Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
VSC6817 IStaX Software Product Specification
Product Overview
The IStaX turnkey software package is a fully managed L2 switch application for the IoT applications This softwarepackage can be customized to support different port configurations It is built on Linux to ensure cost optimizationwithout compromising efficiency The IStaX supports the following major capabilities
bull RedBoot bootloaderbull U-boot bootloaderbull Web or XMODEM update
Management is done using a web graphical user interface (GUI) command line interface (CLI) Simple NetworkManagement Protocol (SNMP) or JavaScript Object Notation-Remote Procedure Call (JSONRPC) running on theinternal MIPS24Kec CPU The IStaX is highly integrated with switch features such as QoS control lists (QCLs)access control lists (ACLs) and super priority management queue
This document provides an overview of the switch and software features of the IStaX software and lays the basis forfurther specifications The supported configuration details including parameters and limitations are beyond the scopeof this document The module specific requirement specifications and configuration guides may be referred to forobtaining these details
Supported Switch PlatformsThis software is supported on a series of Microchip switches with 12 26 or 57 ports with Power over Ethernet (PoE)and non-PoE capabilities It is also supported on Microsemi PHYs with SyncE and VeriTimetrade (IEEE 1588v2)capabilities The following table shows the supported switchesTable 1 Supported Switches
Switch Description
VSC7410 6-port SGMII Gigabit Ethernet Switch with VeriTimetrade and Gigabit Ethernet PHYs
VSC7414 11-port layer 2 SGMII Gigabit Ethernet Enterprise Switch with VeriTimetrade
VSC7415 6-Port SGMII Gigabit Ethernet Switch with VeriTimetrade Integrated DPLL and Gigabit EthernetPHYs
VSC7416 6-port Carrier Ethernet Switch Engine with ViSAAtrade VeriTimetrade and MPLSMPLS-TP
VSC7418 11-port Carrier Ethernet Switch Engine with ViSAAtrade VeriTimetrade and MPLSMPLS-TP
VSC7423 7-port layer 2 Gigabit Ethernet Switch with VeriTimetrade 5 Integrated Copper PHYs andEmbedded 32-bit CPU
VSC7428 11-port Carrier Ethernet Switch Engine with ViSAAtrade VeriTimetrade and PHYs
VSC7429 26-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade and 12 Fully Integrated Copper PHYs
VSC7430 6-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade and Gigabit Ethernet PHYs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 1
continuedSwitch Description
VSC7435 6-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade and Integrated DPLLs and GigabitEthernet PHYs
VSC7436 10-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade and Integrated Gigabit Ethernet PHYs
VSC7437 8-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade and Integrated DPLLs and GigabitEthernet PHYs
VSC7438 14-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade MPLS-TP and L3 Routing
VSC7440 10-port L2L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7442 52-port L2L3 Enterprise and Industrial Ethernet Switch
VSC7444 26-port L2L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7448 52-port L2L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7449 6-port SGMII Gigabit Ethernet Switch with VeriTimetrade and Gigabit Ethernet PHYs
VSC7464 11-port layer 2 SGMII Gigabit Ethernet Enterprise Switch with VeriTimetrade
VSC7468 6-port Carrier Ethernet Switch Engine with ViSAAtrade VeriTimetrade and MPLSMPLS-TP
VSC7513 8-port L2 Gigabit Ethernet Switch
VSC7514 10-port L2 Gigabit Ethernet Switch
VSC7546TSN 29-port L2L3 Industrial Gigabit Ethernet Switches
VSC7549TSN 53-port L2L3 Industrial Gigabit Ethernet Switches
VSC7552TSN 57-port L2L3 Industrial Gigabit Ethernet Switches
VSC7556TSN 57-port L2L3 Industrial Gigabit Ethernet Switches
VSC7558TSN 57-port L2L3 Industrial Gigabit Ethernet Switches
The following table lists the supported 1G PHYsTable 2 Supported 1G PHYs
PHY Description
VSC8211 Single-port 101001000BASE-T PHY and 1000BASE-X PHY with SGMII SerDes GMII MII TBIRGMIIRTBI MAC Interfaces
VSC8221 Single-port 101001000BASE-T PHY with 125 Gbps SerDesSGMII for SFPsGBICs
VSC8501 Single-port GbE Copper PHY with Synchronous Ethernet and RGMIIGMII Interface
VSC8502 Dual-port GbE Copper PHY with Synchronous Ethernet and RGMIIGMII Interface
VSC8504 Quad-port 101001000BASE-T PHY with Synchronous Ethernet and QSGMIISGMII MAC
VSC8512 12-port 101001000BASE-T PHY with SGMII and QSGMII MAC Interface
VSC8514 Quad-port Gigabit Copper EEE PHY with QSGMII MAC-to-PHY Interface
VSC8522 12-port 101001000BASE-T PHY with QSGMII MAC Interface
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 2
continuedPHY Description
VSC8552 Dual-port RGMIISGMIIQSGMII Dual Media PHY with EEE Support
VSC8562 Dual-port 101001000BASE-T PHY with Synchronous Ethernet Intellisectrade and QSGMIISGMII MAC
VSC8564 Dual-port 101001000BASE-T PHY with Synchronous Ethernet MACsec and QSGMIISGMII MAC
VSC8572 Dual-port 101001000BASE-T PHY with VeriTimetrade Synchronous Ethernet and RGMIISGMII MAC
VSC8574 Quad-port Dual Media QSGMIISGMII GbE PHY with VeriTimetrade
VSC8575 Quad-port 101001000BASE-T PHY with Synchronous Ethernet VeriTimetrade and QSGMIISGMIIMAC
VSC8582 Dual-port Dual Media QSGMIISGMII GbE PHY with Intellisectrade and VeriTimetrade
VSC8584 Quad-port Dual Media QSGMIISGMII GbE PHY with Intellisectrade and VeriTimetrade
The following table lists the supported 10G PHYsTable 3 Supported 10G PHYs
PHY Description
VSC8254 Dual Channel 1G10GBASE-KR to SFI Ethernet LANWAN PHY with VeriTimetrade and Intellisectrade
VSC8256 Quad Channel 1G10GBASE-KR to SFI Ethernet Repeater
VSC8257 Quad Channel 1G10GBASE-KR to SFI Ethernet WIS PHY with VeriTimetrade and Intellisectrade
VSC8258 Quad Channel 1G10GBASE-KR to SFI Ethernet WIS PHY with VeriTimetrade and Intellisectrade
VSC8489 Dual-port WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY
VSC8490 Dual-port WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY with Intellisectrade andVeriTimetrade
VSC8491 WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY with Intellisectrade and VeriTimetrade
Software ArchitectureThe CEServices software provides support for standalone switches It consists of the following components
bull Operating system (Linux) for access to the hardwarebull Application programming interface (API) for a function library to control switches and PHYsbull Control modules such as port control MSTP and Virtual LAN (VLAN)mdashto implement product features and
protocols These modules may include threads and provide a management API for configuration and monitoringbull Management modules such as CLI web JSON-RPC and Simple Network Management Protocol (SNMP)mdashfor
interfaces to the system based on the management API of the control modules
The following illustration shows the architecture of the Microchip managed application software and a few control andmanagement modules
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 3
Figure 1 Application Architecture
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 4
Table of Contents
Product Overview1
1 Supported Switch Platforms12 Software Architecture3
1 Supported Features 8
11 BSP and API 812 Port Control 813 Quality of Service (QoS)1014 Protection 1115 L2 Switching 1116 L3 Switching1317 Security 1418 Robustness and Power Savings 1619 OAM and Test16110 Timing and Synchronization 17111 Customization Framework19112 Management 20113 SNMP MIBs22
2 Features and Platform Capacity25
3 System Requirements28
4 Port and System Capabilities 30
41 Port Capability3042 System Capability30
5 Firmware Upgrade 31
6 Port Control 32
61 NPI Port3262 PCIe 3263 Dual CPU 3264 SFP Detection 3265 VeriPHY Support 3266 PoEPoE+ Support 3267 POEPOE+ with LLDP3268 Unidirectional Link Detection (UDLD)32
7 Quality of Service (QoS) 34
71 Port Policers3472 Scheduling and Shaping 3473 QCL Configuration3474 Weighted Random Early Detection (WRED)3475 Tag Remarking 3476 Ingress Port Classification3577 Queue Policers3578 DiffServ (RFC2474) Remarking 35
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 5
79 Global Storm Control35
8 L2 Switching36
81 Auto MAC Address LearningAging3682 MAC AddressesndashStatic 3683 Virtual LAN 3684 Voice VLAN 3785 Industrial Private VLANs 3786 Generic VLAN Registration Protocol (GVRP) 3887 Multiple Registration Protocol (MRP) 3888 Multiple VLAN Registration Protocol (MVRP) 3889 IEEE 8023ad Link Aggregation 38810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error Disable Recovery39811 IGMP Snooping and MLD Snooping 39812 DHCP Snooping39813 MAC Table Configuration 39814 Mirroring (SPANVSPAN and RSPAN) 40815 RMirror 40816 Flow Mirroring for AC 40817 Spanning Tree40818 Loop Guard 40
9 L3 Switching42
91 DHCP Relay4292 Universal Plug and Play (UPnP) 4293 L3 Routing42
10 Security 43
101 8021X and MAC-Based Authentication43102 Authentication Authorization and Accounting (AAA) 44103 Secure Access 44104 Users and Privilege Levels44105 Authentication and Authorization Methods45106 Access Control List (ACLs) 45107 ARP InspectionIP and IPv6 Source Guard46
11 Robustness and Power Savings 48
111 Robustness 48112 Power Savings 48
12 OAM and Test 50
121 OAM 50
13 Synchronization52
131 Precision Time Protocol (PTP) 52132 Microchip One-Step TC PHY Solution 52133 Transparent Clock over Microwave52134 G82651 Solution (Frequency) ITU Standard53135 G82751 Solution (Phase) ITU Standard53
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 6
136 G8275 Compliant Filter 53137 PTP Time Interface53138 Network Time Protocol (NTP)53139 Day Light Saving 53
14 Management 54
141 JSON-RPC54142 Management Services54143 Simple Network Management Protocol (SNMP) 57144 RMON Statistics57145 Internet Control Message Protocol57146 SysLog 58147 LLDP-MED 58148 8021AB LLDP and CDP Aware60149 IP Management DNS and DHCPv4v6601410 IPv6 Ready Logo Phase2 611411 DHCP Server611412 Console611413 System Management 611414 Management Access Filtering611415 sFlow611416 Default Configuration 621417 Configuration UploadDownload 621418 Loop Detection Restore to Default621419 Symbolic Register Access62
15 SNMP MIBs63
16 Revision History 64
The Microchip Website72
Product Change Notification Service72
Customer Support 72
Microchip Devices Code Protection Feature 72
Legal Notice 72
Trademarks 73
Quality Management System 73
Worldwide Sales and Service74
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 7
1 Supported FeaturesThe following sections describe the features of each module of the IStaX software
11 BSP and APIThe following table lists the features supported by the API moduleTable 1-1 BSP and API Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Internal CPU bull bull bull bull bull
External CPU mdash mdash mdash mdash bull
64-bit CPU Architecture mdash mdash mdash mdash bull
API and application split bull bull bull bull bull
MESA layer bull bull bull bull bull
MEBA layer bull bull bull bull bull
U-Boot bull bull bull bull bull
U-Boot network support bull bull bull bull bull
32MB NOR FLASH only option bull bull bull bull mdash
64MB NOR FLASH only option bull bull bull bull mdash
12 Port ControlThe following table lists the features supported by the port control module For more information see 6 Port Control
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 8
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
continuedSwitch Description
VSC7435 6-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade and Integrated DPLLs and GigabitEthernet PHYs
VSC7436 10-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade and Integrated Gigabit Ethernet PHYs
VSC7437 8-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade and Integrated DPLLs and GigabitEthernet PHYs
VSC7438 14-port Carrier Ethernet Switch with ViSAAtrade VeriTimetrade MPLS-TP and L3 Routing
VSC7440 10-port L2L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7442 52-port L2L3 Enterprise and Industrial Ethernet Switch
VSC7444 26-port L2L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7448 52-port L2L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7449 6-port SGMII Gigabit Ethernet Switch with VeriTimetrade and Gigabit Ethernet PHYs
VSC7464 11-port layer 2 SGMII Gigabit Ethernet Enterprise Switch with VeriTimetrade
VSC7468 6-port Carrier Ethernet Switch Engine with ViSAAtrade VeriTimetrade and MPLSMPLS-TP
VSC7513 8-port L2 Gigabit Ethernet Switch
VSC7514 10-port L2 Gigabit Ethernet Switch
VSC7546TSN 29-port L2L3 Industrial Gigabit Ethernet Switches
VSC7549TSN 53-port L2L3 Industrial Gigabit Ethernet Switches
VSC7552TSN 57-port L2L3 Industrial Gigabit Ethernet Switches
VSC7556TSN 57-port L2L3 Industrial Gigabit Ethernet Switches
VSC7558TSN 57-port L2L3 Industrial Gigabit Ethernet Switches
The following table lists the supported 1G PHYsTable 2 Supported 1G PHYs
PHY Description
VSC8211 Single-port 101001000BASE-T PHY and 1000BASE-X PHY with SGMII SerDes GMII MII TBIRGMIIRTBI MAC Interfaces
VSC8221 Single-port 101001000BASE-T PHY with 125 Gbps SerDesSGMII for SFPsGBICs
VSC8501 Single-port GbE Copper PHY with Synchronous Ethernet and RGMIIGMII Interface
VSC8502 Dual-port GbE Copper PHY with Synchronous Ethernet and RGMIIGMII Interface
VSC8504 Quad-port 101001000BASE-T PHY with Synchronous Ethernet and QSGMIISGMII MAC
VSC8512 12-port 101001000BASE-T PHY with SGMII and QSGMII MAC Interface
VSC8514 Quad-port Gigabit Copper EEE PHY with QSGMII MAC-to-PHY Interface
VSC8522 12-port 101001000BASE-T PHY with QSGMII MAC Interface
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 2
continuedPHY Description
VSC8552 Dual-port RGMIISGMIIQSGMII Dual Media PHY with EEE Support
VSC8562 Dual-port 101001000BASE-T PHY with Synchronous Ethernet Intellisectrade and QSGMIISGMII MAC
VSC8564 Dual-port 101001000BASE-T PHY with Synchronous Ethernet MACsec and QSGMIISGMII MAC
VSC8572 Dual-port 101001000BASE-T PHY with VeriTimetrade Synchronous Ethernet and RGMIISGMII MAC
VSC8574 Quad-port Dual Media QSGMIISGMII GbE PHY with VeriTimetrade
VSC8575 Quad-port 101001000BASE-T PHY with Synchronous Ethernet VeriTimetrade and QSGMIISGMIIMAC
VSC8582 Dual-port Dual Media QSGMIISGMII GbE PHY with Intellisectrade and VeriTimetrade
VSC8584 Quad-port Dual Media QSGMIISGMII GbE PHY with Intellisectrade and VeriTimetrade
The following table lists the supported 10G PHYsTable 3 Supported 10G PHYs
PHY Description
VSC8254 Dual Channel 1G10GBASE-KR to SFI Ethernet LANWAN PHY with VeriTimetrade and Intellisectrade
VSC8256 Quad Channel 1G10GBASE-KR to SFI Ethernet Repeater
VSC8257 Quad Channel 1G10GBASE-KR to SFI Ethernet WIS PHY with VeriTimetrade and Intellisectrade
VSC8258 Quad Channel 1G10GBASE-KR to SFI Ethernet WIS PHY with VeriTimetrade and Intellisectrade
VSC8489 Dual-port WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY
VSC8490 Dual-port WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY with Intellisectrade andVeriTimetrade
VSC8491 WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY with Intellisectrade and VeriTimetrade
Software ArchitectureThe CEServices software provides support for standalone switches It consists of the following components
bull Operating system (Linux) for access to the hardwarebull Application programming interface (API) for a function library to control switches and PHYsbull Control modules such as port control MSTP and Virtual LAN (VLAN)mdashto implement product features and
protocols These modules may include threads and provide a management API for configuration and monitoringbull Management modules such as CLI web JSON-RPC and Simple Network Management Protocol (SNMP)mdashfor
interfaces to the system based on the management API of the control modules
The following illustration shows the architecture of the Microchip managed application software and a few control andmanagement modules
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 3
Figure 1 Application Architecture
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 4
Table of Contents
Product Overview1
1 Supported Switch Platforms12 Software Architecture3
1 Supported Features 8
11 BSP and API 812 Port Control 813 Quality of Service (QoS)1014 Protection 1115 L2 Switching 1116 L3 Switching1317 Security 1418 Robustness and Power Savings 1619 OAM and Test16110 Timing and Synchronization 17111 Customization Framework19112 Management 20113 SNMP MIBs22
2 Features and Platform Capacity25
3 System Requirements28
4 Port and System Capabilities 30
41 Port Capability3042 System Capability30
5 Firmware Upgrade 31
6 Port Control 32
61 NPI Port3262 PCIe 3263 Dual CPU 3264 SFP Detection 3265 VeriPHY Support 3266 PoEPoE+ Support 3267 POEPOE+ with LLDP3268 Unidirectional Link Detection (UDLD)32
7 Quality of Service (QoS) 34
71 Port Policers3472 Scheduling and Shaping 3473 QCL Configuration3474 Weighted Random Early Detection (WRED)3475 Tag Remarking 3476 Ingress Port Classification3577 Queue Policers3578 DiffServ (RFC2474) Remarking 35
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 5
79 Global Storm Control35
8 L2 Switching36
81 Auto MAC Address LearningAging3682 MAC AddressesndashStatic 3683 Virtual LAN 3684 Voice VLAN 3785 Industrial Private VLANs 3786 Generic VLAN Registration Protocol (GVRP) 3887 Multiple Registration Protocol (MRP) 3888 Multiple VLAN Registration Protocol (MVRP) 3889 IEEE 8023ad Link Aggregation 38810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error Disable Recovery39811 IGMP Snooping and MLD Snooping 39812 DHCP Snooping39813 MAC Table Configuration 39814 Mirroring (SPANVSPAN and RSPAN) 40815 RMirror 40816 Flow Mirroring for AC 40817 Spanning Tree40818 Loop Guard 40
9 L3 Switching42
91 DHCP Relay4292 Universal Plug and Play (UPnP) 4293 L3 Routing42
10 Security 43
101 8021X and MAC-Based Authentication43102 Authentication Authorization and Accounting (AAA) 44103 Secure Access 44104 Users and Privilege Levels44105 Authentication and Authorization Methods45106 Access Control List (ACLs) 45107 ARP InspectionIP and IPv6 Source Guard46
11 Robustness and Power Savings 48
111 Robustness 48112 Power Savings 48
12 OAM and Test 50
121 OAM 50
13 Synchronization52
131 Precision Time Protocol (PTP) 52132 Microchip One-Step TC PHY Solution 52133 Transparent Clock over Microwave52134 G82651 Solution (Frequency) ITU Standard53135 G82751 Solution (Phase) ITU Standard53
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 6
136 G8275 Compliant Filter 53137 PTP Time Interface53138 Network Time Protocol (NTP)53139 Day Light Saving 53
14 Management 54
141 JSON-RPC54142 Management Services54143 Simple Network Management Protocol (SNMP) 57144 RMON Statistics57145 Internet Control Message Protocol57146 SysLog 58147 LLDP-MED 58148 8021AB LLDP and CDP Aware60149 IP Management DNS and DHCPv4v6601410 IPv6 Ready Logo Phase2 611411 DHCP Server611412 Console611413 System Management 611414 Management Access Filtering611415 sFlow611416 Default Configuration 621417 Configuration UploadDownload 621418 Loop Detection Restore to Default621419 Symbolic Register Access62
15 SNMP MIBs63
16 Revision History 64
The Microchip Website72
Product Change Notification Service72
Customer Support 72
Microchip Devices Code Protection Feature 72
Legal Notice 72
Trademarks 73
Quality Management System 73
Worldwide Sales and Service74
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 7
1 Supported FeaturesThe following sections describe the features of each module of the IStaX software
11 BSP and APIThe following table lists the features supported by the API moduleTable 1-1 BSP and API Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Internal CPU bull bull bull bull bull
External CPU mdash mdash mdash mdash bull
64-bit CPU Architecture mdash mdash mdash mdash bull
API and application split bull bull bull bull bull
MESA layer bull bull bull bull bull
MEBA layer bull bull bull bull bull
U-Boot bull bull bull bull bull
U-Boot network support bull bull bull bull bull
32MB NOR FLASH only option bull bull bull bull mdash
64MB NOR FLASH only option bull bull bull bull mdash
12 Port ControlThe following table lists the features supported by the port control module For more information see 6 Port Control
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 8
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
continuedPHY Description
VSC8552 Dual-port RGMIISGMIIQSGMII Dual Media PHY with EEE Support
VSC8562 Dual-port 101001000BASE-T PHY with Synchronous Ethernet Intellisectrade and QSGMIISGMII MAC
VSC8564 Dual-port 101001000BASE-T PHY with Synchronous Ethernet MACsec and QSGMIISGMII MAC
VSC8572 Dual-port 101001000BASE-T PHY with VeriTimetrade Synchronous Ethernet and RGMIISGMII MAC
