₦airaland Forum

Two S12708 agile switches are deployed to
set up a cluster switch system (CSS) at the core layer. The S5700LI switches at the
aggregation and access layers are enabled with only Layer 2 forwarding (the S7700 core
switches in the original networking are used at the aggregation layer). Some APs are deployed
in the campus as needed. The S5700LI switches are deployed at the access layer to connect to
and manage wired users and APs, providing wired and wireless coverage for the campus.

When configuring an OSPF process, you can specify a router ID.

For example, you can run the ospf 1 router-id 1.1.1.1 command:

[HUAWEI] ospf 1 router-id 1.1.1.1If no router ID is specified when the OSPF process is configured, the OSPF router ID is selected according to the following rules:

If one or more loopback addresses are configured, the router ID is the loopback address with the highest IP address.
If no loopback address is configured, the router ID is the interface with the highest IP address.
NOTE:
If the current OSPF process is running, the router ID does not take effect immediately even if it is re-configured manually or recalculated. The router ID takes effect only after the OSPF process is restarted.
S7700, S9700

BGP MD5 authentication is designed to prevent TCP attacks. When the MD5 algorithm is adopted, the MD5 password and TCP+BGP packets are input for calculation and then result A is saved in the TCP packet. The TCP peer resolves the result to check whether the TCP packet is a fake one. If so, it discards this TCP packet to guarantee stable TCP connection.

The simple parameter and cipher parameter only determine in which mode a password is displayed.
For the simple parameter, the password is displayed in the plain text.
For the cipher parameter, the password is displayed in the cipher text.
If the same password is configured on both ends, the two ends adopt the same password during interworking.

LS-S7703,S7700

This topic describes the principles of data planning for Internet and Wi-Fi access services and will focus on the VLAN planning and VLAN translation policy planning in different network scenarios.
VLAN and VLAN Translation Policy

Table 1 Planning of VLANs and VLAN translation policies for Internet access service
Application Scenario
VLAN Plan
VLAN Translation Policy
Bridging+Voice ONT
Double-tagged VLAN
ONT: ONTs configure the VLAN and add the same C-VLAN tag to packets. All ONTs are in the same C-VLAN.
OLT: The OLT performs VLAN translation: C<->S+C'. The C'-VLAN of every ONT differs from each other.
Bridging ONT + HGW
Double-tagged VLAN
ONT: The upstream packets sent from the HGW carry user-VLANs and the ONT transparently transmits them.
OLT: The OLT translates the U-VLAN to S-VLAN+C-VLAN.
Gateway ONT
Double-tagged VLAN
ONT: ONTs configure the VLAN and add the same C-VLAN tag to packets. All ONTs are in the same C-VLAN.
OLT: The OLT performs VLAN translation: C<->S+C'. The C'-VLAN of every ONT differs from each other.
Table 2 Planning of VLANs and VLAN translation policies for Wi-Fi access service
Application Scenario
VLAN Plan
VLAN Translation Policy
Gateway ONT
Single-tagged VLAN
ONT: ONTs configure the VLAN and add the same C-VLAN tag to packets. All ONTs are in the same C-VLAN.
OLT: The OLT performs VLAN translation: C<->S.
Note:
User VLAN: VLAN carried by packets going upstream from user-side devices (such as a home gateway), U-VLAN for short.
C-VLAN: VLAN added based on the ONT/ONU port. For details, see the description of the Double-tagged VLAN S+C.
Double-tagged VLAN S+C: C indicates the inner VLAN (C-VLAN) and S indicates the outer VLAN (S-VLAN).
Double-tagged VLAN S+C': C' indicates the translated inner VLAN (C'-VLAN) and S indicates the outer VLAN (S-VLAN).
Single-tagged S-VLAN: Single-tagged VLAN marked or translated by the OLT. It is generally used in a single-tagged VLAN translation scenario.
C<->S+C': Bidirectional VLAN translation: translates the C-VLAN and then adds an S-VLAN.
C<->S+C: Bidirectional VLAN translation: maintains the C-VLAN and adds an S-VLAN.
NOTE:
To ensure traceability of users and finer-grained QoS control and management of users and services, plan per user per service per VLAN (PUPSPV) for the Internet access service. Considering OLT capacity and VLAN scalability, use dual VLANs (S-VLAN+C-VLAN) on the OLT to differentiate users for the Internet access service.
The outer VLAN (S-VLAN), which identifies services and physical location, can be allocated based on the OLT, PON board, or PON port. The inner VLAN (C-VLAN) identifies users. C-VLANs must be unique in one S-VLAN.
It is recommended that you use stacking VLANs as S-VLANs so that security features, such as PPPoE+/option82, and anti-MAC attacks and anti-MAC spoofing, can be easily deployed.
The 802.1q in 802.1q (QinQ) VLAN is used in the enterprise private line scenario, such as transparent LAN service (TLS), in which the device transparently transmits packets. It is not recommended that you use QinQ VLANs as S-VLANs for the triple play services of residential users.

