Difference between revisions of "Manual:CRS1xx/2xx series switches"

From MikroTik Wiki
Jump to: navigation, search
(CRS switch chip features)
 
(added CRS port configuration)
Line 276: Line 276:
 
     <td>Analyzer port used for VLAN-based mirroring.</td>
 
     <td>Analyzer port used for VLAN-based mirroring.</td>
 
</tr>
 
</tr>
 +
</table>
 +
 +
<p></p>
 +
 +
===Port Configuration===
 +
 +
<p id="shbox"><b>Sub-menu:</b> <code>/interface ethernet switch
 +
port</code></p><br />
 +
 +
<table class="styled_table">
 +
<tr>
 +
  <th width="50%">Property</th>
 +
  <th >Description</th>
 +
</tr>
 +
<tr>
 +
    <td><var><b>action-on-restricted-unknown-sa</b></var> (<em>copy-to-cpu |
 +
drop | forward | redirect-to-cpu</em>; Default: <b>forward</b>)</td>
 +
    <td>Forwarding action for packets with restricted unknown source MAC
 +
address.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>action-on-static-station-move</b></var> (<em>copy-to-cpu | drop
 +
| forward | redirect-to-cpu</em>; Default: <b>forward</b>)</td>
 +
    <td>Forwarding action for packets with normal static station move.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>allow-multicast-loopback</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Multicast loopback on port. When enabled, it permits sending back when
 +
source port and destination port are the same for registered multicast or
 +
broadcast packets.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>allow-unicast-loopback</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Unicast loopback on port. When enabled, it permits sending back when
 +
source port and destination port are the same one for known unicast
 +
packets.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>default-customer-pcp</b></var> (<em>0..7</em>; Default:
 +
<b>0</b>)</td>
 +
    <td>Default customer priority of the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>default-service-pcp</b></var> (<em>0..7</em>; Default:
 +
<b>0</b>)</td>
 +
    <td>Default service priority of the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>drop-counter-config</b></var> (<em></em>; Default:
 +
<b>none</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>drop-when-ufdb-entry-sa-drop</b></var> (<em>yes | no</em>;
 +
Default: <b>no</b>)</td>
 +
    <td>Enable or disable to drop packets when UFDB entry has action
 +
"src-drop".</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>dynamic-mac-move-is-restricted-unknown-sa</b></var> (<em>yes |
 +
no</em>; Default: <b>no</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-customer-tpid</b></var> (<em>0..10000</em>; Default:
 +
<b>0x8100</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-mirror-to</b></var> (<em>mirror0 | mirror1</em>; Default:
 +
<b>mirror0</b>)</td>
 +
    <td>Analyzer port for port-based egress mirroring.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-mirroring</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Enable or disable egress mirroring on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-pcp-propagation</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Enables or disables egress PCP propagation.
 +
<ul class="bullets">
 +
<li> If the egress port type is Edge, the customer PCP is copied from the
 +
service PCP.
 +
<li> If the egress port type is Network, the service PCP is copied from the
 +
customer PCP.
 +
</ul>
 +
    </td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-sampling</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-service-tpid</b></var> (<em>0..10000</em>; Default:
 +
<b>0x88A8</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-vlan-lookup</b></var> (<em>according-to-bridge-type |
 +
according-to-egress-vlan-type</em>; Default:
 +
<b>according-to-egress-vlan-type</b>)</td>
 +
    <td>Egress VLAN table (VLAN Tagging) lookup:
 +
<ul class="bullets">
 +
<li> <var>according-to-egress-vlan-type</var> - Lookup VLAN id is CVID when
 +
Edge port is configured, SVID when Network port is configured.
 +
<li> <var>according-to-bridge-type</var> - Lookup VLAN id is CVID when customer
 +
VLAN bridge is configured, SVID when service VLAN bridge is configured. Customer
 +
tag is unmodified for edge port in service VLAN bridge.
 +
</ul>
 +
</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-vlan-mode</b></var> (<em>tagged | unmodified |
 +
untagged</em>; Default: <b>unmodified</b>)</td>
 +
    <td>Egress VLAN tagging action on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>egress-vlan-type</b></var> (<em>edge-port | network-port</em>;
 +
Default: <b>edge-port</b>)</td>
 +
    <td>Port type for Egress VLAN lookup.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>filter-priority-tagged-frame</b></var> (<em>yes | no</em>;
 +
Default: <b>no</b>)</td>
 +
    <td>Whether to filter tagged frames with priority on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>filter-tagged-frame</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Whether to filter tagged frames on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>filter-untagged-frame</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Whether to filter untagged frames on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-customer-tpid</b></var> (<em>0..10000</em>; Default:
 +
<b>0x8100</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-mirror-to</b></var> (<em>mirror0 | mirror1</em>;
 +
Default: <b>mirror0</b>)</td>
 +
