Interface Configuration

1. Configuring Interfaces

2. Configuring MODE-MGMT

3. Configuring DLDP

4. Configuring PCAP

5. Configuring PPPoE-CLIENT

6. Configuring PPPoE-SERVER

7. Configuring Aggregated Port

8. Configuring VLAN-TERMINAL
Configuration Guide Configuring Interfaces

1 Configuring Interfaces

1.1 Overview

Interfaces are important in implementing data switching on network devices. Ruijie devices support two types of interfaces:
physical ports and logical interfaces. A physical port is a hardware port on a device, such as the 100M Ethernet interface and
gigabit Ethernet interface. A logical interface is not a hardware port on the device. A logical interface, such as the loopback
interface and tunnel interface, can be associated with a physical port or independent of any physical port. For network
protocols, physical ports and logical interfaces serve the same function.

1.2 Applications

Application Description
L2 Data Switching Through the Implement Layer-2 (L2) data communication of network devices through the physical
Physical Ethernet Interface L2 Ethernet interface.
L3 Routing Through the Physical Implement Layer-3 (L3) data communication of network devices through the physical
Ethernet Interface L3 Ethernet interface.

1.2.1 L2 Data Switching Through the Physical Ethernet Interface

Scenario

Figure 1-1

As shown in Figure 1-1 , Switch A, Switch B, and Switch C form a simple L2 data switching network.

Deployment

 Connect Switch A to Switch B through physical ports GigabitEthernet 1/0/1 and GigabitEthernet 2/0/1.

 Connect Switch B to Switch C through physical ports GigabitEthernet 2/0/2 and GigabitEthernet 3/0/1.

 Configure GigabitEthernet 1/0/1, GigabitEthernet 2/0/1, GigabitEthernet 2/0/2, and GigabitEthernet3/0/1 as Trunk ports.

1-1
Configuration Guide Configuring Interfaces

 Create a switch virtual interface (SVI), SVI 1, on Switch A and Switch C respectively, and configure IP addresses from a
network segment for the two SVIs. The IP address of SVI 1 on Switch A is 192.168.1.1/24, and the IP address of SVI 1
on Switch C is 192.168.1.2/24.

 Run the ping 192.168.1.2 command on Switch A and the ping 192.168.1.1 command on Switch C to implement data
switching through Switch B.

1.2.2 L3 Routing Through the Physical Ethernet Interface

Scenario

Figure 1-2

As shown in Figure 1-2, Device A, Device B, and Device C form a simple L3 data communication network.

Deployment

 Connect Device A to Device B through physical ports GigabitEthernet 1/0/1 and GigabitEthernet 2/0/1.

 Connect Device B to Device C through physical ports GigabitEthernet 2/0/2 and GigabitEthernet 3/0/1.

 Configure GigabitEthernet 1/0/1, GigabitEthernet 2/0/1, GigabitEthernet 2/0/2, and GigabitEthernet3/0/1 as L3 routed
ports.

 Configure IP addresses from a network segment for GigabitEthernet 1/0/1 and GigabitEthernet 2/0/1. The IP address of
GigabitEthernet 1/0/1 is 192.168.1.1/24, and the IP address of GigabitEthernet 2/0/1 is 192.168.1.2/24.

 Configure IP addresses from a network segment for GigabitEthernet 2/0/2 and GigabitEthernet 3/0/1. The IP address of
GigabitEthernet 2/0/2 is 192.168.2.1/24, and the IP address of GigabitEthernet 3/0/1 is 192.168.2.2/24.

 Configure a static route entry on Device C so that Device C can directly access the network segment 192.168.1.0/24.
Configure a static route entry on Device A so that Device A can directly access the network segment 192.168.2.0/24

 Run the ping 192.168.2.2 command on Device A and the ping 192.168.1.1 command on Device C to implement L3
routing through Device B.

1.3 Features

Basic Concepts

 Interface Classification

Interfaces on Ruijie devices fall into three categories:

 L2 interface (Switch or bridge mode)

1-2
Configuration Guide Configuring Interfaces

 L3 interface (supported by L3 devices)

1. Common L2 interfaces are classified into the following types:

 Switch port

 L2 aggregate port (AP)

2. Common L3 interfaces are classified into the following types:

 Routed port

 L3 AP port

 Loopback interface

 Switch Port

A switch port is an individual physical port on the device, and implements only the L2 switching function. The switch port is
used to manage physical ports and L2 protocols related to physical ports.

 L2 AP Port

An AP port is formed by aggregating multiple physical ports. Multiple physical links can be bound together to form a simple
logical link. This logical link is called an AP port.

For L2 switching, an AP port is equivalent to a switch port that combines bandwidths of multiple ports, thus expanding the link
bandwidth. Frames sent over the L2 AP port are balanced among the L2 AP member ports. If one member link fails, the L2
AP port automatically transfers the traffic on the faulty link to other member links, improving reliability of connections.

 Routed Port

A physical port on a L3 device can be configured as a routed port, which functions as the gateway interface for L3 switching.
A routed port is not related with a specific VLAN. Instead, it is just an access port. The routed port cannot be used for L2
switching.

 L3 AP Port

Like the L2 AP port, a L3 AP port is a logical port that aggregates multiple physical member ports. The aggregated ports must
be the L3 ports of the same type. The AP port functions as a gateway interface for L3 switching. Multiple physical links are
combined into one logical link, expanding the bandwidth of a link. Frames sent over the L3 AP port are balanced among the
L3 AP member ports. If one member link fails, the L3 AP port automatically transfers the traffic on the faulty link to other
member links, improving reliability of connections.

 Loopback Interface

The loopback interface is a local L3 logical interface simulated by the software that is always UP. Packets sent to the
loopback interface are processed on the device locally, including the route information. The IP address of the loopback
interface can be used as the device ID of the Open Shortest Path First (OSPF) routing protocol, or as the source address
used by Border Gateway Protocol (BGP) to set up a TCP connection. The procedure for configuring a loopback interface is
similar to that for configuring an Ethernet interface, and you can treat the loopback interface as a virtual Ethernet interface.

1-3
Configuration Guide Configuring Interfaces

Overview

Feature Description
Interface Configuration You can configure interface-related attributes in interface configuration mode. If you enter
Commands interface configuration mode of a non-existing logical interface, the interface will be created.
Interface Description and You can configure a name for an interface to identify the interface and help you remember
Administrative Status the functions of the interface.
You can also configure the administrative status of the interface.
MTU You can configure the maximum transmission unit (MTU) of a port to limit the length of a
frame that can be received or sent over this port.
Bandwidth You can configure the bandwidth of an interface.
Load Interval You can specify the interval for load calculation of an interface.
Carrier Delay You can configure the carrier delay of an interface to adjust the delay after which the status
of an interface changes from Down to Up or from Up to Down.
Link Trap Policy You can enable or disable the link trap function on an interface.
Interface Index Persistence You can enable the interface index persistence function so that the interface index remains
unchanged after the device is restarted.
Selection of Interface Medium You can select the medium type (fiber or copper) of a combo port as required.
Type
Interface Speed and Duplex You can configure the speed, duplex mode, flow control mode, and auto negotiation mode
Mode of an interface.
Automatic Module Detection
If the interface speed is set to auto, the interface speed can be automatically adjusted
based on the type of the inserted module.

Port Flapping Protection

You can configure the port flapping protection function so that the system can automatically
shut down a port when flapping occurs on the port.

1.3.1 Interface Configuration Commands

üRun the interface command in global configuration mode to enter interface configuration mode. You can configure
interface-related attributes in interface configuration mode.

Working Principle

Run the interface command in global configuration mode to enter interface configuration mode. If you enter interface
configuration mode of a non-existing logical interface, the interface will be created. You can also run the interface range or
interface range macro command in global configuration mode to configure the range (IDs) of interfaces. Interfaces defined in
the same range must be of the same type and have the same features.

You can run the no interface command in global configuration mode to delete a specified logical interface.

 Interface Numbering Rules

1-4
Configuration Guide Configuring Interfaces

In stand-alone mode, the ID of a physical port consists of two parts: slot ID and port ID on the slot. For example, if the slot ID
of the port is 2, and port ID on the slot is 3, the interface ID is 2/3. In VSU or stack mode, the ID of a physical port consists of
three parts: device ID, slot ID, and port ID on the slot. For example, if the device ID is 1, slot ID of the port is 2, and port ID on
the slot is 3, the interface ID is 1/2/3.

The device ID ranges from 1 to the maximum number of supported member devices.

The slot number rules are as follows: The static slot ID is 0, whereas the ID of a dynamic slot (pluggable module or line card)
ranges from 1 to the number of slots. Assume that you are facing the device panel. Dynamic slot are numbered from 1
sequentially from front to rear, from left to right, and from top to bottom.

The ID of a port on the slot ranges from 1 to the number of ports on the slot, and is numbered sequentially from left to right.

You can select fiber or copper as the medium of a combo port. Regardless of the medium selected, the combo port uses the
same port ID.

The ID of an AP port ranges from 1 to the number of AP ports supported by the device.

The ID of an SVI is the VID of the VLAN corresponding to this SVI.

 Configuring Interfaces Within a Range

You can run the interface range command in global configuration mode to configure multiple interfaces at a time. Attributes
configured in interface configuration mode apply to all these interfaces.

The interface range command can be used to specify several interface ranges.

The macro parameter is used to configure the macro corresponding to a range. For details, see "Configuring Macros of
Interface Ranges."

Ranges can be separated by commas (,).

The types of interfaces within all ranges specified in a command must be the same.

Pay attention to the format of the range parameter when you run the interface range command.

The following interface range formats are valid:

 GigabitEthernet device/slot/{first port} - {last port};

 TenGigabitEthernet device/slot/{first port} - {last port};

 FortyGigabitEthernet device/slot/{first port} - {last port};

 AggregatePort Aggregate-port ID (The AP ID ranges from 1 to the maximum number of AP ports supported by the
device.)

 Loopback loopback-ID (The loopback ID ranges from 1 to 2,147,483,647.)

Interfaces in an interface range must be of the same type, namely, GigabitEthernet, AggregatePort, or Loopback.

 Configuring Macros of Interface Ranges

You can define some macros to replace the interface ranges. Before using the macro parameter in the interface range
command, you must first run the define interface-range command in global configuration mode to define these macros.

Run the no define interface-range macro_name command in global configuration mode to delete the configured macros.

1-5
Configuration Guide Configuring Interfaces

1.3.2 Interface Description and Administrative Status

You can configure a name for an interface to identify the interface and help you remember the functions of the interface.

You can enter interface configuration mode to enable or disable an interface.

Working Principle

 Interface Description

You can configure the name of an interface based on the purpose of the interface. For example, if you want to assign
GigabitEthernet 0/1 for exclusive use by user A, you can describe the interface as "Port for User A."

 Interface Administrative Status

You can configure the administrative status of an interface to disable the interface as required. If the interface is disabled, no
frame will be received or sent on this interface, and the interface will loss all its functions. You can enable a disabled interface
by configuring the administrative status of the interface. Two types of interface administrative status are defined: Up
and Down. The administrative status of an interface is Down when the interface is disabled, and Up when the interface is
enabled.

1.3.3 MTU
You can configure the MTU of a port to limit the length of a frame that can be received or sent over this port.

Working Principle

When a large amount of data is exchanged over a port, frames greater than the standard Ethernet frame may exist. This type
of frame is called jumbo frame. The MTU is the length of the valid data segment in a frame. It does not include the Ethernet
encapsulation overhead.

If a port receives or sends a frame with a length greater than the MTU, this frame will be discarded.

1.3.4 Bandwidth
Working Principle

The bandwidth command can be configured so that some routing protocols (for example, OSPF) can calculate the route
metric and the Resource Reservation Protocol (RSVP) can calculate the reserved bandwidth. Modifying the interface
bandwidth will not affect the data transmission rate of the physical port.

The bandwidth command is a routing parameter, and does not affect the bandwidth of a physical link.

1.3.5 Load Interval

Working Principle

You can run the load-interval command to specify the interval for load calculation of an interface. Generally, the
interval is 10s.

1-6
Configuration Guide Configuring Interfaces

1.3.6 Carrier Delay

Working Principle

The carrier delay refers to the delay after which the data carrier detect (DCD) signal changes from Down to Up or from Up
to Down. If the DCD status changes during the delay, the system will ignore this change to avoid negotiation at the upper
data link layer. If this parameter is set to a great value, nearly every DCD change is not detected. On the contrary, if the
parameter is set to 0, every DCD signal change will be detected, resulting in poor stability.

If the DCD carrier is interrupted for a long time, the carrier delay should be set to a smaller value to accelerate
convergence of the topology or route. On the contrary, if the DCD carrier interruption time is shorter than the topology or
route convergence time, the carrier delay should be set to a greater value to avoid topology or route flapping.

1.3.7 Link Trap Policy

You can enable or disable the link trap function on an interface.

Working Principle

When the link trap function on an interface is enabled, the Simple Network Management Protocol (SNMP) sends link
traps when the link status changes on the interface.

1.3.8 Interface Index Persistence

Like the interface name, the interface index also identifies an interface. When an interface is created, the system
automatically assigns a unique index to the interface. The index of an interface may change after the device is restarted. You
can enable the interface index persistence function so that the interface index remains unchanged after the device is
restarted.

Working Principle

After interface index persistence is enabled, the interface index remains unchanged after the device is restarted.

1.3.9 Selection of Interface Medium Type

You can select the medium type (fiber or copper) of a combo port as required.

Working Principle

You can choose either fiber or copper as the medium, but the two media cannot take effect at the same time. Once you
select the medium, attributes, including the connection status, speed, duplex mode, and flow control mode, are attributes of
the selected medium. If you change the medium, the interface will adopt the default settings, and you must re-configure these
attributes according to requirements.

 The Combo Port Supports Automatic Selection of the Medium Type

 If you enable automatic selection of the medium type, the device uses the current medium if only one medium is
available.

1-7
Configuration Guide Configuring Interfaces

 If both media are available, the device uses the preferred medium that is configured. By default, the preferred medium
is copper. You can run the medium-type auto-select prefer fiber command to configure fiber as the preferred media.
In automatic medium selection mode, the interface adopts the default settings of attributes, such as the speed, duplex
mode, and flow control mode.

If an interface is enabled with automatic selection, its peer interface must be enabled with auto negotiation; otherwise,
an error will occur.

The command takes effect only on a physical port. An AP port or SVI does not support configuration of the medium
type.

The command takes effect only on a port that supports medium selection.

All ports that are configured as member ports of an AP port must have the same medium type; otherwise, they cannot
be added to the AP port. The type of member ports cannot be modified. A port enabled with automatic medium
selection cannot be added to an AP port.

1.3.10 Interface Speed and Duplex Mode

You can configure the interface speed and duplex mode of an Ethernet physical port or AP port.

Working Principle

 Speed

Generally, the speed of an Ethernet physical port is determined through negotiation with the peer device. The negotiated
speed can be any speed within the interface capability. You can also configure any speed within the interface capability for
the Ethernet physical port.

When you configure the speed of an AP port, the configuration takes effect on all of its member ports. (All these member
ports are Ethernet physical ports.)

 Duplex Mode

 The duplex mode of an Ethernet physical port or AP port can be configured as follows:

 Set the duplex mode of the interface to full-duplex so that the interface can receive packets while sending packets.

 Set the duplex mode of the interface to half-duplex so that the interface can receive or send packets at a time.

 Set the duplex mode of the interface to auto-negotiation so that the duplex mode of the interface is determined through
auto negotiation between the local interface and peer interface.

 When you configure the duplex mode of an AP port, the configuration takes effect on all of its member ports. (All these
member ports are Ethernet physical ports.)

1.3.11 Automatic Module Detection

If the interface speed is set to auto, the interface speed can be automatically adjusted based on the type of the inserted
module.

1-8
Configuration Guide Configuring Interfaces

Working Principle

Currently, the automatic module detection function can be used to detect only the SFP and SFP+ modules. The SFP is a
Gigabit module, whereas SFP+ is a 10 Gigabit module. If the inserted module is SFP, the interface works in Gigabit mode. If
the inserted module is SFP+, the interface works in 10 Gigabit mode.

The automatic module detection function takes effect only when the interface speed is set to auto.

1.3.12 Port Flapping Protection

When flapping occurs on a port, a lot of hardware interruptions occur, consuming a lot of CPU resources. On the other hand,
frequent port flapping damages the port. You can configure the flapping protection function to protect ports.

Working Principle

By default, the port flapping protection function is enabled. You can disable this function as required. When flapping occurs
on a port, the port detects flapping every 2s or 10s. If flapping occurs six times within 2s on a port, the device displays a
prompt. If 10 prompts are displayed continuously, that is, port flapping is detected continuously within 20s, the port is
disabled. If flapping occurs 10 times within 10s on a port, the device displays a prompt without disabling the port.

1.3.13 Syslog
You can enable or disable the syslog function to determine whether to display information about the interface changes or
exceptions.

Working Principle

You can enable or disable the syslog function as required. By default, this function is enabled. When an interface becomes
abnormal, for example, the interface status changes, or the interface receives error frames, or flapping occurs, the system
displays prompts to notify users.

1.3.14 Interface MAC Address

Working Principle

By default, each Ethernet interface has a globally unique MAC address. The MAC addresses of Ethernet interfaces can be
modified if required. However, MAC addresses in the same LAN must be unique.

To configure the MAC address of an Ethernet interface, run the mac-address command in interface configuration mode:

Configuration of MAC addresses may affect internal communication in a LAN. Therefore, it is recommended that users
do not configure MAC addresses by themselves if unnecessary.

Related Configuration

 Configuring MAC Addresses for Interfaces

By default, each interface has a globally unique MAC address.

1-9
Configuration Guide Configuring Interfaces

You can run the mac-address mac-address command in interface configuration mode to modify the MAC address of an
interface.

1.3.15 VLAN Encapsulation Flag on Interfaces

Working Principle

Virtual local area network (VLAN) is a logical network divided on a physical network and corresponds to the layer-2 network
in the ISO model. In 1999, IEEE released the 802.1Q protocol draft for standardizing the VLAN implementation solution.

The VLAN technology enables the network administrator to divide a physical LAN into multiple broadcast domains (or
VLANs). Each VLAN contains a group of workstations with the same requirements and each VLAN has the same attributes
as the physical LAN.As VLANs are logically divided, workstations in the same VLAN do not need to be placed in the same
physical space, that is, these workstations may belong to different physical LAN network segments. Multicast and unicast
traffic in a VLAN will not be forwarded to other VLANs. This helps control traffic, reduce device investment, simplify network
management, and improve the network security.

VLAN is a protocol used to solve Ethernet broadcast and security problems. During packet transmission, a VLAN header is
added to Ethernet frames. In addition, VLAN IDs are used to classify users to different work groups to restrict layer-2
exchange between users in different work groups. Each work group is a VLAN.VLANs can be used to restrict the broadcast
scope and form virtual work groups to manage networks dynamically.

To ensure communication with hosts in a VLAN, users can configure the 802.1Q (VLAN protocol) VLAN encapsulation flag
on the Ethernet interface or sub-interface. In this case, when packets are sent over the Ethernet interface, the corresponding
VLAN header will be encapsulated. When packets are received, the VLAN header will be deleted from the packet.

Related Configuration

 Configuring the VLAN Encapsulation Flag for Interfaces

By default, the 802.1Q encapsulation protocol is disabled for interfaces.

You can run the encapsulation dot1Q vlan-id command in interface mode for 802.1Q encapsulation for an interface. vlan-id
indicates the encapsulated VLAN ID.

1.3.16 Keepalive Packet Period

Working Principle

On common WAN interfaces, the encapsulated link layer protocol requires the keepalive mechanism to ensure
proper working. By configuring the keepalive function, the keepalive period of the link layer protocol can be set, to control the
interval for sending keepalive packets.

On tunnel interfaces and interfaces with the HDLC or PPP protocol for encapsulation, the maximum number of timeouts of
keepalive packets can be set. If no response is received from the peer end after the maximum number of timeouts of a
keepalive packet is reached, the connection is disconnected.

Related Configuration

1-10
Configuration Guide Configuring Interfaces

 Configuring the Keepalive Packet Period for Interfaces

By default, the keepalive function is disabled on Ethernet interfaces. The default keepalive packet period on other interfaces
is 10s, and the value range of the keepalive packet period is from 1 to 32767 in seconds.
On tunnel interfaces and interfaces with the HDLC or PPP protocol for encapsulation, the keepalive command also carries
the maximum number of timeouts of keepalive packets. The value range is from 1 to 255. By default, the maximum number
of keepalive packet timeouts on tunnel interfaces, HDLC interfaces, and PPP interfaces are 3, 3, and 10, respectively.
You can run the keepalive [ keep-period [ keep-retries ] ] command in interface configuration mode to change the keepalive
packet period for an interface.

1.4 Configuration

Configuration Description and Command

(Optional) It is used to manage interface configurations, for example, creating/deleting

an interface, or configuring the interface description.

Creates an interface and enters configuration mode of the

interface
created interface or a specified interface.
Enters an interface range, creates these interfaces (if not
interface range
created), and enters interface configuration mode.
Performing Basic
define interface-range Creates a macro to specify an interface range.
Configurations
Enables the interface index persistence function so that the
snmp-server if-index persist interface index remains unchanged after the device is
restarted.
Configures the interface description of up to 80 characters
description
in interface configuration mode.
snmp trap link-status Configures whether to send the link traps of the interface.
shutdown Shuts down an interface in interface configuration mode.

