Compare Products


Clear All


Home> Support> Downloads>

Ruijie RG-Switch Troubleshooting Cookbook (V1.1)

2020-02-15 View:


1.1    Hardware Installation Precautions

Q1. Card (Supervisor Module) InsertionOperation (Wear ESD Gloves or an ESD Wrist Strap in Daily Operations)


Step 1: Confirm the modelsand slots of cards and supervisor modules, as well as positions of guide rails.

Step 2: Turn the self-lockinglever to a position vertical to the panel of a card (supervisor module).


Step 3: Hold the card(supervisor module) with hands, keep it parallel to the chassis, and insert itinto the correct slot till it is locked by the self-locking lever.


Step 4: Hold the self-lockinglever, insert the card (supervisor module) along the motion trail of the self-lockinglever till the card (supervisor module) is completely inserted into thechassis.

Step 5: Use a screwdriver totighten screws on the left and right sides of the card (supervisor module).



Q2. Card (Supervisor Module) RemovalOperation


Step 1: Turn the self-locking lever to aposition vertical to the chassis.

Step 2: Hold the filler panel of the card(supervisor module) with hands and gently pull it out in a direction parallelto the guide rail.


Q3.Precautions in Card (Supervisor Module) Operations


Step1: When a card (supervisor module) cannotbe inserted, do not insert it in with strong force. Pull it out and thenattempt to insert it into the chassis.

Step 2. Ensure that acard (supervisor module) is in parallel to the guide rail during insertion andremoval.


Q4.Post-installation Check


Check Item

Check Result

1. Ground cables are connected correctly.



2. The fan assembly is installed correctly and connected properly.



3. Power modules are installed correctly and connected properly.



4. The power switch is in the off state (the rocker switch is in the OFF position).



5. Power cables are connected correctly.



6. Supervisor modules are installed correctly and connected properly.



7. Service cards are installed correctly and connected properly.



8. Switch fabric modules are installed correctly and connected properly.




1.2    Power

Q1: Is the Power Supply Mode of theN18000, 86E, and 78E Redundancy Power Supply or Load Power Supply? Can TheirPower Supply Mode Be Changed?


The N18000, 86E, and 78E support tworedundancy modes in power supply: non-redundancy mode and N+M redundancy mode.The devices use the non-redundancy power supply mode by default.


Non-redundancy mode: This mode is the defaultconfiguration of devices. The total power of the system is the sum of theoutput powers of all power supplies and each module supplies power according totheir actual capability. Assume that a chassis is equipped with four 400 Wpower supplies. The total system power provided by the power supplies is 1600W.


N+M redundancy mode: A system has a total ofN+M power supplies, M redundant power supplies are configured, and N powersupplies are available currently. The total power of the system is the sum ofthe output power of N power supplies. After power redundancy is configured, theredundant power supplies are used as backup power supplies to prevent powerfaults and they do not participate in system power distribution. For example,after one redundant power supply is configured, if a power supply of a devicemalfunctions and cannot supply power, the redundant power supply immediatelysupplies power and participates in system power distribution. After the faultypower supply is restored, it becomes a redundant power supply, therebymaintaining the system power unchanged.

The number of configured redundant powersupplies must be smaller than the number of power supplies that are availablecurrently. Redundancy fails. The command for configuring the power redundancymode is as follows:

[Command] power redundancy [switch devid]pwrs enable

[Parameter Description] switch devid:Specifies the ID of the chassis, to which the card slot for which theredundancy mode is to be configured belongs. It is supported only in VSU mode.The default value is the local chassis ID.

pwrs: Specifies the number of redundantpower supplies.

[Configuration Example] Configure 1+2power redundancy: The N18010 chassis is equipped with three DC 1600 W powersupplies. It can work properly as long as one power supply is available.Therefore, the other two power supplies can be configured as redundant powersupplies.

Ruijie(config)#power redundancy 2 enable

[Verification] Run the show power commandto check whether the power redundancy configuration takes effect and the numberof redundant power supplies.

Ruijie#show power

Chassis-type: RG_N18010

Power-redun: yes

Redun-powers: 1

Energy-saving: off


Q2: Which Cards ofthe N18000 Will Be Powered Off First When the Power Is Insufficient and What Isthe Basis?


1.     The N18000 is powered by the intelligent power supply, which allowsconfiguring power supply priority for cards, controlling the power-on andpower-off of cards, and reading the operating temperature, input voltage, andother information of the power supply.

2.     The power supplies of cards have different priorities. A card with ahigher priority is powered on prior to that with a lower priority and ispowered off later than that with a lower priority. The default power supplypriority of cards is as follows: supervisor module > FE card > VSL card> other cards. For cards of the same type, a card with a smaller slot ID hasa higher priority than that with a larger slot ID. You can configure the powersupply priority in the system running phase. This function ensures that cardswith a higher priority are powered on first in the next startup and power-on.The command for configuring the power supply priority of cards is as follows:

 [Command] powerpriority [switch devid] slot slotid prio

 [Parameter Description] switchdevid: Specifies the ID of the chassis, to which the card slot for which thepower-on and power-off priority is to be configured belongs. It is supportedonly in VSU mode. The default value is the local chassis ID.

slot slotid: Specifies the slot ID of thecard to be configured. The value is the range of card slot IDs.

prio: Specifies the priority of a card tobe configured. The value ranges from 1 to 16. 1 indicates the lowest priorityand 16 indicates the highest priority.

[Usage Guide] This command is used tochange the default power supply priority of VSL cards and other cards. FE cardscan only use the default priority.

[Configuration Example] Change thepriority of the card in slot 3 of the N18010 to 10.

Ruijie(config)#power priority slot 3 10


1.3    Service Cards

Q1: What Are Differences Between CM Cards,Other Cards, and FE Cards Supported by the N18014 and Those Supported by theN18010?


1.     The N18010 supports the M18000-WS-ED wireless controller cards,M18000-48GT-P-EDPOE cards, and RG-PA1600I-PPOE power supplies, which are notsupported by the N18014.

2.     The control engine and FE cards supported by the N18010 and N18014vary with the model.

3.     Other cards and power modules are universal to the N18010 andN18014.



Q2: How to Display the Serial Numbers ofthe Chassis, Power Supplies, Fans, and Cards by Running Commands on the N18000?


The show manuinfo command is used to displaythe serial numbers of the chassis, engine, cards, power supplies, and fans.