VSC8574 Quad-port Dual Media QSGMIISGMII GbE PHY with VeriTimetrade
VSC8575 Quad-port 101001000BASE-T PHY with Synchronous Ethernet VeriTimetrade and QSGMIISGMIIMAC
VSC8582 Dual-port Dual Media QSGMIISGMII GbE PHY with Intellisectrade and VeriTimetrade
VSC8584 Quad-port Dual Media QSGMIISGMII GbE PHY with Intellisectrade and VeriTimetrade
The following table lists the supported 10G PHYsTable 3 Supported 10G PHYs
PHY Description
VSC8254 Dual Channel 1G10GBASE-KR to SFI Ethernet LANWAN PHY with VeriTimetrade and Intellisectrade
VSC8256 Quad Channel 1G10GBASE-KR to SFI Ethernet Repeater
VSC8257 Quad Channel 1G10GBASE-KR to SFI Ethernet WIS PHY with VeriTimetrade and Intellisectrade
VSC8258 Quad Channel 1G10GBASE-KR to SFI Ethernet WIS PHY with VeriTimetrade and Intellisectrade
VSC8489 Dual-port WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY
VSC8490 Dual-port WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY with Intellisectrade andVeriTimetrade
VSC8491 WANLANBackplane RXAUIXAUI to SFP+KR 10 GbE PHY with Intellisectrade and VeriTimetrade
Software ArchitectureThe CEServices software provides support for standalone switches It consists of the following components
bull Operating system (Linux) for access to the hardwarebull Application programming interface (API) for a function library to control switches and PHYsbull Control modules such as port control MSTP and Virtual LAN (VLAN)mdashto implement product features and
protocols These modules may include threads and provide a management API for configuration and monitoringbull Management modules such as CLI web JSON-RPC and Simple Network Management Protocol (SNMP)mdashfor
interfaces to the system based on the management API of the control modules
The following illustration shows the architecture of the Microchip managed application software and a few control andmanagement modules
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 3
Figure 1 Application Architecture
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 4
Table of Contents
Product Overview1
1 Supported Switch Platforms12 Software Architecture3
1 Supported Features 8
11 BSP and API 812 Port Control 813 Quality of Service (QoS)1014 Protection 1115 L2 Switching 1116 L3 Switching1317 Security 1418 Robustness and Power Savings 1619 OAM and Test16110 Timing and Synchronization 17111 Customization Framework19112 Management 20113 SNMP MIBs22
2 Features and Platform Capacity25
3 System Requirements28
4 Port and System Capabilities 30
41 Port Capability3042 System Capability30
5 Firmware Upgrade 31
6 Port Control 32
61 NPI Port3262 PCIe 3263 Dual CPU 3264 SFP Detection 3265 VeriPHY Support 3266 PoEPoE+ Support 3267 POEPOE+ with LLDP3268 Unidirectional Link Detection (UDLD)32
7 Quality of Service (QoS) 34
71 Port Policers3472 Scheduling and Shaping 3473 QCL Configuration3474 Weighted Random Early Detection (WRED)3475 Tag Remarking 3476 Ingress Port Classification3577 Queue Policers3578 DiffServ (RFC2474) Remarking 35
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 5
79 Global Storm Control35
8 L2 Switching36
81 Auto MAC Address LearningAging3682 MAC AddressesndashStatic 3683 Virtual LAN 3684 Voice VLAN 3785 Industrial Private VLANs 3786 Generic VLAN Registration Protocol (GVRP) 3887 Multiple Registration Protocol (MRP) 3888 Multiple VLAN Registration Protocol (MVRP) 3889 IEEE 8023ad Link Aggregation 38810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error Disable Recovery39811 IGMP Snooping and MLD Snooping 39812 DHCP Snooping39813 MAC Table Configuration 39814 Mirroring (SPANVSPAN and RSPAN) 40815 RMirror 40816 Flow Mirroring for AC 40817 Spanning Tree40818 Loop Guard 40
9 L3 Switching42
91 DHCP Relay4292 Universal Plug and Play (UPnP) 4293 L3 Routing42
10 Security 43
101 8021X and MAC-Based Authentication43102 Authentication Authorization and Accounting (AAA) 44103 Secure Access 44104 Users and Privilege Levels44105 Authentication and Authorization Methods45106 Access Control List (ACLs) 45107 ARP InspectionIP and IPv6 Source Guard46
11 Robustness and Power Savings 48
111 Robustness 48112 Power Savings 48
12 OAM and Test 50
121 OAM 50
13 Synchronization52
131 Precision Time Protocol (PTP) 52132 Microchip One-Step TC PHY Solution 52133 Transparent Clock over Microwave52134 G82651 Solution (Frequency) ITU Standard53135 G82751 Solution (Phase) ITU Standard53
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 6
136 G8275 Compliant Filter 53137 PTP Time Interface53138 Network Time Protocol (NTP)53139 Day Light Saving 53
14 Management 54
141 JSON-RPC54142 Management Services54143 Simple Network Management Protocol (SNMP) 57144 RMON Statistics57145 Internet Control Message Protocol57146 SysLog 58147 LLDP-MED 58148 8021AB LLDP and CDP Aware60149 IP Management DNS and DHCPv4v6601410 IPv6 Ready Logo Phase2 611411 DHCP Server611412 Console611413 System Management 611414 Management Access Filtering611415 sFlow611416 Default Configuration 621417 Configuration UploadDownload 621418 Loop Detection Restore to Default621419 Symbolic Register Access62
15 SNMP MIBs63
16 Revision History 64
The Microchip Website72
Product Change Notification Service72
Customer Support 72
Microchip Devices Code Protection Feature 72
Legal Notice 72
Trademarks 73
Quality Management System 73
Worldwide Sales and Service74
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 7
1 Supported FeaturesThe following sections describe the features of each module of the IStaX software
11 BSP and APIThe following table lists the features supported by the API moduleTable 1-1 BSP and API Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Internal CPU bull bull bull bull bull
External CPU mdash mdash mdash mdash bull
64-bit CPU Architecture mdash mdash mdash mdash bull
API and application split bull bull bull bull bull
MESA layer bull bull bull bull bull
MEBA layer bull bull bull bull bull
U-Boot bull bull bull bull bull
U-Boot network support bull bull bull bull bull
32MB NOR FLASH only option bull bull bull bull mdash
64MB NOR FLASH only option bull bull bull bull mdash
12 Port ControlThe following table lists the features supported by the port control module For more information see 6 Port Control
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 8
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
Figure 1 Application Architecture
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 4
Table of Contents
Product Overview1
1 Supported Switch Platforms12 Software Architecture3
1 Supported Features 8
11 BSP and API 812 Port Control 813 Quality of Service (QoS)1014 Protection 1115 L2 Switching 1116 L3 Switching1317 Security 1418 Robustness and Power Savings 1619 OAM and Test16110 Timing and Synchronization 17111 Customization Framework19112 Management 20113 SNMP MIBs22
2 Features and Platform Capacity25
3 System Requirements28
4 Port and System Capabilities 30
41 Port Capability3042 System Capability30
5 Firmware Upgrade 31
6 Port Control 32
61 NPI Port3262 PCIe 3263 Dual CPU 3264 SFP Detection 3265 VeriPHY Support 3266 PoEPoE+ Support 3267 POEPOE+ with LLDP3268 Unidirectional Link Detection (UDLD)32
7 Quality of Service (QoS) 34
71 Port Policers3472 Scheduling and Shaping 3473 QCL Configuration3474 Weighted Random Early Detection (WRED)3475 Tag Remarking 3476 Ingress Port Classification3577 Queue Policers3578 DiffServ (RFC2474) Remarking 35
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 5
79 Global Storm Control35
8 L2 Switching36
81 Auto MAC Address LearningAging3682 MAC AddressesndashStatic 3683 Virtual LAN 3684 Voice VLAN 3785 Industrial Private VLANs 3786 Generic VLAN Registration Protocol (GVRP) 3887 Multiple Registration Protocol (MRP) 3888 Multiple VLAN Registration Protocol (MVRP) 3889 IEEE 8023ad Link Aggregation 38810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error Disable Recovery39811 IGMP Snooping and MLD Snooping 39812 DHCP Snooping39813 MAC Table Configuration 39814 Mirroring (SPANVSPAN and RSPAN) 40815 RMirror 40816 Flow Mirroring for AC 40817 Spanning Tree40818 Loop Guard 40
9 L3 Switching42
91 DHCP Relay4292 Universal Plug and Play (UPnP) 4293 L3 Routing42
10 Security 43
101 8021X and MAC-Based Authentication43102 Authentication Authorization and Accounting (AAA) 44103 Secure Access 44104 Users and Privilege Levels44105 Authentication and Authorization Methods45106 Access Control List (ACLs) 45107 ARP InspectionIP and IPv6 Source Guard46
11 Robustness and Power Savings 48
111 Robustness 48112 Power Savings 48
12 OAM and Test 50
121 OAM 50
13 Synchronization52
131 Precision Time Protocol (PTP) 52132 Microchip One-Step TC PHY Solution 52133 Transparent Clock over Microwave52134 G82651 Solution (Frequency) ITU Standard53135 G82751 Solution (Phase) ITU Standard53
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 6
136 G8275 Compliant Filter 53137 PTP Time Interface53138 Network Time Protocol (NTP)53139 Day Light Saving 53
14 Management 54
141 JSON-RPC54142 Management Services54143 Simple Network Management Protocol (SNMP) 57144 RMON Statistics57145 Internet Control Message Protocol57146 SysLog 58147 LLDP-MED 58148 8021AB LLDP and CDP Aware60149 IP Management DNS and DHCPv4v6601410 IPv6 Ready Logo Phase2 611411 DHCP Server611412 Console611413 System Management 611414 Management Access Filtering611415 sFlow611416 Default Configuration 621417 Configuration UploadDownload 621418 Loop Detection Restore to Default621419 Symbolic Register Access62
15 SNMP MIBs63
16 Revision History 64
The Microchip Website72
Product Change Notification Service72
Customer Support 72
Microchip Devices Code Protection Feature 72
Legal Notice 72
Trademarks 73
Quality Management System 73
Worldwide Sales and Service74
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 7
1 Supported FeaturesThe following sections describe the features of each module of the IStaX software
11 BSP and APIThe following table lists the features supported by the API moduleTable 1-1 BSP and API Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Internal CPU bull bull bull bull bull
External CPU mdash mdash mdash mdash bull
64-bit CPU Architecture mdash mdash mdash mdash bull
API and application split bull bull bull bull bull
MESA layer bull bull bull bull bull
MEBA layer bull bull bull bull bull
U-Boot bull bull bull bull bull
U-Boot network support bull bull bull bull bull
32MB NOR FLASH only option bull bull bull bull mdash
64MB NOR FLASH only option bull bull bull bull mdash
12 Port ControlThe following table lists the features supported by the port control module For more information see 6 Port Control
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 8
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
Table of Contents
Product Overview1
1 Supported Switch Platforms12 Software Architecture3
1 Supported Features 8
11 BSP and API 812 Port Control 813 Quality of Service (QoS)1014 Protection 1115 L2 Switching 1116 L3 Switching1317 Security 1418 Robustness and Power Savings 1619 OAM and Test16110 Timing and Synchronization 17111 Customization Framework19112 Management 20113 SNMP MIBs22
2 Features and Platform Capacity25
3 System Requirements28
4 Port and System Capabilities 30
41 Port Capability3042 System Capability30
5 Firmware Upgrade 31
6 Port Control 32
61 NPI Port3262 PCIe 3263 Dual CPU 3264 SFP Detection 3265 VeriPHY Support 3266 PoEPoE+ Support 3267 POEPOE+ with LLDP3268 Unidirectional Link Detection (UDLD)32
7 Quality of Service (QoS) 34
71 Port Policers3472 Scheduling and Shaping 3473 QCL Configuration3474 Weighted Random Early Detection (WRED)3475 Tag Remarking 3476 Ingress Port Classification3577 Queue Policers3578 DiffServ (RFC2474) Remarking 35
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 5
79 Global Storm Control35
8 L2 Switching36
81 Auto MAC Address LearningAging3682 MAC AddressesndashStatic 3683 Virtual LAN 3684 Voice VLAN 3785 Industrial Private VLANs 3786 Generic VLAN Registration Protocol (GVRP) 3887 Multiple Registration Protocol (MRP) 3888 Multiple VLAN Registration Protocol (MVRP) 3889 IEEE 8023ad Link Aggregation 38810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error Disable Recovery39811 IGMP Snooping and MLD Snooping 39812 DHCP Snooping39813 MAC Table Configuration 39814 Mirroring (SPANVSPAN and RSPAN) 40815 RMirror 40816 Flow Mirroring for AC 40817 Spanning Tree40818 Loop Guard 40
9 L3 Switching42
91 DHCP Relay4292 Universal Plug and Play (UPnP) 4293 L3 Routing42
10 Security 43
101 8021X and MAC-Based Authentication43102 Authentication Authorization and Accounting (AAA) 44103 Secure Access 44104 Users and Privilege Levels44105 Authentication and Authorization Methods45106 Access Control List (ACLs) 45107 ARP InspectionIP and IPv6 Source Guard46
11 Robustness and Power Savings 48
111 Robustness 48112 Power Savings 48
12 OAM and Test 50
121 OAM 50
13 Synchronization52
131 Precision Time Protocol (PTP) 52132 Microchip One-Step TC PHY Solution 52133 Transparent Clock over Microwave52134 G82651 Solution (Frequency) ITU Standard53135 G82751 Solution (Phase) ITU Standard53
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 6
136 G8275 Compliant Filter 53137 PTP Time Interface53138 Network Time Protocol (NTP)53139 Day Light Saving 53
14 Management 54
141 JSON-RPC54142 Management Services54143 Simple Network Management Protocol (SNMP) 57144 RMON Statistics57145 Internet Control Message Protocol57146 SysLog 58147 LLDP-MED 58148 8021AB LLDP and CDP Aware60149 IP Management DNS and DHCPv4v6601410 IPv6 Ready Logo Phase2 611411 DHCP Server611412 Console611413 System Management 611414 Management Access Filtering611415 sFlow611416 Default Configuration 621417 Configuration UploadDownload 621418 Loop Detection Restore to Default621419 Symbolic Register Access62
15 SNMP MIBs63
16 Revision History 64
The Microchip Website72
Product Change Notification Service72
Customer Support 72
Microchip Devices Code Protection Feature 72
Legal Notice 72
Trademarks 73
Quality Management System 73
Worldwide Sales and Service74
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 7
1 Supported FeaturesThe following sections describe the features of each module of the IStaX software
11 BSP and APIThe following table lists the features supported by the API moduleTable 1-1 BSP and API Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Internal CPU bull bull bull bull bull
External CPU mdash mdash mdash mdash bull
64-bit CPU Architecture mdash mdash mdash mdash bull
API and application split bull bull bull bull bull
MESA layer bull bull bull bull bull
MEBA layer bull bull bull bull bull
U-Boot bull bull bull bull bull
U-Boot network support bull bull bull bull bull
32MB NOR FLASH only option bull bull bull bull mdash
64MB NOR FLASH only option bull bull bull bull mdash
12 Port ControlThe following table lists the features supported by the port control module For more information see 6 Port Control
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 8
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
79 Global Storm Control35
8 L2 Switching36
81 Auto MAC Address LearningAging3682 MAC AddressesndashStatic 3683 Virtual LAN 3684 Voice VLAN 3785 Industrial Private VLANs 3786 Generic VLAN Registration Protocol (GVRP) 3887 Multiple Registration Protocol (MRP) 3888 Multiple VLAN Registration Protocol (MVRP) 3889 IEEE 8023ad Link Aggregation 38810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error Disable Recovery39811 IGMP Snooping and MLD Snooping 39812 DHCP Snooping39813 MAC Table Configuration 39814 Mirroring (SPANVSPAN and RSPAN) 40815 RMirror 40816 Flow Mirroring for AC 40817 Spanning Tree40818 Loop Guard 40
9 L3 Switching42
91 DHCP Relay4292 Universal Plug and Play (UPnP) 4293 L3 Routing42
10 Security 43
101 8021X and MAC-Based Authentication43102 Authentication Authorization and Accounting (AAA) 44103 Secure Access 44104 Users and Privilege Levels44105 Authentication and Authorization Methods45106 Access Control List (ACLs) 45107 ARP InspectionIP and IPv6 Source Guard46
11 Robustness and Power Savings 48
111 Robustness 48112 Power Savings 48
12 OAM and Test 50
121 OAM 50
13 Synchronization52
131 Precision Time Protocol (PTP) 52132 Microchip One-Step TC PHY Solution 52133 Transparent Clock over Microwave52134 G82651 Solution (Frequency) ITU Standard53135 G82751 Solution (Phase) ITU Standard53
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 6
136 G8275 Compliant Filter 53137 PTP Time Interface53138 Network Time Protocol (NTP)53139 Day Light Saving 53
14 Management 54
141 JSON-RPC54142 Management Services54143 Simple Network Management Protocol (SNMP) 57144 RMON Statistics57145 Internet Control Message Protocol57146 SysLog 58147 LLDP-MED 58148 8021AB LLDP and CDP Aware60149 IP Management DNS and DHCPv4v6601410 IPv6 Ready Logo Phase2 611411 DHCP Server611412 Console611413 System Management 611414 Management Access Filtering611415 sFlow611416 Default Configuration 621417 Configuration UploadDownload 621418 Loop Detection Restore to Default621419 Symbolic Register Access62
15 SNMP MIBs63
16 Revision History 64
The Microchip Website72
Product Change Notification Service72
Customer Support 72
Microchip Devices Code Protection Feature 72
Legal Notice 72
Trademarks 73
Quality Management System 73
Worldwide Sales and Service74
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 7
1 Supported FeaturesThe following sections describe the features of each module of the IStaX software
11 BSP and APIThe following table lists the features supported by the API moduleTable 1-1 BSP and API Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Internal CPU bull bull bull bull bull
External CPU mdash mdash mdash mdash bull
64-bit CPU Architecture mdash mdash mdash mdash bull
API and application split bull bull bull bull bull
MESA layer bull bull bull bull bull
MEBA layer bull bull bull bull bull
U-Boot bull bull bull bull bull
U-Boot network support bull bull bull bull bull
32MB NOR FLASH only option bull bull bull bull mdash
64MB NOR FLASH only option bull bull bull bull mdash
12 Port ControlThe following table lists the features supported by the port control module For more information see 6 Port Control
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 8
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
136 G8275 Compliant Filter 53137 PTP Time Interface53138 Network Time Protocol (NTP)53139 Day Light Saving 53
14 Management 54
141 JSON-RPC54142 Management Services54143 Simple Network Management Protocol (SNMP) 57144 RMON Statistics57145 Internet Control Message Protocol57146 SysLog 58147 LLDP-MED 58148 8021AB LLDP and CDP Aware60149 IP Management DNS and DHCPv4v6601410 IPv6 Ready Logo Phase2 611411 DHCP Server611412 Console611413 System Management 611414 Management Access Filtering611415 sFlow611416 Default Configuration 621417 Configuration UploadDownload 621418 Loop Detection Restore to Default621419 Symbolic Register Access62
15 SNMP MIBs63
16 Revision History 64
The Microchip Website72
Product Change Notification Service72
Customer Support 72
Microchip Devices Code Protection Feature 72
Legal Notice 72
Trademarks 73
Quality Management System 73
Worldwide Sales and Service74
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 7
1 Supported FeaturesThe following sections describe the features of each module of the IStaX software
11 BSP and APIThe following table lists the features supported by the API moduleTable 1-1 BSP and API Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Internal CPU bull bull bull bull bull
External CPU mdash mdash mdash mdash bull
64-bit CPU Architecture mdash mdash mdash mdash bull
API and application split bull bull bull bull bull
MESA layer bull bull bull bull bull
MEBA layer bull bull bull bull bull
U-Boot bull bull bull bull bull
U-Boot network support bull bull bull bull bull
32MB NOR FLASH only option bull bull bull bull mdash
64MB NOR FLASH only option bull bull bull bull mdash
12 Port ControlThe following table lists the features supported by the port control module For more information see 6 Port Control
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 8
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
1 Supported FeaturesThe following sections describe the features of each module of the IStaX software
11 BSP and APIThe following table lists the features supported by the API moduleTable 1-1 BSP and API Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Internal CPU bull bull bull bull bull
External CPU mdash mdash mdash mdash bull
64-bit CPU Architecture mdash mdash mdash mdash bull
API and application split bull bull bull bull bull
MESA layer bull bull bull bull bull