1.4.1 Performing Basic Configurations

Configuration Effect

 Create a specified logical interface and enter configuration mode of this interface, or enter configuration mode of an
existing physical or logical interface.

 Create multiple specified logical interfaces and enter interface configuration mode, or enter configuration mode of
multiple existing physical or logical interfaces.

 The interface indexes remain unchanged after the device is restarted.

 Configure the interface description so that users can directly learn information about the interface.

 Enable or disable the link trap function of an interface.

 Enable or disable an interface.

1-11
Configuration Guide Configuring Interfaces

Notes

 The no form of the command can be used to delete a specified logical interface or logical interfaces in a specified range,
but cannot be used to delete a physical port or physical ports in a specified range.

 The default form of the command can be used in interface configuration mode to restore default settings of a specified
physical or logical interface, or interfaces in a specified range.

Configuration Steps

 Configuring a Specified Interface

 Optional.

 Run this command to create a logical interface or enter configuration mode of a physical port or an existing logical
interface.

Command interface interface-type interface-number

Parameter De interface-type interface-number: Indicates the type and number of the interface. The interface can be an
scription Ethernet physical port, AP port, SVI, or loopback interface.
Defaults N/A
Command Global configuration mode
Mode
Usage Guide  If a logical interface is not created yet, run this command to create this interface and enter configuration
mode of this interface.
 For a physical port or an existing logical interface, run this command to enter configuration mode of this
interface.
 Use the no form of the command to delete a specified logical interface.
 Use the default form of the command to restore default settings of the interface in interface
configuration mode.

 Configuring Interfaces Within a Range

 Optional.

 Run this command to create multiple logical interfaces or enter configuration mode of multiple physical port or existing
logical interfaces.

Command interface range { port-range | macro macro_name }

Parameter De port-range: Indicates the type and ID range of interfaces. These interfaces can be Ethernet physical ports,
scription AP ports, SVIs, or loopback interfaces.
macro_name: Indicates the name of the interface range macro.
Defaults N/A
Command Global configuration mode
Mode
Usage Guide  If logical interfaces are not created yet, run this command to create these interfaces and enter interface
configuration mode.

1-12
Configuration Guide Configuring Interfaces

 For multiple physical ports or existing logical interfaces, run this command to enter interface
configuration mode.
 Use the default form of the command to restore default settings of these interfaces in interface
configuration mode.
 Before using a macro, run the define interface-range command to define the interface range as a
macro name in global configuration mode, and then run the interface range macro macro_name
command to apply the macro.

 Configuring Interface Index Persistence

 Optional.

 Run this command when the interface indexes must remain unchanged after the device is restarted.

Command snmp-server if-index persist

Parameter De N/A
scription
Defaults By default, interface index persistence is disabled.
Command Global configuration mode
Mode
Usage Guide After this command is executed, current indexes of all interfaces will be saved, and the indexes remain
unchanged after the device is restarted. You can use the no or default form of the command to disable the
interface index persistence function.

 Configuring the Description of an Interface

 Optional.

 Run this command to configure the description of an interface.

Command description string

Parameter De string: Indicates a string of up to 80 characters.
scription
Defaults By default, no description is configured.
Command Interface configuration mode
Mode
Usage Guide This command is used to configure the description of an interface. You can use the no or default form of the
command to delete the description of an interface.-

 Configuring the Link Trap Function of an Interface

 Optional.

 Run this command to obtain the link traps through SNMP.

Command snmp trap link-status

Parameter De N/A
scription

1-13
Configuration Guide Configuring Interfaces

Defaults By default, the link trap function is enabled.

Command Interface configuration mode
Mode
Usage Guide This command is used to configure the link trap function on an interface. When this function is enabled, the
SNMP sends link traps when the link status changes on the interface. You can use the no or default form of
the command to disable the link trap function.

 Configuring the Administrative Status of an Interface

 Optional.

 Run this command to enable or disable an interface.

 An interface cannot send or receive packets after it is disabled.

Command shutdown
Parameter De N/A
scription
Defaults By default, the administrative status of an interface is Up.
Command Interface configuration mode
Mode
Usage Guide You can run the shutdown command to disable an interface, or the no shutdown command to enable an
interface. In some cases, for example, when an interface is in errdisable state, you cannot run the no
shutdown command on an interface. You can use the no or default form of the command to enable the
interface.

 Configuring Port Flapping Protection

 Optional.

 Run this command to protect the port against flapping.

Command physical-port dither protect

Parameter De N/A
scription
Defaults By default, port flapping protection is enabled.
Command Global configuration mode
Mode
Usage Guide N/A

 Configuring the Syslog Function

 Optional.

 Run this command to enable or disable the syslog function on an interface.

Command [no] logging [link-updown | error-frame | link-dither ]

Parameter De N/A

1-14
Configuration Guide Configuring Interfaces

scription
Defaults By default, the syslog function is enabled on an interface.
Command Global configuration mode
Mode
Usage Guide N/A

Verification

 Configuring a Specified Interface

 Run the interface command. If you can enter interface configuration mode, the configuration is successful.

 For a logical interface, after the no interface command is executed, run the show running or show interfaces
command to check whether the logical interface exists. If not, the logical interface is deleted.

 After the default interface command is executed, run the show running command to check whether the default
settings of the corresponding interface are restored. If yes, the operation is successful.

 Configuring Interfaces Within a Range

 Run the interface range command. If you can enter interface configuration mode, the configuration is successful.

 After the default interface range command is executed, run the show running command to check whether the default
settings of the corresponding interfaces are restored. If yes, the operation is successful.

 Configuring Interface Index Persistence

 After the snmp-server if-index persist command is executed, run the write command to save the configuration,
restart the device, and run the show interface command to check the interface index. If the index of an interface
remains the same after the restart, interface index persistence is enabled.

 Configuring the Link Trap Function of an Interface

 Remove and then insert the network cable on a physical port, and enable the SNMP server. If the SNMP server
receives link traps, the link trap function is enabled.

 Run the no form of the snmp trap link-status command. Remove and then insert the network cable on a physical port.
If the SNMP server does not receive link traps, the link trap function is disabled.

 Configuring the Administrative Status of an Interface

 Insert the network cable on a physical port, enable the port, and run the shutdown command on this port. If the syslog
is displayed on the Console indicating that the state of the port changes to Down, and the indicator on the port is off, the
port is disabled. Run the show interfaces command, and verify that the interface state changes to
Administratively Down. Then, run the no shutdown command to enable the port. If the syslog is displayed on the
Console indicating that the state of the port changes to Up, and the indicator on the port is on, the port is enabled.

 Configuring Port Flapping Protection

1-15
Configuration Guide Configuring Interfaces

 Run the physical-port dither protect command in global configuration mode. Frequently remove and insert the
network cable on a physical port to simulate port flapping. Verify that a syslog indicating port flapping is displayed on the
Console. After such a syslog is displayed for several times, the system prompts that the port will be shut down.

 Configuring the Syslog Function

 Run the logging link-updown command in global configuration mode to display the interface status information.
Remove and then insert the network cable on a physical port. The interface state will change twice. Verify that the
information is displayed on the Console, indicating that the interface state changes from Up to Down, and then
from Down to Up. Run the no logging link-updown command. Remove and then insert the network cable. Verify that
the related information is no longer displayed on the Console. This indicates that the syslog function is normal.

Configuration Example

 Configuring Basic Attributes of Interfaces

Scenario
Figure 1-3

Configuration  Connect two devices through the L3 ports.

Steps  Enable interface index persistence on the two devices.
 Enable the link trap function on the two devices.
 Configure the interface administrative status on the two devices.
A A# configure terminal
A(config)# snmp-server if-index persist
A(config)# interface gigabitethernet 0/1
A(config-if-GigabitEthernet 0/1)# ip address 192.168.1.1 255.255.255.0
A(config-if-GigabitEthernet 0/1)# snmp trap link-status
A(config-if-GigabitEthernet 0/1)# shutdown
B B# configure terminal
B(config)# snmp-server if-index persist
B(config)# interface gigabitethernet 0/1
B(config-if-GigabitEthernet 0/1)# ip address 192.168.1.2 255.255.255.0
B(config-if-GigabitEthernet 0/1)# snmp trap link-status
B(config-if-GigabitEthernet 0/1)# shutdown

Verification Perform verification on Device A and Device B as follows:

 Run the shutdown command on port GigabitEthernet 0/1, and check whether GigabitEthern 0/1
is Down.

1-16
Configuration Guide Configuring Interfaces

 Run the shutdown command on port GigabitEthernet 0/1, and check whether a trap indicating that this
interface is Down is sent.

 Restart the device, and check whether the index of GigabitEthernet 0/1 is the same as that before the
restart.

A
A# show interfaces gigabitEthernet 0/1

Index(dec):2 (hex):2

GigabitEthernet 0/1 is DOWN , line protocol is DOWN

Hardware is MARVELL GigabitEthernet, address is 7042.d31b.1ac7 (bia 7042.d31b.1ac7)

Interface address is: 192.168.1.1/24

ARP type: ARPA, ARP Timeout: 3600 seconds

Interface IPv6 address is:

8003::1/64

fe80::7242:d3ff:fe1b:1ac7/64

MTU 1500 bytes, BW 1000000 Kbit

Encapsulation protocol is Ethernet-II, loopback not set

Keepalive interval is 10 sec , set

Carrier delay is 2 sec

Ethernet attributes:

Last link state change time: 2022-12-15 09:59:36

Time duration since last link state change: 0 days, 5 hours, 0 minutes, 34 seconds

Priority is 0

Link Mode:

LAN 3: Speed 1000M, Duplex Full, Media-Type is Copper

LAN 1: Speed 1000M, Duplex Full, Media-Type is Copper

LAN 2: Speed 1000M, Duplex Full, Media-Type is Copper

Rxload is 1/255, Txload is 1/255

10 seconds input rate 1817 bits/sec, 2 packets/sec

10 seconds output rate 1958 bits/sec, 2 packets/sec

124989 packets input, 23503674 bytes, 0 no buffer, 0 dropped

Received 148 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort

130544 packets output, 71205807 bytes, 0 underruns, 0 no buffer, 0 dropped

1-17
Configuration Guide Configuring Interfaces

0 output errors, 0 collisions, 0 interface resets

B
B# show interfaces gigabitEthernet 0/1

Index(dec):2 (hex):2

GigabitEthernet 0/1 is DOWN , line protocol is DOWN

Hardware is MARVELL GigabitEthernet, address is 7042.d31b.1ac4 (bia 7042.d31b.1ac4)

Interface address is: 192.168.1.2/24

ARP type: ARPA, ARP Timeout: 3600 seconds

Interface IPv6 address is:

No IPv6 address

MTU 1500 bytes, BW 100000 Kbit

Encapsulation protocol is Ethernet-II, loopback not set

Keepalive interval is 10 sec , set

Carrier delay is 2 sec

Ethernet attributes:

Last link state change time: 2022-12-15 09:59:36

Time duration since last link state change: 0 days, 5 hours, 19 minutes, 36 seconds

Priority is 0

Admin medium-type is Copper, oper medium-type is Copper

Admin duplex mode is AUTO, oper duplex is Full

Admin speed is AUTO, oper speed is 100M

Rxload is 1/255, Txload is 1/255

10 seconds input rate 12701 bits/sec, 18 packets/sec

10 seconds output rate 2769 bits/sec, 5 packets/sec

307304 packets input, 32426154 bytes, 0 no buffer, 0 dropped

Received 86811 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort

42950 packets output, 11579101 bytes, 0 underruns, 0 no buffer, 0 dropped

0 output errors, 0 collisions, 0 interface resets

1.4.2 Configuring Interface Attributes

Configuration Effect

 Enable the device to connect and communicate with other devices through the switch port or routed port.

1-18
Configuration Guide Configuring Interfaces

 Adjust various interface attributes on the device.

Configuration Steps

 Configuring the Medium Type of an Interface

 Optional.
 By default, the medium type of a combo port is copper.
 Port flapping may occur if the configured medium type of a port changes.
 This command is applicable to an Ethernet physical port or AP port.
Command medium-type { auto-select [ prefer [ fiber | copper ] ] | fiber | copper }
Parameter De auto-select: Indicates that the medium type is selected automatically.
scription prefer [ fiber | copper ]: Indicates the medium type that will be preferentially selected.
fiber: Indicates that fiber is forcibly selected as the medium type.
copper: Indicates that copper is forcibly selected as the medium type.
Defaults By default, the medium type of an interface is copper.
Command Interface configuration mode
Mode
Usage Guide Select either fiber or copper as the medium type of a port when both medium types are available. Once the
medium type is selected, all interface attributes, including the status, duplex mode, and speed, are
configured for the interface of the selected medium type. If the interface type is changed, the attributes of the
new interface type are the default attributes. You can reconfigure these attributes as required.
If you enable automatic selection of the medium type, the device uses the current medium if only one
medium is available. If both media are available, the device uses the preferred medium as configured. By
default, the preferred medium is copper. You can run the medium-type auto-select prefer fiber command
to configure fiber as the preferred media. In automatic medium selection mode, the interface adopts the
default settings of attributes, such as the speed, duplex mode, and flow control mode.

 Configuring the Speed of an Interface

 Optional.
 Port flapping may occur if the configured speed of a port changes.
 This command is applicable to an Ethernet physical port or AP port.

Command speed [ 10 | 100 | 1000 | auto ]

Parameter De 10: Indicates that the speed of the interface is 10 Mbps.
scription 100: Indicates that the speed of the interface is 100 Mbps.
1000: Indicates that the speed of the interface is 1000 Mbps.
auto: Indicates that the speed of the interface automatically adapts to the actual condition.
Defaults By default, the speed of an interface is auto.
Command Interface configuration mode
Mode
Usage Guide If an interface is an AP member port, the speed of this interface is determined by the speed of the AP port.

1-19
Configuration Guide Configuring Interfaces

When the interface exits the AP port, it uses its own speed configuration. You can run show interfaces to
display the speed configurations. The speed options available to an interface vary with the type of the
interface. For example, you cannot set the speed of an SFP interface to 10 Mbps.

The speed of a 40G physical port can only be set to 40 Gbps or auto.

 Configuring the Duplex Mode of an Interface

 Optional.
 Port flapping may occur if the configured duplex mode of a port changes.
 This command is applicable to an Ethernet physical port or AP port.
Command duplex { auto | full | half }
Parameter De auto: Indicates automatic switching between full duplex and half duplex.
scription full: Indicates full duplex.
half: Indicates half duplex.
Defaults By default, the duplex mode of an interface is auto.
Command Interface configuration mode
Mode
Usage Guide The duplex mode of an interface is related to the interface type. You can run show interfaces to display the
configurations of the duplex mode.

 Configuring the MTU of an Interface

 Optional.

 You can configure the MTU of a port to limit the length of a frame that can be received or sent over this port.

 This command is applicable to an Ethernet physical port or SVI.

Command mtu num

Parameter De num: 64–9216
scription
Defaults By default, the MTU of an interface is 1500 bytes.
Command Interface configuration mode
Mode
Usage Guide This command is used to configure the interface MTU, that is, the maximum length of a data frame at the link
layer. Currently, you can configure MTU for only a physical port or an AP port that contains one or more
member ports.

 Configuring the Bandwidth of an Interface

 Optional.

 Generally, the bandwidth of an interface is the same as the speed of the interface.

1-20
Configuration Guide Configuring Interfaces

Command bandwidth kilobits

Parameter De kilobits: The value ranges from 1 to 2,147,483,647. The unit is kilo bits.
scription
Defaults Generally, the bandwidth of an interface matches the type of the interface. For example, the default
bandwidth of a gigabit Ethernet physical port is 1,000,000, and that of a 10G Ethernet physical port is
10,000,000.
Command Interface configuration mode
Mode
Usage Guide N/A

 Configuring the Carrier Delay of an Interface

 Optional.

 If the configured carrier delay is long, it takes a long time to change the protocol status when the physical status of an
interface changes. If the carrier delay is set to 0, the protocol status changes immediately after the physical status of an
interface changes.

Command carrier-delay { [ milliseconds ] num | up [ milliseconds ] num down [ milliseconds ] num }

Parameter De num: The value ranges from 0 to 60. The unit is second.
scription milliseconds: Indicates the carrier delay. The value ranges from 0 to 60,000. The unit is millisecond.
up: Indicates the delay after which the state of the DCD changes from Down to Up.
down: Indicates the delay after which the state of the DCD changes from Up to Down.
Defaults By default, the carrier delay of an interface is 2s.
Command Interface configuration mode
Mode
Usage Guide If millisecond is used as the unit, the configured carrier delay must be an integer multiple of 100
milliseconds.

 Configuring the Load Interval of an Interface

 Optional.

 The configured load interval affects computation of the average packet rate on an interface. If the configured load
interval is short, the average packet rate can accurately reflect the changes of the real-time traffic.

Command load-interval seconds

Parameter De seconds: The value ranges from 5 to 600. The unit is second.
scription
Defaults By default, the load interval of an interface is 10s.
Command Interface configuration mode
Mode
Usage Guide N/A

 Configuring MAC Addresses for Interfaces

 Optional. If this function is required, run the mac-address command in interface configuration mode.

1-21
Configuration Guide Configuring Interfaces

 By default, MAC addresses of interfaces have fixed values.

Command mac-address mac-address
Parameter De mac-address: Indicates a valid MAC address.
scription
Command Interface configuration mode
Mode
Usage Guide N/A

 Configuring the VLAN Encapsulation Flag for Interfaces

 Optional. If this function is required, run the encapsulation dot1Q command in interface configuration mode.
 By default, the VLAN encapsulation protocol is disabled for interfaces.
Command encapsulation dot1Q vlan-id
Parameter De vlan-id: Indicates the VLAN ID. The value range is from 1 to 4094.
scription
Command Interface configuration mode
Mode
Usage Guide N/A

 Configuring the Keepalive Packet Period for Interfaces

 Optional. If this function is required, run the keepalive command in interface configuration mode.
 By default, the keepalive function is disabled for Ethernet interfaces. For other WAN interfaces, the default keepalive
packet period is 10s.
Command keepalive [ keep-period [ keep-retries ] ]
Parameter De keep-period: Indicates the period for sending keepalive packets. The value range is from 1 to 32767.
scription keep-retries: Indicates the maximum number of keepalive packet timeouts. The value range is from 1 to 255.
Command Interface configuration mode
Mode
Usage Guide N/A

Verification

 Run the show interfaces command to display the attribute configurations of interfaces.

Command show interfaces [ interface-type interface-number ] [ description ]

Configuration Example

1-22
Configuration Guide Configuring Interfaces

 Configuring Interface Attributes

Scenario
Figure 1-4

Configuration  On Switch A, configure GigabitEthernet 0/1 as an access mode, and the default VLAN ID is 1.
Steps Configure SVI 1, assign an IP address to SVI 1, and set up a route to Switch D.
 On Switch B, configure GigabitEthernet 0/1 and GigabitEthernet 0/2 as Trunk ports, and the default
VLAN ID is 1. Configure SVI 1, and assign an IP address to SVI 1. Configure GigabitEthernet 0/3 as a
routed port, and assign an IP address from another network segment to this port.
 On Switch C, configure GigabitEthernet 0/1 as an Access port, and the default VLAN ID is 1. Configure
SVI 1, and assign an IP address to SVI 1.
 On Switch D, configure GigabitEthernet 0/1 as a routed port, assign an IP address to this port, and set
up a route to Switch A.
A
A# configure terminal

A(config)# interface GigabitEthernet 0/1

A(config-if-GigabitEthernet 0/1)# switchport mode access

A(config-if-GigabitEthernet 0/1)# switchport access vlan 1

A(config-if-GigabitEthernet 0/1)# exit

A(config)# interface vlan 1

A(config-if-VLAN 1)# ip address 192.168.1.1 255.255.255.0

A(config-if-VLAN 1)# exit

A(config)# ip route 192.168.2.0 255.255.255.0 VLAN 1 192.168.1.2

B
B# configure terminal

B(config)# interface GigabitEthernet 0/1

B(config-if-GigabitEthernet 0/1)# switchport mode trunk

B(config-if-GigabitEthernet 0/1)# exit

1-23
Configuration Guide Configuring Interfaces

B(config)# interface GigabitEthernet 0/2

B(config-if-GigabitEthernet 0/2)# switchport mode trunk

B(config-if-GigabitEthernet 0/2)# exit

B(config)# interface vlan 1

B(config-if-VLAN 1)# ip address 192.168.1.2 255.255.255.0

B(config-if-VLAN 1)# exit

B(config)# interface GigabitEthernet 0/3

B(config-if-GigabitEthernet 0/3)# no switchport

B(config-if-GigabitEthernet 0/3)# ip address 192.168.2.2 255.255.255.0

B(config-if-GigabitEthernet 0/3)# exit

C
C# configure terminal

C(config)# interface GigabitEthernet 0/1

C(config-if-GigabitEthernet 0/1)# port-group 1

C(config-if-GigabitEthernet 0/1)# exit

C(config)# interface aggregateport 1

C(config-if-AggregatePort 1)# switchport mode access

C(config-if-AggregatePort 1)# switchport access vlan 1

C(config-if-AggregatePort 1)# exit

C(config)# interface vlan 1

C(config-if-VLAN 1)# ip address 192.168.1.3 255.255.255.0

C(config-if-VLAN 1)# exit

D
D# configure terminal

D(config)# interface GigabitEthernet 0/1

D(config-if-GigabitEthernet 0/1)# no switchport

D(config-if-GigabitEthernet 0/1)# ip address 192.168.2.1 255.255.255.0

D(config-if-GigabitEthernet 0/1)# exit

A(config)# ip route 192.168.1.0 255.255.255.0 GigabitEthernet 0/1 192.168.2.2

Verification Perform verification on Switch A, Switch B, Switch C, and Switch D as follows:

 On Switch A, ping the IP addresses of interfaces of the other three switches. Verify that you can
access the other three switches on Switch A..
 Verify that switch B and Switch D can be pinged mutually.

