Infinet Wireless: Technical Documentation
Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This command is used to configure MAC Switch.

Syntax:

________ LIST commands __________________________________

  switch list LISTNAME [{iface | mac | numrange | match}]

         {add | del} [VALUE ...]

         dump [WILDCARD]

         rename  NEWNAME

         file   FILENAME

         [ flush|remove]

________ GROUP commands _________________________________

  switch group ID {add | del} IFNAME[:{TAG|0}] ...

  switch group ID {repeater|trunk|uncoupled} {on|off}

  switch group ID {(up|down)stream} {SCID|0}

  switch group ID [x]vlan {TAG|LIST|0} [[no]bidir]

  switch group ID nvlan {[on]|off}

  switch group ID info INFO_STRING

  switch group ID setid NEWID

  switch group ID stp { off | on | dump }

  switch group ID stp priority [PRIO]        #(default: 57344, step: 4096)

  switch group ID stp forwarddelay [DELAY]        #(default: 15 sec)

  switch group ID stp maxage [TIME]               #(default: 20 sec)

  switch group ID stp port IFNAME priority [PRIO] #(default: 128,step 16)

  switch group ID stp port IFNAME cost [COST] #(default: 200000(RSTP),

                                                                               65535(STP)) 

  switch group ID igmp { off | on }

  switch group ID igmp static-add MCAST IF_NAME [MAC]

  switch group ID igmp static-del MCAST IF_NAME [MAC]

  switch group ID igmp dump [detail] 

 switch group ID igmp lmqt Value

 switch group ID igmp gmi Value

 switch group ID igmp router-port { off | on }

 switch group ID igmp flood-reports { off | on }

 switch group ID igmp zero-query-permit { off | on }

 switch group ID igmp srcip IP

 switch group ID igmp join-limit [IF_NAME] N [include $ACL] [except $ACL]

 switch group ID igmp querier [vlan N] {start|stop|clear}

 switch group ID igmp querier [[no]election] [source IP] [mcast X[,Y,...]]

switch group ID igmp querier interval Value

 

switch group ID flood-unicast {off | on}

switch group ID inband {off | on}

switch group ID order N

switch group ID 

           [setpri | addpri PRIO]

           [qmch CHAN]

          {deny | permit | showrules | showback}

switch group ID 

          dump [interface] [WILDCARD]

          [dbdelete MACADDRESS]

          {start [discard] | stop | remove | statistics}

switch group ID {in-trunk} [{ID | 0}]


________ INTERFACE commands _________________________________

switch interface IFNAME mac-limit N


________ RULES commands _________________________________

  switch {group ID | interface IFNAME} rule NUMBER

       [set NEWNUMBER] [not]

       [src   LIST] [dst   LIST] [vlan  LIST]

       [iface LIST] [proto LIST] [match LIST]

       [ setpri |addpri PRIO ] [qmch CHAN]

       [ deny | permit ] [ remove ]


_______  CONTROL commands _______________________________

  switch resynchronize

  switch trace { off | on | verbose | filter "pcap expr"}

  switch stptrace { off | on }

  switch stpblock { off | on }

  switch {dump [WILDCARD]|MACADDRESS}


switch igmp-snooping dump [detail] 

switch {start | stop | restart | destroy | dead-interval DEAD_INTERVAL}

 switch statistics [(clear|help|ID)]

  switch maxsources (MAXSOURCES|0) # default 5000

CAUTION

Starting from 1.22.0 firmware version, "switch" is partially incompatible with other firmware versions. It is highly recommended to perform firmware upgrade for units working in switch mode. Compatibility for MINT protocol and routing is not disturbed.

"Over The Air Firmware Upgrade" feature also can be used.

Wildcard format

Wildcards are used in different commands to filter printed information. As a difference from standard wildcards, in special cases the following characters can be used:

  • * - any number of any symbols (or empty).
  • ~ - any symbol (just one).

Example,

rf~.~

This filter includes the strings like rf5.0, rf5.0 etc.

