The "switch" command is used to configure MAC Switch.
Starting from "MINT 1.22.0" firmware version, switch mode is partially incompatible with other firmware versions. It is highly recommended to perform firmware upgrade for units working in switch mode. Compatibility for MINT protocol and routing is not disturbed. "Over The Air Firmware Upgrade" feature also can be used. |
Syntax:
MAC Switch V2.06 Usage: ________ LIST commands __________________________________ switch list LISTNAME [{iface | mac | numrange | match}] {add | del} [VALUE ...] dump [name] [WILDCARD] rename NEWNAME file FILENAME [flush|remove] ________ GROUP commands _________________________________ switch group ID {add | del} IFNAME[:{TAG|0}] ... switch group ID {repeater|trunk|unpaired} {on|off} switch group ID {(up|down)stream} {SCID|0} switch group ID [x]vlan {TAG|LIST|0} [[no]bidir] switch group ID nvlan {[on]|off} switch group ID info INFO_STRING switch group ID setid NEWID switch group ID stp { off | on | dump } switch group ID stp [vlan TAG] switch group ID stp priority [PRIO] #(default: 57344, step: 4096) switch group ID stp forwarddelay [DELAY] #(default: 15 sec) switch group ID stp maxage [TIME] #(default: 20 sec) switch group ID stp port IFNAME priority [PRIO] #(default: 128, step 16) switch group ID stp port IFNAME cost [COST] #(default: 200000(RSTP), 65535(STP)) switch group ID igmp { off | on } switch group ID igmp static-add MCAST IF_NAME [MAC] switch group ID igmp static-del MCAST IF_NAME [MAC] switch group ID igmp dump [detail] [name] switch group ID igmp lmqt Value switch group ID igmp gmi Value switch group ID igmp router-port { off | on } switch group ID igmp flood-reports { off | on } switch group ID igmp zero-query-permit { off | on } switch group ID igmp srcip IP switch group ID igmp join-limit [IF_NAME] N [include $ACL] [except $ACL] switch group ID igmp querier [vlan N] {start|stop|clear} switch group ID igmp querier [[no]election] [source IP] [mcast X[,Y,...]] switch group ID igmp querier interval Value switch group ID dhcp-snooping { off | on } #(default: off) switch group ID dhcp-snooping [no]trust IFNAME #(default: notrust) switch group ID dhcp-snooping [no]verify-mac #(default: verify) switch group ID dhcp-snooping option-82 [no]insert #(default: insert) switch group ID dhcp-snooping option-82 format { string ASCII-string | hex HEX-string | mac } #(default: mac) switch group ID dhcp-snooping option-82 untrusted-policy { drop | keep | replace } #(default: drop) switch group ID flood-unicast { off | on } switch group ID inband { off | on } switch group ID order N switch group ID set NEWNUMBER switch group ID [setpri|addpri PRIO] [qmch CHAN] switch group ID {deny | permit} switch group ID dump [interface] [WILDCARD] [dbdelete MACADDRESS] {start [discard]| stop | remove | stat | showrules | showblack} switch group ID {in-trunk} [{ID|0}] ________ INTERFACE commands _____________________________ switch interface IFNAME mac-limit N ________ RULES commands _________________________________ switch {group ID | interface IFNAME} rule NUMBER [not] [src LIST] [dst LIST] [vlan LIST] [iface LIST] [proto LIST] [match LIST] [ setpri|addpri PRIO ] [qmch CHAN] [ deny | permit ] [ remove ] _______ CONTROL commands _______________________________ switch resynchronize switch trace { off | on | verbose | filter "pcap expr"} switch stptrace { off | on } switch stpblock { off | on } switch stpmint { off | on } switch {dump [WILDCARD]|MACADDRESS} switch igmp[-snooping] dump [name] [detail] switch {start|stop|restart|destroy|dead-interval DEAD_INTERVAL[300]} switch stat[istics] [(clear|help|ID)] switch maxsources (MAXSOURCES|0) # default 5000 |
Search filters "WILDCARD" are used as arguments in various commands to form search queries that allow to describe certain groups of subjects. Following characters can be used:
Rules are used to select an appropriate switch group when packet is received through "eth*" interface. Packet will be switched only by that group to which rules it fully satisfies. Chosen group decides whether this packet needs to be sent through one of the interfaces. The packet will only be sent if it satisfies the rules of this interface.
