.jpeg)
Connected to it with a console cable at a speed of 9600.
There was no configuration, all ports are turned off.
There may be a standard identical username and password admin
After connecting, we will go into the setup mode
enableconfig
Let's see what is the saved and active configuration:
show configurationshow running-config
Let's start setting up!
1) Remove the standard vlan 1 and add the management vlan (I have it 207), vlan 301 (client):
no interface vlan 1vlan 207,301exitinterface vlan 207description coreip address 192.168.1.3 255.255.255.0exitip default-gateway 192.168.1.1
2) I configured the fifth combo port as incoming (207 - management vlan, 301 - client):
interface gigaEthernet 0/5description UPLINKno shutdownswitchport trunk vlan-allowed 207switchport trunk vlan-allowed add 301switchport trunk vlan-untagged noneswitchport mode trunkexit
I chose a combo port so that I could enable the incoming link via copper or SFP.
3) Let's write a template for ONU (in the future they will register themselves, you will only need to add a description and save the config):
epon onu-config-template user1cmd-sequence 001 epon onu port 1 ctc vlan mode tag 301cmd-sequence 002 epon onu port 1 ctc loopback detectcmd-sequence 003 epon onu port 2 ctc vlan mode tag 301cmd-sequence 004 epon onu port 2 ctc loopback detectcmd-sequence 005 epon onu port 3 ctc vlan mode tag 301cmd-sequence 006 epon onu port 3 ctc loopback detectcmd-sequence 007 epon onu port 4 ctc vlan mode tag 301cmd-sequence 008 epon onu port 4 ctc loopback detectcmd-sequence 009 loopback-detection recovery-time 7200exit
Another example of commands for a template:
switchport port-security dynamic maximum 2switchport port-security mode dynamicepon onu all-port storm-control mode 4 threshold 256epon onu all-port ctc loopback detect
Manually allow only two MAC addresses per ONU:
interface EPON0/2:2switchport port-security dynamic maximum 2switchport port-security mode dynamic
4) Set up EPON ports:
interface EPON0/1no shutdowndescription ixnfoswitchport trunk vlan-untagged noneswitchport trunk vlan-allowed 301switchport mode trunkepon pre-config-template user1 binded-onu-llid 1-64filter dhcpfilter bpduswitchport protected 1interface EPON0/2no shutdowndescription ixnfoswitchport trunk vlan-untagged noneswitchport trunk vlan-allowed 301switchport mode trunkepon pre-config-template user1 binded-onu-llid 1-64filter dhcpfilter bpduswitchport protected 2interface EPON0/3no shutdowndescription ixnfoswitchport trunk vlan-untagged noneswitchport trunk vlan-allowed 301switchport mode trunkepon pre-config-template user1 binded-onu-llid 1-64filter dhcpfilter bpduswitchport protected 3interface EPON0/4no shutdowndescription ixnfoswitchport trunk vlan-untagged noneswitchport trunk vlan-allowed 301switchport mode trunkepon pre-config-template user1 binded-onu-llid 1-64filter dhcpfilter bpduswitchport protected 4
5) Add admin and password:
aaa authentication login default localaaa authentication enable default noneaaa authorization exec default localusername admin password 0 TEXTenable password 0 TEXTservice password-encryption
6) Specify from which IPs the admin is allowed to connect:
ip access-list standard MANAGEMENTpermit 192.168.1.2 255.255.255.255exitip telnet access-class MANAGEMENT
7) Specify the time zone and NTP server with which to synchronize the time (on new firmware, instead of sntp, you need to write ntp):
time-zone Kyiv +2sntp server 192.168.1.1sntp query-interval 3600
8) Configure SNMP:
snmp-server location testsnmp-server contact testsnmp-server community public ro MANAGEMENT
9) Set the device name and the length of the console line:
hostname TESTterminal width 256terminal length 256
10) Disable HTTP:
- no ip http server
Or configure with IP access from a previously created access-list:
|
Specify the period in seconds after which the port should turn on after the error-disable state:
- error-disable-recovery 10800
For the test, I took ONU BDCOM P1501C1 (no need to configure), FOXGATE 1001w and FOXGATE 1001c (no need to configure), Foxgate NR1001 (standard IP 192.168.101.8 admin / admin) and TP-Link EP110 (you need to disable DHCP by going to 192.168.1.1) , connected them through a 1 * 8 divider to the first PON port.