 #1> switch group 1 dump eth~
Bridge group 1(normal), READY STARTED Interfaces : eth0(F) eth1(F) rf5.0(F)
Total records 5
  DST MAC        L   Int.   GateWay MAC   GT Cost   UsCNT    Dead    HashC
==============   =  ====  ========= ==   === =====  =====    ====   =======
001111144693       eth0   000000000000        0      3987      300       1
000435018822    *  eth0   000000000000        0       0          0       1
000435118822    *  eth1   000000000000        0       0          0       1

This filter displays group statistics for all Ethernet interfaces.

List commands

Syntax:

  switch list LISTNAME [{iface | mac | numrange | match}]

         {add | del} [VALUE ...]

         dump [WILDCARD]

         rename  NEWNAME

         file   FILENAME

         [ flush|remove]

Lists are used as a set of acceptable values for rules. Each list must have a unique name and must be of one of the types: iface, mac, numrange, match. List name may consist of letters and digits. List name should not start with a digit. List name is case-insensitive.

Command parameters:

  • "LISTNAME" – list name. If list name contains spaces, it should be put in quotes
  • "iface" – list type which consists of network interfaces names
  • "mac" – list type which consists of a set of MAC-addresses
  • "numrange" – list type that consists of a set of ranges of positive integer numbers. The range of numbers is specified as "<min>[-<max>]". The range may consist of one number if <min>=<max>. If a range of numbers is added to existing list and two ranges values intersect, these ranges will be concatenated
  • "match" – by context, match expressions are identical to expressions lists but should consist of one element – the expression itself. The expression should be written in PCAP format (see "tcpdump" utility). If an expression has spaces it should be put into quotes.
  • Keywords "add" and "del" add or delete values to the specified list correspondingly
  • "VALUE" – one or several (except for "match") values to be added or deleted from the list.

Examples,

switch list my_iface iface add eth0 rf5.0

Here a list of "iface" type is created with a name of "my_iface". Interfaces eth0 and rf5.0 are added to this list.

switch list vlans numrange add 10 20-30 40

A range of numeric values are added to a list with a name of vlans and with a type of numrange. Values added are 10, the range from 20 to 30 and a value 40.

switch list ip_mynet match add ‘net 195.38.45.64/26’

A list-expression of match type is created. In this case when using filter its effect will cover all types of packets (ip, arp and т.д.) from 195.38.45.64/26 network.

switch list ip_mynet match add ‘ip net 195.38.45.64/26’

In this example a list-expression of "match" type is also created but now only ip packets from 195.38.45.64/26 network will be affected when using filter.

A source file can be specified for the list. The source file should contain the list of values with each value taking one line. The file is retrieved using FTP protocol.

Example,

switch list MACGROUP1 file ftp://1.2.3.4/switches/list/macgroup1.txt

With this macgroup1.txt file might contain the following information:

#The list of computers in HR department

00:01:02:03:04:05       # Smith

00:11:12:13:14:15       # Johnson

<EOF>

Values are loaded from the file automatically after switch is started, or when a source file name is modified or when the following command is executed:

switch synchronize
switch list LISTNAME remove

This command deletes the list with LISTNAME name from the switch configuration.

switch list LISTNAME flush

Clears the contents of LISTNAME name.

switch list OLDLISTNAME rename NEWLISTNAME

Renames the list with OLDLISTNAME to NEWLISTNAME.

switch list LISTNAME  dump [WILDCARD]

Prints the contents of the list LISTNAME. If WILDCARD parameter is specified, the command prints only those values from the list which satisfy the WILDCARD.

Groups commands

Syntax:

  switch group ID {add | del} IFNAME[:{TAG|0}] ...

  switch group ID {repeater|trunk|uncoupled} {on|off}

  switch group ID {(up|down)stream} {SCID|0}

  switch group ID [x]vlan {TAG|LIST|0} [[no]bidir]

  switch group ID nvlan {[on]|off}

  switch group ID info INFO_STRING

  switch group ID setid NEWID

  switch group ID stp { off | on | dump }

  switch group ID stp priority [PRIO]        #(default: 57344, step: 4096)

  switch group ID stp forwarddelay [DELAY]        #(default: 15 sec)

  switch group ID stp maxage [TIME]               #(default: 20 sec)

  switch group ID stp port IFNAME priority [PRIO] #(default: 128,step 16)

  switch group ID stp port IFNAME cost [COST] #(default: 200000(RSTP),

                                                                               65535(STP)) 

