-vswitchd.pid
--overwrite-pidfile
root 19997 0.0 1.2 25632 6360 ? S Feb14 0:00 ovs-vswitchd: worker process for pid
19984
Preface
Chapter 3 System Management and Configuration

Overview
This chapter describes the configuration steps for the system management, DHCP, and setting up a user
account.
From Linux Shell to Layer 2 / Layer 3 Shell

Once in the Linux shell, you can use the command "pica_sh" (under /pica/bin) to launch the Layer 2 / Layer 3 CLI (or
XORP CLI).
From the Layer 2 / Layer 3 CLI (or XORP CLI) to come back to the Linux Shell, you can use the exit command. An
alternative is to use start shell sh to launch a Linux shell from the Layer 2 / Layer 3 CLI.
Operation Mode and Configuration Mode

(1) Operation mode
By default, the switch’s operation mode is activated when at starts up.
Welcome to PicOS L2/L3on XorPlus
XorPlus>
(2) Configuration mode

Activate the configuration mode by entering the configure command. For the remainder of this document, be sure to
enter the configuration mode if you see the XorPlus# prompt.
XorPlus> configure
Entering configuration mode.
There are no other users in configuration mode.
[edit]
XorPlus#
Commit Failed and Exit Discard

(1) Exiting the configuration mode without uncommitted configurations
Switch to the execution mode from the configuration mode without any uncommitted configurations.
XorPlus# exit
XorPlus>
(2) Exiting the configuration mode with uncommitted configurations

Use the exit discard command to enter the execution mode from the configuration mode with any uncommitted or
failed committed configurations.
XorPlus# set interface gigabit-ethernet ge-1/1/1 disable true

[edit]
XorPlus# exit
ERROR: There are uncommitted changes.

Use "commit" to commit the changes, or "exit discard" to discard them.
XorPlus# exit discard
XorPlus>
Commit confirmed
User can commit a candidate configuration before this configuration become permanent. By using “commit confirmed”,
the system will apply the configuration for ten minutes default. After ten minutes, the system will roll back to the
configuration automatically before user “commit confirmed”. User can configure the roll back time in the CLI, by default
it is 10 minutes.
(1) default configure
By default, it will be automatically rolled back to the previous configuration after 600 seconds.
XorPlus# set vlans vlan-id 2
[edit]
XorPlus# commit confirmed
Merging the configuration.
Will be automatically rolled back in 600 seconds unless confirmed by new commit.
Commit OK.
[edit]
XorPlus#
(2) Modify the rollback confirmation time

[edit]
XorPlus# commit confirmed 100
Will be automatically rolled back in 100 seconds unless confirmed by new commit.
Commit OK.
[edit]
XorPlus#
Configuring DHCP and a Static IP Address

(1) Enabling DHCP
By default, DHCP is enabled on the management interface eth0. You can enable DHCP manually with the following
CLI command:
XorPlus# set interface management-ethernet eth0 address dhcp

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring a static IP address and gateway

Configure your management interface eth0 with static IP address.
XorPlus# set interface management-ethernet eth0 address 192.168.1.5/24

[edit]
XorPlus# set interface management-ethernet eth0 gateway 192.168.1.1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring DHCP relay

(1) Enabling DHCP relay in a VLAN interface
When you enable DHCP relay in a VLAN interface, the switch will relay the received DHCP request to the specified
DHCP server via routing. Normally, the port connects to a trusted DHCP server should be a trusted port. You should
configure the port using the trust true option.

[edit]
[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 2
[edit]
[edit]
XorPlus# set vlans vlan-id 2 l3-interface vlan-2
[edit]
[edit]
XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
[edit]
XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 192.168.1.1 prefix-length 24
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols dhcp relay vlan-interface vlan-2 disable false

[edit]
XorPlus# set protocols dhcp relay vlan-interface vlan-2 dhcp-server-address1 192.168.2.100
[edit]
XorPlus# set protocols dhcp snooping port ge-1/1/2 trust true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring DHCP option82

Option82 is a relay agent used to specify the DHCP client location information. The DHCP option82 is disabled by
default. To enable option82, use the disable false option, then use the circuit-id command to set the DHCP port
information.
(1) Enable DHCP option82
XorPlus# set protocols dhcp option82 disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Modify the circuit-id of option82
XorPlus# set protocols dhcp relay port ge-1/1/3 circuit-id v100
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring DHCP snooping

DHCP snooping creates a mapping table which includes the IP address, the MAC address, and the port number.
DHCP snooping is disabled by default. The steps below explain how to enable DHCP snooping, configure the DHCP
snooping binding file, trust port (by default the port is untrusted), and timeout.
(1) Enable DHCP snooping
XorPlus# set protocols dhcp snooping disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configure DHCP snooping binding file and timeout
XorPlus# set protocols dhcp snooping binding file /tmp/run/dhcp_bind //sync the dhcp snooping table to
disk
[edit]
XorPlus# set protocols dhcp snooping binding timeout 8
[edit]
XorPlus# com
Commit OK.
Save done.
[edit]
(3) Configure DHCP snooping trust port
XorPlus# set protocols dhcp snooping port ge-1/1/2 trust true //(DHCP reply is trusted), usually, the port
connect to DHCP server should be enable
this.
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
(4) Display the DHCP snooping table of host information

XorPlus# run show dhcp snooping
Total count: 1
MAC Address IP Address Port VLAN ID VLAN Interface
----------------- --------------- --------- ------- ---------------
00:1d:09:fa:a1:b4 192.168.1.10 ge-1/1/1 2 vlan2
Configuring a User Account

There are two types of user accounts: super-user and read-only. The newly created user account, by default, is
read-only.
(1) Creating a user class and password

XorPlus# set system login user ychen authentication plain-text-password pica8
[edit]
XorPlus#set system login user ychen class super-user
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(1) Configuring a telnet announcement
XorPlus# set system login announcement "welcome the switch-1101"

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Authentication/Authorization/Accounting
PicOS supports Authentication/Authorization/Accounting (AAA). A user is authenticated by the AAA server (referred to
as “admin” in our guide) and then can configure the switch. PicOS supports TACACS+ and RADIUS protocols.
RADIUS supports only two levels: read-only and super-user. Configure the local switch and server as detailed below
Configuring AAA
 Configure the tacacs enable
XorPlus# set system aaa tacacs-plus disable false
[edit]
XorPlus# set system aaa tacacs-plus key pica8
[edit]
XorPlus# set system aaa tacacs-plus server-ip 10.10.53.53
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set system aaa tacacs-plus authorization true
[edit]
XorPlus# set system aaa tacacs-plus accounting true
XorPlus# commit
 Configure the radius enable

XorPlus# set system aaa radius authorization disable false
[edit]
XorPlus# set system aaa radius authorization server-ip 10.10.50.41 shared-key testing123
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set system aaa radius accounting disable false
[edit]
XorPlus# set system aaa radius accounting server-ip 10.10.50.41 shared-key testing123
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(1) Displaying AAA information
XorPlus# show system aaa tacacs-plus

Waiting for building configuration.
authorization: true
accounting: true
server-ip 10.10.53.53
key: "pica8"
XorPlus# show system aaa radius

Building the configuration.
authorization {
disable: false
server-ip 10.10.50.41 {
shared-key: "testing123"
}
}
accounting {
disable: false
server-ip 10.10.50.41 {
shared-key: "testing123"
}
}
[edit]
XorPlus#
(3) Configuring the AAA server

Configure the AAA server configuration file as follows:
Tacacs server configuration:
key = pica8
# Accounting File
accounting file = /var/tmp/acctfile
default authentication = file /etc/passwd
user = admin {
member = admins
}
group = admins {
global = cleartext "password"
service = exec {
default attribute = permit
}
}
user = operator {
global = cleartext "operator"
service = exec {
}
}
user = ychen {
global = cleartext "ychen"
member = admins
service = exec {
}
}
Add “/usr/share/freeradius/dictionary.pica8” to radius server before the configuration.
Radius server configuration:
operator Cleartext-Password := "testing"

Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP,
Class = "read-only"
ychen Cleartext-Password := "testing"

Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP,
Class = "super-user"
Following the configuration above, the admin or operator can access the switch via telnet or SSH.
Any valid CLI commands executed by the admin or operator will be recorded to the specified accounting file. In our
example above, the accounting file is /var/tmp/acct file.
(4) Configuring the local log-in
XorPlus# set system aaa local disable true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
In the configuration above, you cannot log in to the switch with a local account.
Configuring SSH and Telnet Parameters

(1) Configuring the SSH connection limit
XorPlus# set system services ssh protocol-version v2

[edit]
XorPlus# set system services ssh connection-limit 5
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Disabling telnet service
XorPlus# set system services telnet disable true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(4) Enabling and disabling inband service

By default, SSH and telnet with inband interfaces are disabled. You can enable inband services by entering the
command below:
XorPlus# set system inband enable true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the Log-in ACL

(1) Configuring the log-in ACL
Configure the ALC to control whether remote hosts within specified subnetworks are allowed to log in to the system. In
our example, remote hosts from both subnetworks that we configured may log in.
XorPlus# set system login-acl network 192.168.1.0/24

[edit]
XorPlus# set system login-acl network 192.168.100.100/32
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring NTP and the Time zone Parameter

(1) Configuring the NTP server IP address
The Layer 2 / Layer 3 switch synchronizes with the NTP server only when the configuration commands are committed
using the commit command. You can change the NTP server’s IP address, as shown below:
XorPlus# set system ntp-server-ip 192.168.10.100

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring the time zone

Configure the time zone as follows (we selected Pacific/Kosrae for our example):
XorPlus# set system timezone Pacific/Kosrae

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Configuring the system clock
XorPlus> set date 2012.01.01-23:59

Sun Jan 1 23:59:00 UTC 2012
XorPlus>.
The clock will be set in the hardware.
Configuring IPFIX
(1) Configuring IPFIX parameters
By default, IPFIX is disabled. You can enable IPFIX and configure its parameters as shown below. Make sure the
switch can connect to the IPFIX collector server correctly.
XorPlus# set protocols ipfix collector 192.168.2.10udp-port 9999

[edit]
XorPlus# set protocols ipfix interfaces ingress ge-1/1/1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring sFlow
(1) Globally enabling sFlow
By default, sFlow is disabled. You can enable sFlow and configure its’ parameters. Verify that the switch can connect
to the sFlow collector server, and configure the sFlow agent-id and source-address at the same time that you enable
sFlow, as shown below:
XorPlus# set protocols sflow disable false

[edit]
XorPlus# set protocols sflow agent-id 10.10.50.248
[edit]
XorPlus# set protocols sflow source-address 10.10.50.248
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring sFlow parameters

You can configure global parameters for sFlow, including agent-id, collector IP, polling-interval, sampling-rate, and
source-address.
XorPlus# set protocols sflow agent-id 10.10.50.248

[edit]
XorPlus# set protocols sflow collector 10.10.50.221 udp-port 6343
[edit]
XorPlus# set protocols sflow polling-interval 30
[edit]
XorPlus# set protocols sflow sampling-rate ingress 2000
[edit]
XorPlus# set protocols sflow sampling-rate egress 2000
[edit]
XorPlus# set protocols sflow header-len 128
[edit]
XorPlus# set protocols sflow source-address 10.10.50.248
[edit]
XorPlus# commit

Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show sflow
sFlow : Enabled
Agent ID : 10.10.50.248
Source Address : 10.10.50.248
Sample rate ingress: 1:2000
Sample rate egress : 1:2000
Polling interval : 30 seconds
Header Length : 128
XorPlus#
XorPlus# run show sflow collector
Collector address UDP-port No of Samples
----------------- -------- -------------
10.10.50.221 6343 5336
XorPlus#
(3) Configuring sFlow on a specific interface

You can configure sFlow parameters on a specific interface:
XorPlus# set protocols sflow interface ge-1/1/1 polling-interval 100

[edit]
XorPlus# set protocols sflow interface ge-1/1/1 sampling-rateegress1800
[edit]
XorPlus# set protocols sflow interface ge-1/1/1 sampling-rate ingress1500
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show sflow interface
Interface Status Sample rate Polling interval Header length
Ingress Egress
--------- ------ ------- ------- ---------------- -------------
ge-1/1/1 Enabled 1500 1800 100 64
ge-1/1/10 Enabled 2000 2000 30 64
ge-1/1/11 Enabled 2000 2000 30 64
ge-1/1/12 Enabled 2000 2000 30 64
ge-1/1/13 Enabled 2000 2000 30 64
ge-1/1/14 Enabled 2000 2000 30 64
ge-1/1/15 Enabled 2000 2000 30 64
ge-1/1/16 Enabled 2000 2000 30 64

ge-1/1/17 Enabled 2000 2000 30 64
ge-1/1/18 Enabled 2000 2000 30 64
ge-1/1/19 Enabled 2000 2000 30 64
ge-1/1/2 Enabled 2000 2000 30 64
In the current version, sFlow samples only the ingress traffic of each interface. You can monitor the traffic with sFlow
Trend as follows:
Figure 2-1.sFlowTrendtools.
Configuring SNMP
(1) Configuring SNMP parameters
By default, SNMP is disabled. You can enable SNMP and configure its parameters (e.g. community, contact, location)
as shown below:
XorPlus# set protocols snmp community Pica8-data-center

[edit]
XorPlus# set protocols snmp community Pica8-data-center authorization read-only
[edit]
XorPlus# set protocols snmp contact support@pica8.com
[edit]
XorPlus# set protocols snmp location Beijing
[edit]
XorPlus# set protocols snmp trap-group targets 10.10.1.1

[edit]
XorPlus# set protocols snmp trap-group version v2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring an SNMP ACL

By default, all hosts can snmpwalk the information of the switch. Configure an SNMP ACL to control which hosts within
the sub-network can snmpwalk the switch.
XorPlus# set system snmp-acl network 1.1.1.0/24

[edit]
XorPlus# set system snmp-acl network 2.2.2.0/24
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Configuring SNMP Set
Users can use “snmpset” (OID1.3.6.1.4.1.35098.2.0.0) to load a configuration and can use “snmpset” (OID
1.3.6.1.4.1.35098.2.1.0) to delete or load a configuration. However, only set and delete commands can be included in
the command batch (which is OID 1.3.6.1.4.1.35098.2.1.0). Other commands are invalid and ignored. Note that
clearing a dependent configuration is not allowed.
XorPlus# set protocols snmp community private authorization read-write

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
Examples of snmpset application (using one server):
(a) using snmpset to load a filter configuration
root@dev:~# snmpset -v 2c -c private IP .1.3.6.1.4.1.35098.2.0.0 s "tftp:1.1.5.1:/pica8/acl.conf"
iso.3.6.1.4.1.35098.2.0.0 = STRING: "tftp:1.1.5.1:/pica8/acl.conf"
(b) using snmpset to delete a filter configuration
root@dev:~# snmpset -v 2c -c private IP .1.3.6.1.4.1.35098.2.1.0 s "tftp:1.1.5.1:/pica8/delete-acl.conf"
iso.3.6.1.4.1.35098.2.0.0 = STRING: "tftp:1.1.5.1:/pica8/delete-acl.conf"
Configuring the Syslog Log Level

(1) Configuring the syslog level
Listed in order from most severe to least severe; there are five system syslog levels: Fatal, Error, Warning, Info, and
Trace. By default, the system is set to the Warning level. You can, of course, change the log level.
In the example below, the system logs messages from Info, Warning, Error, and Fatal levels since the system syslog
level is set to Info.
XorPlus# set system log-level info

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
You can display the log messages on the console screen by entering the following command:
XorPlus# exit
XorPlus> syslog monitor on
If the switch’s syslog level is Trace, the trace options of the modules should be turned on, as illustrated below. You can
also turn on the OSPF trace options for debugging.
XorPlus# set protocols ospf4 traceoptions flag all disable false

[edit]
XorPlus# set system log-level trace
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# exit
(2) Configuring the SNMP logging facility

In accordance with the syslog standard, the logging facility can be configured as [0, 7].
XorPlus# set system log-facility 0

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Oct 17 15:22:42 XorPlus local0.warn : admin logined the switch
Oct 17 15:22:50 XorPlus local0.warn pica_sh: Tacacs send acct body send failed: wrote -1 of 127: Connection
refused
XorPlus# set system log-facility 2

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Oct 17 15:22:42 XorPlus local2.warn : admin logined the switch
Configuring the Syslog Disk

(1) Configuring the syslog host
After you configure the syslog server IP address, the log files will be sent to the syslog server.
XorPlus# set system syslog host 192.168.1.1

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring syslog for local storage

You can configure syslog messages to be stored in RAM or in a local SD card.
XorPlus# set system syslog local-file disk

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set system syslog local-file ram
[edit]
XorPlus# commit

Commit OK.
Save done.
[edit]
XorPlus#
Updating the PicOS Software and Platform

You can separate the system’s PicOS Platform and PicOS Software and update them respectively. Generally,
rootfs.tar.gz will include both the PicOS Platform and PicOS Software, and pica.tar.gz will include only the PicOS
Software.
(1) Displaying the system version
XorPlus# run show version

Copyright (C) 2009-2013 Pica8, Inc.
Base ethernet MAC Address : 08:9e:01:61:65:80
Hardware model : P-3290
PicOS Version : 2.2
Revision ID : 10863
(2) Updating the PicOS Software

Step1: Get the pica image and md5 file. (Then modify the md5 file’s file name according to pica.tar.gz)
XorPlus> file tftp get remote-file pica_bin.tar.gz local-file pica.tar.gz ip-address 1.1.5.6
Start to get the 'picos.tar.gz' to '/cftmp/rootfs.tar.gz'.
Waiting......
Done!
XorPlus> file tftp get remote-file pica_bin.tar.gz.md5 local-file pica.tar.gz.md5 ip-address 1.1.5.6
Start to get the 'pica_bin.tar.gz.md5' to '/cftmp/pica.tar.gz.md5'.
Waiting......
Done!
XorPlus>
Step2: Reboot the switch.
XorPlus# run request system reboot
The image will be placed under the local installation directory (/cftmp). The system will decompress pica.tar.gz
automatically when rebooted, updating only the PicOS Software.
(3) Updating the PicOS Platform

Step1:Get the image and md5 file . (Then modify the md5 file’s file name according to rootfs.tar.gz)
XorPlus> file tftp get remote-file picos.tar.gz local-file rootfs.tar.gz ip-address 1.1.5.6
Start to get the 'picos.tar.gz' to '/cftmp/rootfs.tar.gz'.
Waiting......
Done!
XorPlus> file tftp get remote-file picos.tar.gz.md5 local-file rootfs.tar.gz.md5 ip-address 1.1.5.6
Start to get the 'picos.tar.gz.md5' to '/cftmp/rootfs.tar.gz.md5'.

Waiting......
Done!
XorPlus>
Step2: Reboot the switch. Best practices are to back up configuration file /pica/config/pica_startup.boot to
/cftmp directory to avoiding missing file before rebooting.
The image will be placed under the local installation directory (/cftmp). The system will decompress rootfs.tar.gz
automatically when rebooted, updating both the PicOS Platform and PicOS Software. PicOS 2.2 supports using shell
script to upgrade. (Please consult picos-2.2.0-image-upgrade-guide)
Displaying System Information

You can display your system’s information, including fan, power supply unit, and serial number information.
(1) Displaying the system fan
XorPlus>show system fan

Sensor Temperature:
Sensor 1 Temperature : 42 Centigrade
Fan Status:
Fan 1 speed = 12529 RPM, PWM = 79
(2) Displaying the system power supply unit
XorPlus> show system rpsu

RPSU 1:
TEMPERATURE_1 : N/A
RPSU 2:
TEMPERATURE_1 : 38.00 Centigrade
TEMPERATURE_2 : 40.00 Centigrade
FAN_SPEED : 10784.0 RPM
FAN_PWM : 60
(3) Displaying the system serial number
XorPlus> show system serial-number

MotherBoard Serial Number : QTFCXI2460009
RPSU 1 Serial Number : N/A
RPSU 2 Serial Number : 601G10103C370ZG

SFP te-1/1/49 :
Vendor Name : PICA8
Serial Number : 78613B10987
Module Type : SR/850nm
Cable Length : 80m
SFP te-1/1/50 :
Vendor Name : JESS-LINK
Serial Number : 12344D0001
Cable Length : 5m
SFP te-1/1/51 :
Vendor Name : DELTA
Serial Number : 084109000017
Module Type : SR/850nm
Cable Length : 80m
SFP te-1/1/52 :
Vendor Name : JESS-LINK
Serial Number : 12344D0002
Cable Length : 5m
(4) Displaying additional system information
XorPlus# run show system temperature

Temperature: 39 C /102F
XorPlus#
XorPlus# run show system uptime
01:21:33 up 50 min, load average: 0.04, 0.06, 0.07
XorPlus#
XorPlus# run show system cpu-usage
Cpu usage: 15%
XorPlus#
XorPlus# run show system date
Mon Jan 13 18:11:04 UTC 2014
XorPlus#
XorPlus# run show system memory-usage
total used free shared buffers cached
Mem: 515808 185468 330340 0 10320 68312
-/+ buffers/cache: 106836 408972
Swap: 0 0 0
XorPlus#
XorPlus# run show system name
XorPlus
XorPlus#
XorPlus# run show system ntp-status
Please start the ntp server first!
XorPlus#
XorPlus# run show system os
Linux XorPlus 2.6.27 #1 Thu Feb 13 00:42:23 CST 2014 ppc GNU/Linux
XorPlus# run show system processes brief
PID TTY STAT TIME COMMAND
1 ? Ss 0:01 init [2]
2 ? S< 0:00 [kthreadd]
3 ? S< 0:00 [ksoftirqd/0]
4 ? S< 0:00 [watchdog/0]
5 ? S< 0:02 [events/0]
6 ? S< 0:00 [khelper]
48 ? S< 0:00 [kblockd/0]
55 ? S< 0:00 [ata/0]
56 ? S< 0:00 [ata_aux]
58 ? S< 0:00 [kseriod]
99 ? S 0:00 [pdflush]
101 ? S< 0:00 [kswapd0]
147 ? S< 0:00 [aio/0]
156 ? S< 0:00 [nfsiod]
831 ? S< 0:00 [ftld]
853 ? S< 0:00 [rpciod/0]
857 ? S< 0:00 [kjournald]
2222 ? S 0:00 [pdflush]
2356 ? Ss 0:00 /usr/sbin/cron -L 0
2387 ? Ss 0:00 /usr/sbin/xinetd -pidfile /var/run/xinetd.pid -stayalive -inetd_compat
-inetd_ipv6
2501 ? S 0:03 pica_cardmgr
2503 ? S 0:59 pica_sif
2649 ? S 0:05 pica_lacp
2664 ? Ss 0:00 dhclient -pf /run/dhclient.eth0.pid -lf
/var/lib/dhcp/dhclient.eth0.leases eth0
2666 ? Sl 18:06 pica_lcmgr
2672 ? S 0:04 pica_login
3166 ? Sl 0:00 /usr/sbin/rsyslogd -c5
3457 ? S 0:35 pica_mstp
3462 ? S 0:02 xorp_policy
3464 ? Ss 1:03 /pica/bin/xorp_rtrmgr -d -L local0.info -P /var/run/xorp_rtrmgr.pid
3500 tty1 Ss+ 0:00 /sbin/getty 38400 tty1
3761 ttyS0 Ss+ 0:00 /sbin/getty -s -L ttyS0 115200 ansi
4050 ? S 0:57 ovs-vswitchd
4422 ? Ss 0:00 in.telnetd: 10.10.50.16
4423 pts/0 Ss 0:00 login -h 10.10.50.16 -p
4424 pts/0 S+ 0:00 -bash
4434 pts/0 S+ 0:03 /pica/bin/pica_sh
6451 ? Ss 0:00 in.telnetd: 10.10.50.18
6452 pts/1 Ss 0:00 login -h 10.10.50.18 -p
6460 pts/1 S+ 0:00 -bash
6469 pts/1 R+ 0:03 /pica/bin/pica_sh
15113 pts/1 R 0:00 ps a

XorPlus# run show system rollback ?
Possible completions:
compare Show the difference between tow rolled back configurations
file Show rolled back configuration file
list Show rolled back file list
XorPlus# run show system rollback compare to 02
3c3
< /*Last commit : Mon Jan 13 14:13:01 2014 by admin*/
---
> /*Last commit : Mon Jan 13 14:11:54 2014 by admin*/
83,86d82
< crossflow {
< enable: true
< local-control: true
< }
95,98d90
< crossflow {
< enable: true
< local-control: true
< }
510,514d501
< controller 1 {
< protocol: "tcp"
< address: 10.10.50.47
< port: 6633
< }
XorPlus#
XorPlus# run show system rollback file 02
/*XORP Configuration File, v1.0*/
/* Copyright (C) 2009-2013 Pica8, Inc.*/
/*Last commit : Mon Jan 13 14:11:54 2014 by admin*/
/*PicOS Version : 2.2*/
/*Version Checksum: 24226776f6bc5622030e3b7959d612bf*/
interface {
ecmp {
max-path: 4
hash-mapping {
field {
ingress-interface {
disable: true
}
vlan {
disable: true
}
ip-protocol {
disable: true
}
ip-source {
disable: false
}
ip-destination {
disable: false
}
port-source {
disable: false
}
port-destination {
disable: false
}
}
}
}
aggregate-balancing {
…………………..…………………..…………………..
XorPlus# run show system rollback list
-rw-rw-r-- 1 root xorp 23478 Jul 7 22:55 /pica/config/pica.conf
-rw-rw-r-- 1 root xorp 23595 Jul 7 22:28 /pica/config/pica.conf.01
-rw-rw-r-- 1 admin xorp 23595 Jul 7 22:27 /pica/config/pica.conf.02
-rw-rw-r-- 1 root xorp 23595 Jul 7 22:26 /pica/config/pica.conf.03
XorPlus# run show system users
admin pts/0 Jan 13 14:19 (10.10.50.16)
admin pts/1 Jan 13 15:03 (10.10.50.18)
XorPlus#
XorPlus# run show system core-dumps
total 0
XorPlus#
XorPlus# run show system connections
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode
tcp 0 0 127.0.0.1:49152 0.0.0.0:* LISTEN 0 6787
tcp 0 0 127.0.0.1:60833 0.0.0.0:* LISTEN 0 5715
tcp 0 0 127.0.0.1:51714 0.0.0.0:* LISTEN 11 31043
tcp 0 0 127.0.0.1:42179 0.0.0.0:* LISTEN 0 6789
tcp 0 0 127.0.0.1:56484 0.0.0.0:* LISTEN 0 5711
tcp 0 0 127.0.0.1:51044 0.0.0.0:* LISTEN 0 5705
tcp 0 0 127.0.0.1:40421 0.0.0.0:* LISTEN 0 6764
tcp 0 0 127.0.0.1:56263 0.0.0.0:* LISTEN 0 6822
XorPlus# run show system boot-messages
Copyright (c) 2009-2014 Pica8 Inc.
All rights reserved.
Up time: 18:19:41
revision: 2.6.27
Using MPC85xx CDS machine description

Memory CAM mapping: CAM0=256Mb, CAM1=256Mb, CAM2=0Mb residual: 0Mb
Linux version 2.6.27 (root@dev-16-new) (gcc version 4.2.2) #1 Thu Feb 13 00:42:23 CST 2014
Found legacy serial port 0 for /soc8541@e0000000/serial@4500
mem=e0004500, taddr=e0004500, irq=0, clk=330000000, speed=0
Found legacy serial port 1 for /soc8541@e0000000/serial@4600
mem=e0004600, taddr=e0004600, irq=0, clk=330000000, speed=0
Technical Support
Execute the diagnostic command, show tech_support, to send the information to Pica8 Supports and receive a
diagnostic report back from Pica8 technical support.
(1) Executing the diagnostic command
XorPlus> show tech_support

Start......
Item 1: Display system version finished!

Item 2: Display system interface finished!
Item 3: Display system configuration finished!
Item 4: Display system config files finished!
Item 5: Display system process finished!
Item 6: Display system fdb table finished!
Item 7: Display system fdb entries finished!
Item 8: Display system ospf neighbors finished!
Item 9: Display system ospf interfaces finished!
Item 10: Display system route table finished!
Item 11: Get error event from log!
Item 12: Display system hard-route table finished!
Item 13: Display system hard-route for host finished!
Item 14: Dispaly system spanning tree interfaces finished!
Item 15: Dispaly system spanning tree bridge finished!
Item 16: Display system vlans table finished!
Item 17: Display system vlan-interfaces finished!
Item 18: Display system core-dump finished!
Item 19: Display system uptime finished!
Item 20: Display system arp table finished!
The information has been stored in /tmp/XorPlus-201307052220-techSupport.log, please forward to

support@pica8.com
XorPlus>
Flushing ARP and the Neighbor Table

You can manually flush the ARP entry and the IPv6 neighbor table.
(1) Flushing the ARP entry
XorPlus> flush arp all

XorPlus> flush arp ip-address 192.168.1.1
Rebooting the System

Reboot the system as follows:
(1) Rebooting the system
XorPlus>request system reboot
U-Boot 1.3.0 (Apr 11 2011 - 10:41:10)
CPU: 8541, Version: 1.1, (0x80720011)

Core: E500, Version: 2.0, (0x80200020)
I2C: ready
DRAM: Initializing
DDR: 512 MB
FLASH: 32 MB
Set ethaddr MAC address = 60:eb:69:d2:9c:d8
In: serial
Out: serial
Err: serial
Net: TSEC0
IDE: Bus 0: OK
Device 0: Model: TRANSCEND Firm: 20091130 Ser#: 20100723 C4130E83
Type: Hard Disk
Capacity: 1911.6 MB = 1.8 GB (3915072 x 512)
Displaying the Debugging Message

You can configure the debugging message in your current window.
(1) Syslog monitor on

Nov 21 2000 22:27:39 XorPlus local0.warn : [SIF]Interface ge-1/1/3, changed state to up
Nov 21 2000 22:27:41 XorPlus local0.warn : root logined the switch
Nov 21 2000 22:41:18 XorPlus local0.info xinetd[1102]: START: telnet pid=7650 from=10.10.50.16
Nov 21 2000 22:41:23 XorPlus authpriv.debug login[7651]: pam_unix(login:account): account admin has password
changed in future
Nov 21 2000 22:41:26 XorPlus local0.warn : admin logined the switch
Nov 21 2000 22:56:01 XorPlus authpriv.debug login[8040]: pam_unix(login:account): account root has password
changed in future
Nov 21 2000 23:31:16 XorPlus authpriv.debug login[9029]: pam_unix(login:account): account admin has password
changed in future
Nov 21 2000 23:31:21 XorPlus local0.warn : admin logined the switch
XorPlus>
Installing Software
You can install software that you’d like to have in your Debian system (for example, make, python, g++) as shown
below:
(1) Updating the software list on the source server
root@XorPlus#apt-get update
Hit http://ftp.tw.debian.org stable Release.gpg
Hit http://ftp.tw.debian.org stable Release
Hit http://ftp.tw.debian.org stable/main powerpc Packages
Hit http://ftp.tw.debian.org stable/main Translation-en
Reading package lists... Done
root@XorPlus#
(2) Installing new software
root@XorPlus#apt-get install make

Building dependency tree
Reading state information... Done
Suggested packages:
make-doc
The following NEW packages will be installed:
make
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

Need to get 399 kB of archives.
After this operation, 1165 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
make
Authentication warning overridden.
Get:1 http://ftp.tw.debian.org/debian/ stable/main make powerpc 3.81-8.2 [399 kB]
Fetched 399 kB in 6s (64.1 kB/s)
Selecting previously unselected package make.
(Reading database ... 16155 files and directories currently installed.)
Unpacking make (from .../make_3.81-8.2_powerpc.deb) ...
Processing triggers for man-db ...
fopen: Permission denied
Setting up make (3.81-8.2) ...
root@XorPlus#
root@XorPlus#apt-get install python

The following extra packages will be installed:
file libexpat1 libmagic1 mime-support python-minimal python2.7 python2.7-minimal
Suggested packages:
python-doc python-tk python2.7-doc binutils binfmt-support
file libexpat1 libmagic1 mime-support python python-minimal python2.7 python2.7-minimal
Need to get 5045 kB of archives.
After this operation, 18.3 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
libmagic1 libexpat1 file mime-support python2.7-minimal python2.7 python-minimal python
Get:1 http://ftp.tw.debian.org/debian/ stable/main libmagic1 powerpc 5.11-2 [201 kB]
Get:2 http://ftp.tw.debian.org/debian/ stable/main libexpat1 powerpc 2.1.0-1 [142 kB]
Get:3 http://ftp.tw.debian.org/debian/ stable/main file powerpc 5.11-2 [51.7 kB]
Get:4 http://ftp.tw.debian.org/debian/ stable/main mime-support all 3.52-1 [35.5 kB]
Get:5 http://ftp.tw.debian.org/debian/ stable/main python2.7-minimal powerpc 2.7.3-6 [1753 kB]
Get:6 http://ftp.tw.debian.org/debian/ stable/main python2.7 powerpc 2.7.3-6 [2639 kB]
Get:7 http://ftp.tw.debian.org/debian/ stable/main python-minimal all 2.7.3-4 [42.6 kB]
Get:8 http://ftp.tw.debian.org/debian/ stable/main python all 2.7.3-4 [180 kB]
Fetched 5045 kB in 18s (267 kB/s)
Selecting previously unselected package libmagic1:powerpc.
Unpacking libmagic1:powerpc (from .../libmagic1_5.11-2_powerpc.deb) ...
Selecting previously unselected package libexpat1:powerpc.
Unpacking libexpat1:powerpc (from .../libexpat1_2.1.0-1_powerpc.deb) ...
Selecting previously unselected package file.