Ruijie#show manuinfo

Device 1

   Location:                    Chassis

    Devicename:                RG-N18010

    Device SerialNumber:        G1HL21P000084

    HardwareVersion:            1.00

    MacAddress:             14.14.4b.76.1e.c8


Device 2

   Location:              Slot-1

    Device name:           M18000-24GT20SFP4XS-ED

    Device SerialNumber:        G1HL20N00006B

    HardwareVersion:            1.00

    SoftwareVersion:           N18000_RGOS 11.0(1)B2


Device 3

   Location:                   Slot-2

    Devicename:                M18000-44SFP4XS-ED

    Device SerialNumber:        G1HL20U00026B

    HardwareVersion:            1.00

    SoftwareVersion:           N18000_RGOS 11.0(1)B2


Device 4

   Location:                   Slot-FE2

    Devicename:                M18010-FE-D I

    Device SerialNumber:        G1HL10Y000720

    HardwareVersion:            1.00

    SoftwareVersion:           N18000_RGOS 11.0(1)B2


Device 5

   Location:                   Slot-FE3

    Device name:                M18010-FE-D I

    Device SerialNumber:        G1HL10Y000813

    HardwareVersion:            1.00

    SoftwareVersion:           N18000_RGOS 11.0(1)B2


Device 6

   Location:                   Slot-M1

    Devicename:                M18010-CM

    Device SerialNumber:        G1HL20H000325

    HardwareVersion:            1.00

    SoftwareVersion:           N18000_RGOS 11.0(1)B2

    MacAddress:                14.14.4b.75.bc.96


Device 7

   Location:                   Power 1

    Devicename:                RG-PA1600I

    Device SerialNumber:       AA74858      

    HardwareVersion:           2 


Device 8

   Location:                   Power 2

    Devicename:                RG-PA1600I


Device 9

   Location:                   FAN 1

    Devicename:                M10-FAN-R

    Device SerialNumber:        9974HL20G0078

    HardwareVersion:           V1.00


Device 10

   Location:                   FAN 2

    Devicename:                M10-FAN-R

    Device SerialNumber:        9974HL20G0047

    HardwareVersion:           V1.00


Device 11

   Location:                   FAN 3

    Devicename:                M10-FAN-R

    Device SerialNumber:        9974HL20G0051

    Hardware Version:            V1.00


Device 12

   Location:                   FAN 4

    Devicename:                M10-FAN-F

    Device SerialNumber:        9973HL20F0025

    HardwareVersion:           V1.00




Q3: What Are theFunctions of the Reset Button on the Engine of the N18000?


The Reset button implements the resetof the system.

The Reset button supports long-pressoperation and short-press operation. If you press the button for less than 5seconds, this operation is short-press. If you press the button for five ormore seconds, this operation is long-press. Long-press and short-press aredescribed as follows:


1.     Status indicator in the case of long-press or short-press: When youpress the Reset button for a short period of time, the indicator blinksgreen and the system resets within 5 seconds after the button is released. Whenyou press the Reset button for a long period of time, the indicatorblinks green for 5 seconds and then blinks red, the system resets within 5seconds after the button is released.

2.    When you press the Reset button for ashort period of time, the system starts collecting information, the system isnot restarted during information collection, and the system is reset afterinformation collection is complete. When you press the Reset button fora long period of time, the system is directly restarted within 5 seconds afteryou release the button.



Q4: Poor Contact of the Obliquely InsertedMemory Module — Troubleshooting Guide


Applicable scope:

All CM cards in high-end switches that use obliquelyinserted memory module sockets, as shown in the following figure.

The models include but are not limited to thefollowing:


M18010-CM II


M18014-CM II

M18007-CM II





Fault symptom:

The two common fault logs are as follows:


The device is restarted repeatedly and thefollowing exception information is displayed in the case of boot:

Boot 1.2.2-eaf8aaa (Build time: Apr 21 2014 -10:12:42)


Boot 1.2.2-eaf8aaa (Build time: Apr 21 2014 -10:12:42)



The device automatically restarts and thefollowing exception information is displayed (the ECC error is reportedrepeatedly):

NAND:  512 MiB

Flash: 8 MiB

SETMAC: Setmac operation was performed at 2014-06-16 21:16:11(version: 11.0)

Press Ctrl+C to enter Boot Menu

Bootloader: Done loading app on coremask: 0xf

[    0.000000] ERROR PBANK_LSB: 4, ROW_LSB: 2, Rowbits: 16, Col bits: 10, Row mask: 0xffff, Col mask: 0x3ff

[    0.000000] ERROR LMC0 ECC: sec_err:8 ded_err:0

[    0.000000] LMC0ECC:        Failing dimm:   0

[    0.000000] LMC0ECC:        Failing rank:   0

[    0.000000] LMC0ECC:        Failing bank:   7

[    0.000000] LMC0ECC:        Failing row:   0xff0b

[    0.000000] LMC0ECC:        Failing column: 0x2dbe

[    0.000000] LMC0ECC:        syndrome: 0xce

[    0.000000] Failing  Address:0x000000010f0b6cf8, Data: 0xc00627d8c006cfec

[    0.000000] ERROR PBANK_LSB: 4, ROW_LSB: 2, Rowbits: 16, Col bits: 10, Row mask: 0xffff, Col mask: 0x3ff

[    0.000000] ERROR LMC0 ECC: sec_err:1 ded_err:0

[    0.000000] LMC0ECC:        Failing dimm:   0

[    0.000000] LMC0ECC:        Failing rank:   0

[    0.000000] LMC0ECC:        Failing bank:   5

[    0.000000] LMC0ECC:        Failing row:   0x14

[    0.000000] LMC0ECC:        Failing column: 0x1110

[    0.000000] LMC0ECC:        syndrome: 0xce

[    0.000000] Failing  Address:0x0000000000144480, Data: 0x080510000083102d

[    9.235671] ERROR PBANK_LSB: 4, ROW_LSB: 2, Rowbits: 16, Col bits: 10, Row mask: 0xffff, Col mask: 0x3ff

[    9.350371] ERROR LMC0 ECC: sec_err:8 ded_err:0

[    9.350374] LMC0ECC:        Failing dimm:   0

[    9.350377] LMC0ECC:        Failing rank:   0

[    9.350379] LMC0ECC:        Failing bank:   6

[    9.350382] LMC0ECC:        Failing row:   0xdd

[    9.350385] LMC0ECC:        Failing column: 0x379a

[    9.350388] LMC0ECC:        syndrome: 0xce

[    9.350390] Failing  Address:0x0000000000dde458, Data: 0xcccccccccccccccc



Troubleshooting suggestion:

When a faulty card encounters the precedingfault symptoms, the fault may be caused by poor contact between the memorymodule and the memory module socket. In this case, perform the followingoperations to attempt to eliminate the poor contact:

Step 1: Remove the faultycard from the chassis and put it on a flat platform.

Step 2: After wearing ESDgloves or an ESD wrist strap, hold the edge in the middle of the memory modulewhere no component resides (as shown in Figure 2), shake the memory module topdown along the direction vertical to the memory module plane (as shown inFigure 3), with the amplitude smaller than 5 mm, to prevent damage to thememory module and socket.


                                   Figure 2

                           Figure 3

Step 3: Hold both ends of thememory module and socket with index fingers and thumbs, and press the memorymodule into the socket with force along the direction parallel to the memorymodule, as shown in Figure 4.

                                  Figure 4

Step 4: Insert the faultycard into the chassis and power on the device.

If the fault is rectified and the device runsproperly after the preceding operations are performed, the poor contact iseliminated and the sudden poor contact will not occur on the memory module inthe subsequent device running.