1-24
Configuration Guide Configuring Interfaces

 Verify that the interface status is correct.

A
A# show interfaces gigabitEthernet 0/1

Index(dec):1 (hex):1

GigabitEthernet 0/1 is UP, line protocol is UP

Hardware is GigabitEthernet, address is 00d0.f865.de90 (bia 00d0.f865.de90)

Interface address is: no ip address

MTU 1500 bytes, BW 100000 Kbit

Encapsulation protocol is Ethernet-II, loopback not set

Keepalive interval is 10 sec, set

Carrier delay is 2 sec

Ethernet attributes:

Last link state change time: 2012-12-22 14:00:48

Time duration since last link state change: 3 days, 2 hours, 50 minutes, 50 seconds

Priority is 0

Admin medium-type is Copper, oper medium-type is Copper

Admin duplex mode is AUTO, oper duplex is Full

Admin speed is AUTO, oper speed is 100M

Flow control admin status is OFF, flow control oper status is OFF

Admin negotiation mode is OFF, oper negotiation state is ON

Storm Control: Broadcast is OFF, Multicast is OFF, Unicast is OFF

Rxload is 1/255, Txload is 1/255

10 seconds input rate 0 bits/sec, 0 packets/sec

10 seconds output rate 67 bits/sec, 0 packets/sec

362 packets input, 87760 bytes, 0 no buffer, 0 dropped

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort

363 packets output, 82260 bytes, 0 underruns, 0 dropped

0 output errors, 0 collisions, 0 interface resets

B
B# show interfaces gigabitEthernet 0/1

Index(dec):1 (hex):1

GigabitEthernet 0/1 is UP, line protocol is UP

1-25
Configuration Guide Configuring Interfaces

Hardware is GigabitEthernet, address is 00d0.f865.de91 (bia 00d0.f865.de91)

Interface address is: no ip address

MTU 1500 bytes, BW 100000 Kbit

Encapsulation protocol is Ethernet-II, loopback not set

Keepalive interval is 10 sec, set

Carrier delay is 2 sec

Ethernet attributes:

Last link state change time: 2012-12-22 14:00:48

Time duration since last link state change: 3 days, 2 hours, 50 minutes, 50 seconds

Priority is 0

Admin medium-type is Copper, oper medium-type is Copper

Admin duplex mode is AUTO, oper duplex is Full

Admin speed is AUTO, oper speed is 100M

Flow control admin status is OFF, flow control oper status is OFF

Admin negotiation mode is OFF, oper negotiation state is ON

Storm Control: Broadcast is OFF, Multicast is OFF, Unicast is OFF

Bridge attributes:

Rxload is 1/255, Txload is 1/255

10 seconds input rate 0 bits/sec, 0 packets/sec

10 seconds output rate 67 bits/sec, 0 packets/sec

362 packets input, 87760 bytes, 0 no buffer, 0 dropped

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort

363 packets output, 82260 bytes, 0 underruns, 0 dropped

0 output errors, 0 collisions, 0 interface resets

C
C# show interfaces gigabitEthernet 0/1

Index(dec):1 (hex):1

GigabitEthernet 0/1 is UP, line protocol is UP

Hardware is GigabitEthernet, address is 00d0.f865.de92 (bia 00d0.f865.de92)

Interface address is: no ip address

MTU 1500 bytes, BW 100000 Kbit

1-26
Configuration Guide Configuring Interfaces

Encapsulation protocol is Ethernet-II, loopback not set

Keepalive interval is 10 sec, set

Carrier delay is 2 sec

Ethernet attributes:

Last link state change time: 2012-12-22 14:00:48

Time duration since last link state change: 3 days, 2 hours, 50 minutes, 50 seconds

Priority is 0

Admin medium-type is Copper, oper medium-type is Copper

Admin duplex mode is AUTO, oper duplex is Full

Admin speed is AUTO, oper speed is 100M

Flow control admin status is OFF, flow control oper status is OFF

Admin negotiation mode is OFF, oper negotiation state is ON

Storm Control: Broadcast is OFF, Multicast is OFF, Unicast is OFF

Rxload is 1/255, Txload is 1/255

10 seconds input rate 0 bits/sec, 0 packets/sec

10 seconds output rate 67 bits/sec, 0 packets/sec

362 packets input, 87760 bytes, 0 no buffer, 0 dropped

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort

363 packets output, 82260 bytes, 0 underruns, 0 dropped

0 output errors, 0 collisions, 0 interface resets

D
D# show interfaces gigabitEthernet 0/1

Index(dec):1 (hex):1

GigabitEthernet 0/1 is UP, line protocol is UP

Hardware is GigabitEthernet, address is 00d0.f865.de93 (bia 00d0.f865.de93)

Interface address is: 192.168.2.1/24

MTU 1500 bytes, BW 100000 Kbit

Encapsulation protocol is Ethernet-II, loopback not set

Keepalive interval is 10 sec, set

Carrier delay is 2 sec

Ethernet attributes:

1-27
Configuration Guide Configuring Interfaces

Last link state change time: 2012-12-22 14:00:48

Time duration since last link state change: 3 days, 2 hours, 50 minutes, 50 seconds

Priority is 0

Admin medium-type is Copper, oper medium-type is Copper

Admin duplex mode is AUTO, oper duplex is Full

Admin speed is AUTO, oper speed is 100M

Flow control admin status is OFF, flow control oper status is OFF

Admin negotiation mode is OFF, oper negotiation state is ON

Storm Control: Broadcast is OFF, Multicast is OFF, Unicast is OFF

Rxload is 1/255, Txload is 1/255

10 seconds input rate 0 bits/sec, 0 packets/sec

10 seconds output rate 67 bits/sec, 0 packets/sec

362 packets input, 87760 bytes, 0 no buffer, 0 dropped

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort

363 packets output, 82260 bytes, 0 underruns, 0 dropped

0 output errors, 0 collisions, 0 interface resets

The gateway product does not support the switchport mode and trunk mode, and the configuration example is for
reference only. The actual product configuration prevails.

1.5 Monitoring

Clearing

Running the clear commands may lose vital information and thus interrupt services.

Description Command
Clears the counters of a specified clear counters [ interface-type interface-number ]
interface.
Resets the interface hardware. clear interface interface-type interface-number

Displaying

 Displaying Interface Configurations and Status

Description Command

1-28
Configuration Guide Configuring Interfaces

Description Command
Displays all the status and configuration show interfaces [ interface-type interface-number ]
information of a specified interface.
Displays the interface status. show interfaces [ interface-type interface-number ] status
Displays the link status change time and count show interfaces [ interface-type interface-number ] link-state-change
of a specified port. statistics
Displays the description and status of a show interfaces [ interface-type interface-number ] description
specified interface.
Displays the bandwidth usage of an interface. show interfaces [ interface-type interface-number ] usage

1-29
Configuration Guide Configuring MODE-MGMT

2 Configuring MODE-MGMT

2.1 Overview

With mode management, you can achieve unified management on system mode, internal and external network attributes of
network interfaces, and so on.

Ruijie gateway products can serve as both gateways (gateway mode) and bridges (bridge mode). These two modes can be
switched through mode management.

In bridge mode, the gateway products support four operating modes: forward mode, sniffer mode, software bypass mode,
and one-arm mode. Users can configure the operating mode based on their requirements.

When the device is connected to the network, you will have an internal network and an external network. Consequently, the
device’s interfaces also have internal and external network attributes. Mode management enables you to switch between
internal and external network attributes for interfaces, to facilitate your adjustment based on actual situation.

Protocols and Standards

 N/A

2.2 Applications

Application Description

Switching Internal and External The user network topology changes or an external line is added.
Network Attributes of Interfaces

Switching Bridge Operating Mode Changes the operating mode of the bridge.

2.2.1 Switching Internal and External Network Attributes of Interfaces

Scenario

It is required to connect an outside interface when user network topology changes, for example, when an external line is
added.

In the case that all outside interfaces are occupied while some inside interfaces are still idle, you can change inside
interfaces to outside interfaces to support line expansion.

Figure 2-1

2-1
Configuration Guide Configuring MODE-MGMT

Add an outside line and change an wan2

inside interface to an outside interface wan1
wan0
wan0 wan1

Remarks In this example, the device has two outside interfaces wan1 and wan0; the rest are inside interfaces. When an
external line is added, change an idle inside interface to an outside interface, that is, wan2.

Deployment

 Determine the idle inside interface to be switched.

 Execute the switching command to configure the interface as an outside interface.

 Save the configuration and reboot the device to validate the configuration.

2.2.2 Switching Bridge Operating Mode

Scenario

You can switch the system mode between gateway and bridge depending on specific applications of the device. If you want
to use it as a bridge, you need to switch it to the bridge mode and specify the bridge operating mode. In bridge mode, the
device supports four operating modes (the MSC supports five operating modes), each for different purposes. You can switch
between these operating modes based on actual needs.

Figure 2-2

2-2
Configuration Guide Configuring MODE-MGMT

Gateway device

Gateway
device

Bridge forward mode,

Enable traffic control

Remarks In this example, you have a gateway device originally. Later you have needs for traffic control while keeping the
original gateway device. Then you can switch the gateway device to the bridge mode, connect it to the current
network, and configure it as forward mode. It then provides traffic identification and traffic control functions.

Deployment

 Determine the current system mode. If it is not a bridge, switch it to the non-gateway mode using the switching
command, save the configuration and reboot the device.

 Choose an inside interface and an outside interface to establish a bridge-map; configure its operating mode and
connect it to the network.

 If you need more bridges, repeat the previous step.

 If you need to change the bridge operating mode, enter the bridge configuration mode and make modifications.

2.3 Features

Basic Concepts

 System Mode

There are two system modes: gateway mode and bridge mode (non-gateway mode). Some of the devices support both
system modes.

2-3
Configuration Guide Configuring MODE-MGMT

When the device operates in gateway mode, all interfaces are layer 3 ones and packets are forwarded according to the
routing table. Packet processing in gateway mode resembles that on a common router, so no further description is given
here.

When the device operates in bridge mode, all interfaces are layer 2 ones and packets are forwarded according to the
bridge-map. In this mode, no modification is made for normally forwarded packets, except that packets may be blocked or
discarded due to particular traffic polices.

The default mode is gateway mode.

The device cannot operate in both the gateway and bridge modes.

When switching from gateway to bridge, or from bridge to gateway, you need to save the configuration and reboot
the device to validate the configuration.

 Internal and External Network Attributes

For the gateway products, all interfaces except the MGMT interface (management interface) have internal or external
network attributes. You need to configure internal and external network attributes for interfaces according to the actual
situation: inside interfaces connect the intranet, while outside interfaces connect the external line.

You can query information about mode management to learn the internal and external network attributes for each interface.
Using the configuration command, you can modify the internal or external network attributes of interfaces.

Here interfaces refer to the physical ports on the device. Accordingly, their sub-interfaces will inherit their internal and
external network attributes, and vary with the attributes of these physical ports; some virtual interfaces on the device,
such as the dialer interface, only have external network attributes, and do not support attributes switching.

When switching internal and external network attributes of interfaces, you need to save the configuration and reboot
the device to validate the configuration.

 Bridge Operating Mode

In bridge mode, packets are forwarded according to the bridge-map. No modification is made for normally forwarded packets,
except that packets may be blocked or discarded due to particular traffic polices.

Each bridge-map needs to be associated with an inside interface and an outside interface, and the operating mode for the
non-gateway mode should be specified. The bridge mode supports these operating modes:

 Forward: Traffic identification, traffic blocking, traffic control and traffic auditing can be performed for packets passing
the device.

 Sniffer: Traffic identification and traffic auditing can be performed for packets passing the device.

 Bypass: Traffic statistics are gathered at interfaces for packets passing the device.

2-4
Configuration Guide Configuring MODE-MGMT

 Receive-only: Also known as the one-armed mode. Traffic identification and traffic auditing can be performed for
packets passing the device. The only difference is that packets are discarded after processing, instead of being
forwarded.

The number of bridge-maps depends on the maximum number of inside-outside interface pairs that the device can
provide. For example, if the device has four inside interfaces and four outside interfaces, you can define up to four
bridge-maps. If the device has four inside interfaces and three outside interfaces, you can configure only 3
bridge-maps. Different devices may support different number of bridge-maps.

Bridge-maps cannot be removed; they become valid when the operating mode is defined.

If the system has multiple bridge-maps, you can configure different operating modes for different bridge-maps.

Overview

Feature Description

Configuring System Mode Configures the device operating in non-gateway mode or gateway mode.

Configuring Internal and Configures the internal and external network attributes of interfaces according to the actual
External Network Attributes network topology.

Configuring Bridge Configures the operating mode of a pair of bridges. Different operating modes support
Operating Mode different traffic processing modes.

Configuring Function of Not Enables the function of not storing logs in local hard disk, so that all information including
Storing Logs in Local device audit logs, traffic audit logs, content audit logs, flow logs are not stored in the hard disk.
Hard Disk

Configuring Switching Switches a layer-2 port into a layer-3 port, or vice versa.
Between Layer-2 and
Layer-3 Ports

2.3.1 Configuring System Mode

Configure the device operating in non-gateway mode or gateway mode.

Working Principle

In different system modes, the system supports different services. The biggest difference is that the device in gateway mode
supports layer-3 routing, while the device in bridge mode provides only layer-2 forwarding. According to your needs, you can
switch between the gateway and bridge modes.

Related Configuration

 Configuring System Mode

NBR devices operate in gateway mode by default. You can use the no sys-mode gateway command to switch the system
mode. Save the configuration and reboot the device to validate the configuration.

2-5
Configuration Guide Configuring MODE-MGMT

2.3.2 Configuring Internal and External Network Attributes

Configure the internal and external network attributes of interfaces according to the actual network topology.

Working Principle

Inside and outside interfaces process different transactions. For example, traffic auditing and traffic control are based on
outside interfaces. Improper configuration may affect normal transaction processing on the interface. Internal and external
network attributes are of software nature. You can modify them according to the actual network topology, and related
transactions will be adjusted accordingly.

Related Configuration

 Configuring Internal and External Network Attributes

By default, different interfaces on the device have different internal and external network attributes and they are configured
based on the most typical user scenarios. You can display specific attributes on the Web management page or in the
configuration file.

You can use the specify interface interface-name { lan | wan } command to switch the internal and external network
attributes of an interface. Save the configuration and reboot the device to validate the configuration.

2.3.3 Configuring Bridge Operating Mode

Configure the operating mode of a pair of bridges. Different operating modes support different traffic processing modes.

Working Principle

In forward, sniffer and bypass mode of the bridge mode, packet forwarding is based on the bridge-map. Packets that enter
from the inside interface of the bridge-map are forwarded out of the paired outside interface; packets that enter from the
outside interface are forwarded out of the paired outside interface. In one-armed mode, packets are discarded instead of
being forwarded. Of course, in one-armed mode, you need to configure the IP address segment of the internal network to
determine whether packets are in the uplink or downlink direction.

Related Configuration

 Entering bridge-map Configuration Mode

You can use the bridge-map bridge-num command to create a bridge-map and enter the bridge-map configuration mode.

 Configuring bridge-map Operating Mode

No operating mode is configured for the bridge-map by default.

You can use the link-mode interface-name1 interface-name2 { forward | sniffer | bypass | receive-only } command to
configure a bridge-map and specify its operating mode.

You can use the lan-ip ip_address subnet_mask command to configure the IP address segment of the internal network in
one-armed mode. A one-armed mode supports up to 100 IP address segments of the internal network.

2-6
Configuration Guide Configuring MODE-MGMT

2.3.4 Configuring Hardware Bypass

Configure hardware bypass when the device operates abnormally, so as to prevent network link interruption.

Working Principle

The hardware bypass function implements interconnection between two network interfaces via a hardware circuit. When the
bypass function is enabled, a network cable is inserted into the two interfaces and the interfaces are in the down state. This
makes the two interfaces and the cable equivalent to one cable; but the two ends of the device are connected. Packets are
not sent to the software of the device.

Related Configuration

 Configuring Hardware Bypass

The hardware bypass function of the device is disabled by default.

Use the bypass command to enable the hardware electrical port bypass function.

2.3.5 Configuring Function of Not Storing Logs in Local Hard Disk

Enable the function of not storing logs in local hard disk. Information such as device audit logs, traffic audit logs, content audit
logs, and flow logs are not recorded in the hard disk.

Working Principle

When the number of users on one device exceeds a certain value, a large amount of information is stored in the local hard
disk, which affects the performance of the device. In this case, it is recommended to enable the function of not storing logs in
local hard disk. When this function is enabled, relevant log information such as device audit logs, traffic audit logs, content
audit logs, and flow logs are not stored in the local hard disk but will be sent to an external server through the log service of
the device.

Related Configuration

 Configuring Function of Not Storing Logs in Local Hard Disk

The function of not storing logs in local hard disk is disabled by default.

Use the write-db enable command to disable this function, and use the *no form of this command to enable this function:
no write-db enable.

2.3.6 Configuring Switching Between Layer-2 and Layer-3 Ports

Some products have both layer-2 ports and layer-3 ports. A layer-3 port can be used to connect an egress line, while a
layer-2 port can be used to connect an intranet. In actual application, multiple egress lines or more layer-3 ports are needed
for connection to other devices, and the number of layer-3 ports needed may exceed the number of fixed ports that the
device can provide. In this situation, use this function to switch the specified layer-2 port into a layer-3 port, or switch the
layer-3 port back to the layer-2 port, to dynamically meet various user requirements.

2-7
Configuration Guide Configuring MODE-MGMT

Working Principle

A layer-3 port is an independent port for users. If a layer-2 port is switched into a layer-3 port, it is the same as a fixed layer-3
port. If this layer-3 port is switched back to the layer-2 port, all the previous configuration on this layer-3 port will be
invalidated.

Related Configuration

 Configuring Layer-2 and Layer-3 Switching

Use the convert command to change the layer-2/layer-3 attribute of a port and specify the initial internal/external network
attribute of a layer-3 port.

2.4 Limitations

NBR6120-E V2 does not support NPE mode.

NBR6120-E V2 does not support bridge mode .

2.5 Configuration

Configuration Description and Command

(Optional) It is used to switch the system mode between gateway and bridge. The
NBR serves in gateway mode by default.
Configuring System Mode
sys-mode gateway Sets the system mode to gateway

no sys-mode gateway Sets the system mode to bridge

(Optional) Defaults have been set. It is used to switch the internal and external
network attributes of the interface.
Configuring Internal and
External Network Attributes
Configures the internal and external network
specify interface interface-name { lan | wan }
attributes of the interface

(Mandatory) It is used to configure the bridge-map and its operating mode.

Configuring Bridge
Operating Mode Enters the bridge-map command mode
bridge-map bridge-num
layer

2-8
Configuration Guide Configuring MODE-MGMT

link-mode interface-name1 interface-name2 Configures the bridge-map and operating

{ forward | sniffer | bypass | receive-only } mode for inside and outside interfaces.

(Optional) The native-VLAN ID is 1 by default. It is used for category identification.

Packets without VLAN tag are classified as VLAN objects corresponding to the
currently configured VLAN ID.

Configures the native-VLAN ID value of the

bridge-map. Packets without vlan tag are
native-vlan vlan-id identified as VLAN classification objects
corresponding to the currently configured
VLAN ID.

(Optional) It is used to enable/disable the function of not storing logs in local hard
disk. The default settings of different devices vary.
Configuring Function of Not
Storing Logs in Local Enables the function of not storing logs in
no write-db enable
Hard Disk local hard disk.
Disables the function of not storing logs in
write-db enable
local hard disk.

(Optional) It is used to switch between the layer-2 and layer-3 attributes of a port.
Configuring Switching
Switches a layer-2 port into a layer-3 port
Between Layer-2 and
convert port num to { wan | lan } and specifies the internal and external
Layer-3 Ports
network attributes.
no convert port num Switches a layer-3 port into a layer-2 port.

2.5.1 Configuring System Mode

Configuration Effect

 Switch the system mode between gateway and bridge.

Notes

 Save the configuration and reboot the device to validate the configuration.

Configuration Steps

 Configuring System Mode

 Optional

 An NBR device serves in gateway mode by default.

 Configure it in global configuration mode.