Unpacking file (from .../file_5.11-2_powerpc.deb) ...
Selecting previously unselected package mime-support.
Unpacking mime-support (from .../mime-support_3.52-1_all.deb) ...
Selecting previously unselected package python2.7-minimal.
Unpacking python2.7-minimal (from .../python2.7-minimal_2.7.3-6_powerpc.deb) ...
Selecting previously unselected package python2.7.
Unpacking python2.7 (from .../python2.7_2.7.3-6_powerpc.deb) ...
Selecting previously unselected package python-minimal.
Unpacking python-minimal (from .../python-minimal_2.7.3-4_all.deb) ...
Selecting previously unselected package python.
Unpacking python (from .../python_2.7.3-4_all.deb) ...
fopen: Permission denied
Setting up libmagic1:powerpc (5.11-2) ...
Setting up libexpat1:powerpc (2.1.0-1) ...
Setting up file (5.11-2) ...
Setting up mime-support (3.52-1) ...
Setting up python2.7-minimal (2.7.3-6) ...
Linking and byte-compiling packages for runtime python2.7...
Setting up python2.7 (2.7.3-6) ...
Setting up python-minimal (2.7.3-4) ...
Setting up python (2.7.3-4) ...
root@XorPlus#
root@XorPlus#apt-get install g++

The following extra packages will be installed:
g++-4.6 libstdc++6-4.6-dev
Suggested packages:
g++-multilib g++-4.6-multilib gcc-4.6-doc libstdc++6-4.6-dbg libstdc++6-4.6-doc
g++ g++-4.6 libstdc++6-4.6-dev
Need to get 0 B/8383 kB of archives.
After this operation, 24.4 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
libstdc++6-4.6-dev g++-4.6 g++
Selecting previously unselected package libstdc++6-4.6-dev.
Unpacking libstdc++6-4.6-dev (from .../libstdc++6-4.6-dev_4.6.3-14_powerpc.deb) ...
Selecting previously unselected package g++-4.6.
Unpacking g++-4.6 (from .../g++-4.6_4.6.3-14_powerpc.deb) ...
Selecting previously unselected package g++.

Unpacking g++ (from .../g++_4%3a4.6.3-8_powerpc.deb) ...
Setting up libstdc++6-4.6-dev (4.6.3-14) ...
Setting up g++-4.6 (4.6.3-14) ...
Setting up g++ (4:4.6.3-8) ...
update-alternatives: using /usr/bin/g++ to provide /usr/bin/c++ (c++) in auto mode
root@XorPlus#
Command List
cls
commit
delete interface management-ethernet eth0 address
delete interface management-ethernet eth0 gateway
delete system aaa local disable
delete system aaa radius accounting disable
delete system aaa radius authorization disable
delete system aaa tacacs-plus accounting
delete system aaa tacacs-plus auth-type
delete system aaa tacacs-plus authorization
delete system aaa tacacs-plus disable
delete system aaa tacacs-plus key
delete system aaa tacacs-plus port-number
delete system hostname
delete system inband enable
delete system log-facility
delete system log-level
delete system login announcement
delete system login user admin authentication plain-text-password
delete system login user admin class
delete system login user operator authentication plain-text-password
delete system login user operator class
delete system login user root authentication plain-text-password
delete system login user root class
delete system services ssh connection-limit
delete system services ssh disable
delete system services ssh rate-limit
delete system services ssh root-login
delete system services telnet connection-limit
delete system services telnet disable
delete system services telnet rate-limit
delete system syslog host
delete system syslog local-file
delete system syslog port-number
delete system syslog port-protocol
exit configuration-mode
exit discard
help apply
help commit
help create
help delete
help execute
help exit configuration-mode
help exit discard
help help
help load
help quit
help rollback
help run
help save
help set
help show all
help status
help top
help up
quit
run clear log bozo
run clear log all
run request system reboot
run set cli idle-timeout <int>
run set cli terminal ansi
run set cli terminal linux
run set cli terminal vt100
run set cli terminal xterm
run set date bozo
run set management-ethernet-speed eth0 <auto>|<int>
run show all_config
run show cli history
run show log date bozo
run show log last-rows <int>
run show running_config
run show system boot-messages
run show system connections

run show system core-dumps
run show system cpu-usage
run show system date
run show system fan
run show system memory-usage
run show system name
run show system ntp-status
run show system os
run show system processes brief
run show system processes detail
run show system rollback compare to <int>
run show system rollback file <int>
run show system rollback list
run show system rpsu
run show system serial-number
run show system temperature
run show system uptime
run show system users
run show task
run show tech_support
run show version
run start shell sh
run syslog monitor off
run syslog monitor on
run telnet <ip-address>
set interface management-ethernet eth0 address <ip-address/netmask>
set interface management-ethernet eth0 gateway <ip-address>
set protocols dhcp option82 disable true
set protocols dhcp relay port bozo circuit-id bozo
set protocols dhcp relay vlan-interface bozo dhcp-server-address1 <ip-address>
set protocols dhcp relay vlan-interface bozo disable true
set protocols dhcp snooping binding file bozo
set protocols dhcp snooping binding timeout <int>
set protocols dhcp snooping disable true

set protocols dhcp snooping port bozo trust true
set protocols dhcp traceoptions flag all disable trueset protocols igmp disable true
set protocols sflow agent-id <ip-address>
set protocols sflow collector <ip-address> udp-port <int>
set protocols sflow disable true
set protocols sflow header-len <int>
set protocols sflow interface bozo disable true
set protocols sflow interface bozo header-len <int>
set protocols sflow interface bozo polling-interval <int>
set protocols sflow interface bozo sampling-rate egress <int>
set protocols sflow interface bozo sampling-rate ingress <int>
set protocols sflow polling-interval <int>
set protocols sflow sampling-rate egress <int>
set protocols sflow sampling-rate ingress <int>
set protocols sflow source-address <ip-address>
set protocols sflow traceoptions flag all disable true
set protocols snmp community bozo authorization read-only
set protocols snmp community bozo authorization read-write
set protocols snmp community bozo clients <ip-address>
set protocols snmp contact bozo
set protocols snmp location bozo
set protocols snmp traceoptions flag all disable true
set protocols snmp traceoptions flag general disable true
set protocols snmp traceoptions flag pdu disable true
set protocols snmp trap-group targets <ip-address>
set protocols snmp trap-group version v1
set protocols snmp trap-group version v2set protocols spanning-tree enable true
set system aaa local disable true
set system aaa radius accounting disable true
set system aaa radius accounting server-ip <ip-address> port <int>
set system aaa radius accounting server-ip <ip-address> shared-key bozo
set system aaa radius accounting server-ip <ip-address> timeout <int>
set system aaa radius authorization disable true
set system aaa radius authorization server-ip <ip-address> port <int>
set system aaa radius authorization server-ip <ip-address> shared-key bozo
set system aaa radius authorization server-ip <ip-address> timeout <int>
set system aaa tacacs-plus accounting true

set system aaa tacacs-plus auth-type ascii
set system aaa tacacs-plus auth-type chap
set system aaa tacacs-plus auth-type pap
set system aaa tacacs-plus authorization true
set system aaa tacacs-plus disable true
set system aaa tacacs-plus key bozo
set system aaa tacacs-plus port-number <int>
set system aaa tacacs-plus server-ip <ip-address>
set system hostname bozo
set system inband enable true
set system log-facility <int>
set system log-level error
set system log-level fatal
set system log-level info
set system log-level trace
set system log-level warning
set system login announcement bozo
set system login user bozo authentication plain-text-password bozo
set system login user bozo class read-only
set system login user bozo class super-user
set system login user admin authentication plain-text-password bozo
set system login user admin class read-only
set system login user admin class super-user
set system login user operator authentication plain-text-password bozo
set system login user operator class read-only
set system login user operator class super-user
set system login user root authentication plain-text-password bozo
set system login user root class read-only
set system login user root class super-user
set system login-acl network <ip-address/netmask>
set system login-acl network <ipv6-address/netmask>
set system ntp-server-ip <ip-address>
set system remote-config allow-client <ip-address/netmask>
set system services ssh connection-limit <int>
set system services ssh disable true
set system services ssh protocol-version v2
set system services ssh rate-limit <int>

set system services ssh root-login allow
set system services ssh root-login deny
set system services telnet connection-limit <int>
set system services telnet disable true
set system services telnet rate-limit <int>
set system snmp-acl network <ip-address/netmask>
set system syslog host <ip-address>
set system syslog local-file disk
set system syslog local-file ram
set system syslog port-number <int>
set system syslog port-protocol tcp
set system syslog port-protocol udp
show all interface management-ethernet eth0
show all system aaa local
show all system aaa radius accounting
show all system aaa radius authorization
show all system aaa tacacs-plus
show all system inband
show all system login user admin authentication
show all system login user operator authentication
show all system login user root authentication
show all system services ssh
show all system services telnet
show all system syslog
show interface management-ethernet eth0
show system aaa local
show system aaa radius accounting
show system aaa radius authorization
show system aaa tacacs-plus
show system inband
show system login user admin authentication
show system login user operator authentication
show system login user root authentication
show system services ssh
show system services telnet
show system syslog
status
top
File Management Configuratio
Chapter 4.File Management Configuration

This chapter describes the configuration files and how to save, rollback, and manage them.
With our provided scripts, you can configure multiple switches from a centralized management server.
Managing Configuration Files

You can copy, delete, or rename any configuration files in the system, but do not delete the system files.
(1) Listing directory files

You can display the files of a specified directory:
XorPlus> file list /

drwxr-xr-x 2 root xorp 4096 Sep 25 00:54 bin
drwxr-xr-x 2 root xorp 4096 Sep 24 06:21 boot
drwxr-xr-x 2 root xorp 4096 Sep 23 17:05 cftmp
-rwxr-xr-x 1 root xorp 40559 Sep 23 17:05 config.bcm
drwxr-xr-x 4 root root 4096 Sep 25 00:54 dev
drwxr-xr-x 7 root xorp 4096 Sep 25 00:55 etc
drwxr-xr-x 4 root xorp 4096 Sep 24 06:21 lib
lrwxrwxrwx 1 root root 11 Sep 24 06:21 linuxrc -> bin/busybox
drwxr-xr-x 5 root xorp 4096 Sep 24 06:21 mnt
drwxr-xr-x 2 root xorp 4096 Sep 23 17:05 opt
drwxr-xr-x 5 root xorp 4096 Sep 24 06:21 ovs
drwxr-xr-x 14 root xorp 4096 Sep 24 06:23 pica
dr-xr-xr-x 52 root root 0 Jan 1 1970 proc
-rwxr-xr-x 1 root xorp 59012 Sep 23 17:05 rc.soc
drwxr-xr-x 2 root xorp 4096 Sep 24 06:21 sbin
drwxr-xr-x 11 root root 0 Jan 1 1970 sys
drwxrwxrwx 8 root xorp 1024 Sep 25 00:55 tmp
drwxr-xr-x 7 root xorp 4096 Sep 24 06:22 usr
drwxr-xr-x 7 root xorp 4096 Sep 24 06:23 var
XorPlus> file list /tmp
drwxrwxr-x 5 root xorp 1024 Sep 25 00:54 home
drwxrwxr-x 2 root xorp 1024 Sep 25 00:54 log
drwx------ 2 root root 12288 Sep 25 00:54 lost+found
drwxrwxr-x 3 root xorp 1024 Sep 25 00:55 run
drwxrwxr-x 2 root xorp 1024 Sep 25 00:54 snmp
drwxrwxr-x 2 root xorp 1024 Sep 25 00:56 system
(2) Displaying file contents
File Management Configuration
Display the contents of a specified file:
-- 1 root root 410 Sep 24 06:23 boot.lst

-rw-rw-r-- 1 root xorp 16006 Sep 24 07:44 pica.conf
-rw-rw-r-- 1 root xorp 16003 Sep 24 07:22 pica.conf.01
drwxrwxrwx 2 root root 4096 Sep 24 06:25 root
XorPlus> file show /pica/config/pica.conf
/*XORP Configuration File, v1.0*/
interface {
ecmp {
max-path: 4
hash-mapping {
field {
ingress-interface {
disable: false
}
vlan {
disable: false
}
ip-protocol {
disable: false
}
ip-source {
disable: false
}
ip-destination {
disable: false
}
port-source {
disable: false
}
port-destination {
disable: false
}
}
}
}
(4) Additional file management commands

You can also copy, archive, and checksum, compare, rename, and sync files.
XorPlus> file list /pica/config

-rw-r--r-- 1 root root 410 Sep 24 06:23 boot.lst
XorPlus> file copy /pica/config/pica.conf
<destination-file> Copy files to and from the router
XorPlus> file copy /pica/config/pica.conf /pica/config/ychen.conf
-rw-rw-r-- 1 root root 16006 Sep 25 02:22 ychen.conf
XorPlus>
XorPlus> file rename /pica/config/ychen.conf /pica/config/ychen-1.conf
-rw-rw-r-- 1 root root 16006 Sep 25 02:22 ychen-1.conf
XorPlus>
XorPlus> file checksum /pica/config/ychen-1.conf
3559192236 16006 /pica/config/ychen-1.conf

XorPlus>
XorPlus> file sync
XorPlus>
XorPlus> file compare /pica/config/pica.conf /pica/config/pica.conf.01
3c3
---
510,514d509
< controller 1 {
< protocol: "tcp"
< address: 10.10.50.47
< port: 6633
< }
(5) Additional file function to changing directory
You can change the current directory, its function like “pwd” or “cd”.
XorPlus> file cwd
Current working directory: /tmp/home/admin
XorPlus>
XorPlus> file cwd /pica/config
XorPlus> file cwd
Current working directory: /pica/config
XorPlus>
Displaying Your Current Configuration

In Layer 2 / Layer 3, you can display your non-default configuration with the show commands. The command of
“show all“ can display the current configuration’s default value. If you want to know the default configuration, you can
view the pica_default.boot file.
XorPlus# show
vlans {
vlan-id 200 {
}
}
[edit]
XorPlus#
XorPlus# show all
vlans {
vlan-id 200 {
description: ""
vlan-name: "default"
l3-interface: ""
}
}
[edit]
Displaying Your configuration of setting

XorPlus# show | display set
set interface ethernet-switching-options analyzer test input ingress ge-1/1/2
set interface ethernet-switching-options analyzer test input egress ge-1/1/2
set interface ethernet-switching-options analyzer test output "ge-1/1/3"
Rolling Back a Configuration

Each time you commit a configuration in L2/L3 mode, a rollback configuration file is created. For example, if you
commit the configuration 10 times, then pica.conf.01~pica.conf.10 is created. You can rollback to any one of these
configurations when necessary.
The maximum rollback file is limited to 50. The current configuration is located in pica.conf.
XorPlus# rollback 1
XorPlus# Loading config file...
Config file was loaded successfully.
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Displaying the different between the current config with destination config file
XorPlus# show | compare rollback 2
[edit vlans]
----------------------------------------------------------------------------------------
+vlan-id 3 {
+}
XorPlus#
Managing Configuration Files

You can display, copy, delete, rename, or compare the configuration files as shown below.
Recover your Current Configuration to the Default Configuration.

The pica_startup.boot file denotes the startup and default configuration file. In current version, you should delete the
pica_startup.boot file and then rebooting, After restarting, it will recover to the default configuration
XorPlus# run file delete /pica/config/pica_startup.boot

pica.conf denotes the current configuration file.
XorPlus> file list pica/config

-rw-r--r-- 1 root root 344 Apr 1 02:27 boot.lst
-rw-rw-r-- 1 root xorp 10750 Apr 9 09:20 pica.conf
-rw-rw-r-- 1 root xorp 10749 Apr 9 09:17 pica.conf.01
-rw-rw-r-- 1 root xorp 10750 Apr 9 09:32 pica_startup.boot
drwxrwxrwx 2 root root 4096 Apr 1 02:28 root
XorPlus>

3c3
---
510,514d509
< controller 1 {
< protocol: "tcp"
< address: 10.10.50.47
< port: 6633
< }
XorPlus>
Saving, Applying, Executing and Loading Configuration Files

You can save the current configuration to a file and load or apply it later. You can load only a complete configuration
file as your new configuration file; however, you can apply an incomplete configuration file to your current running
configuration. Use the execute command to load the configuration. Note that only set, delete and commit commands
are included in the command batch. Other commands are invalid and therefore ignored.
XorPlus# save ychen.conf

Save done.
[edit]
XorPlus# load ychen.config
<text> Local file name
ychen.conf Size: 10750, Last changed: Sat Apr 9 09:52:11 2011
XorPlus# load ychen.conf
XorPlus# Loading config file...
Config file was loaded successfully.
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# apply ychen.config
ychen.conf Size: 10750, Last changed: Sat Apr 9 09:52:11 2011
XorPlus# Applying config file...
Config file was applied successfully.
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# execute ?
Ychen1.conf Size: 10750, Last changed: Sat Apr 9 09:52:11 2011
XorPlus# execute ychen1.conf
Commit OK.
Save done.
[edit]
XorPlus#
The file of ychen.conf content like this:
firewall {
filter f33 {
sequence 1 {
from {
destination-mac-address: 22:22:22:22:22:22
}
then {
action: "forward"
}
}
input {
interface "ge-1/1/1"
}
}
}
The file of ychen1.conf content like this:
delete firewall filter f33
commit
Bash linux shell

User can execute the Linux command in the CLI. e.g. display the process of system, create directory, or commands
added by other third installed software.
XorPlus# run bash "ps "

PID TTY TIME CMD
5289 ttyS0 00:00:00 bash
5301 ttyS0 00:00:03 pica_sh
7725 ttyS0 00:00:00 ps
XorPlus# run bash “pwd”
/tmp/home/admin
XorPlus>
By default, there is a shell script named with “upgrade.sh” in "/pica/bin/shell" directory, users can execute this script
by command “upgrade” in bash. This script will upgrade the image and back up configuration files automatically. You
should according to pico-2.2.0-image-upgrade-guide to change the image if you need to downgrade. Or you can get
the image and md5 file to /cftmp directory, then rebooting to downgrade (You should back up the configuration file
manually if you need).
Usage:
root@XorPlus$upgrade
USAGE
Upgrade system with local new image
SYNOPSIS
upgrade image_name [no-md5-check]
DESCRIPTION
image_name - Image should be saved in /cftmp
no-md5-check - Disable check of the image file for MD5
Steps:
1) Downloading new image to /cftmp dir. (By default this script will checking image MD5, it needs MD5 file in /cftmp
directory, you can use the parameter of "no-md5-check" to disable MD5 checking, otherwise the script will abort)
2) Synchronize. (After downloading image, you should synchronize the data by the command "sync" in bash, avoiding
losing data and some errors)
3) Executing upgrade script. (The image_name should be consistent with the platform, otherwise the script will abort)
For example (P-3295 switch):
A: upgrading and checking MD5

root@XorPlus$upgrade picos-2.2.1-P3295-13912.tar.gz
Upgrading P-3295
Upgrade P-3295 started
Checking MD5 of image
MD5 Check OK!
Back up PicOS configuration files
/ovs/ovs-vswitchd.conf.db /pica/config/pica_startup.boot
Config files saved locally as /cftmp/CONFIG_FILE_P-3295-10.10.50.150-@20140225.tgz
Rebooting in 10 seconds!
reboot now!
B: only upgrading, not checking MD5

root@XorPlus$upgrade picos-2.2.1-P3295-13912.tar.gz no-md5-check
Upgrading P-3295
Upgrade P-3295 started
Back up PicOS configuration files
/ovs/ovs-vswitchd.conf.db /pica/config/pica_startup.boot
Config files saved locally as /cftmp/CONFIG_FILE_P-3295-10.10.50.150-@20140225.tgz
Rebooting in 10 seconds!
reboot now!
Set alias set_vlans as “PicOS commands”

User can configure an alias for a PicOS command. This CLI is also support multiple parameter. In other word, user
can user the parameter in PicOS CLI e.g. $1,$2…., which will be used in alias command.
XorPlus# set alias set_vlans as "set vlans vlan-id $1"
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set_vlans 10
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set alias set_vlans_interface as " set vlans vlan-id $1 vlan-name $2"
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set_vlans_interface 20 vlan20
[edit]
XorPlus# commit
Commit OK.
Save done.
Command List
execute bozo
load bozo
rollback
run bash <command>
run file archive bozo bozo bozo
run file checksum bozo
run file compare bozo bozo
run file copy bozo bozo
run file cwd bozo
run file delete bozo
run file list bozo
run file rename bozo bozo
run file show bozo
run file sync
run file tftp get remote-file bozo local-file bozo ip-address <ip-address>
run file tftp put local-file bozo remote-file bozo ip-address <ip-address>
save bozo
set alias bozo pattern bozo
Layer2 Switching Configuration
Chapter 5 Layer 2 Switching Configuration

This chapter describes the configuration steps of Layer2 switching, including MAC address learning, LLDP, LACP,
802.1Q VLAN, flow control, mirroring, storm control, and the Spanning Tree Protocol (STP/RSTP/MSTP).
Configuring LLDP (Link Layer Discovery Protocol)

LLDP is a standard link-layer discovery protocol which can broadcast its capability, IP address, ID, and interface name
as TLVs (Type/Length/Value) in LLDP PDUs (Link Layer Discovery Protocol Data Units).
An LLDP PDU includes 4 basic TLVs and several optional TLVs. Basic TLVs include the Chassis ID, Port
ID, TTL and End TLVs.
In Layer 2 / Layer 3, you can select the following optional TLVs:
Table 3-1. Supported TLVs of Layer 2 / Layer 3.
TLV Name Description
mac-phy-cfg MAC address of the system
management-address Management IP address of the system
port-description The port description of system
port-vlan The VLAN ID of the port
system-capabilities System capability (e.g. switching, routing)
system-description System description
system-name System name
(1) Configuring the LLDP mode

LLDP supports 4 modes: TxRx, Tx_only, Rx_only, and Disabled. In TxRx mode, the system transmits and receives
LLDPDUs. In Tx_only, the system only transmits LLDPDUs. In Rx_only, the system only receives LLDPDUs. In
Disabled, the system will not transmit or receive any LLDPDUs.
You can configure the system as shown below:
XorPlus# set protocols lldp enable true

[edit]
XorPlus# set protocols lldp interface ge-1/1/1 status tx_rx
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Selecting optional TLVs
XorPlus# set protocols lldp tlv-select mac-phy-cfg true

[edit]
XorPlus# set protocols lldp tlv-select management-address true
[edit]
XorPlus# set protocols lldp tlv-select port-description true
[edit]
XorPlus# set protocols lldp tlv-select system-capabilities true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Displaying LLDP information
XorPlus# show protocols lldp

Waiting for building configuration.
enable: true
tlv-select {
}
(4) Configuring other parameters

You can configure other parameters in a similar manner; for example, advertisement-interval, hold-time-multiplier,
reinit-delay, and transmit-delay.
Static Link Aggregation Configuration

 You can configure up to 24 LAGs in Layer 2 / Layer 3, and each LAG can have up to 8 member ports.
 Both static and LACP LAGs can support the hashing of traffic using the Src/Dst MAC address, the Src/DstIP
address, and Layer 4 port information.
 If all member ports of a LAN are link-down, the LAG will be link-down. The LAG will become link-up when at least
one member port is link-up.
 The logical function and configuration of LAGs are same as those of a physical port.
(1) Configuring static LAGs
XorPlus# set interface aggregate-ethernet ae1

[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options 802.3ad ae1
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Displaying static LAG information
XorPlus# run show interface aggregate-ethernet ae1

Physical interface: ae1, Enabled, Physical link is Up
Interface index: 53
Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto
Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled
Interface flags: Hardware-Down SNMP-Traps Internal: 0x0
Current address: c8:0a:a9:9e:14:9f, Hardware address: c8:0a:a9:9e:14:9f
Traffic statistics:
Input Packets............................176
Output Packets...........................16
Input Octets.............................12888
Output Octets............................1594
Aggregated link protocol: STATIC
Members Status Port Speed
--------- -------- ----------
ge-1/1/1 Down Auto
ge-1/1/2 Down Auto
ge-1/1/3 Up Auto
ge-1/1/4 Up Auto
Link Aggregation Control Protocol (LACP) Configuration

LACP (802.3ad) provides the dynamic link aggregation function.
The LACPDU includes the LACP system priority, the system MAC, the port priority and I.D. The port, included in the
LACP LAG, will transmit the LACPDU to its neighbors.
The configuration of the LACP LAG is similar to that of the static LAG.
min-selected-port denotes that the LAG is up only when no fewer than the defined number of ports are up. Below,
our defined number is 4.
(1) Configuring LACP LAGs
XorPlus# set interface aggregate-ethernet ae1aggregated-ether-options lacp enable true

[edit]
XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options min-selected-port 4
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Displaying LACP LAG information
XorPlus# run show interface aggregate-ethernet ae1

Physical interface: ae1, Enabled, Physical link is Down
Interface index: 53
Description:
Link-level type: Ethernet, MTU: 1514, Speed: Auto, Duplex: Auto
Current address: 60:eb:69:d2:9c:d7, Hardware address: 60:eb:69:d2:9c:d7
Traffic statistics:
5 sec input rate 0 bits/sec, 0 packets/sec
5 sec output rate 0 bits/sec, 0 packets/sec
Input Packets............................0
Output Packets...........................0
Input Octets.............................0
Output Octets............................0
Aggregated link protocol: LACP
Minimum number of selected ports: 4
Members Status Port Speed
--------- ---------- ----------
ge-1/1/1 up(active) Auto
MLAG Configuration Guide

Traditionally, an aggregation interface is a logical interface that is used to increase the bandwidth or availability by
users of more than one physical interface in a switch. Multi-chassis LAG (MLAG) can form a logical aggregation
interface to multiple switches.
In Figure 1, switch A and C are connected by link A; switch B and C is connected by link B. In switch C, link A and B
has formed an aggregation interface to balance the traffic. In the meanwhile, switch A and B has formed a MLAG
using link A and B. For communication, such as MAC entries, between the members of the MLAG and are learned by
the MLAG must need be synchronized. In Figure 1 synchronization between switch A and B, and link C are used to
connect switch A and B as the channel interface. The number of links which connect switch A and C or B and C
cannot be more than 1.
Important things to know about MLAG

There are two issues in the MLAG: MAC entry synchronization and broadcast traffic control. MAC entry
synchronization means that the MAC entry learned by the interface must be synchronized by the peer switch. In
current version, we only support 2 nodes in a MLAG and use L2 traffic to communicate between the nodes.
Figure 1-1
SwitchA SwitchB
Link C
Link A Link B
LAG
SwitchC
Configuring MLAG domain-id

The domain-id command assigns an MLAG ID to an aggregation interface. MLAG neighbor switches form an MLAG
when each switch configures the same MLAG-ID to an aggregation interface. Only one MLAG domain-id can be
assigned to an aggregation interface. The same MLAG domain-id cannot be assigned to more than one aggregation
interface.
XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlag domain-id 1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring MLAG system-id

The system-id command specifies the local chassis system’s MAC address for an MLAG domain and is used in LACP
aggregation as source system MAC address.
XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlag system-ide8:9a:8f:50:3d:30
[edit]
XorPlus# commit

Commit OK.
Save done.
[edit]
XorPlus#
Configuring MLAG peer

The peer command specifies the neighbor’s IP address for a MLAG domain. The MLAG synchronized messages is
sent to the neighbor IP address.
XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlag peer 10.0.0.1peer-link
"ae24"
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring MLAG priority

The priority use master/slave negotiation between the two neighbor switch. The priority command assigns a MLAG
domain.
XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlag priority 4096
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols bgp peer 192.168.49.1 export send-network
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring MLAG hello-interval

The hello-interval command configures the hello message, in both directions, between MLAG neighbors. If the
neighbor switch is pinged four times, and the hello-interval does not receive the message, the MLAG neighbor
switches revert to their independent state.
XorPlus# set interface aggregate-ethernet ae22 aggregated-ether-options mlag hello-interval 60
[edit]
XorPlus# commit

Commit OK.
Save done.
[edit]
XorPlus#
Configuring a Basic MLAG step-by-step procedure
SwitchA Peer-link
SwitchB
Te-1/1/49 Te-1/1/49
LAG3
Te-1/1/50 Te-1/1/50
Ge-1/1/1 Ge-1/1/1
LAG1
Ge-1/1/1
Ge-1/1/2
SwitchC
1) Configure the number of LAGs on Switch C. Add member interfaces to the aggregated ethernet interfaces on
Switch C.
2) Configure the number of MLAG member LAGs on both Switch A and Switch B. Add member interfaces to the
aggregated ethernet interfaces on on both Switch A and Switch B.
3) Configure the number of MLAG peer-link LAGs on both Switch A and Switch B. Add member interfaces to the
aggregated ethernet interfaces on on both Switch A and Switch B.
4) Configure the L3 interface IP address on both Switch A and Switch B for peer-to-peer communication.
5) Configure the same domain-id number on both MLAG peers on Switch A and Switch B.
6) Configure not the same system-id on both MLAG peers on Switch A and Switch B.
7) Configure the peer IP address for MLAG peer connect on both Switch A and Switch B.
8) Configure the LAGs for MLAG peer-link connects on both Switch A and Switch B.
Configuring a Basic MLAG example

Figure 2 illustrates MLAG configured between Switch A and Switch B; the MLAG connections between the neighboring
switches as well as two Network Devices.
The MLAG switches connect through a LACP LAG to Switch C.
The MLAG switches connect through a static LAG to Server A.
Figure 2
SwitchA Peer-link
SwitchB
Te-1/1/49 Te-1/1/49
LAG3
Te-1/1/50 Te-1/1/50
Ge-1/1/1 Ge-1/1/2 Ge-1/1/1 Ge-1/1/2
LAG1 LAG2
Ge-1/1/1 NIC 2
Ge-1/1/2 NIC /2
SwitchC ServerA
Configuring Switch A with Static and LACP LAG
XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options lacp enable true

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# set interface gigabit-ethernet te-1/1/49 ether-options 802.3ad ae3
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring an Aggregation Interface to VLAN Members

XorPlus# set protocols spanning-tree enable false
[edit]
[edit]
[edit]
XorPlus# set vlans vlan-id 4094 l3-interface 4094
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set interface aggregate-ethernet ae1 family ethernet-switching port-mode trunk
[edit]
XorPlus# set interface aggregate-ethernet ae1 family ethernet-switching vlan members 15
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure the L3 interface IP address

XorPlus# set vlan-interface interface 4094 vif 4094 address 10.10.0.1 prefix-length 24
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the domain-id and system-id for the MLAG domain.

[edit]
XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlag system-id e8:9a:8f:50:3d:30
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the peer IP address and the peer-link for the MLAG domain peer
XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlag peer10.10.0.2peer-link "ae3"
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch B with Static and LACP LAG

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the domain-id and system-id for the MLAG domain

[edit]
XorPlus# set interface aggregate-ethernet ae1 aggregated-ether-options mlag system-id c8:0a:a9:9e:14:a4
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch C with LACP and LAG

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Server A with NIC1 and NIC2 as Static LAG
View the MLAG internal and neighbor status of Switch A

SwitchA# run show mlag internal
Domain-id Local-LAG Flood MAC-sync State Role
--------------------------------------------------------
2 ae1 false true FULL MASTER
SwitchA# run show mlag peer 1
Peer System-id State Link-status
--------------------------------------------------------
10.10.0.2c8:0a:a9:9e:14:a4 FULL UP
--------------------------------------------------------
10.10.0.2c8:0a:a9:9e:14:a4 FULL UP
XorPlus#
View the MLAG internal and neighbor status of Switch B

SwitchB# run show mlag internal
--------------------------------------------------------
SwitchB# run show mlag peer 1
--------------------------------------------------------
10.10.0.1e8:9a:8f:50:3d:30 FULL UP
--------------------------------------------------------
10.10.0.1e8:9a:8f:50:3d:30 FULL UP
XorPlus#
Configuring a MLAG domain with MSTP example

Figure 2 illustrates MLAG configured between Switch A and Switch B; the MLAG connections between the neighboring
switches as well as two Network Devices.
The MLAG switches connect through a LACP LAG to Switch C.
The MLAG switches connect through a LACP LAG to Switch D.
Figure 3
SwitchA Peer-link
SwitchB
Te-1/1/49 Te-1/1/49
LAG3
Te-1/1/50 Te-1/1/50
Ge-1/1/1 Ge-1/1/2 Ge-1/1/1 Ge-1/1/2
LAG1 LAG2
Ge-1/1/1 Ge-1/1/1
Ge-1/1/2 Ge-1/1/2
SwitchC SwitchD
Configuring Switch A with LACP LAG

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
XorPlus# commit

Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the domain-id and system-id for the MLAG domain.