If the fault persists after the precedingoperations are performed, you are recommended to perform the followingoperations:

Step 1: When the faulty cardencounters the repeated restart symptom, press Ctrl+T till thecard resets and enters the memory self-check state. Then, release the buttons.After the memory self-check is complete, record the collected log for futuretroubleshooting.

Step 2: Record the customername, device running duration, device serial number, and other commoninformation.

Step3: Start the DOA or RMA process for the faulty card.



1.4     Software Upgrade


Q1: What Are Meanings of Different StatesDisplayed After the show upgrade status Command Is Executed?

There are five states in total:

Ready, upgrade, success, transfer, and no informationdisplayed, which are described as follows:

Ready: Indicates that nodes can beupgraded. The engine detects these nodes.

Transfer: Indicates that bin files arebeing transferred to a card.

Upgrade: Indicates that an upgrade is inprogress.

Success: Indicates that a card is upgradedsuccessfully.

No information displayed: Indicates that acard cannot be identified.  


Q2: When a Device Using the RGOS 11.X Software Platform Is Upgraded in aVSU Environment, Does the Device Need to Be Split for the Upgrade?



The device does not need to be split forupgrade. The software released after August 2014, with uboot later than version1.2.7 can be directly upgraded in VSU mode.  



Q3: What Are Differences Between a RackPackage and a Hot Patch Package?


Rack package:

A rack package version contains the engine,cards, FE cards, FW cards, and other service cards. When a rack package is usedfor an upgrade, relevant parts are upgraded accordingly. A device needs to berestarted when the device is upgraded using a rack package.


Hot patch package:

A hot patch package contains hot patches ofmultiple function components. It is often used to fix small bugs. When a deviceis upgraded using a hot patch package, patches are installed for functioncomponents. After the upgrade, the device supports new functions immediatelyand it does not need to be restarted.

In general, the name of a hot patch packageis xx patch.bin. For details, see relevant release notes.


Q4: Case — A Card Fails to Be Identified


[Fault Background]

The 78E uses a single engine and one EB cardand the EB card cannot be identified. After a console cable is inserted intothe card, the card is always restarted. After the console cable is insertedinto the engine and the show version detail command is executed, it is foundthat the version is S7800E_RGOS 11.0(1)B2 (M00532809022014).

Ruijie#show version  detail

System description      : RuijieHigh-density IPv6 100G Core Routing Switch(S7805E) By Ruijie Networks

System start time       : 2014-12-2810:58:48

Systemuptime           : 0:00:51:20

System hardware version : 1.00

System software version : S7800E_RGOS 11.0(1)B2

System patch number     : NA

System software number  : M00532809022014

System serial number    : G1HL524000127

System boot version     : 1.2.7.ef4d454(140722)

System core version     : 2.6.32.dcfcf416d758ea

System cpu partition    : 2-3

Module information:

  Slot M1 : M7800E-CM

    Hardware version    : 1.00

    System start time   : 2014-12-2810:58:48

    Bootversion        : 1.2.7.ef4d454(140722)

    Software version    : S7800E_RGOS11.0(1)B2

    Software number     :M00532809022014

    Serial number      : G1HL524000127


[Handling Procedure]

1.     Copy the following card program file and main program file to a USBflash drive:

Card program:main_ca-octeon-lc_RGOS11.0(3)B1_01241813.bin. Rename it main_ca-octeon-lc.bin.

Main program:S7800E_RGOS11.0(3)B1_CM_01241814_install.bin


***********************Performthe following operations on the CM engine*****************************

2.     Remove the EB card and upgrade the device to 11.0(3)B1. The stepsare as follows:

Step 1: Run dir usb0:/ tocheck that the two files are in the USB flash drive and the file size iscorrect.


Step 2: Run the upgradeusb0:S7800E_RGOS11.0(3)B1_CM_01241814_install.bin command to upgrade thedevice:

Ruijie#upgrade usb0:S7800E_RGOS11.0(3)B1_CM_01241814_install.bin

Ruijie#Ready for release /mnt/usb0/ca-octeon-cm.bin

*Dec 28 11:57:23: %7: Decompress to /mnt/usb0/ca-octeon-cm.bin

*Dec 28 11:57:24: %7: Release completed 10%

*Dec 28 11:57:24: %7: Release completed 20%

*Dec 28 11:57:25: %7: Release completed 30%

*Dec 28 11:57:25: %7: Release completed 40%

*Dec 28 11:57:26: %7: Release completed 50%

*Dec 28 11:57:26: %7: Release completed 60%

*Dec 28 11:57:27: %7: Release completed 70%

*Dec 28 11:57:27: %7: Release completed 80%

*Dec 28 11:57:28: %7: Release completed 90%

*Dec 28 11:57:28: %7: Release completed 100%

*Dec 28 11:58:00: %7: [Slot M1]:Upgrade processing is 10%

*Dec 28 11:58:21: %7: [Slot M1]:Upgrade processing is 60%

*Dec 28 12:00:23: %7: [Slot M1]:Upgrade processing is 90%

*Dec 28 12:00:25: %7: [Slot M1]:

*Dec 28 12:00:25: %7: Upgrade info [OK]

*Dec 28 12:00:25: %7:   Kernelversion[2.6.32.dcfcf416d758ea->]

*Dec 28 12:00:25: %7:   Rootfsversion[>]

*Dec 28 12:00:25: %7: [Slot M1]:Reload system to take effect!

*Dec 28 12:00:28: %7: [Slot M1]:Upgrade processing is 100%

*Dec 28 12:00:29: %7: %PKG_MGMT:auto-syncconfig synchronization,Please wait for a moment....

*Dec 28 12:00:29: %7: [Slot M1]

*Dec 28 12:00:29: %7:   device_name: ca-octeon-cm

*Dec 28 12:00:30: %7:  status:      SUCCESS


Step 3: Run the showupgrade status command to check whether all cards except the EB card areupgraded successfully.

Step 4: After confirmingthat the upgrade is successful, restart the device:


Reload system?(y/N)y



Step 5: After restart,insert the EB card and check whether the EB card can be automaticallysynchronized. If yes, restart the device and check that the card is upgradedsuccessfully. If no, proceed with the following steps.


Step 6: Upgrade the EBcard.

Copy the upgrade packageto the tmp directory of the main supervisor module.

 (Note: Ensure thatthe card program is renamed main_ca-octeon-lc.bin. Otherwise, the filecannot be copied successfully.)

l  Run the run-system-shell command in global configuration modeto enter the shell screen.

l  Restart the tftp process:

cd /mnt/usb0

pkill recover_server

uboot-tftp-srv         //Restart the tftp process.

ps -e | grep tftp   //Check whether the tftp process isnormal.


An example of thepreceding commands is as follows:


~ #cd /mnt/usb0

/mnt/usb0 # pkill recover_server

/mnt/usb0 # uboot-tftp-srv

killall: upgrade_inotify_path: no process killed

killall: in.tftpd: no process killed

/mnt/usb0 # sh: turning off NDELAY mode

/mnt/usb0 # ps -e | grep tftp

 1864 ?        00:00:00tftp_tipc_serve

 3837 ?        00:00:00in.tftpd




**************************Perform thefollowing operations on the EB card*****************************

Step 7: Erase the original bin file inthe EB card (format the card). The operations are as follows:

1) Insert the console port into the EBcard and insert the card into the device.