Verification

2-9
Configuration Guide Configuring MODE-MGMT

You can use the show sys-mode command to display the current system mode.

Related Commands

 Configuring System Mode

Command [no] sys-mode gateway

Parameter Descripti N/A

on

Command Mode Global configuration mode

Usage Guide Save the configuration and reboot the device to validate the configuration.

 Displaying Current System Mode

Command show sys-mode

Parameter Descripti N/A

on

Command Mode Privileged EXEC mode

Usage Guide N/A

Configuration Examples

 Configuring System Mode to Bridge

Configuration Steps  Switch the system mode to bridge.

 Save the configuration and reboot the device.

Ruijie# configure terminal

Ruijie(config)# no sys-mode gateway

Ruijie(config)# exit

Ruijie#write

Building configuration...

[OK]

Ruijie#reload

Reload system?(Y/N)y

2-10
Configuration Guide Configuring MODE-MGMT

Verification When the device is rebooted, use the show sys-mode command to verify whether the configuration
is successful.

 Display the current system mode.

Ruijie# show sys-mode

System is bridge mode.

LAN: GigabitEthernet 0/0 GigabitEthernet 0/3 GigabitEthernet 0/5

WAN: GigabitEthernet 0/1 GigabitEthernet 0/2 GigabitEthernet 0/4

Common Errors

 After switching the system mode, you reboot the device without saving the configuration or do not reboot the device
after saving the configuration.

2.5.2 Configuring Internal and External Network Attributes

Configuration Effect

 Configure internal and external network attributes of interfaces based on the actual network topology.

 Usually, you need to make such adjustment when the device is powered on or when the network line changes.

Notes

 N/A

Configuration Steps

 Switch internal and external network attributes with the command.

Verification

 You can use the system mode query command to display the current internal and external network attributes.

Related Commands

 Configuring Internal and External Network Attributes

Command specify interface interface-name { lan | wan }

Parameter Descri interface interface-name: Interface name to be specified.

ption

2-11
Configuration Guide Configuring MODE-MGMT

Command Mode Global configuration mode

Usage Guide Use the no form of this command to restore the original internal and external network attributes of the
current interface.

 Displaying Internal and External Network Attributes of All Interfaces

Command show sys-mode

Parameter Descri N/A

ption

Command Mode Privileged EXEC mode

Usage Guide N/A

Configuration Examples

 Adding a New External Line (All Three Outside Interfaces Are Occupied and Some Inside Interfaces Are Still
Idle. You Switch an Idle Inside Interface to an Outside Interface.)

Configuration  Switch an idle inside interface to an outside interface.

Steps

Ruijie# configure terminal

Ruijie(config)# specify interface GigabitEthernet 0/3 wan

Ruijie(config)# end

Verification  Use the show command to display the configuration results.

Ruijie# show sys-mode

System is bridge mode.

LAN: GigabitEthernet 0/0 GigabitEthernet 0/5

WAN: GigabitEthernet 0/1 GigabitEthernet 0/2 GigabitEthernet 0/3 GigabitEthernet 0/4

Common Errors

 N/A

2-12
Configuration Guide Configuring MODE-MGMT

2.5.3 Configuring Bridge Operating Mode

Configuration Effect

 You can the bridge operating mode as needed. Different services are provided in different operating modes.

Notes

 A bridge-map must comprise an inside interface and an outside interface. One interface cannot belong to several
bridge-maps.

 You must define an operating mode for the bridge-map to make the bridge operate normally.

Configuration Steps

 Enter the bridge-map mode configuration layer

 In bridge mode, no defaults are set for the bridge-map. Configure an inside interface and an outside interface to
comprise a bridge-map and define its operating mode to any one of the forward, sniffer, bypass and one-armed modes.

Verification

 Use the bridge operating mode query command to verify the results.

Related Commands

 Entering bridge-map Mode Configuration Layer

Command bridge-map bridge-num

Parameter Descrip bridge-num: Bridge-map No.

tion

Command Mode Global configuration mode

Usage Guide N/A

 Specifying Internal and External Interfaces and Bridge Operating Mode

Command link-mode interface-name1 interface-name2 { forward | sniffer | bypass | receive-only }

Parameter Descrip interface-name1: Name of the internal interface.

tion
interface-name2: Name of the external interface.

Command Mode bridge-map configuration mode

Usage Guide N/A

 Defining Native-VLAN ID

2-13
Configuration Guide Configuring MODE-MGMT

Command native-vlan vlan-id

Parameter Descrip vlan-id: Native-VLAN ID of the bridge-map.

tion

Command Mode bridge-map configuration mode

Usage Guide Packets without vlan tag are classified as VLAN objects corresponding to the currently configured
VLAN ID.

 Displaying Internal and External Network Attributes of All Interface

Command show bridge-map [bridge-num] [lan-ip]

Parameter Descrip N/A

tion

Command Mode Privileged EXEC mode

Usage Guide N/A

Configuration Examples

 Using the Device as a Bridge and Attempting to Carry Out Traffic Control for Packets Passing It (You Configure
the Device Operating in Forward Mode.)

Configuration  Enter the bridge-map configuration layer.

Steps  Create a bridge-map and set its operating mode to forward.

Ruijie# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Ruijie(config)# bridge-map 0

Ruijie(config-bridge-map)# link-mode GigabitEthernet 0/0 GigabitEthernet 0/1 forward

Ruijie(config-bridge-map))# end

Verification  You can use the show bridge-map command to display the results.

Ruijie#show bridge-map 0

BRIDGE MAP 0,STATE is DOWN

Inside interface is GigabitEthernet 0/0,Outside interface is GigabitEthernet 0/1

2-14
Configuration Guide Configuring MODE-MGMT

Configuration  Enter the bridge-map configuration layer.

Steps  Create a bridge-map and set its operating mode to forward.

Ruijie# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Ruijie(config)# bridge-map 0

Ruijie(config-bridge-map)# link-mode GigabitEthernet 0/0 GigabitEthernet 0/1 forward

Ruijie(config-bridge-map))# end

Verification  You can use the show bridge-map command to display the results.

Working mode is forward

Native vlan is 1

 Using the Device as a Bypass Device and Setting Its Operating Mode to One-armed to Audit Packets Mirrored
from the Switch

Configuration  Enter the bridge-map configuration layer.

Steps
 Create a bridge-map and set its operating mode to one-armed (receive-only).

 Configure the IP address segment of the inside network.

Ruijie# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Ruijie(config)# bridge-map 0

Ruijie(config-bridge-map)# link-mode GigabitEthernet 0/0 GigabitEthernet 0/1 receive-only

Ruijie(config-bridge-map)# lan-ip 192.168.0.0 255.255.255.0

Ruijie(config-bridge-map)# lan-ip 10.10.10.0 255.255.255.0

Ruijie(config-bridge-map))# end

Verification  You can use the show bridge-map command to display the results.

Ruijie#show bridge-map 0

BRIDGE MAP 0,STATE is DOWN

Inside interface is GigabitEthernet 0/0,Outside interface is GigabitEthernet 0/1

Working mode is receive-only

2-15
Configuration Guide Configuring MODE-MGMT

Configuration  Enter the bridge-map configuration layer.

Steps  Create a bridge-map and set its operating mode to one-armed (receive-only).

 Configure the IP address segment of the inside network.

Ruijie# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Ruijie(config)# bridge-map 0

Ruijie(config-bridge-map)# link-mode GigabitEthernet 0/0 GigabitEthernet 0/1 receive-only

Ruijie(config-bridge-map)# lan-ip 192.168.0.0 255.255.255.0

Ruijie(config-bridge-map)# lan-ip 10.10.10.0 255.255.255.0

Ruijie(config-bridge-map))# end

Verification  You can use the show bridge-map command to display the results.

Native vlan is 1

Ruijie#show bridge-map 0 lan-ip

IP add mask add

192.168.0.0 255.255.255.0

10.10.10.0 255.255.255.0

Common Errors

 The bridge configuration does not meet actual needs. For example, you want to carry out traffic control, but do not
configure the device's operating mode as forward.

2.5.4 Configuring Function of Not Storing Logs in Local Hard Disk

Configuration Effect

 Enable or disable the function of not storing logs in local hard disk.

Configuration Steps

 Configuring Function of Not Storing Logs in Local Hard Disk

 Optional.

 The function of not storing logs in local hard disk is disabled by default.

 Configure this function in global configuration mode.

2-16
Configuration Guide Configuring MODE-MGMT

Verification

Run the show write-db command to check whether the function of not storing logs in the local hard disk of the current device
is enabled.

Related Commands

 Configuring Function of Not Storing Logs in Local Hard Disk

Command no write-db enable

Parameter De N/A
scription

Command Global configuration mode

Mode

Usage Guide Run the write-db enable command to disable the function of not storing logs in the local hard disk.

 Check Whether Current System Logs Are Stored in Local Hard Disk

Command show write-db

Parameter De N/A
scription

Command Privileged EXEC Mode

Mode

Usage Guide N/A

Configuration Example

 Enabling Function of Not Storing Logs in Local Hard Disk

Configuration  Enable the function of not storing logs in the local hard disk.
Steps

Ruijie# configure terminal

Ruijie(config)# no write-db enable
Ruijie(config)# exit
Ruijie#write

Building configuration...

[OK]
Ruijie#reload

2-17
Configuration Guide Configuring MODE-MGMT

Reload system?(Y/N)y
…

Verification After the device is restarted, run the show write-db command to check whether the configuration takes
effect.

 Check whether device logs are stored in the local hard disk.

Ruijie# show write-db

write-db enable: 0

Common Errors

 The function of not storing logs in the local hard disk is invalid because the device is restarted without saving the
configuration information or because the device is not restarted even though the configuration information is saved.

2.5.5 Configuring Switching Between Layer-2 and Layer-3 Ports

Configuration Effect

 Configure switching between a layer-2 port and a layer-3 port and specify the initial internal and external network
attributes.

Notes

 Port 0 cannot be switched.

 The command is valid only after the configuration is saved and the device is restarted.

Configuration Steps

 Run the convert command to configure switching between layer-2 and layer-3 ports.

Verification

 Before restarting the device, run the show switch-info command to display the configuration status.

 After restarting the device, display the information about created interfaces.

Related Commands

 Switching Layer-2 Port into Layer-3 Port and Specifying Initial Internal and External Network Attributes

Command convert port num to { wan | lan }

Parameter De num: Indicates the port ID. The range is from 1 to 4.

scription

Command Global configuration mode

2-18
Configuration Guide Configuring MODE-MGMT

Mode

Usage Guide Run the no convert port num command to switch a layer-3 port into a layer-2 port.

 Displaying Current Layer-2 and Layer-3 Attributes

Command show switch-info

Parameter De N/A
scription

Command Privileged EXEC mode, global configuration mode, and interface configuration mode
Mode

Usage Guide N/A

Configuration Example

 Switching Port 2 into Layer-3 LAN Port and Switching Port 4 into Layer-3 WAN Port

Configuration
Steps

Ruijie(config)#convert port 2 to lan

##### Please save config and reload the system!!!!!

Ruijie(config)#convert port 4 to wan

##### Please save config and reload the system!!!!!

Ruijie(config)#

 Run the show switch-info command to display the configuration result.

Verification

Ruijie# show switch-info

PORT0 PORT0 01 Gi0/0 0MGMT

PORT1 LAN1 10 Gi0/1 1

PORT2 LAN2 10 Gi0/2 2

PORT3 LAN3 10 Gi0/3 3

PORT4 WAN3 10 Gi0/4 4

2-19
Configuration Guide Configuring MODE-MGMT

PORT5 LAN5 10 Gi0/5 5

PORT6 WAN1 00 Gi0/6 6

PORT7 WAN0 01 Gi0/7 7

PORT8 LAN8 00 Te0/0 SFP|SFP+

PORT9 WAN0 00 Gi0/9 SFP

Common Errors

 A layer-3 port cannot be switched into a layer-3 port.

2.6 Monitoring

Displaying

Description Command

Displays information about the system mode and the internal and external show sys-mode
network attributes of interfaces.

Displays information about the bridge-map. show bridge-map bridge-num [ lan-ip ]

In one-armed mode, you can also display information about the configured
IP address segment of the internal network.

2-20
Configuration Guide Configuring DLDP

3 Configuring DLDP

3.1 Overview

The Data Link Detection Protocol (DLDP) is a protocol used to quickly detect faulty Ethernet links.

A typical Ethernet link detection mechanism detects physical link connectivity through auto negotiation at the physical layer.
Such a mechanism has limitations when detecting Layer-3 data communication exceptions despite normal physical
connections.

DLDP provides reliable Layer-3 link detection information. After detecting a faulty link, DLDP shuts down the logical state of
Layer-3 ports to realize fast Layer-3 protocol convergence.

3.2 Applications

Application Description
Intra-Network The source IP address of the detected port and the detected IP address are in the
Segment DLDP Detection same network segment.
Inter-Network The source IP address of the detected port and the detected IP address are in
Segment DLDP Detection different network segments.

3.2.1 Intra-Network Segment DLDP Detection

Scenario

This section describes the basic DLDP application scenario where the source IP address of the detected port and the
detected IP address are in the same network segment.

In Figure 3-1, the Gi 0/1 Layer-3 port on Device A and the Gi 0/2 Layer-3 port on Device C are in the same network segment.
To detect the Layer-3 link connectivity from Gi 0/1 to Gi 0/2, enable DLDP on Gi 0/1 or Gi 0/2.

Figure 3-1

Remarks Gi 0/1 and Gi 0/2 are Layer-3 ports in the same network segment.
B is a network in the same network segment as Gi 0/1 and Gi 0/2.

Deployment

3-1
Configuration Guide Configuring DLDP

 Enable DLDP on Gi 0/1 or Gi 0/2.

3.2.2 Inter-Network Segment DLDP Detection

Scenario

This section describes the DLDP application scenario where the source IP address of the detected port and the detected IP
address are in different network segments.

In Figure 3-2, the Gi 0/1 Layer-3 port on Device A and the Gi 0/4 Layer-3 port on Device D are in different network segments.
To detect the Layer-3 link connectivity from Gi 0/1 to Gi 0/4, enable DLDP on Gi 0/1 and configure the DLDP next-hop IP
address (IP address of the Gi 0/2 port on Device B).

Figure 3-2

Remarks Gi 0/1 and Gi 0/4 are Layer-3 ports in different network segments.

Deployment

 Enable DLDP on Gi 0/1 and configure the DLDP next-hop IP address.

3.3 Features

Basic Concepts

 DLDP Detection Interval and Retransmission Times

Detection interval: Indicates the interval at which DLDP detection packets (ICMP echo) are transmitted.

Retransmission times: Indicate the maximum times DLDP detection packets can be retransmitted in the case of a DLDP
detection failure.

When a network device does not receive a reply packet from the peer end within the period of the detection interval multiplied
by the retransmission times, the device determines that a Layer-3 link failure occurs and shuts down the logical state of its
Layer-3 port (despite the normal physical link connection). When Layer-3 link connectivity is recovered, the device restores
its Layer-3 port to Up logical state.

 DLDP Detection Modes

Active mode and passive mode are two DLDP detection modes.

Active mode (default): ICMP detection packets are sent actively.

3-2
Configuration Guide Configuring DLDP

Passive mode: ICMP detection packets are received passively.

 DLDP Next Hop

Next hop: Indicates the next node connected to the detected IP address in inter-network segment DLDP detection.

In some cases, DLDP needs to detect IP reachability in non-directly connected network segments. You need to configure the
next-hop IP address for the detected port to allow DLDP to obtain the next-hop MAC address through an ARP packet before
sending a correct ICMP packet.

In this situation, you need to avoid the return of the reply packet from another link; otherwise, DLDP will misjudge that the
detected port does not receive an ICMP reply.

 DLDP Recovery Times

Recovery times: Indicate the times DLDP needs to receive consecutive reply packets (ICMP reply) before it can determine
link failure recovery.

In some cases, link detection may be unstable. For example, a link is only intermittently pingable. In this case, DLDP
repeatedly changes the link status between Up and Down, which may further destabilize the ring network.

Recovery times indicate the times DLDP needs to receive consecutive reply packets before DLDP can set the link in Down
state to Up. The default recovery times are three times, indicating that the link needs to be successfully pinged three times
before it is set to Up. The recovery times setting reduces link detection sensitivity but increases stability. Related parameters
are adjustable according to the network condition.

 DLDP Bound MAC Address

Bound MAC address: Indicates the MAC address bound to the detected IP address.

In a complex network environment, DLDP may obtain an invalid MAC address if the detected link has abnormal ARP packets
transmitted (causing ARP spoofing), which will make DLDP detection abnormal.

To address this problem, you can bind the detected IP address (or next-hop IP address) to a static MAC address to avoid
a DLDP failure in the case of ARP spoofing.

Overview

Feature Description
DLDP Detection Detects Layer-3 link connectivity. When a Layer-3 link is abnormal, DLDP shuts down the Layer-3
port.
MAC Address Binds the detected IP address to the MAC address of the detected device to avoid DLDP exceptions
Binding otherwise caused by ARP spoofing.
Passive DLDP Detect When both ends of the detected link are enabled with DLDP, you can configure one end in passive
ion mode to save bandwidth and CPU resources.

3.3.1 DLDP Detection

DLDP detects Layer-3 link connectivity. When a Layer-3 link is abnormal, DLDP shuts down the corresponding Layer-3 port.

3-3
Configuration Guide Configuring DLDP

Working Principle

After DLDP detection is enabled, DLDP sends an ARP packet to obtain the MAC address and outbound port of the detected
device or the next-hop device. Then DLDP periodically sends IPv4 ICMP echo packets to the MAC address and outbound
port to detect link connectivity. If DLDP does not receive an IPv4 ICMP reply packet from the detected device within a specific
period, DLDP determines that the link is abnormal and sets the Layer-3 port to Down.

Related Configuration

 Enabling DLDP Detection

By default, DLDP detection is disabled on ports.

Run the dldp command with the detected IP address specified to enable DLDP detection.

You can configure the next-hop IP address, MAC address of the detected device, transmission interval, retransmission times,
and recovery times based on the actual environment.

3.3.2 MAC Address Binding

The MAC address binding feature is used to bind the detected IP address (or next-hop IP address) to the MAC address of
the detected device (or next-hop device) to avoid DLDP exceptions otherwise caused by ARP spoofing

Working Principle

You can bind the detected IP address (or next-hop IP address) to a static MAC address to avoid a DLDP failure in the case of
ARP spoofing.

Related Configuration

By default, no MAC address is bound in DLDP detection.

Bind the MAC address of the detected device when you run the dldp command to enable DLDP detection. If the next-hop IP
address is specified, bind the MAC address of the next-hop device.

After DLDP detection is enabled, DLDP sends ARP packets and ICMP packets with a fixed destination IP address and a
fixed destination MAC address. If the source IP address and MAC address in the received packet do not match the bound IP
address and MAC address, DLDP will not process the packet.

3.3.3 Passive DLDP Detection

When both ends of the detected link are enabled with DLDP, you can configure one end in passive mode to save bandwidth
and CPU resources.

Working Principle

After the device at the local end sends an ICMP echo packet, the peer device determines link connectivity according to the
packet reception time by using specific detection parameters, which are the same as those at the local end, thus saving
bandwidth and CPU resources.

3-4
Configuration Guide Configuring DLDP

Related Configuration

By default, passive DLDP detection is disabled.

Run the dldp passive command to enable passive DLDP detection.

After passive DLDP detection is enabled, DLDP will return an ICMP reply packet upon receiving an ICMP echo packet,
instead of actively sending ICMP echo packets to the peer end. If DLDP does not receive an ICMP echo packet within a
specific period, it determines that the link to the peer port is abnormal.

3.4 Configuration

Configuration Description and Command

(Mandatory) It is used to enable DLDP detection in interface configuration mode.

dldp Enables DLDP detection.

(Mandatory) It is used to enable passive DLDP detection in interface configuration mode.

dldp passive Enables passive DLDP detection.

Enabling DLDP Detection
(Optional) It is used to configure the detection interval, retransmission times, and
recovery times of DLDP detection in global configuration mode.

dldp interval Modifies the DLDP parameters globally to

dldp retry apply the modifications to DLDP detection
dldp resume on all ports.

3.4.1 Enabling DLDP Detection

Configuration Effect

 Detect Layer-3 link connectivity. When a Layer-3 link is abnormal, DLDP shuts down the Layer-3 port.

Notes

 DLDP supports the configuration of multiple IP addresses on a Layer-3 port. DLDP sets the port to Down when none of
the IP addresses receives an ICMP reply. If one IP address resumes communication, DLDP sets the port to Up again.

 DLDP uses the first IP address of the Layer-3 port as the source IP address of detection packets.

Configuration Steps

 Enabling DLDP Detection

 Mandatory.

 When you enable DLDP detection in interface configuration mode, you can configure the next-hop IP address, MAC
address, transmission interval, retransmission times, and recovery times based on the actual environment.

3-5
Configuration Guide Configuring DLDP

 Configuring a DLDP Detection Mode

 Optional.

 You can configure active or passive DLDP detection in interface configuration mode based on the actual environment.

 If DLDP detection needs to be enabled at both ends of a Layer-3 link, you can configure passive DLDP detection at one
end to save bandwidth and CPU resources.

