Microchip VSC6817-2023.03 Handleiding


Lees hieronder de 📖 handleiding in het Nederlandse voor Microchip VSC6817-2023.03 (75 pagina's) in de categorie Niet gecategoriseerd. Deze handleiding was nuttig voor 29 personen en werd door 2 gebruikers gemiddeld met 4.5 sterren beoordeeld

Pagina 1/75
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 1
VSC6817
IStaX Software Product Specification
Product Overview
The IStaX turnkey software package is a fully managed L2 switch application for the IoT applications. This software
package can be customized to support different port configurations. It is built on Linux to ensure cost optimization
without compromising efficiency. The IStaX supports the following major capabilities.
• RedBoot bootloader
• U-boot bootloader
• Web or XMODEM update
Management is done using a web graphical user interface (GUI), command line interface (CLI), Simple Network
Management Protocol (SNMP), or JavaScript Object Notation-Remote Procedure Call (JSONRPC) running on the
internal MIPS24Kec CPU. The IStaX is highly integrated with switch features, such as QoS control lists (QCLs),
access control lists (ACLs), and super priority management queue.
This document provides an overview of the switch and software features of the IStaX software and lays the basis for
further specifications. The supported configuration details including parameters and limitations are beyond the scope
of this document. The module specific requirement specifications and configuration guides may be referred to for
obtaining these details.
Supported Switch Platforms
This software is supported on a series of Microchip switches with 12, 26, or 57 ports with Power over Ethernet
(PoE) and non-PoE capabilities. It is also supported on Microsemi PHYs with SyncE and VeriTime
â„¢ (IEEE 1588v2)
capabilities. The following table shows the supported switches.
Table 1. Supported Switches
Switch Description
VSC7410 6-port SGMII Gigabit Ethernet Switch with VeriTimeâ„¢ and Gigabit Ethernet PHYs
VSC7414 11-port layer 2 SGMII Gigabit Ethernet Enterprise Switch with VeriTime
â„¢
VSC7415 6-Port SGMII Gigabit Ethernet Switch with VeriTime
â„¢, Integrated DPLL, and Gigabit Ethernet
PHYs
VSC7416 6-port Carrier Ethernet Switch Engine with ViSAA
â„¢, VeriTimeâ„¢, and MPLS/MPLS-TP
VSC7418 11-port Carrier Ethernet Switch Engine with ViSAA
â„¢, VeriTimeâ„¢, and MPLS/MPLS-TP
VSC7423 7-port, layer 2 Gigabit Ethernet Switch with VeriTime
â„¢, 5 Integrated Copper PHYs, and
Embedded 32-bit CPU
VSC7428 11-port Carrier Ethernet Switch Engine with ViSAA
â„¢, VeriTimeâ„¢, and PHYs
VSC7429 26-port Carrier Ethernet Switch with ViSAA
â„¢, VeriTimeâ„¢, and 12 Fully Integrated Copper PHYs
VSC7430 6-port Carrier Ethernet Switch with ViSAA
â„¢, VeriTimeâ„¢, and Gigabit Ethernet PHYs
VSC6817
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 2
...........continued
Switch Description
VSC7435 6-port Carrier Ethernet Switch with ViSAA
â„¢, VeriTimeâ„¢, and Integrated DPLLs and Gigabit
Ethernet PHYs
VSC7436 10-port Carrier Ethernet Switch with ViSAA
â„¢, VeriTimeâ„¢, and Integrated Gigabit Ethernet PHYs
VSC7437 8-port Carrier Ethernet Switch with ViSAA
â„¢, VeriTimeâ„¢, and Integrated DPLLs and Gigabit
Ethernet PHYs
VSC7438 14-port Carrier Ethernet Switch with ViSAA
â„¢, VeriTimeâ„¢, MPLS-TP, and L3 Routing
VSC7440 10-port L2/L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7442 52-port L2/L3 Enterprise and Industrial Ethernet Switch
VSC7444 26-port L2/L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7448 52-port L2/L3 Enterprise Gigabit Ethernet Switch with 10 Gbps Links
VSC7449 6-port SGMII Gigabit Ethernet Switch with VeriTimeâ„¢ and Gigabit Ethernet PHYs
VSC7464 11-port layer 2 SGMII Gigabit Ethernet Enterprise Switch with VeriTime
â„¢
VSC7468 6-port Carrier Ethernet Switch Engine with ViSAA
â„¢, VeriTimeâ„¢, and MPLS/MPLS-TP
VSC7513 8-port L2 Gigabit Ethernet Switch
VSC7514 10-port L2 Gigabit Ethernet Switch
VSC7546TSN 29-port L2/L3 Industrial Gigabit Ethernet Switches
VSC7549TSN 53-port L2/L3 Industrial Gigabit Ethernet Switches
VSC7552TSN 57-port L2/L3 Industrial Gigabit Ethernet Switches
VSC7556TSN 57-port L2/L3 Industrial Gigabit Ethernet Switches
VSC7558TSN 57-port L2/L3 Industrial Gigabit Ethernet Switches
LAN9668 8-port L2/L3 Industrial Gigabit Ethernet Switches with support for TSN
The following table lists the supported 1G PHYs.
Table 2. Supported 1G PHYs
PHY Description
VSC8211 Single-port 10/100/1000BASE-T PHY and 1000BASE-X PHY with SGMII, SerDes, GMII, MII, TBI,
RGMII/RTBI MAC Interfaces
VSC8221 Single-port 10/100/1000BASE-T PHY with 1.25 Gbps SerDes/SGMII for SFPs/GBICs
VSC8501 Single-port GbE Copper PHY with Synchronous Ethernet and RGMII/GMII Interface
VSC8502 Dual-port GbE Copper PHY with Synchronous Ethernet and RGMII/GMII Interface
VSC8504 Quad-port 10/100/1000BASE-T PHY with Synchronous Ethernet and QSGMII/SGMII MAC
VSC8512 12-port 10/100/1000BASE-T PHY with SGMII and QSGMII MAC Interface
VSC8514 Quad-port Gigabit Copper EEE PHY with QSGMII MAC-to-PHY Interface
VSC8522 12-port 10/100/1000BASE-T PHY with QSGMII MAC Interface
VSC6817
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 3
...........continued
PHY Description
VSC8552 Dual-port RGMII/SGMII/QSGMII Dual Media PHY with EEE Support
VSC8562 Dual-port 10/100/1000BASE-T PHY with Synchronous Ethernet, Intellisec
â„¢, and QSGMII/SGMII MAC
VSC8564 Dual-port 10/100/1000BASE-T PHY with Synchronous Ethernet, MACsec, and QSGMII/SGMII MAC
VSC8572 Dual-port 10/100/1000BASE-T PHY with VeriTime
â„¢, Synchronous Ethernet, and RGMII/SGMII MAC
VSC8574 Quad-port Dual Media QSGMII/SGMII GbE PHY with VeriTime
â„¢
VSC8575 Quad-port 10/100/1000BASE-T PHY with Synchronous Ethernet, VeriTime
â„¢, and QSGMII/SGMII
MAC
VSC8582 Dual-port Dual Media QSGMII/SGMII GbE PHY with Intellisec
â„¢ and VeriTimeâ„¢
VSC8584 Quad-port Dual Media QSGMII/SGMII GbE PHY with Intellisec
â„¢ and VeriTimeâ„¢
The following table lists the supported 10G PHYs.
Table 3. Supported 10G PHYs
PHY Description
VSC8254 Dual Channel 1G/10GBASE-KR to SFI Ethernet LAN/WAN PHY with VeriTime
â„¢ and Intellisecâ„¢
VSC8256 Quad Channel 1G/10GBASE-KR to SFI Ethernet Repeater
VSC8257 Quad Channel 1G/10GBASE-KR to SFI Ethernet WIS PHY with VeriTime
â„¢ and Intellisecâ„¢
VSC8258 Quad Channel 1G/10GBASE-KR to SFI Ethernet WIS PHY with VeriTime
â„¢ and Intellisecâ„¢
VSC8489 Dual-port WAN/LAN/Backplane RXAUI/XAUI to SFP+/KR 10 GbE PHY
VSC8490 Dual-port WAN/LAN/Backplane RXAUI/XAUI to SFP+/KR 10 GbE PHY with Intellisecâ„¢ and
VeriTimeâ„¢
VSC8491 WAN/LAN/Backplane RXAUI/XAUI to SFP+/KR 10 GbE PHY with Intellisec
â„¢ and VeriTimeâ„¢
Software Architecture
The CEServices software provides support for standalone switches. It consists of the following components.
• Operating system (Linux) for access to the hardware.
• Application programming interface (API) for a function library to control switches and PHYs.
• Control modules, such as port control, MSTP, and Virtual LAN (VLAN)—to implement product features and
protocols. These modules may include threads and provide a management API for configuration and monitoring.
• Management modules, such as CLI, web, JSON-RPC, and Simple Network Management Protocol (SNMP)—for
interfaces to the system based on the management API of the control modules.
The following illustration shows the architecture of the Microchip managed application software and a few control and
management modules.