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch B with LACP LAG

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the domain-id and system-id for the MLAG domain

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch C and Switch D with LACP LAG

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch C and Switch D an aggregation interface add to VLAN Members

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
View the MLAG internal and neighbor status of Switch A

SwitchA# run show mlag internal
--------------------------------------------------------
--------------------------------------------------------
10.10.0.2c8:0a:a9:9e:14:a4 FULL UP
--------------------------------------------------------
10.10.0.2c8:0a:a9:9e:14:a4 FULL UP
XorPlus#
View the MSTP status of Switch A

SwitchA# run show spanning-tree mstp interface
MSTP Spanning Tree Interface Status for instance 0
Interface Port ID Designated Designated Bridge Ext Port Int Port State Role
Port ID ID Cost Cost
---------- --------- ---------- ----------------------- --------- --------- --------------- -----
----------
ae1 128.53 128.53 0.e8:9a:8f:50:3d:30 20000 20000 FORWARDING
DESIGNATED
DESIGNATED
ae3 128.55 128.55 0.e8:9a:8f:50:3d:30 2000 2000 FORWARDING EDGE
View the MLAG internal and neighbor status of Switch B

SwitchB# run show mlag internal
--------------------------------------------------------
--------------------------------------------------------
10.10.0.1e8:9a:8f:50:3d:30 FULL UP
--------------------------------------------------------
10.10.0.1e8:9a:8f:50:3d:30 FULL UP
XorPlus#
View the MSTP status of Switch B

SwitchA# run show spanning-tree mstp interface
MSTP Spanning Tree Interface Status for instance 0
---------- --------- ---------- ----------------------- --------- --------- --------------- -----
----------
DESIGNATED
DESIGNATED
ae3 128.55 128.55 0.e8:9a:8f:50:3d:30 2000 2000 FORWARDING EDGE
Ethernet Port Configuration

You can enable (or disable) the Ethernet port, and configure the Ethernet port’s MTU, rate-limit, and flow control.
Shutting down the Ethernet port
XorPlus# set interface gigabit-ethernet ge-1/1/1disable true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the MTU and Rate-limit
XorPlus# set interface gigabit-ethernet ge-1/1/1 rate-limiting egress kilobits 10000

[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/1 mtu 1200
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Enabling Port Flow Control
XorPlus# set interface gigabit-ethernet ge-1/1/1 ether-options flow-control true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Port Speed
XorPlus# set interface gigabit-ethernet ge-1/1/1 speed 100

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
View Port information
XorPlus# run show interface gigabit-ethernet ge-1/1/1 detail

Physical interface: ge-1/1/1, Enabled, Physical link is Up
Interface index: 1
Link-level type: Ethernet, MTU: 1514, Speed: 1Gb/s, Duplex: Full

Interface rate limit ingress:0, egress:0
Current address: c8:0a:a9:04:49:19, Hardware address: c8:0a:a9:04:49:19
Traffic statistics:
Input Packets............................35748
Output Packets...........................35143881241
Input Octets.............................3923150
Output Octets............................2266956387852
MAC statistics:
Multicast packets RX and TX..............199565932
Broadcast packets RX and TX..............4968094
Undersize packets RX and TX..............0
Fragments packets RX and TX..............0
Packets RX and TX 64 Octets..............35088774487
Packets RX and TX 65-127 Octets..........27771
Packets RX and TX 128-255 Octets.........2574126
Packets RX and TX 256-511 Octets.........52540605
Packets RX and TX 512-1023 Octets........0
Packets RX and TX 1024-1518 Octets.......0
XorPlus# run clear interface statistics all
Storm Control in Ethernet Port Configuration

You can configure unicast, multicast, and broadcast storm control in packets per second.
Configuring Storm Control
XorPlus# set interface gigabit-ethernet ge-1/1/1 storm-control broadcast pps 10000

[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/1 storm-control multicastpps 10000
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Static MAC entries and Dynamic MAC Address Learning

You can configure a static MAC entry in the FDB, and manage dynamic MAC address learning (for example,
configuring aging time or deleting the dynamic MAC addresses entry).
Configuring a static MAC entry and managing the FDB
XorPlus# set interface gigabit-ethernet ge-1/1/1 static-ethernet-switching mac-address 22:22:22:22:22:22

vlan 1
[edit]
XorPlus# set interface ethernet-switching-options mac-table-aging-time 60
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show ethernet-switching table
Total entries in switching table: 2
Static entries in switching table: 0
Dynamic entries in switching table: 2
VLAN MAC address Type Age Interfaces
---- ----------------- ------- ---- ----------
1 00:22:be:96:f2:83 Dynamic 60 ge-1/1/1
1 00:22:be:96:f2:84 Dynamic 60 ge-1/1/2
XorPlus# run clear ethernet-switching table all

XorPlus# run show ethernet-switching table
Total entries in switching table: 0
Static entries in switching table: 0
Dynamic entries in switching table: 0
VLAN MAC address Type Age Interfaces
---- ----------------- ------- ---- ----------
XorPlus#
Cut-through Switching Method

By default, the switch forwards the packets in a cut-through switching method. That is, the switch begins forwarding a
packet before the entire frame is received; normally as soon as the destination address is processed. This reduces
latency and error handling is performed by the destination devices. You can configure the switch to store-and-forward
method with the commands below.
Configuring your Switch to Store-and-Forward Method
XorPlus# set interface cut_through_mode false

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Mirroring
You can configure one (1) mirror to analyze traffic. Configure the source/destination port (also referred to as the
input/output port).
Note: The output port does not belong to any VLAN, and will not participate in Layer2 or Layer3 forwarding.
Configuring Mirroring to Analyze Traffic
XorPlus# set interface ethernet-switching-options analyzer 111 input egress ge-1/1/1

[edit]
XorPlus# set interface ethernet-switching-options analyzer 111 input ingress ge-1/1/1
[edit]
XorPlus# set interface ethernet-switching-options analyzer 111 input egress ge-1/1/2
[edit]
XorPlus# set interface ethernet-switching-options analyzer 111 input ingress ge-1/1/2
[edit]
XorPlus# set interface ethernet-switching-options analyzer 111 output ge-1/1/3
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show analyzer 111
Analyzer name: 111
Output interface: <ge-1/1/3>
Ingress monitored interfaces: <ge-1/1/1><ge-1/1/2>
Egress monitored interfaces: <ge-1/1/1><ge-1/1/2>
XorPlus#
Basic Port Configuration

VLAN tagging (IEEE 802.1Q) is a networking standard that defines the VLAN. You can configure a port as a trunk or
access port. With the native VLAN ID, you can add the port (in trunk mode) to more than one VLAN.
Access ports belong to native VLANs, while trunk ports belong to more than one VLAN including the native VLAN.
Configuring the access/trunk mode
XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching port-mode access

[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching port-mode trunk
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the Native VLANID

The native VLANID is the ID of the default VLAN (usually vlan-id 1) in which the port belongs. Every port should be
included in at least one VLAN.

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show vlans vlan-id 5
VLAN ID: 5
VLAN Name: default
Description:
vlan-interface:
Number of member ports: 1
Tagged port: None
Untagged port: ge-1/1/1,
XorPlus#
Adding a Port to a VLAN

[edit]
[edit]
[edit]

[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching vlan members 5
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show vlans
VlanID Tag Interfaces
------ -------- ------------------------------------------------------
1 tagged
untagged ge-1/1/2, ge-1/1/3, ge-1/1/4, ge-1/1/5, ge-1/1/6,
ge-1/1/7, ge-1/1/8, ge-1/1/9, ge-1/1/10, ge-1/1/11,
ge-1/1/12, ge-1/1/13, ge-1/1/14, ge-1/1/15, ge-1/1/16,
ge-1/1/17, ge-1/1/18, ge-1/1/19, ge-1/1/20, ge-1/1/21,
ge-1/1/22, ge-1/1/23, ge-1/1/24, ge-1/1/25, ge-1/1/26,
ge-1/1/27, ge-1/1/28, ge-1/1/29, ge-1/1/30, ge-1/1/31,
ge-1/1/32, ge-1/1/33, ge-1/1/34, ge-1/1/35, ge-1/1/36,
ge-1/1/37, ge-1/1/38, ge-1/1/39, ge-1/1/40, ge-1/1/41,
ge-1/1/42, ge-1/1/43, ge-1/1/44, ge-1/1/45, ge-1/1/46,
ge-1/1/47, ge-1/1/48, te-1/1/49, te-1/1/50, te-1/1/51,
te-1/1/52,
5 tagged ge-1/1/2,
untagged ge-1/1/1
6 tagged ge-1/1/2,
untagged
7 tagged ge-1/1/2,
untagged
XorPlus#
Creating a VLAN with in the VLAN range

You can create VLANs within the VLAN range, and then add ports to these VLANs.
XorPlus# set vlans vlan-id 2-4094

[edit]
[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching vlan members 1-4094
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
VLAN Configuration Example

In the following topology, the VLANs are configured for each switch.
Vlan.2 Vlan.2 Vlan.2 Vlan.2
ge-1/1/1 ge-1/1/2 ge-1/1/1 ge-1/1/2
Te-1/1/49 Te-1/1/49
Switch A Switch B
ge-1/1/3 ge-1/1/4
ge-1/1/3 ge-1/1/4
Vlan.3 Vlan.3
Vlan.3 Vlan.3
Figure 4-1.VLAN configuration.
Configuring Switch A
For Switch A, you should configure ge-1/1/1~ge-1/1/4 as access port sand te-1/1/49 as the trunk port, because
the10Gbit link will trunk the traffic of VLAN-2 and VLAN-3.

[edit]
[edit]
[edit]
[edit]
[edit]

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switching port-mode trunk
[edit]
XorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switching vlan members 2
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
------ -------- ------------------------------------------------------
1 tagged
ge-1/1/10, ge-1/1/11, ge-1/1/12, ge-1/1/13, ge-1/1/14,
ge-1/1/15, ge-1/1/16, ge-1/1/17, ge-1/1/18, ge-1/1/19,
ge-1/1/20, ge-1/1/21, ge-1/1/22, ge-1/1/23, ge-1/1/24,
ge-1/1/25, ge-1/1/26, ge-1/1/27, ge-1/1/28, ge-1/1/29,
ge-1/1/30, ge-1/1/31, ge-1/1/32, ge-1/1/33, ge-1/1/34,
ge-1/1/35, ge-1/1/36, ge-1/1/37, ge-1/1/38, ge-1/1/39,
ge-1/1/40, ge-1/1/41, ge-1/1/42, ge-1/1/43, ge-1/1/44,
ge-1/1/45, ge-1/1/46, ge-1/1/47, ge-1/1/48, te-1/1/49,
te-1/1/50, te-1/1/51, te-1/1/52,
2 tagged te-1/1/49,
untagged ge-1/1/1, ge-1/1/2,
3 tagged te-1/1/49,
XorPlus#
Configuring Switch B
For Switch B, configure ge-1/1/1~ge-1/1/4 as access port sand te-1/1/49 as the trunk port, because the 10Gbit link will
trunk the traffic ofVLAN-2 and VLAN-3.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#set interface gigabit-ethernet te-1/1/49 family ethernet-switching port-mode trunk
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
------ -------- ------------------------------------------------------
1 tagged
ge-1/1/10, ge-1/1/11, ge-1/1/12, ge-1/1/13, ge-1/1/14,
ge-1/1/15, ge-1/1/16, ge-1/1/17, ge-1/1/18, ge-1/1/19,
ge-1/1/20, ge-1/1/21, ge-1/1/22, ge-1/1/23, ge-1/1/24,
ge-1/1/25, ge-1/1/26, ge-1/1/27, ge-1/1/28, ge-1/1/29,
ge-1/1/30, ge-1/1/31, ge-1/1/32, ge-1/1/33, ge-1/1/34,
ge-1/1/35, ge-1/1/36, ge-1/1/37, ge-1/1/38, ge-1/1/39,
ge-1/1/40, ge-1/1/41, ge-1/1/42, ge-1/1/43, ge-1/1/44,
ge-1/1/45, ge-1/1/46, ge-1/1/47, ge-1/1/48, te-1/1/49,
te-1/1/50, te-1/1/51, te-1/1/52,
2 tagged te-1/1/49,

3 tagged te-1/1/49,
Port Security Configuration

Port security is a layer two traffic control feature on Pica8 switches. It enables an administrator configure individual
switch ports to allow only a specified number of source MAC addresses ingressing the port. Port security enables the
switch administrator to prevent unauthorized devices from gaining access to the network. Port security is normally
enabled on access layer switches for this purpose.
Enabling Port Security

Port security is not enabled in default. It can be enabled with default parameters by issuing a single command on an
interface:
XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-limit 10

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring the Maximum Number of Secure Dynamically Learned MAC Addresses

Users can use port security with dynamically learned MAC addresses to restrict a port's ingress traffic by limiting the
MAC addresses that are allowed to send traffic into the port.
XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-limit 5

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show port-security address
Secure Mac Address Table
-----------------------------------------------------
Vlan MAC Address Type Interfaces
---- ----------------- ------- ----------
1 00:00:11:11:11:11 dynamic ge-1/1/1
1 00:00:11:11:11:12 dynamic ge-1/1/1
1 00:00:11:11:11:13 dynamic ge-1/1/1
1 00:00:11:11:11:14 dynamic ge-1/1/1
1 00:00:11:11:11:15 dynamic ge-1/1/1
-----------------------------------------------------
MAC age time :300s
XorPlus#
Configuring Static Secure MAC Addresses on a Port

Users can use port security with static MAC addresses to restrict a port's ingress traffic by limiting the MAC addresses
that are allowed to send traffic into the port.
XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security mac-address 00:00:23:23:23:23 vlan 1

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
-----------------------------------------------------
---- ----------------- ------- ----------
1 00:00:23:23:23:23 static ge-1/1/1
1 00:00:23:23:23:24 static ge-1/1/1
1 00:00:23:23:23:25 static ge-1/1/1
1 00:00:23:23:23:26 static ge-1/1/1
1 00:00:23:23:23:27 static ge-1/1/1
-----------------------------------------------------
MAC age time :300s
XorPlus#
Configuring Port Security with Sticky MAC Addresses on a Port

Port security with sticky MAC addresses retains dynamically learned MAC addresses when the link is down, and
restores the MAC addresses when the link ups.
XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security sticky true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Secure MAC Address Aging Time

The aging time is global whether port security configuring or not.
XorPlus# set interface ethernet-switching-options mac-table-aging-time 100

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Port Security Violation Mode on a Port

Port security can be configured to take one of four actions upon detecting a violation:
protect (default) - Frames from MAC addresses other than the allowed addresses are dropped; traffic from allowed
addresses is permitted to pass normally; restrict - Like protect mode, but generates a syslog message and increases
the violation counter; shutdown - The interface is placed into the error-discard state, blocking all traffic; shutdown-
temp - The interface is placed into the error-discard state and blocking all traffic temporarily, then after 20 seconds
(default), the interface is up.
XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security violation ?

protect Drop packets with unknown source addresses
restrict Drop packets with unknown source addresses and log violation
shutdown Disable interface
shutdown-temp Disable interface temporarily(20 seconds for the default)
XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security violation restrict
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Port Security Auto-recovery Time

When the port security violation mode configured to shutdown-temp, users can configure the recovery interval by this
command:
XorPlus# set interface ethernet-switching-options port-error-discard timeout 30

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Recovering the Port in Error-discard

When the port security violation mode configured to shutdown, the port will be placed into the error-discard state after
detecting a violation, users can recover the port by this command:
XorPlus# run clear port-security port-error

Clear done.
XorPlus#
Configuring Port Security Block Mode on a Port

Port security can be configured to take one of five block actions:
all – All traffic are not permitted to forward normally on egress; broadcast– Broadcast packets will be blocked on
egress, but unknown uni/multi cast addresses can forwards normally; multicast – Only the multicast packets will be
dropped; uni-multi-cast- The unknown uni/multi cast packets will be blocked on egress; unicast - Only the unknown
unicast packets will be dropped.
XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security block ?

all Block broadcast and unknow addresses
broadcast Block broadcast address
multicast Block unknow multicast addresses
uni-multi-cast Block unknow uni/multi cast addresses
unicast Block unknow unicast addresses
XorPlus# set interface gigabit-ethernet ge-1/1/1 port-security block broadcast
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Displaying Port Security Settings

To display port security settings, enter this command:

-----------------------------------------------------

---- ----------------- ------- ----------
1 00:00:11:11:11:11 dynamic ge-1/1/1
1 00:00:11:11:11:12 dynamic ge-1/1/1
1 00:00:11:11:11:13 dynamic ge-1/1/1
1 00:00:11:11:11:14 dynamic ge-1/1/1
1 00:00:11:11:11:15 dynamic ge-1/1/1
1 00:00:23:23:23:23 static ge-1/1/1
1 00:00:23:23:23:24 static ge-1/1/1
1 00:00:23:23:23:25 static ge-1/1/1
1 00:00:23:23:23:26 static ge-1/1/1
1 00:00:23:23:23:27 static ge-1/1/1
-----------------------------------------------------
MAC age time :100s
XorPlus# run show port-security brief
System MAC limit : 32767
Secure port DynamicMacLim CurrentAddr ViolationCount Action

-------------------------------------------------------------------------------
ge-1/1/1 5 10 213940 restrict
-------------------------------------------------------------------------------
XorPlus#
XorPlus# run show port-security interface gigabit-ethernet ge-1/1/1
Interface ge-1/1/1
----------------------------------------
Port security : enabled
Violation action : restrict
Block type : broadcast
Sticky : true
Dynamic MAC limit : 5
Total MAC addresses : 10
Configured MAC addresses : 5
Sticky MAC addresses : 5
Security violation count : 286062
XorPlus#
Disabling Port Security

To disable port security, users should enter this command:
XorPlus# delete interface gigabit-ethernet ge-1/1/1 port-security

Deleting:
port-security {
mac-limit: 5
violation: "restrict"
mac-address 00:00:23:23:23:23 {
vlan 1 {
}
}
mac-address 00:00:23:23:23:24 {
vlan 1 {
}
}
mac-address 00:00:23:23:23:25 {
vlan 1 {
}
}
mac-address 00:00:23:23:23:26 {
vlan 1 {
}
}
mac-address 00:00:23:23:23:27 {
vlan 1 {
}
}
sticky: true
block: "broadcast"
}
OK
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Q-in-Q Basic Port Configuration

Q-in-Q tunneling allows service providers on Ethernet access networks to extend a Layer2 Ethernet connection
between two customer sites. You can also use Q-in-Q tunneling to segregate or bundle customer traffic into fewer
VLANs, or different VLANs, by adding another layer of 802.1Q tags.
Q-in-Q tunneling is useful when you have overlapping VLAN IDs, because the 802.1Q VLAN tags are prepended by
the service VLAN tag. The Layer 2 / Layer 3implementation of Q-in-Q tunneling supports the IEEE 802.1ad standard.
The Q-in-Q tunneling external mode belongs to basic Q-in-Q, while the Q-in-Q tunneling internal mode belongs to
selective Q-in-Q.
Configuring the Q-in-Q tunneling internal/external mode

By default, Q-in-Q is disabled. You can enable it as shown below:
XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching dot1q-tunneling

internal
[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching dot1q-tunneling mode
external
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Q-in-Q tunneling to map ingress VLANs to service VLANs

Selective Q-in-Q tunneling allows you to add different customer VLAN tags, based on different service VLAN tags.

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching dot1q-tunnelingmode
internal
[edit]
XorPlus# set vlans dot1q-tunneling ingress t1 from untag enabled true

XorPlus# set vlans dot1q-tunneling ingress t1 then customer-vlan 10
XorPlus# set vlans dot1q-tunneling ingress t1 then service-vlan 100
ingress t1
XorPlus# commit
XorPlus# set vlans dot1q-tunneling ingress t2 from one-tag customer-vlan-list 20

XorPlus# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching dot1q-tunneling ingress t2
XorPlus# commit

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show interface gigabit-ethernet ge-1/1/1 dot1q-tunneling
Dot1q Tunneling Mode: none, Ether Type: 0x8100
Ingress: t1
Untagged-type Enabled: true
One-tagged-type Customer Vlan:
Double-tagged-type Service Vlan: 0
New Service Vlan: 100
New Customer Vlan: 10
Ingress: t2
Untagged-type Enabled: false
One-tagged-type Customer Vlan: 20
Ingress: t3
XorPlus#
Configuring Q-in-Q tunneling egress pop service VLANs

Selective Q-in-Q tunneling allows you to delete different customer VLAN tags, based on different service VLAN tags.

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]

internal
XorPlus# commit
XorPlus# set vlans dot1q-tunneling egress t1 from customer-vlan 10

XorPlus# set vlans dot1q-tunneling egress t1 from service-vlan 100
XorPlus# set vlans dot1q-tunneling egress t1 then action none
egress t1
XorPlus# commit

XorPlus# set vlans dot1q-tunneling egress t2 then action one
egress t2
XorPlus# commit

egress t3
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Dot1q Tunneling Mode: internal, Ether Type: 0x8100

Egress: t1
Service Vlan: 100
Customer Vlan: 10
Action: Strip both tags
Egress: t2
Service Vlan: 200
Customer Vlan: 20
Action: Retain the customer vlan tag
Egress: t3
Service Vlan: 300
Customer Vlan: 30
XorPlus#
Q-in-Q Configuration Example

The configuration of Q-in-Q is shown in Fig. 4-2.
VLAN 10 VLAN 10
untaged untaged
Customer A Customer B
Ge-1/1/1 Ge-1/1/1
Te-1/1/49 Public network Te-1/1/49

Provider A VLAN 100/200 Provider B
Ge-1/1/2 Ge-1/1/2
Customer C Customer D
VLAN 20 VLAN 20
untaged untaged
Figure 4-2.Q-in-Q configuration.
Configuration on Provider A
Configure VLAN 100 as the default VLAN of Gigabit Ethernet ge-1/1/1, and enable the Q-in-Q tunneling internal mode
on Gigabit Ethernet ge-1/1/1.
The configure the untagged frames received by the port with the customer VLAN tag30 and service VLAN tag 100.
Finally, configure the customer VLAN tag 10 frames received by the port with the service VLAN tag 100.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]

ingress t1
XorPlus# commit

XorPlus# commit

egress t3
XorPlus# commit

egress t4
internal
XorPlus# commit
Commit OK.
Save done.
[edit]
Ingress: t1

Ingress: t2
Egress: t3
Service Vlan: 100
Customer Vlan: 10
Egress: t4
Service Vlan: 100
Customer Vlan: 30
XorPlus#
Then configure the untagged frames received by the port with the customer VLAN tag 30 and service VLAN tag 200.
Finally configure the customer VLAN tag 20 frames, received by the port with the service VLAN Tag 200.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]

ingress t5
XorPlus# commit

XorPlus# commit

egress t7
XorPlus# commit

egress t8
internal
XorPlus# commit
Commit OK.
Save done.
[edit]
Ingress: t5
Ingress: t6
Egress: t7
Service Vlan: 200
Customer Vlan: 20
Egress: t8
Service Vlan: 200
Customer Vlan: 30
XorPlus#
Configure VLAN 100/200 as the trunk port of Gigabit Ethernet te-1/1/49, and enable the Q-in-Q tunneling internal
mode.
XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switching port-mode trunk

[edit]
XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switching vlan members 100
[edit]
[edit]
XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switching dot1q-tunneling modeinternal
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show interface gigabit-ethernet te-1/1/49 dot1q-tunneling
XorPlus#
Configuration on Provider B
The configure the untagged frames received by the port with the customer VLAN tag 30 and service VLAN tag 100.
Finally, configure the customer VLAN tag 10 frames received by the port with the service VLAN tag 100.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]

ingress t1
XorPlus# commit

XorPlus# commit

egress t3
XorPlus# commit

egress t4
internal
XorPlus# commit
Commit OK.
Save done.
[edit]
Ingress: t1
Ingress: t2
Egress: t3
Service Vlan: 100
Customer Vlan: 10
Egress: t4
Service Vlan: 100
Customer Vlan: 30
XorPlus#
on Gigabit Ethernet 1/1/2.
Then configure the untagged frames received by the port with the customer VLAN tag 30 and service VLAN tag 200.
Finally, configure the customer VLAN tag 20 frames received by the port with the service VLAN Tag 200.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]

ingress t5
XorPlus# commit

XorPlus# commit

egress t7
XorPlus# commit

egress t8
internal
XorPlus# commit

Commit OK.
Save done.
[edit]
Ingress: t5
Ingress: t6
Egress: t7
Service Vlan: 200
Customer Vlan: 20
Egress: t8
Service Vlan: 200
Customer Vlan: 30
XorPlus#
Configure VLAN 100/200 as the trunk port of Gigabit Ethernet te-1/1/49, and enable the Q-in-Q tunneling internal
mode.

[edit]
[edit]
[edit]
XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switching dot1q-tunneling modeinternal
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show interface gigabit-ethernet te-1/1/49 dot1q-tunneling
XorPlus#
MSTP Configuration
802.1D, 802.1w, and 802.1s are spanning tree protocols that can avoid the loop in Layer2. You can configure the
parameters of MSTP, including bridge-priority, forward-delay, max-age, and hello-time interval.
Enabling spanning tree mode in MSTP
XorPlus# set protocols spanning-tree force-version 3

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring basic global parameters of MSTP

When configuring global parameters, make sure to set the forward delay to greater than Max-Age/2 + 1, or the commit
will fail.
XorPlus# set protocols spanning-tree mstp bridge-priority 4096

[edit]
XorPlus# set protocols spanning-tree mstp forward-delay 20
[edit]
XorPlus# set protocols spanning-tree mstp hello-time 2
[edit]
XorPlus# set protocols spanning-tree mstp max-age 20
[edit]
XorPlus# set protocols spanning-tree mstp max-hops 8
[edit]
XorPlus# set protocols spanning-tree mstp configuration-name test1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show spanning-tree mstp bridge
Bridge Spanning Tree Parameters
Enabled Protocol: MSTP
Root ID: 4096.08:9e:01:39:1a:fe
External Root Path Cost: 0
CIST Regional Root ID: 4096.08:9e:01:39:1a:fe
Root Port:
CIST Internal Root Path Cost: 0
Hello Time: 2
Maximum Age: 20
Forward Delay: 20
Remaining Hops: 8
Bridge Configuration Name: test1
Bridge Configuration Digest: ac36177f50283cd4b83821d8ab26de62
Number of Topology Changes: 13
Time Since Last Topology Change: 0 days 00:00:31
Local Parameters
Bridge ID: 4096.08:9e:01:39:1a:fe
Hello Time: 2
Maximum Age: 20
Forward Delay: 20
Remaining Hops: 8
XorPlus#
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols spanning-tree mstp msti 1
[edit]
XorPlus# set protocols spanning-tree mstp msti 2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols spanning-tree mstp msti 1 vlan 100
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show spanning-tree mstp bridge
Enabled Protocol: MSTP
Root ID: 4096.08:9e:01:39:1a:fe
External Root Path Cost: 0
CIST Regional Root ID: 4096.08:9e:01:39:1a:fe
Root Port:
CIST Internal Root Path Cost: 0
Hello Time: 2
Maximum Age: 20
Forward Delay: 20
Remaining Hops: 8
Bridge Configuration Name: test1
Bridge Configuration Digest: 8b5d98ca042bad0d7fa5f18744f4755d
Msti 1 Member VLANs:
100, 200,
Msti 2 Member VLANs:
300, 400,
Local Parameters
Bridge ID: 4096.08:9e:01:39:1a:fe
Hello Time: 2
Maximum Age: 20
Forward Delay: 20
Remaining Hops: 8
XorPlus#
Configuring MSTP interface parameters
XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 external-path-cost 30000

[edit]
XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 internal-path-cost 10000
[edit]
XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 edge true
[edit]
XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 mode point-to-point
[edit]
XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 port-priority 100
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show spanning-tree mstp interface
Spanning Tree Interface Parameters for Instance 0
---------- --------- ---------- ----------------------- --------- --------- ---------- ------
ge-1/1/1 96.1 96.1 8192.08:9e:01:39:1a:fe 30000 10000 FORWARDING EDGE
Configuring the BPDU Filter

The BPDU filter prevents the bridge from using BPDUs for STP calculations. The switch then ignores any BPDUs that
it receives.
XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 bpdu-filter true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring BPDU root guard

If a switch port receives a higher bridge-priority BPDU, it will ignore the BPDU and keep the current root-bridge as the
root-bridge.
XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 root-guard true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring BPDU TCN-guard

When a port is configured with TCN-guard, the port does not process or propagate any topology change information
received on the configured port.
XorPlus# set protocols spanning-tree mstp interface ge-1/1/1 tcn-guard true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Disabling/enabling MSTP
If you disable MSTP, the port will stay in forwarding status and cease to send BPDUs.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

--------- ------- ---------- ----------------------- -------- -------- ---------- -------------
ge-1/1/1 96.1 96.1 8192.08:9e:01:39:1a:fe 30000 10000 FORWARDING MSTP DISABLED
XorPlus# set protocols spanning-tree enable true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
--------- ------- ---------- ----------------------- -------- -------- ---------- -----------
ge-1/1/13 128.13 128.13 8192.08:9e:01:39:1a:fe 20000 20000 FORWARDING DESIGNATED
PVST Configuration
802.1D, 802.1w, and 802.1s are spanning tree protocols that \avoid the loop in Layer2. You can configure the
parameters of PVST, including bridge-priority, forward-delay, max-age, and hello-time interval.
Enabling spanning tree mode in PVST

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring basic VLAN parameters of PVST

When configuring basic VLAN parameters, set the forward delay to greater than Max-Age/2 + 1, or the commit will fail.
XorPlus# set protocols spanning-tree pvst vlan 2 bridge-priority 4096

[edit]
XorPlus# set protocols spanning-tree pvst vlan 2 forward-delay 20
[edit]
XorPlus# set protocols spanning-tree pvst vlan 2 hello-time 4
[edit]
XorPlus# set protocols spanning-tree pvst vlan 2 max-age 30
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show spanning-tree pvst bridge vlan 2
PVST Bridge Parameters for VLAN 2
Root Bridge: 4098.08:9e:01:61:65:71
Root Cost: 0
Root Port:
Hello Time: 4
Max Age: 30
Forward Delay: 20
Local Parameters
Bridge ID: 4098.08:9e:01:61:65:71
Hello Time: 4
Maximum Age: 30
Forward Delay: 20
Configuring PVST interface parameters

XorPlus# set protocols spanning-tree pvst vlan 2 interface ge-1/1/1 path-cost 555555
[edit]
XorPlus# set protocols spanning-tree pvst vlan 2 interface ge-1/1/1 port-priority 200
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show spanning-tree pvst interface vlan 2
Rapid PVST+ Spanning Tree Interface Status for VLAN 2
Interface Port ID Designated Designated Bridge Port Cost State Role
Port ID ID
---------- --------- ---------- ----------------------- --------- ---------- ---------------
ge-1/1/1 192.1 192.1 4098.08:9e:01:61:65:71 555555 FORWARDING EDGE
Configuring the interface mode

You can configure the interface mode as point-to-point or shared.
XorPlus# set protocols spanning-tree pvst interface ge-1/1/1 mode point-to-point

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols spanning-tree pvst interface ge-1/1/1 mode shared
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Disabling/enabling PVST on one VLAN

You can disable or enable the spanning tree protocol PVST on a single designated VLAN.
XorPlus# set protocols spanning-tree pvst vlan 2 enable false

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Root Bridge: 32769.08:9e:01:61:65:71
Root Cost: 0
Root Port:
Hello Time: 2
Max Age: 20
Forward Delay: 15
Local Parameters
Bridge ID: 32769.08:9e:01:61:65:71
Hello Time: 2
Maximum Age: 20
Forward Delay: 15
XorPlus# set protocols spanning-tree pvst vlan 2 enable true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Root Bridge: 4098.08:9e:01:61:65:71
Root Cost: 0
Root Port:
Hello Time: 4
Max Age: 30
Forward Delay: 20
Local Parameters
Bridge ID: 4098.08:9e:01:61:65:71
Hello Time: 4
Maximum Age: 30
Forward Delay: 20
XorPlus#
Disabling/enabling PVST
You cannot disable the spanning tree protocol PVST with just the enable false command. To disable PVST, first
configure the spanning tree mode in MSTP/RSTP/STP and then disable the spanning tree. After the spanning tree is
disabled, the port will stay in “forwarding” status and cease to send BPDUs.