  switch group ID igmp { off | on }

  switch group ID igmp static-add MCAST IF_NAME [MAC]

  switch group ID igmp static-del MCAST IF_NAME [MAC]

  switch group ID igmp dump [detail] 

 switch group ID igmp lmqt Value

 switch group ID igmp gmi Value

 switch group ID igmp router-port { off | on }

 switch group ID igmp flood-reports { off | on }

 switch group ID igmp zero-query-permit { off | on }

 switch group ID igmp srcip IP

 switch group ID igmp join-limit [IF_NAME] N [include $ACL] [except $ACL]

 switch group ID igmp querier [vlan N] {start|stop|clear}

 switch group ID igmp querier [[no]election] [source IP] [mcast X[,Y,...]]

switch group ID igmp querier interval Value

 

switch group ID flood-unicast {off | on}

switch group ID inband {off | on}

switch group ID order N

switch group ID 

           [setpri | addpri PRIO]

           [qmch CHAN]

          {deny | permit | showrules | showback}

switch group ID 

          dump [interface] [WILDCARD]

          [dbdelete MACADDRESS]

          {start [discard] | stop | remove | statistics}

switch group ID {in-trunk} [{ID | 0}]

switch group ID {add | del} IFNAME[:{TAG|0}] ...

The command adds or deletes specified interfaces to/from the switching group.

  • "ID" – numeric switching group identifier (1-4095)
  • "add|del" – these commands add/delete specified interfaces to/from the switching group. If “add” keyword is used and there is no switching group with ID identifier, it will be automatically created.
  • "IFNAME" – network interface name which should be added or deleted from the switching group.
  • "TAG" - this option allows different manipulations with VLAN tags of the packet when the packet is sent through this interface. The following options are available:
    • "TAG" is specified for the interfaces and its value is >0. That means that any packet forwarded to the interface by the switch will be tagged with a VLAN tag TAG. If the packet already had a tag, this tag will be retagged to TAG
    • "TAG" is not specified. This means that the packet stays unmodified
    • "TAG" is specified and its value is zero. This means that the packet sent through this interface will be untagged if it was previously tagged or sent without any changes if it was not tagged.

Example,

switch group 3 add rf5.0:10 eth0:0

In this example, all packets switched by group 3 will be tagged with VLAN TAG 10 when sending through rf5.0 interface and will be untagged when sent through eth0 interface.

NOTE

All packets destined for the switch are always untagged.

switch group ID {repeater|trunk|uncoupled} {on|off}

This command turns on/off the "repeater", "trunk" or "uncoupled" modes.

In the "repeater" mode the group switches the packets simply by sending them to all the device’s interfaces except the one the packet was received from.

In the "trunk" mode, the group switches all the packets received through "eth*" interfaces in such a way that when packets are sent to "rf*" interfaces, these packets are places in a group with a number corresponding to the packet’s VLAN TAG. When receiving the packet from "rf*" interfaces, trunk group sends these packets to "eth*" interface tagging them with a switch group number this packet was received from.

If a Ring/redundant network is connected to a CORE network in multiple points, STP loops can be formed in the CORE network. Thus, STP-enabled switches may block some of the links. Switching groups with "uncoupled on" parameter blocks the traffic between each other even if they have the same switching group number. This does not affect the traffic to come into the wireless network. For the incoming traffic intermediate nodes only use the closest uncoupled node. This improves the effectiveness of network utilization.

Example,

switch group 12 trunk on

If trunk group which will provide transmission of multiple VLAN flows in different directions is enabled on device then "in-trunk" option should be used on a subscriber station for exact instruction of what trunk group is the group:

switch group ID in-trunk [{ID|0}]

For example, if a Group №100 on a subscriber station is a member of a trunk Group №5 (Group №100 was formed as a result of conversion of VLAN ID №100 into the Group №100), subscriber station switch configuration should have the following command: "switch group 100 in-trunk 5"

This option allows creating multiple disjoined trunk groups in the same network with the same VLAN flows inside.

switch group ID vlan {TAG|LIST|0} [[no]bidir]

This command defines that the group will switch the packets which are tagged with TAG VLAN tag or with VLAN tags specified is a LIST of "numrange" type. In order to cancel this VLAN filtration, TAG should be specified as zero.