VSC6817
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 4
Figure 1. Application Architecture
VSC6817
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 5
Table of Contents
Product Overview........................................................................................................................................... 1
Supported Switch Platforms....................................................................................................................1
Software Architecture..............................................................................................................................3
1. Supported Features................................................................................................................................ 8
1.1. BSP and API................................................................................................................................ 8
1.2. Port Control.................................................................................................................................. 8
1.3. Quality of Service (QoS).............................................................................................................10
1.4. Protection................................................................................................................................... 11
1.5. L2 Switching...............................................................................................................................12
1.6. L3 Switching...............................................................................................................................14
1.7. Security...................................................................................................................................... 15
1.8. Robustness and Power Savings................................................................................................ 17
1.9. OAM and Test.............................................................................................................................17
1.10. Timing and Synchronization....................................................................................................... 18
1.11. Customization Framework..........................................................................................................20
1.12. Management.............................................................................................................................. 21
1.13. SNMP MIBs................................................................................................................................24
2. Features and Platform Capacity............................................................................................................26
3. System Requirements...........................................................................................................................29
4. Port and System Capabilities................................................................................................................ 31
4.1. Port Capability............................................................................................................................ 31
4.2. System Capability.......................................................................................................................31
5. Firmware Upgrade................................................................................................................................ 32
6. Port Control...........................................................................................................................................33
6.1. NPI Port......................................................................................................................................33
6.2. PCIe........................................................................................................................................... 33
6.3. Dual CPU................................................................................................................................... 33
6.4. SFP Detection............................................................................................................................ 33
6.5. VeriPHY Support........................................................................................................................ 33
6.6. PoE Support............................................................................................................................... 33
6.7. POE with LLDP.......................................................................................................................... 33
6.8. Unidirectional Link Detection (UDLD).........................................................................................33
7. Quality of Service (QoS)....................................................................................................................... 35
7.1. Port Policers............................................................................................................................... 35
7.2. Scheduling and Shaping............................................................................................................ 35
7.3. QCL Configuration......................................................................................................................35
7.4. Weighted Random Early Detection (WRED)..............................................................................35
7.5. Tag Remarking........................................................................................................................... 35
7.6. Ingress Port Classification..........................................................................................................36
7.7. Queue Policers...........................................................................................................................36
7.8. DiffServ (RFC2474) Remarking................................................................................................. 36
VSC6817
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 6
7.9. Global Storm Control..................................................................................................................36
8. L2 Switching..........................................................................................................................................37
8.1. Auto MAC Address Learning/Aging............................................................................................37
8.2. MAC Addresses–Static.............................................................................................................. 37
8.3. Virtual LAN................................................................................................................................. 37
8.4. Voice VLAN................................................................................................................................ 38
8.5. Industrial Private VLANs............................................................................................................ 38
8.6. Generic VLAN Registration Protocol (GVRP)............................................................................ 39
8.7. Multiple Registration Protocol (MRP)......................................................................................... 39
8.8. Multiple VLAN Registration Protocol (MVRP)............................................................................ 39
8.9. IEEE 802.3ad Link Aggregation................................................................................................. 39
8.10. Bridge Protocol Data Unit (BPDU) Guard,Restricted Role, and Error Disable Recovery...........40
8.11. IGMP Snooping and MLD Snooping.......................................................................................... 40
8.12. DHCP Snooping.........................................................................................................................40
8.13. MAC Table Configuration........................................................................................................... 40
8.14. Mirroring (SPAN/VSPAN and RSPAN)....................................................................................... 41
8.15. RMirror....................................................................................................................................... 41
8.16. Flow Mirroring for AC................................................................................................................. 41
8.17. Spanning Tree............................................................................................................................ 41
8.18. Loop Guard................................................................................................................................ 41
9. L3 Switching..........................................................................................................................................43
9.1. DHCP Relay...............................................................................................................................43
9.2. Universal Plug and Play (UPnP)................................................................................................ 43
9.3. L3 Routing.................................................................................................................................. 43
10. Security................................................................................................................................................. 44
10.1. 802.1X and MAC-Based Authentication.....................................................................................44
10.2. Authentication, Authorization, and Accounting (AAA)................................................................ 45
10.3. Secure Access........................................................................................................................... 45
10.4. Users and Privilege Levels.........................................................................................................45
10.5. Authentication and Authorization Methods.................................................................................46
10.6. Access Control List (ACLs)........................................................................................................ 46
10.7. ARP Inspection/IP and IPv6 Source Guard................................................................................47
11. Robustness and Power Savings........................................................................................................... 49
11.1. Robustness................................................................................................................................ 49
11.2. Power Savings........................................................................................................................... 49
12. OAM and Test....................................................................................................................................... 51
12.1. OAM........................................................................................................................................... 51
13. Synchronization.....................................................................................................................................53
13.1. Precision Time Protocol (PTP)................................................................................................... 53
13.2. Microchip One-Step TC PHY Solution....................................................................................... 53
13.3. Transparent Clock over Microwave............................................................................................53
13.4. G.8265.1 Solution (Frequency), ITU Standard...........................................................................54
13.5. G.8275.1 Solution (Phase), ITU Standard..................................................................................54
VSC6817
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 7
13.6. G.8275 Compliant Filter............................................................................................................. 54
13.7. PTP Time Interface.....................................................................................................................54
13.8. Network Time Protocol (NTP).....................................................................................................54
13.9. Day Light Saving........................................................................................................................ 54
14. Management......................................................................................................................................... 55
14.1. JSON-RPC.................................................................................................................................55
14.2. Management Services................................................................................................................55
14.3. Simple Network Management Protocol (SNMP)........................................................................ 58
14.4. RMON Statistics.........................................................................................................................58
14.5. Internet Control Message Protocol.............................................................................................58
14.6. SysLog....................................................................................................................................... 59
14.7. LLDP-MED................................................................................................................................. 59
14.8. 802.1AB LLDP and CDP Aware.................................................................................................61
14.9. IP Management, DNS, and DHCPv4/v6.....................................................................................61
14.10. IPv6 Ready Logo Phase2......................................................................................................... 62
14.11. DHCP Server.............................................................................................................................62
14.12. Console..................................................................................................................................... 62
14.13. System Management................................................................................................................ 62
14.14. Management Access Filtering...................................................................................................62
14.15. sFlow.........................................................................................................................................62
14.16. Default Configuration................................................................................................................ 63
14.17. Configuration Upload/Download............................................................................................... 63
14.18. Loop Detection Restore to Default............................................................................................ 63
14.19. Symbolic Register Access.........................................................................................................63
15. SNMP MIBs...........................................................................................................................................64
16. Revision History.................................................................................................................................... 65
The Microchip Website.................................................................................................................................73
Product Change Notification Service............................................................................................................73
Customer Support........................................................................................................................................ 73
Microchip Devices Code Protection Feature................................................................................................73
Legal Notice................................................................................................................................................. 73
Trademarks.................................................................................................................................................. 74
Quality Management System....................................................................................................................... 74
Worldwide Sales and Service.......................................................................................................................75
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 8
1. Supported Features
The following sections describe the features of each module of the IStaX software.
1.1 BSP and API
The following table lists the features supported by the API module.
Table 1-1. BSP and API: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC751
3
VSC751
4
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Internal CPU • • • • • •
64-bit CPU Architecture — — — — • —
API and application split • • • • • •
MESA layer • • • • • •
MEBA layer • • • • • •
U-Boot • • • • • •
U-Boot network support • • • • • •
32MB NOR FLASH only option • • • • — —
64MB NOR FLASH only option • • • • — —
128MB NOR FLASH only option
(dual image)
• • • • • •
32MB NOR FLASH + 256MB
NAND FLASH
• • • • • —
4MB NOR FLASH + 256MB
NAND FLASH
— — — — • —
4MB NOR FLASH + 4GB
eMMC
— — — — • —
4GB eMMC — — — — — •
1.2 Port Control
The following table lists the features supported by the port control module. For more information, see .6. Port Control
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 9
Table 1-2. Port Control: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Port speed/duplex mode/flow
control
• • • • • •
Aquantia 2.5G PHY Gen2 • • • • • •
Aquantia 2.5G PHY Gen3 • • • • • •
Aquantia 5G PHY Gen3 — • — — — —
Aquantia 10G PHY Gen2 — • • — • —
802.1Qbb Per Priority Flow
Control
— • • • — •
Port frame size (jumbo
frames)
• • • • • •
Port state (administrative
status)
• • • • • •
Port status (link monitoring) • • • • • •
Port statistics (MIB counters) • • • • • •
Port VeriPHY (cable
diagnostics)
• • • • • •
PoE/PoE+ with PD69208
support (external controller)
• • • • • —
PoE/PoE+ with Link Layer
Discovery Protocol (LLDP)
• • • • • —
PoE IEEE802.3bt without
LLDP
(external controller)
• • • • • —
NPI port • • • • • •
PCIe — • • • • •
On-the-fly SFP detection • • • • • •
DDMI • • • • • •
Unidirectional Link Detection
(UDLD)
• • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 10
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
IEEE 802.3ap 10G-KR — • • — • —
IEEE 802.3ap 25G-KR — — — — • —
1.3 Quality of Service (QoS)
The following table lists the features supported by the QoS module. For more information, see 7. Quality of Service
(QoS).
Table 1-3. QoS: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Cut-through — — — — • •
Traffic classes (8 active priorities) • • • • • •
Port default priority • • • • • •
User priority • • • • • •
Input priority mapping • • • • • •
QoS control list (QCL mode) • • • • • •
Global storm control for UC, MC,
and BC
• • • • • •
Random early discard (RED) — • • • • •
Port policers • • • • • •
Queue policers • • • • • •
Global/VCAP (ACL) policers • • • • • •
Port egress shaper • • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 11
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Queue egress shapers • • • • • •
DiffServ (RFC2474) remarking • • • • • •
Tag remarking • • • • • •
Scheduler mode • • • • • •
IEEE-802.1Qbv (TAS) Time-aware
Scheduler
— — — — • •
IEEE-802.1Qbu & 802.3br frame
preemption
— — — — • •
IEEE-802.1Qci ingress gating/
policing/checking
— — — — • •
1.4 Protection
The following table lists the features supported by the protection module.
Table 1-4. Protection: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
1:1 port protection - G.8031 • • • • • •
Ring protection - G.8032 • • • • • •
Ring protection v2 - G.8032 • • • • • •
Media redundancy protocol
(MRP)
• • • • • •
Media redundancy protocol
(MRP) interconnect
• • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 12
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
IEEE®-802.1CB (FRER) — — — — • •
1.5 L2 Switching
The following table lists the features supported by the L2 switching module. For more information, see 8. L2
Switching.
Table 1-5. L2 Switching: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
IEEE 802.1D Bridge
Auto MAC address learning/
aging
• • • • • •
MAC addresses—static • • • • • •
IEEE 802.1Q
Virtual LAN • • • • • •
Bidirectional VLAN translation • • • • • •
Unidirectional VLAN
translation (ingress/egress)
• • • • • •
Private VLAN—static • • • • • •
Port isolation—static • • • • • •
MAC-based VLAN • • • • • •
Protocol-based VLAN • • • • • •
IP subnet-based VLAN • • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 13
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
VLAN trunking • • • • • •
iPVLAN Trunking — • • • • •
GARP VLAN Registration
Protocol (GVRP)
• • • • • •
Multiple Registration Protocol
(MRP)
• • • • • •
Multiple VLAN Registration
Protocol (MVRP)
• • • • • •
IEEE 802.1ad provider bridge
(native or translated VLAN)
• • • • • •
Multiple Spanning Tree
Protocol (MSTP)
• • • • • •
Rapid Spanning Tree Protocol
(RSTP) and STP
• • • • • •
Loop guard • • • • • •
IEEE 802.3ad
Link aggregation—static • • • • • •
Link aggregation—Link
Aggregation Control Protocol
(LACP)
• • • • • •
AGGR/LACP user interface
alignment with Industry
standard
• • • • • •
UNI LAG (LACP) 1:1 active/
standby
• • • • • •
LACP revertive/non-revertive • • • • • •
LACP loop free operation • • • • • •
Bridge Protocol Data Unit
(BPDU) guard and restricted
role
• • • • • •
Error disable recovery • • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 14
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
IGMPv2 snooping • • • • • •
IGMPv3 snooping • • • • • •
MLDv1 snooping • • • • • •
MLDv2 snooping • • • — • —
Internet Group Management
Protocol (IGMP) filtering profile
• • • • • •
IP Multicast (IPMC) throttling,
filtering, and leave proxy
• • • • • •
Multicast VLAN Registration
(MVR)
• • • • • •
MVR profile • • • • • •
Voice VLAN • • • • • •
DHCP snooping • • • • • •
ARP inspection • • • • • •
Port mirroring • • • • • •
Flow mirroring • • • • • •
Rmirror • • • • • •
DHCPv6 Shield • • • • • •
1.6 L3 Switching
The following table lists the features supported by the L3 switching module. For more information, see 9. L3
Switching.
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 15
Table 1-6. L3 Switching: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
DHCP option 82 relay • • • • • •
Universal Plug and Play (UPnP) • • • • • •
Software-based IPv4 L3 static
routing with Linux Kernel
integration
• — — • — •
Hardware-based IPv4 L3 static
routing with Linux Kernel
integration
— • • — • —
RFC2992 (ECMP) support for HW
based L3 static routing
— • • — • —
RFC 2453 RIPv2 dynamic routing — • • — • —
RFC 2328 OSPFv2 Dynamic
routing
— • • — • —
RFC 3101 The OSPF Not-So-
Stubby Area (NSSA) Option
— • • — • —
RFC 3137 OSPF Stub Router
Advertisement
— • • — • —
Software-based IPv6 L3 static
routing
• — — • — •
Hardware-based IPv6 L3 static
routing
— • • — • —
RFC 2740/5340 OSPFv3
Dynamic Routing
— • • — • —
RFC-1812 L3 checking (version,
IHL, checksum, and so on)
• • • • • •
1.7 Security
The following table lists the features supported by the security module. For more information, see .10. Security
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 16
Table 1-7. Security: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Network Access Server (NAS)
Port-based 802.1X • • • • • •
Single 802.1X • • • • • •
Multiple 802.1X • • • • • •
MAC-based authentication • • • • • •
VLAN assignment • • • • • •
QoS assignment • • • • • •
Guest VLAN • • • • • •
Remote authentication dial In user
service (RADIUS) authentication
and authorization
• • • • • •
RADIUS accounting • • • • • •
MAC address limit • • • • • •
Persistent MAC learning • • • • • •
IP MAC binding • • • • • •
IP/MAC binding dynamic to static • • • • • •
TACACS+ authentication and
authorization
• • • • • •
TACACS+ command authorization • • • • • •
TACACS+ accounting • • • • • •
Web and CLI authentication • • • • • •
Authorization (15 user levels) • • • • • •
ACLs for filtering/policing/port
copy
• • • • • •
IP source guard • • • • • •
Secure FTP Client • • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 17
1.8 Robustness and Power Savings
The following table lists the features supported by the robustness and power savings module. For more information,
see 11. Robustness and Power Savings.