Let's save the settings:
- write
On new firmware, save like this:
- write all
This completes the basic setup.
Select the desired ONU and add a description:
interface EPON0/1:1description TEST
You can limit the speed on the ONU ports in kilobits, for this we will execute the commands (you can also specify them in the template above):
epon onu port 1 ctc rate-limit 15000 ingressepon onu port 1 ctc rate-limit 15000 egress
If it is necessary for the ethernet port of the ONU to pass 1Gb / s, then we specify (if not specified, then pir 100000 cir 1000 is used by default for all ONUs):
interface EPON0/3:15epon sla upstream pir 1000000 cir 10000epon sla downstream pir 1000000 cir 10000
If it is necessary that traffic can go between ONUs (which is not recommended!), then add the command for the port:
- epon inner onu switch
Optionally, instead of telnet, you can use SSH, which is enabled by the command:
- ip sshd enable
An example of setting up a GigaEthernet port with a vlan without a tag:
interface GigaEthernet0/6switchport mode accessswitchport pvid 301switchport protected 1
An example of including short SNMP descriptions, for example, by default: GigaEthernet0/1, EPON0/1, and with the executed command: g0/1, epon0/1:
|
If the Internet is supplied to UPLINK by one VLAN without a tag, then the configuration will differ as follows:
interface vlan 1
ip address 192.168.1.5 255.255.0.0
exit
ip default-gateway 192.168.1.1
interface gigaEthernet 0/5
description UPLINK
no shutdown
switchport mode access
switchport pvid 1
exit
- epon onu-config-template user1
cmd-sequence 1 epon onu port 1 ctc vlan mode tag 1
cmd-sequence 2 epon onu port 1 ctc loopback detect
cmd-sequence 3 epon onu port 2 ctc vlan mode tag 1
cmd-sequence 4 epon onu port 2 ctc loopback detect
cmd-sequence 5 epon onu port 3 ctc vlan mode tag 1
cmd-sequence 6 epon onu port 3 ctc loopback detect
cmd-sequence 7 epon onu port 4 ctc vlan mode tag 1
cmd-sequence 8 epon onu port 4 ctc loopback detect
cmd-sequence 9 loopback-detection recovery-time 7200
exit
interface EPON0/1
no shutdown
description test
switchport trunk vlan-untagged none
switchport trunk vlan-allowed 1
switchport mode trunk
epon pre-config-template user1 binded-onu-llid 1-64
filter dhcp
filter bpdu
switchport protected
If any ONU floods, for example EPON0/2:28, then you can disable the ethernet port on it (this will not help with a loop):
interface EPON0/2:28epon onu port 1 ctc shutdown
With a loop, you can blacklist the ONU and remove it from the port, after which the ONU will not be able to automatically register, and the logs will contain "reject" entries:
interface EPON0/2epon onu-blacklist mac e067.b37d.d3d3no epon bind-onu mac e067.b37d.d3d3
View firmware version, MTU, list of administrators:
show versionshow system mtushow local-users
On new firmware versions, the following MAC addresses are reserved and cannot be used:
X2:XX:XX:XX:XX:XX Local Administered
X6:XX:XX:XX:XX:XX Local Administered
XA:XX:XX:XX:XX:XX Local Administered
XE:XX:XX:XX:XX:XX Local Administered
To be able to use them, run the command:
- epon local-mac forward
An example of assigning an ONU IP address (if the ONU supports):
epon0/1:1#epon onu ip address static 192.168.5.5 255.255.255.0 gateway 192.168.5.1 vlan 1
epon0/1:1#epon onu ctc ip address static 192.168.5.5 255.255.255.0 gateway 192.168.5.1 cvlan 5 svlan 0 priority 0
Allow traffic between multiple ONUs (by default, traffic between all ONUs is prohibited):