MEBA layer bull bull bull bull bull
U-Boot bull bull bull bull bull
U-Boot network support bull bull bull bull bull
32MB NOR FLASH only option bull bull bull bull mdash
64MB NOR FLASH only option bull bull bull bull mdash
12 Port ControlThe following table lists the features supported by the port control module For more information see 6 Port Control
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 8
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
Table 1-2 Port Control Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Port speedduplex modeflowcontrol
bull bull bull bull bull
Aquantia 25G PHY Gen2 bull bull bull bull bull
Aquantia 25G PHY Gen3 bull bull bull bull bull
Aquantia 5G PHY Gen3 mdash bull mdash mdash mdash
Aquantia 10G PHY Gen2 mdash bull bull mdash bull
8021Qbb Per Priority Flow Control mdash bull bull bull bull
Port frame size (jumbo frames) bull bull bull bull bull
Port state (administrative status) bull bull bull bull bull
Port status (link monitoring) bull bull bull bull bull
Port statistics (MIB counters) bull bull bull bull bull
Port VeriPHY (cable diagnostics) bull bull bull bull bull
PoEPoE+ with PD69208 support(external controller)
bull bull bull bull mdash
PoEPoE+ with Link LayerDiscovery Protocol (LLDP)
bull bull bull bull mdash
PoE IEEE8023bt without LLDP
(external controller)
bull bull bull bull mdash
NPI port bull bull bull bull bull
PCIe mdash bull bull bull bull
On-the-fly SFP detection bull bull bull bull bull
DDMI bull bull bull bull bull
Unidirectional Link Detection(UDLD)
bull bull bull bull bull
IEEE 8023ap 10G-KR mdash mdash mdash mdash bull
IEEE 8023ap 25G-KR mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 9
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
13 Quality of Service (QoS)The following table lists the features supported by the QoS module For more information see 7 Quality of Service(QoS)Table 1-3 QoS Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cut-through mdash mdash mdash mdash bull
Traffic classes (8 active priorities) bull bull bull bull bull
Port default priority bull bull bull bull bull
User priority bull bull bull bull bull
Input priority mapping bull bull bull bull bull
QoS control list (QCL mode) bull bull bull bull bull
Global storm control for UC MC and BC bull bull bull bull bull
Random early discard (RED) mdash bull bull bull bull
Port policers bull bull bull bull bull
Queue policers bull bull bull bull bull
GlobalVCAP (ACL) policers bull bull bull bull bull
Port egress shaper bull bull bull bull bull
Queue egress shapers bull bull bull bull bull
DiffServ (RFC2474) remarking bull bull bull bull bull
Tag remarking bull bull bull bull bull
Scheduler mode bull bull bull bull bull
IEEE-8021Qbv (TAS) Time-awareScheduler
mdash mdash mdash mdash bull
IEEE-8021Qbu amp 8023br framepreemption
mdash mdash mdash mdash bull
IEEE-8021Qci ingress gatingpolicingchecking
mdash mdash mdash mdash bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 10
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
14 ProtectionThe following table lists the features supported by the protection moduleTable 1-4 Protection Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
11 port protection - G8031 bull bull bull bull bull
Ring protection - G8032 bull bull bull bull bull
Ring protection v2 - G8032 bull bull bull bull bull
IEEE-8021CB (FRER) mdash mdash mdash mdash bull
15 L2 SwitchingThe following table lists the features supported by the L2 switching module For more information see 8 L2SwitchingTable 1-5 L2 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
IEEE 8021D Bridge
Auto MAC address learningaging bull bull bull bull bull
MAC addressesmdashstatic bull bull bull bull bull
IEEE 8021Q
Virtual LAN bull bull bull bull bull
Bidirectional VLAN translation bull bull bull bull bull
Unidirectional VLAN translation(ingressegress)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 11
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Private VLANmdashstatic bull bull bull bull bull
Port isolationmdashstatic bull bull bull bull bull
MAC-based VLAN bull bull bull bull bull
Protocol-based VLAN bull bull bull bull bull
IP subnet-based VLAN bull bull bull bull bull
VLAN trunking bull bull bull bull bull
iPVLAN Trunking mdash bull bull bull bull
GARP VLAN Registration Protocol(GVRP)
bull bull bull bull bull
Multiple Registration Protocol(MRP)
bull bull bull bull bull
Multiple VLAN RegistrationProtocol (MVRP)
bull bull bull bull bull
IEEE 8021ad provider bridge(native or translated VLAN)
bull bull bull bull bull
Multiple Spanning Tree Protocol(MSTP)
bull bull bull bull bull
Rapid Spanning Tree Protocol(RSTP) and STP
bull bull bull bull bull
Loop guard bull bull bull bull bull
IEEE 8023ad
Link aggregationmdashstatic bull bull bull bull bull
Link aggregationmdashLinkAggregation Control Protocol(LACP)
bull bull bull bull bull
AGGRLACP user interfacealignment with Industry standard
bull bull bull bull bull
UNI LAG (LACP) 11 activestandby
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 12
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
LACP revertivenon-revertive bull bull bull bull bull
LACP loop free operation bull bull bull bull bull
Bridge Protocol Data Unit (BPDU)guard and restricted role
bull bull bull bull bull
Error disable recovery bull bull bull bull bull
IGMPv2 snooping bull bull bull bull bull
IGMPv3 snooping bull bull bull bull bull
MLDv1 snooping bull bull bull bull bull
MLDv2 snooping bull bull bull mdash bull
Internet Group ManagementProtocol (IGMP) filtering profile
bull bull bull bull bull
IP Multicast (IPMC) throttlingfiltering and leave proxy
bull bull bull bull bull
Multicast VLAN Registration(MVR)
bull bull bull bull bull
MVR profile bull bull bull bull bull
Voice VLAN bull bull bull bull bull
DHCP snooping bull bull bull bull bull
ARP inspection bull bull bull bull bull
Port mirroring bull bull bull bull bull
Flow mirroring bull bull bull bull bull
Rmirror bull bull bull bull bull
16 L3 SwitchingThe following table lists the features supported by the L3 switching module For more information see 9 L3Switching
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 13
Table 1-6 L3 Switching Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
DHCP option 82 relay bull bull bull bull bull
Universal Plug and Play (UPnP) bull bull bull bull bull
Software-based IPv4 L3 static routingwith Linux Kernel integration
bull mdash mdash bull mdash
Hardware-based IPv4 L3 static routingwith Linux Kernel integration
mdash bull bull mdash bull
RFC2992 (ECMP) support for HWbased L3 static routing
mdash bull bull mdash bull
RFC 2453 RIPv2 dynamic routing mdash bull bull mdash bull
RFC 2328 OSPFv2 Dynamic routing mdash bull bull mdash bull
RFC 3101 The OSPF Not-So-StubbyArea (NSSA) Option
mdash bull bull mdash bull
RFC 3137 OSPF Stub RouterAdvertisement
mdash bull bull mdash bull
Software-based IPv6 L3 static routing bull mdash mdash bull mdash
Hardware-based IPv6 L3 static routing mdash bull bull mdash bull
RFC 27405340 OSPFv3 DynamicRouting
mdash bull bull mdash bull
RFC-1812 L3 checking (version IHLchecksum and so on)
bull bull bull bull bull
17 SecurityThe following table lists the features supported by the security module For more information see 10 Security
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 14
Table 1-7 Security Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Network Access Server (NAS)
Port-based 8021X bull bull bull bull bull
Single 8021X bull bull bull bull bull
Multiple 8021X bull bull bull bull bull
MAC-based authentication bull bull bull bull bull
VLAN assignment bull bull bull bull bull
QoS assignment bull bull bull bull bull
Guest VLAN bull bull bull bull bull
Remote authentication dial In userservice (RADIUS) authentication andauthorization
bull bull bull bull bull
RADIUS accounting bull bull bull bull bull
MAC address limit bull bull bull bull bull
Persistent MAC learning bull bull bull bull bull
IP MAC binding bull bull bull bull bull
IPMAC binding dynamic to static bull bull bull bull bull
TACACS+ authentication andauthorization
bull bull bull bull bull
TACACS+ command authorization bull bull bull bull bull
TACACS+ accounting bull bull bull bull bull
Web and CLI authentication bull bull bull bull bull
Authorization (15 user levels) bull bull bull bull bull
ACLs for filteringpolicingport copy bull bull bull bull bull
IP source guard bull bull bull bull bull
Secure FTP Client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 15
18 Robustness and Power SavingsThe following table lists the features supported by the robustness and power savings module For more informationsee 12 OAM and TestTable 1-8 Robustness and Power Savings Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Cold start bull bull bull bull bull
Cool start bull bull bull bull bull
ActiPHY bull bull bull bull bull
PerfectReach bull bull bull bull bull
Energy-Efficient Ethernet (EEE) powermanagement
bull bull bull bull bull
LED power management bull bull mdash mdash bull
Thermal protection bull bull bull bull bull
Adaptive fan control bull bull bull mdash bull
19 OAM and TestThe following table lists the features supported by the OAM and Test module For more information see 12 OAMand TestTable 1-9 OAM and Testing Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Link OAM (8023ah)
Variable request and response bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 16
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Discovery process information eventnotification loopback
bull bull bull bull bull
Dying gasp bull bull bull bull bull
Dying gasp enhanced bull bull bull bull bull
Dying gasp SNMP trap bull bull bull bull bull
CFM
Continuity Check (ETH-CCM) bull bull bull bull bull
IS- OS- PS- and SID-TLV bull bull bull bull bull
APS using ETH-CCM and ETH-APS bull bull bull bull bull
ERPS using ETH-CCM and ETH-RAPS bull bull bull bull bull
Hardware-accelerated OAM mdash bull bull bull bull
110 Timing and SynchronizationThe following table lists the features supported by the timing and synchronization module For more information see 13 SynchronizationTable 1-10 Timing and Synchronization Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
SyncE with SSM bull bull bull bull bull
SyncE nomination for twointerfaces
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 17
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Microchip one-step TC PHYsolution
bull bull bull bull bull
IEEE 1588v2 PTP with two-step clock
bull bull bull bull bull
IEEE 1588v2 PTP with one-step clock
bull bull bull bull bull
Peer-to-peer transparentclock over EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv4
bull bull bull bull bull
End-to-end transparent clockover EthernetIPv6
bull bull bull bull bull
Boundary clock bull bull bull bull bull
Redundant masters andmultiple timing domains
bull bull bull bull bull
PTP over IPv4 bull bull bull bull bull
Unicastmulticast bull bull bull bull bull
TC internal masterslave withPDV filtering and nomodulation or latencyfeedback from modems
bull bull bull bull bull
TC internal masterslave withreduced PDV filtering andmodem provides feedback onmodulation or latency (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Combined SyncE and 1588 bull bull bull bull bull
MSCC timing BU servoalgorithm integration (MSCCZLS30387)
bull bull bull bull bull
MSCC timing BU DPLL APIintegration
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 18
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
G82651 BMCA (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
ITU G8263 filtering (MSCCZLS30380 only)
bull bull bull bull bull
PTP profile (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
Clock quality (MSCCZLS30384 and MSCCZLS30380 only)
bull bull bull bull bull
G781 compliant clockselection algorithm for theplatform as a PTP slave(MSCC ZLS30384 andMSCC ZLS30380 only)
bull bull bull bull bull
G82751 BMCAmdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
G8275 compliant filtermdashonlyZLS30384 and ZLS30380servo
bull bull bull bull bull
PTP time interface bull bull bull bull bull
NTPv4 client bull bull bull bull bull
IEEE8021AS-2011IEEE8021AS rev D42
bull bull bull bull bull
111 Customization FrameworkThe following table lists the features supported by the customization framework module
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 19
Table 1-11 Customization Framework Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Separate BSP and application bull bull bull bull bull
Append or change a binary image bull bull bull bull bull
IPC JSON-RPC socket (withnotification support)
bull bull bull bull bull
Overwrite default startup configuration bull bull bull bull bull
Boot and initialization of third-partydaemons
bull bull bull bull bull
Configuration to disable certain built-infeatures
bull bull bull bull bull
Microchip Ethernet Board API (MEBA) bull bull bull bull
112 ManagementThe following table lists the features supported by the management module For more information see 14 ManagementTable 1-12 Management Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
JSON-RPC bull bull bull bull bull
JSON-RPC notifications bull bull bull bull bull
Dual CPU (application variantwith JSON
mdash bull bull bull bull
RFC 2131 DHCP client bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 20
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2131 DHCP server bull bull bull bull bull
DHCP server support forDHCP relay packets
bull bull bull bull bull
DHCP per port bull bull bull bull bull
RFC 3315 DHCPv6 client bull bull bull bull bull
RFC 3315 DHCPv6 relayagent
bull bull bull bull bull
RFC 7610 DHCPv6-shieldprotecting against rogueDHCPv6 servers
bull bull bull bull bull
RFC 1035 DNS client relay bull bull bull bull bull
IPv4IPv6 ping bull bull bull bull bull
IPv4IPv6 traceroute bull bull bull bull bull
HTTP server bull bull bull bull bull
CLImdashconsole port bull bull bull bull bull
CLImdashTelnet bull bull bull bull bull
Industrial standard CLI bull bull bull bull bull
Industrial standardconfiguration
bull bull bull bull bull
Industrial standard CLI debugcommands
bull bull bull bull bull
Port description CLI bull bull bull bull bull
Management access filtering bull bull bull bull bull
HTTPS bull bull bull bull bull
SSHv2 bull bull bull bull bull
IPv6 management bull bull bull bull bull
IPv6 ready logo PHASE2(host only)
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 21
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC4884 (ICMPv6) bull bull bull bull bull
System syslog bull bull bull bull bull
Software upload through web bull bull bull bull bull
SNMP v1v2cv3 agent 1 bull bull bull bull bull
RMON (group 1 2 3 and 9) bull bull bull bull bull
RMON alarm and event (CLIand web)
bull bull bull bull bull
Alarm module bull bull bull bull bull
IEEE 8021AB-2005 link layerdiscoverymdashLLDP
bull bull bull bull bull
TIA 1057 LLDPmdashMED bull bull bull bull bull
Industry standard discoveryprotocol - ISDP
bull bull bull bull bull
sFlow bull bull bull bull bull
FTP Client bull bull bull bull bull
Configuration downloaduploadmdash industrial standard
bull bull bull bull bull
Loop detection restore todefault
bull bull bull bull bull
Symbolic register access bull bull bull bull bull
Daylight saving bull bull bull bull bull
Note 1 No SNMPv1 trap support
113 SNMP MIBsThe following table lists the features supported by the SNMP MIBs module For more information see 15 SNMPMIBs
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 22
Table 1-13 SNMP MIBs Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2674 VLAN MIB bull bull bull bull bull
IEEE 8021Q bridge MIB 2008 bull bull bull bull bull
RFC 2819 RMON (group 1 2 3and 9)
bull bull bull bull bull
RFC 1213 MIB II bull bull bull bull bull
RFC 1215 TRAPS MIB bull bull bull bull bull
RFC 4188 bridge MIB bull bull bull bull bull
RFC 4292 IP forwarding table MIB bull bull bull bull bull
RFC 4293 ManagementInformation base for the InternetProtocol (IP)
bull bull bull bull bull
RFC 5519 multicast groupmembership discovery MIB
bull bull bull bull bull
RFC 4668 RADIUS authenticationclient MIB
bull bull bull bull bull
RFC 4670 RADIUS accountingMIB
bull bull bull bull bull
RFC 3635 Ethernet-like MIB bull bull bull bull bull
RFC 2863 interface group MIBusing SMI v2
bull bull bull bull bull
RFC 3636 8023 MAU MIB bull bull bull bull bull
RFC 4133 entity MIB version 3 bull bull bull bull bull
RFC 4878 Link OAM MIB bull bull bull bull bull
RFC 3411 SNMP managementframeworks
bull bull bull bull bull
RFC 3414 user-based securitymodel for SNMPv3
bull bull bull bull bull
RFC 3415 view-based accesscontrol model for SNMP
bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 23
continuedFeature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
RFC 2613 SMONmdashPortCopy bull bull bull bull bull
IEEE 8021 MSTP MIB bull bull bull bull bull
IEEE 8021AB LLDP-MIB (LLDPMIB included in a clause of theSTD)
bull bull bull bull bull
IEEE 8023ad (LACP MIBincluded in a clause of the STD)
bull bull bull bull bull
IEEE 8021X (PAE MIB includedin a clause of the STD)
bull bull bull bull bull
TIA 1057 LLDP-MED (MIB is partof the STD)
bull bull bull bull bull
RFC 3621 LLDP-MED power(PoE) (no specific MIB for PoE+exists)
bull bull bull bull mdash
Private MIB framework bull bull bull bull bull
VSC6817Supported Features
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 24
2 Features and Platform CapacityThe following table lists the features and platform capacity supported by the IStaX software The capacity mentionedcan be either software or hardware constrainedTable 2-1 Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Resilience andAvailability
IEEE 8021sMSTP instances
8 8 8 8 8
IEEE 8023adLACP Max LAGs
5 LAGs 7 LAGs inVSC7438
26 LAGs inVSC7442484968
13 LAGs inVSC744464
3 LAGs inSC741015VSC743035
4 LAGs in7440153637
4 LAGs inVSC7513
5 LAGs inVSC7514
35 LAGs inVSC7546TSN
37 LAGs inVSC7549TSNVSC7552TSNVSC7556TSNVSC7558TSN
Traffic Control
Port-based VLAN 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1
Private VLAN 11 14 in VSC7438
52 inVSC7442484968
26 inVSC744464
6 in 7410153035
8 in 7440153637
8 in VSC7513
10 in VSC7514
9
Voice VLAN 1 1 1 1 1
MAC table size8K
8K 32K 8K 4K 32K
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 25
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Storm control 1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(global settingfor UnicastMulticast andBroadcast)
25 kbps ndash10Gbps [per portfor Unicast(knownlearned)Broadcast andUnknown(floodedUnicast andMulticast)]
25 kbps ndash10 Gbps[per port for Unicast(knownlearned)Broadcast andUnknown (floodedUnicast andMulticast)]
1 2 4 8 1632 64 128256 512 10002000 40008000 1600032000 64000128000256000512000 or1024000 kpps(Global settingfor UnicastMulticast andBroadcast)
10 kbps ndash 13128mbps
Jumbo framessupported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240
Security
Port securityaging
10 to10000000s
10 to10000000s
10 to 10000000s 10 to10000000s
10 to 10000000s
MAC addresslimit
1024 1024 1024 1024 1024
Static MACentries supported
64 64 64 64 64
RADIUSauthenticationservers
5 5 5 5 5
TACACS+authenticationservers
5 5 5 5 5
RADIUSaccountingservers
5 5 5 5 5
TelnetSSH v2 4 4 4 4 4
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 26
continuedFeature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
Max ARPinspection
1K per system 1K per system 1K per system 1K per system 1K per system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512
Policy-basedsecurity filtering
512 512 512 512 512
Password length 32 32 32 32 32
Authorizationuser levels
15 15 15 15 15
ACE 256 512 512 64 full 128 halfor 256 quad
512
Number of loggedin users
20 20 20 20 20
IP Routing
Max static routeentries
32 128 32 32 512
Max HW routingtable entries
No HW routingtable
4000 1000 No HW routingtable
3072
Note 1 The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K)
VSC6817Features and Platform Capacity
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 27
3 System RequirementsThe following tables lists the port system requirements supported by the IStaX softwareTable 3-1 Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSNVSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LEDs per port 1 1 1 1 1
SFP+SFP SFP auto-detection
Both SFPSFP+supported
Both SFPSFP+ supported
BothSFPSFP+supported
Both SFPSFP+supported
Speed capability per 10100Mand Gigabit port
Supported Supported Supported Supported Supported
Duplex capability per10100M
Halffull Halffull Halffull Halffull Halffull
Auto MDIMDIX Supported Supported Supported Supported Supported