 Configuring DLDP Parameters Globally

 Optional.

 You can modify the parameters of DLDP detection on all ports in global configuration mode based on requirements.
The parameters include the packet transmission interval, packet retransmission times, and recovery times.

Verification

 Display the device DLDP information, including the status and statistics of DLDP detection on all ports.

Related Commands

 Enabling DLDP Detection

Command dldp ip-address [ next-hop-ip ] [ mac-address mac-addr ] [ interval tick ] [ retry retry-num ] [ resume
resume-num ]
Parameter ip-address: Indicates the detected IP address.
Description next-hop-ip: Indicates the next-hop IP address.
mac-addr: Indicates the MAC address of the detected device to be bound. If the next-hop IP address is
specified, bind the MAC address of the next-hop device.
tick: Indicates the interval at which detection packets are transmitted. The value ranges from 5 to 6,000 ticks
(1 tick = 10 ms). The default value is 300 ticks (3s).
retry-num: The value ranges from 1 to 3,600. The default value is 4.
resume-num: Indicates the recovery times. The value ranges from 1 to 200. The default value is 3.
Command Interface configuration mode
Mode
Usage Guide The port to be enabled with DLDP detection must be a Layer-3 port, such as a router port and L3AP port,.

 Configuring a DLDP Detection Mode

Command dldp passive

Parameter N/A
Description
Command Interface configuration mode
Mode
Usage Guide You need to enable DLDP detection before configuring a DLDP detection mode.

3-6
Configuration Guide Configuring DLDP

 Modifying DLDP Detection Parameters Globally

Command dldp { interval tick | retry retry-num | resume resume-num }

Parameter tick: Indicates the interval at which detection packets are transmitted. The value ranges from 5 to 6,000 ticks
Description (1 tick = 10 ms). The default value is 300 ticks (3s).
retry-num: Indicates the interval at which detection packets are retransmitted. The value ranges from 5 to
3,600. The default value is 4.
resume-num: Indicates the recovery times. The value ranges from 1 to 200. The default value is 3.
Command Global configuration mode
Mode
Usage Guide Use this command to quickly modify the parameters of DLDP detection on all ports when the actual
environment is changed.

 Displaying the DLDP Status

Command show dldp statistic [ interface interface-name ]

Parameter interface-name: Indicates the Layer-3 port on which the DLDP status will be displayed.
Description
Command Privileged mode, global configuration mode, and interface configuration mode
Mode
Usage Guide Use this command to display the DLDP status on a specific port.
You can also use this command to display the DLDP status on all ports.

Configuration Example

 Enabling DLDP Detection on Layer-3 Ports on Device A and Device B in a Layer-3 Network

Scenario
Figure 3-3

Verification  Enable DLDP detection on the Gi 0/1 and Gi 0/2 router ports on Device A to detect the Layer-3 link
connectivity between Device A and Device B and that between Device A and Device D.
 To control the Gi 0/2 router port of Device B, enable passive DLDP detection on the port.
A
A#configure terminal

A(config)#interface GigabitEthernet 0/1

3-7
Configuration Guide Configuring DLDP

A(config-if-GigabitEthernet 0/1)#dldp 192.168.1.2

A(config-if-GigabitEthernet 0/1)# exit

A(config)#interface GigabitEthernet 0/2

A(config-if-GigabitEthernet 0/1)#dldp 192.168.3.4 192.168.2.3

B
B#configure terminal

B(config)#interface GigabitEthernet 0/2

B(config-if-GigabitEthernet 0/1)#dldp 192.168.1.1

B(config-if-GigabitEthernet 0/1)#dldp passive

Verification  Display the DLDP status on Device A and Device B to check whether DLDP detection is enabled
and works normally.
A
A# show dldp

Interface Type Ip Next-hop Interval Retry Resume State

--------- ------- ----------- ----------- -------- ----- ------ ------

Gi0/1 Active 192.168.1.2 100 4 3 Up

Gi0/1 Active 192.168.3.4 192.168.2.3 100 4 3 Up

B
B# show dldp

Interface Type Ip Next-hop Interval Retry Resume State

--------- ------- ----------- ----------- -------- ----- ------ ------

Gi0/2 Passive 192.168.1.1 100 4 3 Up

Common Errors

 An unreachable IPv4 unicast route is misjudged as a DLDP detection failure.

 DLDP detection fails because the peer device does not support ARP/ICMP replies.

 No next-hop IP address is configured in inter-network segment DLDP detection.

3.5 Monitoring

Clearing

Description Command
Clears DLDP statistics. clear dldp [ interface interface-name [ ip-address ] ]

Displaying

Description Command

3-8
Configuration Guide Configuring DLDP

Displays the DLDP status. show dldp [ interface interface-name ]

Displays the DLDP statistics on the show dldp statistic
Up/Down port sates.

3-9
Configuration Guide Configuring PCAP

4 Configuring PCAP

4.1 Overview

Packet Capture (PCAP) is a maintenance function commonly used in network devices.

Similar to the packet capture software running on a personal computer, the PCAP function can capture, save, or display the
packets sent from and received by the network device.

4.2 Applications

Application Description
Capturing Packets To check whether packets reach the device in network by capturing packets at a
specific point and from a specific direction.

4.2.1 Capturing Packets

Scenario

During routine maintenance, if you find packet sending or receiving failures in the network, specify the capture point and
capture direction, enter the packet feature, and start the packet capture to check whether the packets arrives at the device or
are sent from the device.

Deployment

Perform packet capture as follows:

 Create a capture feature rule and name it.

 Create a capture point and specify the capture point name, capture location (physical port, VLAN, and control plane),
capture direction, and capture feature.

 Specify the name of the file to be saved.

 Enable packet capture at the capture point.

 Wait until the capture ends.

 Upload the file to the PC.

 Enable the capture software on the PC to check the captured packets.

4.3 Features

Overview

4-1
Configuration Guide Configuring PCAP

Feature Description
Capturing Packets Captures packets sent and received on a specified physical port, VLAN, and control plane.

4.3.1 Capturing Packets

Clients can define the capture point and specify the capture location and direction, matching rule information, number of
captured packets, and file name; and then enable the capture procedure.

Working Principle

Clients can define the capture rules by defining capture points. To capture multiple types of packets at the same time, a client
is allowed to define multiple capture points and distinguish them by their names. The capture rules are as follows:

1) The capture location can be selected from the certain physical port, VLAN port, and system control plane. Each capture
point can only have one capture location.

2) The available capture directions can be the outgoing direction, incoming direction, and bidirectional.

3) The 7-tuple information can match the source MAC address, destination MAC address, layer-2 protocol type, source IP
address, destination IP address, layer-3 protocol type, and TCP/UDP port information.

4) The number of captured packets or size of the captured packet can be specified.

5) The file name can be specified. The captured packet will be saved in PCAP file format. The file will be output in the form
of system log by default on the console unless otherwise specified.

A client enables capture via commands after the rules are configured. The capture will automatically stop when the number
of captured packets or the file size reaches the specified value. The client can also stop the capture after commands are
entered manually.

Due to too many packets displayed, only 30 packets will be displayed in the form of system log on the console by
default if the file name is not specified.

4-2
Configuration Guide Configuring PCAP

4.4 Configuration

Configuration Description and Command

packet capture rule rule-name filter
[ v4_protocol protocol ] [ v6_protocol
protocol ] [ src-mac smac ] [ dst-mac dmac ]
[ etype { etype | ip | arp | ipv6 } ]
[ icmpv4_type type ] [ icmpv6_type type ]
[ icmpv4_code code ] [ icmpv6_code code ] Defines capture matching rule.
[ ipv4_sip { sip sip-mask | host sip } ]
[ ipv4_dip { dip dip-mask | host dip } ]
[ ipv4_sport eq sport ] [ ipv4_dport eq dport ]
Capturing Packets
[ ipv6_sip sip ] [ ipv6_dip dip ] [ ipv6_sport
eq sport ] [ ipv6_dport eq dport ]
packet capture point capture-point-name
Creates the capture point and specifies the
rule rule-name location {interface
capture location, matching rule, and capture
interface-name | control-plane} {in | out |
direction.
both}
packet capture file filename [buffer-size
Specifies the name of the file to be saved.
buf-size] [packet-num pkt-num]
packet capture {start | stop} Starts/Stops packet capture.

4.4.1 Capturing Packets

Configuration Effect

 Define the capture matching rule.

 Create the capture point.

 Specify the name of the file to be saved.

 Start packet capture.

 Stop packet capture.

Configuration Steps

 Defining Capture Matching Rule

 (Mandatory) Run this command to define the packet capture rule.

Command packet capture rule rule-name filter [ v4_protocol protocol ] [ v6_protocol protocol ] [ src-mac smac ]
[ dst-mac dmac ] [ etype { etype | ip | arp | ipv6 } ] [ icmpv4_type type ] [ icmpv6_type type ]
[ icmpv4_code code ] [ icmpv6_code code ] [ ipv4_sip { sip sip-mask | host sip } ] [ ipv4_dip { dip
dip-mask | host dip } ] [ ipv4_sport eq sport ] [ ipv4_dport eq dport ] [ ipv6_sip sip ] [ ipv6_dip dip ]

4-3
Configuration Guide Configuring PCAP

[ ipv6_sport eq sport ] [ ipv6_dport eq dport

Parameter rule-name: Indicates the matching rule name.
Description protocol: Indicates the protocol number or name.
smac: Indicates the source MAC address.
dmac: Indicates the destination MAC address.
etype: Indicates the layer-2 protocol type.
type: indicates the ICMP type field.
code: indicates the ICMP code field.
sip: Indicates the source IP address.
sip-mask: Indicates the source IP address mask.
dip: Indicates the destination IP address.
dip-mask: Indicates the destination IP address mask.
sport: Indicates the TCP/UDP protocol source port.
dport: Indicates the TCP/UDP protocol destination port.
Defaults -
Command Privileged EXEC mode
Mode
Usage Guide 1. The user can define multiple capture rules and distinguish them by different names. After a rule is defined,
the rule needs to be referenced by the packet capture point to actually take effect.
2. Before deleting the capture rule, all the packet capture points referencing the rule need to be deleted.

 Creating Capture Point

 (Mandatory) Run this command to create the capture point.

Command packet capture point capture-point-name rule rule-name location {interface interface-name |
control-plane} {in | out | both}
Parameter capture-point-name: Indicates the capture point name.
Description rule-name: Indicates the matching rule name, which is defined by running the packet capture rule
command.
interface-name: Indicates the name of the port on which packets are captured.
control-plane: Indicates the control plane on which packets are captured.
in | out | both: Indicates the capture direction (incoming, outgoing, or bidirectional).
Defaults -
Command Privileged EXEC mode
Mode
Usage Guide 1. The user can define multiple capture points at the same location as required to match different capture
rules or packet directions. The capture points can work simultaneously without affecting each other.
2. If the capture point is modified during packet capture, the modification will not take effect immediately
and will take effect next time when packet capture is enabled.

 Specifying Name of File to Be Saved

 (Optional) Run this command to specify the name of the file to be saved.

4-4
Configuration Guide Configuring PCAP

Command packet capture file filename [buffer-size buf-size] [packet-num pkt-num]

Parameter filename: Indicates the name of the file to be saved.
Description buf-size: Indicates the buffer size. The buffer size is 2 MB by default if not specified. Packet capture
automatically stops when the buffer is full.
pkt-num: Indicates the number of captured packets. Packet capture automatically stops when the number of
captured packets reaches the specified number. Packets will be captured continually by default unless
otherwise specified.

Defaults -
Command Privileged EXEC mode
Mode
Usage Guide 1. The packet data is saved in the file by default after the file name is set. If no file name is set, the data is
directly output on the console in the form of system log. Only 30 packets can be output by default when no
file name is set.
2. The file name setting takes effect next time when packet capture is enabled.

 Starting/Stopping Packet Capture

 (Mandatory) Enter this command to start or stop packet capture.

Command packet capture {start | stop}

Parameter start | stop: Starts/Stops packet capture.
Description
Defaults -
Command Privileged EXEC mode
Mode
Usage Guide 1. If the packet capture stop command is not entered after packet capture starts, the packet capture
automatically stops at the capture point when the number of captured packets reaches the specified
number. If the packet capture stop condition is not met, run this command to immediately stop the packet
capture.
2. Run the packet capture start command to capture packets at all packet capture points simultaneously.

Verification

Run the show packet capture status command to display packet capture information.

Command show packet capture status

Parameter N/A
Description
Command Privileged EXEC mode
Mode
Usage Guide Run this command to display the packet capture status.
Command
Presentation

4-5
Configuration Guide Configuring PCAP

Ruijie#show packet capture status

Capture rules:

Capture rules tcp:

etype: 0x0800

source MAC: 2222.2222.2222

destination MAC: 1111.1111.1111

protocol: 0x6

source IP: 10.10.10.3

destination IP: 10.10.10.10

source port: 5

destination port: 10

Capture points:

Capture point controlplane:

Capture rules: tcp

location: control-plane

direction: all

status: stopped

packets captured(in): 200

packets captured(out): 200

Capture file:

Filename: /tmp/tcp.pcap

Buffer size: 2(MB)

packets limit: 500

Ruijie#

4-6
Configuration Guide Configuring PCAP

Configuration Example

 Capturing Packets

Scenario  In the client environment, the TCP connection of a certain application on a device connected to Port
0/1 fails, TCP packets need to be captured on this port for analysis.
Configuration  Run the packet capture command to capture and save TCP packets to the file tcp.pcap and upload the
Steps file to a PC to display the captured data.
Ruijie# packet capture rule tcp etype ip protocol tcp
Ruijie# packet capture point tcppoint rule tcp location interface gi0/1 both
Ruijie# packet capture file flash:tcp.pcap packet-num 1500
Ruijie# packet capture start
Verification

Ruijie# show packet capture status

Capture rules:

Capture rules tcp:

etype: 0x0800

protocol: 0x6

Capture points:

Capture point tcppoint:

Capture rules: tcp

location: Gi0/1

direction: all

status: running

packets captured(in): 550

packets captured(out): 550

Capture file:

filename: /data/tcp.pcap

buffer size: 2(MB)

packets limit: 1500

4-7
Configuration Guide Configuring PCAP

4.5 Monitoring

Displaying

Description Command
Displays the packet capture status. show packet capture status

4-8
Configuration Guide Configuring PPPoE-CLIENT

5 Configuring PPPoE-CLIENT

5.1 Overview

PPPoE: Point-to-point Protocol Over Ethernet

Ruijie products support the PPPoE client on Ethernet interfaces, and are therefore able to connect to a host network by
accessing a remote hub through a simple access device. The PPPoE protocol enables the PPPoE server to control each
access client and perform relevant accounting.

Ruijie products support the auto dialing mode: no Dial-on-Demand Routing (DDR) but always online.

 The PPPoE client is applicable in scenarios where Internet access is implemented through ADSL.

The following sections describe the PPPoE client only.

5.2 Applications

Application Description
ADSL Scenario In a scenario where Internet access is implemented through the Asymmetric Digital
Subscriber Line (ADSL) technology, the device provides dialup and packet forwarding
functions.

5.2.1 ADSL Scenario

Scenario

In a scenario where Internet access is implemented through ADSL, the device provides dialup and packet forwarding
functions.

The dialup networking scenario is illustrated with Figure 5-1 as an example.

 The dialup function is enabled on the device. The device connects to a remote Internet service provider (ISP) over an
ADSL line, and obtains Internet access capability.

 Intranet PCs access the Internet through the device.

Figure 5-1

5-1
Configuration Guide Configuring PPPoE-CLIENT

Corresponding
Protocols

 Enable the dialup function on the device, and dial up to the Internet over the ADSL line.

5.3 Features

Basic Concepts

 ISP

A network operator who provides users with Internet access service, information service, and value-added services (VASs).

 ADSL

It indicates a line on which users dial up to the Internet.

 Data Flow

It indicates a flow of packets only forwarded by the device.

 Interested Flow

It indicates a specific type of packets defined by users during configuration, which can trigger the device to start dialup.

Overview

Feature Description
Dialup to the Internet In a scenario where Internet access is implemented through the Asymmetric Digital Subscriber Line
(ADSL) technology, the device provides dialup and packet forwarding functions.

5-2
Configuration Guide Configuring PPPoE-CLIENT

5.3.1 Dialup to the Internet

The device has Internet access capability after the dialup is complete; therefore, hosts in the intranet also have Internet
access capability.

Working Principle

Dialup corresponds to the negotiation process, whereas Internet access corresponds to the packet forwarding process.

Negotiation can be further divided into three parts: protocol negotiation, protocol keepalive, and protocol termination.

 Protocol Negotiation

Protocol negotiation is divided into PPPoE negotiation and PPP negotiation.

During PPPoE negotiation, both parties confirm a unique peer, record the peer's MAC address, and establish a unique
session ID.

During PPP negotiation, the server checks the client's authentication information. If the client passes the authentication, the
server allocates an IP address to the client. If the client has already been configured with an IP address and the configured IP
address meets the server's requirements, the server will agree to use this IP address as the IP address of the client.

After both protocols are up, the device has Internet access capability and prepares a Layer 2 (L2) header that is necessary
for data packet encapsulation.

 Protocol Keepalive

After PPP is up, both parties periodically send LCP heartbeat packets to each other. If the party at one end does not receive
any heartbeat response from the other party, it actively terminates the protocol.

 Protocol Termination

In certain cases, either party may actively terminate the protocol.

The initiating party sends a PPP termination packet to end the current PPP session, and then sends a PPPoE termination
packet to end the current PPPoE session.

After receiving the PPP termination packet, the passive party returns an acknowledgement packet to agree to the termination
of the PPP session; and after receiving the PPPoE termination packet, the passive party returns another acknowledgement
packet to agree to the termination of the PPPoE session.

Once either party receives a PPPoE termination protocol, the PPP session and the PPPoE session will immediately
terminate, even if it has not received any PPP termination protocol.

 Packet Forwarding

Packet sending process: When a data packet is routed to the dialer interface, the device encapsulates the data packet with
the prepared L2 header information and ultimately sends the data packet from a physical port.

Packet receiving process: After a packet arrives at a physical port, the device marks the Layer 3 (L3) header position of the
packet, executes the next service, and ultimately sends the packet to a host in the intranet.

Related Configuration

5-3
Configuration Guide Configuring PPPoE-CLIENT

 Configuring the Ethernet Interface

By default, the following functions are disabled and there is no corresponding default value.

Run the pppoe enable command to enable the PPPoE client function on the interface.

Run the no pppoe enable command to disable the PPPoE client function on the interface.

Run the pppoe-client dial-pool-number pool-number no-ddr command to bind the Ethernet interface to a specific logical
dialer pool. The logical dialer pool provides automatic dialing and is always online.

Run the no pppoe-client dial-pool-number pool-number command to unbind the Ethernet interface from the specific logical
dialer pool.

Run the pppoe session mac-address H.H.H command to configure the MAC address of the PPPoE session.

 Configuring the Logical Interface

By default, the following functions are disabled.

Run the interface dialer dialer-number command to add a specific logical interface and enter the configuration mode of the
logical interface.

Run the no interface dialer dialer-number command to delete the specific logical interface.

Run the ip address negotiate command to configure negotiation-based IP address acquisition.

Run the no ip address negotiate command to remove the configuration of negotiation-based IP address acquisition.

Run the dialer pool number command to associate a dialer pool, which corresponds to the dialer pool configured on the
Ethernet interface.

Run the no dialer pool number command to remove the association with the dialer pool.

Run the encapsulation ppp command to configure the encapsulation protocol PPP. PPPoE is established on the basis of PPP.

Run the no encapsulation command to remove the encapsulation protocol configuration.

Run the mtu 1488 command to set the Maximum Transmit Unit (MTU) to 1488.

Run the no mtu command to remove the MTU configuration.

Run the dialer-group dialer-group-number command to associate a dialer triggering rule, which corresponds to the
dialer-list.

Run the no dialer-group command to remove the configuration of the dialer triggering rule.

Run the ppp chap hostname username command to configure the user name for CHAP authentication.

Run the no ppp chap hostname command to remove the user name configuration for CHAP authentication.

Run the ppp chap password password command to configure the password for CHAP authentication.

Run the no ppp chap password command to remove the password configuration for CHAP authentication.

Run the ppp pap sent-username username password password command to configure the user name and password for
PAH authentication.

5-4
Configuration Guide Configuring PPPoE-CLIENT

Run the no ppp pap sent-username command to remove the user name and password configuration for PAH
authentication.

 Configuring Mandatory Global Parameters

By default, the following functions are disabled and shall be configured according to actual requirements. If other functional
modules need to be used together, you also need to configure other global parameters.

Run the dialer-list number protocol protocol-name ip{ permit | deny | list access-list-number } command to define a dialer
triggering rule.

Run the no dialer-list number command to delete the configured dialer triggering rule.

Run the ip route 0.0.0.0 0.0.0.0 dialer dialer-number [ permanent ] command to configure a route. If you specify the
permanent option, the route will be always valid, even if the logical interface is within the enable-timeout period, in which
case the logical interface will be down.

Run the no ip route 0.0.0.0 0.0.0.0 dialer dialer-number command to remove the route.