When the available memory of a switch is low, the SOCK first send packets in high-priority queues to the CPU. When the available memory is very low, the SOCK sends only Hello packets to the CPU. As a result, LSAs in the OSPF LSDB cannot be updated. When the age of LSAs reaches 3600s, OSPF cannot calculate routes. Because ACK packets are not sent to the CPU, LSAs in the LSDB cannot be aged.

To address this problem, you can adjust the memory usage threshold, delete unwanted sub-interfaces, and expand memory capacity.


S9700, S7700

Perform the following steps to solve this problem:

1. Check whether the IP address is valid.
2. Check whether the forwarding address is known and reachable.
3. Check whether the routes are summarized or redistributed correctly.
4. Check whether different masks or IP addresses are used in the Peer-to-peer (P2P) connection.
5. Check whether route lists are advertised.
6. Check whether the backbone area is disconnected.
7. Check whether OSPF is enabled on the secondary address but not on the primary address.
LS-S9703, LS-S9706

In the gigabit-capable passive optical network (GPON) system, a GPON encapsulation mode (GEM) frame is the smallest service-carrying unit and the basic encapsulation structure. All service streams are encapsulated into the GEM frame and transmitted over GPON lines. The service streams are identified by GEM ports and each GEM port is identified by a unique port ID. The port ID is globally allocated by the OLT. Therefore, the ONUs connected to the same OLT cannot use GEM ports that have the same port ID. A GEM port is used to identify the virtual service channel that carries the service stream between the OLT and the ONU. It is similar to the virtual path identifier (VPI)/virtual channel identifier (VCI) of the asynchronous transfer mode (ATM) virtual connection.
A GEM header consists of PLI, Port ID, PTI, and header error check (HEC) and is used for differentiating data of different GEM ports.
PLI: indicates the length of data payload.
Port ID: uniquely identifies a GEM port.
PTI: indicates the payload type. It is used for identifying the status and type of data that is being transmitted, for example, whether the operation, administration and maintenance (OAM) message is being transmitted and whether data transmission is complete.
HEC: ensures the forward error correction (FEC) function and transmission quality.
Fragment payload: indicates the frame fragment.
The following section describes the GEM frame structure based on the mapping of the Ethernet service in GPON mode
The GPON system parses Ethernet frames and maps data into GEM payloads for transmission.
Header information is automatically encapsulated into GEM frames.
The mapping format is clear and has good compatibility.

Command
Description

display ospf interface
Displays OSPF interface information.

ospf network-type
Sets the network type for an interface.
S7700

Board replacement is necessary in the following scenarios:
1.Board fault: When a GPBD board cannot function normally due to a board fault and this type of board is out of production, you can replace this board.
2.Board capacity expansion: The number of ports on a board cannot meet the service requirements on the live network.
Function enhancement: The functions of a board cannot meet the service requirements on the live network.