Port packet forwarding rate 1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)and 14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbpswith 64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
14880000pps (10Gbps)1488000pps (1000Mbps with64 bytes)148800 pps(100 Mbps)14880 pps(10 Mbps)
14880000 pps(10 Gbps)1488000 pps(1000 Mbps with64 bytes)148800 pps(100 Mbps)14880 pps (10Mbps)
RJ45 connectors Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX softwareTable 3-2 Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 28
continuedRequirement Support
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMCsafety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817System Requirements
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 29
4 Port and System CapabilitiesThe following sections describe the port and system capabilities supported by the IStaX software
41 Port CapabilityThe ports are equipped with the following capabilities
bull All copper ports can be configured as full-duplex or half-duplexbull Copper ports operating at 10100 Mbps support auto-sensing and auto-negotiationbull Full-duplex auto-sensing and auto-negotiation are supported on 1000 Mbps portsbull Full-duplex flow control is supported according to the IEEE 8023x standardbull Half-duplex flow control is supported using collision-based backpressurebull LEDs for all the ports are driven by the SGPIO and Shift registersbull Different port-based configurations are supported on all available ports For more information see 1 Supported
Features
42 System CapabilityThe 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speedlayer 2 GigabitFast Ethernet switches with an option to additionally support the PoE capability with partner vendors
The turnkey switch software runs on Linux The following system-wide operations are supported
bull Store-and-forward forwarding architecturebull Configurable MAC address aging support (300 seconds default timeout value)bull Port packet-forwarding rates of 1488095 pps (1000 Mbps) 148810 pps (100 Mbps) and 14880 pps (10 Mbps)bull 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switchbull 16-MB flash size is recommended for a typical 24- to 48-port switchbull NOR-only flash-based hardware designs are supported NOR flash size of 64 MB is supported
VSC6817Port and System Capabilities
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 30
5 Firmware UpgradeThe IStaX firmware which controls the switch can be updated using one of the following methods
bull Web using the HTTP protocolbull CLI using the TFTP client on the switch
The software image selection information includes the following
bull Imagemdashthe file name of the firmware imagebull Versionmdashthe version of the firmware imagebull Datemdashthe date when the firmware was produced
After the software image is uploaded from the web interface a web page announces that the firmware update isinitiated After about a minute the firmware is updated and the switch restarts
While the firmware is being updated web access appears to be defunct The front LED flashes greenoff with afrequency of 10 Hz while the firmware update is in progress
Note Do not restart or power off the device at this time or the switch may fail to function
VSC6817Firmware Upgrade
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 31
6 Port ControlThe following sections describe the port control features supported by the IStaX software
61 NPI PortThe IStaX software supports the NPI port to manage the switch core Any front port can be configured as an NPI portthrough which frames can be injected from and extracted to an external CPU
62 PCIeThe PCIe interface allows a back-to-back connection with an external CPU The external CPU has readwrite accessto device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injectionextraction registers
63 Dual CPUThe IStaX software supports a dual system where both the internal and external CPU are active at the same time
64 SFP DetectionThe IStaX software detects SFP at run time
65 VeriPHY SupportThe IStaX software provides VeriPHY support to run cable diagnostics to find cable shortsopens and to determinecable length
66 PoEPoE+ SupportThe IStaX software provides PoEPoE+ support to comply with the IEEE 8023at and IEEE 8023af standards ofenabling the supply of up to 30 W per port and up to the total power budget
67 POEPOE+ with LLDPThe IStaX software allows automatic power configuration if the link partner supports PoE When LLDP is enabled theinformation about the power usage of the PD is available and then the switch can comply with or ignore thisinformation
68 Unidirectional Link Detection (UDLD)UDLD is used to determine the physical status of the link and to detect a unidirectional link
A UDLD packet is sent to the port it links to for each device and for each port The packet contains identityinformation of the sender (device and port) and expected receiver identity information (device and port) Each portchecks that the UDLD packets it receives contain the identifiers of its own device and port
The UDLD implementation conforms to the RFC5171 standard
Note RFC5171 is unclear about timers as well as messaging sequences It is assumed that probe messages are initiallyexchanged every second and once link status is detected probe messages are exchanged depending on messagetime interval (by default 7 seconds)
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 32
Time Interval Type Length Value (TLV) Message Interval TLV and Sequence Interval TLV are not fully supported dueto insufficient information in this RFC
Detection starts once the UDLD enabled port gets new device ID and port ID pair If a port is detected asunidirectional or loopback link the port is shut down if mode is Aggressive In Normal mode the port will not be shutdown
Port is reopened once UDLD is disabledenabled on that port
681 Port StatisticsThe IStaX software supports the detailed port related statistics and system information related configuration It ispossible to view the detailed QoS related statistics using IStaX software
VSC6817Port Control
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 33
7 Quality of Service (QoS)The following sections describe the rich QoS features supported by the IStaX software
71 Port PolicersThe QoS ingress port policers are configurable per port and are disabled by default The software allows disableenable flow control on the port policer Flow control is disabled by default If flow control is enabled and the port is inflow control mode then pause frames are sent instead of discarding frames
72 Scheduling and ShapingEach egress port implements a scheduler that controls eight queues one queue (priority) per QoS class Thescheduler mode can be set to strict priority or weighted (modified-DWRR) Strict priority is selected by default It ispossible to specify the weight for each of the queues (0ndash5)
Each egress port also implements a port shaper and a shaper per queue The software allows disablingenabling theport and queue shaper as part of egress shaping The port shaper and queue shaper are disabled by default
It is possible to specify the maximum bit rate in kbps or mbps The use of excess bandwidth for a queue isconfigurable and is disabled by default
The software also has the QoS leaky bucket egress shapers support per queue (0ndash7) as well as per port
73 QCL ConfigurationQoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List(QCL)
The QCL consists of QCE entries where each entry is configured with keys and actions The keys specify which partof the frames must be matched and the actions specify the applied classification parameters
When a frame is received on a port the list of QCEs is searched for a match If the frame matches the configuredkeys the actions are applied and the search is terminated
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class onspecific traffic objects A QoS class can be associated with a particular QCE ID
74 Weighted Random Early Detection (WRED)While the random early detection (RED) settings are configurable for queues 0ndash5 WRED is configurable to eitherdisableenable and is disabled by default
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WREDstarts discarding frames
By specifying a different RED configuration for the queues (QoS classes) it is possible to obtain the WRED operationbetween queues
75 Tag RemarkingTag remarking determines how an egress frame is edited before transmission This includes the remarking of PCPand DEI values in tagged frames
When adding a VLAN tag the software allows specifying a mode where the PCP and DEI values are taken fromClassified Mapped or Default Classified is the default
The QoS class DEI DP Level to PCP can also be mapped for QoS egress tag remarking per port when theclassification is set to Mapped
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 34
76 Ingress Port ClassificationClassification is the first step for implementing QoS There is a one-to-one mapping between QoS class queue andpriority The QoS class is represented by numbers higher numbers correspond to higher priority
The features supported are as follows
bull Port default priority (QoS class)bull Port default priority (DP level)bull Port default PCPbull Port default DEIbull DSCP mapping to QoS class and DP levelbull DSCP classification (DiffServ)bull Advanced QoS classification
77 Queue PolicersThe queue policers are configurable per queue and are disabled by default
78 DiffServ (RFC2474) RemarkingThe IStaX software allows disablingenabling port DSCP remarking which is disabled by default Port DSCPremarking is possible for both IPv4 and IPv6
In addition to the ingress DSCP remarking done by the analyzer the rewriter supports egress DSCP remarking of IP(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame
The remarking can be configured as enabledisable per egress port It is also possible to enabledisable DSCPremapping on the egress port and to use the translated DSCP value for DSCP remarking
DSCP remapping is disabled by default If DSCP remarking is enabled the new DSCP value in a transmitted frame iseither from the analyzer (basic classification or advanced classification based on TCAM) or from the DSCPremapped on egress The following configuration options are available if DSCP remapping is enabled
bull Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap tableThis is done independently of the value of the drop precedence level
bull Get DSCP value from the analyzer and remap based on drop precedence level and remap table
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated Itis automatically disabled in such cases It is possible to configure per DSCP (0ndash63) value for each QoS class and setthe DPL The per DSCP value parameters are configurable for DSCP translation The software allows mapping QoSclass and DPL to DSCP value on the IStaX software
79 Global Storm ControlGlobal Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switchesGlobal storm rate control configuration for unicast frames broadcast frames and multicast frames is supported andcan be configured in pps on SparX-III switches
Storm control is disabled by default
VSC6817Quality of Service (QoS)
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 35
8 L2 SwitchingThe following sections describe the L2 switching features supported by the IStaX software
81 Auto MAC Address LearningAgingLearning is done automatically as soon as a frame with unknown SMAC is received Dynamic entries are removedfrom the MAC table after a configured aging time (in seconds) if frames with learned MAC address are not receivedwithin aging period
82 MAC AddressesndashStaticStatically added MAC entries are not subjected to aging
83 Virtual LANThe IStaX software supports the IEEE 8021Q standard virtual LAN (VLAN) The default configuration is as follows
bull All ports are VLAN awarebull All ports are members of VLAN 1bull The switch management interface is on VLAN 1bull All ports have a Port VLAN ID (PVID) of 1bull A port can be configured to one of the following three modes
ndash Accessndash Trunkndash Hybrid
bull By default all ports are in Access mode and are normally used to connect to end stations Access ports havethe following characteristics
ndash Member of exactly one VLAN the Port VLAN (Access VLAN) which by default is 1ndash Accepts untagged and C-tagged framesndash Discards all frames that are not classified to the Access VLANndash On egress all frames classified to the Access VLAN are transmitted untagged Others (dynamically added
VLANs) are transmitted tagged
bull The PVID is set to 1 by defaultbull Ingress filtering is always enabled
Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switchesTrunk ports have the following characteristics
bull By default a trunk port is a member of all VLANs (1ndash4095) This may be limited by the use of allowed VLANsbull If frames are classified to a VLAN that the port is not a member of they are discardedbull By default all frames classified to the Port VLAN (also known as Native VLAN) get tagged on egress Frames
classified to the Port VLAN do not get C-tagged on egressbull Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress
Hybrid ports resemble trunk ports in many ways but provide the following additional port configuration features
bull Can be configured to be VLAN tag unaware C-tag aware S-tag aware or S-custom-tag awarebull Ingress filtering can be controlledbull Ingress acceptance of frames and configuration of egress tagging can be configured independently
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 36
84 Voice VLANVoice VLAN is configured specially for voice traffic Adding the ports with voice devices attached to VLAN to performQoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality Individualoptions allow the port to participate in a Voice VLAN using the port security feature A configurable port discoveryprotocol will also be available to detect voice devices attached to port using the Port Discovery Protocol Thisdiscovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol(LLDP) or both
841 Private VLAN Port IsolationIn a private VLAN communication between isolated ports in that private VLAN is not permitted
Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLANIDs and private VLAN IDs can be identical
842 MAC-Based Protocol-Based and IP Subnet-Based VLANA MAC-based VLAN enables mapping a specific MAC address to a specific VLAN
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following
bull Ethernetmdashvalid values for etype ranges from 0x0600-0xffffbull SNAPmdashvalid value in this case also is comprised of two sub-valuesbull Organizationally unique Identifier (OUI)bull Protocol ID (PID)mdashif the OUI is hexadecimal 000000 the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP If the OUI is an OUI for a particular organization the PID is a value assignedby that organization to the protocol running on top of SNAP
bull LLCmdashvalid value in this case is comprised of two sub-values
ndash DSAPmdash1-byte long string (0x00-0xff)ndash SSAPmdash1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN andprotocol-based VLAN is preferred over port-based VLAN
85 Industrial Private VLANsThis feature is widely known as private VLANs (PVLAN) VLANs limit broadcasts to specified users PVLANs splitsthe broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primaryVLAN
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate onlywith a specified uplink trunk port or with specified ports within the same VLAN The uplink trunk port is usuallyconnected to a router firewall server or provider network Each PVLAN typically contains many private ports thatcommunicate only with a single uplink thereby preventing the ports from communicating with each other
The following terms are used to describe the Private VLAN feature
bull PVLAN domainmdasha VLAN domain partitioned into a number of sub-domains Inside the domain a number ofprimary and secondary VLANs are used Only the primary VLANs are known outside the PVLAN domain
bull Primary VLANmdasha VLAN used inside and outside a PVLAN domain A primary VLAN carries traffic frompromiscuous ports to isolated ports and from community ports to other promiscuous ports
bull Secondary VLANmdasha VLAN used inside a PVLAN domain onlybull Isolated VLANmdasha secondary VLAN that carries traffic from isolated ports to promiscuous portsbull Community VLANmdasha secondary VLAN that carries traffic from community ports to promiscuous ports and other
community portsbull Isolated portmdasha port that receives untagged frames and classifies these to an isolated VLANbull Community portmdasha port that receives untagged frames and classifies these to a community VLANbull Promiscuous portmdasha port that receives frames in the primary VLAN
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 37
bull Standard trunk portmdasha port that carries primary and secondary VLANs using tagsbull Promiscuous PVLAN trunk portmdasha port that receives frames tagged with the primary VLAN ID The port sends
frames from secondary VLANs but translates these to the primary VLAN ID and pushes this into the tagbull Isolated PVLAN trunk portmdasha port which receives frames tagged with the isolated VLAN ID The port sends
frames from the isolated VLAN The port also sends frames from the primary VLAN but translates this into theisolated VLAN ID and pushes it into the tag
86 Generic VLAN Registration Protocol (GVRP)The GVRP is a registration for VLANs Though this has been superseded by MVRP as described in IEEE8021Q-2011 it is still of interest due to legacy systems that can interoperate
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port A hostcan announce (register) that it wants to be part of a particular VLAN It can de-register when it does not want to bepart of a certain VLAN anymore It then becomes the responsibility of GVRP to propagate this information in thenetwork so that a given VLAN gets proper connectivity
87 Multiple Registration Protocol (MRP)The MRP that replaced Generic Attribute Registration Protocol (GARP) is a generic registration framework definedby the IEEE 8021ak amendment to the IEEE 8021Q standard MRP allows bridges switches or other similardevices to be able to register and unregister attribute values such as VLAN identifiers and multi-cast groupmembership across a large LAN
88 Multiple VLAN Registration Protocol (MVRP)MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network MVRPconforms to the IEEE 8021Q 2014 specification and allows network devices to dynamically exchange VLANconfiguration information with other devices MVRP is based on MRP MVRP can be designated as an MRPApplication
89 IEEE 8023ad Link AggregationA link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links These links when combinedtogether form a Link Aggregation Group (LAG) such that the networking device can treat it as if it were a single linkThe traffic distribution is based on a hash calculation of fields in the frame
bull Source MAC addressmdashcan be used to calculate the destination port for the frame By default the source MACaddress is enabled
bull Destination MAC addressmdashcan be used to calculate the destination port for the frame By default thedestination MAC address is disabled
bull IP addressmdashcan be used to calculate the destination port for the frame By default the IP address is enabledbull TCPUDP port numbermdashcan be used to calculate the destination port for the frame By default the TCPUDP
port number is enabled
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP)
891 StaticStatic aggregations can be configured through the CLI or the web interface A static LAG interface does not require apartner system to be able to aggregate its member ports In Static mode the member ports do not transmitLACPDUs
892 Link Aggregation Control Protocol (LACP)The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically The LACP can beenabled or disabled on the switch port The LACP will form an aggregation when two or more ports are connected tothe same partner
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 38
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed inaccordance with IEEE 8023ad standard
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second orPassive to wait for an LACP packet from a partner
810 Bridge Protocol Data Unit (BPDU) GuardRestricted Role and Error DisableRecoveryThis is provided as part of the Spanning Tree Protocol (STP) configuration settings The BPDU guard is a control thatspecifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU The port will enterthe error-disabled state and will be removed from active topology
