Presentation is loading. Please wait.

Presentation is loading. Please wait.

DASAN NETWORKS GPON Training

Published bySilvester Elliott Modified over 9 years ago

Similar presentations

Presentation on theme: "DASAN NETWORKS GPON Training"— Presentation transcript:

1 DASAN NETWORKS GPON Training
Chapter 6. Interface mode configuration

2 www.dasannetworks.eu Table of contents Management of System Accounts
Password Recovery Process Auto Log-out Basic System Configuration SFP DDM Module Configuring IP interface Static Route and Default Gateway QoS – rule and policy Blocking telnet connections SSH Server Network Service Port Simple Network Management Protocol (SNMP) Syslog IGMP Snooping DHCP Server DHCP Snooping DHCP Snooping and ARP Inspection – blocking static IPs DHCP Relay Agent with Option82 PIM Router OSPF Blocking unknown multicast WEB Management V5824G – Enable/Disable service (SSH/Telnet/FTP/TFTP/SNMP)

3 www.dasannetworks.eu Introduction Interface Configuration Mode
In Interface Configuration mode, you can configure Ethernet interfaces. To access this level, You should set on CLI: SWITCH login: admin Password: SWITCH> enable SWITCH# configure terminal SWITCH(config)# The same is on all DASAN OLTs: V5812G|V5824G|V8240

4 1. Management of System Accounts
By default on DASAN OLTs there is created user admin – without password. To configure a password for admin account, use the following command: Creating System Account The administrator can create a system account. In addition, it is possible to set the security level from 0 to 15 to enhance the system security. The account with the highest level 15 has a read-write authority (admin level with all privileges). The account of level 0 to level 14 without any configuring authority only can use exit and help in Privileged EXEC View mode and cannot access to Privileged EXEC Enable mode. SWITCH(config)# user add mateusz level 15 mateusz SWITCH(config)# passwd mateusz Security Level It is possible to configure the security level from 0 to 15 for a system account. The level 15, as the highest level, has a read-write authority. The administrator can configure from level 0 to level 14. The administrator decides which level user uses which commands in which level. As the basic right from level 0 to level 14, it is possible to use exit and help command in Privileged EXEC View mode and it is not possible to access to Privileged EXEC Enable mode.

5 2. Password Recovery Process
To recovery login password to default, You must connect to the OLT by CONSOLE port and perform the following step-by-step instruction: The password of “admin” is restored to the factory default password (no password) if the operator has not created any user accounts.

6 SWITCH(config)# global-timeout 50
3. Auto Log-out For security reasons of DASAN OLTs , if no command is entered within the configured inactivity time, the user is automatically logged out of the system. Administrator can configure the inactive session timeout. Configured interval is working only for actual active session. On V5824G there is possible to configure global configuration for auto log-out: SWITCH(config)# global-timeout 50 Limiting Number of Users For the V5812G , you can limit the number of users accessing the switch through telnet. In case of using the system authentication with RADIUS or TACACS+, a configured number includes the number of users accessing the switch via the authentication server .

7 4. Basic System Configuration (1)
SWITCH(config)# hostname V5812G V5812G(config)# On OLT can be configured to observe the daylight saving time in specified area. It means that whenever the system time is updated using a time server located in a different time area, it will be automatically corrected with the local daylight saving time offset. The following example sets system time from 12:00, August 18, 2014 to 12:00, August 20, 2014 with 60 minuts offset. SWITCH(config)# time-zone GMT+9 SWITCH(config)# clock summer-time GMT+9 date : :00 60

8 3. Basic System Configuration (2)
NTP (Network Time Protocol) and SNTP (Simple Network Time Protocol) are the same TCP/IP protocol in that they use the same UDP time packet from the Ethernet Time Server message to compute accurate time. The basic difference in the two protocols is the algorithms being used by the client in the client/server relationship. The NTP algorithm is much more complicated than the SNTP algorithm. NTP normally uses multiple time servers to verify the time and then controls the rate of adjustment or slew rate of the PC which provides a very high degree of accuracy. The algorithm determines if the values are accurate by identifying time server that doesn’t agree with other time servers. It then speeds up or slows down the PC's drift rate so that the PC's time is always correct and there won't be any subsequent time jumps after the initial correction. Unlike NTP , SNTP usually uses just one Ethernet Time Server to calculate the time and then it "jumps" the system time to the calculated time. However, it can have back-up Ethernet Time Servers in case one is not available.

9 www.dasannetworks.eu 5. SFP DDM Module (1)
If you insert an SFP module including Digital Diagnostic Monitoring Interface (DDMI) into ports, you can see the real-time information about the ports such as transceiver type, length, connector type, and vendor information of the SFP. However, you might not want to see DDM polling information because it may result in CPU overload to collect DDM data via I2C interface.

10 5. SFP DDM Module (2)

11 6. Configuring IP interface (1)
The Layer 2 switches only see the MAC address in an incoming packet to determine where the packet needs to come from/to and which ports should receive the packet. The Layer 2 switches do not need IP addresses to transmit packets. However, if you want to access to the V5812G from a remote place with TCP/IP through SNMP or telnet, it requires an IP address. To configure an interface, you need to open Interface Configuration mode first. To open Interface Configuration mode, use the following command. Where the INTERFACE is VLAN number, on which You want to configure IP address, e.g. 100 Assigning IP Address to Network Interface - to assign an IP address to a network interface, use the following command: After assigning an IP address to an interface, you need to enable the interface. If the interface is not enabled, you cannot access it from a remote place, even though an IP address has been assigned.

12 6. Configuring IP interface (2)
EXAMPLE – IP Address on VLAN 100 interface: SWITCH(config)# SWITCH(config)# interface 100 SWITCH(config-if[100])# ip address /24 SWITCH(config-if[100])# no shutdown SWITCH(config-if[100])# exit SWITCH(config)# show ip interface brief DHCP Client An interface of the V5812G can be configured as a DHCP client, which can obtain an IP address from a DHCP server. The configurable DHCP client functionality allows a DHCP client to use a user-specified client ID, class ID or suggested lease time when requesting an IP address from a DHCP server. Once configured as a DHCP client, OLT cannot be configured as a DHCP server or relay agent. Before configuring DHCP client, server or relay agent, you need to use the service dhcp command first to activate the DHCP function in the system: SWITCH(config)# service dhcp SWITCH(config)# interface 100 SWITCH(config-if[100])# ip address dhcp SWITCH(config-if[100])# no shutdown SWITCH(config-if[100])# exit SWITCH(config)# show ip interface brief