Table 1-8. Robustness and Power Savings: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Cold start • • • • • •
Cool start • • • • • •
ActiPHY • • • • • •
PerfectReach • • • • • •
Energy-Efficient Ethernet (EEE)
power management
• • • • • —
LED power management • • — — • —
Thermal protection • • • • • •
Adaptive fan control • • • — • —
1.9 OAM and Test
The following table lists the features supported by the OAM and Test module. For more information, see 12. OAM
and Test.
Table 1-9. OAM and Testing: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Link OAM (802.3ah)
Variable, request, and response • • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 18
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Discovery process, information,
event notification, loopback
• • • • • •
Dying gasp • • • • • •
Dying gasp enhanced • • • • • •
Dying gasp SNMP trap • • • • • •
CFM
Continuity Check (ETH-CCM) • • • • • •
IS-, OS-, PS-, and SID-TLV • • • • • •
APS using ETH-CCM and ETH-APS • • • • • •
ERPS using ETH-CCM and ETH-
RAPS
• • • • • •
Hardware-accelerated OAM — • • • • •
1.10 Timing and Synchronization
The following table lists the features supported by the timing and synchronization module. For more information, see
13. Synchronization.
Table 1-10. Timing and Synchronization: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
SyncE with SSM • • • • • •
SyncE nomination for two
interfaces
• • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 19
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Microchip one-step TC
PHY solution
• • • • • •
IEEE 1588v2 PTP with
two-step clock
• • • • • •
IEEE 1588v2 PTP with
one-step clock
• • • • • •
Peer-to-peer transparent
clock over Ethernet/IPv4
• • • • • •
End-to-end transparent
clock over Ethernet/IPv4
• • • • • •
End-to-end transparent
clock over Ethernet/IPv6
• • • • • •
Boundary clock • • • • • •
Redundant masters and
multiple timing domains
• • • • • •
PTP over IPv4 • • • • • •
Unicast/multicast • • • • • •
Support for ZL30772 — • • — • •
Support for ZL30363 — • • — — —
TC internal master/slave
with PDV filtering and
no modulation or latency
feedback from modems
• • • • • •
TC internal master/slave
with reduced PDV
filtering and modem
provides feedback on
modulation or latency
(MSCC ZLS30384 and
MSCC ZLS30380 only)
• • • • • •
Combined SyncE and
1588
• • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 20
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
MSCC timing BU servo
algorithm integration
(MSCC ZLS30387)
• • • • • •
MSCC timing BU DPLL
API integration
• • • • • •
G.8265.1 BMCA (MSCC
ZLS30384 and MSCC
ZLS30380 only)
• • • • • •
ITU G.8263 filtering
(MSCC ZLS30380 only)
• • • • • •
PTP profile (MSCC
ZLS30384 and MSCC
ZLS30380 only)
• • • • • •
Clock quality (MSCC
ZLS30384 and MSCC
ZLS30380 only)
• • • • • •
G.781 compliant clock
selection algorithm for the
platform as a PTP slave
(MSCC ZLS30384 and
MSCC ZLS30380 only)
• • • • • •
G.8275.1 BMCA—only
ZLS30384 and ZLS30380
servo
• • • • • •
G.8275 compliant filter
—only ZLS30384 and
ZLS30380 servo
• • • • • •
PTP time interface • • • • • •
NTPv4 client • • • • • •
IEEE802.1AS-2011/
IEEE802.1AS rev D4.2
• • • • • •
1.11 Customization Framework
The following table lists the features supported by the customization framework module.
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 21
Table 1-11. Customization Framework: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Separate BSP and application • • • • • •
Append or change a binary image • • • • • •
IPC JSON-RPC socket (with
notification support)
• • • • • •
Overwrite default startup
configuration
• • • • • •
Boot and initialization of third-party
daemons
• • • • • •
Configuration to disable certain
built-in features
• • • • • •
Microchip Ethernet Board API
(MEBA)
• • • • • •
1.12 Management
The following table lists the features supported by the management module. For more information, see
14. Management.
Table 1-12. Management: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN966x
JSON-RPC • • • • • •
JSON-RPC notifications • • • • • •
Dual CPU (application
variant with JSON
— • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 22
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN966x
RFC 2131 DHCP client • • • • • •
RFC 2131 DHCP server • • • • • •
DHCP server support for
DHCP relay packets
• • • • • •
DHCP per port • • • • • •
RFC 3315 DHCPv6 client • • • • • •
RFC 3315 DHCPv6 relay
agent
• • • • • •
RFC 7610 DHCPv6-shield
protecting against rogue
DHCPv6 servers
• • • • • •
RFC 1035 DNS client,
relay
• • • • • •
IPv4/IPv6 ping • • • • • •
IPv4/IPv6 traceroute • • • • • •
HTTP server • • • • • •
CLI—console port • • • • • •
CLI—Telnet • • • • • •
Industrial standard CLI • • • • • •
Industrial standard
configuration
• • • • • •
Industrial standard CLI
debug commands
• • • • • •
Port description CLI • • • • • •
Management access
filtering
• • • • • •
HTTPS • • • • • •
SSHv2 • • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 23
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN966x
IPv6 management • • • • • •
IPv6 ready logo PHASE2
(host only)
• • • • • •
RFC4884 (ICMPv6) • • • • • •
System syslog • • • • • •
Software upload through
web
• • • • • •
SNMP v1/v2c/v3 agent 1 • • • • • •
RMON (group 1, 2, 3, and
9)
• • • • • •
RMON alarm and event
(CLI and web)
• • • • • •
Alarm module • • • • • •
IEEE® 802.1AB-2005 link
layer discovery—LLDP
• • • • • •
TIA 1057 LLDP—MED • • • • • •
Industry standard
discovery protocol - ISDP
• • • • • •
sFlow • • • • • •
FTP Client • • • • • •
Configuration download/
upload— industrial
standard
• • • • • •
Loop detection restore to
default
• • • • • •
Symbolic register access • • • • • •
Daylight saving • • • • • •
Note: 
1. No SNMPv1 trap support.
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 24
1.13 SNMP MIBs
The following table lists the features supported by the SNMP MIBs module. For more information, see 15. SNMP
MIBs.
Table 1-13. SNMP MIBs: Supported Features
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
RFC 2674 VLAN MIB • • • • • •
IEEE® 802.1Q bridge MIB
2008
• • • • • •
RFC 2819 RMON (group 1, 2,
3, and 9)
• • • • • •
RFC 1213 MIB II • • • • • •
RFC 1215 TRAPS MIB • • • • • •
RFC 4188 bridge MIB • • • • • •
RFC 4292 IP forwarding table
MIB
• • • • • •
RFC 4293 Management
Information base for the
Internet Protocol (IP)
• • • • • •
RFC 5519 multicast group
membership discovery MIB
• • • • • •
RFC 4668 RADIUS
authentication client MIB
• • • • • •
RFC 4670 RADIUS
accounting MIB
• • • • • •
RFC 3635 Ethernet-like MIB • • • • • •
RFC 2863 interface group
MIB using SMI v2
• • • • • •
RFC 3636 802.3 MAU MIB • • • • • •
RFC 4133 entity MIB version
3
• • • • • •
RFC 4878 Link OAM MIB • • • • • •
VSC6817
Supported Features
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 25
...........continued
Feature Luton26
VSC7423
VSC7428
VSC7429
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
RFC 3411 SNMP
management frameworks
• • • • • •
RFC 3414 user-based
security model for SNMPv3
• • • • • •
RFC 3415 view-based access
control model for SNMP
• • • • • •
RFC 2613 SMON—PortCopy • • • • • •
IEEE 802.1 MSTP MIB • • • • • •
IEEE 802.1AB LLDP-MIB
(LLDP MIB included in a
clause of the STD)
• • • • • •
IEEE 802.3ad (LACP MIB
included in a clause of the
STD)
• • • • • •
IEEE 802.1X (PAE MIB
included in a clause of the
STD)
• • • • • •
TIA 1057 LLDP-MED (MIB is
part of the STD)
• • • • • •
RFC 3621 LLDP-MED power
(PoE) (no specific MIB for
PoE+ exists)
• • • • • •
Private MIB framework • • • • • •
VSC6817
Features and Platform Capacity
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 26
2. Features and Platform Capacity
The following table lists the features and platform capacity supported by the IStaX software. The capacity mentioned
can be either software or hardware constrained.
Table 2-1. Features and Platform Capacity
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Resilience
and
Availability
IEEE 802.1s
MSTP
instances
8 8 8 8 8 8
IEEE® 802.3ad
LACP: Max
LAGs
5 LAGs 7 LAGs in
VSC7438
26 LAGs in
VSC7442/48/
49/68
13 LAGs in
VSC7444/64
3 LAGs in
SC7410/15,
VSC7430/35
4 LAGs in
7440/15/36/37
4 LAGs in
VSC7513
5 LAGs in
VSC7514
35 LAGs in
VSC7546TSN
37 LAGs in
VSC7549TSN,
VSC7552TSN,
VSC7556TSN,
VSC7558TSN
4
Traffic Control
Port-based
VLAN
4095 4095 4095 4095 4095 4095
Guest-VLAN 1 1 1 1 1 1
Private VLAN 11 14 in
VSC7438
52 in
VSC7442/48/
49/68
26 in
VSC7444/64
6 in
7410/15/30/35
8 in
7440/15/36/37
8 in VSC7513
10 in
VSC7514
9 8
Voice VLAN 1 1 1 1 1 1
MAC table size
8K
8K 32K 8K 4K 32K 8K
VSC6817
Features and Platform Capacity
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 27
...........continued
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
Storm control 1, 2, 4, 8, 16,
32, 64, 128,
256, 512,
1000, 2000,
4000, 8000,
16000,
32000,
64000,
128000,
256000,
512000, or
1024000 kpps
(global setting
for Unicast,
Multicast, and
Broadcast)
25 kbps –10
Gbps [per
port for
Unicast
(known/
learned),
Broadcast,
and
Unknown
(flooded
Unicast and
Multicast)]
25 kbps –10
Gbps [per port
for Unicast
(known/learned),
Broadcast, and
Unknown
(flooded Unicast
and Multicast)]
1, 2, 4, 8, 16,
32, 64, 128,
256, 512,
1000, 2000,
4000, 8000,
16000,
32000,
64000,
128000,
256000,
512000, or
1024000 kpps
(Global
setting for
Unicast,
Multicast, and
Broadcast)
10 kbps – 13128
mbps
1, 2, 4, 8, 16,
32, 64, 128,
256 or 512
fps, 1, 2, 4,
8, 16, 32, 64,
128, 256,
512 or 1024
kfps (Global
setting for
Unicast,
Multicast and
Broadcast)
Jumbo frames
supported
Up to 10056 Up to 10240 Up to 10240 Up to 10240 10240 10240
Security
Port security
aging
10 to
10000000s
10 to
10000000s
10 to 10000000s 10 to
10000000s
10 to 10000000s 10 to
10000000s
MAC address
limit
1024 1024 1024 1024 1024 1024
Static MAC
entries
supported
64 64 64 64 64 64
RADIUS
authentication
servers
5 5 5 5 5 5
TACACS+
authentication
servers
5 5 5 5 5 5
VSC6817
Features and Platform Capacity
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 28
...........continued
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
RADIUS
accounting
servers
5 5 5 5 5 5
Telnet/SSH v2 4 4 4 4 4 4
Max ARP
inspection
1K per
system
1K per
system
1K per system 1K per
system
1K per system 1K per
system
IPSG entries Up to 256 Up to 512 Up to 512 Up to 128 Up to 512 Up to 112
Policy-based
security
filtering
512 512 512 512 512 512
Password
length
32 32 32 32 32 32
Authorization
user levels
15 15 15 15 15 15
ACE 256 512 512 64 full, 128
half, or 256
quad
512 128
Number of
logged in users
20 20 20 20 20 20
IP Routing
Max static
route entries
32 128 32 32 512 32
Max HW
routing table
entries
No HW
routing table
4000 1000 No HW
routing table
3072 No HW
routing table
Note: 
1. The maximum number of buffered logs is based on log message length and is limited to a total stored size
(10K).