5-5
Configuration Guide Configuring PPPoE-CLIENT

5.4 Configuration

Configuration Description and Command

Mandatory configuration.

pppoe enable Enables the PPPoE client function.

pppoe-client dial-pool-number number Binds a logical dialer pool and specifies the
no-ddr dialing mode.
Configures the MAC address of the PPPoE
pppoe session mac-address H.H.H
session.
Adds a specific logical interface and enters
interface dialer dialer-number the configuration mode of the logical
interface.
ip address { negotiate | ip-addr
Configures the IP address acquisition mode.
subnet-mask }
Configuring Basic Functions
dialer pool number Associates a dialer pool.
of the PPPoE Client
encapsulation ppp Configures the encapsulation protocol PPP.
mtu 1488 Sets the MTU to 1488.
dialer-group dialer-group-number Associates a dialer triggering rule.
Configures the user name for CHAP
ppp chap hostname username
authentication.
Configures the password for CHAP
ppp chap password password
authentication.
ppp pap sent-username username Configures the user name and password for
password password PAP authentication.
dialer-list number protocol ip { permit |
Defines a dialer triggering rule.
deny | list access-list-number }
pppoe multi-dial enable Enables PPPoE client multi-dial function.

5.4.1 Configuring Basic Functions of the PPPoE Client

Networking
Requirements

 The device initiates PPPoE negotiation, and completes the negotiation process, protocol keepalive, and protocol
termination.

 The device obtains Internet access capability after the negotiation is complete, and starts to forward a data flow which is
routed to the dialer interface.

Notes

5-6
Configuration Guide Configuring PPPoE-CLIENT

 After the kernel module is uninstalled, users can still perform configuration management but negotiation and data flow
forwarding cannot be performed.

Configuration Steps

 Enabling the PPPoE Client Function

 The configuration is mandatory.

 Perform this configuration in Ethernet interface configuration mode.

 Enable the PPPoE client function.

 Binding a Logical Dialer Pool and Specifying the Dialing Mode

 The configuration is mandatory.

 Perform this configuration in Ethernet interface configuration mode.

 Bind the Ethernet interface to a specific logical dialer pool and specify the dialer mode.

 Configuring the MAC Address of the PPPoE Session

 The configuration is mandatory.

 Perform this configuration in Ethernet interface configuration mode.

 Specify the MAC address of the PPPoE session for subinterface dialing.

 Adding a Specific Logical Interface and Entering the Configuration Mode of the Logical Interface

 The configuration is mandatory.

 Perform this configuration in global configuration mode.

 Add a specific logical interface and enter its configuration mode.

 Configuring the Way of Acquiring the IP Address of the Logical Interface

 The configuration is mandatory.

 Perform this configuration in logical interface configuration mode.

 Configure the way of acquiring the IP address of the logical interface.

 Associating a Dialer Pool

 The configuration is mandatory.

 Perform this configuration in logical interface configuration mode.

 Associate the logical interface with a specific dialer pool.

 Configuring the Encapsulation Protocol

 The configuration is mandatory.

 Perform this configuration in logical interface configuration mode.

5-7
Configuration Guide Configuring PPPoE-CLIENT

 Configure the encapsulation protocol PPP on the logical interface.

 Configuring the MTU of the Logical Interface

 The configuration is mandatory.

 Perform this configuration in logical interface configuration mode.

 Set the MTU of the logical interface to 1488.

 Associating a Dialer Triggering Rule

 The configuration is mandatory.

 Perform this configuration in logical interface configuration mode.

 Associate a dialer triggering rule.

 Configuring the User Name for CHAP Authentication

 The configuration is mandatory.

 Perform this configuration in logical interface configuration mode.

 Configure the user name for CHAP authentication.

 Configuring the Password for CHAP Authentication

 The configuration is mandatory.

 Perform this configuration in logical interface configuration mode.

 Configure the password for CHAP authentication.

 Configuring the User Name and Password for PAP Authentication

 The configuration is mandatory.

 Perform this configuration in logical interface configuration mode.

 Configure the user name and password for PAP authentication.

 Defining a Dialer Triggering Rule

 The configuration is mandatory.

 Perform this configuration in global configuration mode.

 Define a dialer triggering rule.

 Defining PPPoE Client Multi-dial

 The configuration is optional.

 Perform this configuration in global configuration mode.

 With this function enabled, multiple channels of PPPoE dialup can be configured on a physical port.

 Verification

5-8
Configuration Guide Configuring PPPoE-CLIENT

 Check whether the dialer interface has acquired an IP address.

 Check whether a correct dialer interface route entry has been established on the device.

Related Commands

 Enabling the PPPoE Client Function

Command pppoe enable

Syntax
Parameter Descr N/A
iption
Command Mode Interface configuration mode
Configuration The interface on which the PPPoE client will be enabled must be a WAN Ethernet interface.
Usage

 Binding a Logical Dialer Pool and Specifying the Dialing Mode

Command pppoe-client dial-pool-number number no-ddr

Syntax
Parameter Descr number: number of the dialer pool
iption
Command Mode Interface configuration mode
Configuration The PPPoE client function must be enabled on the interface first.
Usage

 Configuring the MAC Address of the PPPoE Session

Command pppoe session mac-address H.H.H

Syntax
Parameter Descr H.H.H: MAC address
iption
Command Mode Interface configuration mode
Configuration The PPPoE client function must be enabled on the subinterface first.
Usage

 Adding a Specific Logical Interface and Entering its Configuration Mode

Command interface dialer dialer-number

Syntax
Parameter Descr dialer-number: interface number
iption
Command Mode Global configuration mode
Configuration N/A

5-9
Configuration Guide Configuring PPPoE-CLIENT

Usage

 Configuring the Way of Acquiring the IP Address of the Logical Interface

Command ip address { negotiate | ip-addr subnet-mask }

Syntax
Parameter Descr ip-addr: manually configured IP address
iption subnet-mask: manually configured subnet mask
Command Mode Interface configuration mode
Configuration If you select negotiate, the IP address of the dialer interface will be acquired through negotiation.
Usage If you manually specify the IP address of the dialer interface, the peer's consent is required during
negotiation for the device to work properly.

 Associating a Dialer Pool

Command dialer pool number

Syntax
Parameter Descr number: number of the dialer pool
iption
Command Mode Interface configuration mode
Configuration An Ethernet interface will be selected from the dialer pool as the dialer interface to perform dialing.
Usage

 Configuring the Encapsulation Protocol

Command encapsulation ppp

Syntax
Parameter Descr N/A
iption
Command Mode Interface configuration mode
Configuration N/A
Usage

 Configuring the MTU of the Logical Interface

Command mtu 1488

Syntax
Parameter Descr N/A
iption
Command Mode Interface configuration mode
Configuration Because Internet access is implemented through the PPPoE protocol, the L2 header of a packet is longer
Usage than that of a common Ethernet packet.

 Associating a Dialer Triggering Rule

5-10
Configuration Guide Configuring PPPoE-CLIENT

Command dialer-group dialer-group-number

Syntax
Parameter Descr dialer-group-number: number of the dialer triggering rule
iption
Command Mode Interface configuration mode
Configuration If the DDR mode is specified, the device will be triggered to perform dialing only when a packet meeting
Usage the rule is routed to the dialer interface.
If the no-DDR mode is specified, the configuration will not take effect on the device.

 Configuring the User Name for CHAP Authentication

Command ppp chap hostname username

Syntax
Parameter Descr username: user name
iption
Command Mode Interface configuration mode
Configuration N/A
Usage

 Configuring the Password for CHAP Authentication

Command ppp chap password password

Syntax
Parameter Descr password: password
iption
Command Mode Interface configuration mode
Configuration N/A
Usage

 Configuring the User Name and Password for PAP Authentication

Command ppp pap sent-username username password password

Syntax
Parameter Descr username: user name
iption password: password
Command Mode Interface configuration mode
Configuration N/A
Usage

 Defining a Dialer Triggering Rule

Command dialer-list number protocol ip{ permit | deny | list access-list-number }

Syntax
Parameter Descr access-list-number: ACL number

5-11
Configuration Guide Configuring PPPoE-CLIENT

iption
Command Mode Global configuration mode
Configuration N/A
Usage

 Enabling PPPoE Client Multi-dial

Command pppoe multi-dial enable

Syntax
Parameter Descr N/A
iption
Command Mode Global configuration mode
Configuration N/A
Usage

Configuration Example

The following configuration example describes configuration related to the PPPoE client only.

 In the ADSL scenario, enable the PPPoE client function and access the Internet through an ADSL line.

Scenario

Figure 5-2

Configuration
 Enable the PPPoE client function on the device, and add the interface Gi0/5 to the dialer pool.
Steps
A A# configure terminal
A(config)# interface GigabitEthernet 0/5
A(config-if)# pppoe enable
A(config-if)# pppoe-client dial-pool-number 1 no-ddr
A(config-if)# exit

5-12
Configuration Guide Configuring PPPoE-CLIENT

A(config)# interface dialer 1

A(config-if)# ip address negotiate
A(config-if)# mtu 1488
A(config-if)# encapsulation ppp
A(config-if)# ip nat outside
A(config-if)# dialer pool 1
A(config-if)# dialer-group 1
A(config-if)# ppp chap hostname pppoe
A(config-if)# ppp chap password pppoe
A(config-if)# ppp pap sent-username pppoe password pppoe
A(config-if)# exit
A(config)# access-list 1 permit any
A(config)# dialer-list 1 protocol ip permit
A(config)# ip nat inside source list 1 interface dialer 1
A(config)# ip route 0.0.0.0 0.0.0.0 dialer 1
A(config)# end
A#

Verification Run the show ip interface brief | in dialer 1 command to check whether the dialer interface has acquired
an IP address.
Run the show ip route command to check whether a correct dialer interface route entry has been
established.
A# show ip interface brief | in dialer 1
dialer 1 49.1.1.127/32 YES UP
A# show ip route

Codes: C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, dialer 1
C 10.10.3.0/24 is directly connected, GigabitEthernet 0/0
C 10.10.3.1/32 is local host.
C 10.202.172.1/32 is directly connected, dialer 1
C 49.1.1.127/32 is local host.

Common Errors

5-13
Configuration Guide Configuring PPPoE-CLIENT

 The negotiation fails because the user name or password is incorrect.

 Intranet hosts cannot access the Internet because NAT configuration is incorrect.

 Intranet hosts cannot access the Internet because route configuration is incorrect.

5.5 Monitoring

Clearing Various
Information

If you run the clear pppoe tunnel command while the device is operating, packet forwarding will be interrupted due to
tunnel clearance.

Function Command
Clears statistics about the DDR dialer clear dialer [ interface-type interface-number ]
interface.
Clears the tunnel. clear pppoe tunnel

Displaying the Running

Status

Function Command
Displays information about the DDR show dialer [ interface type number ] [ maps ] [ pool ]
dialer.
Displays PPPoE status information. show pppoe { ref | session | tunnel }

Displaying Debugging
Information

System resources are occupied when debugging information is output. Therefore, disable the debugging switch
immediately after use.

Command Function
debug dialer { pkt | mlp | callback | Enables the DDR debugging switch.
event }
debug ppp [ authentication | error | Enables the PPP negotiation debugging switch.
event | negotiation | packet ]
debug pppoe [ datas | errors | Enables the PPPoE negotiation debugging switch.
events | packets ]

5-14
Configuration Guide Configuring PPPoE Server

6 Configuring PPPoE Server

6.1 Overview

The point-to-point protocol over Ethernet (PPPoE) enables an Ethernet host to connect to a remote access concentrator (AC)
via a simple bridge. With PPPoE, the AC can control and charge each access user. Compared with traditional access modes,
PPPoE features a low cost-performance ratio, and therefore it is applied in different fields, such as community network
construction. At present, the popular broadband access mode ADSL is implemented using PPPoE.

PPPoE includes PPPoE client and PPPoE server. The PPPoE server is responsible for PPPoE connection requests,
enabling users to access extranets. At present, home broadband connection is implemented by connecting the PPPoE client
of a PC to the PPPoE server of an operator, realizing home Internet access.

Protocol Specifications

 RFC2516: A Method for Transmitting PPP Over Ethernet (PPPoE)

6.2 Applications

Application Description
Configuring Local Authentication of Enables the PPPoE server on the AC and performs local authentication using a
PPPoE Server specified username. The IP address of a PPPoE client is allocated by the PPPoE
server.
Configuring Remote Authentication Enables the PPPoE server on the AC and performs remote authentication through
of PPPoE Server AAA and RADIUS servers. The IP address of a PPPoE client is allocated by the
PPPoE server.

6.2.1 Configuring Local Authentication of PPPoE Server

Scenario

A PPPoE client is connected to a wireless network through a wireless network card. Enable the PPPoE server on the AC and
perform local authentication using a specified username. The IP address of the PPPoE client is allocated by the PPPoE
server.

Figure 6-1

6-1
Configuration Guide Configuring PPPoE Server

Deployment

 Enable the PPPoE server on the AC to implement server function for PPPoE dialup.

 Configure a username and password on the AC to implement identity authentication for PPPoE dialup.

 Configure a local IP address pool on the AC to allocate IP addresses to hosts after PPPoE dialup is successful.

 Enable the PPPoE client on the host to implement Internet access by dialup.

6.2.2 Configuring Remote Authentication of PPPoE Server

Scenario

A PPPoE client is connected to a wireless network through a wireless network card. Enable the PPPoE server on the AC and
perform remote authentication through AAA and RADIUS servers. The IP address of the PPPoE client is allocated by the
PPPoE server.

Figure 6-2

Deployment

 Enable the PPPoE server on the AC to implement server function for PPP dialup.

 Enable RADIUS authentication on the AC to implement RADIUS authentication for PPP users.

 Enable AAA authentication on the AC to implement AAA authentication for PPP users.

 Enable the PPPoE client on the host to implement Internet access by dialup.

6-2
Configuration Guide Configuring PPPoE Server

6.3 Features

Basic Concepts

 AC-Cookie Tag

An AC-cookie tag is used by the PPPoE server to prevent DoS attacks. The PPPoE server can encapsulate the tag in PADO
packets. After receiving the tag, the PPPoE client must encapsulate the tag in subsequent PADR packets. The tag value
(TAG_VALUE) is binary data of any length and indicating any value, which cannot be interpreted by the PPPoE client.

Overview

Feature Description
Local Authentication of Performs local authentication on the AC. The IP address of a PPPoE client is allocated from a
PPPoE Server local IP address pool.
Remote Authentication of Performs remote authentication through the AAA and RADIUS servers. The IP address of a
PPPoE Server PPPoE client is allocated by the RADIUS server.

6.3.1 Local Authentication of PPPoE Server

Local authentication is performed on the AC. The IP address of a PPPoE client is allocated from a local IP address pool.

Working Principle

PPPoE defines a model where multiple hosts connect to a remote AC (device that can complete such function is also
referred to as a broadband access server) on a broadcast network (for example, Ethernet). In such model, the hosts must be
capable of initializing their own PPP stack, so that the users can be charged and managed on the broadcast network based
on the characteristics of PPP. To create and maintain point-to-point relationship between each host and the AC, a unique
point-to-point session must be established between the host and AC.

PPPoE is composed of PPPoE Discovery Stage and PPPoE Session Stage. The session stage is equivalent to a PPP
communication procedure, and the main difference lies in the PPPoE header in the PPP packets. Finally, packets will be
encapsulated as Ethernet frames for transmission.

If a host expects to initiate a PPPoE session, the host will search for an AC on a broadcast network (in practice,
cross-network access may exist. For example, an ATM network exists, and therefore PPPoEOA packets are generated). If
there are multiple ACs on the network, the host will select an AC according to the service provided by the AC or user-defined
configuration. After selecting an AC, the host establishes a PPPoE session with the AC and the AC will allocate a unique ID
to the PPPoE session. During the session procedure, the host and AC (namely, the parties that create the point-to-point
connection, which is logical and different from that of PPP) exchange packets over PPP. Finally, the host and AC transmit
packets at the network layer through the point-to-point logical channel agreed on.

Related Configuration

 Configuring Loopback Interface

6-3
Configuration Guide Configuring PPPoE Server

No loopback interface is defined by default. With the loopback interface, the virtual template interface can borrow the IP
address of the loopback interface and replicate the IP address to the virtual access interface to complete PPP negotiation.

Run the interface loopback xxx command to create a loopback interface. The IP address can be in the format of A.B.C.D
A.B.C.D.

The loopback interface must be created and an IP address must be configured for the loopback interface. Otherwise, the
virtual template interface cannot borrow the IP address of the loopback interface.

 Configuring Username and Password

To complete PPP authentication, configure the username and password on the PPPoE server.

Run the username xxxx password xxxx command to configure the username and password.

If the PPPoE server uses AAA authentication, the username and password do not need to be configured.

 Configuring Local IP Address Pool

To allocate IP addresses to clients during PPP negotiation, configure a local IP address pool on the PPPoE server.

Run the ip local pool pool-name A.B.C.D A.B.C.D command to configure a local IP address pool.

If the PPPoE server allocates IP address through the authentication server, the local IP address pool does not need to be
configured.

 Configuring Virtual Template

No virtual template available for the PPPoE server is configured on the broadband access server by default. After the PPPoE
server is enabled, a virtual template interface must be created and relevant parameters must be configured for the interface,
so that the virtual access interface can replicate configuration from the virtual template interface after a session is created.

Run the interface virtual-template number command to create a virtual template and enter the virtual template
configuration mode.

In virtual template configuration mode, run the ip unnumbered loopback number command to borrow the IP address of the
loopback interface.

In virtual template configuration mode, run the ppp authentication {chap | pap } [list-name] command to configure the
authentication mode as CHAP or PAP. PPPoE supports CHAP and PAP authentication modes and can apply local or remote
authentication according to the network topology. If remote authentication is used, associate the virtual template with the
enabled user authentication list. For details, refer to the Configuring AAA.

In virtual template configuration mode, run the peer default ip address pool local command to allocate an IP address in the
local IP address pool to the PPPoE client.

A virtual template must be configured for the PPPoE server.

 Configuring bba-group

To complete the functions on the PPPoE server, the interface with the PPPoE server enabled must be associated with the
bba-group PPPoE dialup group. In the bba-group PPPoE dialup group, set the PPPoE server, connection limit, and virtual
template.

6-4
Configuration Guide Configuring PPPoE Server

Run the bba-group pppoe pppoe_group command to configure the bba-group.

Mandatory. In bba-group configuration mode, run the virtual-template number command to associate the virtual template.

Optional. In bba-group configuration mode, run the ac-cookie enable command to enable the AC cookie function.

Optional. In bba-group configuration mode, run the sessions local-mac limit count command to configure the maximum
number of sessions that a PPPoE client can initiate using one MAC address.

Optional. In bba-group configuration mode, run the sessions per-mac limit count command to configure the maximum
number of sessions that a PPPoE server can process using one MAC address.

Optional. In bba-group configuration mode, run the sessions max limit count command to configure the maximum number
of sessions that the AC can process.

 Enabling PPPoE Server on Interface

This section describes the general switch of the PPPoE server.

In interface configuration mode, run the pppoe-server enable group pppoe_group command to enable the PPPoE server
and associate the bba-group.

The PPPoE server is disabled on an interface by default.

6.3.2 Remote Authentication of PPPoE Server

Remote authentication is performed in conjunction with the AAA and RADIUS servers. The IP address of a PPPoE client is
allocated by the RADIUS server.

Working Principle

The working principle of remote authentication is similar to that of local authentication. The difference lies in that the
authentication data is sent by the PPPoE server to the AAA and RADIUS servers for joint authentication. Compared with
local authentication, remote authentication is implemented based on AAA, and therefore the username and password do not
need to be configured.

Related Configuration

The working procedure of remote authentication is similar to that of local authentication. Except the username and password,
other configurations are required.

 Associating Virtual Template with PPP User Authentication List

In global configuration mode, run the ppp authentication {chap | pap | ms-chap | ms-chap-v2} list-name command to
associate the virtual template with a PPP user authentication list. For details, refer to the PPP-SCG.

 Enabling AAA

In global configuration mode, run the aaa authentication ppp list-name group radius command to enable RADIUS
authentication for the PPP user list.

In global configuration mode, run the aaa new-model command to enable AAA authentication.

6-5
Configuration Guide Configuring PPPoE Server

For details, refer to the AAA-SCG.

 Configuring RADIUS Authentication

In global configuration mode, run the radius-server host ipv4-address command to configure a RADIUS server.

In global configuration mode, run the radius-server key [0 | 7] text-string command to configure a password for
communicating with the RADIUS server.

For details, refer to the AAA-SCG.

6.4 Configuration

Configuration Description and Command

(Mandatory) It is used to configure local authentication of PPPoE server. If remote

authentication is selected, except the username and password, other configurations are
required.

interface loopback number Configures a loopback interface.

Configures an IP address of the loopback
ip address A.B.C.D A.B.C.D
interface.
Configures the username and password. If
the PPPoE server uses AAA authentication,
username username password password
the username and password do not need to
be configured.
ip local pool pool-name A.B.C.D A.B.C.D Configures a local IP address pool.
interface virtual-template number Configures a virtual template.
Configuring Local
Borrows the IP address of the loopback
Authentication of PPPoE
interface. The configuration is performed in
Server ip unnumber loopback number
virtual template interface configuration
mode.
Configures the authentication mode as
CHAP or PAP. PPPoE supports CHAP and
PAP authentication modes and can apply
local or remote authentication according to
the network topology. If remote
ppp authentication {chap | pap | ms-chap |
authentication is used, associate the virtual
ms-chap-v2 }
template with the enabled user
authentication list. For details, refer to the
AAA-SCG. The configuration is performed in
virtual template interface configuration
mode.