    <td>Analyzer port for port-based ingress mirroring.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-mirroring</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Enable or disable ingress mirroring on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-mirroring-according-to-vlan</b></var> (<em>yes |
 +
no</em>; Default: <b>no</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-sampling</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-sampling-mode</b></var>
 +
(<em>all-frames-excluding-filtered | all-frames-without-mac-error</em>; Default:
 +
<b>all-frames-without-mac-error</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-sampling-ratio</b></var> (<em>1/32768..1/1</em>;
 +
Default: <b>1/1</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-service-tpid</b></var> (<em>0..10000</em>; Default:
 +
<b>0x88A8</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>ingress-vlan-type</b></var> (<em>edge-port | network-port</em>;
 +
Default: <b>edge-port</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>isolation-profile</b></var> (<em>0..31</em>; Default:
 +
<b>30</b>)</td>
 +
    <td>
 +
<ul class="bullets">
 +
<li> Port-level isolation profile 0. Uplink port - allows the port to
 +
communicate with all ports in the device.
 +
<li> Port-level isolation profile 1. Isolated port - allows the port to
 +
communicate only with uplink ports.
 +
<li> Port-level isolation profile 2 - 31. Community port - allows
 +
communication among the same community ports and uplink ports.
 +
</ul>
 +
</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>learn</b></var> (<em>yes | no</em>; Default: <b></b>)</td>
 +
    <td>Enable or disable MAC address learning on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>learn-limit</b></var> (<em>1..1023</em>; Default:
 +
<b></b>)</td>
 +
    <td>Number of allowed MAC address limit of the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>learn-restricted-unknown-sa</b></var> (<em>yes | no</em>;
 +
Default: <b>yes</b>)</td>
 +
    <td>Enable to learn restricted unknown source MAC. Source MAC is classified
 +
as Restricted Unknown if any one of the following conditions are met:
 +
<ul class="bullets">
 +
<li> MAC address limit is disabled on the incoming port.
 +
<li> MAC address limit is enabled on the incoming port and the number of
 +
learnt MAC addresses exceeds the MAC limit number of the port.
 +
<li> Dynamic source MAC move is not allowed on the port and dynamic source
 +
MAC move is treated as security breach.
 +
<li> Secure static source MAC move is not allowed on the port and security
 +
static source MAC move is treated as security breach.
 +
</ul>
 +
    </td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>mac-based-customer-vlan-for</b></var> (<em>all-frames | none |
 +
tagged-frame-only | untagged-and-priority-tagged-frame-only</em>; Default:
 +
<b>none</b>)</td>
 +
    <td>Frame type for which applies MAC-based customer VLAN translation.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>mac-based-service-vlan-for</b></var> (<em>all-frames | none |
 +
tagged-frame-only | untagged-and-priority-tagged-frame-only</em>; Default:
 +
<b>none</b>)</td>
 +
    <td>Frame type for which applies MAC-based service VLAN translation.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>mac-based-vlan-translate</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Enable or disable MAC-based VLAN translation on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>mac-vlan-type</b></var> (<em>edge-port | network-port</em>;
 +
Default: <b>edge-port</b>)</td>
 +
    <td>Port type for MAC based VLAN translation.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>pcp-propagation-for-initial-pcp</b></var> (<em>yes | no</em>;
 +
Default: <b>no</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>per-queue-scheduling</b></var> (<em>strict-priority | wrr-group0
 +
| wrr-group1</em>; Default: <b></b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>priority-to-queue</b></var> (<em></em>; Default:
 +
<b>0-15:0,1:1,2:2,3:3</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-change-dei</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Whether to change DEI on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-change-dscp</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Whether to change DSCP on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-change-pcp</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Whether to change PCP on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-dscp-to-dscp-mapping</b></var> (<em>yes | no</em>; Default:
 +
<b>no</b>)</td>
 +
    <td>Enable or disable DSCP mapping on the port.</td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-pcp-dei-map-dei</b></var> (<em></em>; Default:
 +
<b>0-15:0</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-pcp-dei-map-drop-precedence</b></var> (<em></em>;
 +
Default: <b>0-15:green</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-pcp-dei-map-dscp</b></var> (<em></em>; Default:
 +
<b>0-15:0</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-pcp-dei-map-pcp</b></var> (<em></em>; Default:
 +
<b>0-15:0</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-pcp-dei-map-priority</b></var> (<em>yes | no</em>; Default:
 +
<b>0-15:0</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>qos-scheme-precedence</b></var> (<em>da-based | dscp-based |
 +
pcp-based | protocol-based | sa-based | vlan-based</em>; Default:
 +
<b>pcp-based</b>)</td>
 +
    <td></td>
 +
</tr>
 +
<tr>
 +
    <td><var><b>secure-static-mac-move-is-restricted-unknown-sa</b></var>
 +
(<em>yes | no</em>; Default: <b>no</b>)</td>
 +
    <td></td>
 +
</tr>
 +
 