VSC6817
System Requirements
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 29
3. System Requirements
The following tables lists the port system requirements supported by the IStaX software.
Table 3-1. Port System Requirements
Feature SparX-III
and
Caracal
VSC7423
VSC7428
VSC7429
SparX-IV
and
Jaguar-2
VSC7438
VSC7442
VSC7444
VSC7448
VSC7449
VSC7464
VSC7468
SparX-IV
and
Serval-T
VSC7410
VSC7415
VSC7430
VSC7435
VSC7436
VSC7437
VSC7440
Ocelot
VSC7513
VSC7514
SparX-5i
VSC7546TSN
VSC7549TSN
VSC7552TSN
VSC7556TSN
VSC7558TSN
LAN966x
LAN9668
LEDs per port 1 1 1 1 1 1
SFP+/SFP SFP auto-
detection
Both SFP/
SFP+
supported
Both SFP/
SFP+
supported
Both SFP/
SFP+
supported
Both SFP/
SFP+
supported
SFP auto-
detection
Speed capability per
10/100M and Gigabit port
Supported Supported Supported Supported Supported Supported
Duplex capability per
10/100M
Half/full Half/full Half/full Half/full Half/full Half/full
Auto MDI/MDIX Supported Supported Supported Supported Supported Supported
Port packet forwarding
rate
1488000 pps
(1000 Mbps
with 64 bytes)
148800 pps
(100 Mbps),
and 14880
pps (10
Mbps)
14880000
pps (10
Gbps)
1488000 pps
(1000 Mbps
with 64 bytes)
148800 pps
(100 Mbps)
14880 pps
(10 Mbps)
14880000
pps (10
Gbps)
1488000 pps
(1000 Mbps
with 64
bytes)
148800 pps
(100 Mbps)
14880 pps
(10 Mbps)
14880000
pps (10
Gbps)
1488000
pps (1000
Mbps with
64 bytes)
148800
pps (100
Mbps)
14880 pps
(10 Mbps)
14880000 pps
(10 Gbps)
1488000 pps
(1000 Mbps
with 64 bytes)
148800 pps
(100 Mbps)
14880 pps (10
Mbps)
3720000
pps (2.5
Gbps with
64 bytes),
1488000
pps
(1000Mbps
with 64
bytes),
148800
pps
(100Mbps
with 64
bytes),
14880 pps
(10Mbps
with 64
bytes)
RJ45 connectors Supported Supported Supported Supported Supported Supported
Fiber slots Supported Supported Supported Supported Supported Supported
The following tables lists the hardware system requirements supported by the IStaX software.
VSC6817
System Requirements
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 30
Table 3-2. Hardware System Requirements
Requirement Support
Power LED Supported by hardware
System LED Supported by hardware
Alarm LED Supported by hardware
Management LED Supported by hardware
Switch fabric capacity Supported by hardware
Forwarding architecture Supported by hardware
MAC address entries Supported by hardware
MAC address aging Supported by hardware
MAC buffer memory type and size Supported by hardware
CPU flash size Supported by hardware
CPU memory type and size Supported by hardware
System DDR SDRAM Supported by hardware
Reset button Supported by hardware
EMC/safety requirement Supported by hardware
Performance requirement Supported by hardware
VSC6817
Port and System Capabilities
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 31
4. Port and System Capabilities
The following sections describe the port and system capabilities supported by the IStaX software.
4.1 Port Capability
The ports are equipped with the following capabilities.
• All copper ports can be configured as full-duplex or half-duplex.
• Copper ports operating at 10/100 Mbps support auto-sensing and auto-negotiation.
• Full-duplex, auto-sensing, and auto-negotiation are supported on 1000 Mbps ports.
• Full-duplex flow control is supported according to the IEEE 802.3x standard.
• Half-duplex flow control is supported using collision-based backpressure.
• LEDs for all the ports are driven by the SGPIO and Shift registers.
• Different port-based configurations are supported on all available ports. For more information, see 1. Supported
Features.
4.2 System Capability
The 6- to 52-port turnkey switch platform model switches can be supported using the IStaX software with wire speed
layer 2 Gigabit/Fast Ethernet switches, with an option to additionally support the PoE capability with partner vendors.
The turnkey switch software runs on Linux. The following system-wide operations are supported.
• Store-and-forward forwarding architecture.
• Configurable MAC address aging support (300 seconds default timeout value).
• Port packet-forwarding rates of 1488095 pps (1000 Mbps), 148810 pps (100 Mbps), and 14880 pps (10 Mbps).
• 128-MB system DDR SDRAM is recommended for a typical 24- to 48-port switch.
• 16-MB flash size is recommended for a typical 24- to 48-port switch.
• NOR-only, flash-based hardware designs are supported. NOR flash size of 64 MB is supported.
VSC6817
Firmware Upgrade
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 32
5. Firmware Upgrade
The IStaX firmware, which controls the switch, can be updated using one of the following methods.
• Web, using the HTTP protocol
• CLI, using the TFTP client on the switch
The software image selection information includes the following:
• Image—the file name of the firmware image
• Version—the version of the firmware image
• Date—the date when the firmware was produced
After the software image is uploaded from the web interface, a web page announces that the firmware update is
initiated. After about a minute, the firmware is updated and the switch restarts.
While the firmware is being updated, web access appears to be defunct. The front LED flashes green/off with a
frequency of 10 Hz while the firmware update is in progress.
Note: 
Do not restart or power off the device at this time or the switch may fail to function.
VSC6817
Port Control
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 33
6. Port Control
The following sections describe the port control features supported by the IStaX software.
6.1 NPI Port
The IStaX software supports the NPI port to manage the switch core. Any front port can be configured as an NPI port
through which frames can be injected from and extracted to an external CPU.
6.2 PCIe
The PCIe interface allows a back-to-back connection with an external CPU. The external CPU has read/write access
to device registers and can burst frame-data in (injection) and out (extraction) through memory-mapped injection/
extraction registers.
6.3 Dual CPU
The IStaX software supports a dual system where both the internal and external CPU are active at the same time.
6.4 SFP Detection
The IStaX software detects SFP at run time.
6.5 VeriPHY Support
The IStaX software provides VeriPHY support to run cable diagnostics to find cable shorts/opens and to determine
cable length.
6.6 PoE Support
The IStaX software provides PoE support to comply with the IEEE 802.3af, IEEE 802.3at, and IEEE 802.3bt
standards of enabling the supply of up to 90W per port and up the the total power budget.
6.7 POE with LLDP
The IStaX software allows automatic power configuration if the link partner supports PoE. When LLDP is enabled,
the information about the power usage of the PD is available, and then the switch can comply with or ignore this
information.
6.8 Unidirectional Link Detection (UDLD)
UDLD is used to determine the physical status of the link and to detect a unidirectional link.
A UDLD packet is sent to the port it links to for each device and for each port. The packet contains identity
information of the sender (device and port) and expected receiver identity information (device and port). Each port
checks that the UDLD packets it receives contain the identifiers of its own device and port.
The UDLD implementation conforms to the RFC5171 standard.
Note: 
RFC5171 is unclear about timers as well as messaging sequences. It is assumed that probe messages are initially
exchanged every second, and once link status is detected, probe messages are exchanged depending on message
time interval (by default 7 seconds).
VSC6817
Port Control
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 34
Time Interval Type Length Value (TLV), Message Interval TLV, and Sequence Interval TLV are not fully supported due
to insufficient information in this RFC.
Detection starts once the UDLD enabled port gets new device ID and port ID pair. If a port is detected as
unidirectional or loopback link, the port is shut down if mode is Aggressive. In Normal mode, the port will not be
shut down.
Port is reopened once UDLD is disabled/enabled on that port.
6.8.1 Port Statistics
The IStaX software supports the detailed port related statistics and system information related configuration. It is
possible to view the detailed QoS related statistics using IStaX software.
VSC6817
Quality of Service (QoS)
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 35
7. Quality of Service (QoS)
The following sections describe the rich QoS features supported by the IStaX software.
7.1 Port Policers
The QoS ingress port policers are configurable per port and are disabled by default. The software allows disable/
enable flow control on the port policer. Flow control is disabled by default. If flow control is enabled and the port is in
flow control mode, then pause frames are sent instead of discarding frames.
7.2 Scheduling and Shaping
Each egress port implements a scheduler that controls eight queues, one queue (priority) per QoS class. The
scheduler mode can be set to strict priority or weighted (modified-DWRR). Strict priority is selected by default. It is
possible to specify the weight for each of the queues (0–5).
Each egress port also implements a port shaper and a shaper per queue. The software allows disabling/enabling the
port and queue shaper as part of egress shaping. The port shaper and queue shaper are disabled by default.
It is possible to specify the maximum bit rate in kbps or mbps. The use of excess bandwidth for a queue is
configurable and is disabled by default.
The software also has the QoS leaky bucket egress shapers support per queue (0–7) as well as per port.
7.3 QCL Configuration
QoS classification based on basic classification can be overruled by an intelligent classifier called QoS Control List
(QCL).
The QCL consists of QCE entries where each entry is configured with keys and actions. The keys specify which part
of the frames must be matched and the actions specify the applied classification parameters.
When a frame is received on a port, the list of QCEs is searched for a match. If the frame matches the configured
keys, the actions are applied and the search is terminated.
The QCL configuration is a table of QCEs containing QoS control entries that classify to a specific QoS class on
specific traffic objects. A QoS class can be associated with a particular QCE ID.
7.4 Weighted Random Early Detection (WRED)
While the random early detection (RED) settings are configurable for queues 0–5, WRED is configurable to either
disable/enable, and is disabled by default.
The minimum and maximum percentage of the queue fill level or drop probability can be configured before WRED
starts discarding frames.
By specifying a different RED configuration for the queues (QoS classes), it is possible to obtain the WRED operation
between queues.
7.5 Tag Remarking
Tag remarking determines how an egress frame is edited before transmission. This includes the remarking of PCP
and DEI values in tagged frames.
When adding a VLAN tag, the software allows specifying a mode where the PCP and DEI values are taken from
Classified, Mapped, or Default. Classified is the default.
The QoS class DEI, DP Level to PCP, can also be mapped for QoS egress tag remarking per port when the
classification is set to Mapped.
VSC6817
Quality of Service (QoS)
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 36
7.6 Ingress Port Classification
Classification is the first step for implementing QoS. There is a one-to-one mapping between QoS class, queue, and
priority. The QoS class is represented by numbers; higher numbers correspond to higher priority.
The features supported are as follows:
• Port default priority (QoS class)
• Port default priority (DP level)
• Port default PCP
• Port default DEI
• DSCP mapping to QoS class and DP level
• DSCP classification (DiffServ)
• Advanced QoS classification
7.7 Queue Policers
The queue policers are configurable per queue and are disabled by default.
7.8 DiffServ (RFC2474) Remarking
The IStaX software allows disabling/enabling port DSCP remarking, which is disabled by default. Port DSCP
remarking is possible for both IPv4 and IPv6.
In addition to the ingress DSCP remarking done by the analyzer, the rewriter supports egress DSCP remarking of IP
(IPv4 and IPv6) frames where the actual change is made to the DSCP field in frame.
The remarking can be configured as enable/disable per egress port. It is also possible to enable/disable DSCP
remapping on the egress port and to use the translated DSCP value for DSCP remarking.
DSCP remapping is disabled by default. If DSCP remarking is enabled, the new DSCP value in a transmitted frame
is either from the analyzer (basic classification or advanced classification based on TCAM), or from the DSCP
remapped on egress. The following configuration options are available if DSCP remapping is enabled.