6-6
Configuration Guide Configuring PPPoE Server

Configures the name of the IP address pool.

peer default ip address pool pool-name The configuration is performed in virtual
template interface configuration mode.
pppoe server enable Enables the PPPoE server function.
bba-group pppoe pppoe_group Configures a bba-group.
Associates the bba-group with the virtual
virtual-template number
template interface.
Enables the PPPoE server on the interface
that connects to a PPPoE client and
pppoe-server enable group pppoe_group
associates the PPPoE server with the
bba-group.

(Optional) It is used to configure remote authentication of PPPoE server.

aaa new-model Enables AAA.

aaa authentication ppp list-name group Enables RADIUS authentication for the PPP
Configuring Remote
radius user list.
Authentication of PPPoE
ppp authentication { chap | pap } Associates the virtual template with a PPP
Server
[ list-name ] user authentication list.
radius-server host ipv4-address Configures a RADIUS server.
Configures a password for RADIUS
radius-server key [ 0 | 7 ] text-string
authentication.

6.4.1 Configuring Local Authentication of PPPoE Server

Configuration Effect

Perform local authentication on a PPPoE client using a specified username. The IP address of the PPPoE client is allocated
by the PPPoE server.

Notes

N/A

Configuration Steps

 Configuring Loopback Interface

 Mandatory.

 Users can configure a L3 interface as well, but a loopback interface will be always up after an IP address is configured
for it.

 Configuring Username and Password

 Configure the username and password if local authentication is used. The configuration is not required if AAA
authentication is used.

6-7
Configuration Guide Configuring PPPoE Server

 Configuring Local IP Address Pool

 Mandatory.

 Generally, set the range of an IP address pool to be consistent with the network segment of the loopback interface to
save route configuration.

 Configuring Virtual Template

 Mandatory.

 Associate the virtual template with the enabled user authentication list if remote authentication is used. For details, refer
to the Configuring AAA.

 In bba-group configuration mode or global configuration mode, configure the virtual template interface.

 Enabling PPPoE Server

 Mandatory.

 Configuring bba-group

 Mandatory. Associate the bba-group with the virtual template interface.

 Enabling PPPoE Server and Associating with bba-group

 Mandatory. Associate the PPPoE server with the bba-group.

 Configure the bba-group in interface configuration mode, for example, on the interface of VLAN 1.

Verification

Verify that the Internet can be accessed using a PPPoE client by dialup.

Related Commands

 Creating Loopback Interface

Command interface loopback number

Parameter De number: Indicates the ID of a new loopback interface.
scription
Command Global configuration mode
Mode
Usage Guide N/A

 Configuring IP Address of Loopback Interface

Command ip address A.B.C.D A.B.C.D

Parameter De A.B.C.D A.B.C.D: Indicates an IP address.
scription
Command Interface configuration mode
Mode

6-8
Configuration Guide Configuring PPPoE Server

Usage Guide N/A

 Configuring Username and Password

Command username username password password

Parameter De username: Indicates a username.
scription password: Indicates a password.
Command Global configuration mode
Mode
Usage Guide If the PPPoE server uses AAA authentication, the username and password do not need to be configured.

 Creating Local IP Address Pool

Command ip local pool pool-name A.B.C.D A.B.C.D

Parameter De pool-name: Indicates an IP address pool.
scription A.B.C.D A.B.C.D: Indicates the range of IP addresses.
Command Global configuration mode
Mode
Usage Guide N/A

 Creating Virtual Template

Command interface virtual-template number

Parameter De number: Indicates the ID of a new virtual template.
scription
Command Global configuration mode
Mode
Usage Guide N/A

 Borrowing IP Address of Loopback Interface

Command ip unnumbered loopback number

Parameter De number: Indicates the ID of a new loopback interface.
scription
Command Virtual template configuration mode
Mode
Usage Guide N/A

 Configuring Authentication Mode as CHAP or PAP

Command ppp authentication {chap | pap } [list-name]

Parameter De list-name: Indicates an authentication list. Generally, this list is used during AAA authentication.
scription
Command Virtual template configuration mode
Mode
Usage Guide PPPoE supports CHAP and PAP authentication modes and can apply local or remote authentication

6-9
Configuration Guide Configuring PPPoE Server

according to the network topology. If remote authentication is used, associate the virtual template with the
enabled user authentication list. For details, refer to the AAA-SCG.

 Configuring Name of IP Address Pool

Command peer default ip address pool pool-name

Parameter De pool-name: Indicates an IP address pool.
scription
Command Virtual template configuration mode
Mode
Usage Guide N/A

 Creating bba-group

Command bba-group pppoe group-name

Parameter De group-name: Indicates a bba-group.
scription
Command Global configuration mode
Mode
Usage Guide N/A

 Associating bba-group with Virtual Template

Command virtual-template number

Parameter De number: Indicates the ID of a virtual template.
scription
Command bba-group mode
Mode
Usage Guide N/A

 Enabling PPPoE Server

Command pppoe-server enable group bba-group

Parameter De bba-group: Indicates the name of a virtual bba-group.
scription
Command Interface configuration mode
Mode
Usage Guide Enable the PPPoE server on the interface that connects to a PPPoE client and associate the PPPoE
server with the bba-group.

Configuration Example

 Configuring Local Authentication of PPPoE Server

6-10
Configuration Guide Configuring PPPoE Server

Scenario
Figure 6-3

Configuration  Configure local authentication on the PPPoE server.

Steps  Connect a PPPoE client to the AC using a wireless network card by PPPoE.
PPPoE # Configuring a username and a password.
Server Ruijie#conf
Ruijie(config)#username ruijie password ruijie
Ruijie(config)#end
Ruijie#

# Configuring a local IP address pool.

Ruijie#conf
Ruijie(config)#ip local pool pppoe 1.2.3.4 1.2.3.254
Ruijie(config)#end
Ruijie#

# Note: The following configuration items do not impose requirements on the configuration order.

# Enabling the PPPoE server.

Ruijie#conf
Ruijie(config)#pppoe-server enable

# Configuring a bba-group.
Ruijie#conf
Ruijie(config)#bba-group pppoe pppoe1
Ruijie(config-bba-group)#virtual-template 2
Ruijie(config-bba-group)#exit
Ruijie(config)#end
Ruijie#

# Configuring a loopback interface.

Ruijie#conf
Ruijie(config)#int loopback 1
Ruijie(config-if-Loopback 1)#ip address 1.2.3.1 24

6-11
Configuration Guide Configuring PPPoE Server

Ruijie(config-if-Loopback 1)#end
Ruijie#

# Configuring a virtual template.

Ruijie#conf
Ruijie(config)#int virtual-template 2
Ruijie(config-if-Virtual-Template 2)#ip unnumbered loopback 1
Ruijie(config-if-Virtual-Template 2)#ppp authentication pap chap
Ruijie(config-if-Virtual-Template 2)#peer default ip address pool pppoe
Ruijie(config-if-Virtual-Template 2)#end
Ruijie#

# Enabling the PPPoE server.

Ruijie#conf
Ruijie(config)#int gigabitethernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#pppoe-server enable group pppoe1
Ruijie(config-if-GigabitEthernet 0/1)#end
Ruijie#
Ruijie#
PPPoE Client Ensure that the PC has been installed with a wireless network card drive of corresponding model and search
for the SSID configured on the PPPoE server. Configure the SSID as a preferred network.
1. Choose My Network Places > View Network Connections and create a new connection.
2. Click Next and select Connect to the Internet (C).
3. Select Manually Set My Connection (M).
4. Select Use Specified Username and Password for Broadband Connection (U).
5. Enter the ISP name ruijie_1.
6. Enter the username and password provided by the PPPoE server. In this example, the username and
password are both Ruijie.
7. Click Next, OK, and Connect to connect to the AC over PPPoE.

Verification  Run the show pppoe session command on the PPPoE server to display the connection status.
 Connect to the Internet using a PPPoE client by dialup.
PPPoE server Ruijie#show pppoe-server session
# The information about the PPPoE server is displayed as follows:

Sid State intf external-vid inner-vid Peer

LocalMAC RemoteMAC online time
20 STATE_SESSION virtual-access 5091 1 0 7.7.7.2
00:D0:F8:22:12:81 08:FB:0A:B0:48:AF 0 day(s) 15:16:31

PPPOE Server current sessions count : 1

6-12
Configuration Guide Configuring PPPoE Server

PPPoE client The PC is successfully connected to the Internet.

6.4.2 Configuring Remote Authentication of PPPoE Server

Configuration Effect

 Complete remote authentication using a PPPoE client in conjunction with the AAA and RADIUS servers.

Notes

 Except the username and password, other basic information of the PPPoE server must be configured.

Configuration Steps

 Enabling AAA

 Mandatory.

 Enable the AAA function in global configuration mode.

 Enabling RADIUS Authentication for PPP User List

 Mandatory.

 Associating Virtual Template with PPP User Authentication List

 Mandatory.

 Specify an authentication mode or list.

 Associate the virtual template with the PPP user authentication list in virtual template interface configuration mode.

 Configuring RADIUS Authentication

 Mandatory.

 Configure the IP address and password of the RADIUS server.

Verification

Connect to the Internet using a PPPoE client by dialup.

Related Commands

 Enabling AAA

Command aaa new-model

Parameter De N/A
scription
Command Global configuration mode
Mode
Usage Guide N/A

6-13
Configuration Guide Configuring PPPoE Server

 Enabling RADIUS Authentication for PPP User List

Command aaa authentication ppp list-name group radius

Parameter De list-name: Indicates a PPP user authentication list.
scription
Command Global configuration mode
Mode
Usage Guide N/A

 Associating Virtual Template with PPP User Authentication List

Command ppp authentication {chap | pap } list-name

Parameter De chap: Indicates the authentication mode CHAP.
scription pap: Indicates the authentication mode PAP.
list-name: Indicates a PPP user authentication list.
Command Virtual template configuration mode
Mode
Usage Guide N/A

 Configuring RADIUS Server

Command radius-server host ipv4-address

Parameter De ipv4-address: Indicates the IP address of a RADIUS server.
scription
Command Global configuration mode
Mode
Usage Guide To implement AAA security service, define one or multiple RADIUS servers by running the radius-server
host command.

 Configuring Password for Communicating with RADIUS Server

Command radius-server key [0 | 7] text-string

Parameter De text-string: Indicates text of a password.
scription 0 | 7: Indicates an encryption type of the password. 0 indicates no encryption, and 7 indicates simple
encryption.
Command Global configuration mode
Mode
Usage Guide The password lays a foundation for communication between the AC and RADIUS server. To ensure the
communication, configure the same password on the AC and RADIUS server.

Configuration Example

 Configuring Remote Authentication of PPPoE Server

6-14
Configuration Guide Configuring PPPoE Server

Scenario
Figure 6-4

Configuration  Configure basic functions of the PPPoE server.

Steps  Configure AAA and RADIUS servers.
PPPoE server # Note: The following configuration items do not impose requirements on the configuration order.

# Enabling AAA.
Ruijie#conf
Ruijie(config)#aaa new-model
Ruijie(config)#exit
Ruijie#
# Enabling RADIUS authentication for the PPP user list.
Ruijie#conf
Ruijie(config)#aaa authentication ppp default group radius
Ruijie(config)#exit
Ruijie#

# Configuring the IP address and password of the RADIUS server.

Ruijie#conf
Ruijie(config)#radius-server host 192.168.23.71
Ruijie(config)#radius-server key ruijie
Ruijie(config)#end
Ruijie#

# Configuring a local IP address pool.

Ruijie#conf
Ruijie(config)#ip local pool pppoe 1.2.3.4 1.2.3.254
Ruijie(config)#end
Ruijie#

# Enabling the PPPoE server.

Ruijie#conf
Ruijie(config)#pppoe-server enable

# Configuring a bba-group.

6-15
Configuration Guide Configuring PPPoE Server

Ruijie#conf
Ruijie(config)#bba-group pppoe pppoe1
Ruijie(config-bba-group)#virtual-template 2
Ruijie(config-bba-group)#exit
Ruijie(config)#end
Ruijie#

# Configuring a loopback interface.

Ruijie#conf
Ruijie(config)#int loopback 1
Ruijie(config-if-Loopback 1)#ip address 1.2.3.1 24
Ruijie(config-if-Loopback 1)#end
Ruijie#

# Configuring a virtual template.

Ruijie#conf
Ruijie(config)#int virtual-template 2
Ruijie(config-if-Virtual-Template 2)#ip unnumbered loopback 1
Ruijie(config-if-Virtual-Template 2)#ppp authentication pap chap
Ruijie(config-if-Virtual-Template 2)#peer default ip address pool pppoe
Ruijie(config-if-Virtual-Template 2)#end
Ruijie#

# Enabling the PPPoE server.

Ruijie#conf
Ruijie(config)#int gigabitethernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)#pppoe-server enable group pppoe1
Ruijie(config-if-GigabitEthernet 0/1)#end
Ruijie#
Ruijie#

PPPoE client For details, refer to the configurations for local authentication.
Verification  Run the show pppoe-server session command on the PPPoE server to display the connection
status.
 Connect to the Internet using a PPPoE client by dialup.
PPPoE server Ruijie#show pppoe-server session
# The information about the PPPoE server is displayed as follows:

Sid State intf external-vid inner-vid Peer

LocalMAC RemoteMAC online time

6-16
Configuration Guide Configuring PPPoE Server

20 STATE_SESSION virtual-access 5091 1 0 7.7.7.2

00:D0:F8:22:12:81 08:FB:0A:B0:48:AF 0 day(s) 15:16:31

PPPOE Server current sessions count : 1

PPPoE client The PC is successfully connected to the Internet.

6.5 Monitoring

Clearing

Running the clear commands may lose vital information and thus interrupt services.

Description Command
Clears all PPPoE tunnels of the system. clear pppoe-server tunnel
Clears the PPPoE tunnels with specified session
clear pppoe-server tunnel session-id id
IDs.

Displaying

Description Command
Displays all session information and forwarding plane information of
the system.
show pppoe-server { tunnel | session | ref }
Note: The tunnel information is consistent with the session
information.

Debugging

System resources are occupied when debugging information is output. Therefore, disable the debugging switch
immediately after use.

Description Command
Debugs the switch of PPPoE session packets. debug pppoe datas
Debugs the output switch of PPPoE exception information. debug pppoe errors
Debugs the switch of PPPoE negotiation. debug pppoe events
Debugs the switch of PPPoE negotiation packets. debug pppoe packets
Debugs the PPP LCP and IPCP negotiation switches. debug ppp negotiation
Debugs the negotiation switch of PPP authentication. debug ppp authentication
Debugs the error information switch throughout the PPP
debug ppp error
negotiation stage.

6-17
Configuration Guide Configuring Aggregated Port

7 Configuring Aggregated Port

7.1 Overview

An aggregated port (AP) is used to bundle multiple physical links into one logical link to increase the link bandwidth and
improve connection reliability.

An AP port supports load balancing, namely, distributes load evenly among member links. Besides, an AP port realizes link
backup. When a member link of the AP port is disconnected, the load carried by the link is automatically allocated to other
functional member links. A member link does not forward broadcast or multicast packets to other member links.

For example, the link between two devices supports a maximum bandwidth of 1,000 Mbps. When the service traffic carried
by the link exceeds 1,000 Mbps, the traffic in excess will be discarded. Port aggregation can be used to solve the problem.
For example, you can connect the two devices with network cables and combine multiple links to form a logical link capable
of multiples of 1,000 Mbps.

For example, there are two devices connected by a network cable. When the link between the two ports of the devices is
disconnected, the services carried by the link will be interrupted. After the connected ports are aggregated, the services will
not be affected as long as one link remains connected.

Protocols and Standards

 IEEE 802.3ad

7.2 Applications

Applications Description
AP Link Aggregation and Load A large number of packets are transmitted between an aggregation device and a core
Balancing device, which requires a greater bandwidth. To meet this requirement, you can bundle
the physical links between the devices into one logical link to increase the link
bandwidth, and configure a proper load balancing algorithm to distribute the work load
evenly to each physical link, thus improving bandwidth utilization.

7.2.1 AP Link Aggregation and Load Balancing

Scenario

In Figure 7-1, the switch communicates with the router through an AP port. All the devices on the intranet (such as the two
PCs on the left) use the router as a gateway. All the devices on the extranet (such as the two PCs on the right) send packets
to the internet devices through the router, with the gateway’s MAC address as its source MAC address. To distribute the load
between the router and other hosts to other links, configure destination MAC address-based load balancing. On the switch,
configure source MAC address-based load balancing.

Figure 7-1 AP Link Aggregation and Load Balancing

7-18
Configuration Guide Configuring Aggregated Port

Deployment

 Configure the directly connected ports between the switch and router as a static AP port or a Link Aggregation Control
Protocol AP port.

 On the switch, configure a source MAC address-based load balancing algorithm.

 On the router, configure a destination MAC address-based load balancing algorithm.

7.3 Features

Basic Concepts

 Static AP

The static AP mode is an aggregation mode in which physical ports are directly added to an AP aggregation group through
manual configuration to allow the physical ports to forward packets when the ports are proper in link state and protocol state.

An AP port in static AP mode is called a static AP, and its member ports are called static AP member ports.

 AP Member Port State

There are two kinds of AP member port state available:

 When a member port is Down, the port cannot forward packets. The Down state is displayed.

 When a member port is Up and the link protocol is ready, the port can forward packets. The Up state is displayed.

Overview

Overview Description
Link Aggregation Aggregates physical links statically or dynamically to realize bandwidth extension and link backup.
Load Balancing Balances the load within an aggregation group flexibly by using different load balancing methods.

7.3.1 Link Aggregation

Working Principle

 Static AP

7-19
Configuration Guide Configuring Aggregated Port

The static AP configuration is simple. Run a command to add the specified physical port to the AP port. After joining the
aggregation group, a member port can receive and transmit data and participate in load balancing within the group.

7.3.2 Load Balancing

Working Principle

AP ports segregate packet flows by using load balancing algorithms based on packet features, such as the source and
destination MAC addresses, source and destination IP addresses, and Layer-4 source and destination port numbers. The
packet flow with the consistent feature is transmitted by one member link, and different packet flows are evenly distributed to
member links. For example, in source MAC address-based load balancing, packets are distributed to the member links
based on the source MAC addresses of the packets. Packets with different source MAC addresses are evenly distributed to
member links. Packets with the identical source MAC address are forwarded by one member link.

Currently, there are several AP load balancing modes as follows:

 Source MAC address or destination MAC address

 Source MAC address + destination MAC address

 Source IP address or destination IP address

 Source IP address + destination IP address

 Layer-4 source port number or Layer-4 destination port number

 Layer-4 source port number + Layer-4 destination port number

 Source IP address + Layer-4 source port number

 Source IP address + Layer-4 destination port number

 Destination IP address + Layer-4 source port number

 Destination IP address + Layer-4 destination port number

 Source IP address + Layer-4 source port number + Layer-4 destination port number

 Destination IP address + Layer-4 source port number + Layer-4 destination port number

 Source IP address + destination IP address + Layer-4 source port number

 Source IP address + destination IP address + Layer-4 destination port number

 Source IP address + destination IP address + Layer-4 source port number + Layer-4 destination port number

 Panel port for incoming packets

Load balancing based on IP addresses or port numbers is applicable only to Layer-3 packets. When a device
enabled with this load balancing method receives Layer-2 packets, it automatically switches to the default load
balancing method.

All the load balancing methods use a load algorithm (hash algorithm) to calculate the member links based on the input
parameters of the methods. The input parameters include the source MAC address, destination MAC address, source
MAC address + destination MAC address, source IP address, destination IP address, source IP address + destination

7-20
Configuration Guide Configuring Aggregated Port

IP addresses, source IP address + destination IP address + Layer-4 port number and so on. The algorithm ensures that
packets with different input parameters are evenly distributed to member links. It does not indicate that these packets
are always distributed to different member links. For example, in IP address-based load balancing, two packets with
different source and destination IP addresses may be distributed to the same member link through calculation.

Different products may support different load balancing algorithms.

7.4 Configuration

Configuration Description and Command

(Mandatory) It is used to configure link aggregation manually.

Configuring Static AP Ports
interface aggregateport Creates an Ethernet AP port.

(Optional) It is used to enable LinkTrap.

Enabling LinkTrap
aggregateport member linktrap Enables LinkTrap t for AP member ports.

(Optional) It is used to configure a load balancing mode for an aggregated link.

Configuring a Load Balancing
Mode Configures a load balancing algorithm for an AP
aggregateport load-balance
port or AP member ports.

7.4.1 Configuring Static AP Ports

Configuration Effect

 Configure multiple physical ports as AP member ports to realize link aggregation.

 The bandwidth of the aggregation link is equal to the sum of the member link bandwidths.

 When a member link of the AP port is disconnected, the load carried by the link is automatically allocated to other
functional member links.