</table>
 
</table>
  
 
<p></p>
 
<p></p>

Revision as of 10:34, 29 January 2014

Version.png

Applies to RouterOS: v6.8 +


Summary

The Cloud Router Switch series are highly integrated switches with high performance MIPS CPU and feature-rich packet processor. The CRS switches can be designed into various Ethernet applications including unmanaged switch, Layer 2 managed switch, carrier switch and wireless/wired unified packet processing.

Abbreviations and Explanations

CVID - Customer VLAN id: inner VLAN tag id of the IEEE 802.1ad frame

SVID - Service VLAN id: outer VLAN tag id of the IEEE 802.1ad frame

IVL - Independent VLAN learning - learning/lookup is based on both MAC addresses and VLAN IDs.

SVL - Shared VLAN learning - learning/lookup is based on MAC addresses - not on VLAN IDs.

TPID - Tag Protocol Identifier

PCP - Priority Code Point: a 3-bit field which refers to the IEEE 802.1p priority

DEI - Drop Eligible Indicator

DSCP - Differentiated services Code Point

Drop precedence - internal CRS switch QoS attribute used for packet enqueuing or dropping.

Generic Configuration

Sub-menu: /interface ethernet switch


CRS switch chip is configurable from the /interface ethernet switch console menu.

Property Description
bridge-type (customer-vlan-bridge | service-vlan-bridge; Default: service-vlan-bridge) Bridge type defines which VLAN tag is used as Lookup-VID. Lookup-VID serves as the VLAN key for all VLAN-based lookup.
bypass-l2-security-check-filter-for (protocols; Default: none) Protocols which are excluded from Policy rule security check. (arp, dhcpv4, dhcpv6, eapol, igmp, mld, nd, pppoe-discovery, ripv1)
bypass-vlan-ingress-filter-for (protocols; Default: none) Protocols which are excluded from Ingress VLAN filtering. These