13 6. Configuring IP interface (3)
Outband Management Interface The V5812G can connect to equipment's at remote place by assigning IP address to MGMT interface. Since MGMT interface is operated regardless of status of service port, it is still possible to configure and manage equipment at remote place even though problem such as link disconnection is occurred. EXAMPLE – IP Address on MGMT interface: SWITCH(config)# SWITCH(config)# interface mgmt SWITCH(config-if[mgmt])# ip address /24 SWITCH(config-if[mgmt])# no shutdown SWITCH(config-if[mgmt])# exit SWITCH(config)# show ip interface brief

14 7. Static Route and Default Gateway
The static route is a predefined route to a specific network and/or device such as a host. Unlike a dynamic routing protocol, static routes are not automatically updated and must be manually reconfigured if the network topology changes. Static route includes destination address, neighbor address, and etc. To configure a static route, use the following command. Default Route Default route configuration means that all traffic to the network to which there is no defined route on the routing table, will be directed to the configured DEFAULT GATEWAY IP SWITCH(config)# ip route default SWITCH(config)# show ip route

15 www.dasannetworks.eu 8. QoS – rule and policy (1) Rule and QoS
The V5812G provides a rule and QoS feature for traffic management. The rule classifies incoming traffic, and then processes the traffic according to user-defined policies. You can use the physical port, p priority (CoS), VLAN ID, DSCP, and so on to classify incoming packets. You can configure the policy in order to change some data fields within a packet or to relay packets to a mirror monitor by a rule. QoS (Quality of Service) is one of useful functions to provide more reliable service for traffic flow control. It is very serviceable to prevent overloading and delaying or failing of sending traffic by giving priority to traffic. QoS can give priority to specific traffic by basically offering higher priority to the traffic or lower priority to the others. When processing traffic, the traffic is usually supposed to be processed in time-order like first in, first out. This way, not processing specific traffic first, might cause undesired traffic loss in case of traffic overloading. However, in case of overloading traffic , QoS can apply processing order to traffic by reorganizing priorities according to its importance. By favor of QoS, you can predict network performance in advance and manage bandwidth more efficiently . The structure of Rule has 3 types of categories with different roles for QoS. • Flow Defines traffic classification criteria's such as L3 source and destination IP address, L2 source and destination MAC address, Ethernet type, length, Class of Service (CoS), Differentiated Services Code Point (DSCP) and so on. A unique name needs to be assigned to each flow . • Class Includes more than 2 flows for the efficient traffic management in the application of rule to this set of flows. Additionally, a unique name needs to be assigned to each class. • Policy Configures the policy classifying the action(s) to be performed if the configured rule classification fits transmitted packet(s). It cannot only include a specified Flow, Class but also set marking/remarking according to the various parameters such as CoS and DSCP which determine the rule action or priority of packets. – mirror transmits the classified traffic to the monitor port. – redirect transmits the classified traffic to the specified port. – permit allows traffic matching given characteristics. – deny blocks traffic matching given characteristics. – CoS priority set/overwrite

16 www.dasannetworks.eu 8. QoS – rule and policy (2) Scheduling Algorithm
To handle traffic, you need to configure differently processing orders of traffic by using scheduling algorithms. The V5812G provides: – Strict Priority Queuing (SP) – Deficit Round Robin (DRR) – Weighted Round Robin (WRR) An already applied rule cannot be modified. It needs to be deleted and then created again with changed values. The default scheduling mode is WRR. And it is possible to assign a different scheduling mode to each port. You can simply manage more than 2 Flows through one Class. Flow or Class can be implemented by one policy. Both Flow and Class cannot belong to one policy together. It means that one policy can include only one either Flow or Class. However, a single flow or class can belong to multiple policies.

17 8. QoS – rule and policy (3) - FLOW
1. Flow Creation The packet classification involves a traffic descriptor to categorize a packet within a specific flow for QoS handling in the network. You need to open Flow Configuration mode first to classify the packets. T o open Flow Configuration mode, use the following command. Packet classification is done to the traffic which is passing through OLT. • The flow name must be unique. Its size is limited to 32 significant characters. • The flow name cannot start with the alphabet “a” or “A”. • The order in which the following configuration commands are entered is arbitrary. • The configuration of a flow being configured can be changed as often as wanted until the apply command is entered. • Use the show flow-profile command to display the configuration entered up to now. 2. Configuring Admin Flow You can classify the packets according to IP address, ICMP, TCP, UDP and IP header length. T o specify a packet-classifying pattern, use the following command. 3. Applying and modifying Admin Flow After configuring an admin flow using the above commands, apply it to the system with the following command. If you do not apply it to the system, all specified configurations from Admin-Flow Configuration mode will be lost.

18 8. QoS – rule and policy (4) - CLASS
Class Creation One class can include several flows. You can simply handle and configure the packets on several flows at once.

19 8. QoS – rule and policy (5) – POLICY
1. Policy Creation To configure a policy, you need to open Policy Configuration mode first. To open Policy Configuration mode, use the following command. • The policy name must be unique. Its size is limited to 32 significant characters. • The policy name cannot start with the alphabet “a” or “A”. • The order in which the following configuration commands are entered is arbitrary. • The configuration of a policy being configured can be changed as often as wanted until the apply command is entered. • Use the show policy-profile command to display the configuration entered up to now. 2. If you already create the policy, you need to include specified flow or class to specify the rule action for the packets matching configured classifying patterns on flow or class. One policy is not able to include both flow and class at the same time. Either flow or class can belong to one policy. 3. Attaching a Policy to an interface After you configure a rule including the packet classification, policing and rule action, you should attach a policy to an interface and to specify port or VLAN in which the policy should be applied. If you do not specify an interface for rule, rule does not work properly. 4. Policy Action To specify the rule action for the packets matching configured classifying patterns, use the following command.

20 8. QoS – rule and policy (6) - EXAMPLE
EXAMPLE 1 – overwriting higher CoS priority for IPTV VLAN 200 coming to any OLT port SWITCH(config)# flow IPTV create SWITCH(config-flow[IPTV])# ip any any SWITCH(config-flow[IPTV])# apply SWITCH(config-flow[IPTV])# exit SWITCH(config)# policy IPTV create SWITCH(config-policy[IPTV])# include-flow IPTV SWITCH(config-policy[IPTV])# interface-binding vlan 200 SWITCH(config-policy[IPTV])# action match cos 6 overwrite SWITCH(config-policy[IPTV])# apply SWITCH(config-policy[IPTV])# exit SWITCH(config)# qos scheduling-mode sp 1-12