Notes

 Only physical ports can be added to an AP port.

 The ports of different media types or port modes cannot be added to the same AP port.

 Layer-2 ports can be added to only a Layer-2 AP port, and Layer-3 ports can be added to only a Layer-3 AP port. The
Layer-2/3 attributes of an AP port that contains member ports cannot be modified.

 After a port is added to an AP port, the attributes of the port are replaced by those of the AP port.

 After a port is removed from an AP port, the attributes of the port are restored.

After a port is added to an AP port, the attributes of the port are consistent with those of the AP port. Therefore, do not
perform configuration on the AP member ports or apply configuration to a specific AP member port. However, some
configurations (the shutdown and no shutdown commands) can be configured on AP member ports. When you use

7-21
Configuration Guide Configuring Aggregated Port

AP member ports, check whether the function that you want to configure can take effect on a specific AP member port,
and perform this configuration properly.

Configuration Steps

 Creating an Ethernet AP Port

 Mandatory.

 Perform this configuration on an AP-enabled device.

Command interface aggregateport ap-number

Parameter ap-number: Indicates the number of an AP port.
Description
Defaults By default, no AP port is created.
Command Global configuration mode
Mode
Usage Guide To create an Ethernet AP port, run interfaces aggregateport in global configuration mode. To delete the
specified Ethernet AP port, run no interfaces aggregateport ap-number in global configuration mode.

Run port-group to add a physical port to a static AP port in interface configuration mode. If the AP port does not exist,
it will be created automatically.

 Configuring Static AP Member Ports

 Mandatory.

 Perform this configuration on AP-enabled devices.

Command port-group ap-number

Parameter port-group ap-number: Indicates the number of an AP port.
Description
Defaults By default, no ports are added to any static AP port.
Command Mode Interface configuration mode of the specified Ethernet port
Usage Guide To add member ports to an AP port, run port-group in interface configuration mode. To remove
member ports from an AP port, run no port-group in interface configuration mode.

The static AP member ports configured on the devices at both ends of a link must be consistent.

After a member port exits the AP port, the default settings of the member port are restored. Different functions deal with
the default settings of the member ports differently. It is recommended that you check and confirm the port settings after
a member port exits an AP port.

After a member port exits an AP port, the port is disabled by using the shutdown command to avoid loops. After you
confirm that the topology is normal, run no shutdown in interface configuration mode to enable the port again.

 Creating an Ethernet AP Subinterface

 Optional.

7-22
Configuration Guide Configuring Aggregated Port

 On a device that supports subinterface configuration, run interface aggregateport sub-ap-number to create a
subinterface.

 Perform this configuration on AP-enabled devices that support Layer-2 and Layer-3 features, such as Layer-3 switches.

Command interface aggregateport sub-ap-number

Parameter sub-ap-number: Indicates the number of an AP subinterface.
Description
Defaults By default, no subinterfaces are created.
Command Mode Interface configuration mode of the specified AP port
Usage Guide You need to convert the master port of the AP port to a Layer-3 port before creating a subinterface.

Verification

 Run show running to display the configuration.

 Run show aggregateport summary to display the AP configuration.

Command show aggregateport aggregate-port-number { load-balance | summary }

Parameter aggregate-port-number: Indicates the number of an AP port.
Description load-balance: Displays the load balancing algorithm.
summary: Displays the summary of each link.
Command Mode Any mode
Usage Guide The information on all AP ports is displayed if you do not specify the AP port number.

Ruijie# show aggregateport 1 summary

AggregatePort MaxPorts Ports

------------- --------------- ------------------------

Ag1 8 Gi0/2

Configuration Example

 Configuring an Ethernet Static AP Port

Scenario

Figure 7-2

Configuration  Add the GigabitEthernet 1/1 and GigabitEthernet 1/2 ports on Device A to static AP port 3.
Steps  Add the GigabitEthernet 2/1 and GigabitEthernet 2/2 ports on Device B to static AP port 3.
Device A
DeviceA# configure terminal

7-23
Configuration Guide Configuring Aggregated Port

DeviceA(config)# interface range GigabitEthernet 1/1-2

DeviceA(config-if-range)# port-group 3

Device B
DeviceB# configure terminal

DeviceB(config)# interface range GigabitEthernet 2/1-2

DeviceB(config-if-range)# port-group 3

Verification  Run show aggregateport summary to check whether AP port 3 contains member ports
GigabitEthernet 1/1 and GigabitEthernet 1/2.
Device A
DeviceA# show aggregateport summary

AggregatePort MaxPorts Ports

------------- --------------- ------------------------

Ag3 8 Gi1/1,Gi1/2

Device B
DeviceB# show aggregateport summary

AggregatePort MaxPorts Ports

------------- --------------- ------------------------

Ag3 8 Gi2/1,Gi2/2

7-24
Configuration Guide Configuring Aggregated Port

7.4.2 Enabling LinkTrap

Configuration Effect

Enable the system with LinkTrap to send LinkTrap messages when aggregation links are changed.

Configuration Steps

 Enabling LinkTrap for AP Member Ports

 Optional.

 By default, LinkTrap is disabled for AP member ports.

 Perform this configuration on AP-enabled devices.

Command aggregateport member linktrap

Parameter N/A
Description
Defaults By default, LinkTrap is disabled for AP member ports.
Command Global configuration mode
Mode
Usage Guide Use this command in global configuration mode to enable LinkTrap for all AP member ports. By default,
LinkTrap messages are not sent when the link state of AP member ports is changed. To disable LinkTrap for
all AP member ports, run no aggregateport member linktrap in global configuration mode.

Verification

 Run show running to display the configuration.

 After LinkTrap is enabled, you can monitor this feature on AP ports or their member ports by using the MIB software.

Configuration Example

 Enabling LinkTrap for AP Member Ports

Scenario

Figure 7-3

Configuration  Add the GigabitEthernet 1/1 and GigabitEthernet 1/2 ports on Device A to static AP port 3.
Steps  Add the GigabitEthernet 2/1 and GigabitEthernet 2/2 ports on Device B to static AP port 3.
 On Device A, disable LinkTrap for AP port 3 and enable LinkTrap for its member ports.
 On Device B, disable LinkTrap for AP port 3 and enable LinkTrap its AP member ports.

7-25
Configuration Guide Configuring Aggregated Port

Device A
DeviceA# configure terminal

DeviceA(config)# interface range GigabitEthernet 1/1-2

DeviceA(config-if-range)# port-group 3

DeviceA(config-if-range)# exit

DeviceA(config)# aggregateport member linktrap

DeviceA(config)# interface Aggregateport 3

DeviceA(config-if-AggregatePort 3)# no snmp trap link-status

Device B
DeviceB# configure terminal

DeviceB(config)# interface range GigabitEthernet 2/1-2

DeviceB(config-if-range)# port-group 3

DeviceB(config-if-range)# exit

DeviceB(config)# aggregateport member linktrap

DeviceB(config)# interface Aggregateport 3

DeviceB(config-if-AggregatePort 3)# no snmp trap link-status

Verification  Run show running to check whether LinkTrap is enabled for AP port 3 and its member ports.
Device A
DeviceA# show run | include AggregatePort 3

Building configuration...

Current configuration: 54 bytes

interface AggregatePort 3

no snmp trap link-status

DeviceA# show run | include AggregatePort

aggregateport member linktrap

Device B
DeviceB# show run | include AggregatePort 3

Building configuration...

Current configuration: 54 bytes

interface AggregatePort 3

no snmp trap link-status

DeviceB# show run | include AggregatePort

aggregateport member linktrap

7-26
Configuration Guide Configuring Aggregated Port

7.4.3 Configuring a Load Balancing Mode

Configuration Effect

The system distributes incoming packets among member links by using the specified load balancing algorithm. The packet
flow with the consistent feature is transmitted by one member link, whereas different packet flows are evenly distributed to
various links. A device enabled with enhanced load balancing first determines the type of packets to be transmitted and
performs load balancing based on the specified fields in the packets. For example, the AP port performs source IP-based
load balancing on the packets containing an ever-changing source IPv4 address.

Notes

 N/A

Configuration Steps

 Configuring the Global Load Balancing Algorithm of an AP port

 (Optional) Perform this configuration when you need to optimize load balancing.

 Perform this configuration on AP-enabled devices.

Command aggregateport load-balance { dst-mac | src-mac | src-dst-mac | dst-ip | src-ip | src-dst-ip |

src-dst-ip-l4port | src- l4port | dst-l4port | src-dst-l4port | src-ip-src-l4port | src-ip-dst-l4port |
dst-ip-src-l4port | dst-ip-dst-l4port | src-ip-src-dst-l4port | dst-ip-src-dst-l4port | src-dst-ip-src-l4port |
src-dst-ip-dst-l4port }
Parameter dst-mac: Indicates that load is distributed based on the destination MAC addresses of incoming packets.
Description src-mac: Indicates that load is distributed based on the source MAC addresses of incoming packets.
src-dst-ip: Indicates that load is distributed based on source and destination IP addresses of incoming
packets.
dst-ip: Indicates that load is distributed based on the destination IP addresses of incoming packets.
src-ip: Indicates that load is distributed based on the source IP addresses of incoming packets.
src-dst-mac: Indicates that load is distributed based on source and destination MAC addresses of incoming
packets.
src-dst-ip-l4port: Indicates that load is distributed based on source IP and destination IP addresses as well
as Layer-4 source and destination port numbers.
src- l4port: Indicates that load is distributed based on Layer-4 source port numbers.
dst- l4port: Indicates that load is distributed based on Layer-4 destination port numbers.
src-dst-l4port: Indicates that load is distributed based on Layer-4 source and destination port numbers.
src-ip-src-l4port: Indicates that load is distributed based on source IP addresses and Layer-4 source port
numbers.
src-ip-dst-l4port: Indicates that load is distributed based on source IP addresses and Layer-4 destination
port numbers.
dst-ip-src-l4port: Indicates that load is distributed based on destination IP addresses and Layer-4 source
port numbers.
dst-ip-dst-l4port: Indicates that load is distributed based on destination IP addresses and Layer-4

7-27
Configuration Guide Configuring Aggregated Port

destination port numbers.

src-ip-src-dst-l4port: Indicates that load is distributed based on source IP addresses as well as Layer-4
source and destination port numbers.
dst-ip-src-dst-l4port: Indicates that load is distributed based on destination IP addresses as well as
Layer-4 source and destination port numbers.
src-dst-ip-src-l4port: Indicates that load is distributed based on source and destination IP addresses
as well as Layer-4 source port numbers.
src-dst-ip-dst-l4port: Indicates that load is distributed based on source and destination IP addresses
as well as Layer-4 destination port numbers.
Defaults Load balancing can be based on source and destination MAC addresses, source and destination IP
addresses (applicable to gateways), or the profile of enhanced load balancing.
Command Global configuration mode
Mode
Usage Guide To restore the default settings, run no aggregateport load-balance in global configuration mode.
You can run aggregateport load-balance in interface configuration mode of an AP port on devices that
support load balancing configuration on a specific AP port. The configuration in interface configuration mode
prevails. To disable the load balancing algorithm, run no aggregateport load-balance in interface
configuration mode of the AP port. After that, the load balancing algorithm configured in global configuration
mode takes effect.

You can run aggregateport load-balance in interface configuration mode of an AP port on devices
that support load balancing configuration on a specific AP port.

Configuration Example

 Configuring a Load Balancing Mode

Scenario

Figure 7-4

Configuration  Add the GigabitEthernet 1/1 and GigabitEthernet 1/2 ports on Device A to static AP port 3.
Steps  Add the GigabitEthernet 2/1 and GigabitEthernet 2/2 ports on Device B to static AP port 3.
 On Device A, configure source MAC address-based load balancing for AP port 3 in global configuration
mode.
 On Device B, configure destination MAC address-based load balancing for AP port 3 in global
configuration mode.

7-28
Configuration Guide Configuring Aggregated Port

Device A
DeviceA# configure terminal

DeviceA(config)# interface range GigabitEthernet 1/1-2

DeviceA(config-if-range)# port-group 3

DeviceA(config-if-range)# exit

DeviceA(config)# aggregateport load-balance src-mac

Device B
DeviceB# configure terminal

DeviceB(config)# interface range GigabitEthernet 2/1-2

DeviceB(config-if-range)# port-group 3

DeviceB(config-if-range)# exit

DeviceB(config)# aggregateport load-balance dst-mac

Verification  Run show aggregateport load-balance to check the load balancing algorithm configuration.
Device A
DeviceA# show aggregatePort load-balance

Load-balance : Source MAC

Device B
DeviceB# show aggregatePort load-balance

Load-balance : Destination MAC

7.5 Monitoring

Displaying

Description Command
Displays the summary or load show aggregateport { load-balance | [ ap-number ] summary }
balancing algorithm of an AP port.

Debugging

System resources are occupied when debugging information is output. Therefore, disable debugging immediately after
use.

Description Command
Debugs an AP port. debug lsm ap

7-29
Configuration Guide Configuring VLAN-TERMINAL

8 Configuring VLAN-TERMINAL

8.1 Overview

VLAN-TERMINAL accomplishes the one-armed router function. It is generally used in the hotel scenario, in which one VLAN
is configured for each guest. When no sub port is configured, the traffic of each VLAN can be transmitted and received via a
designated LAN port. Alternatively, traffic of the VLAN with a designed VID or in a designated VID segment can be
transmitted and received via the same LAN port.

VLAN-TERMINAL facilitates network management and saves IP address resources. With fewer routers, network
maintenance becomes convenient. Because VLAN IP addresses are in same network segment, workload caused by an
increase or change of IP addresses decreases.

8.2 Applications

Application Description
Deploying Egress Gateway Deploys the VLAN-TERMINAL function on the egress gateway.

8.2.1 Deploying Egress Gateway

Scenario

In the hotel scenario, only one LAN port (physical port) on the egress gateway is connected to the switch. One VLAN is
configured for each room. The switch does not provide the super VLAN function, and the mirroring port of the switch is
connected to the network monitoring product that monitors each VLAN.

8-30
Configuration Guide Configuring VLAN-TERMINAL

Figure 8–1 Typical Egress Gateway Application in Hotel Scenario

Operator A Operator B

Fiber

Remarks A: egress gateway

B: core switch
C: switch
D: client in the hotel room
F: network monitoring product

Deployment

1. Basic NAT: Implement basic network address translation (NAT) to ensure that clients access the Internet normally.
2. Multi-link load balancing: Distribute traffic of data flows to multiple links to ensure proper utilization of bandwidth.
3. Configure VLAN-TERMINAL so that packets carrying different tags are forwarded via the same port.

8.3 Features

Basic Concepts

 VID

VID refers to the VLAN ID and is used to differentiate VLANs.

8-31
Configuration Guide Configuring VLAN-TERMINAL

Overview

Feature Description
VLAN-TERMINAL Enables packets carrying different tags to be forwarded via the same port.

8.3.1 VLAN-TERMINAL
VLAN-TERMINAL facilitates network management and saves IP address resources. With fewer routers, network
maintenance becomes convenient. Because VLAN IP addresses are in same network segment, workload caused by an
increase or change of IP addresses decreases.

Working Principle

VLAN-TERMINAL is transparent to other functional modules, and does not affect data streams of other modules. With CLI
configuration, the device driver can receive tagged packets with corresponding VIDs from the switch. These packets are
resolved, have their tags removed, and are saved. Because these packets no longer contain tags, subsequent modules
consider these packets as common packets and process them. When these packets need to be sent, the modules find
corresponding tags based on the stream information and the mapping relationship, and tag the packets.

Related Configuration

 Enabling VLAN-TERMINAL

VLAN-TERMINAL is disabled by default.

Run the vlan-terminal enable command in global configuration mode to enable VLAN-TERMINAL.

Run the no vlan-terminal enable command in global configuration mode to disable VLAN-TERMINAL.

 Configuring Maximum Number of Concurrent Online Clients Belonging to Same VLAN

The maximum number of concurrent online clients corresponding to the same VID is 100 by default.

Run the vlan-terminal per-vlan num command to adjust the maximum number of concurrent online clients in the range
1–1000.

Run the no vlan-terminal per-vlan command in global configuration mode to delete related configuration.

 Configuring VIDs on Corresponding Ports

Configure VIDs on corresponding ports (LAN ports only).

Run the vlan-terminal vlan-list vlan-list command in interface configuration mode.

Run the no vlan-terminal vlan-list command to delete related configuration.

8-32
Configuration Guide Configuring VLAN-TERMINAL

8.4 Limitations

NBR6120-E does not support VLAN-TERMINAL module.

8.5 Configuration

Configuration Description and Command

Mandatory
Enabling VLAN-TERMINAL
vlan-terminal enable Enables VLAN-TERMINAL.

Optional
Configuring Maximum
Number of Concurrent Configures the maximum number of
Online Clients Belonging to concurrent online clients corresponding to
vlan-terminal per-vlan num
Same VLAN the same VID, with the value in the range
1–1000.

Mandatory

Configuring VIDs on Configures VIDs on corresponding ports

Corresponding Ports (LAN ports only). There may be only one
vlan-terminal vlan-list vlan-list
VID or consecutive VIDs separated by the
comma.

8.5.1 Enabling VLAN-TERMINAL

Configuration Effect

 Enable VLAN-TERMINAL to forward packets carrying different tags via the same port.

Notes

 This function is invalid if the VLAN-TERMINAL switch is disabled.

Configuration Steps

 Run the vlan-terminal enable command in global certification mode.

Verification

 Check the configuration status of VLAN-TERMINAL.

8-33
Configuration Guide Configuring VLAN-TERMINAL

Related Commands

 Enabling VLAN-TERMINAL

Command vlan-terminal enable

Parameter N/A
Description
Command Global configuration mode
Mode
Usage Guide N/A

Configuration Example

 Enabling VLAN-TERMINAL

Configuration Enable VLAN-TERMINAL on the egress gateway (device A).

Steps
Ruijie# configure terminal
Ruijie(config)#vlan-terminal enable
Verification  Check the configuration status of VLAN-TERMINAL.
Ruijie#show vlan-terminal
vlan-terminal: enable

8.5.2 Configuring Maximum Number of Concurrent Online Clients Belonging to Same

VLAN
Configuration Effect

 Configure the maximum number of concurrent online clients corresponding to the same VID. If the number of
concurrent online clients corresponding to the same VID reaches the maximum value, no other clients corresponding to
the same VID can go online.

Notes

 This function is optional.

 The maximum number of concurrent online clients corresponding to the same VID is 100 by default. This value can be
adjusted in the range 1–1000

Configuration Steps

 Run the vlan-terminal per-vlan num command in global configuration mode to configure the maximum number of
concurrent online clients belonging to the same VLAN.

Verification

 Check the maximum number of concurrent online clients belonging to the same VLAN.

8-34
Configuration Guide Configuring VLAN-TERMINAL

Related Commands

 Configuring Maximum Number of Concurrent Online Clients Belonging to Same VLAN

Command vlan-terminal per-vlan num

Parameter num: Indicates the maximum number of concurrent online clients belonging to same VLAN. Once the
Description number of concurrent online clients corresponding to the same VID reaches this value, no other client
corresponding to the same VID can go online. The value ranges from 1 to 1000.
Command Global configuration mode
Mode
Usage Guide N/A

Configuration Example

 Setting Maximum Number of Concurrent Online Clients Belonging to Same VLAN to 30

Configuration Set the maximum number of concurrent online clients belonging to same VLAN to 30 on the egress gateway
Steps (device A).
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# vlan-terminal per-vlan 30
Verification  Check the configuration information.
Ruijie#show vlan-terminal
vlan-terminal: enable
per-vlan: 30

8.5.3 Configuring VIDs on Corresponding Ports

Configuration Effect

 Designate a port via which packets corresponding to a VID are forwarded.

Notes

 If the configured VID conflicts with a sub port, the sub port prevails.

Configuration Steps

 Run the vlan-terminal vlan-list vlan-list command in interface configuration mode to configure VIDs on corresponding
ports.

Verification

 Check the configuration information.

8-35
Configuration Guide Configuring VLAN-TERMINAL

Related Commands

 Configuring VIDs on Corresponding Ports

Command vlan-terminal vlan-list vlan-list

Parameter vlan-list: Indicates a single VID or consecutive VIDs separated by the comma.
Description
Command Interface configuration mode
Mode
Usage Guide N/A

Configuration Example

 Configuring VIDs 2, 5, 40–80, and 100–120 on Port 0/1

Configuration Configure VIDs 2, 5, 40–80, and 100–120 on Port 0/1 on the egress gateway (device A).
Steps
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# vlan-terminal vlan-list 2,5,40-80,100-200
Verification  Check the configuration information.
Ruijie#show vlan-terminal
vlan-terminal: enable
per-vlan: 30
Gi0/1: 2,5,40-80,100-200

Common Errors

 The port attribute is incorrect (only LAN ports are supported).

 The format is incorrect.

 VIDs conflict.

8.6 Monitoring

Displaying

Description Command
Displays the number of concurrent show vid-info
online clients corresponding to the
same VID, and the IP addresses of
the online clients corresponding to
the VID.

8-36
Configuration Guide Configuring VLAN-TERMINAL

Displays the VLAN-TERMINAL show vlan-terminal

configuration information.

8-37