First, I set up admin and specify a password (where IXNFO is the password):
1 2 3 4 5 6 | aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local
username admin password 0 IXNFO
enable password 0 IXNFO
service password-encryption
|
Next, delete the standard IP address, create the necessary VLANs, create a VLAN interface with an IP address to control the device, and indicate the default route for it:
1 2 3 4 5 6 7 8 9 10 11 | interface GigaEthernet0/0
no ip address
no ip directed-broadcast
vlan 208,226
exit
interface vlan 208
description management
ip address 192.168.5.5 255.255.255.0
no ip directed-broadcast
exit
ip route default 192.168.5.1
|
Let’s configure the first GigaEthernet as uplink (the Internet will come to it):
1 2 3 4 5 6 7 8 | interface gigaEthernet 0/1
description UPLINK
no shutdown
switchport trunk vlan-allowed 208,226
switchport trunk vlan-untagged none
switchport mode dot1q-tunnel-uplink
dhcp snooping trust
exit
|
We can configure the second port, for example, so that you can connect a laptop and test the speed:
1 2 3 4 5 6 7 8 9 10 | interface gigaEthernet 0/2
description ForTestSpeed
no shutdown
switchport mode access
switchport pvid 226
loopback-detection enable
loopback-detection control shutdown
exit
show loopback-detection
loopback-detection
|
Create a list of IP addresses that we will later allow to control the device:
1 2 3 4 5 6 7 | ip access-list standard MANAGEMENT
permit 192.168.2.2 255.255.255.255
permit 192.168.5.5 255.255.255.255
exit
ip telnet access-class MANAGEMENT
ip telnet attack-defense
no ip http server
|
Configure SNMP with the previously created MANAGEMENT list:
1 2 3 | snmp-server community 0 public RO MANAGEMENT
snmp-server contact ixnfo.com
snmp-server location ixnfo.com
|
Configure NTP:
1 2 3 | time-zone Kyiv 2 0
ntp query-interval 3600
ntp server 192.168.2.2
|
Create the necessary profiles for ONU:
1 2 3 4 5 6 7 8 9 | gpon profile onu-flow-mapping vlan226
gpon-profile entry 1 uni type eth-uni all
gpon-profile entry 1 vlan 226
gpon-profile entry 1 virtual-port 1
gpon profile onu-vlan vlan226
gpon-profile vlan mode trunk
gpon-profile vlan pvid 226 0
gpon-profile vlan trunk vlan-allowed 226
|
Change the peak and guaranteed speed, otherwise pir 1244160 cir 1244160 were specified in the profile by default:
1 2 | gpon profile onu-rate-limit ratelimit-default id 1
gpon-profile pir 1000000 cir 5000
|
Be sure to create a profile for MTU, since on third-party ONUs some of the sites did not open and ping did not pass with large packets (from Windows this can be checked like this ping -t -l 1469 192.168.2.2):
1 2 | gpon profile onu-uni MTU
gpon-profile max-frame-size 1550
|
Create a profile for ONU auto-registration (these commands will be automatically executed after connecting new ONUs, the first should always be a command with “tcont-virtual-port-bind-profile” otherwise it will not work):
1 2 3 4 5 | gpon onu-config-template vlan226
cmd-sequence 001 gpon onu tcont-virtual-port-bind-profile tvbind-default
cmd-sequence 002 gpon onu flow-mapping-profile vlan226
cmd-sequence 003 gpon onu uni 1 vlan-profile vlan226
cmd-sequence 004 gpon onu uni 1 uni-profile MTU
|
Now configure the first GPON port and similarly the rest:
1 2 3 4 5 6 7 8 9 10 11 12 13 | interface GPON0/1
description users
gpon pre-config-template vlan226 bind-onuid 1-128
gpon bind-onutype onutype-default-hgu precedence 127
gpon bind-onutype onutype-default precedence 128
filter dhcp
switchport trunk vlan-allowed 226
switchport trunk vlan-untagged none
switchport mode trunk
storm-control broadcast threshold 1000
storm-control multicast threshold 1000
switchport protected 1
no shutdown
|
Enable DHCP Snooping globally for the client VLAN:
1 2 3 4 5 | ip dhcpd enable
ip dhcp-relay snooping
ip dhcp-relay snooping vlan 226
ip dhcp-relay snooping rapid-refresh-bind
show ip dhcp-relay snooping binding all
|
Activate the attack prevention function:
Setup is complete, save the configuration:
By the way, the following profiles were created by default:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | gpon profile onu-rate-limit ratelimit-default id 1
gpon-profile pir 1244160 cir 1244160
!
gpon profile onu-tcont tcont-default id 1
gpon-profile tcont-type 3 pir 1024000 cir 512
!
gpon profile onu-virtual-port virtual-port-default id 1
gpon-profile encryption disable
gpon-profile upstream queue 8
gpon-profile downstream queue 8
!
gpon profile onu-tcont-virtual-port-bind tvbind-default id 1
gpon-profile virtual-port 1 profile virtual-port-default tcont 1 profile tcont-
default
!
gpon profile onu-flow-mapping flow-mapping-default id 1
gpon-profile entry 1 uni type eth-uni all
gpon-profile entry 1 virtual-port 1
!
gpon profile onu-flow-mapping flow-mapping-default-hgu id 2
gpon-profile entry 1 uni type veip all
gpon-profile entry 1 virtual-port 1
!
!
gpon onutype-template onutype-default-hgu
gpon-onutype match ctc-onu-type HGU
gpon-onutype config tcont-virtual-port-bind-profile tvbind-default
gpon-onutype config flow-mapping-profile flow-mapping-default-hgu
!
gpon onutype-template onutype-default
gpon-onutype config tcont-virtual-port-bind-profile tvbind-default
gpon-onutype config flow-mapping-profile flow-mapping-default
|
An example of viewing various information:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | show gpon interface gpon 0/1:1 onu basic-info
show gpon interface gpon 0/1:1 onu optical-transceiver-diagnosis
show gpon interface gpon 0/1:1 onu port 1 current-statistics
show gpon interface gpon 0/1:1 onu virtual-port 1 current-statistics
show gpon onu-image-information
show gpon onu-information
show gpon onu-description
show gpon onu-status-count
show gpon onu-update-state
show gpon active-onu
show filter
show filter summary
show dos
show loopback-detection
show loopback-detection interface gigaEthernet 0/1
show system mtu
sh run db-onu
show gpon ?
|
An example of performing various operations with ONUs:
1 2 3 4 5 6 | interface GPON 0/1:1
description TEST
gpon onu uni 1 shutdown|noshutdown
gpon onu virtual-port 2 shutdown|noshutdown
gpon onu disable
no gpon onu disable
|
An example of viewing debugging information:
1 2 3 4 5 6 | clear logging
debug dhcp detail
debug ip dhcp-relay all
show logging
no debug dhcp detail
no debug ip dhcp-relay all
|
By the way, I noticed a problem on third-party ONUs that some clients could not send DHCPOFFER, and DHCPDISCOVER came to the server from them.