21 8. QoS – rule and policy (7) – Admin Rule
it is possible to block a specific service connection/traffic which is coming to the OLT CPU (to the OLT IP interface) like telnet, FTP, ICMP, SNMP etc. with an admin rule function. So the difference: flow, class, policy (prom previous slides) – affect on traffic which is passing THROUGH OLT flow admin, class admin, policy admin – affect on traffic which is coming TO the OLT The configuration of admin rule is almost the same as on normal rules (from previous slides), difference: Adding „admin” after flow, class and policy: flow admin TELNET create Because it affect on traffic which is coming to the OLT, there is no interface configuration in policy Below You can find example of allow SNMP „access” only from defined IP and block any other coming snmp packets to the OLT: SWITCH(config)# flow admin SNMP_MGMT create SWITCH(config-flow[SNMP_MGMT])# ip / /32 udp any 161 SWITCH(config-flow[SNMP_MGMT])# apply SWITCH(config-flow[SNMP_MGMT])# exit SWITCH(config)# policy admin SNMP_MGMT create SWITCH(config-policy[SNMP_MGMT])# include-flow SNMP_MGMT SWITCH(config-policy[SNMP_MGMT])# priority highest SWITCH(config-policy[SNMP_MGMT])# action match permit SWITCH(config-policy[SNMP_MGMT])# apply SWITCH(config-policy[SNMP_MGMT])# exit SWITCH(config)# flow admin SNMP_BLOCK create SWITCH(config-flow[SNMP_BLOCK])# ip any /32 udp any 161 SWITCH(config-flow[SNMP_BLOCK])# apply SWITCH(config-flow[SNMP_BLOCK])# exit SWITCH(config)# policy admin SNMP_BLOCK create SWITCH(config-policy[SNMP_BLOCK]) include-flow SNMP_MGMT SWITCH(config-policy[SNMP_BLOCK]) priority low SWITCH(config-policy[SNMP_BLOCK]) action match deny SWITCH(config-policy[SNMP_BLOCK]) apply Because there is two policy for the same type of traffic (SNMP, to allow and block) we need to define policy priority. Policy for PERMIT should have the higher priority then for DENY.

22 9. Blocking telnet connections
Using ADMIN Rule we can create policy to block telnet access to the OLT. (we recommend to use only SSH access enabled on OLT) Of course please remember to enable first SSH server (described on next slide) on OLT and set password for defined user on OLT (default user is admin) SWITCH(config)# flow admin TELNET_BLOCK create SWITCH(config-flow[TELNET_BLOCK])# ip any any tcp any 23 SWITCH(config-flow[TELNET_BLOCK])# apply SWITCH(config-flow[TELNET_BLOCK])# exit SWITCH(config)# policy admin TELNET_BLOCK create SWITCH(config-policy[TELNET_BLOCK])# include-flow TELNET_BLOCK SWITCH(config-policy[TELNET_BLOCK])# priority medium SWITCH(config-policy[TELNET_BLOCK])# action match deny SWITCH(config-policy[TELNET_BLOCK])# apply SWITCH(config-policy[TELNET_BLOCK])# exit

23 www.dasannetworks.eu 10. SSH Server Secure Shell (SSH)
Network security is getting more important because the access network has been generalized among numerous users. However, typical FTP and telnet service have big weakness for their security. Secure shell (SSH) is a network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and to allow the remote computer to authenticate the user. EXAMPLE: SWITCH(config)# ssh server enable SWITCH(config)# show ssh SWITCH(config)# ssh disconnect PID

24 www.dasannetworks.eu 11. Network Service Port EXAMPLE:
SWITCH(config)# service port ssh 2222 SWITCH(config)# service port telnet 2323

25 12. Simple Network Management Protocol (SNMP) (1)
The simple network management protocol (SNMP) is an application-layer protocol designed to facilitate the exchange of management information between network devices. SNMP consists of three parts: an SNMP manager, a managed device and an SNMP agent. SNMP provides a message format for sending information between SNMP manager and SNMP agent. The agent and MIB reside on the switch. In configuring SNMP on the switch, you define the relationship between the manager and the agent. According to community, you can give right only to read or right to both read and write. The SNMP agent has MIB variables to reply to requests from SNMP administrator. In addition, SNMP administrator can obtain data from the agent and save data in the agent. The SNMP agent gets data from MIB, which saves information on system and network. SNMP agent sends a trap to administrator for specific cases. Trap is a warning message to alert network status to SNMP administrator. You need to define OLT IP interface on which SNMP agent will work: interface mgmt ip address /24 no shutdown SWITCH(config)# snmp agent-address SNMP Trap SNMP trap is an alert message that SNMP agent notifies SNMP manager about certain problems. If you configure the SNMP trap, the system transmits pertinent information to network management program. In this case, trap message receivers are called a trap host. ( we recommend to set snmp trap-mode as alarm-report)

26 12. Simple Network Management Protocol (SNMP) (2)
SNMP Alarm DASAN OLTs provides an alarm notification function. The alarm will be sent to a SNMP trap host whenever a specific event in the system occurs through CLI. You can also set the alarm severity on each alarm and make the alarm be shown only in case of selected severity or higher. This enhanced alarm notification allows system administrators to manage the system efficiently . Alarm Notify Activity Normally the V5812G is supposed to generate an alarm only when a pre-defined event has occurred such as the fan fail, system restart, temperature high, etc. However, you can additionally configure the system to generate an alarm when any configuration parameter has been changed via CLI. Alarm Severity Criterion You can set an alarm severity criterion to make an alarm be shown only in case of selected severity or higher. For example, if an alarm severity criterion has been set to major, you will see only an alarm whose severity is major or critical.

27 12. Simple Network Management Protocol (SNMP) (3)
SNMP Version 2 For SNMP version 2 we need to configure SOMMUNITY. Only an authorized person can access SNMP agent by configuring SNMP community with a community name and additional information. SNMP Version 3 For SNMP version 3, You need to create user with authentication key, group, view and access record.

28 12. Simple Network Management Protocol (SNMP) (4) – EXAMPLE 1
OLT configuration: EXAMPLE SNMP version 2 SWITCH(config)# snmp agent-address SWITCH(config)# snmp community rw dasan SWITCH(config)# snmp alarm-severity criteria major SWITCH(config)# snmp notify-activity enable SWITCH(config)# snmp trap-mode alarm-report SWITCH(config)# snmp trap-host SNMP Version 2 For SNMP version 2 we need to configure SOMMUNITY. Only an authorized person can access SNMP agent by configuring SNMP community with a community name and additional information. EXAMPLE SNMP version 3 SWITCH(config)# snmp agent-address SWITCH(config)# snmp alarm-severity criteria major SWITCH(config)# snmp notify-activity enable SWITCH(config)# snmp trap-mode alarm-report SWITCH(config)# snmp trap-host SWITCH(config)# snmp user TEST-USER md5 KEY12345 SWITCH(config)# snmp view TEST-VIEW included 1.3 SWITCH(config)# snmp group TEST-GROUP v3 TEST-USER SWITCH(config)# snmp access TEST-GROUP v3 auth TEST-VIEW TEST-VIEW TEST-VIEW SNMP Version 3 For SNMP version 3, You need to create user with authentication key, group, view and access record. You can easily implement DASAN OLTs with Your own Management System using SNMP protocol. All setting which You can set on CLI and read on CLI, You can also read/set using SNMP protocol.