• Get the DSCP value from the analyzer (ingress classification) and always remap based on global remap table.
This is done independently of the value of the drop precedence level.
• Get DSCP value from the analyzer and remap based on drop precedence level and remap table.
DSCP remarking is not possible for frames where Precision Time Protocol (PTP) time stamps are also generated. It
is automatically disabled in such cases. It is possible to configure per DSCP (0–63) value for each QoS class and set
the DPL. The per DSCP value parameters are configurable for DSCP translation. The software allows mapping QoS
class and DPL to DSCP value on the IStaX software.
7.9 Global Storm Control
Global Storm Control on the IStaX software is done per system globally on SparX-III and SparX-IV- based switches.
Global storm rate control configuration for unicast frames, broadcast frames, and multicast frames is supported and
can be configured in pps on SparX-III switches.
Storm control is disabled by default.
VSC6817
L2 Switching
© 2020 Microchip T
echnology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 37
8. L2 Switching
The following sections describe the L2 switching features supported by the IStaX software.
8.1 Auto MAC Address Learning/Aging
Learning is done automatically as soon as a frame with unknown SMAC is received. Dynamic entries are removed
from the MAC table after a configured aging time (in seconds), if frames with learned MAC address are not received
within aging period.
8.2 MAC Addresses–Static
Statically added MAC entries are not subjected to aging.
8.3 Virtual LAN
The IStaX software supports the IEEE 802.1Q standard virtual LAN (VLAN). The default configuration is as follows.
• All ports are VLAN aware.
• All ports are members of VLAN 1.
• The switch management interface is on VLAN 1.
• All ports have a Port VLAN ID (PVID) of 1.
• A port can be configured to one of the following three modes.
– Access
– Trunk
– Hybrid
• By default, all ports are in Access mode and are normally used to connect to end stations. Access ports have
the following characteristics.
– Member of exactly one VLAN, the Port VLAN (Access VLAN), which by default is 1.
– Accepts untagged and C-tagged frames.
– Discards all frames that are not classified to the Access VLAN.
– On egress all frames classified to the Access VLAN are transmitted untagged. Others (dynamically added
VLANs) are transmitted tagged.
• The PVID is set to 1 by default.
• Ingress filtering is always enabled.
Trunk ports can carry traffic on multiple VLANs simultaneously, and are normally used to connect to other switches.
Trunk ports have the following characteristics.
• By default, a trunk port is a member of all VLANs (1–4095). This may be limited by the use of allowed VLANs.
• If frames at ingress are classified to a VLAN that the port is not a member of, they are discarded.
• By default, all frames excepts frames classified to the Port VLAN (also known as Native VLAN) get tagged on
egress. Frames classified to the Port VLAN do not get C-tagged on egress.
• Egress tagging can be changed to tag all frames, in which case only tagged frames are accepted on ingress.
Hybrid ports resemble trunk ports in many ways, but provide the following additional port configuration features.
• Can be configured to be VLAN tag unaware, C-tag aware, S-tag aware, or S-custom-tag aware.
• Ingress filtering can be controlled.
• Ingress acceptance of frames and configuration of egress tagging can be configured independently.
VSC6817
L2 Switching
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 38
8.4 Voice VLAN
Voice VLAN is configured specially for voice traffic. Adding the ports with voice devices attached to VLAN to perform
QoS-related configuration for voice data ensures the transmission priority of voice traffic and voice quality. Individual
options allow the port to participate in a Voice VLAN using the port security feature. A configurable port discovery
protocol will also be available to detect voice devices attached to port using the Port Discovery Protocol. This
discovery can be done either based on an Organizationally Unique Identifier (OUI) or Link Layer Discovery Protocol
(LLDP) or both.
8.4.1 Private VLAN, Port Isolation
In a private VLAN, communication between isolated ports in that private VLAN is not permitted.
Private VLANs are based on the source port mask, and there are no connections to VLANs. This means that VLAN
IDs and private VLAN IDs can be identical.
8.4.2 MAC-Based, Protocol-Based, and IP Subnet-Based VLAN
A MAC-based VLAN enables mapping a specific MAC address to a specific VLAN.
A protocol-based VLAN enables mapping to a VLAN whose frame type may be one of the following.
• Ethernet—valid values for etype ranges from 0x0600-0xffff.
• SNAP—valid value in this case also is comprised of two sub-values.
• Organizationally unique Identifier (OUI).
• Protocol ID (PID)—if the OUI is hexadecimal 000000, the PID is the Ethernet type (EtherType) field value for the
protocol running on top of SNAP. If the OUI is an OUI for a particular organization, the PID is a value assigned
by that organization to the protocol running on top of SNAP.
• LLC—valid value in this case is comprised of two sub-values:
– DSAP—1-byte long string (0x00-0xff)
– SSAP—1-byte long string (0x00-0xff)
The precedence of these VLANs is that the MAC-based VLAN is preferred over the protocol-based VLAN, and
protocol-based VLAN is preferred over port-based VLAN.
8.5 Industrial Private VLANs
This feature is widely known as private VLANs (PVLAN). VLANs limit broadcasts to specified users. PVLANs splits
the broadcast domain into multiple isolated broadcast sub-domains and puts secondary VLANs inside a primary
VLAN.
PVLANs restrict traffic flows through their member switch ports (private ports) so that these ports communicate only
with a specified uplink trunk port or with specified ports within the same VLAN. The uplink trunk port is usually
connected to a router, firewall, server, or provider network. Each PVLAN typically contains many private ports that
communicate only with a single uplink, thereby preventing the ports from communicating with each other.
The following terms are used to describe the Private VLAN feature.
• PVLAN domain a VLAN domain partitioned into a number of sub-domains. Inside the domain, a number of—
primary and secondary VLANs are used. Only the primary VLANs are known outside the PVLAN domain.
• Primary VLAN a VLAN used inside and outside a PVLAN domain. A primary VLAN carries traffic from—
promiscuous ports to isolated ports, and from community ports to other promiscuous ports.
• Secondary VLAN—a VLAN used inside a PVLAN domain only.
• Isolated VLAN—a secondary VLAN that carries traffic from isolated ports to promiscuous ports.
• Community VLAN—a secondary VLAN that carries traffic from community ports to promiscuous ports and other
community ports.
• Isolated port—a port that receives untagged frames and classifies these to an isolated VLAN.
• Community port—a port that receives untagged frames and classifies these to a community VLAN.
• Promiscuous port—a port that receives frames in the primary VLAN.
VSC6817
L2 Switching
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 39
• Standard trunk port—a port that carries primary and secondary VLANs using tags.
• Promiscuous PVLAN trunk port—a port that receives frames tagged with the primary VLAN ID. The port sends
frames from secondary VLANs, but translates these to the primary VLAN ID and pushes this into the tag.
• Isolated PVLAN trunk port—a port, which receives frames tagged with the isolated VLAN ID. The port sends
frames from the isolated VLAN. The port also sends frames from the primary VLAN, but translates this into the
isolated VLAN ID and pushes it into the tag.
8.6 Generic VLAN Registration Protocol (GVRP)
The GVRP is a registration for VLANs. Though this has been superseded by MVRP as described in IEEE
802.1Q-2011, it is still of interest due to legacy systems that can interoperate.
GVRP is a method of dynamically telling a bridge port that there are devices for a particular VLAN on that port. A
host can announce (register) that it wants to be part of a particular VLAN. It can de-register when it does not want to
be part of a certain VLAN anymore. It then becomes the responsibility of GVRP to propagate this information in the
network, so that a given VLAN gets proper connectivity.
8.7 Multiple Registration Protocol (MRP)
The MRP, that replaced Generic Attribute Registration Protocol (GARP), is a generic registration framework defined
by the IEEE 802.1ak amendment to the IEEE 802.1Q standard. MRP allows bridges, switches or other similar
devices to be able to register and unregister attribute values, such as VLAN identifiers and multi-cast group
membership across a large LAN.
8.8 Multiple VLAN Registration Protocol (MVRP)
MVRP is a protocol that facilitates control of Virtual Local Area Networks (VLANs) within a larger network. MVRP
conforms to the IEEE 802.1Q 2014 specification and allows network devices to dynamically exchange VLAN
configuration information with other devices. MVRP is based on MRP. MVRP can be designated as an MRP
Application.
8.9 IEEE 802.3ad Link Aggregation
A link aggregation is a collection of one or more Full Duplex (FDX) Ethernet links. These links when combined
together form a Link Aggregation Group (LAG), such that the networking device can treat it as if it were a single link.
The traffic distribution is based on a hash calculation of fields in the frame:
• Source MAC address—can be used to calculate the destination port for the frame. By default, the source MAC
address is enabled.
• Destination MAC address—can be used to calculate the destination port for the frame. By default, the
destination MAC address is disabled.
• IP address—can be used to calculate the destination port for the frame. By default, the IP address is enabled.
• TCP/UDP port number—can be used to calculate the destination port for the frame. By default, the TCP/UDP
port number is enabled.
An aggregation can be configured statically or dynamically through the Link Aggregation Control Protocol (LACP).
8.9.1 Static
Static aggregations can be configured through the CLI or the web interface. A static LAG interface does not require
a partner system to be able to aggregate its member ports. In Static mode, the member ports do not transmit
LACPDUs.
8.9.2 Link Aggregation Control Protocol (LACP)
The LACP exchanges LACPDUs with an LACP partner and forms an aggregation automatically. The LACP can be
enabled or disabled on the switch port. The LACP will form an aggregation when two or more ports are connected to
the same partner.
VSC6817
L2 Switching
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 40
The key value can be configured to a user-defined value or set to auto to calculate based on the link speed in
accordance with IEEE 802.3ad standard.
The role for the LACP port configuration can be selected as either Active to transmit LACP packets each second, or
Passive to wait for an LACP packet from a partner.
8.10 Bridge Protocol Data Unit (BPDU) Guard,Restricted Role, and Error Disable
Recovery
This is provided as part of the Spanning Tree Protocol (STP) configuration settings. The BPDU guard is a control that
specifies whether a port explicitly configured as edge will disable itself upon reception of a BPDU. The port will enter
the error-disabled state, and will be removed from active topology.
The Common and Internal Spanning Tree (CIST) port setting for the BPDU guard is not subject to edge status
dependency. For restricted role, CIST port setting may also be seen as a security measure.
8.11 IGMP Snooping and MLD Snooping
IGMP snooping or MLD snooping mode can be configured system-wide including unregistered IPMC flooding,
Source-Specific Multicast (SSM) range, proxy, and leave proxy. Per VLAN configuration is also supported for
configuring IGMP snooping or MLD snooping. The maximum IGMP interfaces refer to the maximum IP interfaces.
8.11.1 Filtering (IGMP Snooping and MLD Snooping)
The IGMP snooping or MLD snooping filtering groups for a specific IPv4 or IPv6 multicast address can be created
and viewed per port.
8.11.2 Multicast VLAN Registration (MVR)
System-wide configuration parameters are available for configuring MVR. Up to four MVR VLANs can be created,
each of which manages the channel by using an IPMC profile.
The immediate leave configuration is configurable and viewable per port.
8.12 DHCP Snooping
DHCP snooping is used to block intruders on the untrusted ports of the switch device when it tries to intervene by
injecting a bogus DHCP (for IPv4) reply packet to a legitimate conversation between the DHCP (IPv4) client and
server.
DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure. When
DHCP servers allocate IP addresses to clients on the LAN, DHCP snooping can be configured on LAN switches to
harden the security on the LAN to allow only clients with specific IP/MAC addresses to have access to the network.
DHCP snooping ensures IP integrity on a layer 2 switched domain by allowing only a white-list of IP addresses
to access the network. The white-list is configured at the switch port level, and the DHCP server manages access
control.
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network.
DHCP snooping also stops attackers from adding their own DHCP servers to the network. An attacker- controlled
DHCP server could cause malfunction of the network or even control it. The port role can be set as Trusted or
Untrusted in order to protect it.
