Common configuration tasks

This section describes common configuration tasks.

Configuring Ethernet port parameters

This section describes Ethernet port configuration.

Ethernet network port

A network port is network facing and participates in the service provider transport or infrastructure network processes.

The following is a sample network port configuration output.

A:ALA-B>config>port# info
----------------------------------------------
description ‟Ethernet network port”
ethernet
exit
no shutdown
----------------------------------------------
A:ALA-B>config>port#

Ethernet network port configuration is supported only on the 7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C.

Ethernet access-uplink port

An access-uplink port is network facing and participates in the service provider transport or infrastructure network processes. This is similar to a network port concept.

A SAP can be created when a port is configured in access uplink mode. When a port is configured in access uplink mode, then the encapsulation type of the port is set to QinQ.

The following is a sample network port configuration output.

A:ALA-B>config>port# info
----------------------------------------------
description "Ethernet Access Uplink port"
----------------------------------------------
        ethernet
            mode access uplink
        exit
        no shutdown
----------------------------------------------------
A:ALA-B>config>port#

Access uplink port configuration is supported on the 7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C.

Ethernet access port

Services are configured on access ports used for customer-facing traffic. If a Service Access Port (SAP) is to be configured on a port, it must be configured as access mode or access uplink mode. When a port is configured for access mode, the appropriate encapsulation type can be specified to distinguish the services on the port. When a port has been configured for access mode, multiple services may be configured on the port.

The following is a sample Ethernet access port configuration (for 7210 SAS-D) output.

*A:7210-SAS>config>port# info 
----------------------------------------------
        ethernet
            mode access 
            access
                egress
                exit
            exit
            encap-type dot1q
            mtu 9212
        exit
        no shutdown
----------------------------------------------
*A:7210-SAS>

Access port configuration is supported on the 7210 SAS-D, 7210 SAS-Dxp, 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C.

Configuring 802.1x authentication port parameters

The following is a sample of an 802.1x port configuration output.

A:ALA-A>config>port>ethernet>dot1x# info detail
----------------------------------------------
                port-control auto
                radius-plcy dot1xpolicy
                re-authentication
                re-auth-period 3600
                max-auth-req 2
                transmit-period 30
                quiet-period 60
                supplicant-timeout 30
                server-timeout 30 
----------------------------------------------

Configuring MAC authentication port parameters

Note:

MAC authentication is only supported on 7210 SAS-Dxp.

The 7210 SAS supports a fallback MAC authentication mechanism for client devices (for example, PCs and cameras) on an Ethernet network that do not support 802.1x EAP.

MAC authentication provides protection against unauthorized access by forcing the device connected to the 7210 SAS to have its MAC address authenticated by a RADIUS server before the device is able to transmit packets through the 7210 SAS.

Use the following CLI syntax to configure MAC authentication for an Ethernet port.

port port-id ethernet
         dot1x
             mac-auth
             mac-auth-wait seconds
             port-control auto
             quiet-period seconds
             radius-plcy name

Command usage to configure MAC authentication for an Ethernet port

config# port 1/1/2 ethernet dot1x
config>port>ethernet>dot1x# mac-auth
config>port>ethernet>dot1x# mac-auth-wait 20
config>port>ethernet>dot1x# port-control auto
config>port>ethernet>dot1x# quiet-period 60
config>port>ethernet>dot1x# radius-plcy dot1xpolicy

Sample port configuration output

Use the info detail command to display port configuration information.

SAS-T>config>port>ethernet>dot1x# info detail
----------------------------------------------
             port-control auto
             radius-plcy dot1xpolicy
             re-authentication
             re-auth-period 3600
             max-auth-req 2
             transmit-period 30
             quiet-period 60
             supplicant-timeout 30
             server-timeout 30
             mac-auth
             mac-auth-wait 20
----------------------------------------------
SAS-T>config>port>ethernet>dot1x#

Configuring VLAN authentication port parameters

Note:

VLAN authentication is only supported on 7210 SAS-Dxp.

The 7210 SAS supports VLAN authentication for client devices (for example, PCs and STBs) on an Ethernet network.

VLAN authentication provides protection against unauthorized access by forcing the device connected to the 7210 SAS to be authenticated by a RADIUS server before the device is able to transmit packets through the 7210 SAS.

Use the following CLI syntax to configure VLAN authentication for an Ethernet port.

port port-id ethernet
         dot1x
             vlan-auth
             port-control auto
             quiet-period seconds
             radius-plcy name

Command usage to configure VLAN authentication for an Ethernet port

config# port 1/1/2 ethernet dot1x
config>port>ethernet>dot1x# vlan-auth
config>port>ethernet>dot1x# port-control auto
config>port>ethernet>dot1x# quiet-period 60
config>port>ethernet>dot1x# radius-plcy dot1xpolicy

Sample port configureation output

Use the info detail command to display port configuration information. 

SAS-T>config>port>ethernet>dot1x# info detail
----------------------------------------------
             port-control auto
             radius-plcy dot1xpolicy
             re-authentication
             re-auth-period 3600
             max-auth-req 2
             transmit-period 30
             quiet-period 60
             supplicant-timeout 30
             server-timeout 30
             vlan-auth
----------------------------------------------
SAS-T>config>port>ethernet>dot1x#

Configuring LAG parameters

The following are general rules for configuring LAGs:

  • The 7210 SAS-D and 7210 SAS-Dxp support up to four 1GE ports in a LAG. The 7210 SAS-Dxp also supports up to two 10GE ports in a LAG.

  • The 7210 SAS-K 2F1C2T and 7210 SAS-K 2F6C4T support up to three 1GE ports in a LAG.

  • The 7210 SAS-K 3SFP+ 8C supports up to three 1GE ports or two 10GE ports in a LAG.

  • All ports in the LAG must share the same characteristics (speed, duplex, hold-timer, and so on). The port characteristics are inherited from the primary port.

  • Autonegotiation must be disabled or set to limited mode for ports that are part of a LAG to guarantee a specific port speed.

  • Ports in a LAG must be configured as full duplex.

The following is a sample LAG configuration output.

A:ALA-A>config>lag# info detail
----------------------------------------------
        description "LAG2"
        mac 04:68:ff:00:00:01
        port  1/1/1
        port  1/3/1
----------------------------------------------
A:ALA-A>config>lag#
A:ALA-A>config>lag# info detail
----------------------------------------------
description "LAG2"
mac 04:68:ff:00:00:01
port 1/1/1
port 1/1/2
port 1/1/3
dynamic-cost
port-threshold 2 action down
----------------------------------------------
A:ALA-A>config>lag#