29 12. Simple Network Management Protocol (SNMP) (5) – EXAMPLE 2
MIB files are shared for free with our customers. Please contact our support You can download the SNMP instruction – how to read/set information's by SNMP from below link: Screens from one of Free MibBrowser:

30 www.dasannetworks.eu 13. Syslog Syslog
The syslog is a function that allows the network element to generate the event notification and forward it to the event message collector like a syslog server. This function is enabled as default, so even though you disable this function manually, the syslog will be enabled again. The order of priority is emergency > alert > critical > error > warning > notice > info > debug. If you set a specific level of syslog output, you will receive only a syslog message for selected level or higher. If you want receive a syslog message for all the levels, you need to set the level to debug. Syslog is by default enabled on OLT: SWITCH(config)# syslog output info local volatile SWITCH(config)# syslog output info local non-volatile You can set to send it to the remote server: SWITCH(config)# syslog output info remote To check syslog set: SWITCH(config)# show syslog local non-volataile SWITCH(config)# show syslog local non-volataile reverse

31 www.dasannetworks.eu 14. IGMP Snooping (1) IGMP Snooping Basic
Layer 2 switches normally flood multicast traffic within the broadcast domain, since it has no entry in the Layer 2 forwarding table for the destination address. Multicast addresses never appear as source addresses, therefore the switch cannot dynamically learn multicast addresses. This multicast flooding causes unnecessary bandwidth usage and discarding unwanted frames on those nodes which did not want to receive the multicast transmission. T o avoid such flooding, IGMP snooping feature has been developed. The purpose of IGMP snooping is to constrain the flooding of multicast traffic at Layer 2. IGMP snooping, as implied by the name, allows a switch to snoop the IGMP transaction between hosts and routers, and maintains the multicast forwarding table which contains the information acquired by the snooping. When the switch receives a join request from a host for a particular multicast group, the switch then adds a port number connected to the host and a destination multicast group to the forwarding table entry; when the switch receives a leave message from a host, it removes the entry from the table. By maintaining this multicast forwarding table, the V5812G dynamically forward multicast traffic only to those interfaces that want to receive it as nominal unicast forwarding does. We recommend to enable igmp snooping only on specific VLAN (not global)

32 www.dasannetworks.eu 14. IGMP Snooping (2) IGMP Snooping Version
The membership reports sent to the multicast router are sent based on the IGMP snooping version of the interface. If you statically specify the version on a certain interface, the reports are always sent out only with the specified version. If you do not statically specify the version, and a version 1 query is received on the interface, the interface dynamically sends out a version 1 report. If no version 1 query is received on the interface for the version 1 router present timeout period (400 seconds), the interface version goes back to its default value (3). Explicit Host Tracking Explicit host tracking is one of the important IGMP snooping features. It has the ability to build the explicit tracking database by collecting the host information via the membership reports sent by hosts. This database is used for the immediate leave for IGMPv2 hosts, the immediate block for IGMPv3 hosts, and IGMP statistics collection. This option is enabled by default. IGMP Snooping Immediate Leave (IGMPv2 Snooping) Normally, an IGMP snooping querier sends a group-specific or group-source-specific query message upon receipt of a leave message from a host. If you want to set a leave latency as 0 (zero), you can omit the querying procedure. When the querying procedure is omitted, the switch immediately removes the entry from the forwarding table for that VLAN, and informs the multicast router. Use this command with the explicit host tracking feature. If you don’t, when there is more than one IGMP host belonging to a VLAN, and a certain host sends a leave group message, the switch will remove all host entries on the forwarding table from the VLAN. The switch will lose contact with the hosts that should remain in the forwarding table until they send join requests in response to the switch's next general query message.

33 www.dasannetworks.eu 14. IGMP Snooping (3)
Multicast Router Port Configuration (IGMPv2 Snooping) The multicast router port is the port which is directly connected to a multicast router. A switch adds multicast router ports to the forwarding table to forward membership reports only to those ports. Multicast router ports can be statically specified or dynamically learned by incoming IGMP queries and PIM hello packets. Static Multicast Router Port You can statically configure Layer 2 port as the multicast router port which is directly connected to a multicast router, allowing a static connection to a multicast router. Displaying IGMP Snooping Information SWITCH(config)# ip igmp snooping vlan 200 SWITCH(config)# ip igmp snooping vlan 200 version 2 SWITCH(config)# ip igmp snooping vlan 200 immediate-leave SWITCH(config)# ip igmp snooping vlan 200 mrouter port 12 SWITCH(config)# show ip igmp snooping groups Multicast Group : all VLAN Group Source Port Ver Mode Last Reporter Expire v2 EX,ALLOW :03:53 v2 EX,ALLOW :03:55 v2 EX,ALLOW :03:49 v2 EX,ALLOW :03:52 v2 EX,ALLOW :03:53 v2 EX,ALLOW :03:57 v2 EX,ALLOW :03:52 Total : 7

34 www.dasannetworks.eu 14. IGMP Snooping (4)
IP Multicast to Ethernet/FDDI MAC Address Mapping All IP multicast frames use MAC layer addresses beginning with the 24-bit prefix of 0x0100.5Exx.xxxx. With only half of these MAC addresses available for use by IP Multicast, 23 bits of MAC address space are available for mapping L3 IP multicast addresses into L2 MAC addresses. As there are 28 bits (32 – 4 Class D prefix) of unique address space for an IP multicast address and only 23 bits are mapped into the MAC address, there are 5 bits of overlap (28 – 23). These 5 bits represent 25 = 32 addresses. Therefore, there is a 32:1 overlap of IP addresses to MAC addresses – 32 IP multicast addresses are mapped to the same MAC multicast address. As an example, below lists all the IP multicast addresses that are mapped to the same MAC multicast address of 0x0100.5E The 32:1 address mapping ambiguity can lead to over subscription problem at hosts. You must consider it when you allocate IP multicast addresses for network applications to prevent unexpected behavior.