protocols are not dropped if they have invalid VLAN. (arp, dhcpv4, dhcpv6,

eapol, igmp, mld, nd, pppoe-discovery, ripv1)
drop-if-invalid-or-src-port-

-not-member-of-vlan-on-ports

(ports; Default: none)
Ports which drop invalid and other port VLAN id frames.
drop-if-no-vlan-assignment-on-ports (ports; Default: none) Ports which drop frames if no VLAN assignment is applied.
egress-mirror-ratio (1/32768..1/1; Default: 1/1) Proportion of egress mirrored packets compared to all packets.
egress-mirror0-enable (yes | no; Default: yes) Enables or disables egress mirroring on Mirror0 port.
egress-mirror0-format (analyzer-configured | modified | original; Default: modified)
  • analyzer-configured - The packet is same as the packet to destination. VLAN format is modified based on the VLAN configurations of the analyzer port.
  • modified - The packet is same as the packet to destination. VLAN format is modified based on the VLAN configurations of the egress port.
  • original - Traffic is mirrored without any change to the original incoming packet format. But service VLAN tag is stripped in edge port.
egress-mirror0-port (port; Default: switch1-cpu) The first egress mirroring analyzer port.
egress-mirror1-enable (yes | no; Default: yes) Enables or disables egress mirroring on Mirror1 port.
egress-mirror1-format (analyzer-configured | modified | original; Default: modified)
  • analyzer-configured - The packet is same as the packet to destination. VLAN format is modified based on the VLAN configurations of the analyzer port.
  • modified - The packet is same as the packet to destination. VLAN format is modified based on the VLAN configurations of the egress port.
  • original - Traffic is mirrored without any change to the original incoming packet format. But service VLAN tag is stripped in edge port.
egress-mirror1-port (port; Default: switch1-cpu) The second egress mirroring analyzer port.
egress-sampling-ratio (1/32768..1/1; Default: 1/1)
fdb-uses (mirror0 | mirror1; Default: mirror0) Analyzer port used for FDB-based mirroring.
forward-invalid-vlan (yes | no; Default: yes) Whether to allow forwarding VLANs which are not members of VLAN table.
ingress-mirror-ratio (1/32768..1/1; Default: 1/1) Proportion of ingress mirrored packets compared to all packets.
ingress-mirror0-enable (yes | no; Default: yes) Enables or disables ingress mirroring on Mirror0 port.
ingress-mirror0-format (analyzer-configured | modified | original; Default: modified)
  • analyzer-configured - The packet is same as the packet to destination. VLAN format is modified based on the VLAN configurations of the analyzer port.
  • modified - The packet is same as the packet to destination. VLAN format is modified based on the VLAN configurations of the egress port.
  • original - Traffic is mirrored without any change to the original incoming packet format. But service VLAN tag is stripped in edge port.
ingress-mirror0-port (port; Default: switch1-cpu) The first ingress mirroring analyzer port.
ingress-mirror1-enable (yes | no; Default: yes) Enables or disables ingress mirroring on Mirror1 port.
ingress-mirror1-format (analyzer-configured | modified | original; Default: modified)
  • analyzer-configured - The packet is same as the packet to destination. VLAN format is modified based on the VLAN configurations of the analyzer port.
  • modified - The packet is same as the packet to destination. VLAN format is modified based on the VLAN configurations of the egress port.
  • original - Traffic is mirrored without any change to the original incoming packet format. But service VLAN tag is stripped in edge port.
ingress-mirror1-port (port; Default: switch1-cpu) The second ingress mirroring analyzer port.
invalid-vlan-lookup-mode (ivl | svl; Default: ivl) Lookup and learning mode for packets with invalid VLAN.
ipv4-multicast-lookup-mode