A. Press Ctrl+C toenter the uboot state.

====== BootLoaderMenu("Ctrl+Z" to upper level) ======

       TOP menu items.


      0. Tftp utilities.

       1. XModem utilities.

        2. Run main.

       3. SetMac utilities.

        4. Scattered utilities.


           Press akey to run the command:


B. Enter 4 (that is,select 4. Scattered utilities)

====== BootLoaderMenu("Ctrl+Z" to upper level) ======

       Scattered utilities.


      0. Show the bootloader version.

     1. Reload system.

      2. Set baudrate.

      3. Advanced settings.


   Press a key to run the command:


C. Enter 3 (that is, select 3. Advancedsettings).

====== BootLoaderMenu("Ctrl+Z" to upper level) ======

       Advanced settings.


        0. Set isolatecpus.

        1. Set Fast boot.

        2. Set Support Shell.

        3. Open/Close debugswitch.

        4. Format flashfilesystem.

        5. Set defaultenvironment.


   Press a key to run the command:


D. Enter 4 (that is,select 4. Format flash filesystem) to format the file system of the EB card.


2) After formatting thefile system of the EB card, remove and then insert the EB card, and wait oneminute.

If multiple number signs(####) are displayed, the upgrade is successful. Enter y when a promptrequesting you to enter y or n.


**************************Perform thefollowing operations on the engine*****************************

Step 8: After the EB card is upgradedsuccessfully, power off and then restart the device, and run the showversion detail command to check whether the version is correct.

Note: If afirewall card fails to be identified or the one-click upgrade is unsuccessful,the card program package cannot be used for upgrade. In this case, use thefirewall card upgrade package of a relevant version for the upgrade.

If the uboot of the card is earlier than version1.2.9, the uboot of the card needs to be upgraded. The procedure is as follows:

1. Connect the EB card to aserial cable and upgrade the uboot of the EB card over the XMODEM protocol asfollows:

Step 1: Restart the EB card,press Ctrl+C during startup to enter the uboot screen:

====== BootLoader Menu("Ctrl+Z" to upper level) ======

    TOP menu items.


      0. Tftp utilities.

      1. XModem utilities.

      2. Run main.

      3. SetMac utilities.

      4. Scattered utilities.


     Press a key to run the command:

Step 2: Enter 1 (that is,select 1. XModem utilities)

====== BootLoader Menu("Ctrl+Z" to upper level) ======

      XModem utilities.


      0. Upgrade bootloader.

      1. Upgrade kernel and rootfs byinstall package.

      2. Upgrade the entire device bydistribute package.


Press a key to run the command:

Step 3: Enter 0 (that is,select 0. Upgrade bootloader). Then, choose Transmission > Send Xmodem onthe SecureCRT, and select the uboot file for the upgrade.

Step 4: Enter y when a promptrequesting you to enter y or n.


1.5    Layer-2 Switching Technology

Q1: What Are Functions of Proxy ARP in aSub VLAN of a Super VLAN?


The proxy ARP function of a Sub VLAN is usedin combination with the proxy ARP function of a Super VLAN. If the proxy ARPfunction of a Sub VLAN is disabled, the inter-Sub VLAN access is not supported.

Such a design aims at facilitatingoperations. If the proxy ARP function of a single Sub VLAN is disabled, ittakes effect only on the Sub VLAN. Therefore, the proxy ARP function of a SubVLAN can be disabled as required. To disable the proxy ARP function of all SubVLANs in a Super VLAN, disable the proxy ARP function of the Super VLAN.


Q2: How Does the N18000 Process Data withthe Destination MAC Address of All 0's?


When the data is used for Layer-2communication:

1.     If the destination MAC address is all 0's andthe source MAC address is normal, the device floods the data.

2.     If the source MAC address is all 0's and thedestination MAC address is normal, the device does not learn the MAC addressand normally forwards the data.


When the data is used for Layer-3communication:

1) If the destination MAC address is all 0'sand the source MAC address is normal, the device does not forward the data atLayer 3 because the destination MAC address is not the MAC address of thedevice.

2) If the source MAC address is all 0's andthe destination MAC address is normal, the device normally forwards the data.



Q3: Can Load Balancing of AP Interfaces BeConfigured in Interface Configuration Mode Rather Than in Global ConfigurationMode for the N18000, S86E, and S78E?


Currently, the load balancing of APinterfaces can be configured in interface configuration mode for the N18000,S86E, and S78E and the configuration takes effect on AP interfaces. Therefore,different load balancing methods can be adopted for AP interfaces based ontheir traffic characteristics.

The configuration commands are as follows:


Ruijie(config)#interface aggregateport 1

Ruijie(config-if-AggregatePort 1)#aggregateport load-balancesrc-dst-ip



Q4: After Interfaces of the N18000 AreAggregated, Why Does the Speed Displayed After the show interface statusCommand Is Executed Keep Unchanged?


The speed displayed after the show interfacestatus command is executed is the speed of a member interface rather than thespeed of the aggregate port. If the speeds of member interfaces that arestatistically aggregated are different, the speed of the last member interfacein the up state is displayed after this command is executed.

The details are as follows:

Ruijie(config)#int range g1/21 - 22

Ruijie(config-if-range)#port-group 1

Ruijie#show interface status | in up

InterfaceStatus    Vlan  Duplex   Speed     Type

GigabitEthernet 1/21up1Full1000Mcopper

GigabitEthernet 1/22up1Full1000Mcopper

AggregatePort 1    up1Full     1000M     copper


To display the speed of AP Port 1, run the showinterface aggregateport X command:

Ruijie#show interface aggregateport 1

Index(dec):97 (hex):61

AggregatePort 1 is UP  , line protocol is UP  

  Hardware is AggregateLink AggregatePort, address is1414.4b75.bc96 (bia 1414.4b75.bc96)

  MTU 1500 bytes, BW 2000000 Kbit

  Aggregate Port Informations:

Aggregate Number: 1

Name: "AggregatePort 1"

Members: (count=2)

GigabitEthernet 1/21Link Status:Up       

GigabitEthernet 1/22Link Status: Up         




Q5: After a Member Interface of the N18000 Exits from an APAggregate Port, Why Cannot the Member Interface Be in the Up State If NoConfiguration Is Performed?


After a member interfaceexits from an AP aggregate port, the shutdown command is automatically executedon the member interface to prevent loops.


1.6     Layer-3 Switching Technology

Q1: When a DeviceFunctions as a DHCP Server, How to Set Option Fields?


The following uses a case to answer thisquestion. A customer's DHCP server is configured on a Ruijie switch. A clientneeds to acquire the server file startup path from the switch through DHCPOption 66. The server file startup path is Theconfiguration is as follows:

ip dhcp pool ruijie

 option 66 ascii



In the configuration:

Ruijie(dhcp-config)#option 66 ? 

  ascii  Data is an NVT ASCIIstring     //Common string

  hex    Data is ahexadecimal string   //String in hexadecimal notation, that is,characters ranging from 0 to F

  ip     Data isone or more IP addresses  /IP address


In the test: Theswitch replies with the Option 66 field only when the client requests theOption 66 field.