35 www.dasannetworks.eu 15. DHCP Server (1) DHCP Server
On DASAN OLTs You can configure also DHCP server which can assign IP addresses to the ONT IP interfaces (router mode), or devices connected to ONTs (bridge mode). Before configuring DHCP server or relay, you need to use the service dhcp command first to activate the DHCP function in the system. DHCP Pool Creation The DHCP pool is a group of IP addresses that will be assigned to DHCP clients by DHCP server. You can create various DHCP pools that can be configured with a different network, default gateway and range of IP addresses. This allows the network administrators to effectively handle multiple DHCP environments. DHCP Subnet To specify a subnet of the DHCP pool, use the following command: Range of IP Address To specify a range of IP addresses that will be assigned to DHCP clients, use the following command. You can also specify several inconsecutive ranges of IP addresses in a single DHCP pool, e.g to and to When specifying a range of IP address, the start IP address must be prior to the end IP address. Default Gateway To specify a default gateway of the DHCP pool, use the following command

36 www.dasannetworks.eu 15. DHCP Server (2) IP Lease Time
Basically, the DHCP server leases an IP address in the DHCP pool to DHCP clients, which will be automatically returned to the DHCP pool when it is no longer in use or expired by IP lease time. DNS Server To specify a DNS server to inform DHCP clients, use the following command. Manual Binding To manually assign a static IP address to a DHCP client who has a specified MAC address, use the following command. Recognition of DHCP Client Normally, a DHCP server is supposed to prohibit assigning an IP address when DHCP packets have no client ID (CID). However, some Linux clients may send DHCP discover messages without CID. T o solve such a problem, the switch provides the additional option to verify a hardware address (MAC address) instead of CID (especially Linux DHCP Clients) Domain Name To set a domain name, use the following command.

37 15. DHCP Server (3) – EXAMPLE1
Below You can find example configuration for DHCP server on OLT with default gateway also on OLT (routing on OLT). EXAMPLE: SWITCH# configure terminal SWITCH(config)# service dhcp SWITCH(config)# bridge SWITCH(bridge)# vlan create 100,200 SWITCH(bridge)# vlan add tagged SWITCH(bridge)# vlan add tagged SWITCH(bridge)# exit SWITCH(config)# interface 200 SWITCH(config-if[200])# ip address /24 SWITCH(config-if[200])# no shutdown SWITCH(config-if[200])# exit SWITCH(config)# interface 100 SWITCH(config-if[100])# ip address /24 SWITCH(config-if[100])# no shutdown SWITCH(config-if[100])# exit SWITCH(config)# ip route default SWITCH(config)# ip dhcp pool DHCP-SERVER-VLAN100 SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# network /24 SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# default-router SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# range SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# dns-server SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# fixed-address :d0:cb:d8:ad:61 SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# exit

38 15. DHCP Server (4) – EXAMPLE2
Below You can find example configuration for DHCP server on OLT with default gateway behind OLT (no routing). EXAMPLE: SWITCH# configure terminal SWITCH(config)# service dhcp SWITCH(config)# bridge SWITCH(bridge)# vlan create 100 SWITCH(bridge)# vlan add ,10 tagged SWITCH(bridge)# exit SWITCH(config)# interface 100 SWITCH(config-if[100])# ip address /24 SWITCH(config-if[100])# no shutdown SWITCH(config-if[100])# exit SWITCH(config)# ip dhcp pool DHCP-SERVER-VLAN100 SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# network /24 SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# default-router SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# range SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# dns-server SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# fixed-address :d0:cb:d8:ad:61 SWITCH(config-dhcp[DHCP-SERVER-VLAN100])# exit

39 www.dasannetworks.eu 16. DHCP Snooping (1) DHCP Snooping
For enhanced security, DASAN OLTs provides the DHCP snooping feature. The DHCP snooping filters untrusted DHCP messages and builds/maintains a DHCP snooping binding table. The untrusted DHCP message is a message received from outside the network, and an untrusted interface is an interface configured to receive DHCP messages from outside the network. The DHCP snooping basically permits all the trusted messages received from within the network and filters untrusted messages. In case of untrusted messages, all the binding entries are recorded in a DHCP snooping binding table. This table contains a hardware address, IP address, lease time, VLAN ID, interface, etc. It also gives you a way to differentiate between untrusted interfaces connected to the end-user and trusted interfaces connected to the DHCP server or another switch. The DHCP snooping only filters the DHCP server message such as a DHCP_OFFER or DHCP_ACK, which is received from untrusted interfaces. Enabling DHCP Snooping First You have to enable the DHCP snooping globally. Upon enabling the DHCP snooping, the DHCP_OFFER and DHCP_ACK messages from all the ports will be discarded before specifying a trusted port. To enable the DHCP snooping on a VLAN, use the following command. You must enable DHCP snooping globally before enabling DHCP snooping on a VLAN. DHCP Trust State To define a state of a port as trusted or untrusted, use the following command.

40 www.dasannetworks.eu 16. DHCP Snooping (2) EXAMPLE:
OLT blocks DHCP OFFER and DHCP ACK packets which are coming on UNTRUSTED PORTs TRUSTED PORTs are: 10-12 SWITCH(config)# service dhcp SWITCH(config)# ip dhcp snooping SWITCH(config)# ip dhcp snooping vlan 100,200 SWITCH(config)# ip dhcp snooping trust 10-12

41 17. DHCP Snooping and ARP Inspection – blocking static IPs (1)
1. FIRST – configure DHCP Snooping as in previous slide 2. ARP Access List You can exclude a given range of IP addresses from the ARP inspection using ARP access lists. ARP access lists are created by the arp access-list command on the Global Configuration mode. ARP access list permits or denies the ARP packets of a given range of IP addresses. 3. ARP Inspection on Trust Port (uplink ports) The ARP inspection defines 2 trust states, trusted and untrusted. Incoming packets via trusted ports bypass the ARP inspection process, while those via untrusted ports go through the ARP inspection process. Normally, the ports connected to subscribers are configured as untrusted, while the ports connected to an upper network are configured as trusted.

42 17. DHCP Snooping and ARP Inspection – blocking static IPs (2)
4. Enabling ARP Inspection Filtering To enable/disable the ARP inspection filtering of a certain range of IP addresses from the ARP access list, use the following command. ARP inspection actually runs in the system after the configured ARP access list applies to specific VLAN using the ip arp inspection filter command. 5. ARP Inspection ARP provides IP communication by mapping an IP address to a MAC address. However, a malicious user can attack ARP caches of systems by intercepting the traffic intended for other hosts on the subnet. For example, Host B generates a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A. If Host C responses with an IP address of Host A (or B) and a MAC address of Host C, Host A and Host B can use Host C’ s MAC address as the destination MAC address for traffic intended for Host A and Host B. ARP Inspection is a security feature that validates ARP packets in a network. It discards ARP packets with invalid IP-MAC address binding. 6. ARP Inspection Start Time This function sets the time before ARP inspection starts to run. Before setting this, ARP inspection should be turned on. ARP inspect ion checks validity of incoming ARP packets by using DHCP snooping binding table and denies the ARP packets if they are not identified in the table. However, the V5812G may be rebooted with any reason, then DHCP snooping binding table entries, which are dynamically learned from DHCP packets back and forth the V5812G , would be lost. Thus, ARP inspection should be delayed to start during some time so that DHCP snooping table can build entries. If no time given, ARP inspection sees empty snooping table and drop every ARP packet. If You are using arp inspection and want to enable communication (L2), between ONTs on the same GPON PORT, You should to disable PORT-PORT BRIDGE feature and set ARP alias for IPs which should communicate each other. ARP Alias Although clients are joined in the same client switch, it may be impossible to communicate between them for security reasons. When you need to make them communicate each other, the V5812G supports ARP alias, which responses the ARP request from client net through the concentrating switch.