(dst-ip-and-vid-for-ipv4 | dst-mac-and-vid-always; Default:

dst-mac-and-vid-always)
Lookup mode for IPv4 multicast bridging.
  • dst-mac-and-vid-always - For all packet types lookup key is destination MAC and VLAN id.
  • dst-ip-and-vid-for-ipv4 - For IPv4 packets lookup key is destination IP and VLAN id. For other packet types lookup key is destination MAC and VLAN id.
mac-level-isolation (yes | no; Default: no) Enables or disables MAC level isolation.
mirror-egress-if-ingress-mirrored (yes | no; Default: no) When packet is applied to both ingress and egress mirroring, if this

setting is disabled, only ingress mirroring is performed on the packet; if this

setting is enabled both mirroring types are applied.
mirror-tx-on-mirror-port (yes | no; Default: no)
mirrored-packet-drop-precedence (drop | green | red | yellow; Default: green) Remarked drop precedence in mirrored packets. This QoS attribute is used for mirrored packet enqueuing or dropping.
mirrored-packet-qos-priority (0..7; Default: 0) Remarked priority in mirrored packets.
name (string value; Default: switch1) Name of the switch.
override-existing-when-ufdb-full (yes | no; Default: no) Enable or disable to override existing entry which has the lowest aging value when UFDB is full.
unicast-fdb-timeout (time interval; Default: 5m) Timeout for Unicast FDB entries.
use-cvid-in-one2one-vlan-lookup (yes | no; Default: yes) Whether to use customer VLAN id for 1:1 VLAN switching lookup.
use-svid-in-one2one-vlan-lookup (yes | no; Default: no) Whether to use service VLAN id for 1:1 VLAN switching lookup.
vlan-level-isolation (yes | no; Default: no) Enables or disables VLAN level isolation.
vlan-uses (mirror0 | mirror1; Default: mirror0) Analyzer port used for VLAN-based mirroring.

Port Configuration

Sub-menu: /interface ethernet switch port


Property Description
action-on-restricted-unknown-sa (copy-to-cpu | drop | forward | redirect-to-cpu; Default: forward) Forwarding action for packets with restricted unknown source MAC address.
action-on-static-station-move (copy-to-cpu | drop | forward | redirect-to-cpu; Default: forward) Forwarding action for packets with normal static station move.
allow-multicast-loopback (yes | no; Default: no) Multicast loopback on port. When enabled, it permits sending back when

source port and destination port are the same for registered multicast or

broadcast packets.
allow-unicast-loopback (yes | no; Default: no) Unicast loopback on port. When enabled, it permits sending back when

source port and destination port are the same one for known unicast

packets.
default-customer-pcp (0..7; Default: 0) Default customer priority of the port.
default-service-pcp (0..7; Default: 0) Default service priority of the port.
drop-counter-config (; Default: none)
drop-when-ufdb-entry-sa-drop (yes | no; Default: no) Enable or disable to drop packets when UFDB entry has action "src-drop".
dynamic-mac-move-is-restricted-unknown-sa (yes | no; Default: no)
egress-customer-tpid (0..10000; Default: 0x8100)
egress-mirror-to (mirror0 | mirror1; Default: mirror0) Analyzer port for port-based egress mirroring.
egress-mirroring (yes | no; Default: no) Enable or disable egress mirroring on the port.
egress-pcp-propagation (yes | no; Default: no) Enables or disables egress PCP propagation.
  • If the egress port type is Edge, the customer PCP is copied from the service PCP.
  • If the egress port type is Network, the service PCP is copied from the customer PCP.
egress-sampling (yes | no; Default: no)
egress-service-tpid (0..10000; Default: 0x88A8)
egress-vlan-lookup (according-to-bridge-type |

according-to-egress-vlan-type; Default:

according-to-egress-vlan-type)
Egress VLAN table (VLAN Tagging) lookup:
  • according-to-egress-vlan-type - Lookup VLAN id is CVID when Edge port is configured, SVID when Network port is configured.
  • according-to-bridge-type - Lookup VLAN id is CVID when customer VLAN bridge is configured, SVID when service VLAN bridge is configured. Customer tag is unmodified for edge port in service VLAN bridge.
egress-vlan-mode (tagged | unmodified | untagged; Default: unmodified) Egress VLAN tagging action on the port.
egress-vlan-type (edge-port | network-port; Default: edge-port) Port type for Egress VLAN lookup.
filter-priority-tagged-frame (yes | no; Default: no) Whether to filter tagged frames with priority on the port.
filter-tagged-frame (yes | no; Default: no) Whether to filter tagged frames on the port.
filter-untagged-frame (yes | no; Default: no) Whether to filter untagged frames on the port.
ingress-customer-tpid (0..10000; Default: 0x8100)
ingress-mirror-to (mirror0 | mirror1; Default: mirror0) Analyzer port for port-based ingress mirroring.
ingress-mirroring (yes | no; Default: no) Enable or disable ingress mirroring on the port.
ingress-mirroring-according-to-vlan (yes | no; Default: no)
ingress-sampling (yes | no; Default: no)
ingress-sampling-mode

(all-frames-excluding-filtered | all-frames-without-mac-error; Default:

all-frames-without-mac-error)
ingress-sampling-ratio (1/32768..1/1; Default: 1/1)
ingress-service-tpid (0..10000; Default: 0x88A8)
ingress-vlan-type (edge-port | network-port; Default: edge-port)
isolation-profile (0..31; Default: 30)
  • Port-level isolation profile 0. Uplink port - allows the port to communicate with all ports in the device.
  • Port-level isolation profile 1. Isolated port - allows the port to communicate only with uplink ports.
  • Port-level isolation profile 2 - 31. Community port - allows communication among the same community ports and uplink ports.
learn (yes | no; Default: ) Enable or disable MAC address learning on the port.
learn-limit (1..1023; Default: ) Number of allowed MAC address limit of the port.
learn-restricted-unknown-sa (yes | no; Default: yes) Enable to learn restricted unknown source MAC. Source MAC is classified

as Restricted Unknown if any one of the following conditions are met:

  • MAC address limit is disabled on the incoming port.
  • MAC address limit is enabled on the incoming port and the number of learnt MAC addresses exceeds the MAC limit number of the port.
  • Dynamic source MAC move is not allowed on the port and dynamic source MAC move is treated as security breach.
  • Secure static source MAC move is not allowed on the port and security static source MAC move is treated as security breach.
mac-based-customer-vlan-for (all-frames | none |

tagged-frame-only | untagged-and-priority-tagged-frame-only; Default:

none)
Frame type for which applies MAC-based customer VLAN translation.
mac-based-service-vlan-for (all-frames | none |

tagged-frame-only | untagged-and-priority-tagged-frame-only; Default:

none)
Frame type for which applies MAC-based service VLAN translation.
mac-based-vlan-translate (yes | no; Default: no) Enable or disable MAC-based VLAN translation on the port.
mac-vlan-type (edge-port | network-port; Default: edge-port) Port type for MAC based VLAN translation.
pcp-propagation-for-initial-pcp (yes | no; Default: no)
per-queue-scheduling (strict-priority | wrr-group0 | wrr-group1; Default: )
priority-to-queue (; Default: 0-15:0,1:1,2:2,3:3)
qos-change-dei (yes | no; Default: no) Whether to change DEI on the port.
qos-change-dscp (yes | no; Default: no) Whether to change DSCP on the port.
qos-change-pcp (yes | no; Default: no) Whether to change PCP on the port.
qos-dscp-to-dscp-mapping (yes | no; Default: no) Enable or disable DSCP mapping on the port.
qos-pcp-dei-map-dei (; Default: 0-15:0)
qos-pcp-dei-map-drop-precedence (; Default: 0-15:green)
qos-pcp-dei-map-dscp (; Default: 0-15:0)
qos-pcp-dei-map-pcp (; Default: 0-15:0)
qos-pcp-dei-map-priority (yes | no; Default: 0-15:0)
qos-scheme-precedence (da-based | dscp-based |

pcp-based | protocol-based | sa-based | vlan-based; Default:

pcp-based)
secure-static-mac-move-is-restricted-unknown-sa (yes | no; Default: no)