Q2: When PBR Is Configured for a DeviceUsing the RGOS 11.X Software Platform, Can the Device Be Correlated to Monitorthe Next-Hop Reachability Based on the PBR and Perform Operations Based on theUp/Down State of Interfaces?

Correlation with DLDP

PBR part:

Ruijie(config)#ip access-list standardnetwork_1

Ruijie(config-std-nacl)# 10 permit200.24.16.0

Ruijie(config)#ip access-list standardnetwork_2

Ruijie(config-std-nacl)# 10 permit200.24.17.0

Ruijie(config)#route-map PBR permit 10

Ruijie(config-route-map)# match ip addressnetwork_1

Ruijie(config-route-map)# set ip next-hop200.24.18.1

Ruijie(config-route-map)# set ip next-hop200.24.19.1


Ruijie(config-route-map)#route-map PBR permit20

Ruijie(config-route-map)# match ip addressnetwork_2

Ruijie(config-route-map)# set ip next-hop200.24.19.1

Ruijie(config-route-map)# set ip next-hop200.24.18.1

Ruijie(config)#ip policy redundance//Change the mode to redundancy backup mode.

Ruijie(config)#int g0/3

Ruijie(config-if-GigabitEthernet 0/3)#ippolicy route-map PBR //Interface calling



DLDP part:

Ruijie(config)#int g0/1

Ruijie(config-if-GigabitEthernet 0/1)#dldp200.24.18.1

Ruijie(config)#int g0/2

Ruijie(config-if-GigabitEthernet 0/1)#dldp200.24.19.1



Principle introduction:

By default, PBR selects the next hop based onthe common routing before the next-hop interface becomes down. In redundancybackup mode, PBR selects the next hop in polling mode. Therefore, DLDP can beused to detect the reachability of the next-hop address. If the DLDP detectionresult is unreachable, PBR actively changes the next-hop Layer-3 interface tothe down state, thereby resolving connectivity detection of indirectlyconnected devices. In the preceding figure, DEV1 is directly connected to acarrier device and therefore DLDP is not required. If DEV1 is connected to acarrier device through a Layer-2 device or an optical-to-electrical converter,DLDP needs to be configured to implement switching.


1.7    Security Technology

Q1: The Client Authentication Fails and aPrompt Indicating Server Unregistered Is Displayed.


Common Causes

1.     The NAS device encapsulates its IP address into a redirection packetand sends the packet to the portal device for check during Web authentication.If the IP address is inconsistent with the IP address stored on the portaldevice, a prompt indicating server unregistered is displayed.

2.     The portal key is configured incorrectly on the NAS device.



For the first cause:

1.     For a device using the RGOS 11.X software platform, run the ipportal source-interface command to change the IP address.

2.     The default IP address sent by the NAS device is the latest IPaddress encapsulated and sent to the portal device that is contained in therouting table. Therefore, change the IP address on the portal device to rectifythe fault.


For the Second Cause:

Check whether the keyon the portal device and the key on the NAS device are configured correctly.


Q2: 2nd-generation Web AuthenticationNeeds to Be Configured on the N18000 and a User Gateway Is Connected to theN18000. How to Configure Web Authentication in a Layer-3 Architecture?


When a user passes Web authentication andgoes online successfully, the device needs to write the user entry into forwardingrules and specify a binding mode. The matching mode of forwarding rules can beadjusted to change the Internet access rules of users. For example, when onlyIP binding is adopted, packets that match the IP address are forwarded and theuser can access the Internet. When IP+MAC binding is adopted, only users whosepackets match both the IP address and MAC address can access the Internet.

In a Layer-3 authentication scenario, MACaddresses contained in packets received by the device are the address of theuser gateway rather than the MAC addresses of users. Therefore, the IP bindingmode should be adopted. Web authentication is based on IP+MAC binding bydefault. Users can determine the binding mode according to the accurate userinformation that can be obtained by the device. When both the IP addresses andMAC addresses of users are accurate, for example, in Layer-2 networkdeployment, IP+MAC binding is preferred. Otherwise, IP binding is preferred.


The configuration reference is as follows:

Ruijie(config)#web-auth template eportalv2   //Access thetemplate.

Ruijie(config.tmplt.eportalv2)#bindmode ip-only-mode  //Change the binding mode to IP binding.


Note: IP binding needs to be enabled in the Web template and is notapplicable to large gateway scenarios. If the authentication mode is gatewaymode, the error "%Error: ip-only-mode can not be used in gatewaymode." is displayed after the preceding command is executed. Change thecommand to the following:

Ruijie(config.tmplt.eportalv2)#bindmode ip-mac-mode  //Changethe binding mode to IP+MAC binding.



Q3: In a N18000+WSEnvironment, Web Authentication Needs to Be Enabled for Users Connected to anAP. How to Perform Deployment on the N18000?


If the AP uses centralized forwarding mode,when Web authentication is enabled for wireless users on the N18000, the Webcontrolled function needs to be enabled on the internal connection port of theWS connected to the N18000 and the management VLAN of the AP needs to beconfigured as a free-authenticated VLAN.

If the AP uses local forwarding mode, whenWeb authentication is enabled for wireless users on the N18000, the Webcontrolled function needs to be enabled on the port of the N18000 that isdirectly connected to the AP and the management VLAN of the AP needs to beconfigured as a free-authenticated VLAN.


Q4: What Is WebAuthentication Noise?


HTTP packets transmitted by a terminal arefirst processed by Newton switch that functions as a NAS device. When the NASdevice redirects the terminal, the pushed message contains a script that allowsonly the standard browser to be identified and redirected, preventing softwaresuch as QQ and Xunlei from sending a large number of HTTP requests andoverloading the server. The standard browser terminal will be redirected tointeract with the ePortal service.


Q5: Both the httpredirect direct-site and the web-auth direct-host Commands AreUsed to Configure IP Free-authentication Access. What Are Their Differences?


direct-site allows passing of packets whosedestination IP address matches the access destination IP address. For example,if direct-site is set to the IP address of a SAM server, users do not need tobe authenticated to access this destination IP address.


direct-host allows passing of packets whosesource IP address matches the access source IP address. For example, ifdirect-host is set to the IP address of a printer, the printer does not need tobe authenticated to access user terminals. If users need to access the printerwithout authentication,

direct-site can be configured to the same IPaddress of direct-host.


Q6: When DOT1X Is Configured on theN18000, What Are Differences Between Gateway Mode and Access Mode?


1.     Resources are more optimized in gateway mode. Devices have largerauthentication entries in comparison with the access mode.

2.     If access control-relevant application is deployed on a core device,the authentication mode needs to be switched to gateway authentication mode onthe core device. Otherwise, no configuration is required.

3.     After the authentication mode is switched, the new mode takes effectonly after the device is restarted. Save the configuration before restartingthe device.

4.     Configuration method:



Q7: How to Implement Free Authenticationfor a Single VLAN in DOT1X/Web Environment?