DR refers to the designated router. BDR refers to the backup designated router. DR other refers to the router that is neither DR nor BDR. The DR can broadcast the network link status to all the routers on the network.

The rules for electing a DR are as follows:

1. After an interface becomes Up, routers send Hello packets and at the same time enter the waiting state. In this case, the waiting timer is generated and its value is the same as the value of the dead timer. The value defaults to 40s and cannot be adjusted.

2. Before the waiting timer is triggered, the sent Hello packets do not contain the DR or BDR fields. During the waiting period, if the received Hello packets contain the DR or BDR field, the election is not triggered and routers directly leave the waiting state to start neighbor synchronization.

3. Assume that a DR and a BDR already exist on the network. In this case, the router that is newly added to the network does not change the existing DR or BDR regardless of the value of its router ID.

4. When the DR becomes Down because of a fault, the BDR takes over the role of the DR and the remaining devices whose priority is larger than 0 compete to become the new BDR.

5. The DR is elected based on the following rules only when routers with different router IDs or DR priorities become Up and perform DR election at the same time. The DR election rules include: The router with the highest DR priority becomes the DR, and the router with the second highest DR priority becomes the BDR. The router with DR priority 0 can only be a DROther. If the routers have the same DR priority, the router with the largest router ID becomes the DR, the router with the second largest router ID becomes the BDR, and other routers become DR others.
Huawei MA5683T, Huawei MA5608T, Huawei OSN3500

GPON encapsulation mode (GEM) ports and transmission containers (T-CONTs) divide a PON network into virtual connections for service multiplexing.
Each GEM port can carry one or more types of service stream. After carrying service streams, a GEM port must be mapped to a T-CONT before upstream service scheduling. Each ONU supports multiple T-CONTs that can have different service types.
A T-CONT can be bound to one or more GEM ports, depending on customers' data plan. On the OLT, GEM ports are demodulated from the T-CONT and then service streams are demodulated from the GEM port payload for further processing.
Service Mapping Relationships
In the upstream direction,
An ONU sends Ethernet frames to GEM ports based on configured mapping rules between service ports and GEM ports. Then, the GEM ports encapsulate the Ethernet frames into GEM packet data units (PDUs) and add these PDUs to T-CONT queues based on mapping rules between GEM ports and T-CONT queues. Then, the T-CONT queues use timeslots for upstream transmission to send GEM PDUs to the OLT.
The OLT receives the GEM PDUs and obtains Ethernet frames from them. Then, the OLT sends Ethernet frames from a specified uplink port based on mapping rules between service ports and uplink ports.
In the downstream direction,
The OLT sends Ethernet frames to the GPON service processing module based on configured mapping rules between service ports and uplink ports. The GPON service processing module then encapsulates the Ethernet frames into GEM PDUs for downstream transmission using a GPON port.
GPON transmission convergence (GTC) frames containing GEM PDUs are broadcast to all ONUs connected to the GPON port.
The ONU filters the received data according to the GEM port ID contained in the GEM PDU header and retains the data only belonging to the GEM ports of this ONU. Then, the ONU decapsulates the data to Ethernet frames and sends them to end users using service ports.

Normally, the J1 byte to be transmitted and the J1 byte to be received in the higher order path should be the same. The HP_TIM alarm is generated on the EGT2 and EFS0 boards. To solve this problem, manually set the J1 byte to be received and the J1 byte to be transmitted to the same values.
Product

OptiX OSN3500
Fault Type

Ethernet fault
HP_TIM
Symptom

When the Ethernet services are configured, the J1 byte to be received and the J1 byte to be transmitted are set to the same values. The HP_TIM alarm, however, is generated on the EGT2 and EFS0 boards.
Cause Analysis