43 17. DHCP Snooping and ARP Inspection – blocking static IPs (3)
DHCP Snooping Database Agent When the DHCP snooping is enabled, the system uses the DHCP snooping binding database to store information about untrusted interfaces. Each database entry (binding) has an IP address, associated MAC address, lease time, interface to which the binding applies and VLAN to which the interface belongs. You can save the current binding entries in a file at a remote location (TFTP server). Upon reloading, the switch can read the file to build the DHCP snooping database for the binding. The system keeps the current file by writing to the file as the database changes. ARP Address Validation (OPTION) The V5812G also provides the ARP validation feature. Regardless of a static ARP table, the ARP validation will discard ARP packets in the following cases: In case a sender MAC address of ARP packet does not match a source MAC address of Ethernet header. In case a target MAC address of ARP reply packet does not match a destination MAC address of Ethernet header. In case of a sender IP address of ARP packet or target IP address is or or one of multicast IP addresses.

44 17. DHCP Snooping and ARP Inspection – blocking static IPs (4) - EXAMPLE
EXAMPLE – TARGETs: allow communication to the network for hosts which received IP addresses from DHCP servers connected on ports side, blocking static IP addresses allow communication on the same gpon ports for range: ~ SWITCH(config)# service dhcp SWITCH(config)# ip dhcp snooping SWITCH(config)# ip dhcp snooping vlan 100,200 SWITCH(config)# ip dhcp snooping trust 10-12 SWITCH(config)# arp access-list ACL SWITCH(config-arp-acl[ACL])# permit dhcp-snoop-inspection SWITCH(config-arp-acl[ACL])# exit SWITCH(config)# ip arp inspection trust port 10-12 SWITCH(config)# ip arp inspection filter ACL vlan 100,200 SWITCH(config)# ip dhcp snooping arp-inspection start 3600 SWITCH(config)# ip arp inspection vlan 100,200 If You are using arp inspection and want to enable communication (L2), between ONTs on the same GPON PORT, You should disable PORT-PORT BRIDGE feature and set ARP alias for IPs which should communicate each other: SWITCH(config)# bridge SWITCH(bridge)# port port-bridge disable 1 SWITCH(bridge)# exit SWITCH(config)# arp alias – IPs from this range can communicate each other

45 18. DHCP Relay Agent with Option82 (1)
A DHCP relay agent is any host that forwards DHCP packets between clients and servers. The DHCP relay agents are used to forward DHCP requests and replies between clients and servers when they are not on the same physical subnet. The DHCP relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently. By contrast, DHCP relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface. The DHCP relay agent sets the gateway address and, if configured, adds the DHCP option 82 information in the packet and forwards it to the DHCP server. The reply from the server is forwarded back to the client after removing the DHCP option 82 information. DHCP Helper Address A DHCP client sends DHCP_DISCOVER message to a DHCP server. DHCP_DISCOVER message is broadcasted within the network to which it is attached. If the client is on a network that does not have any DHCP server, the broadcast is not forwarded because the switch is configured to not forward broadcast traffic. To solve this problem, you can configure the interface that is receiving the broadcasts to forward certain classes of broadcast to a helper address. If a DHCP helper address is specified on an interface, the V5812G will enable a DHCP relay agent. Smart Relay Agent Forwarding Normally, a DHCP relay agent forwards DHCP_DISCOVER message to a DHCP server only with a primary IP address on an interface, even if there is more than one IP address on the interface. If the smart relay agent forwarding is enabled, a DHCP relay agent will retry sending DHCP_DISCOVER message with a secondary IP address, in case of no response from the DHCP server.

46 18. DHCP Relay Agent with Option82 (2)
DHCP Option This function enables administrators to define DHCP options that are carried in the DHCP communication between DHCP server and client or relay agent. The following indicates the format of the DHCP options field. A code identifies each DHCP option. It can be expressed in value 0 to by user configuration and some of them are predefined in the standards. (128 ~ is site specific) A length can be variable according to value or can be fixed. A value contains actual information such an IP address, string, or index, which is inserted into the DHCP packet. Administrators can configure a DHCP option format in DHCP Option mode, which is globally used over the DHCP functions. The DHCP option format can be applied in other DHCP software modules and the following figure indicates it. The packets can be mapped to the option format string that defined by variable values with special character (%): %FRAME: frame (chassis) number for receiving DHCP packets %SLOT: slot number for receiving DHCP packets %PORT: port number %IN_IF_IP: input interface IP address %VID: VLAN ID tagged on packets %CPU-MAC: system MAC address %ONU-ID: ONU ID %ONU_PORT_NUM: ONU’s UNI port number %ONU_SERIAL_NUM: ONU’ s serial number %ONU_DESCRIPTION: ONU description written by administrator %ONU_PORT_DESCRIPTION: ONU port description written by administrator If the variable value of attribute is configured with %ONU -PORT_NUM, a GPON MAC bridge service profile should be used to one single UNI port. If there are more than two UNI ports for one Bridge service profile, DHCP option 82 can not add/classify the ONU UNI port number information into DHCP option field. The DHCP option format has the following restrictions; - The length of attribute should be within 64 bytes. - A hidden-length variable of attribute should be set once in a single attribute. - The total length of an option format cannot exceed 254 bytes

47 18. DHCP Relay Agent with Option82 (3)
DHCP Option 82 In some networks, it is necessary to use additional information to further determine which IP addresses to allocate. By using the DHCP option 82, a DHCP relay agent can include additional information about itself when forwarding client-originated DHCP packets to a DHCP server. The DHCP relay agent will automatically add the circuit ID and the remote ID to the option 82 field in the DHCP packets and forward them to the DHCP server. The DHCP option 82 resolves the following issues in an environment in which untrusted hosts access the internet via a circuit based public network: Broadcast Forwarding The DHCP option 82 allows a DHCP relay agent to reduce unnecessary broadcast flooding by forwarding the normally broadcasted DHCP response only on the circuit indicated in the circuit ID. DHCP Address Exhaustion In general, a DHCP server may be extended to maintain a DHCP lease database with an IP address, hardware address and remote ID. The DHCP server should implement policies that restrict the number of IP addresses to be assigned to a single remote ID. Static Assignment A DHCP server may use the remote ID to select the IP address to be assigned. It may permit static assignment of IP addresses to particular remote IDs, and disallow an address request from an unauthorized remote ID. IP Spoofing A DHCP client may associate the IP address assigned by a DHCP server in a forwarded DHCP_ACK message with the circuit to which it was forwarded. The circuit access device may prevent forwarding of IP packets with source IP addresses, other than, those it has associated with the receiving circuit. This prevents simple IP spoofing attacks on the central LAN, and IP spoofing of other hosts. MAC Address Spoofing By associating a MAC address with a remote ID, a DHCP server can prevent offering an IP address to an attacker spoofing the same MAC address on a different remote ID. Client Identifier Spoofing By using the agent-supplied remote ID option, the untrusted and as-yet unstandardized client identifier field need not be used by the DHCP server.