[edit]
XorPlus# commit
Commit Failed
102 Command failed Cannot disable spanning tree under PVST mode[edit]
XorPlus#
XorPlus# exit discard
XorPlus> configure
Entering configuration mode.
There are no other users in configuration mode.
[edit]
XorPlus#
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols spanning-tree enable true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show spanning-tree
Enabled Protocol: PVST
Root ID: 32769.08:9e:01:61:65:71
Root Path Cost: 0
Designated Bridge ID: 32769.08:9e:01:61:65:71
Root Port:
Hello Time: 2
Maximum Age: 20
Forward Delay: 15
Local Parameters
Bridge ID: 32769.08:9e:01:61:65:71
Hello Time: 2
Maximum Age: 20
Forward Delay: 15
MSTP Configuration Example

There are two examples of MSTP configuration. In our first example, VLAN 100 is mapped to MSTI-1, and VLAN 200
is mapped to MSTI-2. The entire topology belongs to only one MSTP domain, named region1. Switch A is the root of
the network.
To achieve load balancing, VLAN 100 should be in MSTI-1 (Fig. 4-4), and VLAN 200 should be in MSTI-2 (Fig. 4-5).
Switch A Switch B
Ge-1/1/3
Ge-1/1/1 Ge-1/1/1 Ge-1/1/3
Ge-1/1/2 Ge-1/1/2
VLAN 100,200 VLAN 100,200
VLAN VLAN
VLAN 100,200 VLAN
100,200 100,200 100,200
Ge-1/1/1 Ge-1/1/2
Ge-1/1/1 Ge-1/1/2
Ge-1/1/2 Ge-1/1/1
Switch C Switch D Switch E
Figure 4-3.MSTP configuration.
Regional Root
Switch A Switch B
Ge-1/1/3
Ge-1/1/1 Ge-1/1/1 Ge-1/1/3
Ge-1/1/2 Ge-1/1/2
VLAN 100
VLAN 100
VLAN 100 VLAN 100
Ge-1/1/1 Ge-1/1/2
Ge-1/1/1 Ge-1/1/2
Ge-1/1/2 Ge-1/1/1
Figure 4-4. MSTI-1 topology for VLAN 100.
Regional Root
Switch A Switch B
Ge-1/1/3
Ge-1/1/1 Ge-1/1/1 Ge-1/1/3
Ge-1/1/2 Ge-1/1/2
VLAN 200
VLAN 200
VLAN 200 VLAN 200
Ge-1/1/1 Ge-1/1/2
Ge-1/1/1 Ge-1/1/2
Ge-1/1/2 Ge-1/1/1
Figure 4-5. MSTI-2 topology for VLAN 200.
For Switch A, configure ge-1/1/1~ge-1/1/3 as trunk ports, and as members of VLAN 100 and VLAN 200.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# set protocols spanning-tree mstp configuration-name region1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To make sure that Switch A is the root of the network and the regional root of MSTI-1, configure it as the higher priority.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols spanning-tree mstp msti 1 bridge-priority 4096
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure ge-1/1/1~ge-1/1/3 as trunk ports, and as members of VLAN 100 and VLAN 200.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch B is the regional root of MSTI-2, and that ge-1/1/2 and ge-1/1/3 are in blocking status in MSTI-1,
configure a higher MSTI-2 priority, and a large value for internal-path-cost in MSTI-1.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set protocols spanning-tree mstp msti 1 interface ge-1/1/2 cost 10000000
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch C

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To set ge-1/1/1 and ge-1/1/2 in forwarding status in MSTI-1, configure a lower value for internal-path-cost.
To set ge-1/1/1 in blocking status in MSTI-2, configure a higher value for internal-path-cost.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit

Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch D

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To set ge-1/1/1 in blocking status in MSTI-2 and ge-1/1/2 in blocking status in MSTI-1, configure a large value for
internal-path-cost.
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch E

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To set ge-1/1/1 and ge-1/1/2 in forwarding status in MSTI-2, configure a lower value for internal-path-cost.
To set ge-1/1/2 in blocking status in MSTI-1, configure a large value for internal-path-cost.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
In the second example, there are two regions. In region 1, VLAN 100 is mapped to MSTI-1, VLAN 200 is mapped to
MSTI-2, and VLAN 300 is mapped to MSTI-3. In region 2, VLAN 200 is mapped to MSTI-2, and VLAN 400 is mapped
to MSTI-4. Switch A is the root of the entire network. The topologies of the VLANs are presented in Fig. 4-6 through 4-
10.
Switch A ROOT
Ge-1/1/1 Ge-1/1/2
Ge-1/1/1 Ge-1/1/1
Switch B Switch C
Ge-1/1/2 Ge-1/1/2
Ge-1/1/3 Ge-1/1/3
Region 1
Ge-1/1/1 Ge-1/1/1
Switch D Ge-1/1/2 Ge-1/1/2 Switch E
Ge-1/1/3 Ge-1/1/3
Region 2
Figure 4-6. MSTP configuration.
Switch A Regional Root
Ge-1/1/1 Ge-1/1/2
VLAN 100 VLAN 100

Ge-1/1/1 Ge-1/1/1
Switch B Switch C
Ge-1/1/2 Ge-1/1/2
Ge-1/1/3 Ge-1/1/3
Region 1
VLAN 100
Ge-1/1/1 Ge-1/1/1
VLAN 100
Regional Root Ge-1/1/3 Ge-1/1/3

Region 2
Figure 4-7.Topology for VLAN 100.
Switch A
Ge-1/1/1 Ge-1/1/2
VLAN 200
Ge-1/1/1 Ge-1/1/1
Regional Root
Switch B VLAN 200 Switch C
Ge-1/1/2 Ge-1/1/2
Ge-1/1/3 Ge-1/1/3
Region 1
VLAN 200
Ge-1/1/1 Ge-1/1/1
VLAN 200

Region 2
Switch A
Ge-1/1/1 Ge-1/1/2
VLAN 300
Ge-1/1/1 Ge-1/1/1 Regional
Root
Switch B VLAN 300 Switch C
Ge-1/1/2 Ge-1/1/2
Ge-1/1/3 Ge-1/1/3
Region 1
VLAN 300
Ge-1/1/1 Ge-1/1/1
VLAN 300

Region 2
Switch A Regional Root
Ge-1/1/1 Ge-1/1/2
VLAN 400 VLAN 400

Ge-1/1/1 Ge-1/1/1
Switch B Switch C
Ge-1/1/2 Ge-1/1/2
Ge-1/1/3 Ge-1/1/3
Region 1
VLAN 400
Ge-1/1/1 Ge-1/1/1
VLAN 400
Ge-1/1/3 Ge-1/1/3 Regional Root

Region 2
Figure 4-10.Topologyfor VLAN 400.
For Switch A, configure ge-1/1/1~ge-1/1/2 as trunk ports, and as members of VLAN 100, VLAN 200, VLAN 300, and
VLAN 400.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch A is the root of the network and the regional root of MSTI-1, configure it as the higher priority.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure ge-1/1/1~ge-1/1/3 as trunk ports, and as members of VLAN 100, VLAN 200, VLAN 300, and VLAN 400.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#
XorPlus# commit

Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch B is the regional root of MSTI-2, and that ge-1/1/1 is in blocking status in MSTI-3 configure a
higher MSTI-2 priority, and a large value for internal-path-cost in MSTI-3.
XorPlus# set protocols mstp msti 2 bridge-priority 4096

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set protocols mstp msti 3 interface ge-1/1/1 cost 10000000
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch C is the regional root of MSTI-3, ge-1/1/1 is in blocking status in MSTI-2, and that ge-1/1/2 is in
blocking status in MSTI-1, you should configure a higher MSTI-3 priority, and large values for internal-path-costs of ge-
1/1/1 in MSTI-2 and ge-1/1/2 in MSTI-1.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch D is the regional root of MSTI-2 and the root of CIST, configure a higher MSTI-2 priority and
bridge priority.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Switch E

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch E is the regional root of MSTI-4, configure a higher MSTI-4 priority.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
PVST Configuration Example

The following topology is an example of a PVST configuration. Switches A and B are in the aggregation layer, and
switches C and D are in the access layer. Configure switch A as the root bridge of VLAN 100 and VLAN 200, switch B
as the root bridge of VLAN 300, and switch C as the root bridge of VLAN 400.
Switch A Switch B
Ge-1/1/1 Ge-1/1/1
Ge-1/1/3 Permit: all VLAN Ge-1/1/3
Ge-1/1/2 Ge-1/1/2
Permit: VLAN Permit: VLAN

100, 200 200, 300
Permit: VLAN Permit: VLAN
100, 200 200, 300
Ge-1/1/3 Ge-1/1/2 Ge-1/1/2 Ge-1/1/3
Ge-1/1/1 Ge-1/1/1
Permit: VLAN 200, 400
Switch C Switch D
Figure 4-11. PVST configuration.
For Switch A, configure ge-1/1/1~ge-1/1/3 as trunk ports, and ge-1/1/1 as a member of VLANs 100, 200, 300, and 400;
ge-1/1/2 as a member of VLANs 200 and 300; and ge-1/1/3 as a member of VLANs 100 and 200.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch A is the root bridge of VLANs 100 and 200, configure VLANs 100 and 200 as the higher priority.

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure ge-1/1/1~ge-1/1/3 as trunk ports, and ge-1/1/1 as a member of VLANs 100, 200, 300, and 400; ge-1/1/2 as
a member of VLANs 100 and 200; and ge-1/1/3 as a member of VLANs 200 and 300.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch B is the root bridge of VLAN 300, configure VLAN 300 as the higher priority.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure ge-1/1/1~ge-1/1/3 as trunk ports, and ge-1/1/1 as a member of VLANs 200 and 400,ge-1/1/2 as a member
of VLANs 100 and 200, and ge-1/1/3 as a member of VLANs 100 and 200.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
To verify that Switch C is the root bridge of VLAN 400, configure VLAN 400 as the higher priority.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure ge-1/1/1~ge-1/1/3 as trunk ports, and ge-1/1/1 as a member of VLANs 200 and 400, ge-1/1/2 as a member
of VLANs 200 and 300, and ge-1/1/3 as a member of VLANs 200 and 300.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Buffer Management Configuration

The switch provides a buffer for burst traffic to avoid dropping packets. You can configure “cell” and “packet” to control
buffer management. In general, you do not need to configure parameters for “cell” and “packet,” because the switch
contains their default parameters.
You can, however, configure the switch to be in burst mode for burst traffic, which will dynamically allocate the “cell”
and “packet” for each port and queue.
Configuring burst mode for a specified port
XorPlus# set interface ethernet-switching-options bufferburst-mode enable true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring “cell” and “packet” for a specified port
XorPlus# set interface ethernet-switching-options buffer cell queue 1 guaranteed-ratio 10

[edit]
XorPlus#set interface ethernet-switching-options buffer cell queue 1 shared-ratio 30

[edit]
XorPlus# set interface ethernet-switching-options buffer cell shared-ratio 50
[edit]
XorPlus# set interface ethernet-switching-options buffer cell total-shared-ratio 80
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set interface ethernet-switching-options buffer packet queue 1 guaranteed-ratio 10
[edit]
XorPlus#set interface ethernet-switching-options buffer packet queue 1 shared-ratio 40
[edit]
XorPlus# set interface ethernet-switching-options buffer packet shared-ratio 60
[edit]
XorPlus# set interface ethernet-switching-options buffer packet total-shared-ratio 80
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
BPDU Tunneling Configuration

As a Layer2 tunneling technology, BPDU tunneling enables Layer2 protocol packets from geographically dispersed
customer networks to be transparently transmitted over specific tunnels across a service provider network.
Configuring BPDU tunneling for STP on an interface
XorPlus# set interface gigabit-ethernet ge-1/1/37 family ethernet-switching bpdu-tunneling

protocol stp
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring destination multicast MAC address for BPDU packets
XorPlus# set interface bpdu-tunneling destination-mac 01:0E:00:00:00:01

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
BPDU Tunneling Configuration Example

In the following topology, we provide an example of configuring BPDU tunneling.
STP1 STP1
Customer A Customer B
Ge-1/1/1 Ge-1/1/1
Te-1/1/49 Public network Te-1/1/49

Provider A VLAN 100/200 Provider B
Ge-1/1/2 Ge-1/1/2
Customer C Customer D
STP2 STP2
Figure4-12. BPDU Tunneling Configuration.
Configuration on Provider A
Configure VLAN 100 as the default VLAN of Gigabit Ethernet ge-1/1/1, and enable BPDU tunneling on Gigabit
Ethernet ge-1/1/1.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
protocol stp
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Ethernet ge-1/1/2.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
protocol stp
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure VLAN 200 as the default VLAN of Gigabit Ethernet te-1/1/49.

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
Configure the destination multicast MAC address for BPDUs as 01:0E:00:00:00:1.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuration on Provider B
Ethernet ge-1/1/1.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
protocol stp
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Ethernet ge-1/1/2.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
protocol stp
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure VLAN 200 as the default VLAN of Gigabit Ethernet te-1/1/49.

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
Configure the destination multicast MAC address for BPDUs as 01:0E:00:00:00:1.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring Flex Links Preemption Delay

You can configure two physical ports or two LAGs as Flex Links, or one physical port and one LAG as Flex Links.
XorPlus# set interface gigabit-ethernet ge-1/1/1 backup-port interface ae1

[edit]
XorPlus# commit

Commit OK.
Save done.
[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/1 backup-port delay 10
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set interface aggregate-ethernet ae2 backup-port interface ae3
[edit]
XorPlus# co
Commit OK.
Save done.
[edit]
Configuring the preemption mode

By default, the preemption mode is “forced,” and the active interface is preferred. Beyond that, you can configure the
“bandwidth” or “off” mode. The “bandwidth” mode calls for a higher bandwidth interface, and the “off” mode turns off
preemption.
XorPlus# set interface gigabit-ethernet ge-1/1/1 backup-port mode bandwidth

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Showing Flex Links on all interfaces

You can view the state of your Flex Links interfaces:
XorPlus# run show interface flexlink

Active Interface Backup Interface Mode Delay(seconds)
----------------- ----------------- --------- --------------
ge-1/1/1(up) ge-1/1/2(standby) bandwidth 10
XorPlus#
Unidirectional Link Dectection Configuration

Unidirectional Link Dectection (UDLD) supports two modes of operation: normal (the default) and aggressive. In
normal mode, UDLD can detect unidirectional links due to misconnected interfaces. In aggressive mode, UDLD can
also detect unidirectional links due to one-way traffic, twisted-pair links and misconnected interfaces. You can enable
UDLD globally or on specific ports.
Configuring UDLD mode
XorPlus# set protocols udld aggressive true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols udld interface ge-1/1/1 aggressive true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Enable UDLD globally or on specific port
XorPlus# set protocols udld disable false

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols udld interface ge-1/1/1 disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring UDLD message-interval
XorPlus# set protocols udld message-interval 20

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Display UDLD information
XorPlus# run show udld

Interface ge-1/1/1
----------------------------------------
Udld enabled, aggressive mode
Current bidirectional state: undetermined
Current phase: linkdown
Message interval: 7s
Timeout interval: 5s
Interface ge-1/1/2
----------------------------------------
Interface ge-1/1/3
----------------------------------------
Configuring IPv6 RA Guard

When the switch receives an ingress router advertisement (RA) message, it will attempt to match the message via the
RA guard. If the ingress port has the RA guard applied but is not a trusted port, the applied VLAN ID will be matched
first. If the RA tag is matched with the VLAN ID, the RA guard will continue matching conditions to determine whether
to forward or drop the RA message. If the RA tag is not matched with the VLAN ID, the applied interface will be
matched (followed by the subsequent conditions).
You can configure the RA guard policy using hop-limit, managed-config-flag, other-config-flag, prefix, source-ipv6-
addr, and source-mac-addr options.
XorPlus# set protocols neighbour ra-guard 1 hop-limit 1

[edit]
XorPlus# set protocols neighbour ra-guard 1 managed-config-flag false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols neighbour ra-guard 2 prefix 2001:1:1:1::/64
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols neighbour ra-guard 3 source-mac-addr 22:22:22:22:22:22
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring “trusted-port”
You can apply the RA guard to physical interfaces, LAGs, or VLANs; no more than one RA guard can be applied to
one interface. The RAs will be forwarded only if all conditions are matched, but if “trusted-port” has been configured for
the RA guard, then RAs will be forwarded on the trusted port regardless.
XorPlus# set protocols neighbour ra-guard term 1 interface ge-1/1/1

[edit]
XorPlus# set protocols neighbour ra-guard term 1 interface ae1
[edit]
XorPlus# set protocols neighbour ra-guard term 1 vlan-id 2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#set protocols neighbour ra-guard trusted-port ge-1/1/1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols neighbour ra-guard term 2 vlan-id 3
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Displaying RA guards
XorPlus# run show raguard

Raguard: 1
cur hop limit : 1..10
managed configuration : Unset
other configuration : Set
source mac address :
22:22:22:22:22:22
source ipv6 address :
fe80::/64
prefix :
2001:1:1:1::/64
interface : ge-1/1/1, ae1
vlan : 2
packet dropped: 0
packet total : 0
Raguard: 2
vlan : 3
packet dropped: 0
packet total : 0
trusted port:
ge-1/1/1
XorPlus#
Command List
delete interface aggregate-balancing hash-mapping field ethernet-destination-address disable
delete interface aggregate-balancing hash-mapping field ethernet-source-address disable
delete interface aggregate-balancing hash-mapping field ethernet-type disable
delete interface aggregate-balancing hash-mapping field ingress-interface disable
delete interface aggregate-balancing hash-mapping field ip-destination disable
delete interface aggregate-balancing hash-mapping field ip-protocol disable
delete interface aggregate-balancing hash-mapping field ip-source disable
delete interface aggregate-balancing hash-mapping field port-destination disable
delete interface aggregate-balancing hash-mapping field port-source disable
delete interface aggregate-balancing hash-mapping field vlan disable
delete interface cut-through-mode
delete interface gigabit-ethernet <port> description
delete interface gigabit-ethernet <port> disable
delete interface gigabit-ethernet <port> mtu
delete interface gigabit-ethernet <port> power-preemphasis-level
delete interface gigabit-ethernet <port> snmp-trap
delete interface gigabit-ethernet <port> speed
delete protocols lacp priority
delete protocols spanning-tree enable
delete protocols spanning-tree force-version
delete vlans vlan-id <int> description
delete vlans vlan-id <int> l3-interface
delete vlans vlan-id <int> vlan-name
request mstp mcheck
run clear ethernet-switching table all
run clear ethernet-switching table <port>
run clear interface statistics all
run clear interface statistics <port>
run clear lacp statistics gigabit-ethernet <port>
run clear spanning-tree statistics <port>
run show analyzer
run show ethernet-switching interfaces brief
run show ethernet-switching interfaces detail
run show ethernet-switching interfaces <port> brief
run show ethernet-switching interfaces <port> detail
run show ethernet-switching table brief

run show ethernet-switching table detail
run show ethernet-switching table interfaces <port> brief
run show ethernet-switching table interfaces <port> detail
run show ethernet-switching table multicast brief
run show ethernet-switching table multicast detail
run show ethernet-switching table multicast interfaces <port> brief
run show ethernet-switching table multicast interfaces <port> detail
run show interface bpdu-tunneling
run show interface brief
run show interface detail
run show interface diagnostics optics all
run show interface diagnostics optics <port>
run show interface flexlink
run show interface gigabit-ethernet <port> brief
run show interface gigabit-ethernet <port> detail
run show interface gigabit-ethernet <port> dot1q-tunneling
run show interface management-ethernet eth0
run show lacp internal gigabit-ethernet <port>
run show lacp neighbor gigabit-ethernet <port>
run show lacp statistics gigabit-ethernet <port>
run show mlag internal <int>
run show mlag neighbour <int>
run show mroute
run show neighbors brief
run show neighbors management-ethernet eth0
run show raguard name bozo
run show spanning-tree mstp bridge cist
run show spanning-tree mstp interface cist
run show spanning-tree pvst bridge vlan <int>
run show spanning-tree pvst interface vlan <int>
run show spanning-tree rstp bridge
run show spanning-tree rstp interface
run show spanning-tree statistics interface <port>
run show spanning-tree stp bridge
run show spanning-tree stp interface
run show vlans brief
run show vlans detail

run show vlans vlan-id <int>
set firewall filter bozo input interface bozo
set firewall filter bozo input vlan-interface bozo
set firewall filter bozo output interface bozo
set firewall filter bozo output vlan-interface bozo
set firewall filter bozo sequence <int> description bozo
set firewall filter bozo sequence <int> from destination-address-ipv4 <ip-address/netmask>
set firewall filter bozo sequence <int> from destination-address-ipv6 <ipv6-address/netmask>
set firewall filter bozo sequence <int> from destination-mac-address <mac-address>
set firewall filter bozo sequence <int> from destination-port <int>
set firewall filter bozo sequence <int> from ether-type <int>
set firewall filter bozo sequence <int> from ip trust-mode dscp
set firewall filter bozo sequence <int> from ip trust-mode inet-precedence
set firewall filter bozo sequence <int> from ip value <int>
set firewall filter bozo sequence <int> from protocol icmp code <int>
set firewall filter bozo sequence <int> from protocol icmp type <int>
set firewall filter bozo sequence <int> from protocol igmp
set firewall filter bozo sequence <int> from protocol ip
set firewall filter bozo sequence <int> from protocol ospf
set firewall filter bozo sequence <int> from protocol others <int>
set firewall filter bozo sequence <int> from protocol tcp flags ack true
set firewall filter bozo sequence <int> from protocol tcp flags fin true
set firewall filter bozo sequence <int> from protocol tcp flags psh true
set firewall filter bozo sequence <int> from protocol tcp flags rst true
set firewall filter bozo sequence <int> from protocol tcp flags syn true
set firewall filter bozo sequence <int> from protocol tcp flags tcp-established true
set firewall filter bozo sequence <int> from protocol tcp flags tcp-initial true
set firewall filter bozo sequence <int> from protocol tcp flags urg true
set firewall filter bozo sequence <int> from protocol udp
set firewall filter bozo sequence <int> from source-address-ipv4 <ip-address/netmask>
set firewall filter bozo sequence <int> from source-address-ipv6 <ipv6-address/netmask>
set firewall filter bozo sequence <int> from source-mac-address <mac-address>
set firewall filter bozo sequence <int> from source-port <int>
set firewall filter bozo sequence <int> from vlan <int>
set firewall filter bozo sequence <int> log interval <int>
set firewall filter bozo sequence <int> then action discard
set firewall filter bozo sequence <int> then action forward

set firewall system-output disable true
set firewall traceoptions disable true
set interface aggregate-balancing hash-mapping field ethernet-destination-address disable true
set interface aggregate-balancing hash-mapping field ethernet-source-address disable true
set interface aggregate-balancing hash-mapping field ethernet-type disable true
set interface aggregate-balancing hash-mapping field ingress-interface disable true
set interface aggregate-balancing hash-mapping field ip-destination disable true
set interface aggregate-balancing hash-mapping field ip-protocol disable true
set interface aggregate-balancing hash-mapping field ip-source disable true
set interface aggregate-balancing hash-mapping field port-destination disable true
set interface aggregate-balancing hash-mapping field port-source disable true
set interface aggregate-balancing hash-mapping field vlan disable true
set interface aggregate-ethernet bozo aggregated-ether-options flow-control true
set interface aggregate-ethernet bozo aggregated-ether-options lacp enable true
set interface aggregate-ethernet bozo aggregated-ether-options min-selected-port <int>
set interface aggregate-ethernet bozo aggregated-ether-options mlag disable true
set interface aggregate-ethernet bozo aggregated-ether-options mlag hello-interval <int>
set interface aggregate-ethernet bozo aggregated-ether-options mlag mac <mac-address>
set interface aggregate-ethernet bozo aggregated-ether-options mlag mlag-id <int>
set interface aggregate-ethernet bozo aggregated-ether-options mlag neighbour <mac-address> channel
bozo
set interface aggregate-ethernet bozo aggregated-ether-options mlag node-id <int>
set interface aggregate-ethernet bozo aggregated-ether-options mlag priority <int>
set interface aggregate-ethernet bozo backup-port delay <int>
set interface aggregate-ethernet bozo backup-port interface bozo
set interface aggregate-ethernet bozo backup-port mode bandwidth
set interface aggregate-ethernet bozo backup-port mode forced
set interface aggregate-ethernet bozo backup-port mode off
set interface aggregate-ethernet bozo description bozo
set interface aggregate-ethernet bozo disable true
set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling egress bozo
set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling ether-type 0x8100
set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling ether-type 0x88a8
set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling ingress bozo
set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling mode external

set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling mode internal
set interface aggregate-ethernet bozo family ethernet-switching dot1q-tunneling mode none
set interface aggregate-ethernet bozo family ethernet-switching native-vlan-id <int>
set interface aggregate-ethernet bozo family ethernet-switching port-mode access
set interface aggregate-ethernet bozo family ethernet-switching port-mode trunk
set interface aggregate-ethernet bozo family ethernet-switching vlan members bozo
set interface aggregate-ethernet bozo hash-mapping field ethernet-destination-address disable true
set interface aggregate-ethernet bozo hash-mapping field ethernet-source-address disable true
set interface aggregate-ethernet bozo hash-mapping field ethernet-type disable true
set interface aggregate-ethernet bozo hash-mapping field ingress-interface disable true
set interface aggregate-ethernet bozo hash-mapping field ip-destination disable true
set interface aggregate-ethernet bozo hash-mapping field ip-protocol disable true
set interface aggregate-ethernet bozo hash-mapping field ip-source disable true
set interface aggregate-ethernet bozo hash-mapping field port-destination disable true
set interface aggregate-ethernet bozo hash-mapping field port-source disable true
set interface aggregate-ethernet bozo hash-mapping field vlan disable true
set interface aggregate-ethernet bozo hash-mapping mode advance
set interface aggregate-ethernet bozo hash-mapping mode ethernet-destination-only
set interface aggregate-ethernet bozo hash-mapping mode ethernet-source-destination
set interface aggregate-ethernet bozo hash-mapping mode ethernet-source-only
set interface aggregate-ethernet bozo hash-mapping mode ip-destination-only
set interface aggregate-ethernet bozo hash-mapping mode ip-source-destination
set interface aggregate-ethernet bozo hash-mapping mode ip-source-only
set interface aggregate-ethernet bozo mtu <int>
set interface aggregate-ethernet bozo snmp-trap true
set interface aggregate-ethernet bozo static-ethernet-switching mac-address <mac-address> vlan <int>
set interface aggregate-ethernet bozo storm-control broadcast pps <int>
set interface aggregate-ethernet bozo storm-control multicast pps <int>
set interface aggregate-ethernet bozo storm-control unicast pps <int>
set interface cut-through-mode true
set interface bpdu-tunneling destination-mac <mac-address>
set interface ethernet-switching-options analyzer bozo input egress bozo
set interface ethernet-switching-options analyzer bozo input ingress bozo
set interface ethernet-switching-options analyzer bozo output bozo
set interface ethernet-switching-options buffer queue-limit <int>
set interface ethernet-switching-options mac-table-aging-time <int>
set interface gigabit-ethernet <port> backup-port delay <int>

set interface gigabit-ethernet <port> backup-port interface bozo
set interface gigabit-ethernet <port> backup-port mode bandwidth
set interface gigabit-ethernet <port> backup-port mode forced
set interface gigabit-ethernet <port> backup-port mode off
set interface gigabit-ethernet <port> description bozo
set interface gigabit-ethernet <port> disable true
set interface gigabit-ethernet <port> ether-options 802.3ad ae1
set interface gigabit-ethernet <port> ether-options flow-control true
set interface gigabit-ethernet <port> family ethernet-switching bpdu-tunneling protocol stp
set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling egress bozo
set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling ether-type 0x8100
set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling ether-type 0x88a8
set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling ingress bozo
set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling mode external
set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling mode internal
set interface gigabit-ethernet <port> family ethernet-switching dot1q-tunneling mode none
set interface gigabit-ethernet <port> family ethernet-switching native-vlan-id <int>
set interface gigabit-ethernet <port> family ethernet-switching port-mode access
set interface gigabit-ethernet <port> family ethernet-switching port-mode trunk
set interface gigabit-ethernet <port> family ethernet-switching vlan members bozo
set interface gigabit-ethernet <port> mtu <int>
set interface gigabit-ethernet <port> power-preemphasis-level <int>
set interface gigabit-ethernet <port> rate-limiting egress kilobits <int>
set interface gigabit-ethernet <port> rate-limiting ingress kilobits <int>
set interface gigabit-ethernet <port> snmp-trap true
set interface gigabit-ethernet <port> speed <auto>|<int>
set interface gigabit-ethernet <port> static-ethernet-switching mac-address <mac-address> vlan <int>
set interface gigabit-ethernet <port> storm-control broadcast pps <int>
set interface gigabit-ethernet <port> storm-control multicast pps <int>
set interface gigabit-ethernet <port> storm-control unicast pps <int>
set interface gigabit-ethernet <port> wred queue <int> drop_probability <int>
set interface gigabit-ethernet <port> wred queue <int> ecn_thresh <int>
set interface gigabit-ethernet <port> wred queue <int> enable true
set interface gigabit-ethernet <port> wred queue <int> max_thresh <int>
set interface gigabit-ethernet <port> wred queue <int> min_thresh <int>

set protocols lacp interface bozo priority <int>
set protocols lacp priority <int>
set protocols lacp traceoptions flag all disable true
set protocols lacp traceoptions flag configuration disable true
set protocols lacp traceoptions flag message-in disable true
set protocols lacp traceoptions flag message-out disable true
set protocols lacp traceoptions flag state-change disable true
set protocols lldp advertisement-interval <int>
set protocols lldp enable true
set protocols lldp hold-time-multiplier <int>
set protocols lldp interface bozo status bozo
set protocols lldp reinit-delay <int>
set protocols lldp tlv-select mac-phy-cfg true
set protocols lldp tlv-select management-address true
set protocols lldp tlv-select port-description true
set protocols lldp tlv-select port-vlan true
set protocols lldp tlv-select system-capabilities true
set protocols lldp tlv-select system-description true
set protocols lldp tlv-select system-name true
set protocols lldp traceoptions flag all disable true
set protocols lldp traceoptions flag configuration disable true
set protocols lldp traceoptions flag message-in disable true
set protocols lldp traceoptions flag message-out disable true
set protocols lldp traceoptions flag state-change disable true
set protocols lldp transmit-delay <int>set protocols neighbour aging-time <int>
set protocols neighbour ra-guard term bozo from hop-limit <int>
set protocols neighbour ra-guard term bozo from managed-config-flag true
set protocols neighbour ra-guard term bozo from other-config-flag true
set protocols neighbour ra-guard term bozo from prefix <ipv6-address/netmask>
set protocols neighbour ra-guard term bozo from source-ipv6-addr <ipv6-address/netmask>
set protocols neighbour ra-guard term bozo from source-mac-addr <mac-address>
set protocols neighbour ra-guard term bozo interface bozo
set protocols neighbour ra-guard term bozo vlan-id <int>
set protocols neighbour ra-guard trusted-port bozo
set protocols spanning-tree force-version <int>
set protocols spanning-tree mstp bridge-priority <int>
set protocols spanning-tree mstp configuration-name bozo

set protocols spanning-tree mstp forward-delay <int>
set protocols spanning-tree mstp hello-time <int>
set protocols spanning-tree mstp interface bozo bpdu-filter true
set protocols spanning-tree mstp interface bozo edge true
set protocols spanning-tree mstp interface bozo external-path-cost <int>
set protocols spanning-tree mstp interface bozo internal-path-cost <int>
set protocols spanning-tree mstp interface bozo manual-forwarding true
set protocols spanning-tree mstp interface bozo mode point-to-point
set protocols spanning-tree mstp interface bozo mode shared
set protocols spanning-tree mstp interface bozo port-priority <int>
set protocols spanning-tree mstp interface bozo root-guard true
set protocols spanning-tree mstp interface bozo tcn-guard true
set protocols spanning-tree mstp max-age <int>
set protocols spanning-tree mstp max-hops <int>
set protocols spanning-tree mstp msti <int> bridge-priority <int>
set protocols spanning-tree mstp msti <int> interface bozo cost <int>
set protocols spanning-tree mstp msti <int> interface bozo port-priority <int>
set protocols spanning-tree mstp msti <int> vlan <int>
set protocols spanning-tree mstp revision-level <int>
set protocols spanning-tree pvst interface bozo mode point-to-point
set protocols spanning-tree pvst interface bozo mode shared
set protocols spanning-tree pvst vlan <int> bridge-priority <int>
set protocols spanning-tree pvst vlan <int> enable true
set protocols spanning-tree pvst vlan <int> forward-delay <int>
set protocols spanning-tree pvst vlan <int> hello-time <int>
set protocols spanning-tree pvst vlan <int> interface bozo path-cost <int>
set protocols spanning-tree pvst vlan <int> interface bozo port-priority <int>
set protocols spanning-tree pvst vlan <int> max-age <int>
set protocols spanning-tree rstp bridge-priority <int>
set protocols spanning-tree rstp forward-delay <int>
set protocols spanning-tree rstp hello-time <int>
set protocols spanning-tree rstp interface bozo bpdu-filter true
set protocols spanning-tree rstp interface bozo edge true
set protocols spanning-tree rstp interface bozo mode point-to-point
set protocols spanning-tree rstp interface bozo mode shared
set protocols spanning-tree rstp interface bozo path-cost <int>
set protocols spanning-tree rstp interface bozo port-priority <int>

set protocols spanning-tree rstp interface bozo root-guard true
set protocols spanning-tree rstp interface bozo tcn-guard true
set protocols spanning-tree rstp max-age <int>
set protocols spanning-tree stp bridge-priority <int>
set protocols spanning-tree stp forward-delay <int>
set protocols spanning-tree stp hello-time <int>
set protocols spanning-tree stp interface bozo bpdu-filter true
set protocols spanning-tree stp interface bozo edge true
set protocols spanning-tree stp interface bozo mode point-to-point
set protocols spanning-tree stp interface bozo mode shared
set protocols spanning-tree stp interface bozo path-cost <int>
set protocols spanning-tree stp interface bozo port-priority <int>
set protocols spanning-tree stp interface bozo root-guard true
set protocols spanning-tree stp interface bozo tcn-guard true
set protocols spanning-tree stp max-age <int>
set protocols spanning-tree traceoptions interface bozo all disable true
set protocols spanning-tree traceoptions interface bozo bridge-detection-machine disable true
set protocols spanning-tree traceoptions interface bozo configuration disable true
set protocols spanning-tree traceoptions interface bozo events disable true
set protocols spanning-tree traceoptions interface bozo message-in disable true
set protocols spanning-tree traceoptions interface bozo message-out disable true
set protocols spanning-tree traceoptions interface bozo port-information-machine disable true
set protocols spanning-tree traceoptions interface bozo port-migration-machine disable true
set protocols spanning-tree traceoptions interface bozo port-receive-machine disable true
set protocols spanning-tree traceoptions interface bozo port-role-selection-machine disable true
set protocols spanning-tree traceoptions interface bozo port-role-transition-machine disable true
set protocols spanning-tree traceoptions interface bozo port-state-transition-machine disable true
set protocols spanning-tree traceoptions interface bozo port-transmit-machine disable true
set protocols spanning-tree traceoptions interface bozo state-machine-variables disable true
set protocols spanning-tree traceoptions interface bozo timers disable true
set protocols spanning-tree traceoptions interface bozo topology-change-machine disable trueset protocols
set protocols udld aggressive true
set protocols udld disable true
set protocols udld interface bozo aggressive true
set protocols udld interface bozo disable true
set protocols udld message-interval <int>
set protocols udld traceoptions all disable true

set protocols udld traceoptions configuration disable true
set protocols udld traceoptions event disable true
set protocols udld traceoptions packet disable true
set protocols udld traceoptions raw-packet disable true
set protocols udld traceoptions state-change disable true
set protocols vrrp interface bozo vif bozo vrid <int> disable true
set vlans dot1q-tunneling egress bozo from service-vlan <int>
set vlans dot1q-tunneling egress bozo then action change
set vlans dot1q-tunneling egress bozo then action none
set vlans dot1q-tunneling egress bozo then action one
set vlans dot1q-tunneling egress bozo then action two
set vlans dot1q-tunneling egress bozo then service-vlan <int>
set vlans dot1q-tunneling ingress bozo from double-tag service-vlan <int>
set vlans dot1q-tunneling ingress bozo from one-tag customer-vlan-list bozo
set vlans dot1q-tunneling ingress bozo from untag enabled true
set vlans dot1q-tunneling ingress bozo then customer-vlan <int>
set vlans dot1q-tunneling ingress bozo then service-vlan <int>set vlans traceoptions flag all disable true
set vlans vlan-id <int> description bozo
set vlans vlan-id <int> l3-interface bozo
set vlans vlan-id <int> vlan-name bozo
set vlans vlan-id bozo description bozo
set vlans vlan-id bozo l3-interface bozo
set vlans vlan-id bozo vlan-name bozo
show all interface aggregate-balancing hash-mapping field ethernet-destination-address
show all interface aggregate-balancing hash-mapping field ethernet-source-address
show all interface aggregate-balancing hash-mapping field ethernet-type
show all interface aggregate-balancing hash-mapping field ingress-interface
show all interface aggregate-balancing hash-mapping field ip-destination
show all interface aggregate-balancing hash-mapping field ip-protocol
show all interface aggregate-balancing hash-mapping field ip-source
show all interface aggregate-balancing hash-mapping field port-destinatio
show all interface aggregate-balancing hash-mapping field port-source
show all interface aggregate-balancing hash-mapping field vlan
show all interface gigabit-ethernet <port>
show all protocols lacp
show all protocols spanning-tree
show all vlans vlan-id <int>

show interface aggregate-balancing hash-mapping field ethernet-destination-address
show interface aggregate-balancing hash-mapping field ethernet-source-address
show interface aggregate-balancing hash-mapping field ethernet-type
show interface aggregate-balancing hash-mapping field ingress-interface
show interface aggregate-balancing hash-mapping field ip-destination
show interface aggregate-balancing hash-mapping field ip-protocol
show interface aggregate-balancing hash-mapping field ip-source
show interface aggregate-balancing hash-mapping field port-destination
show interface aggregate-balancing hash-mapping field port-source
show interface aggregate-balancing hash-mapping field vlan
show interface gigabit-ethernet <port>
show protocols lacp
show protocols spanning-tree
show vlans vlan-id <int>
Layer3 Routing Configuratio
Chapter 6. Layer3 Routing Configuration