The "bidir" option enables two-way traffic classification by VLAN ID (from and into the wired segment). The option can be useful for a Ring (or redundant) topology network transmitting multiple VLANs when the traffic with certain VLAN IDs is picked up at junction points.

NOTE

When enabling this VLAN tag filter other rules (see below) do not work.

Example,

switch group 5 vlan 5
switch group ID xvlan {TAG|LIST|0} [[no]bidir]

This command unlike the "vlan {TAG|LIST|0}" rule allows groups to handle also not tagged packets.

Examples,

switch list MYNET numrange add 100 200 300
switch group 10 xvlan MYNET
switch group 10 trunk on

Group №10 would handle packets tagged with VLAN IDs 100, 200, 300 as well as not tagged packets. Not tagged packets will be sent to MINT network with its own group number (in this case 10), tagged packets – with group numbers concurred with VLAN ID.

switch list MYNET numrange add 100 200 300
switch group 20 vlan MYNET
switch group 20 trunk on

Group №20 handles only tagged packets from the MYNET list and transmits them upgrading VLAN ID number to appropriate group (and vice versa).

switch list MYNET numrange add 100 200 300
switch group 30 vlan MYNET
switch group 30 trunk off

Group №30 handles only tagged packages from the MYNET list and transmits them without changing with the group number 30.

switch group ID nvlan {[on]|off}

This command defines that group will switch only the packets not tagged with VLAN tag.

switch group ID info INFO_STRING

This command allows adding comments to switch group description.

switch group ID setid NEWID

This command changes ID of the switching group to NEWID.

Example,

switch group 3 setid 7
switch group ID         
         [dump [interface] [WILDCARD]]
         [dbdelete   MACADDRESS]
         {start [discard] |stop | remove | statistics}
  • "dump" – prints the database of all known MAC-addresses
  • "interface" – prints the database of all known MAC-addresses by grouping them according to interfaces
  • "WILDCARD" – the output will be filtered according to the WILDCARD criteria.
  • "dbdelete MACADDRESS" – deletes all records from MAC-address database connected with a specified MACADDRESS
  • "start|stop" – starts/stops a specified switching group
  • "restart" – restarts the switching group (same as “switch group ID start; switch group ID start” set of commands). The command is used to clean the switching group database
  • "remove" – deletes a specified switching group from the switch configuration
  • "statistics" - statistic of specified switching group.

Examples,

switch group 3 dump eth0
switch group 5 start

In order to deal with upstream multicast flows in video surveillance systems two additional parameters are introduced - "upstream" and "downstream".

switch group ID {(up|down)stream} {SCID|0}

For example, we have nodes with numbers 1, 2, 3, 4, 5 and 6 that are connected to digital cameras which broadcast video traffic using multicast packets. All of these flows need to be transferred to a video server the best way without flooding the network with unnecessary broadcast packets.

Figure - Example

Entire downstream (from server to camera) traffic, if any, is transferred in group number 1000 in which all the nodes are located. But upstream flows from each camera are transmitted directly to the nearest hub of the group.

A feature of this solution is the ability to set multiple concentrators with the same number of the group. To address the problem broadcast storm that could arise from the fact that the concentrators are included in the various ports switch of one wire in MINT restricted - Broadcast and downstream concentrators never use each other to carry traffic. Furthermore, the availability of options "upstream" ensures that the terminal nodes will choose to send packages only one hub, but it is the shortest way to the nearest hub.

A distinctive feature of such solution is a possibility to use different hubs with the same group number. To eliminate broadcast storm that could have happened because of the connection of several hubs to different ports of the same switch – trunk and downstream hubs never use each other for traffic transmission. Moreover, upstream option guarantees that nodes will choose only one hub for packet delivery (the shortest route to the nearest hub).

MAC Switch supports STP protocol, namely two its versions: STP and RSTP. To implement this feature the following switch commands are introduced:

switch group ID stp { off | on | dump }

This command with off/on options enables or disables STP for the group. Dump option allows to see STP state of the group.