A free-authenticated VLAN can be configuredso that users in the specified VLAN can access the Internet without passing theDOT1X authentication or Web authentication. A device on which free-authenticatedVLANs are configured directly skips the access control detection when receivingpackets from VLANs contained in the free-authenticated VLAN list, therebyallowing users in free-authenticated VLANs to access the Internet withoutauthentication. The free-authenticated VLAN function can be considered as oneapplication of the secure channel. No free-authenticated VLAN is configured bydefault. The configuration command is as follows:

 [Command] Global mode: [no] direct-vlan vlanlist //no: Indicates thatfree–authenticated VLANs are deleted if this option is configured. vlanlist:Indicates the configured or deleted free-authenticated VLAN list.

Example: Configure VLAN 100 and VLAN 200as free-authenticated VLANs and display configured free-authenticated VLANs.

Ruijie(config)#direct-vlan 100,200//Configure VLAN 100 and VLAN 200 as free-authenticated VLANs.

Ruijie#show direct-vlan//Checkfree-authenticated VLANs configured on the device.

direct-vlan 100,200



1.     The N18000, 86E, and 78E support a maximum of 100 free-authenticatedVLANs currently.

2.     Free-authenticated VLANs occupy hardware entries. If authenticationand other access control functions are disabled, the effects are the sameregardless of whether free-authenticated VLANs are configured. It isrecommended that free-authenticated VLANs be configured for special users whorequest to access the Internet without authentication only when relevant accesscontrol functions are enabled.

3.     Free-authenticated VLANs do not participate in the access authenticationdetection but must pass the security ACL check. If specified users or VLANsthat are not allowed to pass are configured in the ACL, the users cannot accessthe Internet even though free-authenticated VLANs are configured for them.Therefore, when configuring the ACL, do not add a specified VLAN or users in aspecified VLAN to the ACL so that users in the free-authenticated VLAN cantruly access the Internet without authentication.



1.8    Reliability

Q1: Does the Device Using the RGOS 11.XSoftware Platform Needs to Be Restarted When a VSL Is Added in VSU Mode?


The device does not need to be restarted.

A new VSL takeseffect immediately after the configuration is complete, the VSU or the cardwhere the VSL is configured does not need to be restarted. Likewise, users canalso delete an existing VSL. The deletion takes effect immediately after theconfiguration is complete.


Q2: A VSU Cannot Be Created After the VSLBetween Two Devices Passes Through An Intermediate Device.


Principle Analysis

When a VSU iscreated, data packets that pass through the VSL are HG packets for internalcommunication rather than common Ethernet packets. If the intermediate deviceof the VSL does not support non-Ethernet packets, the VSU cannot be created.


Q3: Three Devices Using the RGOS 11.XSoftware Platform Are Used to Create a VSU. What Are Differences Between theVSL Configuration and That on Devices Using the RGOS 10.X Software Platform?


Configuration Differences



port-member interface tenGigabitEthernet1/1

port-member interface tenGigabitEthernet1/2



vsl-aggregateport 1

port-member interface tenGigabitEthernet1/1  fiber

vsl-aggregateport 2   //Add thelink used for interconnecting to another device to another aggregate group.

port-member interface tenGigabitEthernet1/2  fiber



Principle Analysis

For devices using the RGOS 10.X softwareplatform, specified ports of different devices need to be added to an aggregategroup, and connection errors may occur in this case. Improvements are made todevices using the RGOS 11.X software platform and only ports need to be addedto one resource pool. Then, the software automatically negotiates to add themto an aggregate group, without manual intervention.



Q4: When TwoDevices Are Used to Create a VSU, vsl-ap1 and vsl-ap2 Are Displayed After theshow switch virtual link Command Is Executed, Why vsl-ap2 Is Down?


When two devices using the RGOS 11.X softwareplatform are used to create a VSU, they are added to vsl-ap1 by default andtherefore, vsl-ap2 is down.

VSLs between devices using the RGOS 11.Xsoftware platform are automatically added to different vsl-aps, which isapplied when more than two devices are used to create a VSU. Ports only need tobe configured as VSL ports. Then, the devices automatically add these VSL portsto different APs, so as to differentiate VSLs between different devices.


Q5: What AreHardware Requirements for VSLs When the S7800E, N18000, or S8600E Is Used toCreate VSUs?


Cards with 10G interfaces or 40G ports arerequired when the S7800E, N18000, or S8600E is used to create VSUs. The N18000,S8600E, and S7800E support the CB, DB, ED, EF, and EB cards currently. Payattention to the following rules when creating VSUs:

1.     CB cards can be used only with CB cards to create VSUs.

2.     The DB, ED, EF, and EB cards can be used alone or in combination tocreate VSUs.


1.9    NMS and Monitoring

Q1: How to Restorethe Password of Mid-range and Low-end Box-type Switches?



1.     Get a configuration cable ready when restoring the password.

2.     Password restoration is performed at the CTRL layer during devicerestart. The network needs to be disconnected. Perform password restorationoperation when the network can be disconnected.

3.     Strictly follow the operation steps. Improper operations may causeconfiguration loss.

4.     Passwords of switches using the RGOS 11.X software platform arerestored by saving the configuration.


Password Restoration Steps

Step 1: If an administrator forgets the loginpassword and fails to enter the configuration mode. Use a configuration cableto enter the CTRL layer to restore the password.

Step 2: Configure the network device by usingHyperTerminal.

1) Manually power off the device and thenrestart it.

2) When the Ctrl+C prompt is displayed,press Ctrl+C to access the BootLoader menu.

====== BootLoader Menu("Ctrl+Z"to upper level) ======

    TOP menu items.


    0. Tftp utilities.

    1. XModem utilities.

    2. Run main.

    3. SetMac utilities.

    4. Scattered utilities.

    5. Set Module Serial


Press a key to run the command:

3) Press Ctrl+Q.

Enter ubootui,press Enter, and then press Ctrl+P immediately


Leaving simple UI....



4) Run the followingcommands:

s29xs#setenv runlevel 2

s29xs#run linux

Creating 1 MTD partitions on"nand0":

0x000001000000-0x000002e00000 :"mtd=6"

UBI: attaching mtd1 to ubi0

UBI: physical eraseblock size:  131072 bytes (128 KiB)

UBI: logical eraseblocksize:    126976 bytes

UBI: smallest flash I/O unit:   2048

UBI: VID headeroffset:          2048 (aligned2048)

UBI: dataoffset:               4096

UBI: attached mtd1 to ubi0

UBI: MTD devicename:           "mtd=6"

UBI: MTD devicesize:            30 MiB

UBI: number of goodPEBs:        240

UBI: number of badPEBs:         0

UBI: max. allowedvolumes:       128

UBI: wear-levelingthreshold:    4096

UBI: number of internal volumes: 1

UBI: number of uservolumes:     1

UBI: availablePEBs:            19

UBI: total number of reserved PEBs: 221

UBI: number of PEBs reserved for bad PEBhandling: 2

UBI: max/mean erase counter: 2/0

UBIFS: recovery needed

UBIFS: recovery deferred

UBIFS: mounted UBI device 0, volume 0, name"kernel"

UBIFS: mounted read-only

UBIFS: file system size:  26030080 bytes (25420 KiB, 24 MiB, 205 LEBs)

UBIFS: journalsize:       3682304 bytes (3596 KiB, 3 MiB, 29LEBs)

UBIFS: mediaformat:       w4/r0 (latest is w4/r0)

UBIFS: default compressor: LZO

UBIFS: reserved for root:  0 bytes (0KiB)

Unmounting UBIFS volume kernel!