This chapter describes the configuration steps of Layer3 routing, including static routing, RIPv2, OSPFv2,
VRRP, and ECMP.
Layer3 VLAN Interface Configuration

● The Layer3 interface is a VLAN interface. You should create a VLAN and a VLAN interface before configuring the
Layer 3 interface.
● You can configure the IP address and prefix length for the VLAN interface.
● When all the member ports in the VLAN are link-down, the VLAN interface will be link-down. The VLAN interface
will be link-up when at least one of the member ports are link-up.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 192.168.1.1 prefix-length 24
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show vlan-interface
Layer 3 Routing Configuratio
vlan-2 Hwaddr C8:0A:A9:9E:14:9F, Vlan:2, State:DOWN
Inet addr: 192.168.1.1/24
fe80::ca0a:a9ff:fe9e:149f/64
Traffic statistics:
IPv4 Input Packets............................0
IPv4 Forwarding Packets.......................0
vlan-3 Hwaddr C8:0A:A9:9E:14:9F, Vlan:3, State:UP

Inet addr: 192.168.2.1/24
fe80::ca0a:a9ff:fe9e:149f/64
Traffic statistics:
XorPlus#
ARP Configuration
(1) Configuring ARP aging time
In the default setting, the ARP aging time is 1200 seconds.
XorPlus# set protocols arp aging-time 600

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring a static ARP entry

[edit]
[edit]
[edit]
XorPlus# set vlan-interface interface vlan-2 address 192.168.1.1 prefix-length 24
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#set protocols arp interface vlan-2 address 192.168.1.1 mac-address 22:22:22:22:22:22
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Dynamic ARP Inspection---DAI

DAI is a security feature that validates ARP packets in a network. DAI intercepts, and discards ARP packets with
invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the-middle attacks.
DAI ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
• Intercepts all ARP requests and responses on untrusted ports
• Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local
ARP cache or before forwarding the packet to the appropriate destination
• Drops invalid ARP packets
DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database,
the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the
VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without
any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.
DAI associates a trust state with each interface on the switch. Packets arriving on trusted interfaces bypass all DAI
validation checks, and those arriving on untrusted interfaces undergo the DAI validation process.
In a typical network configuration, you configure all switch ports connected to host ports as untrusted and configure all
switch ports connected to switches as trusted. With this configuration, all ARP packets entering the network from a
given switch bypass the security check. No other validation is needed at any other place in the VLAN or in the network.
When configuring DAI, follow these guidelines and restrictions:
• DAI is an ingress security feature; it does not perform any egress checking.
• DAI is not effective for hosts connected to switches that do not support DAI or that do not have this feature
enabled. Because man-in-the-middle attacks are limited to a single Layer 2 broadcast domain, separate the domain
with DAI checks from the one with no checking. This action secures the ARP caches of hosts in the domain enabled
for DAI.
• DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address bindings in
incoming ARP requests and ARP responses. Make sure to enable DHCP snooping to permit ARP packets that have
dynamically assigned IP addresses.,
• DAI is supported on access ports, trunk ports.lag ports.
DAI Configuration example
DHCP
Server
Te-1/1/50
Switch
Te-1/1/52
Host
Figure-DAI
(1). Step 1: Eable DHCP snooping on Switch
You can enable dhcp snooping on the egress port, the port connected to DHCP Server
Enable dhcp snooping
XorPlus# set protocols dhcp snooping disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Set the interface to trust mode
XorPlus# set protocols dhcp snooping port te-1/1/50 trust true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2). Step 2: enable DAI
You can enable DAI on the port connect to the host
XorPlus# set protocols arp interface vlan-900 inspection disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3). Step 3: Check arp inspection table
When the host got an ip address from the DHCP server and the switch have enabled dhcp snooping, it will created a
table, IP-MAC-port binded table , the entry in this table was trusted ,all other ARP packet will be discarded not in this
table(The arp packet must be according with the arp inspection table, interface . ip address .Mac address must be
identified )
XorPlus# run show arp inspection
Total count : 1
Interface DAI Address HW Address
--------- -------- --------------- -----------------
vlan-900 Enabled 192.168.9.5 0:1e:c9:bb:d3:35
Static Routing Configuration

●In Layer 2 / Layer 3, all routing entries will be configured to the ASIC switching chip if the outgoing VLAN-interface is
link-up, and the outgoing physical port is learning.
● Traffic that can be routed will have a route entry in the RIB and the ARP of the next hop; the outgoing interface
should be link-up. The traffic will then be soft-routed (i.e., routed by the switch’s CPU).
● When the switch learns the MAC address of the next-hop, the switch will forward the traffic with the ASIC chip.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# set protocols static route 10.10.1.0/24 next-hop 192.168.2.5
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show route table ipv4 unicast final
10.10.1.0/24 [static(1)/1]
> to 192.168.2.5 viavlan-3/vlan-3
192.168.1.0/24 [connected(0)/0]
> via vlan-2/vlan-2
192.168.2.0/24 [connected(0)/0]
> via vlan-3/vlan-3
XorPlus#
XorPlus# run show route forward-route ipv4 all
Destination NetMask NextHopMac Port
--------------- --------------- ----------------- ---------
10.10.1.0 255.255.255.0 00:1E:68:37:EF:7D ge-1/1/2
192.168.1.0 255.255.255.0 C8:0A:A9:04:49:28 connected
192.168.2.0 255.255.255.0 C8:0A:A9:04:49:28 connected
With the show route forward-routeipv4 all command, all the route entries in the ASIC chip will be displayed.
Following the show route table ipv4 unicast final command, all routes in the RIB of the kernel will be displayed.
Static Routing Configuration Example

●An example of configuration with static routing is shown in Fig. 5-1.
●Host A and Host B should be able to communicate with each other.
●Host A and Host B should be able to communicate with the gateway (e.g., access Internet).
Gateway
10.10.5.1/24
ge-1/1/3 10.10.5.2/24
10.10.3.2/24 10.10.4.2/24
ge-1/1/1 ge-1/1/2
Switch C
10.10.1.8/24 10.10.3.1/24 ge-1/1/2 10.10.4.1/24 ge-1/1/2 10.10.2.8/24
10.10.6.1/24 10.10.6.2/24
10.10.1.1/24 10.10.2.1/24
Host A ge-1/1/3 ge-1/1/3 Host B
ge-1/1/1 Switch A Switch B ge-1/1/1
Figure 5-1. Static routing configuration.
(1) Configuring Switch A

For Switch A, you should configure 3 VLAN interfaces for networks 10.10.1.1/24, 10.10.3.1/24, and 10.10.6.1/24. You
should also configure a static route to10.10.2.0/24, and a default route.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
You can verify the route entry in the RIB as follows:
0.0.0.0/0 [static(1)/1]
> to 10.10.3.2 via vlan-3/vlan-3
10.10.2.0/24[static(1)/1]
10.10.1.0/24 [connected(0)/0]
> via vlan-2/vlan-2
10.10.3.0/24 [connected(0)/0]
> via vlan-3/vlan-3
10.10.6.0/24 [connected(0)/0]
> via vlan-4/vlan-4
XorPlus#
(2) Configuring Switch B

Configure 3 VLAN interfaces for networks 10.10.2.1/24, 10.10.4.1/24, and 10.10.6.2/24. Then configure a static route
to 10.10.1.0/24, and a default route.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
You can verify the route entry in the RIB:

0.0.0.0/0 [static(1)/1]
10.10.1.0/24[static(1)/1]
10.10.2.0/24 [connected(0)/0]
> via vlan-2/vlan-2
10.10.4.0/24 [connected(0)/0]
> via vlan-3/vlan-3
10.10.6.0/24 [connected(0)/0]
> via vlan-4/vlan-4
XorPlus#
(3) Configuring Switch C

Configure 3 VLAN interfaces for networks 10.10.3.2/24, 10.10.4.2/24, and 10.10.5.2/24. Then configure a static route
to 10.10.1.0/24, and a default route.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
You can verify the route entry in the RIB:

0.0.0.0/0 [static(1)/1]
10.10.1.0/24[static(1)/1]
10.10.2.0/24[static(1)/1]
10.10.6.0/24[static(1)/1]
10.10.3.0/24 [connected(0)/0]
> via vlan-2/vlan-2
10.10.4.0/24 [connected(0)/0]
> via vlan-3/vlan-3
10.10.5.0/24 [connected(0)/0]
> via vlan-4/vlan-4
XorPlus#
RIPv2 Routing Protocol Configuration

● In Layer 2 / Layer 3, RIPv2 is supported.
● A policy statement is used to specify which route entry will be distributed. For example, you can
distribute the static route or the connected route to a neighbor. You can also specify the distributed
route metric.
● You can configure the RIPv2 interface parameters (accept-default-route, advertise-default-route,

deletion-delay, request-interval, update-interval).

[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set policy policy-statement connected-to-rip term export from protocol connected
[edit]
XorPlus# set policy policy-statement connected-to-rip term export then metric 0
[edit]
XorPlus# set policy policy-statement static-to-rip term export from protocol static
[edit]
XorPlus# set policy policy-statement static-to-rip term export then metric 1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols rip interface vlan-2vif vlan-2 address 192.168.1.1
[edit]
XorPlus# set protocols rip export "connected-to-rip,static-to-rip"
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
You can verify the RIP configuration:
XorPlus# run show rip status all
* RIP on vlan-2vlan-2 192.168.1.1

Status: enabled
XorPlus#
XorPlus# run show rip statistics all
* RIP on vlan-2vlan-2 192.168.1.1

Status: enabled
Counter Value
-------------------------------- ----------------
Requests Sent 7
Updates Sent 6
Triggered Updates Sent 1
Non-RIP Updates Sent 0
Total Packets Received 0
Request Packets Received 0
Update Packets Received 0
Bad Packets Received 0
Authentication Failures 0
Bad Routes Received 0
Non-RIP Requests Received 0
RIPv2 Routing Configuration Example

● An example of configuring RIPv2 is shown in Fig. 5-2.
● Host A and Host B should be able to communicate with each other with an RIP route.
● Host A and Host B should be able to communicate with the gateway (e.g., access Internet) with RIP.
Gateway
10.10.5.1/24
ge-1/1/3 10.10.5.2/24
10.10.3.2/24 10.10.4.2/24
ge-1/1/1 ge-1/1/2
Switch C
10.10.1.8/24 10.10.3.1/24 ge-1/1/2 10.10.4.1/24 ge-1/1/2 10.10.2.8/24
10.10.1.1/24 10.10.2.1/24
Host A Host B
ge-1/1/1 Switch A Switch B ge-1/1/1
Figure 5-2. RIPv2 routing configuration.

For Switch A, configure 2 VLAN interfaces for networks 10.10.1.1/24 and 10.10.3.1/24. You should also configure an
RIP interface in network 10.10.3.1/24. Switch A should accept the default route, which is advertised by Switch C.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols rip interface vlan-3 address 10.10.3.1
[edit]
XorPlus# set protocols rip export "connected-to-rip"
[edit]
XorPlus# set protocols rip interface vlan-3vif vlan-3 address 10.10.3.1 accept-default-route true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

Configure 2 VLAN interfaces for networks 10.10.1.1/24 and 10.10.3.1/24. Then configure an RIP interface in network
10.10.3.1/24. Switch B should accept the default route, which is advertised by Switch C.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# set protocols rip interface vlan-3vif vlan-3 address 10.10.4.1 accept-default-route true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

Configure 3 VLAN interfaces for networks 10.10.3.2/24, 10.10.4.2/24, and 10.10.5.2/24. You should also configure a
default route and 2 RIP interfaces.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# set protocols rip interface vlan-2vif vlan-2 address 10.10.3.2 advertise-default-route true
[edit]
[edit]
XorPlus# set protocols rip interface vlan-3vif vlan-3 address 10.10.4.2 advertise-default-route true
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(4) Verifying the RIP Configuration

You can verify the RIP configuration of the switches as shown below. (In our example, we verify the RIP peer and the
RIP route table in Switch A.)
XorPlus# run show rip peer

Address Interface State Hello Rx Hello Tx Last Hello
--------------- --------------- ------ ---------- ---------- ----------
10.10.3.2vlan-3/vlan-3 Up 0 0 00:41:44
XorPlus#
XorPlus# run show route table ipv4 unicast rip
0.0.0.0/0[rip(120)/1]
10.10.2.0/24 [rip(120)/1]
10.10.4.0/24 [rip(120)/1]
OSPF Routing Protocol Configuration

●In Layer 2 / Layer 3, OSPFv2 is supported.
●XorPlus supports normal areas, stub areas, and not-so-stubby areas (NSSAs) in OSPF.
(1) Configuring the router ID

The router ID should be configured first when you configure OSPF.
The router ID is a string similar to the IP address, and should be unique in the OSPF domain. You should not change
the router ID after completing the configuration.
XorPlus# set protocols ospf4 router-id 1.1.1.1

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
(2) Configuring an OSPF area and area-type

Area 0.0.0.0 is the backbone area of OSPF; each OSPF domain should have the area 0.0.0.0. Area types include
normal, stub, and NSSA.
XorPlus# set protocols ospf4 area 0.0.0.0 area-type normal

[edit]
XorPlus# set protocols ospf4 area 1.1.1.1 area-type stub
[edit]
XorPlus# set protocols ospf4 area 2.2.2.2 area-type nssa
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Configuring OSPF interfaces

After configuring an OSPF area, configure OSPF interfaces in the area. These interfaces will transmit and receive
LSAs to calculate the route.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2vif vlan-2 address 10.10.60.10
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show ospf4 interface
Interface State Area DR ID BDR ID Nbrs
--------- -------- --------------- --------------- --------------- ----
vlan-2 DR 0.0.0.0 1.1.1.1 0.0.0.0 0
vlan-3 DR 0.0.0.0 1.1.1.1 0.0.0.0 0
(4) Configuring additional OSPF interface parameters

You can also configure additional OSPF interface parameters (hello interval, interface-cost, static neighbor, priority,
retransmit-interval, router-dead-interval, transmit-delay).
XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2vif vlan-2 address 10.10.60.10hello-interval 5
[edit]
XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2vif vlan-2 address 10.10.60.10interface-cost 8
[edit]
XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-2vif vlan-2 address 10.10.60.10transmit-delay 2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show ospf4 interface detail
Interface vlan-2/vlan-2, State DR, Area 0.0.0.0
DR ID 1.1.1.1, BDR ID 0.0.0.0, Nbrs 0
Network Type BROADCAST, Address 10.10.60.10, Mask 255.255.255.0, Cost 8
DR addr 10.10.60.10, BDR addr 0.0.0.0, Priority 128
Hello 10, Dead 40, ReXmit 5, NORMAL
OSPF Routing Basic Configuration Example

● Fig.5-3 presents an example of configuring OSPF routing. Switch A and Switch B are located in the backbone area,
0.0.0.0. There are two non-backbone areas, 1.1.1.1 and 2.2.2.2.
● Switch D will obtain the routes of networks 10.10.1.0/24, 10.10.3.0/24, and 10.10.9.0/24,through the
LSAs sent from its neighbors. Switch C will obtain the routes of networks 10.10.1.0/24, 10.10.2.0/24, and
10.10.8.0/24, according to LSAs sent from its neighbors.
Ge-1/1/1 Ge-1/1/1
10.10.1.1/24 10.10.1.2/24 Switch B
Switch A Area
0.0.0.0
Ge-1/1/2 Ge-1/1/2
10.10.2.1/24 10.10.3.1/24
Area Area
0.0.0.1 0.0.0.2
Ge-1/1/1 Ge-1/1/1
10.10.2.2/24 10.10.3.2/24
Switch D Switch C
Ge-1/1/2 Ge-1/1/2
10.10.8.1/24 Host A Host B 10.10.9.1/24
Figure 5-3. OSPF basic routing configuration.
For switch A, configure 2 VLAN interfaces for networks 10.10.1.1/24 and 10.10.2.1/24. You should also configure area
0.0.0.0, which includes network 10.10.1.1/24, and area 0.0.0.1, which includes network 10.10.2.1/24.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

Configure 2 VLAN interfaces for networks 10.10.1.2/24 and 10.10.3.1/24. Then configure area 0.0.0.0, which includes
network 10.10.1.2/24, and area 0.0.0.3, which includes network 10.10.3.1/24.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

Configure just one OSPF interface, in area 0.0.0.2.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(4) Configuring Switch D


[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(5) Verifying the OSPF configuration

You can verify the OSPF configuration of a switch by checking its OSPF neighbor.
Below, switch A has two OSPF neighbor interfaces, 10.10.1.2 and 10.10.2.2.
XorPlus# run show ospf4 neighbor

Address Interface State Router ID Pri Dead
--------------- --------------------- -------- --------------- ----- ----
10.10.1.2vlan-2/vlan-2 Full 2.2.2.2 1 32
10.10.2.2vlan-3/vlan-3 Full 4.4.4.4 1 32
Then check the OSPF database as shown below:
XorPlus# run show ospf4 database

OSPF link state database, Area 0.0.0.0
Type ID Adv Rtr Seq Age Opt Cksum Len
------- ---------------- --------------- ---------- ---- --- ------ ---
Router *1.1.1.1 1.1.1.1 0x8000025a 394 0x2 0xf2bb 48
Network *10.10.1.1 1.1.1.1 0x80000180 394 0x2 0xc0b9 32
Network *10.10.2.1 1.1.1.1 0x80000180 394 0x2 0xc0b9 32
Router 2.2.2.2 2.2.2.2 0x8000023e 339 0x2 0x3024 36
Network 10.10.3.1 2.2.2.2 0x80000180 394 0x2 0xc0b9 32
Router 3.3.3.33.3.3.3 0x8000023e 339 0x2 0x3024 36
Network 10.10.9.1 3.3.3.3 0x80000180 394 0x2 0xc0b9 32
Router 4.4.4.44.4.4.4 0x8000023e 339 0x2 0x3024 36
Network 10.10.8.1 4.4.4.4 0x80000180 394 0x2 0xc0b9 32
OSPF link state database, Area 0.0.0.2

Type ID Adv Rtr Seq Age Opt Cksum Len
------- ---------------- --------------- ---------- ---- --- ------ ---
Router *1.1.1.1 1.1.1.1 0x8000025a 394 0x2 0xf2bb 48
Network *10.10.1.1 1.1.1.1 0x80000180 394 0x2 0xc0b9 32
Network *10.10.2.1 1.1.1.1 0x80000180 394 0x2 0xc0b9 32
Router 2.2.2.2 2.2.2.2 0x8000023e 339 0x2 0x3024 36
Network 10.10.3.1 2.2.2.2 0x80000180 394 0x2 0xc0b9 32
Router 3.3.3.33.3.3.3 0x8000023e 339 0x2 0x3024 36
Network 10.10.9.1 3.3.3.3 0x80000180 394 0x2 0xc0b9 32
Router 4.4.4.44.4.4.4 0x8000023e 339 0x2 0x3024 36
Network 10.10.8.1 4.4.4.4 0x80000180 394 0x2 0xc0b9 32
Finally, you can check the OSPF route in the RIB of switch A.
XorPlus#
XorPlus# run show route table ipv4 unicast osfp
10.10.3.0/24 [ospf(110)/2]
OSPF Configuration Example: NSSA/Stub/Normal

● The configurations of an OSPF NSSA and a stub area are shown in Fig. 5-4.
● Switch D will obtain the routes of networks 10.10.1.0/24, 10.10.3.0/24, and 10.10.9.0/24, according to the
LSAs received from its neighbors. Switch C will obtain the routes of networks 10.10.1.0/24, 10.10.2.0/24,
and10.10.8.0/24, according to the LSAs received from its neighbors.
● The figure below does not include RIP or BGP configurations.
Ge-1/1/1 Ge-1/1/1
10.10.1.1/24 10.10.1.2/24 Switch B
Switch A Area
0.0.0.0
Ge-1/1/2 Ge-1/1/2
10.10.2.1/24 10.10.3.1/24
Stub
Area NSSA
Area
0.0.0.1 Internet 0.0.0.2
Ge-1/1/1 BGP or RIP Ge-1/1/1

10.10.2.2/24 10.10.3.2/24
Switch D Switch C
Ge-1/1/2 Ge-1/1/2
10.10.8.1/24 Host A Host B 10.10.9.1/24
Figure 5-4. OSPF NSSA, stub area configurations.

For switch A, configure 2 VLAN interfaces for networks 10.10.1.1/24 and 10.10.2.1/24. You should also configure area
0.0.0.0, which includes network 10.10.1.1/24,and area 0.0.0.1, which includes network 10.10.2.1/24.
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

Configure 2 VLAN interfaces for networks 10.10.1.2/24 and 10.10.3.1/24. Then configure area 0.0.0.0, which includes
network 10.10.1.2/24, and stub area 0.0.0.3, which includes network 10.10.3.1/24.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# set protocols ospf4 area 0.0.0.2area-type stub
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# set protocols ospf4 area 0.0.0.2area-type stub
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

Configure just one OSPF interface, in area 0.0.0.1. Switch D should import the RIP or BGP route from the RIB, and
distribute it to other areas.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set policy policy-statement rip-ospf term rip from protocol rip
[edit]
XorPlus# set policy policy-statement rip-ospf term rip then external-type 2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# set protocols ospf4 export rip-ospf
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
OSPF Stub Area/NSSA Summary

By default external routes and inter-area routes will be injected into stub areas or NSSAs. You can utilize the
summaries disable true parameter to prevent external orinter-area routes from being injected into stub areas or
NSSAs. You can also use set protocols ospf4 area <area-id> default-lsa disable false to create a default
route entry.
Area Area
0.0.0.0 1.1.1.1
Switch Switch Switch

A B C
Figure 5-5. OSPF Stub area/NSSA summary: area 1.1.1.1 should be a stub area or an NSSA.

[edit]
[edit]
XorPlus# set interface gigabit-ethernet te-1/1/49 family ethernet-switching native-vlan-id 500
[edit]
[edit]
XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-500 vif vlan-500 address 192.168.1.2
[edit]
XorPlus# commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#
OSPF Virtual Link Configuration Guide

●The single backbone area (area 0.0.0.0) cannot be disconnected, or certain areas of the Autonomous System
will become unreachable. To establish and maintain connectivity of the backbone, virtual links can be
configured through non-backbone areas. Virtual links serve to connect physically separate components of the
backbone.
● The two endpoints of a virtual link are Area Border Routers (ARBs). The virtual link must be configured in both
routers. The configuration information in each router consists of the other virtual endpoint (the other ARB), and
the non-backbone area that the two routers have in common (called the transit area). Virtual links cannot be
configured through stub areas.
● Enable OSPF on Switch A, B, C, and D at the beginning. There is no route entry from the backbone area
(0.0.0.0) to area 2.2.2.2.
Area 0.0.0.0 Area 1.1.1.1 Area 2.2.2.2
Swit Swit Swit Swit

ch A ch B ch C ch D
Figure 5-7. Virtual link configuration.

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#
Enable virtual links on the Area Border Routers (Switch B and Switch C). After this step, there will be a
route entry from the backbone area, 0.0.0.0, to area 2.2.2.2.
XorPlus# set protocols ospf6 area 0.0.0.0 virtual-link 3.3.3.3 transmit-area 1.1.1.1
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#
XorPlus# set protocols ospf6 area 0.0.0.0 virtual-link 4.4.4.4 transmit-area 1.1.1.1
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#
(3) Checking an IPv6 OSPF
# Check ipv6 ospf neighbor on Switch B

XorPlus# run show ospf4 neighbor
Address Interface State Router ID Pri Dead
--------------- --------------------- -------- --------------- ----- ----
192.168.1.2 vlan-500/vlan-500 Full 1.1.1.1 128 34
172.25.150.249 vlan-400/vlan-400 Full 3.3.3.3 128 36
172.25.150.249 vlink/3.3.3.3 Init 3.3.3.3 0 0

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#
(4) Configuring area 1.1.1.1 as a stub area or NSSA
XorPlus# set protocols ospf4 area 1.1.1.1 area-type <normal | stub | nssa>
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
# Check route table on DUT3,there will be route entry to backbone area 192.168.1.0/30
--------------- --------------- ----------------- ---------
172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected
192.168.1.0 255.255.255. 252 60:EB:69:9B:BE:31 te-1/1/51
Total route count:2
(5) Disabling the summary function on ABR (DUT2 area 1.1.1.1)
XorPlus# set protocols ospf4 area 1.1.1.1 summaries disable true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
# Check route table on DUT3,the route entry to backone area was lost
--------------- --------------- ----------------- ---------
172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected
Total route count:1
# Enabel default-lsa function on ABR(DUT2)
--------------- --------------- ----------------- ---------
172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected
0.0.0.0 0.0.0.0 60:EB:69:9B:BE:31 te-1/1/51
Total route count:2
OSPF Area Range Configuration Guide

● OSPF should aggregate the route entries from the backbone area into a non-backbone area, or from a non-
backbone area into the backbone area. Route aggregation works only on the ABR.
● You can use the “advertise disable” parameter to restrain ABR route aggregation. The ABR will generate route
aggregation by default after you configure area-range, and the packet is routed to the best (the longest or most
specific) match.
Area Area
0.0.0.0 1.1.1.1
Switch Switch Switch

A B C
Figure 5-6. OSPF area range configuration.

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#
(4) Checking the route table on Switch C

There will be a 30-bit route entry,192.168.1.0/30.

--------------- --------------- ----------------- ---------
172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected
192.168.1.0 255.255.255. 252 60:EB:69:9B:BE:31 te-1/1/51
Total route count:2
(5) Configuring area-range on ABR(DUT2)
XorPlus# set protocols ospf4 area 0.0.0.0 area-range 192.168.1.0/24 advertise true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(6) Checking the route table on DUT3

The route entry 192.168.1.0/30 will be replaced by 192.168.1.0/24.

--------------- --------------- ----------------- ---------
172.25.150.248 255.255.255.252 08:9E:01:62:D5:61 connected
192.168.1.0 255.255.255. 0 60:EB:69:9B:BE:31 te-1/1/51
Total route count:2
Importing an External Route into an OSPF Area

Area 0.0.0.0 Area 1.1.1.1
Switc Switc Switc Switc

hA hB hC hD
Figure 5-8. Importing an external route into an OSPF area.


[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus#commit
[edit]
Commit OK.
Save Done.
[edit]
XorPlus#
(4) Configuring an external route import policy on Switch C
# Configure external static route.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
# Configure policy to import external route
XorPlus# set policy policy-statement static term 1 from protocol static
[edit]
XorPlus# set policy policy-statement static then accept
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
# Using policy on ospf
XorPlus# set protocols ospf4 export static
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
# Check route table on Switch A , there will be route entry 192.168.6.0/24
--------------- --------------- ----------------- ---------
192.168.1.0 255.255.255.252 C8:0A:A9:AE:0A:66 connected
172.25.150.248 255.255.255.252 60:EB:69:9B:BE:31 te-1/1/47
192.168.6.0 255.255.255.0 60:EB:69:9B:BE:31 te-1/1/47
Total route count:3
BFD Protocol Configuration

●BFD supports for OSPF, BGP, static route and ECMP.
(5) Configuring the mode

There are two BFD modes: active and passive.
The BFD will send protocol messages initiatively in active mode, and passively in passive mode.
XorPlus# set protocols bfd mode active

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols bfd mode passive
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(6) Configuring detect-multiplier, min-receive-interval and min-transmit-interval
Detect-multiplier: a detection timeout multiple, it is used in calculating detection timeout time by the detector; min-
receive-interval: the minimum sending interval of the BFD packet supported by the local side; min-transmit-interval: the
minimum receiving interval of the BFD packet supported by the local side.
XorPlus# set protocols bfd interface vlan25 detect-multiplier 5

[edit]
XorPlus# set protocols bfd interface vlan25 min-transmit-interval 1000
[edit]
XorPlus# set protocols bfd interface vlan25 min-receive-interval 2000
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(7) Enable BFD on L3 interface

Enable BFD on the VLAN interface.
XorPlus# set protocols bfd interface vlan25 disable false

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(8) Enable BFD supporting for OSPF4
Enable BFD to support for protocol OSPF4.
XorPlus# set protocols ospf4 area 1.1.1.1 interface vlan-25 vif vlan-25 address 125.125.25.6 bfd disable
false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(9) Enable BFD supporting for OSPF6

Enable BFD to support for protocol OSPF6.
XorPlus# set protocols ospf6 area 1.1.1.1 interface vlan-23 vif vlan-23 bfd disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(10) Enable BFD supporting for BGP

Enable BFD to support for protocol BGP.
XorPlus# set protocols bgp peer 125.125.25.1 bfd disable false

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(11) Enable BFD supporting for static route

Enable BFD to support for protocol static route.

[edit]
XorPlus# set protocols static route 201.201.20.0/24 bfd true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(12) Enable BFD supporting for ECMP

Enable BFD to support for protocol ECMP.

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols static route 201.201.20.0/24 qualified-next-hop 115.115.15.1 bfd true
[edit]
XorPlus# set protocols static route 201.201.20.0/24 qualified-next-hop 115.115.15.1 metric 1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
BFD Basic Configuration Example

● Fig.5-9 presents an example of configuring BFD supporting for OSPF4. Switch A and Switch B are located in the
backbone area, 0.0.0.0.
Switch A Switch B
123.123.10.1/24 123.123.10.6/24
Area
0.0.0.0
Ge-1/1/1 Ge-1/1/1
Figure 5-9. BFD basic configuration.

For switch A, configure one VLAN interface for networks123.123.10.1/24. You should also configure area 0.0.0.0,
which includes network 123.123.10.1/24 and 123.123.10.6/24, and enable BFD on OSPF4 and VLAN interface.