Figure - “switch group ID stp dump” command output
switch group ID stp priority [PRIO]

This command sets STP priority of a switch, where [PRIO] – priority value. If priority is not specified then default value 57344 is set. When setting priority value one should take into consideration that it will be automatically rounded down to a value divisible by 4096 (step 4096).

switch group ID stp forwarddelay [DELAY]

This command sets STP parameter «forward delay» which determines a time that switch spend in “listening” and “learning” states, where "[DELAY]" – time value in seconds. If not specified default value is set that is equal to 15 seconds.

switch group ID stp maxage [TIME]

This command sets STP parameter «MAX age» which determines time for switch to deliver BPDU-packet, where "[TIME]" – value of this parameter in seconds. If not specified default value is set that is equal to 20 seconds.

switch group ID stp port IFNAME priority [PRIO]

This command sets STP switch, where "IFNAME" – port interface name, "[PRIO]" – port priority value. If not specified default value is set that is equal to 128. When setting priority value one should take into consideration that it will be automatically rounded down to a value divisible by 16 (step 16).

switch group ID stp port IFNAME cost [COST]

This command sets STP parameter «cost» of a switch port which determines switch port cost, where "[COST]" – value oh this parameter. If not specified default value is set that is equal to 200000 for RSTP, 65535 for STP.

Example,

switch group 1 add eth0 rf5.0
switch group 1 stp priority 36864
switch group 1 stp on
switch group 1 start

In this example switch group «group 1» is configured. STP protocol support is enabled and STP switch priority is set to 36864 for this group.

switch group ID igmp { off | on }

This command disables/enables “IGMP snooping” function for the switching group.

Example,

switch group 1 igmp on
switch group ID order N

The logic of assigning switch groups to packets is the following:

  • Groups are run over in the order of their appearance in a configuration.
  • The first group that is suitable for a packet is chosen and the process is stopped.

The command sets the order in which the concrete group will be run over during the assigning process.

switch group ID [ setpri|addpri PRIO]

This command allows setting/increasing the priority of packets passing through the group. “Setpri" parameter is used to change a priority to the value specified in the command. When using “-1” value a package priority is dropped to the lowest priority. "Addpri" is used to change a priority only in case it is higher than the previous one (Note: the smaller is the value the higher is the priority). So you can only increase priority using "addpri" parameter.

Example,

switch group 1 addpri 15
switch group ID {deny | permit}

This command permits or denies processing and sending out the packets which belong to this group.

switch group ID {showrules}

This command displays detailed information about the group’s classification rules, including the hits counter for each rule.

switch group ID {showblack}

This command displays the list of MAC-addresses that are blocked due to the indeterminacy of their owner.

switch igmp dump [detail]

This command allows to see a list of IGMP hosts which are subscribed to Internet Protocol multicast group.

Figure - «switch igmp dump» command outputs

Parameter “detail” allows seeing detailed information on multicast-subscribers.

switch igmp lmqt Value

This command sets «Last Member Query Time» value, i.e. the maximum time during which the switch will wait for the answer from active subscribers after receiving “IGMP leave”. If no answer is received the switch will stop Multicast packets delivery to the particular Gateway. Gateway is an Ethernet interface or radio interface with a MAC-address of the device on the other side of the link.

switch igmp gmi Value

This command sets «Group Membership Interval» value, i.e. the amount of time that must pass before a Multicast Router decides there are no more clients subscribed to a Multicast group (no more “IGMP report” messages in the group).

switch igmp static-add MCAST IF_NAME [MAC]

This command creates Multicast-address static subscription.

switch igmp static-del MCAST IF_NAME [MAC]

This command removes Multicast-address static subscription.

switch igmp router-port { off | on }

This RFC-required command instructs the switch to forward multicast streams not only to subsсriber ports, but also to all router (querier) ports.

switch igmp flood-reports { off | on }

Enables IGMP report packets forwarding to all ports, not just the routers (querier) ports. Default setting is off.

switch igmp srcip IP

This command allows replacing a source IP-address in IGMP Report packets with the one specified in the “IP” parameter.

 switch igmp zero-query-permit { off | on }

Enables IGMP Query/Join packets processing for packets with 0.0.0.0 source IP-address. Default setting is off.

switch igmp querier [vlan N] {start|stop|clear}

This command starts/stops (start/stop) «Querier» function operation. «IGMP Querier» substitutes the functions of Multicast Router when organizing video systems using «IGMP Snooping» services.