48 18. DHCP Relay Agent with Option82 (4)
Option 82 Sub-Option The DHCP option 82 enables a DHCP relay agent to include information about itself when forwarding client-originated DHCP packets to a DHCP server. The DHCP server can use this information to implement security and IP address assignment policies.There are 2 sub-options for the DHCP option 82 information as follows: Remote ID This sub-option may be added by DHCP relay agents which terminate switched or permanent circuits and have mechanisms to identify the remote host of the circuit. Note that, the remote ID must be globally unique. Circuit ID This sub-option may be added by DHCP relay agents which terminate switched or permanent circuits. It encodes an agent-local identifier of the circuit from which a DHCP client-to-server packet was received. It is intended for use by DHCP relay agents in forwarding DHCP responses back to the proper circuit. ATTENTION! If You want to add information’s about ONT (%ONU-ID, %ONU_SERIAL_NUM…) You can use them: Only on CIRCUIT-ID (not on REMOTE-ID) Only on gpon PORTs DHCP Snooping with Option82 In case of L2 environment, when forwarding DHCP messages to a DHCP server, a DHCP switch can insert or remove DHCP option82 data on the DHCP messages from the clients. In case of a switch is enabled with DHCP snooping, it floods DHCP packets with DHCP option82 field when the DHCP option82 is enabled. This allows an enhanced security and efficient IP assignment in the Layer 2 environment with a DHCP option82 field. If DHCP snooping is enabled in the system, DHCP packets includes DHCP option82 field by default.

49 18. DHCP Relay Agent with Option82 (4)
EXAMPLE: PC connected to ONT (bridge mode): ONU-ID-3, ONU-SN-DSNW4bd6a928 should receive IP: PC connected to ONT (bridge mode : ONU-ID-3, ONU-SN-DSNW4bdf34a0 should receive IP: SWITCH(config)# service dhcp SWITCH(config)# ip dhcp snooping SWITCH(config)# ip dhcp snooping vlan 100 SWITCH(config)# ip dhcp snooping trust 11 SWITCH(config)# interface 100 SWITCH(config-if[100])# ip address /24 SWITCH(config-if[100])# ip dhcp helper-address SWITCH(config-if[100])# no shutdown SWITCH(config-if[100])# exit SWITCH(config)# interface 200 SWITCH(config-if[200])# ip address /24 SWITCH(config-if[200])# no shutdown SWITCH(config-if[200])# exit SWITCH(config)#ip dhcp option format remote SWITCH(dhcp-opt[remote])# attr 1 type 1 length variable value string OLT-1 SWITCH(dhcp-opt[remote])# attr 2 type 2 length 2 value index %PORT SWITCH(dhcp-opt[remote])# exit IF DHCP server is not on OLT directly connected networkThen You must to set also route to DHCP server by Ip route command SWITCH(config)# ip dhcp option format circuit-gpon (used for Clients behind ONT) SWITCH(dhcp-opt[circuit-gpon])# attr 1 type 1 length variable value string %MAC SWITCH(dhcp-opt[circuit-gpon])# attr 2 type 2 length variable value string %VID SWITCH(dhcp-opt[circuit-gpon])# attr 3 type 3 length variable value string %ONU-ID SWITCH(dhcp-opt[circuit-gpon])# attr 4 type 4 length variable value string %ONU_SERIAL_NUM SWITCH(dhcp-opt[circuit-gpon])# exit SWITCH(config)# ip dhcp option format circuit-uplink (used for DHCP Clients connected to OLT uplink ports) SWITCH(dhcp-opt[circuit-uplink])# attr 1 type 1 length variable value string %MAC SWITCH(dhcp-opt[circuit-uplink])# attr 2 type 2 length variable value string %VID SWITCH(dhcp-opt[circuit-uplink])# exit SWITCH(config)# ip dhcp option82 SWITCH(config-opt82)# trust default permit SWITCH(config-opt82)# system-circuit-id port-type physical SWITCH(config-opt82)# system-remote-id option format remote SWITCH(config-opt82)# system-circuit-id 1-4 option format circuit-gpon SWITCH(config-opt82)# system-circuit-id 5-8 option format circuit-uplink

50 www.dasannetworks.eu 19. PIM Router (1) Multicast Routing
When receivers join a certain group, multicast routers must deliver the multicast traffic corresponding to the group to those receivers. T o determine the appropriate forwarding path and to replicate the multicast traffic to multiple destinations, multicast routing protocols are needed. The multicast routing protocols establish the distribution tree by building a forwarding table in its own way. The forwarding table contains the information of sources, groups, interfaces, and how to forward multicast packets. Note that the multicast has the different routing method from the unicast’ s. Enabling Multicast Routing By default, multicast routing is disabled. T o configure the V5812G to forward multicast traffic via Layer 3 network, you need to enable multicast routing. To enable Layer 3 multicast routing, use the following command. Protocol Independent Multicast (PIM) is the most widely deployed multicast routing protocol. It may use the underlying unicast routing information base, but is not dependent on any particular unicast routing protocol. PIM has two operation modes, which are called PIM Sparse Mode (PIM-SM) and PIM Dense Mode (PIM-DM), each optimized for a different environment. PIM-SM is a multicast routing protocol efficient for multicast groups that may span wide area (and inter-domain) internets. In the sparse mode, routers forward multicast packets only when they receives explicit join messages from neighboring routers that have downstream group members. PIM-SM uses a unidirectional shared tree per group to deliver multicast traffic, and optionally uses the shortest path tree per source. PIM-DM is a multicast routing protocol efficient for multicast groups that are densely populated across a network. In the dense mode, routers initially flood multicast datagrams to all multicast routers, since they assume that all downstream systems want to receive multicast packets. Prune messages are then used to prevent from propagating to routers with no group members. Both PIM protocols use the same message formats. DASAN OLTs support PIM-SM only. Passive mode You can also enable PIM-SM as the passive mode. The passive mode operation is for local members. The passive mode disables sending/receiving PIM packets on an interface, allowing only IGMP mechanism to be active.