[edit]
XorPlus# set vlans vlan-id 10 l3-interface vlan10
[edit]
[edit]
XorPlus# set vlan-interface interface vlan10 vif vlan10 address 123.123.10.1 prefix-length 24
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan10 vif vlan10 address 123.123.10.1 bfd disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

For switch B, configure one VLAN interface for networks123.123.10.6/24. You should also configure area 0.0.0.0,
which includes network 123.123.10.1/24 and 123.123.10.6/24, and enable BFD on OSPF4 and VLAN interface.
.

[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan-10 vif vlan-10 address 123.123.10.6 bfd disable
false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols bfd interface vlan-10 disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(8) Verifying the BFD configuration

You can verify the BFD configuration of a switch by checking its BFD neighbor.
XorPlus# run show bfd neighbor ipv4

Detect Transmit
Local Address Remote Address Interface State Time(ms) Interval(ms) Multiplier
--------------- --------------- --------- --------- -------- ------------ ----------
123.123.10.1 123.123.10.6 vlan10 Up 1500 500 3
XorPlus#
● Fig.5-10 presents an example of configuring BFD supporting for static route.
Switch A Switch B
123.123.10.1/24 123.123.10.6/24
Ge-1/1/1 Ge-1/1/1
Figure 5-10. BFD basic configuration

For switch A, configure one VLAN interface for networks123.123.10.1/24. You should also configure static route whose
next hop direct to network 123.123.10.6/24, and enable BFD on static route and VLAN interface.

[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

For switch B, configure one VLAN interface for networks123.123.10.6/24. You should also configure static route whose
next hop direct to network 123.123.10.1/24, and enable BFD on static route and VLAN interface.
.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols bfd interface vlan-10 disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Verifying the BFD configuration

You can verify the BFD configuration of a switch by checking its BFD neighbor.
XorPlus# run show bfd neighbor ipv4

Detect Transmit
Local Address Remote Address Interface State Time(ms) Interval(ms) Multiplier
--------------- --------------- --------- --------- -------- ------------ ----------
123.123.10.1 123.123.10.6 vlan10 Up 1500 500 3
XorPlus#
BGP Configuration Guide

(1) Configuring a BGP router ID
The router ID should be configured first when you configure BGP. The router ID is a string similar to the IP address,
and is the identifier of a BGP router in an AS. You should not change the router ID after completing the configuration.
By default, the BGP router ID is not configured.
XorPlus# set protocols bgp bgp-id 1.1.1.1

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring BGP local-AS
The local AS (autonomous system) should be configured first when you configure BGP.
The AS_Path attribute records all the AS’s that a route passes through from the source to the destination, following the
order of vectors.
XorPlus# set protocols bgp local-as 100

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Configuring external BGP peering

If the AS number of the specified peer is different from the local AS number during the configuration of BGP peers, an
EBGP peer is configured.
To establish point-to-point connections between peer autonomous systems, configure a BGP session on each
interface of a point-to-point link. Generally, such sessions are made at network exit points with neighboring hosts
outside the AS.

[edit]
XorPlus# set protocols bgp peer 192.168.49.1 as 200
[edit]
XorPlus# set protocols bgp peer 192.168.49.1 next-hop-self true[edit]
XorPlus# set protocols bgp peer 192.168.49.1 local-ip 192.168.49.2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(4) Configuring internal BGP peering

If the AS number of the specified peer is the same as the local AS number during the configuration of BGP peers, an
IBGP peer is configured.

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(5) Configuring the BGP Local Preference

Internal BGP (IBGP) sessions use a metric called the local preference, which is carried in IBGP update packets in the
path attribute LOCAL_PREF. When an autonomous system (AS) has multiple routes to another AS, the local
preference indicates the degree of preference for one route over the other routes. Expectedly, the route with the
highest local preference value is preferred.
XorPlus# set policy policy-statement send-network term t1 from network4 172.168.200.0/24

[edit]
XorPlus# set policy policy-statement send-network term t1 from protocol bgp
[edit]
XorPlus# set policy policy-statement send-network term t1 then localpref 200
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(6) Configuring BGP MED

The multi-exit discriminator (MED) helps determine the optimal route for the incoming traffic of an AS, and is similar to
the metric used in IGP. When a BGP device obtains multiple routes to the same destination address but with different
next hops from EBGP peers, the BGP device selects the route with the smallest MED value as the optimal route.
XorPlus# set policy policy-statement send-network term t1 from network4 172.168.200.0/24

[edit]
XorPlus# set policy policy-statement send-network term t1 from protocol bgp
[edit]
XorPlus# set policy policy-statement send-network term t1 then med 200
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(7) Configuring BGP next hop

● When an Autonomous System Boundary Router (ASBR) forwards the route learned from an EBGP peer to an
IBGP peer, the ASBR, by default, does not change the next hop of the route. When the IBGP peer receives this
route, it finds the next hop unreachable, sets the route to inactive, and does not use this route to guide traffic
forwarding.
● To enable the IBGP peer to use this route to guide traffic forwarding, configure the ASBR to set its IP address as
the next hop of the route when the ASBR forwards this route to the IBGP peer. After the IBGP peer receives this
route from the ASBR, it finds the next hop of the route reachable, sets the route to active, and uses this route to
guide traffic forwarding.
● When a BGP route changes, BGP needs to iterate the indirect next hop of the route again. If no restriction is
imposed on the iterated route, BGP may iterate the next hop to an incorrect forwarding path, causing traffic loss.
Configure routing policy-based route iteration to prevent traffic loss.

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(8) Configuring BGP route reflectors
● To ensure the connectivity between IBGP peers within an AS, you need to establish fullmesh connections between
the IBGP peers. When there are many IBGP peers, it is costly to establish a fullymeshed network. A route reflector
(RR) can solve this problem.
● A cluster ID can help prevent routing loops between multiple RRs within a cluster, and between clusters. When a
cluster has multiple RRs, the same cluster ID must be configured for all RRs within the cluster.
● If full-mesh IBGP connections are established between clients of multiple RRs, route reflection between clients is
not required and wastes bandwidth resources. In this case, prohibit route reflection between clients to reduce the
network burden.
● Within an AS, an RR transmits routing information and forwards traffic. When an RR connects to a large number of
clients and non-clients, many CPU resources are consumed if the RR transmits routing information and forwards
traffic simultaneously. This also reduces route transmission efficiency. To improve route transmission efficiency,
prohibit BGP from adding preferred routes to IP routing tables on the RR, enabling the RR to only transmit routing
information.

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set protocols bgp route-reflector cluster-id 16.16.16.16
[edit]
XorPlus# set protocols bgp route-reflector disable false
[edit]
XorPlus# set protocols bgp peer 192.168.49.1 client true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(9) Configuring BGP confederations

A confederation divides an AS into sub-AS’s, which establish EBGP connections. Within each sub-AS, IBGP peers
establish fullmesh connections or have an RR configured. On a large BGP network, configuring a confederation can
reduce the number of IBGP connections, simplify routing policy management, and improve route advertisement
efficiency.

[edit]
[edit]
XorPlus# set protocols bgp peer 192.168.49.1 next-hop-self true
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set protocols bgp confederation identifier 2000
[edit]
XorPlus# set protocols bgp confederation disable false
[edit]
XorPlus# set protocols bgp peer 192.168.49.1 confederation-member true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(10) Configuring the BGP connect timer

Hold timers can be configured for all peers. The proper maximum interval at which Keep alive messages are sent is
one third the hold time.
XorPlus# set protocols bgp peer 192.168.49.1 holdtime 30

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(11) Configuring MD5 authentication for TCP connections

Configure Message Digest5 (MD5) authentication on a TCP connection between two BGP peers. The two peers must
have the same configured password to establish TCP connections.
XorPlus# set protocols bgp peer 192.168.11.10 md5-password pica8
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(12) Configuring EBGP fast-external-fallover

This feature allows BGP to immediately respond to a fault on an interface, and delete the direct EBGP sessions on the
interface without waiting for the hold timer to expire. It implements rapid BGP network convergence.
By default, EBGP fast-external-fallover is disabled.
XorPlus# set protocols bgp fast-external-fallover disable false

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(13) Configuring BGP route summarization

BGP supports automatic route summarization and manual route summarization. Manual route summarization takes
precedence over automatic route summarization.
Configure automatic route summarization as follows:
XorPlus# set protocols bgp auto-summary true

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
bgp auto-summary true summarizes the routes exported by BGP.
To configure manual route summarization:
XorPlus# set protocols bgp aggregate network4 192.168.1.0/24 suppress-detail true

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(14) Configuring BGP to advertise default routes to peers

The BGP device can be configured to send only a default route, with the local address as the next hop address, to its
peer, regardless of whether there are default routes in the local routing table.
XorPlus# set protocols bgp peer 192.168.11.10 default-route-advertise

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(15) Configuring BGP to remove private AS numbers

Private autonomous system (AS) numbers that range from 64512 to 65535 are used to conserve globally unique AS
numbers. BGP can remove private AS numbers from updates to a peer.
XorPlus# set protocols bgp peer 192.168.11.10 public-as-only

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(16) Configuring BGP AS loop

Repeated local AS numbers are allowed in routes. In the default setting, however, repeated local AS numbers are not
allowed.
XorPlus# set protocols bgp peer 192.168.11.10 allow-as-loop true

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(17) Configuring BGP load balancing

If multiple paths to a destination exist, you can configure load balancing over such paths to improve link utilization.
Enable BGP load balancing:
XorPlus# set protocols bgp multipath disable false

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
BGP will not load balance across multiple paths by default. This is acceptable if you are multi-homed to a single AS,
but what if you are multi-homed to different AS path? In that case, you cannot load balance across theoretically equal
paths. Enter the BGP multipath path-relax command:
XorPlus# set protocols bgp multipath path-relax true

XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
BGP Basic Configuration Example

●As shown in Fig. 5-9, BGP runs between switches. An EBGP connection is established between Switch A and
Switch B, and IBGP fullmesh connections are established between Switch B, Switch C, and Switch D.
●Configure IBGP connections between Switch B, Switch C, and Switch D.
●Configure an EBGP connection between Switch A and Switch B.

SwitchD
Ge-1/1/1 Vlan10 Ge-1/1/3 Vlan30
192.168.10.1/24 192.168.30.2/24
Ge-1/1/3 Vlan30
192.168.30.1/24 Ge-1/1/5 Vlan50
Ge-1/1/2 Vlan20 192.168.50.1/24
192.168.20.2/24
Ge-1/1/2 Vlan20
192.168.20.1/24
SwitchA SwitchB
Ge-1/1/4 Vlan40 Ge-1/1/5 Vlan50
192.168.40.1/24 192.168.50.2/24
Ge-1/1/4 Vlan40
192.168.40.2/24
SwitchC
Figure 5-9. BGP configuration.

Configure the VLAN that each interface belongs to.

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure the VLAN interfaces and assign them IP addresses.

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure an EBGP connection.

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure EBGP and IBGP connections.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure an IBGP connection.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(5) Viewing BGP peer statuses on Switch B
XorPlus# run show bgp peers detail

Peer 2: local 192.168.10.2/179 remote 192.168.10.1/179
Peer ID: 1.1.1.1
Peer State: ESTABLISHED
Admin State: START
Negotiated BGP Version: 4
Peer AS Number: 100
Updates Received: 20, Updates Sent: 2
Messages Received: 634, Messages Sent: 611
Time since last received update: 1685 seconds
Number of transitions to ESTABLISHED: 1
Time since last entering ESTABLISHED state: 15995 seconds
Retry Interval: 120 seconds
Hold Time: 90 seconds, Keep Alive Time: 30 seconds
Configured Hold Time: 90 seconds, Configured Keep Alive Time: 30 seconds
Minimum AS Origination Interval: 0 seconds
Minimum Route Advertisement Interval: 0 seconds
Peer ID: 4.4.4.4
Admin State: START
Peer AS Number: 100

Peer ID: 3.3.3.3
Admin State: START
Peer AS Number: 100
XorPlus#
(6) Configuring Switch A to advertise route 192.168.10.0/24
XorPlus# set policy policy-statement direct-to-bgp term t1 from protocol connected

[edit]
XorPlus# set policy policy-statement direct-to-bgp term t1 from network4 192.168.10.0/24
[edit]
XorPlus# set policy policy-statement direct-to-bgp term t1 then accept
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set protocols bgp export direct-to-bgp
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
View the BGP routing table of Switch B:
XorPlus# run show bgp routes

Status Codes: * valid route, > best route
Origin Codes: i IGP, e EGP, ? incomplete
Prefix Nexthop Peer AS Path

------ ------- ---- -------
*> 192.168.10.0/24 192.168.20.11.1.1.1 100 ?
XorPlus#
View the BGP routing table of Switch C:


------ ------- ---- -------
* 192.168.10.0/24 192.168.20.12.2.2.2 100 ?
XorPlus#
The preceding command output display that the route to destination 192.168.10.0/24 becomes invalid because the
next hop address of this route is unreachable.
(7) Configuring Switch B to advertise a connected route

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
View the BGP routing table of Switch C:


------ ------- ---- -------
* 192.168.10.0/24 192.168.20.12.2.2.2 100 ?
*> 192.168.20.0/24 192.168.40.1 2.2.2.2?
*>192.168.30.0/24 192.168.40.1 2.2.2.2?
XorPlus#
Then ping 192.168.10.1 on Switch C:
XorPlus# run ping 192.168.10.1

PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_req=1 ttl=63 time=4.68 ms
--- 192.168.10.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4017ms
rtt min/avg/max/mdev = 4.460/4.709/5.358/0.338 ms
XorPlus#
BGP Route Reflector Configuration Example

●The IBGP network should be formed without interrupting fullmesh BGP connections between Switch B, Switch C, and
Switch D, and call for simplified device configuration and management.
●Configure Switch B, Switch C, and Switch D to have IBGP connections. Between Switch A and Switch B should
be an EBGP connection.
●Configure Switch C as a route reflector with clients Switch B and Switch D.
SwitchD
Ge-1/1/1 Vlan10
192.168.10.1/24
Ge-1/1/5 Vlan50
Ge-1/1/2 Vlan20 192.168.50.1/24
192.168.20.2/24
Ge-1/1/2 Vlan20
192.168.20.1/24
SwitchA SwitchB
Ge-1/1/4 Vlan40 Ge-1/1/5 Vlan50
192.168.40.1/24 192.168.50.2/24
Ge-1/1/4 Vlan40
192.168.40.2/24
Route Reflector SwitchC
Figure 5-10. BGP route reflector.


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure EBGP and IBGP connections.
XorPlus# set policy policy-statement p2 term t1 from protocol bgp

[edit]
XorPlus#
XorPlus# set policy policy-statement p2 term t1 from network4 192.168.10.0/24
[edit]
XorPlus# set policy policy-statement p2 term t1 then nexthop4 192.168.40.1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# set protocols bgp export p2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure IBGP connections for the route reflector clients.
XorPlus# set protocols bgp route-reflector cluster-id 3.3.3.3

[edit]
XorPlus# set protocols bgp route-reflector disable false
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
XorPlus# set protocols bgp peer 192.168.30.1next-hop-self true
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(5) Verifying configurations



------ ------- ---- -------
*> 192.168.10.0/24 192.168.20.11.1.1.1200 ?
XorPlus#
View the BGP routing table of Switch D:
XorPlus# run show bgp routes detail

192.168.10.0/24
From peer: 3.3.3.3
Route: Not Used
Origin: INCOMPLETE
AS Path: 200
Nexthop: 192.168.40.1
Multiple Exit Discriminator: 0
Local Preference: 100
Originator ID: 2.2.2.2
Cluster List: 3.3.3.3
BGP Confederation Configuration Example

●Configure a BGP confederation on each switch in AS 200 to divide AS 200 into two sub-AS’s: AS 65010 and AS
65011. To reduce the number of IBGP connections, three switches in AS 65010 establish fullmesh IBGP
connections.
●Configure BGP confederation members Switch A, Switch B, Switch C, and Switch D. Between Switch A and
Switch D is an EBGP connection within AS 200.
●Configure Switch A to connect without AS 200 to Switch E.
AS200
AS65011
SwitchD
Ge-1/1/6 Vlan60 SwitchC

192.168.60.2/24
Ge-1/1/1 Vlan10 Ge-1/0/3 Vlan30
192.168.10.1/24 192.168.30.2/24
Ge-1/1/6 Vlan60
192.168.60.1/24 Ge-1/0/3 Vlan30
192.168.30.1/24 Ge-1/1/5 Vlan50
192.168.50.1/24
Ge-1/1/2 Vlan20
192.168.20.2/24
Ge-1/1/2 Vlan20
192.168.20.1/24
SwitchE SwitchA
Ge-1/1/4 Vlan40 Ge-1/1/5 Vlan50
192.168.40.1/24 192.168.50.2/24
Ge-1/1/4 Vlan40
192.168.40.2/24
SwitchB AS65010
Figure 5-11. BGP confederation configuration.


[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure EBGP and IBGP connections within confederation AS 200.

[edit]
[edit]
XorPlus# protocols bgp confederation identifier 200
[edit]
XorPlus# protocols bgp confederation disable false
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure an EBGP connection without confederation AS 200.

[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure an IBGP connection within confederation AS 200.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure an IBGP connection within confederation AS 200.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure an EBGP connection within confederation AS 200.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(5) Configuring Switch E


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(6) Verifying the configuration


192.168.10.0/24
From peer: 2.2.2.2
Route: Not Used
Origin: INCOMPLETE
AS Path: 100
Nexthop: 192.168.20.1
Multiple Exit Discriminator: 0
View the BGP routing table of Switch D:

192.168.10.0/24
From peer: 15.15.15.15
Route: Not Used
Origin: INCOMPLETE
AS Path: (65010) 100
Nexthop: 192.168.30.2
BGP Load Balancing Configuration Example

● Configure load balancing on Switch A.
● Configure EBGP connections between Switch B and Switch A, and between Switch B and Switch D.
● Configure EBGP connections between Switch C and Switch A, and between Switch C and Switch D.
SwitchB
Ge-1/1/1 Vlan30 Ge-1/1/2 Vlan20
192.168.30.2/24 192.168.20.2/24
Ge-1/1/1 Vlan30
192.168.30.1/24 Ge-1/1/2 Vlan20
AS200 192.168.20.1/24
AS100
AS400
Ge-1/1/1 Vlan10
192.168.10.1/24
SwitchA SwitchD
Ge-1/1/2 Vlan40 AS300 Ge-1/1/3 Vlan30
192.168.40.1/24 192.168.50.1/24
Ge-1/1/2 Vlan40 Ge-1/1/3 Vlan30

192.168.40.2/24 192.168.50.2/24
SwitchC
Figure 5-12. BGP load balancing.


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#


[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(5) Viewing BGP peer statuses on Switch B

Peer ID: 1.1.1.1
Admin State: START
Peer AS Number: 100

Peer ID: 4.4.4.4
Admin State: START
Peer AS Number: 100
(6) Viewing BGP peer statuses on Switch C

Peer ID: 1.1.1.1
Admin State: START
Peer AS Number: 100

Peer ID: 4.4.4.4
Admin State: START
Peer AS Number: 100
(7) Configuring Switch D to advertise route 192.168.10.0/24

Configure Switch A to enable BGP multipath:
XorPlus# set protocols bgp multipath disable false

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configure Switch D to advertise route 192.168.10.0/24:

[edit]
XorPlus# set policy policy-statement direct-to-bgp term t1 from network4 192.168.10.0/24
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
View the BGP routing table of Switch A:


------ ------- ---- -------
*> 192.168.10.0/24 192.168.30.2 2.2.2.2 200 400 ?
* 192.168.10.0/24 192.168.40.2 3.3.3.3 200 400 ?
XorPlus#
As expected, Switch A is not load balancing because it does not view the paths as “equal,” but as
different AS paths.
(8) Configuring BGP multipath path-relax on Switch A
XorPlus# set protocols bgp multipath path-relax true

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
View the BGP routing table and IP routing table of Switch A:


------ ------- ---- -------
*> 192.168.10.0/24 192.168.30.2 2.2.2.2 200 400 ?
*> 192.168.10.0/24 192.168.40.2 3.3.3.3 200 400 ?
XorPlus#
XorPlus# run show route table ipv4 unicast ebgp

192.168.10.0/24 [ebgp(20)/0]
> to 192.168.30.2 via vlan30/vlan30
192.168.10.0/24 [ebgp(20)/0]
> to 192.168.40.2 via vlan40/vlan40
XorPlus#
XorPlus#
Configuring ECMP (Equal-Cost Multipath Routing)

● In Layer 2 / Layer 3, ECMP is supported. The maximum ECMP outgoing port group is 4*128. If you configure
each ECMP route to have up to 4 equal-cost paths, for example, then the maximum ECMP outgoing port
group support is 128. If you configure each ECMP route to have up to 16 equal-cost paths, the maximum
ECMP outgoing port group support is 32. Several different ECMP routes can share the same outgoing port
group.
● After configuring the ECMP equal-cost path maximum, reboot the switch to make it available.
(1) Configuring the equal-cost path maximum
XorPlus# set interface ecmp path_max 8

[edit]
XorPlus# commit
Commit OK.
Save done.
ECMP max path changes, please reset the box!
[edit]
The system is going down NOW!
Sending SIGTERM to all processes
Sending SIGKILL to all processes
Requesting system reboot
Restarting system.
rstcr compatible register does not exist!
uses the mpc8541's gpio to do a reset.
U-Boot 1.3.0 (Sep 8 2010 - 17:20:00)
CPU: 8541, Version: 1.1, (0x80720011)
Core: E500, Version: 2.0, (0x80200020)
I2C: ready
DRAM: Initializing
(2) Configuring static ECMP routing

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# set protocols static route 10.10.51.0/24 qualified-next-hop 10.10.62.20 metric 1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
You can check the static ECMP route for 10.10.51.0/24 in the RIB.
10.10.51.0/24 [static(1)/1]
> to 10.10.61.20 via vlan-3/vlan-3
10.10.51.0/24 [static(1)/1]
> to 10.10.62.20 via vlan-4/vlan-4
10.10.60.0/24 [connected(0)/0]
> via vlan-2/vlan-2
10.10.61.0/24 [connected(0)/0]
> via vlan-3/vlan-3
10.10.62.0/24 [connected(0)/0]
> via vlan-4/vlan-4
(3) Configuring ECMP hash fields

In the default setting, all fields are hashed by “ip-source,” “port-destination,” “port-source,” and “vlan”. You can enable
additional fields as shown below:
XorPlus# set interface ecmp hash-mapping field ingress-interface disable false

[edit]
XorPlus# set interface ecmp hash-mapping field ip-destination disable false
[edit]
XorPlus# set interface ecmp hash-mapping field ip-protocol disable false
[edit]
XorPlus# set interface ecmp hash-mapping field ip-source disable false
[edit]
XorPlus# set interface ecmp hash-mapping field port-destination disable false
[edit]
XorPlus# set interface ecmp hash-mapping field port-source disable false
[edit]
XorPlus# set interface ecmp hash-mapping field vlan disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Configuring VRRP (Virtual Router Redundancy Protocol)

In Layer 2 / Layer 3, VRRP is supported, for both preempt and non-preempt parameters.
(1) Configuring VRRP

In the configuration below, a virtual router with IP 192.168.1.5/24 has been created. You can configure VRRP
preemption and the VRRP priority.
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols vrrp interface vlan-2 vrid 1
[edit]
XorPlus# set protocols vrrp interface vlan-2vif vlan-2 vrid 1 ip 192.168.1.5 prefix-length 24
[edit]
XorPlus# set protocols vrrp interface vlan-2vif vlan-2 vrid 1 preempt true
[edit]
XorPlus# set protocols vrrp interface vlan-2vif vlan-2 vrid 1 priority 100
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
You can check the VRRP configuration.
XorPlus# run show vrrp vlan-2

Interface vlan-2
Vif vlan-2
VRID 1
State master
Master IP 192.168.1.1
XorPlus#
IPv6 Neighbor Configuration

(1) Configuring the IPv6 neighbor aging time
You can configure the IPv6 neighbor aging time. The neighbor will be removed after the timer has expired.
XorPlus# set protocols neighbour aging-time 480

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring a static IPv6 neighbor

You can configure a static IPv6 neighbor in a specified interface.

[edit]
XorPlus# set protocols neighbour interface vlan-2 vif vlan-2 address 2001::01 mac-address 22:22:22:22:22:22
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show ipv6-neighbors static
aging-time(seconds): 480
Address HW Address Interface
--------------------------------------- ----------------- ---------
2001::1 22:22:22:22:22:22 vlan-2
XorPlus#
(3) Configuring IPv6 router advertisement

You can manually enable router advertisement messages.

[edit]
XorPlus# set vlan-interface interface vlan1 router-advertisement disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
IPv6 Static Routing Configuration

● In Layer 2 / Layer 3, IPv6 static routing is supported. The IPv6 for OSPFv3 and RIPng will be supported soon.
● In P-3290 and P-3780, you should configure the link-local IPv6 address, otherwise all the IPv6 interfaces will share
the same link-local address. This problem will be fixed in a future version.
(1) Configuring a static route for IPv6

You can configure the link-local address and global address for a VLAN interface.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# set vlan-interface interface vlan-2vif vlan-2 address 2001:db8:3c4d:5:60:ff:73:87 prefix-length 64
[edit]
XorPlus# set vlan-interface interface vlan-2vif vlan-2 address fe80::ca0a:a9ff:fe04:4931 prefix-length 64
[edit]
XorPlus# set vlan-interface interface vlan-3vif vlan-3 address 2001:db8:3c4d:6:0:ff:73:87 prefix-length 64
[edit]
XorPlus# set vlan-interface interface vlan-3vif vlan-3 address fe80::ca0a:a9ff:4:4932 prefix-length 64
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols static route 2001:db8:3c4d:7::/64 next-hop 2001:db8:3c4d:5:60:d6ff:73:89
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Then verify the IPv6 static route in the RIB:

2001:db8:3c4d:5::/64[connected(0)/0]
> via vlan-2/vlan-2
2001:db8:3c4d:6::/64[connected(0)/0]
> via vlan-3/vlan-3
fe80::/64 [connected(0)/0]
> via vlan-3/vlan-3
fe80::/64 [connected(0)/0]
> via vlan-2/vlan-2
OSPFv3 Routing Protocol Configuration

In XorPlus, OSPFv3 is supported.
(1) Configuring the router ID
XorPlus# set protocols ospf6 instance-id 1

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
(2) Configuring an OSPF area and area-type

Area 0.0.0.0 is the backbone area of OSPF; each OSPF domain should have the area 0.0.0.0. Area types includes
normal, stub, and NSSA.
XorPlus# set protocols ospf6 area 0.0.0.0 area-type normal

[edit]
XorPlus# set protocols ospf6 area 1.1.1.1 area-type stub
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Configuring OSPF interfaces
[edit]
[edit]
XorPlus# set vlan-interface interface vlan-2 vif vlan-2 address 2001::15 prefix-length 64
[edit]
XorPlus# set vlan-interface interface vlan-3 vif vlan-3 address 2002::15 prefix-length 64
[edit]
[edit]
[edit]
XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-2 vif vlan-2 address 2001::15
[edit]
XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-3 vif vlan-3 address 2002::15
[edit]
XorPlus# set protocols ospf6 instance-id 1
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show ospf6 interface
Interface State Area DR ID BDR ID Nbrs
--------- -------- --------------- --------------- --------------- ----
vlan-2 Down 0.0.0.0 0.0.0.0 0.0.0.0 0
vlan-3 Down 0.0.0.0 0.0.0.0 0.0.0.0 0
(4) Configuring additional OSPF interface parameters

You can also configure additional OSPF interface parameters (hello-interval, interface-cost, static neighbor, priority,
retransmit-interval, router-dead-interval, and transmit-delay).
XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-2 vif vlan-2 hello-interval 10
[edit]
XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-2 vif vlan-2 interface-cost 8
[edit]
XorPlus# set protocols ospf6 area 0.0.0.0 interface vlan-2 vif vlan-2 transmit-delay 2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
ACL and Filter Configuration

● In Layer 2 / Layer 3, ACLs support destination-address-ipv4, destination-address-ipv6, destination-mac-address,
destination-port, ether-type, ip, protocol, source-address-ipv4, source-address-ipv6, source-mac-address, source-
port, and vlan-id.
● TCP flags are also supported. These ACLs can be applied to physical ports, LAG ports, and VLAN interfaces. One
ACL can be applied to multiple ports (the properties of the ports can be same or different), but only one port can be
matched to one ACL.
(1) Configuring ACLs
XorPlus# set firewall filter bad-net sequence bad-1 from source-address-ipv4 1.1.1.0/24
[edit]
XorPlus# set firewall filter bad-net sequence bad-1 then action discard
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set firewall filter bad-net input interface ge-1/1/1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set firewall filter bad-net input interface ae1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
When the switch receives a packet in ingress and egress, it will attempt to match ACLs by sequence number, with
smaller values representing higher priorities. If the matched ACL’s action is “forward” or “discard,” the switch will
forward or discard the packet and will not match the remaining ACLs. If there is no matching ACL, the packet will be
dropped.
(2) Configuring ACLs in VLANs

Every member port in the VLAN interface will be applied with the ACLs configured in the VLAN interface.
[edit]
[edit]
[edit]
XorPlus# set firewall filter bad-net sequencebad-2 then action discard
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set firewall filter bad-netinput vlan-interface vlan-2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Configuring ACL discard TCP ACK