"IGMP Querier" parameters:

  • "vlan N" – defines the VLAN that uses «IGMP Snooping» services
  • "clear" - deletes IGMP Querier configuration.
switch igmp querier [[no]election] [source IP] [mcast X[,Y,...]]
  • "[no]election" - when the IGMP Querier function is enabled, this option disables/enables the process of election of the IGMP Querier operating on the network segment. According to the standards, each network segment should have a single IGMP Querier, that has the lowest source IP-address. Default setting is enabled.
  • "source X" – sets source IP-address for Multicast packets
  • "mcast X[,Y,...]" – sets concrete Multicast Group (or a number of groups) to be allowed for subscription
 switch igmp querier interval Value

Specifies the interval to send IGMP Querier packets in seconds.

switch group ID igmp join-limit [IF_NAME] N [include $ACL] [except $ACL]

Use this command for limiting the number of active unique IGMP multicast group. Once the group limit is reached, subsequent join requests are rejected.

  • "include" -  list of addresses / networks covered by this limitation. 
  • "except" - list of exceptions.

Interface commands

Syntax:

switch interface IFNAME mac-limit N

Use this command to limit the number of dynamically  learned MAC-addresses per interface. Once the limit is reached no more MAC-addresses will be learned. Traffic with source MAC-addresses that have not been learned will be blocked.

Rules configuration commands

Rules are used for the following purposes:

  • Selecting an appropriate switching group when packet is received through eth* interface. Packet will be switched only by that group to which rules it fully satisfies.
  • When packet is chosen by the switching group and group decides whether this packet needs to be sent through one of the interfaces. The packet will only be sent if it satisfies the rules of this interface.

The rules consist of rules list and a decision by default (deny/permit). Each rule consists of a sequential number, condition and decision (deny/permit). While going through the list, the switch checks whether a packet matches the rule. If it matches the rule, the decision set for this rule is applied to the packet. Otherwise, the list of rules is viewed further. Rules are taken according to their sequential number in ascending manner. If a packet does not match to any rule, the default decision for this group or interface is taken.

The condition might consist of one or several parameters which are checked with the packet. Five packet parameters can be checked:

  1. Source interface (iface)
  2. Source MAC-address (src)
  3. Destination MAC-address (dst)
  4. VLAN tag (vlan)
  5. Ethernet-level protocol number ( proto )

For each parameter a corresponding list of values should be specified. Moreover, in the condition a PCAP expression may be present. This expression will be considered as a “pseudo parameter” of the packet and is called "match". Therefore, the packet is considered to have matched the condition, if all its parameters match to the corresponding acceptable values from the lists and/or the packet satisfies to the expression of "match" type. One or more parameters might be missing in a condition clause – in this case it will mean that packet satisfies to that part of the condition which is missing. If the list of acceptable values is empty, non of the values of the corresponding parameter can match the condition even if this parameter is missing in the packet (for example, VLAN tag).

Rules configuration is implemented using the following command:

  switch {group ID | interface IFNAME} rule NUMBER
       [set NEWNUMBER] [not]
       [src   LIST] [dst   LIST] [vlan  LIST]
       [iface LIST] [proto LIST] [match LIST]
       [ setpri|addpri PRIO ] [qmch CHAN]
       [ deny | permit ] [ remove ]
  • "ID" and "IFNAME" – number of the group or interface
  • "NUMBER" – sequential rule number
  • "set NEWNUMBER" – changes the number of the rule to NEWNUMBER
  • "remove" – deletes the rule
  • "deny | permit" – sets the decision for the corresponding rule
  • "src, dst, vlan, iface, proto, match" – commands for specifying the lists of acceptable values for the corresponding parameter of the packet.
  • "setpri|addpri prio" - command allows setting/increasing the priority of packets passing through the group. “Setpri" parameter is used to change a priority to the value specified in the command. When using “-1” value a package priority is dropped to the lowest priority. "Addpri" is used to change a priority only in case it is higher than the previous one (Note: the smaller is the value the higher is the priority). So you can only increase priority using "addpri" parameter.