The rules consist of rules list and a decision by default (deny/permit). Each rule consists of a sequential number, condition and decision (deny/permit). While going through the list, the switch checks whether a packet matches the rule. If it matches the rule, the decision set for this rule is applied to the packet. Otherwise, the list of rules is viewed further. Rules are taken according to their sequential number in ascending manner. If a packet does not match to any rule, the default decision for this group or interface is taken.
The condition might consist of one or several parameters which are checked with the following packet parameters:
For each parameter a corresponding list of values should be specified. Moreover, the condition may contain the PCAP filter. This expression will be considered as a packet "pseudo parameter" and is called "match". Therefore, the packet is considered to have matched the condition, if all of its parameters match to the corresponding acceptable values from the lists and/or the packet satisfies to the expression of "match" type. One or more parameters might be missing in a condition clause – in this case it will mean that packet satisfies to that part of the condition which is missing.
|
The following example shows how to use a wildcard template to display information about network interfaces "eth0" and "eth1". The "eth~" template using informs the "switch" command to display information about interfaces which names started with "eth" and has any symbol in the end. "Cost" – the cost (metric) of the route. "UsCNT" – a counter indicating how many times this record has been used, i.e. how many packets were sent to this MAC address.
| |||
Create "iface" type list with name "my_iface" and add network interfaces "eth0" and "rf5.0".
| |||
Create a list of values ranges named "vlans" and add value 10, values range 20...30 and 40 value.
| |||
Create "match" type list and add filter its effect will cover packets of all type protocol from "195.38.45.64/26" network.
| |||
In the following example "match" type list is also created, but filter covers only IP packets from "195.38.45.64/26" network.
| |||
Specify a text file as a values source.
In the following example list "macgroup1.txt" may contain the following lines:
| |||
Nodes with numbers 1, 2, 3, 4, 5 and 6 are connected to digital cameras which broadcast video traffic using multicast packets. All of these flows need to be transferred to a video server the best way without flooding the network with unnecessary broadcast packets. Downstream (from server to camera) traffic, if any, is transferred in group number 1000 in which all the nodes are located. But upstream flows from each camera are transmitted directly to the nearest hub of the group. A feature of this solution is the ability to set multiple switchs with the same group number. To address the problem broadcast storm that could arise from the fact that the switchs are included in the various ports switch of one wire in MINT restricted - Broadcast and downstream switchs never use each other to carry traffic. Furthermore, the availability of options "upstream" ensures that the terminal nodes will choose to send packages only one hub, but it is the shortest way to the nearest hub. | |||
To make switch group 100 on a subscriber station a member of a trunk group 5, the following command should be added to subscriber station configuration:
| |||
Display current STP state using the "switch group ID stp dump" command.
| |||
In the following examples all packets switching by group 3 will be tagged with VLAN 10 tag when sending through "rf5.0" interface and tags will be removed when sending through the "eth0" interface.
| |||
Enable a trunk group on the device that will transmit several VLAN flows in different directions.
On the subscriber devices "in-trunk" option must be used to specify which trunk group this group belongs to.
| |||
Group 10 will process packets with tags VLAN 100, 200, 300 and untagged packets which will be sent to the MINT network with 10 group number, tagged - with group numbers that match the VLAN tag.
Group 20 will process only tagged packets from MYNET list and changes the VLAN tag to the corresponding group number (and vice versa) before transmission.
Group 30 will process only tagged packets from MYNET list and transmits without changing with the group number 30.
| |||
Create switch group "1", enable STP for it and set the 36864 STP priority value.
| |||
There are three switch group.
| |||
Enable logging of packets with source MAC address "00:11:22:33:44:55" and "1.2.3.0/24" subnetwork processing by the switch.
| |||
Create three switch group. Group 5 switches packets with VLAN tags 10, 20-30 and 40. Group 15 switches packets with any VLAN tag with exception for those switched by group 5. Group 25 switches all packets without VLAN tag. In addition, group 25 will transmit inter-switch traffic.
|