   Uncompressing Kernel Image ...OK

   Loading Device Tree to823fc000, end 823ff593 ... OK

Starting kernel ...

5) Run the following commands:

~ #

~ # cd /data/

/data # ls

/data # mv config.text config_backup.text

/data # sync

/data # reboot


Q2: How to Restore Passwords ofCase-type Switches?



1.     Get a configuration cable ready when restoring the password.

2.     Password restoration is performed at the CTRL layer during devicerestart. The network needs to be disconnected. Perform password restorationoperation when the network can be disconnected.

3.     Strictly follow the operation steps. Improper operations may causeconfiguration loss.

4.     Passwords of switches using the RGOS 11.X software platform arerestored by saving the configuration.


Configuration Key Points

1.     Get a configuration cable (console cable) ready for passwordrestoration. The device needs to be restarted and password restoration needs tobe completed at the CTRL layer.

2.     The password restoration of switches using the RGOS 11.X softwareplatform takes effect only at the current time. That is, if there is no inputwithin 10 minutes after the CLI is displayed. A password still needs to beentered after timeout occurs. If the password is not changed after the CLI isdisplayed, the previous password is still required at the next restart of thedevice.


Password Restoration Steps

Step 1: If an administrator forgets the loginpassword and fails to enter the configuration mode. Use a configuration cableto enter the CTRL layer to restore the password.

1.     Manually power off the device and then restart it.

2.     When the Ctrl+C prompt is displayed, press Ctrl+C to access theBootLoader menu.

3.     rename config.text ---->config.bak

4.     load firmware

5.     recovery the previous config file

Ruijie#rename flash:config.bak flash:config.text

Ruijie#copy startup-config running-config<0}

6. Set new password



Q3: How to Copy Information Collected inOne-click Mode over TFTP When No USB Flash Drive Is Available?


When no USB flash drive is available,case-type devices using the RGOS 11.X software platform (78E/86E/N18000) storeinformation that is collected in one-click in the temporary directoryTMP/VSD/0. Files in this directory need to be copied to the flash memory andhen copied to another position over TFTP.

The operation steps are as follows:

Step 1: Enter the debug su mode and startone-click information collection (no USB flash drive needs to be inserted):

Ruijie#debug su

Ruijie(support)#tech-support package


Step 2: Copy files that are collected inone-click mode in the temporary directory TMP/VSD/0 to the flash memory.


cp /tmp/vsd/0/tech_support* /data




Step 3: Copy thefiles to another position over TFTP.


Q4: How to Handle When the USB Flash DriveInserted into the N18000 Is Not Displayed on the Configuration Screen?



When partitions of the USB flash drive adoptthe sda4 format, the partitions cannot be automatically mounted on the device.Use a USB flash drive formatting tool to format the USB flash drive and selectthe FAT32 format for partitions.


After rectification:



1.10 Typical Case

Q1: What Do I Do When the Device IsSuspended After the M8600-MPLS Card Is Inserted?


Fault Symptom:

Try to insert the ASE3 module into slot 4 and the chassis will be blocked, then we installed into module 8, check the output.

The console is suspended after the M8600-MPLScard is inserted and the displayed status is "resetting".




1.     Check the version.


Module information:

  Slot-1 : 7200-2XG

    Hardware version : A3.0

    Original main fileversion : Firmware10.4(3) Release(118208)

    BOOTversion     : 10.4  Release (118208)

    CTRLversion     : 10.4  Release (118208)

  Slot-2 : 7200-4XG

    Hardware version : A3.0

    Original main fileversion : Firmware10.4(3) Release(118208)

    BOOTversion     : 10.3  Release (76833)

    CTRLversion     : 10.4  Release (118208)

  Slot-3 : 7200-4XG

    Hardware version : A3.0

    Original main fileversion : Firmware10.4(3) Release(118208)

    BOOTversion     : 10.3  Release (76833)

    CTRLversion     : 10.4  Release (118208)

  Slot-5 : 7200-24G

    Hardware version : A3.0

    Original main fileversion : Firmware10.4(3) Release(118208)

    BOOTversion     : 10.4  Release (118208)

    CTRLversion     : 10.4  Release (118208)

  Slot-6 : 7200-24

    Hardware version : A3.0

    Original main fileversion : Firmware10.4(3) Release(118208)

    BOOTversion     : 10.4  Release (118208)

    CTRLversion     : 10.4  Release (118208)

  Slot-8 : 7200-ASE3

    Hardware version : A1.0

    Original main fileversion : FirmwareRGNOS 10.3.00(3b12), Release(40793)

    BOOTversion     : 10.3  Release (40793)

    CTRLversion     : 10.3  Release (40793)


2.     It is preliminarily judged that the version is too old and notcompatible with the device. Attempt to upgrade cards in CTRL mode.


Ctrl>upgrade -slot 8

These images in linecard will be updated:

    Slot     image    linecard

    ------   -----    ------------------------

        8    CTRL                  7200-ASE3

              MAIN                  7200-ASE3


(Slot 8): Installing MAIN

(Slot 8): Download imageVerify the image.[ok]


Upgrade file to Module(s) in slot: [8]

Please wait......

Upgrade file to Module in slot [8] OK!

(Slot 8): MAIN installed.

(Slot 8): Install finish in slot 8(7200-ASE3).


3.     Restart the device.

Note: Restartthe entire device and check whether the version is successfully upgraded underthe main program. Otherwise, the version is still the earlier version in CTRLmode.


Do you still want to reload system?(y/N):

SYS-5-RESTART: The device is restarting.Reason: Restart the whole system!.



4.     After checking that the version is upgraded successfully under themain program, the fault is rectified and the device is restored to the normalstate.




Q2: What Do I Do If the Error "Didnot find xxx in xxx.mib" Is Reported When a MIB Node Is Read?


The error log is as follows:

Did not find 'ospfAreaNssaTranslatorState' inmodule OSPF-MIB (/home/snmp/mibs/RuijieDCN_OSPF-TRAP-MIB-4750.mib)

Did not find 'ospfRestartStatus' in moduleOSPF-MIB (/home/snmp/mibs/RuijieDCN_OSPF-TRAP-MIB-4750.mib)

In the internal test, locate theOSPF-TRAP-MIB-4750.mib file and the ospfAreaNssaTranslatorState node. The codeshows that the OSPF-MIB-4750.mib file must be called to read the node.

Solution:Import the complete MIB files and do not select a separate MIB file for importing.


Q3: What Do I Do When PoE Is Not DisabledAfter the Shutdown Command Is Executed on a Switch Port?



The shutdown command executed on a switchport will not disable PoE of the port but disable data communication.