Example,

switch list MACGROUP1 MACGROUP1 mac add00:01:02:03:04:0500:11:12:13:14:15
switch list VGROUP numrange add 10 20-30 40
switch list IP_NET3845 match add ‘arp net 195.38.45.64/26 || ip net 195.38.45.64/26’
switch group 5 rule 10  src MACGROUP1 vlan VGROUP match IP_NET3845 deny
switch group 5 rule 20   dst MACGROUP1 vlan VGROUP match IP_NET3845 deny
switch group 5 permit
switch group 1 rule 1 setpri 10

In order to configure a default decision for group/interface the following command should be used:

switch {group ID | interface IFNAME}
       {deny | permit }

Control commands

Syntax:

 switch resynchronize

  switch trace { off | on | verbose | filter "pcap expr"}

  switch stptrace { off | on }

  switch stpblock { off | on }

  switch {dump [WILDCARD]|MACADDRESS}


 switch igmp-snooping dump [detail] 

 switch {start | stop | restart | destroy | dead-interval DEAD_INTERVAL}

 switch statistics [(clear|help|ID)]

 switch maxsources (MAXSOURCES|0) # default 5000

switch resynchronize

Forces unit to reload lists which had an external file as a source.

switch trace { off | on | verbose | filter "pcap expr"}

Disables (off) / enables (on) logging the service information into the system log.

  • "Verbose" option enables more detailed information to be written into the system log
  • Filter "pcap expr" option enables tracing how packets of the given type are being processed by the switch.

Example,

sw trace filter "ether host 00:11:22:33:44:55"
sw trace filter "net 1.2.3.0/24"
sw trace off - disables the filter action
switch stptrace { off | on }

Disables (off) / enables (on) logging of the STP service information into the system log.

switch stpblock { off | on }
  • Stpblock on” command prevents STP frames forwarding in the switch mode when STP support is disabled on the unit. To allow STP frames forwarding use “stpblock off” command.

Switch MAC-address database is a routing table of MAC-layer which contains information on how the packet should be delivered to its destination (dst). Each switching group has an independent database. Records in the database are formed automatically based on the source address of the packet which was received by one of the interfaces included into a switching group.
Moreover, the database always contains records corresponding with interfaces included into the switching group. These records are called local records. Each records has its life span. If, during this life span, none of the interfaces have received a packet with a source address from this record, this record is deleted from the database. By default, life span is five minutes. To change this parameter, the following command can be used:

switch dead-interval <DEAD_INTERVAL_IN_SECONDS>

To start/stop/restart the switch, the following command can be used:

switch {start | stop | restart}

To clear the switch configuration please use the following command:

switch {destroy}

To view the switch statistics please use the following command:

switch statistics [(clear|help|ID)]

The statistics shows the information on forwarded/flooded/dropped packets and records of the switch MAC-address table.

  • clear” - clears the switch statistic
  • help” - shows a list of the descriptions of the drooped packets reasons used in the switch statistics command output.

The following command can be used to view switch stats for each switch group:

If a switch group ID is specified in the command string, the output displays separate packet stats for each VLAN that belongs to that switch group.

The following command allows setting the maximum allowed number of records in the switch MAC-address table:

switch maxsources (MAXSOURCES|0)

The default number of records is 5000. When the value “0” is used the number of records is set to minimum possible of 500.

Sample configuration

switch list VGROUP numrange add 10 20-30 40

switch list ALL_VLAN numrange add 0-4095

 

switch group 5 add eth0 rf5.0

switch group 5 rule 10 vlan VGROUP permit

switch group 5 deny

switch group 5 start

 

switch group 15 add eth0 rf5.0

switch group 15 rule 10 vlan VGROUP deny

switch group 15 rule 11 vlan ALL_VLAN permit

switch group 15 deny

switch group 15 start

 

switch group 25 add eth0 rf5.0

switch group 25 rule 10 vlan ALL_VLAN deny

switch group 25 permit

switch group 25 start

switch start

Here three switching groups are created. Group 5 switches the packets with VLAN tags 10, 20-30 and 40. Group 15 switches the packets with any VLAN tag with exception for those switched by group 5. Group 25 is switching all the packets without VLAN tags. Moreover, group 25 will be used to send the traffic to “outer” world.

  • No labels