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge statusdependency For restricted role CIST port setting may also be seen as a security measure
811 IGMP Snooping and MLD SnoopingIGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC floodingSource-Specific Multicast (SSM) range proxy and leave proxy Per VLAN configuration is also supported forconfiguring IGMP snooping or MLD snooping The maximum IGMP interfaces refer to the maximum IP interfaces
8111 Filtering (IGMP Snooping and MLD Snooping)The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be createdand viewed per port
8112 Multicast VLAN Registration (MVR)System-wide configuration parameters are available for configuring MVR Up to four MVR VLANs can be createdeach of which manages the channel by using an IPMC profile
The immediate leave configuration is configurable and viewable per port
812 DHCP SnoopingDHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene byinjecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client andserver
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure WhenDHCP servers allocate IP addresses to clients on the LAN DHCP snooping can be configured on LAN switches toharden the security on the LAN to allow only clients with specific IPMAC addresses to have access to the network
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses toaccess the network The white-list is configured at the switch port level and the DHCP server manages accesscontrol
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network
DHCP snooping also stops attackers from adding their own DHCP servers to the network An attacker- controlledDHCP server could cause malfunction of the network or even control it The port role can be set as Trusted orUntrusted in order to protect it
813 MAC Table ConfigurationMAC learning configuration can be configured per port
bull Automdashlearning is done automatically as soon as a frame with unknown Static MAC (SMAC) is receivedbull Disablemdashno learning is done
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 39
bull Securemdashonly SMAC entries are learned all other frames are dropped
The static entries can be configured in the MAC table for forwarding The user can enabledisable MAC learning perVLAN VLAN learning is enabled by default
MAC aging is configurable to age out the learned entries MAC learning cannot be administered on each individualaggregation group
814 Mirroring (SPANVSPAN and RSPAN)The IStaX software allows selected traffic to be copied or mirrored to a mirror port where a frame analyzer can beattached to analyze the frame flow By default mirror monitors all traffic including multicast and bridge PDUs
The software will support many-to-1 port mirroring The destination port is located on the local switch in the case ofMirror The switch can support VLAN-based mirroring
Note The mirroring session will have either ports or VLANs as sources but not both
815 RMirrorThe RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch TheRMirror is more flexible than Mirror When a host wants to send traffic to a remote Host connected to a differentswitch the first switch will copy the traffic to a dedicated RMirror VLAN which will cause the traffic to be flooded toports that are members of that VLAN The administrator can use a sniffer to analyze network traffic on remoteswitches
The RMirror does not support BPDU monitoring but rather supports IGMP packet monitoring when IGMP snooping isdisabled on the RMirror VLAN
All hardware error packets are discarded at the source port so they are not copied to the destination port
816 Flow Mirroring for ACManagement can set and get ACE mirror function When the function is enabled the frame is mirrored if the ACE ishit The default value is disabled
817 Spanning TreeIStaX software supports 8021s MSTP The desired version is configurable and the MSTP is selected by defaultIEEE 8021s supports 16 instances
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port as also STP MSTIbridge instance mapping and priority configurations
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabledafter a certain time
818 Loop GuardLoops inside a network are very costly because they consume resources and lower network performance Detectingloops manually can become cumbersome and tasking Loop protection can be enabled or disabled on a port orsystem-wide
If loop protection is enabled it sends packets to a reserved layer 2 multicast destination address on all the ports onwhich the feature is enabled Transmission of the packet can be disabled on selected ports even when loopprotection is on If a packet is received by the switch with matching multicast destination address the source MAC inthe packet is compared with its own MAC If the MAC does not match the packet is forwarded to all ports that aremember of the same VLAN except to the port from which it came in treating it similar to a data packet If the feature
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 40
is enabled and source MAC matches its own MAC the port on which the packet is received will be shut downlogged or both actions taken depending upon the action configured
If the feature is disabled the packet will be dropped silently The following matching criteria are used
bull DA= determined on customer requirement ANDbull SA= first 5 bytes of switch SA ANDbull Ether Type= 9003 AND
Loop protection is disabled by default with an option to either enable globally on all the ports or individually on eachport of the switch including the trunks (static only) Loop protection will co-exist with the (M)STP protocol beingenabled on the same physical ports Loop protection will not affect the ports that (M)STP has put in non-forwardingstate
VSC6817L2 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 41
9 L3 SwitchingThe following sections describe the rich L3 switching features supported by the IStaX software
91 DHCP RelayThe following table lists the parameters available for configuring the DHCP relayTable 9-1 DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enableddisabled Disabled
Relay server address IP address None
Relay information mode Enableddisabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation When DHCP relay information modeoperation is enabled the agent inserts specific information (option 82) into a DHCP message when forwarding toDHCP server and removes it from a DHCP message when transferring to DHCP client The first four charactersrepresent the VLAN ID the fifth and sixth characters are the module ID (in standalone device it always equals 0 instackable device it means switch ID) and the last two characters are the port number
92 Universal Plug and Play (UPnP)The addressing discovery and description parts of UPnP-client protocol are implemented in the device It is used tohelp the network administrator in managing the network The purpose of UPnP in the device is similar to LLDPHowever UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-controlpoints
In the implementation the switch sends SSDP messages periodically at the interval one-half of the advertisingduration minus 30 seconds
When the UPnP mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU TheACEs are automatically removed when the mode is disabled
93 L3 RoutingL3 routing is to select path and forward traffic to the nexthop based on the routing table L3 routing includes hardwarerouting and software routing Software routing is supported by the IStaX software and hardware routing is supportedby the VCAP LPM table If the switch has no LPM table then it only uses software routing
Only manually configured routing entries are supported that is static routes
VSC6817L3 Switching
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 42
10 SecurityThe following sections describe the security features supported by the IStaX software
101 8021X and MAC-Based AuthenticationThe IEEE 8021X standard defines a port-based access control procedure that prevents unauthorized access to anetwork by requiring users to first submit credentials for authentication One or more central servers the backendservers determine whether the user is allowed access the network
Unlike port-based 8021X MAC-based authentication is not a standard but merely a best-practices method adoptedby the industry In a MAC-based authentication users are called clients and the switch acts as a supplicant on behalfof clients The initial frame (any kind of frame) sent by a client is snooped by the switch which in turn uses the clientsMAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)exchange with the Remote Authentication Dial In User Service (RADIUS) server
The 6-byte MAC address is converted to a string in the following form xx-xx-xx-xx-xx-xx That is a dash (-) is usedas separator between the lower-case hexadecimal digits The switch only supports the MD5- Challengeauthentication method so the RADIUS server must be configured accordingly When authentication is complete theRADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic forthat particular client using the port security module The frames from the client are then forwarded to the switchThere are no EAP over LAN (EAPOL) frames involved in this authentication and therefore MAC-basedauthentication has nothing to do with the 8021X standard
The advantage of MAC-based authentication over 8021 X-based authentication is that the clients do not needspecial supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by equipmentwhose MAC address is a valid RADIUS user that can be used by anyone The maximum number of clients that canbe attached to a port can be limited using the Port Security Limit Control functionality
In a port-based 8021X authentication once a supplicant is successfully authenticated on a port the whole port isopened for network traffic This allows other clients connected to the port (for instance through a hub) to piggybackon the successfully authenticated client and get network access even though they really are not authenticated Toovercome this security breach use the Single 8021X variant
Single 8021X is not an IEEE standard but features many of the same characteristics as port-based 8021X InSingle 8021X a maximum of one supplicant can get authenticated on the port at a time Normal EAPOL frames areused in the communication between the supplicant and the switch If more than one supplicant is connected to a portthe one that comes first when the ports link comes up will be the first one considered If that supplicant does notprovide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant issuccessfully authenticated only that supplicant will be allowed access This is the most secure of all the supportedmodes In this mode the Port Security module is used to secure a supplicants MAC address once successfullyauthenticated
Multi 8021X like Single 8021X is not an IEEE standard but a variant that features many of the samecharacteristics In Multi 8021X one or more supplicants can get authenticated on the same port at the same timeEach supplicant is authenticated individually and secured in the MAC table using the port security module In Multi8021X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL framessent from the switch toward the supplicant because that causes all supplicants attached to the port to reply torequests sent from the switch Instead the switch uses the supplicants MAC address which is obtained from the firstEAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicantsare attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC addressas destination to wake up any supplicants that might be on the port
The maximum number of supplicants that can be attached to a port can be limited using the Port Security LimitControl functionality
When RADIUS-assigned QoSVLANs are enabled globally and on a given port the switch reacts to the QoS ClassVLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicantis successfully authenticated If QoS information is present and valid traffic received on the supplicants port will beclassified to the given QoS class in the case of RADIUS- assigned QoS Conversely if VLAN ID is present and validthe ports Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 43
port will be forced into VLAN Unaware mode Once assigned all traffic arriving on the port will be classified andswitched on the RADIUS-assigned VLAN ID
RADIUS-assigned VLANs based on a VLAN name are also supported
If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS classVLAN ID or itsinvalid or the supplicant is otherwise no longer present on the port the ports QoS class in the case of RADIUS-assigned QoS and VLAN in the case of RADIUS-assigned VLAN are immediately reverted to the original values(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned)
This RADIUS-assigned QoS or VLAN option is only available for single-client modes
bull Port-based 8021Xbull Single 8021X
102 Authentication Authorization and Accounting (AAA)The AAA allows the common server configuration including the Timeout Retransmit Secret Key NAS IP AddressNAS IPv6 Address NAS Identifier and Dead Time parameters The IStaX software supports the configuration of theRADIUS and TACACS+ servers
The RADIUS servers use the UDP protocol which is unreliable by design In order to cope with lost frames thetimeout interval is divided into three sub-intervals of equal length If a reply is not received within the sub-interval therequest is transmitted again This algorithm causes the RADIUS server to be queried up to three times before it isconsidered dead
The dead time which can be set to a number between 0ndash3600 seconds is the period during which the switch doesnot send new requests to a server that has failed to respond to a previous request This stops the switch fromcontinually trying to contact a server that it has already determined as dead Setting the dead time to a value greaterthan zero enables this feature but only if more than one server has been configured
Authorization is for authorizing users to access the management interfaces of the switch
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switchsmanagement interface The RADIUS accounting servers are only used by the NAS module
TACACS+ is an access control network protocol for routers network access servers and other networked computingdevices TACACS+ authentication authorization and accounting are supported by IStaX software The CLI interfaceis only supported in the initial version for the configuration of TACACS+ authorization and accounting mechanisms
103 Secure AccessThe following table lists the options available for Secure AccessTable 10-1 Secure Access Options
Method Description
SSH Enable or disable option provided supports v2 only
SSLHTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled
Note SSL and HTTPs are not supported in the non-crypto version of the software
104 Users and Privilege LevelsMultiple users can be created on the switch identified by the username and privilege level
The privilege level of the user allowed range is 1 to 15 A privilege level value of 15 enables access to all groups andgrants full control of the device User privilege should be the same or greater than the privilege level for the group By
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 44
default privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groupsPrivilege level 15 is needed for system maintenance tasks such as software upload and factory default restoreGenerally privilege level 15 is used for an administrator account privilege level 10 for a standard user account andprivilege level 5 for a guest account
The name identifying the privilege group is called the Group name In most cases a privilege level group consists ofa single module (for example LACP RSTP or QoS) but a few of them contains more than one
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups
bull Configuration read-onlybull Configurationexecute read-writebull Statusstatistics read-onlybull Statusstatistics read-write (for example statistics clearing)
Group privilege levels are used only in the web interface The CLI privilege level works on each individual commandUser privilege should be same or greater than the privilege level for the group
105 Authentication and Authorization MethodsThe following authentication and authorization methods are available
1051 Authentication MethodThis method allows configuration of how users are authenticated when they log into the switch from one of themanagement client interfaces The following configuration is allowed on all the four management client types
bull Consolebull Telnetbull SSHbull Web
Methods that involve remote servers are timed out if the remote servers are offline In this case the next method istried Each method is tried from left to right (when entered in the CLI) and continues until a method either approves orrejects a user If a remote server is used for primary authentication it is recommended to configure secondaryauthentication as local This will enable the management client to log in using the local user database if none of theconfigured authentication servers are alive
1052 Command Authorization Method ConfigurationThis configuration allows the administrator to limit the CLI commands available to the user from the differentmanagement clients Console Telnet and SSH It is possible to set the privilege level and authorize configurationcommands An authorization method can be configured either to TACACS+ or disable
1053 Accounting Method ConfigurationThis configuration allows the administrator to configure command and Exec (login) accounting of the user from thedifferent management clients Console Telnet and SSH It is possible to set the privilege level and enable exec(login) accounting The accounting method can be configured either to TACACS+ or disable
106 Access Control List (ACLs)The ACL consists of a table of ACEs containing access control entries that specify individual users or groupspermitted access to specific traffic objects such as a process or a program The ACE parameters vary according tothe frame type selected
Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specifictraffic object access rights
ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations Innetworking ACL refers to a list of service ports or network services that are available on a host or server each with a
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 45
list of hosts or servers permitted to use the service ACLs can generally be configured to control inbound traffic andin this context they are similar to firewalls
There are three rich configurable sections associated with the manual ACL configuration
The ACL configuration shows the ACEs in a prioritized way highest (top) to lowest (bottom) An ingress frame willonly get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action(permitdeny) on that frame and a counter associated with that ACE is incremented An ACE can be associated withany combination of ingress port(s) and policy (valuemask pair) If an ACE policy is created then that policy can beassociated with a group of ports as part of the ACL port configuration There are a number of parameters that can beconfigured with an ACE
The ACL ports configuration is used to assign a policy ID to an ingress port This is useful to group ports to obey thesame traffic rules Traffic policy is created under the ACL configuration The following traffic properties can be set foreach ingress port
bull Actionbull Rate limiterbull Port redirectbull Mirrorbull Loggingbull Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)or denied (Deny) on the port The default action is Permit
The ACE will only apply if the frame gets past the ACE matching without getting matched In that case a counterassociated with that port is incremented There can be 16 different ACL rate limiters A rate limiter ID may beassigned to the ACE(s) or ingress port(s)
An ACE consists of several parameters These parameters vary according to the frame type selected The ingressport needs to be selected for the ACE and then the frame type Different parameter options are displayed dependingon the frame type selected The supported frame types include the following
bull Anybull Configurable Ethernet typebull ARPbull IPv4bull IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection ofappropriate frame types
107 ARP InspectionIP and IPv6 Source GuardARP Inspection is a security feature Several types of attacks can be launched against a host or devices connectedto layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARPrequests and responses can go through the switch device