8.13 MAC Table Configuration
MAC learning configuration can be configured per port.
• Auto—learning is done automatically as soon as a frame with unknown Static MAC (SMAC) is received.
• Disable—no learning is done.
VSC6817
L2 Switching
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 41
• Secure—only SMAC entries are learned, all other frames are dropped.
The static entries can be configured in the MAC table for forwarding. The user can enable/disable MAC learning per
VLAN. VLAN learning is enabled by default.
MAC aging is configurable to age out the learned entries. MAC learning cannot be administered on each individual
aggregation group.
8.14 Mirroring (SPAN/VSPAN and RSPAN)
The IStaX software allows selected traffic to be copied, or mirrored, to a mirror port where a frame analyzer can be
attached to analyze the frame flow. By default, mirror monitors all traffic, including multicast and bridge PDUs.
The software will support many-to-1 port mirroring. The destination port is located on the local switch in the case of
Mirror. The switch can support VLAN-based mirroring.
Note: 
The mirroring session will have either ports or VLANs as sources, but not both.
8.15 RMirror
The RMirror is an extension to mirror that allows for mirroring traffic from one switch to a port on another switch.
The RMirror is more flexible than Mirror. When a host wants to send traffic to a remote Host connected to a different
switch, the first switch will copy the traffic to a dedicated RMirror VLAN, which will cause the traffic to be flooded
to ports that are members of that VLAN. The administrator can use a sniffer to analyze network traffic on remote
switches.
The RMirror does not support BPDU monitoring, but rather supports IGMP packet monitoring when IGMP snooping is
disabled on the RMirror VLAN.
All hardware error packets are discarded at the source port, so they are not copied to the destination port.
8.16 Flow Mirroring for AC
Management can set and get ACE mirror function. When the function is enabled, the frame is mirrored if the ACE is
hit. The default value is .disabled
8.17 Spanning Tree
IStaX software supports 802.1s MSTP. The desired version is configurable and the MSTP is selected by default.
IEEE 802.1s supports 16 instances.
The STP MSTI and CIST port configurations are allowed per physical port or aggregated port, as also STP MSTI
bridge instance mapping and priority configurations.
Port error recovery is supported to control whether a port in the error-disabled state automatically will be enabled
after a certain time.
8.18 Loop Guard
Loops inside a network are very costly because they consume resources and lower network performance. Detecting
loops manually can become cumbersome and tasking. Loop protection can be enabled or disabled on a port, or
system-wide.
If loop protection is enabled, it sends packets to a reserved layer 2 multicast destination address on all the ports
on which the feature is enabled. Transmission of the packet can be disabled on selected ports, even when loop
protection is on. If a packet is received by the switch with matching multicast destination address, the source MAC
in the packet is compared with its own MAC. If the MAC does not match, the packet is forwarded to all ports that
are member of the same VLAN, except to the port from which it came in, treating it similar to a data packet. If the
VSC6817
L2 Switching
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 42
feature is enabled and source MAC matches its own MAC, the port on which the packet is received will be shut down,
logged, or both actions taken depending upon the action configured.
If the feature is disabled, the packet will be dropped silently. The following matching criteria are used.
• DA= determined on customer requirement, AND
• SA= first 5 bytes of switch SA, AND
• Ether Type= 9003, AND
Loop protection is disabled by default, with an option to either enable globally on all the ports or individually on
each port of the switch including the trunks (static only). Loop protection will co-exist with the (M)STP protocol being
enabled on the same physical ports. Loop protection will not affect the ports that (M)STP has put in non-forwarding
state.
VSC6817
L3 Switching
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 43
9. L3 Switching
The following sections describe the rich L3 switching features supported by the IStaX software.
9.1 DHCP Relay
The following table lists the parameters available for configuring the DHCP relay.
Table 9-1. DHCP Relay Configuration Parameters
Parameter Allowed Range Default
Relay mode Enabled/disabled Disabled
Relay server address IP address None
Relay information mode Enabled/disabled Disabled
Relay information policy Replace
Keep
Drop
Keep
The relay information mode enables or disables the DHCP option 82 operation. When DHCP relay information mode
operation is enabled, the agent inserts specific information (option 82) into a DHCP message when forwarding to
DHCP server and removes it from a DHCP message when transferring to DHCP client. The first four characters
represent the VLAN ID, the fifth and sixth characters are the module ID (in standalone device it always equals 0, in
stackable device it means switch ID), and the last two characters are the port number.
9.2 Universal Plug and Play (UPnP)
The addressing, discovery, and description parts of UPnP-client protocol are implemented in the device. It is used
to help the network administrator in managing the network. The purpose of UPnP in the device is similar to LLDP.
However, UPnP is a layer 4 protocol that allows UPnP-clients to be located on a different subnet with UPnP-control
points.
In the implementation, the switch sends SSDP messages periodically at the interval one-half of the advertising
duration minus 30 seconds.
When the UPnP mode is enabled, two ACEs are added automatically to trap UPnP related packets to CPU. The
ACEs are automatically removed when the mode is disabled.
9.3 L3 Routing
L3 routing is to select path and forward traffic to the nexthop based on the routing table. L3 routing includes hardware
routing and software routing. Software routing is supported by the IStaX software and hardware routing is supported
by the VCAP LPM table. If the switch has no LPM table then it only uses software routing.
Only manually configured routing entries are supported, that is, static routes.
VSC6817
Security
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 44
10. Security
The following sections describe the security features supported by the IStaX software.
10.1 802.1X and MAC-Based Authentication
The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a
network by requiring users to first submit credentials for authentication. One or more central servers, the backend
servers, determine whether the user is allowed access the network.
Unlike port-based 802.1X, MAC-based authentication is not a standard, but merely a best-practices method adopted
by the industry. In a MAC-based authentication, users are called clients, and the switch acts as a supplicant on behalf
of clients. The initial frame (any kind of frame) sent by a client is snooped by the switch, which in turn uses the
client's MAC address as both username and password in the subsequent Extensible Authentication Protocol (EAP)
exchange with the Remote Authentication Dial In User Service (RADIUS) server.
The 6-byte MAC address is converted to a string in the following form: xx-xx-xx-xx-xx-xx. That is, a dash (-)
is used as separator between the lower-case hexadecimal digits. The switch only supports the MD5- Challenge
authentication method, so the RADIUS server must be configured accordingly. When authentication is complete,
the RADIUS server sends a success or failure indication, which in turn causes the switch to open up or block
traffic for that particular client, using the port security module. The frames from the client are then forwarded to
the switch. There are no EAP over LAN (EAPOL) frames involved in this authentication, and therefore, MAC-based
authentication has nothing to do with the 802.1X standard.
The advantage of MAC-based authentication over 802.1 X-based authentication is that the clients do not need
special supplicant software to authenticate. The disadvantage is that MAC addresses can be spoofed by equipment
whose MAC address is a valid RADIUS user that can be used by anyone. The maximum number of clients that can
be attached to a port can be limited using the Port Security Limit Control functionality.
In a port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is
opened for network traffic. This allows other clients connected to the port (for instance through a hub) to piggyback
on the successfully authenticated client and get network access even though they really are not authenticated. To
overcome this security breach, use the Single 802.1X variant.
Single 802.1X is not an IEEE standard, but features many of the same characteristics as port-based 802.1X. In
Single 802.1X, a maximum of one supplicant can get authenticated on the port at a time. Normal EAPOL frames are
used in the communication between the supplicant and the switch. If more than one supplicant is connected to a port,
the one that comes first when the port's link comes up will be the first one considered. If that supplicant does not
provide valid credentials within a certain amount of time, another supplicant will get a chance. Once a supplicant is
successfully authenticated, only that supplicant will be allowed access. This is the most secure of all the supported
modes. In this mode, the Port Security module is used to secure a supplicant's MAC address once successfully
authenticated.
Multi 802.1X, like Single 802.1X, is not an IEEE standard, but a variant that features many of the same
characteristics. In Multi 802.1X, one or more supplicants can get authenticated on the same port at the same
time. Each supplicant is authenticated individually and secured in the MAC table using the port security module. In
Multi 802.1X, it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL
frames sent from the switch toward the supplicant because that causes all supplicants attached to the port to reply to
requests sent from the switch. Instead, the switch uses the supplicant's MAC address, which is obtained from the first
EAPOL Start or EAPOL Response Identity frame sent by the supplicant. An exception to this is when no supplicants
are attached. In this case, the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address
as destination to wake up any supplicants that might be on the port.
The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit
Control functionality.
When RADIUS-assigned QoS/VLANs are enabled globally and on a given port, the switch reacts to the QoS Class/
VLAN information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant
is successfully authenticated. If QoS information is present and valid, traffic received on the supplicant's port will be
classified to the given QoS class in the case of RADIUS- assigned QoS. Conversely, if VLAN ID is present and valid,
the port's Port VLAN ID will be changed to this VLAN ID, the port will be set to be a member of that VLAN ID, and
VSC6817
Security
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 45
the port will be forced into VLAN Unaware mode. Once assigned, all traffic arriving on the port will be classified and
switched on the RADIUS-assigned VLAN ID.
RADIUS-assigned VLANs based on a VLAN name are also supported.
If (re-)authentication fails, or the RADIUS Access-Accept packet no longer carries a QoS class/VLAN ID, or it's
invalid, or the supplicant is otherwise no longer present on the port, the port's QoS class in the case of RADIUS-
assigned QoS, and VLAN in the case of RADIUS-assigned VLAN, are immediately reverted to the original values
(which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned).
This RADIUS-assigned QoS or VLAN option is only available for single-client modes.
• Port-based 802.1X
• Single 802.1X
10.2 Authentication, Authorization, and Accounting (AAA)
The AAA allows the common server configuration including the Timeout, Retransmit, Secret Key, NAS IP Address,
NAS IPv6 Address, NAS Identifier, and Dead Time parameters. The IStaX software supports the configuration of the
RADIUS and TACACS+ servers.
The RADIUS servers use the UDP protocol, which is unreliable by design. In order to cope with lost frames, the
timeout interval is divided into three sub-intervals of equal length. If a reply is not received within the sub-interval, the
request is transmitted again. This algorithm causes the RADIUS server to be queried up to three times before it is
considered dead.
The dead time, which can be set to a number between 0–3600 seconds, is the period during which the switch does
not send new requests to a server that has failed to respond to a previous request. This stops the switch from
continually trying to contact a server that it has already determined as dead. Setting the dead time to a value greater
than zero enables this feature, but only if more than one server has been configured.
Authorization is for authorizing users to access the management interfaces of the switch.
The RADIUS authentication servers are used both by the NAS module and to authorize access to the switch's
management interface. The RADIUS accounting servers are only used by the NAS module.
TACACS+ is an access control network protocol for routers, network access servers, and other networked computing
devices. TACACS+ authentication, authorization, and accounting are supported by IStaX software. The CLI interface
is only supported in the initial version for the configuration of TACACS+ authorization, and accounting mechanisms.
10.3 Secure Access
The following table lists the options available for Secure Access.
Table 10-1. Secure Access Options
Method Description
SSH Enable or disable option provided, supports v2 only
SSL/HTTPs Enable or disable
HTTPs auto redirect A redirect web browser to HTTPS option available when HTTPS mode is enabled.
10.4 Users and Privilege Levels
Multiple users can be created on the switch identified by the username and privilege level.
The privilege level of the user allowed range is 1 to 15. A privilege level value of 15 enables access to all groups and
grants full control of the device. User privilege should be the same or greater than the privilege level for the group. By
default, privilege level 5 provides read-only access and privilege level 10 provides read-write access for most groups.
Privilege level 15 is needed for system maintenance tasks such as software upload and factory default restore.
VSC6817
Security
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 46
Generally, privilege level 15 is used for an administrator account, privilege level 10 for a standard user account, and
privilege level 5 for a guest account.