You can configure ACL TCP flags (ACK/FIN/PSH/RST/SYN/URG/TCP-ESTABLISHED/TCP-INITIAL) to specify what
action (forward/discard) to perform on which packets (true/false).
[edit]
XorPlus# set firewall filter bad-net sequence bad-1 from protocol tcp flags ack true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set firewall filter bad-net output interface ge-1/1/1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(4) Configuring ACL logging for match statistics
[edit]
XorPlus# set firewall filter bad-net sequence bad-1 from destination-address-ipv4 192.168.100.0/24
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set firewall filter bad-net input interface ge-1/1/1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set firewall filter bad-net sequence bad-1 log interval 10
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run syslog monitor on
XorPlus#
Command List
delete interface ecmp hash-mapping field ingress-interface disable
delete interface ecmp hash-mapping field ip-destination disable
delete interface ecmp hash-mapping field ip-protocol disable
delete interface ecmp hash-mapping field ip-source disable
delete interface ecmp hash-mapping field port-destination disable
delete interface ecmp hash-mapping field port-source disable
delete interface ecmp hash-mapping field vlan disable
delete interface ecmp max-path
delete vlan-interface loopback address 127.0.0.1 prefix-length
delete vlan-interface loopback address ::1 prefix-length
run clear arp all
run clear arp ip-address <ip-address>
run clear neighbor all
run clear neighbor ipv6-address <ipv6-address>
run clear vlan-interface statistics loopback
run flush arp all
run flush arp ip-address <ip-address>
run flush neighbor all
run flush neighbor ipv6-address <ipv6-address>
run ping <ip-address> <int> deadline <int> source 0x1 interval <int> tos <int> ttl <int> size <int>
run ping <ip-address> <int> interval <int>
run ping <ip-address> <int> pattern <int>
run ping <ip-address> <int> size <int>
run ping <ip-address> <int> source 0x1
run ping <ip-address> <int> tos <int>
run ping <ip-address> <int> ttl <int>
run ping6 <ipv6-address> <int> deadline <int> source 0x1 interval <int> ttl <int> size <int>
run ping6 <ipv6-address> <int> interval <int>
run ping6 <ipv6-address> <int> pattern <int>
run ping6 <ipv6-address> <int> size <int>
run ping6 <ipv6-address> <int> source 0x1
run ping6 <ipv6-address> <int> ttl <int>
run show arp brief
run show arp inspection brief
run show arp management-ethernet eth0
run show policy network4-list

run show policy policy-statement
run show route admin distance ipv4 unicast
run show route admin distance ipv6 unicast
run show route forward-host brief
run show route forward-host ipv4 <ip-address>
run show route forward-host ipv4 all
run show route forward-host ipv6 <ip-address>
run show route forward-host ipv6 all
run show route forward-route brief
run show route forward-route ipv4 <ip-address/netmask>
run show route forward-route ipv4 all
run show route forward-route ipv6 <ip-address/netmask>
run show route forward-route ipv6 all
run show route table ipv4 unicast connected brief
run show route table ipv4 unicast connected detail
run show route table ipv4 unicast connected terse
run show route table ipv4 unicast ebgp brief
run show route table ipv4 unicast ebgp detail
run show route table ipv4 unicast ebgp terse
run show route table ipv4 unicast final brief
run show route table ipv4 unicast final detail
run show route table ipv4 unicast final terse
run show route table ipv4 unicast ibgp brief
run show route table ipv4 unicast ibgp detail
run show route table ipv4 unicast ibgp terse
run show route table ipv4 unicast ospf brief
run show route table ipv4 unicast ospf detail
run show route table ipv4 unicast ospf terse
run show route table ipv4 unicast ospf winners brief
run show route table ipv4 unicast ospf winners detail
run show route table ipv4 unicast ospf winners terse
run show route table ipv4 unicast rip brief
run show route table ipv4 unicast rip detail
run show route table ipv4 unicast rip terse
run show route table ipv4 unicast rip winners brief
run show route table ipv4 unicast rip winners detail
run show route table ipv4 unicast rip winners terse

run show route table ipv4 unicast static brief
run show route table ipv4 unicast static detail
run show route table ipv4 unicast static terse
run show route table ipv6 unicast connected brief
run show route table ipv6 unicast connected detail
run show route table ipv6 unicast connected terse
run show route table ipv6 unicast ebgp brief
run show route table ipv6 unicast ebgp detail
run show route table ipv6 unicast ebgp terse
run show route table ipv6 unicast final brief
run show route table ipv6 unicast final detail
run show route table ipv6 unicast final terse
run show route table ipv6 unicast ibgp brief
run show route table ipv6 unicast ibgp detail
run show route table ipv6 unicast ibgp terse
run show route table ipv6 unicast ospf brief
run show route table ipv6 unicast ospf detail
run show route table ipv6 unicast ospf terse
run show route table ipv6 unicast ospf winners brief
run show route table ipv6 unicast ospf winners detail
run show route table ipv6 unicast ospf winners terse
run show route table ipv6 unicast ripng brief
run show route table ipv6 unicast ripng detail
run show route table ipv6 unicast ripng terse
run show route table ipv6 unicast ripng winners brief
run show route table ipv6 unicast ripng winners detail
run show route table ipv6 unicast ripng winners terse
run show route table ipv6 unicast static brief
run show route table ipv6 unicast static detail
run show route table ipv6 unicast static terse
run show vlan-interface brief
run show vlan-interface interface loopback
run traceroute <ip-address>
run traceroute6 <ipv6-address>
set interface ecmp hash-mapping field ingress-interface disable true
set interface ecmp hash-mapping field ip-destination disable true
set interface ecmp hash-mapping field ip-protocol disable true

set interface ecmp hash-mapping field ip-source disable true
set interface ecmp hash-mapping field port-destination disable true
set interface ecmp hash-mapping field port-source disable true
set interface ecmp hash-mapping field vlan disable true
set interface ecmp max-path <int>
set policy as-path-list bozo elements bozo
set policy community-list bozo elements bozo
set policy network4-list bozo network <ip-address/netmask> modifier bozo
set policy network6-list bozo network <ipv6-address/netmask> modifier bozo
set policy policy-statement bozo term bozo from as-path bozo
set policy policy-statement bozo term bozo from as-path-list bozo
set policy policy-statement bozo term bozo from community bozo
set policy policy-statement bozo term bozo from community-list bozo
set policy policy-statement bozo term bozo from external-type <int>
set policy policy-statement bozo term bozo from localpref <int>
set policy policy-statement bozo term bozo from med <int>
set policy policy-statement bozo term bozo from metric <int>
set policy policy-statement bozo term bozo from neighbor <ip-address>
set policy policy-statement bozo term bozo from network4 <ip-address/netmask>
set policy policy-statement bozo term bozo from network4-list bozo
set policy policy-statement bozo term bozo from network6 <ipv6-address/netmask>
set policy policy-statement bozo term bozo from network6-list bozo
set policy policy-statement bozo term bozo from nexthop4 <ip-address>
set policy policy-statement bozo term bozo from nexthop6 <ipv6-address>
set policy policy-statement bozo term bozo from origin <int>
set policy policy-statement bozo term bozo from prefix-length4 <int>
set policy policy-statement bozo term bozo from prefix-length6 <int>
set policy policy-statement bozo term bozo from protocol bgp
set policy policy-statement bozo term bozo from protocol connected
set policy policy-statement bozo term bozo from protocol ospf4
set policy policy-statement bozo term bozo from protocol ospf6
set policy policy-statement bozo term bozo from protocol ripng
set policy policy-statement bozo term bozo from protocol static
set policy policy-statement bozo term bozo from tag <int>
set policy policy-statement bozo term bozo then accept
set policy policy-statement bozo term bozo then aggregate-brief-mode true
set policy policy-statement bozo term bozo then aggregate-prefix-len <int>

set policy policy-statement bozo term bozo then as-path-expand <int>
set policy policy-statement bozo term bozo then as-path-prepend <int>
set policy policy-statement bozo term bozo then community bozo
set policy policy-statement bozo term bozo then community-add bozo
set policy policy-statement bozo term bozo then community-del bozo
set policy policy-statement bozo term bozo then external-type <int>
set policy policy-statement bozo term bozo then localpref <int>
set policy policy-statement bozo term bozo then med <int>
set policy policy-statement bozo term bozo then med-remove true
set policy policy-statement bozo term bozo then metric <int>
set policy policy-statement bozo term bozo then nexthop4 <ip-address>
set policy policy-statement bozo term bozo then nexthop4-var peer-address
set policy policy-statement bozo term bozo then nexthop4-var self
set policy policy-statement bozo term bozo then nexthop6 <ipv6-address>
set policy policy-statement bozo term bozo then nexthop6-var peer-address
set policy policy-statement bozo term bozo then nexthop6-var self
set policy policy-statement bozo term bozo then origin <int>
set policy policy-statement bozo term bozo then reject
set policy policy-statement bozo term bozo then tag <int>
set policy policy-statement bozo term bozo to as-path bozo
set policy policy-statement bozo term bozo to as-path-list bozo
set policy policy-statement bozo term bozo to community bozo
set policy policy-statement bozo term bozo to external-type <int>
set policy policy-statement bozo term bozo to localpref <int>
set policy policy-statement bozo term bozo to med <int>
set policy policy-statement bozo term bozo to metric <int>
set policy policy-statement bozo term bozo to neighbor <ip-address>
set policy policy-statement bozo term bozo to network4 <ip-address/netmask>
set policy policy-statement bozo term bozo to network4-list bozo
set policy policy-statement bozo term bozo to network6 <ipv6-address/netmask>
set policy policy-statement bozo term bozo to network6-list bozo
set policy policy-statement bozo term bozo to nexthop4 <ip-address>
set policy policy-statement bozo term bozo to nexthop6 <ipv6-address>
set policy policy-statement bozo term bozo to origin <int>
set policy policy-statement bozo term bozo to prefix-length4 <int>
set policy policy-statement bozo term bozo to prefix-length6 <int>
set policy policy-statement bozo term bozo to tag <int>

set policy policy-statement bozo term bozo to was-aggregated true
set policy policy-statement bozo then accept
set policy policy-statement bozo then reject
set protocols arp aging-time <int>
set protocols arp interface bozo address <ip-address> mac-address <mac-address>
set protocols arp interface bozo inspection disable true
set protocols arp interface bozo proxy disable true
set protocols arp traceoptions disable true
set protocols bfd interface bozo detect-multiplier <int>
set protocols bfd interface bozo disable true
set protocols bfd interface bozo min-echo-receive-interval <int>
set protocols bfd interface bozo min-receive-interval <int>
set protocols bfd interface bozo min-transmit-interval <int>
set protocols bfd mode active
set protocols bfd mode passive
set protocols bfd traceoptions flag config disable true
set protocols bfd traceoptions flag event disable true
set protocols bfd traceoptions flag fsm disable true
set protocols bfd traceoptions flag packet disable true
set protocols bfd traceoptions flag raw-packet disable true
set protocols ipfix interfaces egress <port>
set protocols ipfix interfaces ingress <port>
set protocols ipfix traceoptions flag all disable true
set protocols neighbour interface bozo address <ipv6-address> mac-address <mac-address>
set protocols neighbour interface bozo proxy disable true
set protocols neighbour traceoptions disable true
set protocols ospf4 area <ip-address> area-range <ip-address/netmask> advertise true
set protocols ospf4 area <ip-address> area-type normal
set protocols ospf4 area <ip-address> area-type nssa
set protocols ospf4 area <ip-address> area-type stub
set protocols ospf4 area <ip-address> default-lsa disable true
set protocols ospf4 area <ip-address> default-lsa metric <int>
set protocols ospf4 area <ip-address> interface bozo link-type broadcast
set protocols ospf4 area <ip-address> interface bozo link-type p2m
set protocols ospf4 area <ip-address> interface bozo link-type p2p
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> authentication md5
<int> end-time bozo
<int> max-time-drift <int>
<int> max-time-drift <int>
<int> password bozo
<int> start-time bozo
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> authentication simple-
password bozo
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> bfd disable true
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> disable true
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> hello-interval <int>
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> interface-cost <int>
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> neighbor <ip-address>
router-id <ip-address>
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> passive disable true
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> passive host true
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> priority <int>
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> retransmit-interval
<int>
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> router-dead-interval
<int>
set protocols ospf4 area <ip-address> interface bozo vif bozo address <ip-address> transmit-delay <int>
set protocols ospf4 area <ip-address> summaries disable true
set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int> end-time bozo
set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int> max-time-drift
<int>
set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int> max-time-drift
<int>
set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int> password bozo
set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication md5 <int> start-time bozo
set protocols ospf4 area <ip-address> virtual-link <ip-address> authentication simple-password bozo
set protocols ospf4 area <ip-address> virtual-link <ip-address> hello-interval <int>
set protocols ospf4 area <ip-address> virtual-link <ip-address> retransmit-interval <int>
set protocols ospf4 area <ip-address> virtual-link <ip-address> router-dead-interval <int>
set protocols ospf4 area <ip-address> virtual-link <ip-address> transmit-area <ip-address>
set protocols ospf4 area <ip-address> virtual-link <ip-address> transmit-delay <int>

set protocols ospf4 export bozo
set protocols ospf4 import bozo
set protocols ospf4 ip-router-alert true
set protocols ospf4 rfc1583-compatibility true
set protocols ospf4 router-id <ip-address>
set protocols ospf4 traceoptions flag adjacency-event disable true
set protocols ospf4 traceoptions flag all disable true
set protocols ospf4 traceoptions flag config disable true
set protocols ospf4 traceoptions flag database-description disable true
set protocols ospf4 traceoptions flag event disable true
set protocols ospf4 traceoptions flag flooding disable true
set protocols ospf4 traceoptions flag hello disable true
set protocols ospf4 traceoptions flag lsa-ack disable true
set protocols ospf4 traceoptions flag lsa-generation disable true
set protocols ospf4 traceoptions flag lsa-request disable true
set protocols ospf4 traceoptions flag lsa-update disable true
set protocols ospf4 traceoptions flag packets disable true
set protocols ospf4 traceoptions flag retransmission disable true
set protocols ospf4 traceoptions flag route disable true
set protocols ospf4 traceoptions flag spt disable true
set protocols ospf4 traceoptions flag timer disable true
set protocols ospf6 area <ip-address> area-range <ipv6-address/netmask> advertise true
set protocols ospf6 area <ip-address> area-type normal
set protocols ospf6 area <ip-address> area-type nssa
set protocols ospf6 area <ip-address> area-type stub
set protocols ospf6 area <ip-address> default-lsa disable true
set protocols ospf6 area <ip-address> default-lsa metric <int>
set protocols ospf6 area <ip-address> interface bozo link-type broadcast
set protocols ospf6 area <ip-address> interface bozo link-type p2m
set protocols ospf6 area <ip-address> interface bozo link-type p2p
set protocols ospf6 area <ip-address> interface bozo vif bozo address <ipv6-address> disable true
set protocols ospf6 area <ip-address> interface bozo vif bozo bfd disable true
set protocols ospf6 area <ip-address> interface bozo vif bozo disable true
set protocols ospf6 area <ip-address> interface bozo vif bozo hello-interval <int>
set protocols ospf6 area <ip-address> interface bozo vif bozo interface-cost <int>
set protocols ospf6 area <ip-address> interface bozo vif bozo neighbor <ipv6-address> router-id <ip-
address>
set protocols ospf6 area <ip-address> interface bozo vif bozo passive true
set protocols ospf6 area <ip-address> interface bozo vif bozo priority <int>
set protocols ospf6 area <ip-address> interface bozo vif bozo retransmit-interval <int>
set protocols ospf6 area <ip-address> interface bozo vif bozo router-dead-interval <int>
set protocols ospf6 area <ip-address> interface bozo vif bozo transmit-delay <int>
set protocols ospf6 export bozo
set protocols ospf6 import bozo
set protocols ospf6 instance-id <int>
set protocols ospf6 ip-router-alert true
set protocols ospf6 router-id <ip-address>
set protocols ospf6 traceoptions flag adjacency-event disable true
set protocols ospf6 traceoptions flag all disable true
set protocols ospf6 traceoptions flag config disable true
set protocols ospf6 traceoptions flag database-description disable true
set protocols ospf6 traceoptions flag event disable true
set protocols ospf6 traceoptions flag flooding disable true
set protocols ospf6 traceoptions flag hello disable true
set protocols ospf6 traceoptions flag lsa-ack disable true
set protocols ospf6 traceoptions flag lsa-generation disable true
set protocols ospf6 traceoptions flag lsa-request disable true
set protocols ospf6 traceoptions flag lsa-update disable true
set protocols ospf6 traceoptions flag packets disable true
set protocols ospf6 traceoptions flag retransmission disable true
set protocols ospf6 traceoptions flag route disable true
set protocols ospf6 traceoptions flag spt disable true
set protocols ospf6 traceoptions flag timer disable true
set protocols pimsm4 bootstrap cand-bsr scope-zone <ip-address/netmask> bsr-priority <int>
set protocols rip export bozo
set protocols rip import bozo
set protocols rip interface bozo vif bozo address <ip-address> accept-default-route true
set protocols rip interface bozo vif bozo address <ip-address> accept-non-rip-requests true
set protocols rip interface bozo vif bozo address <ip-address> advertise-default-route true
set protocols rip interface bozo vif bozo address <ip-address> authentication md5 <int> end-time bozo
set protocols rip interface bozo vif bozo address <ip-address> authentication md5 <int> password bozo
set protocols rip interface bozo vif bozo address <ip-address> authentication md5 <int> start-time bozo
set protocols rip interface bozo vif bozo address <ip-address> authentication simple-password bozo
set protocols rip interface bozo vif bozo address <ip-address> deletion-delay <int>
set protocols rip interface bozo vif bozo address <ip-address> disable true
set protocols rip interface bozo vif bozo address <ip-address> horizon none
set protocols rip interface bozo vif bozo address <ip-address> horizon split-horizon-poison-rever
set protocols rip interface bozo vif bozo address <ip-address> interpacket-delay <int>
set protocols rip interface bozo vif bozo address <ip-address> metric <int>
set protocols rip interface bozo vif bozo address <ip-address> passive true
set protocols rip interface bozo vif bozo address <ip-address> request-interval <int>
set protocols rip interface bozo vif bozo address <ip-address> request-interval <int>
set protocols rip interface bozo vif bozo address <ip-address> route-timeout <int>
set protocols rip interface bozo vif bozo address <ip-address> triggered-delay <int>
set protocols rip interface bozo vif bozo address <ip-address> triggered-jitter <int>
set protocols rip interface bozo vif bozo address <ip-address> update-interval <int>
set protocols rip interface bozo vif bozo address <ip-address> update-jitter <int>
set protocols rip traceoptions flag all disable true
set protocols static interface-route <ip-address/netmask> metric <int>
set protocols static interface-route <ip-address/netmask> next-hop-interface bozo
set protocols static interface-route <ip-address/netmask> next-hop-router <ip-address>
set protocols static interface-route <ip-address/netmask> next-hop-vif bozo
set protocols static interface-route <ip-address/netmask> qualified-next-hop-interface bozo qualified-next-
hop-vif bozo metric <int>
set protocols static interface-route <ip-address/netmask> qualified-next-hop-interface bozo qualified-next-
hop-vif bozo next-hop-router <ip-address
set protocols static interface-route <ipv6-address/netmask> metric <int>
set protocols static interface-route <ipv6-address/netmask> next-hop-interface bozo
set protocols static interface-route <ipv6-address/netmask> next-hop-router <ipv6-address>
set protocols static interface-route <ipv6-address/netmask> next-hop-vif bozo
set protocols static interface-route <ipv6-address/netmask> qualified-next-hop-interface bozo qualified-next-
hop-vif bozo metric <int>
set protocols static interface-route <ipv6-address/netmask> qualified-next-hop-interface bozo qualified-next-
hop-vif bozo next-hop-router <ipv6-address>
set protocols static route <ip-address/netmask> bfd true
set protocols static route <ip-address/netmask> metric <int>
set protocols static route <ip-address/netmask> next-hop <ip-address>
set protocols static route <ip-address/netmask> qualified-next-hop <ip-address> bfd true
set protocols static route <ip-address/netmask> qualified-next-hop <ip-address> metric <int>
set protocols static route <ipv6-address/netmask> bfd true
set protocols static route <ipv6-address/netmask> metric <int>

set protocols static route <ipv6-address/netmask> next-hop <ipv6-address>
set protocols static route <ipv6-address/netmask> qualified-next-hop <ipv6-address> bfd true
set protocols static route <ipv6-address/netmask> qualified-next-hop <ipv6-address> metric <int>
set protocols static traceoptions flag all disable true
set protocols vrrp interface bozo vif bozo vrid <int> interval <int>
set protocols vrrp interface bozo vif bozo vrid <int> ip <ip-address> prefix-length <int>
set protocols vrrp interface bozo vif bozo vrid <int> preempt true
set protocols vrrp interface bozo vif bozo vrid <int> priority <int>
set vlan-interface interface bozo router-advertisement disable true
set vlan-interface interface bozo vif bozo address <ip-address> prefix-length <int>
set vlan-interface interface bozo vif bozo address <ipv6-address> prefix-length <int>
set vlan-interface interface bozo vif bozo description bozo
set vlan-interface loopback address 127.0.0.1 prefix-length <int>
set vlan-interface loopback address ::1 prefix-length <int>
set vlan-interface loopback address <ip-address> prefix-length <int>
set vlan-interface loopback address <ipv6-address> prefix-length <int>
set vlan-interface traceoptions flag rib disable true
set vlan-interface traceoptions flag xrl disable trueset vlans dot1q-tunneling egress bozo from customer-vlan
<int>
show all interface ecmp hash-mapping field ingress-interface
show all interface ecmp hash-mapping field ip-destination
show all interface ecmp hash-mapping field ip-protocol
show all interface ecmp hash-mapping field ip-source
show all interface ecmp hash-mapping field port-destination
show all interface ecmp hash-mapping field port-source
show all interface ecmp hash-mapping field vlan
show all multicast-interface
show all policy
show all vlan-interface loopback address 127.0.0.1
show all vlan-interface loopback address ::1
show interface ecmp hash-mapping field ingress-interface
show interface ecmp hash-mapping field ip-destination
show interface ecmp hash-mapping field ip-protocol
show interface ecmp hash-mapping field ip-source
show interface ecmp hash-mapping field port-destination
show interface ecmp hash-mapping field port-source
show interface ecmp hash-mapping field vlan

show policy
show vlan-interface loopback address 127.0.0.1
show vlan-interface loopback address ::1
MulticastConfiguratio
Chapter 7. Multicast Configuration

This chapter describes IGMP, PIM-SM, and IGMP Snooping configurations.
IGMP Snooping Configuration

In Layer 2 / Layer 3, IGMPv2 Snooping and IGMPv2Snooping Querier are both supported.
(1) IGMP snooping basic configuration

In the default setting, the switch disables IGMP snooping. You should globally enable IGMP per VLAN.
XorPlus# set protocols igmp-snooping enable true

[edit]
XorPlus# set protocols igmp-snooping vlan-id 1 enable true
[edit]
XorPlus# set protocols igmp-snooping vlan-id 1 mrouter interface ge-1/1/3
[edit]
XorPlus# set protocols igmp-snooping vlan-id 1 querier other-querier-timer 1
[edit]
XorPlus# set protocols igmp-snooping vlan-id 1 static group 238.255.0.1 interface ge-1/1/2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show igmp-snooping vlan 1
Vlan 1:
----------------------------------------------
IGMP snooping : Enabled
IGMPv2 fast leave : Disabled
IGMP querier state : Disabled
IGMP querier source ip address : 0.0.0.0
IGMP other querier timer : 1
IGMP querier version : 2
XorPlus#
(2) IGMP snooping querier

For multicast traffic in Layer2, enable an IGMP snooping querier in the VLAN.
XorPlus# set protocols igmp-snooping vlan-id 1 querier enable true
Multicast Configuratio
[edit]
XorPlus# set protocols igmp-snooping vlan-id 1 querier address 10.10.1.1
[edit]
XorPlus# set protocols igmp-snooping vlan-id 1 querier version 2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show igmp-snooping querier
Vlan IP Address IGMP Version
-------- ------------------ ------------
1 10.10.1.1 v2
XorPlus#
IGMP Configuration
In XorPlus, IGMPv1/v2/v3 is supported.
(1) Configuring an IGMP interface

Enable the multicast interface before enabling the IGMP interface.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set multicast-interface interface vlan2 vif vlan2disable false
[edit]
XorPlus# set multicast-interface interface vlan3 vif vlan2 disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols igmp interface vlan2 vif vlan2
[edit]
XorPlus# set protocols igmp interface vlan3 vif vlan3
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show igmp interface
Interface State Querier Timeout Version Groups
------------ -------- --------------- --------- --------- --------
vlan2 UP 10.10.60.10 None 2 2
vlan3 UP 10.10.61.10 None 2 2
XorPlus#
(2) Configuring IGMP parameters for the IGMP interface
XorPlus# set protocols igmp interface vlan2 vif vlan2query-interval 4

[edit]
XorPlus# set protocols igmp interface vlan2 vif vlan2query-last-member-interval 3
[edit]
XorPlus# set protocols igmp interface vlan2 vif vlan2query-response-interval 100
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Configuring an IGMPv3 interface

You can configure IGMPv3 in a specified interface.
XorPlus# set protocols igmp interface vlan3 vif vlan3version 3

[edit]
XorPlus# commit
Commit OK.
Save done.
------------ -------- --------------- --------- --------- --------
vlan2 UP 10.10.60.10 None 2 2
vlan3 UP 10.10.61.10 None 3 2
(4) Joining and leaving a group; displaying group information

If you send an IGMPv2 report to VLAN 2, and an IGMPv3 report to VLAN 3, for example, you can display the group
information of the switch. You should not have to worry about 224.0.0.2, 224.0.0.22, etc., which are used for the
system (e.g. OSPF, RIP).
XorPlus# run show igmp group

Interface Group Source LastReported Timeout V State
------------ --------------- --------------- ------------ ------- - -----
vlan2 224.0.0.2 0.0.0.0 10.10.60.10 92 2 E
vlan2 224.0.0.22 0.0.0.0 10.10.60.10 101 2 E
vlan2 238.255.0.1 0.0.0.0 10.10.60.100 61 2 E
vlan3 224.0.0.2 0.0.0.0 10.10.61.10 205 3 E
vlan3 224.0.0.22 0.0.0.0 10.10.61.10 205 3 E
vlan3 238.255.0.2 0.0.0.0 10.10.61.100 0 3 I
vlan3 238.255.0.2 20.20.20.20 10.10.61.100 257 3 F
If you send a Ieaving message for the above group, the specified group will be removed.
XorPlus# run show igmp group

Interface Group Source LastReported Timeout V State
------------ --------------- --------------- ------------ ------- - -----
vlan2 224.0.0.2 0.0.0.0 10.10.60.10 88 2 E
vlan2 224.0.0.22 0.0.0.0 10.10.60.10 105 2 E
vlan3 224.0.0.2 0.0.0.0 10.10.61.10 227 3 E
vlan3 224.0.0.22 0.0.0.0 10.10.61.10 227 3 E
XorPlus#
PIM-SM Configuration
In Layer 2 / Layer 3, PIM-SM is supported.
(1) PIM-SM basic configuration

●Before configuring a PIM-SM interface, you should enable a multicast interface.
● You can then configure a candidate-RP and a candidate-BSR. For configuring the candidate-BSR, “scope-zone”
denotes the zone of the multicast group, which is included in the multicast domain.

[edit]
[edit]
[edit]
[edit]
XorPlus# set vlan-interface interface vlan-2vif vlan-2address 10.10.60.10 prefix-length 24
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set multicast-interface interface vlan-2vif vlan-2 disable false
[edit]
[edit]
XorPlus# set multicast-interface interface register_vif disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols igmp interface vlan-3
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols pimsm4 interface vlan-2vif vlan-2 disable false
[edit]
[edit]
XorPlus# set protocols pimsm4 interface register_vif disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols pimsm4 bootstrap cand-bsr scope-zone 224.0.0.0/4 cand-bsr-by-vif-name vlan-3
[edit]
XorPlus# set protocols pimsm4 bootstrap cand-rp group-prefix 237.0.0.0/8 cand-rp-by-vif-name vlan-2
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Static RP configuration

You can also configure static RP instead of BSR or dynamic RP.
XorPlus# set protocols pimsm4 static-rps rp 10.10.60.10 group-prefix 238.0.0.0/8 rp-priority 10

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
PIM-SM Configuration Example

●In the following topology, Switch B is the C-BSR and C-RP. Host A is a receiver for multicast traffic, and Host B is a
multicast source that will send the multicast traffic.
●You’ll need to configure ge-1/1/2 as an IGMP interface in switch A for Host A.
●In this example, the static route in the RIB will be used by PIM-SM.
Switch A Switch B Switch C

Ge-1/1/1 Ge-1/1/2
10.10.1.2/24 10.10.2.2/24
Ge-1/1/1 Ge-1/1/1
10.10.1.1/24 C-RP BSR 10.10.2.1/24
Ge-1/1/2 Ge-1/1/2
10.10.3.1/24 10.10.4.1/24
Host A Host B
Destination Multicast Source
Figure 6-1. PIM-SM multicast routing configuration.

For switch A, configure ge-1/1/2 as an IGMP interface, andge-1/1/1 as a PIM-SM interface.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# set protocols igmp interface vlan-3
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#set protocols static route 10.10.2.0/24 next-hop 10.10.1.2
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show pim interface
Interface State Mode V PIMstate Priority DRaddr Neighbors
---------- -------- ------ - -------- -------- --------------- ---------
vlan-2 UP Sparse 2 DR 1 10.10.1.1 0
register_vif UP Sparse 2 DR 1 10.10.1.1 0
XorPlus#
------------ -------- --------------- --------- --------- --------
vlan-2 DISABLED 10.10.1.1 None 2 0
vlan-3 UP 10.10.3.1 None 2 3

Configure 2 PIM-SM interfaces, ge-1/1/1 and ge-1/1/2. You will also need to configure a candidate BSR and a
candidate RP.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# set protocols pimsm4 interfaceregister_vif disable false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set protocols pimsm4 bootstrap cand-bsr scope-zone 224.0.0.0/4 cand-bsr-by-vif-name vlan-3
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show pim bootstrap
Active zones:
BSR Pri LocalAddress Pri State Timeout SZTimeout
10.10.2.2 1 10.10.2.2 1 Elected 19 -1
Expiring zones:
BSR Pri LocalAddress Pri State Timeout SZTimeout
XorPlus#
XorPlus# run show pim rps
RP Type Pri Holdtime Timeout ActiveGroups GroupPrefix
------------- ------- --- -------- ------- ------------ ----------------
10.10.1.2 bootstrap 192 150 -1 0 238.0.0.0/8
XorPlus#

Configure 2 PIM-SM interfaces, ge-1/1/1 and ge-1/1/2.You will also need to configure a candidate BSR and a
candidate RP.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show pim interface
Interface State Mode V PIMstate Priority DRaddr Neighbors
---------- -------- ------ - -------- -------- --------------- ---------
register_vif UP Sparse 2 DR 1 10.10.2.1 0
XorPlus#
Command List
run show multicast dataflow
run show multicast interface address
set multicast-interface interface bozo vif bozo disable true
set multicast-interface traceoptions flag all disable trueset open-flow allowed-versions openflow-v1.0 disable
true
set protocols igmp interface bozo vif bozo disable true
set protocols igmp interface bozo vif bozo enable-ip-router-alert-option-check true
set protocols igmp interface bozo vif bozo query-interval <int>
set protocols igmp interface bozo vif bozo query-last-member-interval <int>
set protocols igmp interface bozo vif bozo query-response-interval <int>
set protocols igmp interface bozo vif bozo robust-count <int>
set protocols igmp interface bozo vif bozo version <int>
set protocols igmp traceoptions flag all disable true
set protocols igmp traceoptions flag event disable true
set protocols igmp traceoptions flag leave disable true
set protocols igmp traceoptions flag query disable true
set protocols igmp traceoptions flag report disable true
set protocols igmp-snooping enable true
set protocols igmp-snooping last-member-query-count <int>
set protocols igmp-snooping last-member-query-interval <int>
set protocols igmp-snooping max-response-time <int>
set protocols igmp-snooping query-interval <int>
set protocols igmp-snooping report-suppression true
set protocols igmp-snooping robustness-variable <int>
set protocols igmp-snooping router-aging-time <int>
set protocols igmp-snooping traceoptions flag all disable true
set protocols igmp-snooping traceoptions flag config disable true
set protocols igmp-snooping traceoptions flag input disable true
set protocols igmp-snooping traceoptions flag output disable true
set protocols igmp-snooping traceoptions flag state-machine disable true
set protocols igmp-snooping vlan-id <int> enable true
set protocols igmp-snooping vlan-id <int> fast-leave true
set protocols igmp-snooping vlan-id <int> mrouter interface bozo
set protocols igmp-snooping vlan-id <int> querier address <ip-address>
set protocols igmp-snooping vlan-id <int> querier enable true
set protocols igmp-snooping vlan-id <int> querier other-querier-timer <int>
set protocols igmp-snooping vlan-id <int> querier version <int>

set protocols igmp-snooping vlan-id <int> static group <ip-address> interface bozoset protocols ipfix
collector <ip-address> udp-port <int>
set protocols pimsm4 bootstrap cand-bsr scope-zone <ip-address/netmask> cand-bsr-by-vif-addr <ip-
address>
set protocols pimsm4 bootstrap cand-bsr scope-zone <ip-address/netmask> cand-bsr-by-vif-name bozo
set protocols pimsm4 bootstrap cand-bsr scope-zone <ip-address/netmask> hash-mask-len <int>
set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> cand-rp-by-vif-addr <ip-
address>
set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> cand-rp-by-vif-name bozo
set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> is-scope-zone true
set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> rp-holdtime <int>
set protocols pimsm4 bootstrap cand-rp group-prefix <ip-address/netmask> rp-priority <int>
set protocols pimsm4 bootstrap disable true
set protocols pimsm4 disable true
set protocols pimsm4 interface bozo vif bozo alternative-subnet <ip-address/netmask>
set protocols pimsm4 interface bozo vif bozo disable true
set protocols pimsm4 interface bozo vif bozo dr-priority <int>
set protocols pimsm4 interface bozo vif bozo hello-period <int>
set protocols pimsm4 interface bozo vif bozo hello-triggered-delay <int>
set protocols pimsm4 static-rps rp <ip-address> group-prefix <ip-address/netmask> hash-mask-len <int>
set protocols pimsm4 static-rps rp <ip-address> group-prefix <ip-address/netmask> rp-priority <int>
set protocols pimsm4 switch-to-spt-threshold bytes <int>
set protocols pimsm4 switch-to-spt-threshold disable true
set protocols pimsm4 switch-to-spt-threshold interval <int>
set protocols pimsm4 traceoptions flag all disable true
set protocols pimsm4 traceoptions flag bsr disable true
set protocols pimsm4 traceoptions flag event disable true
set protocols pimsm4 traceoptions flag join-prune disable true
set protocols pimsm4 traceoptions flag mroute disable true
set protocols pimsm4 traceoptions flag neighbor disable true
set protocols pimsm4 traceoptions flag register disable true
set protocols pimsm4 traceoptions flag rp disable true
show multicast-interface
QoS Configuratio
Chapter 8. QoS Configuration

This chapter describes Layer2 and Layer3 QoS configurations.
Configuring SP
● In Layer 2 / Layer 3, 802.1p, DSCP, and COS QoS are supported.
● You should first create forwarding classes, which determine the queue number of the specified traffic type.
●Define your QoS classifiers (by specifying the associated forwarding class) and include the trust-mode. Map the
code-point in the forwarding class.
●Finally, apply each classifier to its specified ports.
(1) Configuring priority queuing
XorPlus# set class-of-service forwarding-class best-effort local-priority 3

[edit]
XorPlus# set class-of-service forwarding-class rt-traffic local-priority 0
[edit]
XorPlus# set class-of-service forwarding-class normal-traffic local-priority 2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring classifiers with IEEE 802.1/DSCP/QoS
XorPlus# set class-of-service classifier c1 trust-mode ieee-802.1

[edit]
XorPlus# set class-of-service classifier c1 forwarding-class best-effort code-point 3
[edit]
XorPlus# set class-of-service classifier c2 trust-mode dscp
[edit]
XorPlus# set class-of-service classifier c2 forwarding-class rt-traffic code-point 10
[edit]
XorPlus# commit
Commit OK.
QoS Configuratio
Save done.
[edit]
(3) Applying classifiers to specified ports
XorPlus# set class-of-service interface ge-1/1/1 classifier c1

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPl
Configuring WRR
(1) Configuring scheduler
XorPlus# set class-of-service scheduler s1 mode WRR

XorPlus# set class-of-service scheduler s2 mode WRR
XorPlus# set class-of-service scheduler s1 weight 1
XorPlus# commit
XorPlus# set class-of-service forwarding-class f1 local-priority 1

XorPlus# commit

XorPlus# set class-of-service classifier c1 forwarding-class f1 scheduler s1
XorPlus# set class-of-service classifier c1 forwarding-class f1 code-point 1
XorPlus# commit

QoS Configuratio
XorPlus# commit
XorPlus# set interface gigabit-ethernet ge-1/1/3 static-ethernet-switching mac-address 22:00:00:00:00:00 vlan
1
XorPlus# commit
Configuring WFQ
(1) Configuring scheduler
XorPlus# set class-of-service scheduler s1 mode WFQ