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering trafficbased on the DHCP snooping table or manually configured IP source bindings It helps prevent IP spoofing attackswhen a host tries to spoof and use the IP address of another host
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection
It is also possible to add a new entry to the static ARP inspection table andor IP source guard by specifying the PortVLAN ID MAC address and IP address for the new entry
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the bindingdatabase of the DHCPv6 shield protection or on manually configured IPv6 source bindings IPv6 source guard canprevent traffic attacks caused when a host tries to use a bogus IPv6 address An entry in the binding table has anIPv6 address binding port number its associated MAC address and its associated VLAN number When IPv6source guard is enabled IPv6 traffic is filtered based on the source IPv6 address port number VLAN number and
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 46
MAC address The switch forwards traffic only when the source IPv6 address VLAN port number and MAC addressmatch an entry in the IPv6 source binding table All other packets are dropped as they do not match any entries in thebinding table
1071 Guest VLANA guest VLAN is a special VLAN typically with limited network access on which 8021X-unaware clients are placedafter a network administrator-defined timeout
When a guest VLAN is enabled globally and on a given port the switch considers moving the port into the guestVLAN
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such asPort-based 8021X Single 8021X and Multi 8021X
VSC6817Security
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 47
11 Robustness and Power SavingsThe following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaXsoftware
111 RobustnessThe following section introduces a robustness feature
1111 Cold and CoolStartThe software defines and supports the following restart types
bull Coldmdashpower cycle induced reset of the switchbull Coolmdashsoftware initiated reset of the switch (with traffic disruption)
112 Power SavingsThe following sections introduce the power savings features
1121 ActiPHYActiPHY works by lowering the power for a port when there is no link The port is power up for short moment in orderto determine if cable is inserted
1122 PerfectReachPerfectReach determines the cable length and lowers the power consumption at ports with short cables
1123 Thermal ProtectionThis feature helps in powering down ports if temperature becomes high
1124 Energy-Efficient Ethernet (EEE) SupportThe EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic)EEE support allows the user to inspect and configure the current EEE port settings
EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits arepowered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 ms for 1Gbit links and 30 ms for other link speeds EEE devices must agree upon the value of the wakeup time to make surethat both the receiving and transmitting devices have all circuits powered up when traffic is transmitted The devicescan exchange information about device wakeup times using the LLDP protocol
EEE works for ports in auto-negotiation mode where the port is negotiated to either 1G or 100 megabits full duplexmode
1125 LED Power Reduction SupportThe IStaX software supports the LED power reduction feature
The LED power consumption can be reduced by lowering the intensity of LEDs LEDs can be dimmed or turned offLED intensity can be set for 24 one-hour periods in a day and can be configured from 0 to 100 in 10 incrementsfor each period
A network administrator may want to have full LED intensity during the maintenance period Therefore it is possibleto specify that the LEDs will use full intensity for a specific period of time
Maintenance time is the number of seconds (10 to 65535 10 being default) the LEDs will have full intensity aftereither a port has changed link state or the LED button has been pressed
1126 Adaptive Fan ControlThe IStaX software supports the following fan controls
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 48
bull Maximum temperaturemdashtemperature at which the fan runs at full speedbull Turn on temperaturemdashtemperature at which the fan runs at the lowest possible speed
VSC6817Robustness and Power Savings
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 49
12 OAM and TestThe following sections describe the OAM and Test features supported by the IStaX software
121 OAMThe advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies hasemphasized the necessity for integrated management of large deployments To address the end-to-end OperationsAdministration and Maintenance (OAM) capabilities for Ethernet networks various standard bodies proposed variousOAM capabilities for Ethernet OAM These OAM capabilities allow the administrator to install monitor andtroubleshoot the Ethernet MAN and WANs
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE8023ah and also Flow OAM Flow OAM implements requirements from IEEE 8021ag as well as the IEEE standardsITU-T1731 and ITU-TG8021
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns
1211 Link OAM (8023ah)Point-to-point link level OAM to monitor the link operations as specified in IEEE 8023ah is implemented to supportboth active and passive modes
Mechanisms to support the following are also implemented
bull OAM capability discoverybull Link monitoring to link event notifications with diagnostic informationbull Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operationalbull Remote loopback control for a data link layer frame-level loopback mode
Administrator enables or disables the OAM functionality depending upon the topology requirements The followingport-based configurations are supported
bull Mode selection (activepassive)bull OAM client configuration for Capability Discovery Protocol (CDP) and related timersbull EnableDisable link monitoring capability Once the link monitor capability is enabled OAM entity sends out a
PDU with the link monitoring capability flag setbull EnableDisable the link monitoring operation Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 8023ahbull EnableDisable the remote loopback control capability Once the remote loopback control capability is enabled
OAM entity sends out a PDU with the remote loopback capability flagbull EnableDisable remote loopback operation The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 8023ah
IEEE 8023ah does not specify the configuration support for most of these features they are provided asadministrator capabilities
By default link OAM capability is enabled
Link event configuration can be made on a per-port basis for different events
1212 Dying GaspThe IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap The dying gasp message will besent out from the device
The SNMP trap is sent only on power failure or removal of power supply cable
Dying gasp occurs in case of reload removal of power supply cable or power failure In case of any situation comingtrue the switch will immediately send out a dying gasp trap to an SNMP trap receiver In case of a dying gasp PDUthe information is immediately passed on to the peer Link OAM enabled device
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 50
The dying gasp event PDU is sent if one of the following four events occur
bull Device power lossbull Switch reloadsmdashthis includes cold reload and firmware upgradebull The port where Link OAM is enabled is shut downbull Link OAM is disabled on a port where it was previously enabled
1213 Flow OAMFlow OAM is implemented as a set of features as per requirements in IEEE 8021ag and ITU- TY1731G8021Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAMdomain to participate in the Flow OAM functionality
Features such as link trace continuity check and Alarm Indication Signal (AIS) are provided in the implementation
VSC6817OAM and Test
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 51
13 SynchronizationThe following sections describe the synchronization and timing module features supported by the IStaX software Thesynchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343 ZL30363and ZL30772
131 Precision Time Protocol (PTP)IEEE 1588v2 defines the PTP at the packet layer which may be used to distribute frequency andor ToD (phase)
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdovercapability Timing failover operation can be revertive or non-revertive The following features are implemented as partof PTP
bull Ordinary clock and boundary clock using basic delay mechanismbull Ordinary clock and boundary clock using peer to peer delay mechanismbull Peer-to-peer transparent clockbull End-to-end transparent clockbull Local clock and servobull Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default It is possible to configure PTP over IPv4multicast or unicast
Boundary clocks support both multicast and unicast configuration The slave only clock can be configured for up tofive master IP addresses When operating in IPv4 unicast mode the slave is configured for up to five master IPaddresses The slave then requests Announce messages from all the configured masters The slave uses the BMCalgorithm to select one as master clock and then requests Sync messages from the selected master
132 Microchip One-Step TC PHY SolutionThe PTP application also supports the PHY API
1321 Peer-to-Peer Transparent ClockThe transparent clock uses peer-to-peer delay measurement mechanism
1322 End-to-End Transparent ClockThe transparent clock uses end-to-end delay measurement mechanism
1323 Boundary ClockThe boundary clock (masterslave) delay measurement mechanism is configurable or port
1324 PTP over IPv4The PTP packets are encapsulated in IPv4
1325 UnicastMulticastPTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode In unicast mode the slaveis configured with the IP addresses of the accepted masters
133 Transparent Clock over MicrowaveThis feature provides feedback from modems regarding modulation and latency
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 52
134 G82651 Solution (Frequency) ITU StandardThe IStaX software supports the following features related to 82651 solution (frequency) ITU standard
1341 G82651 BMCAThe best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on thefollowing clock properties
bull Identifierbull Qualitybull Prioritybull Variance
1342 PTP ProfileProfiles were introduced in IEEE 1588-2008 to allow other standards bodies to tailor PTP to particular applicationsPTP Profile supports frequency synchronization over telecom networks
1343 Clock QualityThe clock quality is determined by the system and holds three parts Clock Class Clock Accuracy and offset scaledlog variance as defined in IEEE 1588 The clock accuracy values are defined in IEEE 1588 table 6
135 G82751 Solution (Phase) ITU StandardThe IStaX software supports the following features related to 82751 solution (frequency) ITU standard
136 G8275 Compliant FilterThe IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured touse only a fraction of the packets received (the packets that have experienced the least latency)
137 PTP Time InterfaceCalculates and displays the actual PTP time with nanosecond resolution
138 Network Time Protocol (NTP)NTP is widely used to synchronize system clocks among a set of distributed time servers and clients NTP is disabledby default The implemented NTP version is 4
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported Daylight saving timecan also be supported to automatically adjust the time offset
139 Day Light SavingDaylight Saving Time is used to set the clock forward or backward according to the configurations set for a definedDaylight Saving Time duration It is also called a summer time in several countries Typically clocks are adjustedforward one hour near the start of spring and are adjusted backward in autumn
This feature is used to configure the settings to fit the daylight saving time
VSC6817Synchronization
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 53
14 ManagementThe following sections describe the management features supported by the IStaX software
141 JSON-RPCJSON-RPC is a protocol that allows making remote procedure calls The messages exchanged in JSON- RPC areJSON encoded data structures The JSON-RPC protocol has two roles - that of a server and a client The clientinitiates the communication by sending a request to the server and the server processes the request and sends backa response
The IStaX software includes a JSON-RPC server and in order to use it a JSON-RPC client JSON-RPC provides ahigh-level interface that is the functional equivalent of CLI or SNMP with the following additional properties
bull Machine and human friendly interfacebull Reliable connections orientated communication provided by the TCP and HTTP message encapsulationbull RPC orientated protocol which fits into most programming languagesbull Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory
For more information about the JSON-RPC specification seejson-rpcorg For information about the general JSONspecification see jsonorg
Note JSON-RPC is not an end user interface intended for human interaction it is a high level machine friendly interfaceBecause of this the intended audience of this document is developers who are already familiar with the JSON-RPCtechnology It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards
1411 JSON-RPC NotificationsJSON-RPC includes support for unsolicited notifications that is asynchronous events generated on the server andsent to the client This allows the client to react on events when they happen without the need for polling When anevent occurs the JSON-RPC notification service takes the initiative to send a request to the configured notificationreceiver In network terminology this makes the notification receiver the server and the device that implements thenotification service the client
This means that when supporting both normal JSON-RPC service and notifications the target acts as both a serverand a client Likewise for the user of the service a client is used to access the normal JSON-RPC service and aserver is needed to receive the notification events
As the current implementation uses http as the message exchange protocol the client needs an http client to post therequests and an http server to receive the notifications Only http (and not https) is currently supported for JSON-RPC notifications
142 Management ServicesThe IStaX software provides the network administrator with a set of comprehensive management functions Thenetwork administrator has a choice of the following easy-to-use management methods
bull CLI Interfacebull Web-basedbull SNMPbull JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and thecustomer recommended standards as desired
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 54
1421 Industry Standard CLI ModelThe CLI interface of the IStaX software is an Industry Standard CLI model and consists of different configurationcommands structure with an ability to configure and view the configuration using the Serial Console Telnet (on port23) or SSH access
The Industry Standard CLI model includes the following features
bull Command history (by pressing the up arrow the history of commands is available to the user)bull Command-line editingbull VT100 compatible CLI terminalbull Command groups based on command typesbull Configuration commands for configuring features and available options of the devicebull Show commands for displaying switch configuration statistics and other informationbull Copy commands for transferring or saving the software images for upgradedowngrade configuration files to
and from the switchbull Help for groups and specific commandsbull Shortcut key options For example the full command syntax support can be viewed for each possible command
using the Ctrl+Q shortcut(config-if-vlan) ip^Qip address ltipv4_addrgt ltipv4_netmaskgt | dhcp [ fallback ltipv4_addrgt lt ipv4_netmaskgt[ timeout ltuintgt ] ] ip igmp snoopingip igmp snooping compatibility auto | v1 | v2 | v3 ip igmp snooping lastmember-query-interval lt0-31744gt ip igmp snooping priority lt0-7gtip igmp snooping querier election | address ltipv4_ucastgt ip igmp snoopingquery-interval lt1-31744gtip igmp snooping query-max-response-time lt0-31744gt ip igmp snoopingrobustness-variable lt1-255gtip igmp snooping unsolicited-report-interval lt0-31744gt
bull Context-sensitive help Click button for a list of valid possible parameters with descriptionsbull Auto completion Press lttabgt key by partially typing the keyword The rest of the keyword will be entered
automaticallybull Ctrl+C option to break the display
bull Modes for commands Each command can belong to one or more modes The commands in a particular modecan be made invisible in any other mode The interface also allows wildcard support(config) interface (config-if)
If multiple sessions are concurrently in the same sub mode with same parameters then no form of commandswill not work and will display a warning message
bull Privilege A set of privilege attributes may be assigned to each command based on the level configured Acommand cannot be accessed or executed if the logged in user does not have sufficient privilege
14211 User EXEC ModeThe User EXEC mode is the initial mode available for the users with insufficient privileges The User EXEC modecontains a limited set of commands The command prompt shown at this level is IStaXgt
14212 Privileged EXEC ModeThe administratoruser must enter the privileged EXEC mode in order to have access to the full command suite Theprivileged EXEC mode requires password authentication using an enable command if set The command promptshown at this level is IStaX
It is also possible to have runtime configurable privilege levels per command
bull Keyword abbreviationsmdashany keyword can be accepted just by typing an unambiguous prefix (for example ldquoshrdquofor ldquoshowrdquo)IStaX sh ip route00000 via VLAN1109611 ltUP GATEWAY HW_RTgt10961024 via VLAN1 ltUP HW_RTgt
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 55
12700132 via OSlo127001 ltUP HOSTgt2240004 via OSlo127001 ltUPgt
bull Error checkingmdashbefore executing a command the CLI checks whether the current mode is still valid user hassufficient privileges and valid range of parameter(s) among others The user is alerted to the error by displayinga caret under the offending word along with an error messageIStaX(config) clock summer-time PDT date 14^ Invalid word detected at ^ marker
Every configuration command has a no form to negate or set its default In general the no form is used toreverse the action of a command or reset a value back to the default For example the no ip routingconfiguration command reverses the ip routing of an interface
bull do command supportmdashthis will allow the users to execute the commands from the configuration mode
(config) do show vlanVLAN Name Interface---- ---- ---------1 default Gi 11-9 25G 11-2
bull Platform debug command supportmdashthis will allow the users to obtain technical support by entering and runninga debug command in this field
1422 Industry Standard Configuration SupportThe IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format
The switch stores its configuration in a number of text files in CLI format The files are either virtual (RAM-based) orstored in flash on the switch
There are three system files
bull running-configmdasha virtual file that represents the currently active configuration on the switch This file isvolatile
bull startup-configmdashthe startup configuration for the switch read at boot timebull default-configmdasha read-only file with vendor-specific configuration This file is read when the system is
restored to default settings This is a per-build customizable file that does not require C source code changes
It is also possible to store up to four files and apply them to running-config thereby switching configuration Themaximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB Theconfiguration can be dynamically viewed by issuing the show running-config command
This current running configuration may be copied to the startup configuration using the copy command ICFG may beedited and populated on multiple other switches using any standard text editor offline
It is possible to upload a file from the web browser to all the files on the switch except default- config whichis read-only If the destination is running-config the file will be applied to the switch configuration This can bedone in two ways