The name identifying the privilege group is called the Group name. In most cases, a privilege level group consists of
a single module (for example, LACP, RSTP, or QoS), but a few of them contains more than one.
Each group has an authorization privilege level configurable between 1 to 15 for the following sub- groups.
• Configuration read-only
• Configuration/execute read-write
• Status/statistics read-only
• Status/statistics read-write (for example, statistics clearing)
Group privilege levels are used only in the web interface. The CLI privilege level works on each individual command.
User privilege should be same or greater than the privilege level for the group.
10.5 Authentication and Authorization Methods
The following authentication and authorization methods are available.
10.5.1 Authentication Method
This method allows configuration of how users are authenticated when they log into the switch from one of the
management client interfaces. The following configuration is allowed on all the four management client types.
• Console
• Telnet
• SSH
• Web
Methods that involve remote servers are timed out if the remote servers are offline. In this case, the next method is
tried. Each method is tried from left to right (when entered in the CLI) and continues until a method either approves
or rejects a user. If a remote server is used for primary authentication, it is recommended to configure secondary
authentication as local. This will enable the management client to log in using the local user database if none of the
configured authentication servers are alive.
10.5.2 Command Authorization Method Configuration
This configuration allows the administrator to limit the CLI commands available to the user from the different
management clients, Console, Telnet, and SSH. It is possible to set the privilege level and authorize configuration
commands. An authorization method can be configured either to TACACS+ or disable.
10.5.3 Accounting Method Configuration
This configuration allows the administrator to configure command and Exec (login) accounting of the user from the
different management clients, Console, Telnet, and SSH. It is possible to set the privilege level and enable exec
(login) accounting. The accounting method can be configured either to TACACS+ or disable.
10.6 Access Control List (ACLs)
The ACL consists of a table of ACEs containing access control entries that specify individual users or groups
permitted access to specific traffic objects such as a process or a program. The ACE parameters vary according to
the frame type selected.
Each accessible traffic object contains an identifier to its ACL. The privileges determine whether there are specific
traffic object access rights.
ACL implementations can be quite complex, for example, when the ACEs are prioritized for the various situations. In
networking, ACL refers to a list of service ports or network services that are available on a host or server, each with a
list of hosts or servers permitted to use the service. ACLs can generally be configured to control inbound traffic, and
in this context, they are similar to firewalls.
There are three rich configurable sections associated with the manual ACL configuration.
VSC6817
Security
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 47
The ACL configuration shows the ACEs in a prioritized way, highest (top) to lowest (bottom). An ingress frame will
only get a hit on one ACE even though there are more matching ACEs. The first matching ACE will take action
(permit/deny) on that frame and a counter associated with that ACE is incremented. An ACE can be associated with
any combination of ingress port(s) and policy (value/mask pair). If an ACE policy is created then that policy can be
associated with a group of ports as part of the ACL port configuration. There are a number of parameters that can be
configured with an ACE.
The ACL ports configuration is used to assign a policy ID to an ingress port. This is useful to group ports to obey the
same traffic rules. Traffic policy is created under the ACL configuration. The following traffic properties can be set for
each ingress port.
• Action
• Rate limiter
• Port redirect
• Mirror
• Logging
• Shutdown
The management interface allows the port action that is used to determine whether forwarding is permitted (Permit)
or denied (Deny) on the port. The default action is Permit.
The ACE will only apply if the frame gets past the ACE matching without getting matched. In that case a counter
associated with that port is incremented. There can be 16 different ACL rate limiters. A rate limiter ID may be
assigned to the ACE(s) or ingress port(s).
An ACE consists of several parameters. These parameters vary according to the frame type selected. The ingress
port needs to be selected for the ACE, and then the frame type. Different parameter options are displayed depending
on the frame type selected. The supported frame types include the following:
• Any
• Configurable Ethernet type
• ARP
• IPv4
• IPv6
MAC-based filtering and IP protocol-based filtering can be achieved with configurations based on the selection of
appropriate frame types.
10.7 ARP Inspection/IP and IPv6 Source Guard
ARP Inspection is a security feature. Several types of attacks can be launched against a host or devices connected
to layer 2 networks by poisoning the ARP caches. This feature is used to block such attacks. Only valid ARP
requests and responses can go through the switch device.
IP source guard is a security feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic
based on the DHCP snooping table or manually configured IP source bindings. It helps prevent IP spoofing attacks
when a host tries to spoof and use the IP address of another host.
It is possible to translate all dynamic entries to static entries for both ARP inspection and dynamic ARP inspection.
It is also possible to add a new entry to the static ARP inspection table and/or IP source guard by specifying the Port,
VLAN ID, MAC address, and IP address for the new entry.
IPv6 source guard is a security feature that restricts IPv6 traffic on all ports by filtering traffic based on the binding
database of the DHCPv6 shield protection or on manually configured IPv6 source bindings. IPv6 source guard can
prevent traffic attacks caused when a host tries to use a bogus IPv6 address. An entry in the binding table has
an IPv6 address, binding port number, its associated MAC address, and its associated VLAN number. When IPv6
source guard is enabled, IPv6 traffic is filtered based on the source IPv6 address, port number, VLAN number, and
MAC address. The switch forwards traffic only when the source IPv6 address, VLAN, port number, and MAC address
match an entry in the IPv6 source binding table. All other packets are dropped as they do not match any entries in the
binding table.
VSC6817
Security
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 48
10.7.1 Guest VLAN
A guest VLAN is a special VLAN, typically with limited network access, on which 802.1X-unaware clients are placed
after a network administrator-defined timeout.
When a guest VLAN is enabled globally and on a given port, the switch considers moving the port into the guest
VLAN.
This option is only available for Extensible Authentication Protocol (EAP) over LAN (EAPOL)-based modes such as
Port-based 802.1X, Single 802.1X, and Multi 802.1X.
VSC6817
Robustness and Power Savings
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 49
11. Robustness and Power Savings
The following sections describe the robustness and power saving (Green Ethernet) features supported by the IStaX
software.
11.1 Robustness
The following section introduces a robustness feature.
11.1.1 Cold and CoolStart
The software defines and supports the following restart types:
• Cold—power cycle induced reset of the switch.
• Cool—software initiated reset of the switch (with traffic disruption).
11.2 Power Savings
The following sections introduce the power savings features.
11.2.1 ActiPHY
ActiPHY works by lowering the power for a port when there is no link. The port is power up for short moment in order
to determine if cable is inserted.
11.2.2 PerfectReach
PerfectReach determines the cable length and lowers the power consumption at ports with short cables.
11.2.3 Thermal Protection
This feature helps in powering down ports if temperature becomes high.
11.2.4 Energy-Efficient Ethernet (EEE) Support
The EEE is a power saving option that reduces the power usage when there is low traffic utilization (or no traffic).
EEE support allows the user to inspect and configure the current EEE port settings.
EEE works by powering down circuits when there is no traffic. When a port gets data to be transmitted all circuits are
powered up. The time it takes to power up the circuits is named wakeup time. The default wakeup time is 17 ms for 1
Gbit links and 30 ms for other link speeds. EEE devices must agree upon the value of the wakeup time to make sure
that both the receiving and transmitting devices have all circuits powered up when traffic is transmitted. The devices
can exchange information about device wakeup times using the LLDP protocol.
EEE works for ports in auto-negotiation mode, where the port is negotiated to either 1G or 100 megabits full duplex
mode.
11.2.5 LED Power Reduction Support
The IStaX software supports the LED power reduction feature.
The LED power consumption can be reduced by lowering the intensity of LEDs. LEDs can be dimmed or turned off.
LED intensity can be set for 24 one-hour periods in a day and can be configured from 0% to 100% in 10% increments
for each period.
A network administrator may want to have full LED intensity during the maintenance period. Therefore, it is possible
to specify that the LEDs will use full intensity for a specific period of time.
Maintenance time is the number of seconds (10 to 65535, 10 being default) the LEDs will have full intensity after
either a port has changed link state or the LED button has been pressed.
11.2.6 Adaptive Fan Control
The IStaX software supports the following fan controls.
VSC6817
Robustness and Power Savings
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 50
• Maximum temperature—temperature at which the fan runs at full speed.
• Turn on temperature—temperature at which the fan runs at the lowest possible speed.
VSC6817
OAM and Test
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 51
12. OAM and Test
The following sections describe the OAM and Test features supported by the IStaX software.
12.1 OAM
The advantage of Ethernet in Metropolitan-Area Network (MAN) and Wide-Area Network (WAN) topologies has
emphasized the necessity for integrated management of large deployments. To address the end-to-end Operations,
Administration, and Maintenance (OAM) capabilities for Ethernet networks, various standard bodies proposed
various OAM capabilities for Ethernet OAM. These OAM capabilities allow the administrator to install, monitor, and
troubleshoot the Ethernet MAN and WANs.
The IStaX software supports the OAM functionality in both point-to-point link monitoring as described in IEEE
802.3ah and also Flow OAM. Flow OAM implements requirements from IEEE 802.1ag as well as the IEEE standards,
ITU-T.1731, and ITU-T.G.8021.
All time stamping for both IEEE 1588 and OAM is accurate to a few 10 s of ns.
12.1.1 Link OAM (802.3ah)
Point-to-point link level OAM to monitor the link operations as specified in IEEE 802.3ah is implemented to support
both active and passive modes.
Mechanisms to support the following are also implemented.
• OAM capability discovery
• Link monitoring to link event notifications with diagnostic information
• Software-based remote failure indication to indicate to a peer that receive path of the local DTE is non-
operational.
• Remote loopback control for a data link layer frame-level loopback mode.
Administrator enables or disables the OAM functionality depending upon the topology requirements. The following
port-based configurations are supported.
• Mode selection (active/passive).
• OAM client configuration for Capability Discovery Protocol (CDP) and related timers.
• Enable/Disable link monitoring capability. Once the link monitor capability is enabled, OAM entity sends out a
PDU with the link monitoring capability flag set.
• Enable/Disable the link monitoring operation. Link monitoring notifications are sent out to the peer OAM entity
only when the state of discovery protocol is send-any as defined by the IEEE 802.3ah.
• Enable/Disable the remote loopback control capability. Once the remote loopback control capability is enabled,
OAM entity sends out a PDU with the remote loopback capability flag.
• Enable/Disable remote loopback operation. The passive OAM entity obeys the remote loopback request from
the peer OAM entity only when the state of discovery protocol is send-any as defined by the IEEE 802.3ah.
IEEE 802.3ah does not specify the configuration support for most of these features; they are provided as
administrator capabilities.
By default, link OAM capability is enabled.
Link event configuration can be made on a per-port basis for different events.
12.1.2 Dying Gasp
The IStaX software supports Link OAM dying gasp PDU and dying gasp SNMP trap. The dying gasp message will be
sent out from the device.
The SNMP trap is sent only on power failure or removal of power supply cable.
Dying gasp occurs in case of reload, removal of power supply cable, or power failure. In case of any situation coming
true, the switch will immediately send out a dying gasp trap to an SNMP trap receiver. In case of a dying gasp PDU,
the information is immediately passed on to the peer Link OAM enabled device.
VSC6817
OAM and Test
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 52
The dying gasp event PDU is sent if one of the following four events occur.
• Device power loss.
• Switch reloads—this includes cold reload and firmware upgrade.
• The port where Link OAM is enabled is shut down.
• Link OAM is disabled on a port where it was previously enabled.
12.1.3 Flow OAM
Flow OAM is implemented as a set of features as per requirements in IEEE 802.1ag and ITU- T.Y1731/G.8021.
Nodes can be configured as Maintenance End Point (MEP) or Maintenance Intermediate Point (MIP) in an OAM
domain to participate in the Flow OAM functionality.
Features such as link trace, continuity check, and Alarm Indication Signal (AIS) are provided in the implementation.
VSC6817
Synchronization
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 53
13. Synchronization
The following sections describe the synchronization and timing module features supported by the IStaX software. The
synchronization and timing features supports both the built-in PLL and the external PLLs such as ZL30343, ZL30363,
and ZL30772.