After the Ethernet services are configured, the Ethernet boards at both ends generate the HP_TIM alarm. Check the J1 byte in the single-byte mode on the overhead management interface on the T2000. It is found that the J1 byte to be received and the J1 byte to be transmitted are set to the same values (displayed in hexadecimal). Check the J1 byte in the 16-byte mode. It is found that the J1 byte to be received and the J1 byte to be transmitted are set to different values. Change the value of the J1 byte to be transmitted of the EGT2 or EFS0 board. It is found that the J1 byte received on the other board remains unchanged.
Procedure

Set the J1 byte to be received by the RX Ethernet board in the VC-4 on the SDH line board that corresponds to the TX Ethernet board. Then, the HP_TIM alarm is cleared.
Reference Information

The J1 byte to be received of the RX Ethernet board should be set in the VC-4 on the SDH line board that corresponds to the TX Ethernet board. Change the values of the J1 byte to be transmitted and the J1 byte to be received on the SDH line to prevent the HP_TIM alarm form being generated on the line.

The SSN1EGS2 boards of the OptiX OSN3500 are configured with services. One SSN1EGS2 board can work normally but the other SSN1EGS2 board fails to work. Check the transmit optical power. It is found that the transmit optical power of the board that works normally is -9 dBm and the transmit optical power of the board that fails to work is -28 dBm.

The network-wide settings of the SSM clock protocol are different. As a result, the clock is lost. To solve this problem, unify the network-wide SSM protocol.
Product

OptiX OSN3500
Fault Type

Configuration_Problem
Symptom

The OOL alarms are generated irregularly. The last OOL alarm is generated when the main EXCSA board is switched to the standby EXCSA board. The equipment where the EXCSA board is located provides the main clock source for the other equipment on the network.
The EXCSA board reports the OOL, SYN_BAD, and S1_SYN_CHANGE alarms. The OOL alarm indicates that the line clock of the input signal is not traced but is locked by the SDR phase-locked ring. The synchronization source of the EXCSA board is lost. Hence, the synchronization alarm is generated.
Cause Analysis

The standard SSM protocol is enabled for the equipment that generates the alarms, but the extended SSM protocol is enabled for the other equipment on the network. As a result, the input clock signal is not traced and the synchronization alarm is generated.
Procedure

Modify the configuration of the clock subnetwork, that is, enable the extended SSM protocol, and then find that the alarm is cleared.

After the standby XCS board is inserted for half a minute when the ejector lever on the main XCS board is not closed, the services are interrupted for tens of seconds. Before you insert an XCS board into a subrack where the services are activated, ensure that the ejector lever on the front panel of the main XCS board is in the closed state.
Product

OptiX OSN3500
Fault Type

Service interruption
Symptom

Insert the standby XCS in the OptiX OSN3500. If the ejector lever on the front panel of the main XCS in the current subrack is in the open state, in 30 seconds, the services are interrupted for tens of seconds.
Cause Analysis

None.
Procedure

Before you insert an XCS board into a subrack, especially when the services are activated, ensure that the ejector lever on the front panel of the main XCS board is in the closed state.
If the ejector lever on the front panel of the main XCS board is not in the closed state, close the ejector lever and then insert the standby XCS board.

If the service board of the device is a GPON service board, the device has two multicast forwarding mechanisms and you can configure the forwarding mechanism based on MVLAN.

Single-copy duplication

This is the most common duplication mode of GPON multicast (it also refers to the mode mentioned in this document unless otherwise stated). This mode makes the best of the GPON downstream WDM transmission principle and sends multicast data to all ONTs using the non-encrypted GEM port bearer channel. Each ONT receives the multicast data according to the multicast filtering table. For the corresponding hardware forwarding entry, see "Multicast Forwarding Table."

Multi-copy duplication

The primary difference between single-copy duplication and multi-copy duplication is that, in multi-copy duplication, multicast data is duplicated to corresponding service ports according to user requirements, encapsulated in the encrypted unicast GEM port channel, and then sent to the ONT. The following table shows the multicast forwarding table at the GPON board level.