XorPlus# set class-of-service scheduler s2 mode WFQ
XorPlus# commit

XorPlus# commit

XorPlus# commit

XorPlus# commit
XorPlus# set interface gigabit-ethernet ge-1/1/3 static-ethernet-switching mac-address 22:00:00:00:00:00 vlan
1
XorPlus# commit
QoS Configuratio
Command List
set class-of-service classifier bozo forwarding-class bozo code-point <int>
set class-of-service classifier bozo forwarding-class bozo scheduler bozo
set class-of-service classifier bozo trust-mode dscp
set class-of-service classifier bozo trust-mode ieee-802.1
set class-of-service classifier bozo trust-mode inet-precedence
set class-of-service forwarding-class bozo local-priority <int>
set class-of-service interface bozo classifier bozo
set class-of-service scheduler bozo guaranteed-rate 8
set class-of-service scheduler bozo mode SP
set class-of-service scheduler bozo mode WFQ
set class-of-service scheduler bozo mode WRR
set class-of-service scheduler bozo weight <int>
set class-of-service traceoptions flag all disable trueset firewall filter bozo description bozo
OpenFlow Configuratio
Chapter 9. OpenFlow Configuration

This chapter describes the configuration of OpenFlow.SincePicOS2.0, the switch can mix data
traffic between the OpenFlow and Layer 2 / Layer 3 networks. We call this enhancement
“crossflow” mode.
OpenFlow Introduction
● In Layer 2 / Layer 3, OpenFlow v1.0, OFv1.1, OFv1.2, and OFv1.3areall supported. You can configure any
supported version in the CLI.
● All ports in the switch are either legacy or crossflow ports. In a crossflow port, you can enable or disable local-
control, regarding local processing of protocol packets.
● You can configure specified ports in crossflow mode, and enable/disable the local control in a crossflow port. If
you enable local control in a crossflow port, the protocol packet (containing the BPDU, LLDP, and OSPF PDU)
will be processed in the local protocol stack. In the mean time, the MAC learning and flood domain will also be
enabled in this crossflow port. Without local control, the protocol packet, MAC learning, and flood domain will
not be enabled in crossflow mode.
● Crossflow port modes can be summarized as follows:
TCAM mode and local-control-off:

The port is totally controlled by controller
All broadcast turned off & auto learning turned off
Packet forwarded by looking up the TCAM
TCAM mode and local-control-on:

The port is controlled by local protocol stack engine
All broadcast turned on & auto learning turned on
User or controller can add flows in the TCAM to control traffic
TCAM FDB & Route

Table
Legacy Network
Domain
Openflow
Domain
Crossflow CrossFlow Legacy

(TCAM mode, (TCAM port
LC-) mode, LC+)
Figure 8-1. TCAM mode crossflow ports.
FDB & Route Table
Legacy network
Openflow Domain
Domain
Crossflow Crossflow
L2/L3 mode, L2/L3 mode,
Legacy
LC- LC+ port
● In TCAM mode, traffic can be forwarded between the OpenFlow domain and the Legacy network domain (e.g.,
you can send traffic from a crossflow port to a legacy port, as shown in the following figures).
TCAM FDB & Route

Table
Legacy network
Openflow Domain
Domain
Tra Tra
ffic ffic
Figure 8-3. TCAM mode traffic between crossflow ports.
TCAM FDB & Route

Table
Legacy network
Openflow Domain
Domain
Tra Tra
ffic ffic
OpenFlow Basic Configuration

You can enable OpenFlow and configure a specified port as a crossflow port.
(1) Allocating resources to OpenFlow
The OpenFlow module needs resources in the ASIC to install flows. For example, you can allocate a specified TCAM
entry and L3 routing table entry for OpenFlow, as shown below. Allocate the resources before enabling OpenFlow, or
the configuration will not be successful.
XorPlus# set interface max-acl-rule-limit ingress 400

[edit]
XorPlus# set interface max-route-limit 6000
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Enabling OpenFlow TCAM mode
XorPlus# set open-flow

[edit]
XorPlus# commit
device ovs-pica8 entered promiscuous mode
device br0 entered promiscuous mode
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set open-flow working-mode tcam-mode
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Configuring a specified port as a crossflow port

With OpenFlow globally enabled, you can configure a specified port as a crossflow port. You can then manually
disable local-control, which is enabled in the default setting.
XorPlus# set interface gigabit-ethernet ge-1/1/1 crossflow enable true

[edit]
[edit]
XorPlus# set interface gigabit-ethernet ge-1/1/2 crossflow local-control false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# set interface aggregate-ethernet ae1 crossflow enable true
[edit]
XorPlus# set interface aggregate-ethernet ae1 crossflow local-control false
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(4) Configuring your switch’s OpenFlow version

By default, the switch enables OpenFlow v1.2, and also supports OpenFlowv1.0, OpenFlow v 1.1., and OpenFlowv1.3.
Your switch can negotiate with the controller and these four OpenFlow versions.
XorPlus# set open-flow allowed-versions openflow-v1.3 disable false

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(5) Configuring static flow match fields

You can create a static flow with the following matched fields: destination-port, ethernet-destination-address, ethernet-
destination-mask, ethernet-source-address, ethernet-source-mask,ethernet-type, , ingress-port, ip-destination-address,
ip-dst-addr-mask, ip-protocol, ip-source-address, ip-src-addr-mask, p-tos, ipv6-destination-address, ipv6-source-
address, source-port, vlan-id, and vlan-priority.
XorPlus# set open-flow flow f1 match-field ethernet-destination-address 22:22:22:22:22:22

[edit]
XorPlus# set open-flow flow f1 match-field ethernet-destination-mask fe:ff:ff:ff:ff:ff
[edit]
XorPlus# set open-flow flow f1 match-field vlan-id 100
[edit]
XorPlus# set open-flow flow f1 match-field ip-destination-address 192.168.1.0/24
[edit]
XorPlus# set open-flow flow f1 match-field ip-dst-addr-mask 255.255.255.0
[edit
XorPlus# set open-flow flow f1 match-field ethernet-type 2048
[edit]
XorPlus# set open-flow flow f1 action output interface ge-1/1/1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show open-flow flow-table
cookie=0x0, duration=7.929s, table=0, n_packets=0, n_bytes=0,
ip,dl_vlan=100,dl_dst=22:22:22:22:22:22/fe:ff:ff:ff:ff:ff,nw_dst=192.168.1.0/24 actions=output:1
XorPlus#
(6) Configuring output actions of static flow

You can add “output” actions for a flow with “interface,” “virtual-interface,” and “controller,” and gigabit interfaces or
aggregate ones can as the output port (e.g. ge-1/1/1, ae1).
You can also add “virtual-interface” as the output port (e.g. “all,” “drop”, “local”), and configure “controller” as the output
port of a flow.

[edit]
[edit]
XorPlus# set open-flow flow f1 action output interface ge-1/1/1
[edit]
XorPlus# set open-flow flow f1 action output controller
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
If you want add “local” as the output port, (e.g. arp flow) you can configure as following.

[edit]
XorPlus# set open-flow flow f1 action output virtual-interface local
[edit]
XorPlus# set open-flow flow f1 action output virtual-interface all
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(7) Configuring the local port of the OpenFlow bridge

You can connect to the switch by the inband port, which has the local port IP address.
XorPlus# set open-flow local-port address 192.168.1.1

[edit]
XorPlus# set open-flow local-port netmask 255.255.255.0
[edit]
XorPlus#
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(8) Configuring modification actions of static flow

You can add “modify” actions for a flow with “ethernet-destination-address,” “ethernet-source-address,” “ip-tos“, “mpls,”
“vlan-id,” and “vlan-priority.”

[edit]
[edit]
XorPlus# set open-flow flow f1 action modify ethernet-destination-address 22:22:22:33:33:33
[edit]
XorPlus# set open-flow flow f1 action modify vlan-id 200
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
OFPST_FLOW reply (OF1.2) (xid=0x2):
cookie=0x0, duration=11.032s, table=0, n_packets=0, n_bytes=0, dl_vlan=100,dl_dst=22:22:22:22:22:22
actions=mod_vlan_vid:200,mod_dl_dst:22:22:22:33:33:33
XorPlus#
(9) Configuring ECMP static flow in L2/L3 mode

In L2/L3 mode, you can add an ECMP static flow, which is stored in the routing table. Traffic that is matched with the
flow will be forwarded with ECMP.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set interface gigabit-ethernet te-1/1/1 crossflow enable true
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set open-flow flow f1 match-field ethernet-destination-address 08:9e:01:39:1a:fe
[edit]
XorPlus# set open-flow flow f1 match-field ip-destination-address 4.4.4.0/24
[edit]
[edit]
[edit]
XorPlus# set open-flow flow f1 action ecmp output-interface te-1/1/2 vlan-id 200
[edit]
XorPlus# set open-flow flow f1 action ecmp output-interface te-1/1/2 src-mac 08:9e:01:39:1a:fe
[edit]
XorPlus# set open-flow flow f1 action ecmp output-interface te-1/1/2 next-hop 08:9e:01:39:1a:11
[edit]
XorPlus# set open-flow flow f1 action ecmp output-interface te-1/1/3 vlan-id 300
[edit]
XorPlus# set open-flow flow f1 action ecmp output-interface te-1/1/3 src-mac 08:9e:01:39:1a:fe
[edit]
XorPlus# set open-flow flow f1 action ecmp output-interface te-1/1/3 next-hop 08:9e:01:39:1a:22
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# run show open-flow flow-table layer-3
FlowID Destination NetMask NextHopMac Output
------ --------------- --------------- ----------------- ---------
1 4.4.4.0 255.255.255.0 08:9e:01:39:1a:11 te-1/1/2
1 4.4.4.0 255.255.255.0 08:9e:01:39:1a:22 te-1/1/3
XorPlus#
(10) Configuring the switch’s working mode

You can configure the switch to work in TCAM mode or L2/L3 mode. In TCAM mode, all flows will be installed in the
TCAM table. In L2/L3mode, all flows will be installed in the routing and FDB tables.

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(11) Configuring your OpenFlow controller
You can configure multiple controllers for the OpenFlow bridge (only one of them will be the active controller).
XorPlus# set open-flow controller contr-serv address 192.168.1.100

[edit]
XorPlus# set open-flow controller contr-serv port 6633
[edit]
XorPlus# set open-flow controller contr-serv protocol tcp
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
Group table Configuration
In PicOS 2.2, supports group table.

Because of the ASIC limitation, not all buckets in a group table will be installed to ASIC for a flow. The system will
install buckets at most as possible to ASIC.
User can create group tables with type all/indirect/select/fast-failover. You can add “modify” actions for a bucket with
“ethernet-destination-address,” “ethernet-source-address,” “ip-tos,“ “mpls,” “vlan-id,” and “vlan-priority.”
(1) Create group table with one bucket
user can create a group table and a flow whose action is a group table.
XorPlus# set open-flow groups group-id 1 type all

[edit]
XorPlus# set open-flow groups group-id 1 bucket-id 1 action modify eth-dst-address 22:22:22:22:22:22
[edit]
XorPlus# set open-flow groups group-id 1 bucket-id 1 action output-interface ge-1/1/2
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
XorPlus# set open-flow flow f1 action group 1
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus#
XorPlus# run show open-flow groups
OFPST_GROUP_DESC reply (OF1.3) (xid=0x2):
group-id=1, type=all
bucket 1:
weight=NONE,watch_port=NONE,watch_group=NONE
actions=mod_dl_dst:22:22:22:22:22:22,output:2
XorPlus#
cookie=0x0, duration=4.001s, table=0, n_packets=0, n_bytes=0, dl_dst=22:00:00:00:00:00 actions=group:1
XorPlus#
(2) Create group table type select
XorPlus# set open-flow groups group-id 2 type select

[edit]
XorPlus# set open-flow groups group-id 2 bucket-id 1 action modify eth-src-address 22:00:00:00:00:11
[edit]
[edit]
[edit]
XorPlus# set open-flow groups group-id 2 bucket-id 2 action modify eth-src-address 22:00:00:00:00:22
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(3) Create group table type fast-fireover
XorPlus# set open-flow groups group-id 1 type ff

[edit]
XorPlus# set open-flow groups group-id 1 bucket-id 1 watch-port ge-1/1/1
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus# set open-flow groups group-id 1 bucket-id 2 watch-port ge-1/1/3
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
XorPlus# run show open-flow groups
OFPST_GROUP_DESC reply (OF1.3) (xid=0x2):
group-id=1, type=fast failover
bucket 1:
weight=NONE,watch_port=1,watch_group=NONE
bucket 2:
weight=NONE,watch_port=3,watch_group=NONE
XorPlus#
(4) Delete group table
XorPlus# delete open-flow groups group-id 1

Deleting:
1 {
type: "ff"
bucket-id 1 {
watch-port: "ge-1/1/1"
action {
modify {
eth-dst-address: 22:00:00:00:00:11
}
output-interface "ge-1/1/2"
}
}
bucket-id 2 {
watch-port: "ge-1/1/3"
action {
modify {
eth-dst-address: 22:00:00:00:00:22
}
output-interface "ge-1/1/4"
}
}
}
OK
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
Crossflow Configuration Example

In the following topology, we build a server network in a datacenter. The following requirements should be met:
● Servers should not be able to communicate with each other, which means traffic from a server can only be
forwarded in the upstream direction.
●The network should be scalable, and the configuration of the switch should be simple (e.g., isolating the traffic
between servers by ACLs or VLANs is too complex of a configuration).
You can configure a ToR switch manually or by a controller—it’s up to you.
172.16.4.x OSPF/BGP
Gateway
172.16.1.1 172.16.3.1
V
P-3920
172.16.2.1
P-3295-1 P-3295-2 P-3295-3
X X X X
Server:172.16.1.2~172.16.1.49 Server:172.16.2.2~172.16.2.49 Server:172.16.3.2~172.16.3.49
Figure 8-5. Crossflow network.
(1) Configuring theP3295-1 switch

For P3295-1, configure ports ge-1/1/1~ge-1/1/48 in crossflow mode. Create 48 flows that will make traffic from the
servers be forwarded only upstream, and be sure to configure flows that will forward the downstream traffic to the
corresponding server.

[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
You should also configure the flows to forward packets correctly:

[edit]
XorPlus# set open-flow flow server-1-upstream match-field ingress-port ge-1/1/1
[edit]
XorPlus# set open-flow flow server-1-upstream action output interface te-1/1/49
[edit]
XorPlus# set open-flow flow server-1-downstream match-field ingress-port te-1/1/49
[edit]
XorPlus# set open-flow flow server-1-downstream match-field ip-destination-address 172.16.1.2/32
[edit]
XorPlus# set open-flow flow server-1-downstream action output interface ge-1/1/1
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
If you do not wish to manually configure the above flows with the CLI, you can configure a controller to perform those
tasks:
XorPlus# set open-flow controller user-contr address 172.16.100.1

[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
(2) Configuring P3295-2 and P3295-3 switches

You can configure P3295-2 and P3295-3 using the instructions for configuring P3295-1.
(3) Configuring the P3920 switch

For P3920, configure ports te-1/1/1~te-1/1/48 as a Layer 3 interfaces and enable the OSPF interface in qe-1/1/49. The
interface qe-1/1/49 will join the OSPF network to the outside.

[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# set interface gigabit-ethernet qe-1/1/49 family ethernet-switching native-vlan-id 400
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
XorPlus#
[edit]
[edit]
[edit]
XorPlus# set interface gigabit-ethernet qe-1/1/49 crossflow enable true
[edit]
XorPlus# commit
Commit OK.
Save done.
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
XorPlus# set open-flow flow net-1-upstream match-field ingress-port te-1/1/1
[edit]
XorPlus# set open-flow flow net-1-upstream action output interface qe-1/1/49
[edit]
XorPlus# set open-flow flow net-1-upstream action modify ethernet-destination-address 22:22:22:22:22:22
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
XorPlus#
Be sure to configure the OSPF interface to work with the OSPF Layer 3 network.
XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan400 vif vlan400 address 172.16.4.1
[edit]
[edit]
XorPlus# commit
Commit OK.
Save done.
XorPlus# set policy policy-statement static-to-ospf term t1 from protocol connected
[edit]
XorPlus# set protocols ospf4 export static-to-ospf
[edit]
XorPlus# commit
Commit OK.
Save done.
XorPlus#
Command List
delete interface max-route-limit
set interface aggregate-ethernet bozo crossflow enable true
set interface aggregate-ethernet bozo crossflow local-control true
set interface gigabit-ethernet <port> crossflow enable true
set interface gigabit-ethernet <port> crossflow local-control true
set interface max-acl-rule-limit egress <int>
set interface max-acl-rule-limit ingress <int>
set interface max-route-limit <int>
set open-flow allowed-versions openflow-v1.1 disable true
set open-flow controller bozo address <ip-address>
set open-flow controller bozo port <int>
set open-flow controller bozo protocol ssl
set open-flow controller bozo protocol tcp
set open-flow flow bozo action ecmp output-interface bozo next-hop <mac-address>
set open-flow flow bozo action ecmp output-interface bozo src-mac <mac-address>
set open-flow flow bozo action ecmp output-interface bozo vlan-id <int>
set open-flow flow bozo action group <int>
set open-flow flow bozo action modify ethernet-destination-address <mac-address>
set open-flow flow bozo action modify ethernet-source-address <mac-address>
set open-flow flow bozo action modify ip-tos <int>
set open-flow flow bozo action modify mpls ethernet-type 0x0800
set open-flow flow bozo action modify mpls ethernet-type 0x86dd
set open-flow flow bozo action modify mpls ethernet-type 0x8847
set open-flow flow bozo action modify mpls inner-label <int>
set open-flow flow bozo action modify mpls outmost-label <int>
set open-flow flow bozo action modify mpls type pop
set open-flow flow bozo action modify mpls type push
set open-flow flow bozo action modify mpls type swap
set open-flow flow bozo action modify vlan-id <int>
set open-flow flow bozo action modify vlan-priority <int>
set open-flow flow bozo action output controller max-length <int>
set open-flow flow bozo action output interface bozo
set open-flow flow bozo action output virtual-interface all
set open-flow flow bozo action output virtual-interface drop

set open-flow flow bozo action output virtual-interface local
set open-flow flow bozo hard-timeout <int>
set open-flow flow bozo idle-timeout <int>
set open-flow flow bozo match-field destination-port <int>
set open-flow flow bozo match-field ethernet-destination-address <mac-address>
set open-flow flow bozo match-field ethernet-destination-mask <mac-address>
set open-flow flow bozo match-field ethernet-source-address <mac-address>
set open-flow flow bozo match-field ethernet-source-mask <mac-address>
set open-flow flow bozo match-field ethernet-type <int>
set open-flow flow bozo match-field ingress-port bozo
set open-flow flow bozo match-field ip-destination-address <ip-address>
set open-flow flow bozo match-field ip-dst-addr-mask <ip-address>
set open-flow flow bozo match-field ip-protocol <int>
set open-flow flow bozo match-field ip-source-address <ip-address>
set open-flow flow bozo match-field ip-src-addr-mask <ip-address>
set open-flow flow bozo match-field ip-tos <int>
set open-flow flow bozo match-field ipv6-destination-address <ipv6-address/netmask>
set open-flow flow bozo match-field ipv6-source-address <ipv6-address/netmask>
set open-flow flow bozo match-field source-port <int>
set open-flow flow bozo match-field vlan-id <int>
set open-flow flow bozo match-field vlan-priority <int>
set open-flow flow bozo priority <int>
set open-flow groups group-id <int> bucket-id <int> action modify eth-dst-address <mac-address>
set open-flow groups group-id <int> bucket-id <int> action modify eth-src-address <mac-address>
set open-flow groups group-id <int> bucket-id <int> action modify ip-tos <int>
set open-flow groups group-id <int> bucket-id <int> action modify vlan-id <int>
set open-flow groups group-id <int> bucket-id <int> action modify vlan-priority <int>
set open-flow groups group-id <int> bucket-id <int> action output-interface bozo
set open-flow groups group-id <int> bucket-id <int> watch-port bozo
set open-flow groups group-id <int> type all
set open-flow groups group-id <int> type ff
set open-flow groups group-id <int> type indirect
set open-flow groups group-id <int> type select
set open-flow local-port address <ip-address>
set open-flow local-port netmask <ip-address>
set open-flow traceoptions flag all disable true
set open-flow traceoptions flag config disable true

set open-flow traceoptions flag debug disable true
set open-flow traceoptions flag packet-in disable true
set open-flow traceoptions flag packet-out disable true
set open-flow traceoptions flag protocol disable true
set open-flow working-mode l2/l3-mode
set open-flow working-mode tcam-mode
Chapter 10. Zero touch provisioning

Zero touch provisioning
ZTP(Zero touch provisioning) is the process of configuring a Switch without human intervention. As simple as Rack,
Connect and Power-on.
ZTP Process: switch connected TFTP server
When the switch boots up, a DHCP client will be started by debian service, then ZTP will gets three options: tftp-
server-name, boot-file-name and log-servers. If the log-servers option is set, ZTP will send the log of ZTP to the server
and local syslog at the same time. Then it starts a TFTP client to get a upgrade script with name defined in boot-file-
name from TFTP server. This upgrade script is used to define all upgrade procedures. The provision script is an shell
script, ZTP will automatically run this script after download it from TFTP server.
A typical pica8 provision target may include the following several tasks:
1) back up Layer 2 / Layer 3 configuration file, OVS configuration database, and boot list file
2) back up user data files and application configuration files
3) download PicOS image from TFTP server
4) upgrade PicOS image
5) reboot into new image
6) update PicOSonfiguration files
7) start PicOS application (XorPlus or OVS)
8) PicOS application configuration
Upgrade process flow chart
boot
|
start debian
|
get tftp-server-name, boot-file-name and log-servers from DHCP server
|
set syslog server for ZTP
|
get boot-file from TFTP server
|
Execute the script
|
remove the script
(1) dhcp server setup:
ZTP depends on DHCP server to provide switch with TFTP server IP address, shell script file name and log-server.
host pica8-pxxxx {
hardware ethernet 08:9e:01:62:d5:62;
option bootfile-name "pica8/provision.script";
option tftp-server-name "xx.xx.xx.xx";
option log-servers xx.xx.xx.xx;
fixed-address xx.xx.xx.xx;
}
Here "host" is the name of switch device, "hardware ethernet" is the MAC address of the device, option "bootfile-name"
is the TFTP server IP address, option “log-servers” is the log server that ZTP will send log to, and option "bootfile-
name" is the file name and path of provisioning script relative to the TFTP root directory on TFTP server. The switches
are configured to send a vendor-class-identifier to DHCP server in the format of "Pica8-pxxxx" where "xxxx" is the
switch model number. So it is also possible for customer to use this vendor class id to identify Pica8 switches.
(2) The premise of executing ZTP

Before using ZTP, the switch must be two partitions (active partition and back up partition).The whole disk image
needs to migrate to different format. In the meantime, Pica8 has added some features to help users to automatically
provision the image and recover from a failed upgrade.
(3) Provision script

A provision script describes what Pica8 software upgrade and configuration is required and how it is executed. It also
defines customer specific upgrade process.
There is a shell script that provide some functions for ZTP, named with ztp-functions.sh, located in the directory of
“/usr/local/bin”.
This following are the variables that can be used in provision scripts:
1) version: PicOS version number on switch.

2) revision: PicOS revision number on switch
3) sn: switch serial number
4) eth0_mac: the MAC address of eth0
5) switch_mac: the MAC address of switch
(4):Appendix:
(1) Sample Provision Script

#!/bin/bash
source /usr/local/bin/ztp-functions.sh
if [ "$revision" != "xxxxxx" ]; then
tftp_get_picos_image pica8/picos-xxxxxx-P3295.tar.gz
if [ $? -ne 0 ]; then
exit 1
fi
reboot
else
picos_l2l3_start
if [ $? -ne 0 ]; then
exit 1
fi
l2l3_load_config pica8/xorp_cfg.cli
if [ $? -ne 0 ]; then
exit 1
fi
picos_l2l3_stop
if [ $? -ne 0 ]; then
exit 1
fi
picos_ovs_start 192.168.2.50/24 192.168.2.1
if [ $? -ne 0 ]; then
exit 1
fi
ovs_load_config 192.168.2.50/24 192.168.2.1 pica8/ovs_cfg.cli
if [ $? -ne 0 ]; then
exit 1
fi
picos_ovs_stop
if [ $? -ne 0 ]; then
exit 1
fi
fi
Example of xorp_cfg.cli:
show version;configure;run show vlans;set vlans vlan-id 20;commit;set vlans vlan-id 30;commit
Example of ovs_cfg.cli:
ovs-vsctl add-br br0 -- set bridge br0 datapath_type=pica8

ovs-vsctl set Bridge br0 stp_enable=true
ovs-vsctl add-port br0 ge-1/1/1 -- set interface ge-1/1/1 type=pica8
ovs-vsctl add-port br0 ge-1/1/2 -- set interface ge-1/1/2 type=pica8
ovs-ofctl add-flow br0 in_port=1,actions=output:2
ovs-ofctl add-flow br0 in_port=2,actions=output:1
(2) Appendix of Pica8 ZTP API:
API interface for auto-provision scripts in : /usr/local/bin/ztp-functions.sh
This following are the functions that can be used in provision scripts:
1) ztp_disable: disable ZTP auto-run when switch boot up
return value: 0 when succeed, 1 when failed
2) ztp_enable: enable ZTP auto-run when switch boot up
3) add_remote_syslog_server: add remote syslog server
parameter 1: the IP address of remote syslog server
4) remove_remote_syslog_server: remove remote syslog server
5) picos_config: set the configuration for PicOS service
parameter 1: the server selected, 1 for PicOS L2/L3, 2 for OVS, 3 for none service
parameter 2: a static IP and netmask for the switch (e.g. 128.0.0.10/24) when parameter 1 is set to 2
parameter 3: the gateway IP (e.g. 172.168.1.2) when parameter 1 is set to 2
6) picos_start_stop: start/ stop/restart/status of PicOS service

parameter 1: the action for PicOS server.
start: start the PicOS service
stop: stop the PicOS service
restart: restart the PicOS service
status: get the status of PicOS service
7) picos_l2l3_start: start PicOS L2/L3
8) picos_l2l3_restart: restart PicOS L2/L3
9) picos_l2l3_stop: stop PicOS L2/L3
10) picos_ovs_start: start PicOS OVS, parameters are needed if PicOS is not set in OVS mode.
parameter 1: eth0 ip address and netmask, 192.168.0.2/24
parameters 2:gataway ip
11) picos_ovs_restart: restart PicOS OVS, parameters are needed if PicOS is not set in OVS mode.
parameter 1: eth0 ip address and netmask, 192.168.0.2/24
parameters 2:gataway ip
12) picos_ovs_stop: stop PicOS L2/L3
tftp_get_file: get file from TFTP server
parameter 1: file name in TFTP server
parameter 2: file name with path in local;
parameter 3: TFTP server IP address
13) tftp_get_l2l3_config_file: get PicOS L2/L3 configuration from TFTP server
parameter 1: configuration file name with path on TFTP sever
parameter 2: sever ip address, if this is not set, it will use the TFTP server IP address got from DHCP server by DHCP
client
14) tftp_get_ovs_config_file: get PicOS OVS configuration file
client
15) tftp_get_picos_config_file: get PicOS configuration file from TFTP server
client
16) tftp_get_picos_image: get PicOS image from TFTP server
parameter 1: image file name with path on TFTP sever
client
17) tftp_get_pica_image: get Pica Image from TFTP server
parameter 1: image file name with path on TFTP sever
client
18) l2l3_cmd_shell: run an CLI command of PicOS Layer 2 / Layer 3
parameter 1: the command
19) l2l3_load_config: get a file with PicOS Layer 2 / Layer 3 CLI commands list, and execute these commands.
parameter 1: command file name with path on TFTP sever
client
20) ovs_cmd_shell: run an OVS command
parameter 1: the command
21) ovs_load_config: get a file with PicOS OVS commands list , and execute these commands.
parameter 1: if PicOS is not set to OVS, then it should be eth0 ip address and netmask, 192.168.0.2/24, otherwise “ ”
parameter 2: if PicOS is not set to OVS, then gateway IP, otherwise “ ”
parameter 3: file name with path on TFTP server
parameter 4: sever ip address, if this is not set, it will use the TFTP server IP address got from DHCP server by
DHCP client
Appendix
Other Command List
set interface traceoptions flag config disable true
set interface traceoptions flag ethernet-switching-options disable true
set interface traceoptions flag mlag-trace disable true
set interface traceoptions flag neighbor-event disable true
set interface traceoptions flag packets disable true
set interface traceoptions flag route-event disable true
set interface traceoptions flag static-ethernet-switching disable true
set interface traceoptions line-card statistic disable true
set interface traceoptions line-card trace-level all disable true
set interface traceoptions line-card trace-level api debug disable true
set interface traceoptions line-card trace-level api error disable true
set interface traceoptions line-card trace-level api information disable true
set interface traceoptions line-card trace-level api warning disable true
set interface traceoptions line-card trace-level sdk debug disable true
set interface traceoptions line-card trace-level sdk error disable true
set interface traceoptions line-card trace-level sdk information disable true
set interface traceoptions line-card trace-level sdk warning disable true
set interface traceoptions line-card trace-level xrl debug disable true

set interface traceoptions line-card trace-level xrl error disable true
set interface traceoptions line-card trace-level xrl information disable true
set interface traceoptions line-card trace-level xrl warning disable true
set interface traceoptions line-card trace-type all disable true
set interface traceoptions line-card trace-type configuration disable true
set interface traceoptions line-card trace-type link-change disable true
set interface traceoptions line-card trace-type mac-update disable true
set interface traceoptions line-card trace-type packet disable true
set interface traceoptions line-card trace-type packet-receive disable true
set interface traceoptions line-card trace-type packet-transmit disable true
set interface traceoptions line-card trace-type statistic disable true

Picos 2.2 l2 l3 Configuration Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Picos 2.2 l2 l3 Configuration Guide

Uploaded by

Copyright:

Available Formats

Layer 2 and Layer 3

© 2012 Pica8 Inc. All Rights Configuration Guide

Layer 2 and Layer 3 Configuration Guide, PicOS 2.2.0

CHAPTER 1 OVERVIEW ..................................................................................................... 8

CHAPTER 2 BOOT PROCESS AND MODE SELECTION ............................................... 10

CHAPTER 3 SYSTEM MANAGEMENT AND CONFIGURATION.................................... 15

Configuring SNMP .............................................................................................................................................. 28

CHAPTER 4.FILE MANAGEMENT CONFIGURATION ..................................................... 51

CHAPTER 5 LAYER 2 SWITCHING CONFIGURATION .................................................. 62

Ethernet Port Configuration ................................................................................................................................ 85

CHAPTER 6. LAYER3 ROUTING CONFIGURATION ..................................................... 168

Configuring ECMP (Equal-Cost Multipath Routing) ......................................................................................... 257

CHAPTER 7. MULTICAST CONFIGURATION ................................................................ 280

CHAPTER 8. QOS CONFIGURATION ............................................................................. 293

CHAPTER 9. OPENFLOW CONFIGURATION ................................................................ 297

CHAPTER 10. ZERO TOUCH PROVISIONING ............................................................... 319

APPENDIX ........................................................................................................................ 325

Chap 1. Overview Provides an overview of the Layer 2 / Layer 3

Chap 2. System Management Describes system management configurations

Chap 3. File Management Configuration Describes file management configurations

Chap 4. Layer 2 Switching Configuration Describes Layer2 switching configuration steps

Chap 5. Layer 2 Switching Configuration Describes Layer 3 routing configuration steps

Chap 6. Multicast Configuration Describes Multicast configuration steps

Chap 7. QoS Configuration Describes QoS configuration steps

Chap 8. OpenFlow Configuration Describes OpenFlow configuration steps

Table 1-1 Layer 2 / Layer 3 Features List

Category Functional Requirement

Category Functional Requirement

Chapter 2 Boot Process and Mode Selection

The Boot Process

CPU: 8541, Version: 1.1, (0x80720011)

Type: Hard Disk

CPU: 8541, Version: 1.1, (0x80720011)

=> set baudrate115200

PicOS can run in two different modes:

Modifying the Mode via the Configuration File

The OVS Mode is using the standard Linux Shell as CLI.

Modifying the Mode via an interactive Script

An alternative to reboot the switch is to reload the PicOS service.

Troubleshooting the PicOS Mode

root@XorPlus$ps aux | grep ovs | grep -v grep

In OVS mode, only the OVS daemon is running.

Chapter 3 System Management and Configuration

From Linux Shell to Layer 2 / Layer 3 Shell

Operation Mode and Configuration Mode

(2) Configuration mode

Commit Failed and Exit Discard

(2) Exiting the configuration mode with uncommitted configurations

XorPlus# set interface gigabit-ethernet ge-1/1/1 disable true

ERROR: There are uncommitted changes.

(2) Modify the rollback confirmation time

Configuring DHCP and a Static IP Address

XorPlus# set interface management-ethernet eth0 address dhcp

(2) Configuring a static IP address and gateway

XorPlus# set interface management-ethernet eth0 address 192.168.1.5/24

Configuring DHCP relay

XorPlus# set vlans vlan-id 2

XorPlus# set protocols dhcp relay vlan-interface vlan-2 disable false

Configuring DHCP option82

Configuring DHCP snooping

(4) Display the DHCP snooping table of host information

Configuring a User Account

(1) Creating a user class and password