13.1 Precision Time Protocol (PTP)
IEEE 1588v2 defines the PTP at the packet layer, which may be used to distribute frequency and/or ToD (phase).
NID-based reference devices contain an internal OCXO providing IEEE 1588 slave functions and timing holdover
capability. Timing failover operation can be revertive or non-revertive. The following features are implemented as part
of PTP.
• Ordinary clock and boundary clock using basic delay mechanism
• Ordinary clock and boundary clock using peer to peer delay mechanism
• Peer-to-peer transparent clock
• End-to-end transparent clock
• Local clock and servo
• Best master clock algorithm
The protocol supported is Ethernet PTP over Ethernet multicast by default. It is possible to configure PTP over IPv4
multicast or unicast.
Boundary clocks support both multicast and unicast configuration. The slave only clock can be configured for up to
five master IP addresses. When operating in IPv4 unicast mode, the slave is configured for up to five master IP
addresses. The slave then requests Announce messages from all the configured masters. The slave uses the BMC
algorithm to select one as master clock, and then requests Sync messages from the selected master.
13.2 Microchip One-Step TC PHY Solution
The PTP application also supports the PHY API.
13.2.1 Peer-to-Peer Transparent Clock
The transparent clock uses peer-to-peer delay measurement mechanism.
13.2.2 End-to-End Transparent Clock
The transparent clock uses end-to-end delay measurement mechanism.
13.2.3 Boundary Clock
The boundary clock (master/slave) delay measurement mechanism is configurable or port.
13.2.4 PTP over IPv4
The PTP packets are encapsulated in IPv4
13.2.5 Unicast/Multicast
PTP packets encapsulated in IPv4 can be configured to either multicast or unicast mode. In unicast mode, the slave
is configured with the IP addresses of the accepted masters.
13.3 Transparent Clock over Microwave
This feature provides feedback from modems regarding modulation and latency.
VSC6817
Synchronization
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 54
13.4 G.8265.1 Solution (Frequency), ITU Standard
The IStaX software supports the following features related to 8265.1 solution (frequency), ITU standard.
13.4.1 G.8265.1 BMCA
The best master clock (BMC) algorithm performs a distributed selection of the best candidate clock based on the
following clock properties.
• Identifier
• Quality
• Priority
• Variance
13.4.2 PTP Profile
Profiles were introduced in IEEE 1588-2008, to allow other standards bodies to tailor PTP to particular applications.
PTP Profile supports frequency synchronization over telecom networks.
13.4.3 Clock Quality
The clock quality is determined by the system, and holds three parts: Clock Class, Clock Accuracy, and offset scaled
log variance as defined in IEEE 1588. The clock accuracy values are defined in IEEE 1588 table 6.
13.5 G.8275.1 Solution (Phase), ITU Standard
The IStaX software supports the following features related to 8275.1 solution (frequency), ITU standard.
13.6 G.8275 Compliant Filter
The IStaX software supports filtering that can be either the basic filter or an advanced filter that can be configured to
use only a fraction of the packets received (the packets that have experienced the least latency).
13.7 PTP Time Interface
Calculates and displays the actual PTP time with nanosecond resolution.
13.8 Network Time Protocol (NTP)
NTP is widely used to synchronize system clocks among a set of distributed time servers and clients. NTP is disabled
by default. The implemented NTP version is 4.
The NTP IPv4 or IPv6 address can be configured and a maximum of five servers are supported. Daylight saving time
can also be supported to automatically adjust the time offset.
13.9 Day Light Saving
Daylight Saving Time is used to set the clock forward or backward according to the configurations set for a defined
Daylight Saving Time duration. It is also called a summer time in several countries. Typically clocks are adjusted
forward one hour near the start of spring and are adjusted backward in autumn.
This feature is used to configure the settings to fit the daylight saving time.
VSC6817
Management
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 55
14. Management
The following sections describe the management features supported by the IStaX software.
14.1 JSON-RPC
JSON-RPC is a protocol that allows making remote procedure calls. The messages exchanged in JSON- RPC are
JSON encoded data structures. The JSON-RPC protocol has two roles - that of a server and a client. The client
initiates the communication by sending a request to the server, and the server processes the request and sends back
a response.
The IStaX software includes a JSON-RPC server, and in order to use it, a JSON-RPC client. JSON-RPC provides a
high-level interface that is the functional equivalent of CLI or SNMP with the following additional properties.
• Machine, and human friendly interface.
• Reliable connections orientated communication provided by the TCP and HTTP message encapsulation.
• RPC orientated protocol, which fits into most programming languages.
• Can be implemented in practically any language and needs only a very limited foot-print in terms of program
memory and data memory.
For more information about the JSON-RPC specification, see . For information about the general JSONjson-rpc.org/
specification, see .json.org
Note: 
JSON-RPC is not an end user interface intended for human interaction; it is a high level machine friendly interface.
Because of this, the intended audience of this document is developers who are already familiar with the JSON-RPC
technology. It is recommended that users not already familiar with JSON or JSON- RPC to read the official standards.
14.1.1 JSON-RPC Notifications
JSON-RPC includes support for unsolicited notifications, that is, asynchronous events generated on the server and
sent to the client. This allows the client to react on events when they happen, without the need for polling. When an
event occurs, the JSON-RPC notification service takes the initiative to send a request to the configured notification
receiver. In network terminology, this makes the notification receiver the server and the device that implements the
notification service the client.
This means that when supporting both normal JSON-RPC service and notifications, the target acts as both a server
and a client. Likewise for the user of the service, a client is used to access the normal JSON-RPC service, and a
server is needed to receive the notification events.
As the current implementation uses http as the message exchange protocol, the client needs an http client to post
the requests and an http server to receive the notifications. Only http (and not https) is currently supported for
JSON-RPC notifications.
14.2 Management Services
The IStaX software provides the network administrator with a set of comprehensive management functions. The
network administrator has a choice of the following easy-to-use management methods.
• CLI Interface
• Web-based
• SNMP
• JSON-RPC
Management interfaces of the turnkey switch solutions are branded to comply with platform changes and the
customer recommended standards as desired.
VSC6817
Management
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 57
127.0.0.1/32 via OS:lo:127.0.0.1 <UP HOST>
224.0.0.0/4 via OS:lo:127.0.0.1 <UP>
• Error checking—before executing a command, the CLI checks whether the current mode is still valid, user has
sufficient privileges, and valid range of parameter(s) among others. The user is alerted to the error by displaying
a caret under the offending word along with an error message.
IStaX(config)# clock summer-time PDT date 14
^
% Invalid word detected at '^' marker
Every configuration command has a no form to negate or set its default. In general, the no form is used to
reverse the action of a command or reset a value back to the default. For example, the no ip routing
configuration command reverses the ip routing of an interface.
• command support—this will allow the users to execute the commands from the configuration mode.do
(config)# do show vlan
VLAN Name Interface
---- ---- ---------
1 default Gi 1/1-9 2.5G 1/1-2
• Platform debug command support—this will allow the users to obtain technical support by entering and running
a debug command in this field.
14.2.2 Industry Standard Configuration Support
The IStaX software supports an industry standard configuration (ICFG) where commands are stored in a text format.
The switch stores its configuration in a number of text files in CLI format. The files are either virtual (RAM-based), or
stored in flash on the switch.
There are three system files:
• —a virtual file that represents the currently active configuration on the switch. This file isrunning-config
volatile.
• —the startup configuration for the switch, read at boot time.startup-config
• —a read-only file with vendor-specific configuration. This file is read when the system isdefault-config
restored to default settings. This is a per-build customizable file that does not require C source code changes.
It is also possible to store up to four files and apply them to , thereby switching configuration.running-config
The maximum number of files in the configuration file is limited to a compressed size not exceeding 1 MB. The
configuration can be dynamically viewed by issuing the command.show running-config
This current running configuration may be copied to the startup configuration using the copy command. ICFG may be
edited and populated on multiple other switches using any standard text editor offline.
It is possible to upload a file from the web browser to all the files on the switch, , whichexcept default- config
is read-only. If the destination is , the file will be applied to the switch configuration. This can berunning-config
done in two ways:
• Replace mode—the current configuration is fully replaced with the configuration in the uploaded file.
• Merge mode—the uploaded file is merged with .running-config
If the file system is full, (that is, contains the three system files mentioned previously along with other files), it is not
possible to create new files. An existing file must be overwritten or another deleted first.
It is possible to activate any of the configuration files present on the switch, except , whichrunning-config
represents the currently active configuration. This will initiate the process of completely replacing the existing
configuration with that of the selected file.
It is possible to delete any of the writable files stored in flash, including . If this is done and thestartup-config
switch is rebooted without a prior Save operation, it effectively resets the switch to default configuration.
VSC6817
Management
© 2020 Microchip Technology Inc.
and its subsidiaries
Draft Product Specification DS30010225C-page 59
IPv6 are supported. The timeout value can be configured from 1–86400 seconds while the default value is three
seconds. Source address can be mentioned by using saddr option. The number of probes (range is 1–60) can
be specified per hop with 3 as the default value. The number of hops (starting TTL) can be specified from 1–30
with 1 as the default value. The maximum number of hops can be configured from 1–255 with 30 as the default
value. It can also be specified whether to use ICMP instead of UDP for IPv4 option.
14.6 SysLog
Syslog is a method to collect messages from devices to a server running a Syslog daemon. Logging to a central
Syslog server helps in aggregation of logs and alerts. The CEServices software can send the log messages to a
configured Syslog server running on UDP port 512.
Some of the supported Syslog events are as follows.
• Port link up and down
• Port security limit control reach but the action is none
• IP source guard table is full
• IP source guard table reaches the port limitation
• IP source guard port limitation changes, should delete entry
• Switch boot up
The Syslog RAM buffer supports the display of a maximum of 21622 of the most recent entries.
14.7 LLDP-MED
It is possible to configure IStaX software either as a Link Layer Discovery Protocol (LLDP) end- point device or
connectivity device.
The default is to act as an end-point device.
LLDP-MED is an extension of IEEE 802.1ab and supports fast repeat count.
Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspect
of VoIP systems in general. In addition, it is best to advertise only those pieces of information that are specifically
relevant to particular endpoint types. For example, advertise only the voice network policy to permitted voice-capable
devices. This is advised in order to conserve the limited LLDPDU space and also to reduce security and system
integrity issues that can come with inappropriate knowledge of the network policy.
With this in mind, LLDP-MED defines an LLDP-MED fast start interaction between the protocol and the application
layers on top of the protocol to achieve these related properties. Initially, a network connectivity device will only
transmit LLDP TLVs in an LLDPDU. Only after an LLDP-MED endpoint device is detected, will an LLDP-MED
capable network connectivity device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated port.
The LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second, when
a new LLDP-MED neighbor has been detected in order to share LLDP-MED information as fast as possible with new
neighbors.
Because there is a risk of an LLDP frame being lost during transmission between neighbors, it is recommended to
repeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frame.
With fast start repeat count it is possible to specify the number of times the fast start transmission will be repeated.
The recommended value is four times, given that four LLDP frames with a 1 second interval will be transmitted, when
an LLDP frame with new information is received.
It should be noted that LLDP-MED and the LLDP-MED fast start mechanism is only intended to run on links between
LLDP-MED network connectivity devices and endpoint devices, and as such does not apply to links between LAN
infrastructure elements, including network connectivity devices, or other types of links.
• Coordinates location
• Civic address location
• Emergency call service
• Network policies


Product specificaties

Merk: Microchip
Categorie: Niet gecategoriseerd
Model: VSC6817-2023.03

Heb je hulp nodig?

Als je hulp nodig hebt met Microchip VSC6817-2023.03 stel dan hieronder een vraag en andere gebruikers zullen je antwoorden




Handleiding Niet gecategoriseerd Microchip

Handleiding Niet gecategoriseerd

Nieuwste handleidingen voor Niet gecategoriseerd