51 www.dasannetworks.eu 19. PIM Router (2) Rendezvous Point
In a shared tree, Rendezvous Point (RP) is a means for receivers to discover the sources that send to a particular multicast group. It is responsible to receive all multicast traffic from the sources and to forward that traffic to the receivers. Static RP To elect the RP among candidate RPs in the shared tree, the V5812G supports the BSR mechanism (see Section ) and static RP, and also supports the simultaneous use of those. You can configure a router to use the static RP either for all the multicast groups (default) or for specific multicast groups (with access lists). If multiple static RPs are available for a single multicast group, the one with the highest IP address will be elected. When the static RP and the RP elected through the BSR are both available for a multicast group, the one elected through the BSR is chosen by default. If you, however, want to choose the static RP for a multicast group in that situation, use the override option that gives the higher priority to the static RP.

52 www.dasannetworks.eu 19. PIM Router (3) EXAMPLE:
VLAN 100 – Subscriber VLAN (where STBs are connected VLAN 200 – UPLINK VLAN (multicast routing) SWITCH(config)# ip multicast-routing  SWITCH(bridge)# vlan create Subscriber VLAN SWITCH(bridge)# vlan create Uplink VLAN SWITCH(bridge)# vlan add tagged SWITCH(bridge)# vlan add tagged SWITCH(config)# interface 100 SWITCH(config-if[100])# ip address /24 SWITCH(config-if[100])# ip pim sparse-mode passive SWITCH(config-if[100])# no shutdown SWITCH(config-if[100])# SWITCH(config)# interface 200 SWITCH(config-if[200])# ip address /24 SWITCH(config-if[200])# ip pim sparse-mode SWITCH(config-if[200])# no shutdown SWITCH(config-if[200])# exit SWITCH(config)# ip pim rp-address SWITCH(config)# ip igmp snooping vlan 100 SWITCH(config)# ip igmp snooping vlan 100 version 2 SWITCH(config)# ip igmp snooping vlan 100 immediate-leave SWITCH(config)# show ip pim interface SWITCH(config)# show ip pim mroute SWITCH(config)# show ip pim local-members

53 www.dasannetworks.eu 20. OSPF (1) Open Shortest Path First (OSPF)
Open shortest path first (OSPF) is an interior gateway protocol developed by the OSPF working group of Internet Engineering Task Force (IETF). OSPF designed for IP network supports IP subnetting and marks on information from exterior network. Moreover, it supports packet authorization and transmits/receives routing information through IP multicast. It is most convenient to operate OSPF on layered network. OSPF is the most compatible routing protocol in layer network environment. The first setting in OSPF network is planning network organized with router and configures border router faced with multiple section. After that, sets up the basic configuration for OSPF router operation and assigns interface to Area. To make compatible OSPF router configuration for user environment, each router configuration must be accorded by verification. 1. Enabling OSPF To use OSPF routing protocol, it must be activated as other routing protocols. After activation, configures network address and ID which is operated by OSPF. The following command shows steps of activating OSPF. 2. Router-ID Configure a network ID of OSPF. Network ID decides IPv4 address of this network. In case if using router-id command to apply new router ID on OSPF process, OSPF process must be restarted to apply. Use the clear ip ospf process command to restart OSPF process. If there is changing router ID while OSPF process is operating, configuration must be processed from the first. In this case, DASAN OLT can change only router ID without changing related configurations. To transfer above configuration to other routers, Use the clear ip ospf process command to restart OSPF process. 3. Network Use the network command to specify a network to operate with OSPF. There are two ways to show network information configurations. Firstly, shows IP address with bitmask like “ /8”. Secondly, shows IP address with wildcard bit information like “ ”. The variable option after area must be IP address or OSPF area ID.

54 www.dasannetworks.eu 20. OSPF (2) Default Route
You can configure ASBR (Autonomous System Boundary Router) to transmit default route to OSPF network. Autonomous System Boundary router transmits route created externally to OSPF network. However, it does not create system default route. Passive Interface The passive interface which is configured by OSPF network operate as stub area. Therefore passive interface can not exchange the OSPF routing information. To configure the passive interface, use the following command. EXAMPLE: Enable OSPF routing: SWITCH(config) # router OSPF 1 Router ID (IP address format): SWITCHG(config-router)# router-id Add network to the OSPF: SWITCH(config-router)# network /24 area 0 SWITCH(config-router)# network /24 area 0 SWITCH(config-router)# network /30 area 0 SWITCH(config-router)# passive-interface 100 Redistribute route: SWITCH(config-router)# redistribute static

55 21. Blocking unknown multicast
Blocking Unknown Multicast Traffic Internally, DASAN OLTs forwards the multicast traffic referred to the multicast forwarding database (McFDB). The McFDB maintains multicast forwarding entries collected from multicast protocols and features, such as PIM, IGMP, etc. The McFDB has the same behavior as the Layer 2 FDB. When certain multicast traffic comes to a port, the switch looks for the forwarding information (the forwarding entry) for the traffic in the McFDB. If the McFDB has the information for the traffic, the switch forwards it to the proper ports. If the McFDB does not have the information for the traffic, the switch learns the information on the McFDB, and then floods it to all ports. If the information is not referred to forward another multicast traffic during the given aging time, it is aged out from the McFDB. When certain multicast traffic comes to a port and the McFDB has no forwarding information for the traffic, the multicast traffic is flooded to all ports by default. You can configure the switch not to flood unknown multicast traffic. We recommend to use this option with IGMP snooping feature enabled. Than all multicast which is not present on IGMP snooping table WILL BE BLOCKED. It will not block IANA reserved groups ( – ) EXAMPLE: SWITCH(config)# ip igmp snooping vlan 200 SWITCH(config)# ip unknown-multicast block

56 www.dasannetworks.eu 22. WEB Management WEB Management
The V8240 and V5824G(will support in the future) provides a web-based Graphical User Interface (GUI), but it is disabled to ensure maximum security. The system maintenance and L2/L3/GPON management operation that can be performed through the CLI can also be performed through the GUI. To enable the GUI: V5812G will not support WEB Management STEP 1 To enable a web-based management, use the following command STEP 2 To access web-based GUI, open a web browser and enter the IP address of the V8240 on URL address bar: ← ip address of V8240 STEP 3 A new window is displayed on the screen as the following figure, it will require you to set your login ID and password when you first access the web interface. The default account is admin with no password. Click on Send button.

57 23. V5824G – Enable/Disable service (SSH/Telnet/FTP/TFTP/SNMP)

58 Thank You If You need help please contact: support@dasannetworks.eu

Download ppt "DASAN NETWORKS GPON Training"

Similar presentations

CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Slide Set 15: IP Multicast. In this set What is multicasting ? Issues related to IP Multicast Section 4.4.

Slide Set 15: IP Multicast. In this set What is multicasting ? Issues related to IP Multicast Section 4.4.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Subnetting.

Subnetting.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Similar presentations

Ads by Google