To disable PoE on a switch port, run the nopoe enable on the port.


Q4: What Do I Do When the Web Page of theS2900 Cannot Be Opened?


Symptom: When a user logs in to theS2928G-12P from the Web page, a prompt, indicating the username and passwordare incorrect, is displayed.


1.     Check the username and password and ensure that the user level isset to 15.

username admin password ruijie

username admin privilege 15


2.     Configure the HTTP service and authentication mode.

enable service web-server http

enable service web-server https

ip http authentication local


3.     If the user still fails to log in, the fault may be caused bybrowser incompatibility. Upgrade the firmware or enable the compatibility modeof the Internet Explorer.

Problem firmwareRGOS10.4(2b12)p2 Release(180357)

Fixed firmwareRGOS 10.4(2b12)p6 Release(196987)


Q5: What Is the VSU Mechanism of theS2910?


1. When you log in to the slave device ofthe VSU composed of the S2910H through the console port, how can you log in tothe master device?

You can run the session master command to login to the master device and configure the master device.


2. The election mechanism of the masterdevice, slave device, and candidate devices in the VSU is described as follows:

S29_1priority 200, master)------S29_2priority 190, backup-----S29_3Priority 180,candidate)----S29_4priority 170, candidate

When the S29_1 is down, the member roles ofthe VSU are as follows:

S29_1down)------S29_2priority 190, master-----S29_3Priority 180, backup)----S29_4priority 170, candidate

When the S29_1 recovers, the member roles ofthe VSU are as follows:

S29_1priority 200, candidate)------S29_2priority 190, master-----S29_3Priority 180,backup)----S29_4priority 170, candidate


When the S29_2 is down, the member roles of theVSU are as follows:

S29_1priority 200, backup)------S29_2priority 190, down-----S29_3Priority 180,master)----S29_4priority 170, candidate


The slave device of the VSU is the candidatedevice with the highest priority.


Q6: How Can I View the SN of OpticalTransceivers?


Solution: Runthe show interface transceiver and show interface transceiver diagnosticcommands to display the SN and model information of the optical transceivers.



Q7: When the Device Encounters an OSPFAttack, How Can I Find the Attack Source Rapidly and Take Anti-attack Measures?


Fault Symptom

The S12000 encounters an OSPF attack, the CPUusage of the device is very high, and a large number of OSPF packetstransmitted to the CPU for processing are lost. As a result, the device failsto establish OSPF neighbor relationships normally.



2. Possible Causes

1.     OSPF packets transmitted to the CPU are beyond the processingcapability of the CPU. As a result, packet loss occurs. Run the showcpu-protect mboard command to check whether packet loss occurs.

2.     Run the show cpu command to identify the processes with high CPUusage.



3.     The OSPF neighbor relationships cannot be established.



It can be judged that the OSPF process isattacked. Based on this conclusion, find out the attack source and takeanti-attack measures accordingly.

3. Troubleshooting

1.     Find out the attack source.

Method 1: Run the show interface countersummary command on the device to locate ports with excessivemulticast/broadcast packets, shut down the ports, and then check whether thefault is rectified.

Method 2: Enable the NFPP anti-attackfunction. If the device encounters ARP attacks, enable the ARP attackprevention policy. In this fault case, the OSPF process is attacked. Therefore,use a defined NFPP policy for restriction. The configuration commands are asfollows:


 define ospf

  match etype 0x800 protocol 89

  global-policy per-src-ip 100200 


 (The former is used to limit the rate,the latter is used to set the attack threshold, and the values here can beadjusted.)

isolate-period 30 //Set hardware isolation.

 interface GigabitEthernet1/0/1//Apply the policy to all ports.

 nfpp define ospf enable

2.     After the preceding commands are configured, check whether the CPUattacks of the device are eliminated and check information about the attacksource isolated by NFPP. It is found that attacks are initiated in VLAN 77.Perform the shutdown operation on SVI 77, find out the attack source further,and take actions accordingly.


3.     Fault Information Collection

show cpu

show cpu-protect mboard

show interface counter summary

show interfaces counters rate

show ip ospf neighbor

show ip ospf interface

show nfpp define hosts ospf

4.     Fault Summary and Precautions



Q8: Descriptions of the Security Functionof the Switch


IP Source Guard + DHCP Snooping:

DHCP Snooping maintains a database of user IPaddress, and provides data in the database to the IP Source Guard function forfiltering so that only users who obtain IP addresses over DHCP can access thenetwork. In this way, IP Source Guard + DHCP Snooping prevent users fromsetting static IP addresses at discretion. 

The IP Source Guard function maintains ansource IP address database, and sets user information (VLAN, MAC address, IPaddress, and port) in the database as hardware filtering entries so that onlyusers whose information match the database can access the network.

The IP Source Guard conducts effectivesecurity control in DHCP according to the bound source IP address database. TheIP Source Guard automatically synchronizes data of valid users in the databasebound to the DHCP Snooping to the source IP address database bound to the IPSource Guard. In this way, the IP Source Guard can stringently filter clientpackets on the device where DHCP Snooping is enabled. ------Note: You can runthe show ip source binding command to display the user IP addresses + MACaddresses bound to ip verify source.

In DHCP Snooping, the IP Source Guard must beenabled if ARP-check needs to be enabled. The configuration is as follows:

ip dhcp snooping

interface 0/x

ip verify source





How do you like this document ?



Can we contact you to discuss your suggestion?

Privacy Policy
Thank you. We will inform you of our response as soon as possible.
Thank you again for your valuable input!
This page will be closed in 5 s…
Document Questionnaire
We sincerely invite you to fill in this questionnaire on Ruijie document acquisition and user experience.

Ruijie Networks websites use cookies to deliver and improve the website experience.

See our cookie policy for further details on how we use cookies and how to change your cookie settings.

Cookie Manager

When you visit any website, the website will store or retrieve the information on your browser. This process is mostly in the form of cookies. Such information may involve your personal information, preferences or equipment, and is mainly used to enable the website to provide services in accordance with your expectations. Such information usually does not directly identify your personal information, but it can provide you with a more personalized network experience. We fully respect your privacy, so you can choose not to allow certain types of cookies. You only need to click on the names of different cookie categories to learn more and change the default settings. However, blocking certain types of cookies may affect your website experience and the services we can provide you.

  • Performance cookies

    Through this type of cookie, we can count website visits and traffic sources in order to evaluate and improve the performance of our website. This type of cookie can also help us understand the popularity of the page and the activity of visitors on the site. All information collected by such cookies will be aggregated to ensure the anonymity of the information. If you do not allow such cookies, we will have no way of knowing when you visited our website, and we will not be able to monitor website performance.

  • Essential cookies

    This type of cookie is necessary for the normal operation of the website and cannot be turned off in our system. Usually, they are only set for the actions you do, which are equivalent to service requests, such as setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or remind you of such cookies, but certain functions of the website will not be available. Such cookies do not store any personally identifiable information.

Accept All

View Cookie Policy Details

Contact Us

Contact Us

How can we help you?

Contact Us

Get an Order help

Contact Us

Get a tech support