bull Replace modemdashthe current configuration is fully replaced with the configuration in the uploaded filebull Merge modemdashthe uploaded file is merged with running-config
If the file system is full (that is contains the three system files mentioned previously along with other files) it is notpossible to create new files An existing file must be overwritten or another deleted first
It is possible to activate any of the configuration files present on the switch except running-config whichrepresents the currently active configuration This will initiate the process of completely replacing the existingconfiguration with that of the selected file
It is possible to delete any of the writable files stored in flash including startup-config If this is done and theswitch is rebooted without a prior Save operation it effectively resets the switch to default configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 56
1423 WebThe web-based software management method allows the network administrator to configure manage view andcontrol the switches remotely The web-based management method also provides help pages for assisting the switchadministrator in understanding the usage
The supported web browsers are as follows
bull Internet Explorer 80 and abovebull Firefox 30 and abovebull Google Chrome 30 and abovebull Safari S5bull Opera 11
The IStaX software also supports a Copy-all feature for selecting all the available ports The web configuration isdivided into different trees for the following tasks
bull Configuration of the featuresbull Monitoring of the configured features using the Auto-Refresh optionbull Running supported diagnostics Maintenance of the related featuresbull Maintenance of the related features
143 Simple Network Management Protocol (SNMP)The IStaX software provides rich SNMP system configuration features with support for SNMPv1 SNMPv2c andSNMPv3 SNMPv3 configuration facilitates creation of users without authentication and privacy
SNMPv1 is supported as best effort that is 64-bit counters are included they are left blank SNMPv1 traps are notsupported This is because the implementation of SNMPv1 traps is very different from v2v3 where the traps fit theOID scheme
The SNMPv3 user group view and access configuration is also supported including authentication and privacyprotocolspasswords The SNMPv3 configuration allows creation of users without authentication and privacy
By default only MD5 and DES are supported for SNMPv3 To add support for sha and aes openssl must be addedto the brsdk
The SNMP configuration is supported with an option to specify the allowed network addresses restricted for read-onlyand read-write privileges
144 RMON StatisticsThe following RMON1 statistics with corresponding configuration support is available
bull Historybull RMONbull Event
145 Internet Control Message ProtocolInternet Control Message Protocol (ICMP) based ping is supported on these switches By default five ICMP packetsare transmitted to the configured IP address and the sequence numbers and round trip times are displayed upon thereceipt of a reply The payload size is set to 56 and is configurable from 2ndash1452 The number of ICMP packets sent isalso configurable in a range from 1ndash60 The ping interval of the ICMP packet can be set from 0 seconds to 30seconds
bull Pingmdashis a tool that checks the connectivity to a remote Internet Protocol (IP) host It can also calculate theround-trip delay time for the complete route to the host Both IPv4 and IPv6 are supported
bull Traceroutemdashis a tool that can determine the route an Internet Protocol (IP) packet takes from the source host tothe remote destination host and also calculate the round-trip delay time for each hop of the route Both IPv4 and
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 57
IPv6 are supported The timeout value can be configured from 1ndash86400 seconds while the default value is threeseconds Source address can be mentioned by using saddr option The number of probes (range is 1ndash60) canbe specified per hop with 3 as the default value The number of hops (starting TTL) can be specified from 1ndash30with 1 as the default value The maximum number of hops can be configured from 1ndash255 with 30 as the defaultvalue It can also be specified whether to use ICMP instead of UDP for IPv4 option
146 SysLogSyslog is a method to collect messages from devices to a server running a Syslog daemon Logging to a centralSyslog server helps in aggregation of logs and alerts The CEServices software can send the log messages to aconfigured Syslog server running on UDP port 512
Some of the supported Syslog events are as follows
bull Port link up and downbull Port security limit control reach but the action is nonebull IP source guard table is fullbull IP source guard table reaches the port limitationbull IP source guard port limitation changes should delete entrybull Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries
147 LLDP-MEDIt is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device orconnectivity device
The default is to act as an end-point device
LLDP-MED is an extension of IEEE 8021ab and supports fast repeat count
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspectof VoIP systems in general In addition it is best to advertise only those pieces of information that are specificallyrelevant to particular endpoint types For example advertise only the voice network policy to permitted voice-capabledevices This is advised in order to conserve the limited LLDPDU space and also to reduce security and systemintegrity issues that can come with inappropriate knowledge of the network policy
With this in mind LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the applicationlayers on top of the protocol to achieve these related properties Initially a network connectivity device will onlytransmit LLDP TLVs in an LLDPDU Only after an LLDP-MED endpoint device is detected will an LLDP-MEDcapable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated portThe LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second whena new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with newneighbors
Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended torepeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frameWith fast start repeat count it is possible to specify the number of times the fast start transmission will be repeatedThe recommended value is four times given that four LLDP frames with a 1 second interval will be transmitted whenan LLDP frame with new information is received
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links betweenLLDP-MED network connectivity devices and endpoint devices and as such does not apply to links between LANinfrastructure elements including network connectivity devices or other types of links
bull Coordinates locationbull Civic address locationbull Emergency call servicebull Network policies
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 58
Network policy discovery enables the efficient discovery and diagnosis of mismatch issues with the VLANconfiguration along with the associated layer 2 and layer 3 attributes which apply for a set of specific protocolapplications on that port Improper network policy configurations are a very significant issue in VoIP environmentsthat frequently result in voice quality degradation or loss of service Policies are only intended for use withapplications that have specific real-time network policy requirements such as interactive voice andor videoservices The network policy attributes advertised are as follows
bull Layer 2 VLAN ID (IEEE 8021Q-2003)bull Layer 2 priority value (IEEE 8021D-2004)bull Layer 3 Diffserv code point (DSCP) value (IETF RFC 2474)
This network policy is potentially advertised and associated with multiple sets of application types supported on agiven port The application types specifically addressed are as follows
bull Voicebull Guest voicebull Softphone voicebull Video conferencingbull Streaming videobull ControlSignaling (conditionally support a separate network policy for the preceding media types)
A large network may support multiple VoIP policies across the entire organization and different policies perapplication type LLDP-MED allows multiple policies to be advertised per port each corresponding to a differentapplication type Different ports on the same network connectivity device may advertise different sets of policiesbased on the authenticated user identity or port configuration
It should be noted that LLDP-MED is not intended to run on links other than between network connectivity devicesand endpoints and therefore does not need to advertise the multitude of network policies that frequently run on anaggregated link interior to the LAN
Intended uses of the application types are as follows
bull Voicemdashused by dedicated IP telephony handsets and other similar appliances supporting interactive voiceservices These devices are typically deployed on a separate VLAN for ease of deployment and enhancedsecurity by isolation from data applications
bull Voice Signaling (conditional)mdashused in network topologies that require a different policy for the voice signalingthan for the voice media This application type should not be advertised if the same network policies apply asthose advertised in the Voice application policy
bull Guest Voicemdashsupports a separate limited feature-set voice service for guest users and visitors with their own IPtelephony handsets and other similar appliances supporting interactive voice services
bull Guest Voice Signaling (conditional)mdashused in network topologies that require a different policy for the guest voicesignaling than for the guest voice media This application type should not be advertised if the same networkpolicies apply as those advertised in the Guest Voice application policy
bull Softphone Voicemdashused by softphone applications on typical data centric devices such as PCs or laptops Thisclass of endpoints frequently does not support multiple VLANs if at all and are typically configured to use anuntagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with anuntagged VLAN the L2 priority field is ignored and only the DSCP value has relevance
bull Video Conferencingmdashused by dedicated video conferencing equipment and other similar appliances supportingreal-time interactive videoaudio services
bull Streaming Videomdashused by broadcast or multicast-based video content distribution and other similar applicationssupporting streaming video services that require specific network policy treatment Video applications relying onTCP with buffering would not be an intended use of this application type
bull Video Signaling (conditional)mdashused in network topologies that require a separate policy for the video signalingthan for the video media This application type should not be advertised if the same network policies apply asthose advertised in the video conferencing application policy
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 59
148 8021AB LLDP and CDP AwareLink Layer Discovery Protocol (LLDP) is a protocol used to help network administrators managing the network andmaintaining an accurate network topology LLDP capable devices discover each other by periodically advertising theirpresence and configuration parameters through messages called Type Length Value (TLV) fields to neighbor devices
The LLDP can operate in one of the following three modes
bull Transmit-only modemdashthe device only transmits configuration parametersbull Receive-only modemdashthe device can only receive configuration parameters (from neighbor device)bull Transmit and receive modemdashthe device can both transmit and receive configuration parameters It is possible to
enabledisable the Rx and Tx parts separately
The LLDP standard consists of a set of mandatory TLVs and a set of optional TLVs The mandatory TLVs optionalbasic TLVs are supported None of the IEEE 8021 Organizationally Specific TLVs are supported
1481 CDP AwarenessCDP awareness is disabled by default The CDP operation is restricted to decoding incoming CDP frames Theswitch does not transmit CDP frames CDP frames are only decoded if LLDP is enabled on the port
Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors table are decoded All otherTLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics
The CDP TLVs are mapped onto LLDP neighbors table as follows
bull Device ID is mapped to the LLDP Chassis ID fieldbull Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple
addresses but only the first address is shown in the LLDP neighbors tablebull Port ID is mapped to the LLDP Port ID fieldbull Version and Platform is mapped to the LLDP System Description fieldbull Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part
of the LLDP These capabilities are shown as others in the LLDP neighbors table
If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at leastone port has CDP awareness enabled all CDP frames are terminated by the switch
When CDP awareness on a port is disabled the CDP information is not removed immediately but gets removedwhen the hold time is exceeded
149 IP Management DNS and DHCPv4v6The CEServices software IP stack can be configured to act either as a host or a router In Host mode IP trafficbetween interfaces will not be routed In Router mode traffic is routed between all interfaces using unicast routing
The system can be configured with zero or more IP interfaces Each IP interface is associated with a VLAN and theVLAN represents the IP broadcast domain Each IP interface may be configured with an IPv4 andor IPv6 address
By default all management interfaces are available on all configured IP interfaces If this is not desirable thenmanagement access filtering must be configured For more information see 1414 Management Access Filtering
The DHCP (IPv4 andor IPv6) client can be enabled to automatically obtain an IPv4 or IPv6 address from a DHCPserver
A fallback optional mechanism is also provided in the case of IPv4 so that the user can enter time period in secondsto obtain a DHCP address After this lease expires a configured IPv4 address will be used as the IPv4 interfaceaddress
The DHCP query process can be re-initiated on a VLAN
The rapid-commit option is available when a DHCPv6 client is used If this option is enabled the DHCPv6 clientterminates the waiting process as soon as a reply message with a rapid commit option is received The IP (both v4and v6) address of the DNS server can be provided as part of the IP configuration
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 60
There is also an option to select the DNS proxy where the DUT relays DNS requests to the current configured DNSserver on DUT and replies as a DNS resolver to the client device on the network when enabled
The software supports DHCPv6-shield defined in RFC 7610 DHCPv6-shield is a mechanism for protecting hostsconnected to a switched network against the rogue DHCPv6 servers The basic concept behind DHCPv6-shield isthat a layer 2 device filters DHCPv6 messages intended for DHCPv6 clients (henceforth DHCPv6-servermessages) based on a number of different criteria The most basic filtering criteria is that the DHCPv6-servermessages are discarded by the layer 2 device unless they are received on specific ports of the layer 2 device whichare configured by the administrator Another criteria is when DHCP packets are received with unrecognized IPv6Next Header values administrator can configure to allow or deny these packets
1410 IPv6 Ready Logo Phase2The IPv6 ready logo committee mission is to
bull define the test specifications for IPv6 conformance and interoperability testingbull provide access to self-test toolsbull deliver the IPv6 Ready Logo
1411 DHCP ServerDHCP provides a framework for passing configuration information to hosts on a TCPIP network and is based on theBootstrap protocol (BOOTP) It adds the capability of automatic allocation of reusable network addresses andadditional configuration options
DHCP consists of two components a protocol for delivering host-specific configuration parameters from a DHCPserver to a host and a mechanism for allocation of network addresses to hosts It is a client- server model where theDHCP client is the Internet host to obtain configuration parameters such as network address The DHCP server is theInternet host that allocates network address and returns configuration parameters to the client The DHCP serversupports DHCP relay clients by processing the DHCP relay frames from the relay device
1412 ConsoleThe IStaX software uses the serial console to support the CLI for out of band management debugging and softwareupgrades
1413 System ManagementThe IStaX software can be supported in band through any of the front panel ports
It is possible to create a separate dedicated configurable Management VLAN corresponding to a port for managingthe system The system can be managed through Telnet SSH SNMP RMON and web interfaces from thismanagement VLAN However there is no specific service port available on the device
1414 Management Access FilteringIt is possible to restrict access to the switch by specifying the IP address of the VLAN The HTTPHTTPs SNMP andTelnet SSH interfaces can be restricted with this feature The maximum management access filter entries allowed is16
If the applications type matches any one of the access management entries it will allow access to the switch Theaccess management statistics can also be viewed
1415 sFlowsFlow is an industry standard technology for monitoring switched networks through random sampling of packets onswitch ports and time-based sampling of port counters The sampled packets and counters (referred to as flow
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 61
samples and counter samples respectively) are sent as sFlow UDP datagrams to a central network traffic monitoringserver This central server is called an sFlow receiver or sFlow collector Additional information can be found at sfloworg
1416 Default ConfigurationThe user can also reset the configuration of the switch through web CLI or SNMP Only the IP configuration isretained after resetting to factory defaults The new configuration is available immediately which means that norestart is necessary
1417 Configuration UploadDownloadThe switch software allows saving viewing or loading the switch configuration XML configuration uploaddownloadhas been obsoleted by the industry standard configuration For more information see 1422 Industry StandardConfiguration Support
1418 Loop Detection Restore to DefaultRestoring factory default can also be performed by making a physical loopback between port 1 and port 2 within thefirst minute from switch reboot In the first minute after boot loopback packets will be transmitted at port 1
If a loopback packet is received at port 2 the switch will restore to default
1419 Symbolic Register AccessSwitch core registers can have access through symbolic read and write operations
VSC6817Management
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 62
15 SNMP MIBsThe IStaX supports the following comprehensive set of private and standard MIBs
The SNMPv3 is supported and is backward compatible with SNMPv2c and SNMP v1 The MIB information can beviewed with the community name configured For more information see Simple Network Management Protocol(SNMP) page 5
The following CLI commands can be used to display the supported MIBs and view the ifIndex mapping show snmp mib contextBRIDGE-MIB - dot1dBase (136121171)- dot1dTp (136121174)Dot3-OAM-MIB - dot3OamMIB (136121158)ENTITY-MIB - entityMIBObjects (136121471)EtherLike-MIB - transmission (13612110)IEEE8021-BRIDGE-MIB show snmp mib ifmib ifIndex
Table 15-1 ifIndex Descriptions
ifIndex ifDescr Interface
1 VLAN 1 VLAN 1
1000001 Switch 1ndashport 1 GigabitEthernet 11
1000002 Switch 1ndashport 2 GigabitEthernet 12
1000003 Switch 1ndashport 3 GigabitEthernet 13
1000004 Switch 1ndashport 4 GigabitEthernet 14
1000005 Switch 1ndashport 5 GigabitEthernet 15
1000006 Switch 1ndashport 6 GigabitEthernet 16
1000007 Switch 1ndashport 7 GigabitEthernet 17
1000008 Switch 1ndashport 8 GigabitEthernet 18
1000009 Switch 1ndashport 9 25 GigabitEthernet 11
10000010 Switch 1ndashport 10 25 GigabitEthernet 12
10000011 Switch 1ndashport 11 GigabitEthernet 19
VSC6817SNMP MIBs
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 63
16 Revision HistoryRevision Date Description
B February 2021 Revision B was published in February 2021 to align with the Linuxapplication software release 202012 The following is a summary ofchanges in revision B of this document
bull The BSP amp API Supported Features table was updated For moreinformation see Table 1-1
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The Features and Platform Capacity table was updated For moreinformation see Table 2-1
bull The Features and Platform Capacity table was updated For moreinformation see Table 3-1
bull The SNMP section was updated For more information see 143 Simple Network Management Protocol (SNMP)
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 64
continuedRevision Date Description
A June 2020 Revision A was published in June 2020 to align with the Linuxapplication software release 202030 The following is a summary ofchanges in revision A of this document
bull The document was migrated to Microchip templatebull The document number was updated from VPPD-04310 to
DS30010225Abull The Supported Switches table was updated For more information
see Table 1bull The BSP amp API Supported Features table was updated For more
information see Table 1-1bull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13bull The Features and Platform Capacity table was updated For more
information see Table 2-1bull The Features and Platform Capacity table was updated For more
information see Table 3-1
20 October 2019 Revision 20 was published in October 2019 to align with the Linuxapplication software release 201990 The following is a summary ofchanges in revision 20 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Protection section was added For more information see Table 1-4
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 65
continuedRevision Date Description
19 June 2019 Revision 19 was published in June 2019 to align with the Linuxapplication software release 201960 The following is a summary ofchanges in revision 19 of this document
bull The Protection section was deletedbull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The OAM and Test section was updated For more information
see 12 OAM and Test
18 June 2019 Revision 18 was published in June 2019 to align with the Linuxapplication software release 48 The following is a summary of changesin revision 18 of this document
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Management Supported Features table was updated Formore information see Table 1-12
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 66
continuedRevision Date Description
17 January 2019 Revision 17 was published in January 2019 to align with the Linuxapplication software release 47 The following is a summary of changesin revision 17 of this document
bull The BSP and API Supported Features table was updated Formore information see 11 BSP and API
bull The Port Control Supported Features table was updated Formore information see Table 1-2
bull The QoS Supported Features table was updated For moreinformation see Table 1-3
bull The L2 Switching Supported Features table was updated Formore information see Table 1-5
bull The Protection Supported Features table was updated For moreinformation see Table 1-4
bull The L3 Switching Supported Features table was updated Formore information see Table 1-6
bull The Security Supported Features table was updated For moreinformation see Table 1-7
bull The Robustness and Power Savings Supported Features tablewas updated For more information see Table 1-8
bull The OAM and Testing Supported Features table was updated Formore information see Table 1-9
bull The Timing and Synchronization Supported Features table wasupdated For more information see Table 1-10
bull The Customization Framework Supported Features table wasupdated For more information see Table 1-11
bull The Management Supported Features table was updated Formore information see Table 1-12
bull The SNMP MIBs Supported Features table was updated Formore information see Table 1-13
bull The L3 Routing section was updated For more information see 93 L3 Routing
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 67
continuedRevision Date Description
16 October 2018 Revision 16 was published in October 2018 to align with the Linuxapplication software release 46 The following is a summary of changesin revision 16 of this document
bull A cross reference in the JSON-RPC section was fixed For moreinformation see 141 JSON-RPC
bull The MEF section was removedbull The Port Control Supported Features table was updated For
more information see Table 1-2bull The QoS Supported Features table was updated For more
information see Table 1-3bull The L2 Switching Supported Features table was updated For
more information see Table 1-5bull The Protection Supported Features table was updated For more
information see Table 1-4bull The L3 Switching Supported Features table was updated For
more information see Table 1-6bull The Security Supported Features table was updated For more
information see Table 1-7bull The Robustness and Power Savings Supported Features table
was updated For more information see Table 1-8bull The OAM and Testing Supported Features table was updated For
more information see Table 1-9bull The Timing and Synchronization Supported Features table was
updated For more information see Table 1-10bull The Customization Framework Supported Features table was
updated For more information see Table 1-11bull The Management Supported Features table was updated For
more information see Table 1-12bull The SNMP MIBs Supported Features table was updated For
more information see Table 1-13 bull Removed the VLAN Translation is removed from the L2 Switching
chapterbull The Cold and Cool Restart section was updated For more
information see 1111 Cold and CoolStartbull Removed the Ethernet Services section and the Traffic Test Loop
section from the Carrier Ethernet (OAM and Testing) chapterbull The JSON-RPC section was updated For more information see
141 JSON-RPCbull Removed the Software Functions Supported by JSON RPC
section from the Management chapterbull Removed the Private MIB and the Standard MIB sections from the
SNMP MIBs chapter
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 68
continuedRevision Date Description
15 July 2018 Revision 15 was published in July 2018 to align with the Linuxapplication software release 45 The following is a summary of changesin revision 15 of this document
bull The Port Control Supported Features table was updated byadding one more feature For more information see 12 PortControl
bull The Security Supported Features table was updated by addingone more feature For more information see 17 Security
bull The Management Supported Features table was updated byadding two more features For more information see 112 Management
bull The System Capability section was updated For more informationsee 42 System Capability
bull The L3 Routing section was updated For more information see 93 L3 Routing
bull The ARP InspectionIP and IPv6 Source Guard section wasupdated For more information see 107 ARP InspectionIP andIPv6 Source Guard
bull The Dying gasp section was updated For more information see 1212 Dying Gasp
bull The DHCP Server section was updated For more information see 1411 DHCP Server
bull The IP Management DNS and DHCPv4v6 section was updatedFor more information see 149 IP Management DNS andDHCPv4v6
14 April 2018 Revision 14 was published in April 2018 to align with the Linuxapplication software release 44 The following is a summary of changesin revision 14 of this document
bull The list of features in the L3 Switching Supported Features tablewas updated For more information see 16 L3 Switching
bull The Features and Platform Capacity table was updated For moreinformation see 2 Features and Platform Capacity
bull The System Capability section was updated For more informationsee 42 System Capability
bull The Internet Control Message Protocol section was updated Formore information see 145 Internet Control Message Protocol
bull The L3 Routing section was added in the Synchronization chapterFor more information see 93 L3 Routing
bull The Industrial Private VLAN section was updated For moreinformation see 85 Industrial Private VLANs
bull The VLAN Translation section was added For more informationsee unique_147
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 69
continuedRevision Date Description
13 January 2018 Revision 13 was published in January 2018 to align with the Linuxapplication software release 43 The following is a summary of changesin revision 13 of this document
bull The Supported Switches table was updated with details regardingVSC741015353637 For more information see 1 SupportedSwitch Platforms
bull The headers of all the tables in the Supported Features sectionwas updated with additional switches For more information see 1 Supported Features
bull The Port Control Supported Features table was updated byadding four more features For more information see 12 PortControl
bull The L2 Switching Supported Features table was updated byadding four more features For more information see 15 L2Switching
bull The L3 Switching Supported Features table was updated byadding four more features For more information see 16 L3Switching
bull The Robustness and Power Savings Supported Features tablewas updated For more information see 18 Robustness andPower Savings
bull The OAM and Testing Supported Features table was updated Formore information see 19 OAM and Test
bull The Timing and Synchronization Supported Features table wasupdated For more information see 110 Timing andSynchronization
bull The SNMP MIBs Supported Features table was updated Formore information see 113 SNMP MIBs
bull The MIB list in the Standard MIBs section was updated For moreinformation see unique_148
12 September 2017 Revision 12 was published in July 2017 to align with the Linuxapplication software release 42 In revision 12 of the of this documentthe chapter related to OAM and Testing was added For moreinformation see 12 OAM and Test
11 June 2017 Revision 11 was published in June 2017 to align with the Linuxapplication software release 41 The following is a summary of changesin revision 11 of this document
bull The tables listing the supported features were updated to reflectthe features related to the Serval-T device For more informationsee 1 Supported Switch Platforms
bull The list of supported features was updated to reflect the SparX-IVand Serval-T devices For more information see 1 SupportedFeatures
bull The Features and Platform Capacity table was updated to reflectthe features related to the Serval-T device For more informationsee 2 Features and Platform Capacity
bull The Port System Requirements table was updated to reflect thefeatures related to the Serval-T device For more information see 3 System Requirements
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 70
continuedRevision Date Description
10 November 2016 Revision 10 was published in November 2016 to align with the Linuxapplication software release 40 It was the first publication of thisdocument
VSC6817Revision History
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 71
The Microchip WebsiteMicrochip provides online support via our website at wwwmicrochipcom This website is used to make files andinformation easily available to customers Some of the content available includes
bull Product Support ndash Data sheets and errata application notes and sample programs design resources userrsquosguides and hardware support documents latest software releases and archived software
bull General Technical Support ndash Frequently Asked Questions (FAQs) technical support requests onlinediscussion groups Microchip design partner program member listing
bull Business of Microchip ndash Product selector and ordering guides latest Microchip press releases listing ofseminars and events listings of Microchip sales offices distributors and factory representatives
Product Change Notification ServiceMicrochiprsquos product change notification service helps keep customers current on Microchip products Subscribers willreceive email notification whenever there are changes updates revisions or errata related to a specified productfamily or development tool of interest
To register go to wwwmicrochipcompcn and follow the registration instructions
Customer SupportUsers of Microchip products can receive assistance through several channels
bull Distributor or Representativebull Local Sales Officebull Embedded Solutions Engineer (ESE)bull Technical Support
Customers should contact their distributor representative or ESE for support Local sales offices are also available tohelp customers A listing of sales offices and locations is included in this document
Technical support is available through the website at wwwmicrochipcomsupport
Microchip Devices Code Protection FeatureNote the following details of the code protection feature on Microchip devices
bull Microchip products meet the specification contained in their particular Microchip Data Sheetbull Microchip believes that its family of products is one of the most secure families of its kind on the market today
when used in the intended manner and under normal conditionsbull There are dishonest and possibly illegal methods used to breach the code protection feature All of these
methods to our knowledge require using the Microchip products in a manner outside the operatingspecifications contained in Microchiprsquos Data Sheets Most likely the person doing so is engaged in theft ofintellectual property
bull Microchip is willing to work with the customer who is concerned about the integrity of their codebull Neither Microchip nor any other semiconductor manufacturer can guarantee the security of their code Code
protection does not mean that we are guaranteeing the product as ldquounbreakablerdquo
Code protection is constantly evolving We at Microchip are committed to continuously improving the code protectionfeatures of our products Attempts to break Microchiprsquos code protection feature may be a violation of the DigitalMillennium Copyright Act If such acts allow unauthorized access to your software or other copyrighted work youmay have a right to sue for relief under that Act
Legal NoticeInformation contained in this publication regarding device applications and the like is provided only for yourconvenience and may be superseded by updates It is your responsibility to ensure that your application meets with
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 72
your specifications MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHEREXPRESS OR IMPLIED WRITTEN OR ORAL STATUTORY OR OTHERWISE RELATED TO THE INFORMATIONINCLUDING BUT NOT LIMITED TO ITS CONDITION QUALITY PERFORMANCE MERCHANTABILITY ORFITNESS FOR PURPOSE Microchip disclaims all liability arising from this information and its use Use of Microchipdevices in life support andor safety applications is entirely at the buyerrsquos risk and the buyer agrees to defendindemnify and hold harmless Microchip from any and all damages claims suits or expenses resulting from suchuse No licenses are conveyed implicitly or otherwise under any Microchip intellectual property rights unlessotherwise stated
TrademarksThe Microchip name and logo the Microchip logo Adaptec AnyRate AVR AVR logo AVR Freaks BesTimeBitCloud chipKIT chipKIT logo CryptoMemory CryptoRF dsPIC FlashFlex flexPWR HELDO IGLOO JukeBloxKeeLoq Kleer LANCheck LinkMD maXStylus maXTouch MediaLB megaAVR Microsemi Microsemi logo MOSTMOST logo MPLAB OptoLyzer PackeTime PIC picoPower PICSTART PIC32 logo PolarFire Prochip DesignerQTouch SAM-BA SenGenuity SpyNIC SST SST Logo SuperFlash Symmetricom SyncServer TachyonTempTrackr TimeSource tinyAVR UNIO Vectron and XMEGA are registered trademarks of Microchip TechnologyIncorporated in the USA and other countries
APT ClockWorks The Embedded Control Solutions Company EtherSynch FlashTec Hyper Speed ControlHyperLight Load IntelliMOS Libero motorBench mTouch Powermite 3 Precision Edge ProASIC ProASIC PlusProASIC Plus logo Quiet-Wire SmartFusion SyncWorld Temux TimeCesium TimeHub TimePictra TimeProviderVite WinPath and ZL are registered trademarks of Microchip Technology Incorporated in the USA
Adjacent Key Suppression AKS Analog-for-the-Digital Age Any Capacitor AnyIn AnyOut BlueSky BodyComCodeGuard CryptoAuthentication CryptoAutomotive CryptoCompanion CryptoController dsPICDEMdsPICDEMnet Dynamic Average Matching DAM ECAN EtherGREEN In-Circuit Serial Programming ICSPINICnet Inter-Chip Connectivity JitterBlocker KleerNet KleerNet logo memBrain Mindi MiWi MPASM MPFMPLAB Certified logo MPLIB MPLINK MultiTRAK NetDetach Omniscient Code Generation PICDEMPICDEMnet PICkit PICtail PowerSmart PureSilicon QMatrix REAL ICE Ripple Blocker SAM-ICE Serial QuadIO SMART-IS SQI SuperSwitcher SuperSwitcher II Total Endurance TSHARC USBCheck VariSenseViewSpan WiperLock Wireless DNA and ZENA are trademarks of Microchip Technology Incorporated in the USAand other countries
SQTP is a service mark of Microchip Technology Incorporated in the USA
The Adaptec logo Frequency on Demand Silicon Storage Technology and Symmcom are registered trademarks ofMicrochip Technology Inc in other countries
GestIC is a registered trademark of Microchip Technology Germany II GmbH amp Co KG a subsidiary of MicrochipTechnology Inc in other countries
All other trademarks mentioned herein are property of their respective companiescopy 2020 Microchip Technology Incorporated Printed in the USA All Rights Reserved
ISBN 978-1-5224-7595-8
Quality Management SystemFor information regarding Microchiprsquos Quality Management Systems please visit wwwmicrochipcomquality
VSC6817
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 73
AMERICAS ASIAPACIFIC ASIAPACIFIC EUROPECorporate Office2355 West Chandler BlvdChandler AZ 85224-6199Tel 480-792-7200Fax 480-792-7277Technical SupportwwwmicrochipcomsupportWeb AddresswwwmicrochipcomAtlantaDuluth GATel 678-957-9614Fax 678-957-1455Austin TXTel 512-257-3370BostonWestborough MATel 774-760-0087Fax 774-760-0088ChicagoItasca ILTel 630-285-0071Fax 630-285-0075DallasAddison TXTel 972-818-7423Fax 972-818-2924DetroitNovi MITel 248-848-4000Houston TXTel 281-894-5983IndianapolisNoblesville INTel 317-773-8323Fax 317-773-5453Tel 317-536-2380Los AngelesMission Viejo CATel 949-462-9523Fax 949-462-9608Tel 951-273-7800Raleigh NCTel 919-844-7510New York NYTel 631-435-6000San Jose CATel 408-735-9110Tel 408-436-4270Canada - TorontoTel 905-695-1980Fax 905-695-2078
Australia - SydneyTel 61-2-9868-6733China - BeijingTel 86-10-8569-7000China - ChengduTel 86-28-8665-5511China - ChongqingTel 86-23-8980-9588China - DongguanTel 86-769-8702-9880China - GuangzhouTel 86-20-8755-8029China - HangzhouTel 86-571-8792-8115China - Hong Kong SARTel 852-2943-5100China - NanjingTel 86-25-8473-2460China - QingdaoTel 86-532-8502-7355China - ShanghaiTel 86-21-3326-8000China - ShenyangTel 86-24-2334-2829China - ShenzhenTel 86-755-8864-2200China - SuzhouTel 86-186-6233-1526China - WuhanTel 86-27-5980-5300China - XianTel 86-29-8833-7252China - XiamenTel 86-592-2388138China - ZhuhaiTel 86-756-3210040
India - BangaloreTel 91-80-3090-4444India - New DelhiTel 91-11-4160-8631India - PuneTel 91-20-4121-0141Japan - OsakaTel 81-6-6152-7160Japan - TokyoTel 81-3-6880- 3770Korea - DaeguTel 82-53-744-4301Korea - SeoulTel 82-2-554-7200Malaysia - Kuala LumpurTel 60-3-7651-7906Malaysia - PenangTel 60-4-227-8870Philippines - ManilaTel 63-2-634-9065SingaporeTel 65-6334-8870Taiwan - Hsin ChuTel 886-3-577-8366Taiwan - KaohsiungTel 886-7-213-7830Taiwan - TaipeiTel 886-2-2508-8600Thailand - BangkokTel 66-2-694-1351Vietnam - Ho Chi MinhTel 84-28-5448-2100
Austria - WelsTel 43-7242-2244-39Fax 43-7242-2244-393Denmark - CopenhagenTel 45-4485-5910Fax 45-4485-2829Finland - EspooTel 358-9-4520-820France - ParisTel 33-1-69-53-63-20Fax 33-1-69-30-90-79Germany - GarchingTel 49-8931-9700Germany - HaanTel 49-2129-3766400Germany - HeilbronnTel 49-7131-72400Germany - KarlsruheTel 49-721-625370Germany - MunichTel 49-89-627-144-0Fax 49-89-627-144-44Germany - RosenheimTel 49-8031-354-560Israel - RarsquoananaTel 972-9-744-7705Italy - MilanTel 39-0331-742611Fax 39-0331-466781Italy - PadovaTel 39-049-7625286Netherlands - DrunenTel 31-416-690399Fax 31-416-690340Norway - TrondheimTel 47-72884388Poland - WarsawTel 48-22-3325737Romania - BucharestTel 40-21-407-87-50Spain - MadridTel 34-91-708-08-90Fax 34-91-708-08-91Sweden - GothenbergTel 46-31-704-60-40Sweden - StockholmTel 46-8-5090-4654UK - WokinghamTel 44-118-921-5800Fax 44-118-921-5820
Worldwide Sales and Service
copy 2020 Microchip Technology Inc Product Specification DS30010225B-page 74