3Com S7906E - Switch Configuration Manual Download Page 1909

Page: 1909 / 2621

1-1

MAC Authentication Configuration

When configuring MAC authentication, go to these sections for information you are interested in:

MAC Authentication Overview

Related Concepts

Configuring MAC Authentication

Displaying and Maintaining MAC Authentication

MAC Authentication Configuration Examples

MAC Authentication Overview

MAC authentication provides a way for authenticating users based on ports and MAC addresses. Once

detecting a new MAC address, the device initiates the authentication process. MAC authentication

requires neither client software to be installed on the hosts, nor any username or password to be

entered by users during authentication.

Currently, the device supports two MAC authentication modes: Remote Authentication Dial-In User

Service (RADIUS) based MAC authentication and local MAC authentication. For detailed information

about RADIUS authentication and local authentication, refer to

AAA Configuration

of the

Security

Volume

MAC authentication supports two types of usernames:

MAC address, where the MAC address of a user serves as both the username and password.

Fixed username, where all users use the same preconfigured username and password for

authentication, regardless of the MAC addresses. Multiple users can be authenticated on the same

port, using the same username and password.

RADIUS-Based MAC Authentication

In RADIUS-based MAC authentication, the device serves as a RADIUS client and requires a RADIUS

server to cooperate with it.

If the type of username is MAC address, the device forwards a detected MAC address as the

username and password to the RADIUS server for authentication of the user.

If the type of username is fixed username, the device sends the same username and password

configured locally to the RADIUS server for authentication of each user.

If the authentication succeeds, the user will be granted permission to access the network resources.

Local MAC Authentication

In local MAC authentication, the device performs authentication of users locally and different items

need to be manually configured for users on the device according to the specified type of username:

If the type of username is MAC address, a local user must be configured for each user on the

device, using the MAC address of the accessing user as both the username and password.

«
...
1907
1908
1909
1910
1911
...
»

Summary of Contents for S7906E - Switch

Page 1: ...7900E Family Configuration Guide Release 6600 Series S7910E S7906E S7906E V S7903E S7903E S S7902E Manual Version 20091015 C 1 00 www 3com com 3Com Corporation 350 Campus Drive Marlborough MA USA 0175...

Page 2: ...cial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove o...

Page 3: ...HCPv6 Tunneling 02 IP Services Volume UDP Helper FTP and TFTP sFlow IP Routing Basics Static Routing RIP OSPF IS IS BGP IPv6 Static Routing RIPng OSPFv3 IPv6 IS IS IPv6 BGP Route Policy 03 IP Routing...

Page 4: ...are optional x y Alternative items are grouped in braces and separated by vertical bars One is selected x y Optional alternative items are grouped in square brackets and separated by vertical bars On...

Page 5: ...ion to ensure successful configuration or good performance Means a complementary description Means techniques helpful for you to make configuration with ease Related Documentation In addition to this...

Page 6: ...on to Product 1 1 Feature Lists 1 1 2 Features 2 1 Access Volume 2 1 IP Services Volume 2 3 IP Routing Volume 2 4 Multicast Volume 2 6 MPLS Volume 2 8 QoS Volume 2 10 Security Volume 2 10 High Availab...

Page 7: ...tion Service Loopback Group Loopback Interface and Null Interface MSTP LLDP VLAN GVRP QinQ BPDU Tunneling VLAN Mapping 01 Access Volume Mirroring EPON OLT IP Addressing IP Performance Optimization ARP...

Page 8: ...RPF Dual SRPU System VRRP Smart Link Monitor Link RRPP DLDP Ethernet OAM Connectivity Fault Detection 08 High Availability Volume BFD Track GR Overview Login Basic System Configuration Device Manageme...

Page 9: ...et Port z Configuring the MDI Mode for an Ethernet Port z Testing the Cable on an Ethernet Port z Configuring the Storm Constrain Function on an Ethernet Port z Configuring the Connection Mode of an E...

Page 10: ...LAN based on Port MAC address Protocol or IP subnet z Introduction and configuration of Super VLAN z Introduction and configuration of Isolate user vlan z Introduction and configuration of Voice VLAN...

Page 11: ...nfiguration IP Performance Optimization In some network environments you need to adjust the IP parameters to achieve best network performance This document describes z Enabling Reception and Forwardin...

Page 12: ...figuring a 6to4 Tunnel z Configuring an ISATAP Tunnel z Configuring an IPv4 over IPv4 Tunnel z Configuring an IPv4 over IPv6 Tunnel z Configuring an IPv6 over IPv6 Tunnel z Configuring a GRE over IPv4...

Page 13: ...algorithm This document describes z Configuring IS IS Basic Functions z Configuring IS IS Routing Information Control z Tuning and Optimizing IS IS Networks z Configuring IS IS Authentication z Confi...

Page 14: ...spection filtering attributes modifying when routes are received advertised or redistributed This document describes z Defining Filters z Route policy configuration Policy Routing Policy routing is to...

Page 15: ...figuring MBGP Basic Functions z Configuring MBGP Route Attributes z Configuring a Large Scale MBGP Network Multicast VPN Multicast VPN is a technique that implements multicast delivery in MPLS L3VPN n...

Page 16: ...istener Discovery Snooping MLD Snooping is an IPv6 multicast constraining mechanism that runs on Layer 2 devices to manage and control IPv6 multicast groups This document describes z Configuring Basic...

Page 17: ...olutions This document describes z MPLS L3VPN Overview z Configuring VPN Instances z Configuring Basic MPLS L3VPN z Configuring Inter Provider MPLS L3VPN z Configuring Nested VPN z Configuring HoVPN z...

Page 18: ...predefined configurations This document describes z Creating a User Profile z Configuring a User Profile z Enabling a User Profile Security Volume Table 2 7 Features in the Security volume Features D...

Page 19: ...a non secure network environment By encryption and strong authentication it protects the device against attacks This document describes z Configuring Asymmetric Keys z Configuring the Device as an SS...

Page 20: ...ice Monitor Link Monitor link is a port collaboration function used to enable a device to be aware of the up down state change of the ports on an indirectly connected link This document describes z Mo...

Page 21: ...llaboration between different modules through established collaboration objects The detection modules trigger the application modules to perform certain operations through the track module This docume...

Page 22: ...rs File System Management A major function of the file system is to manage storage devices mainly including creating the file system creating deleting modifying and renaming a file or a directory and...

Page 23: ...Upgrading PSE Processing Software in Service NQA NQA analyzes network performance services and service quality by sending test packets to provide you with network performance and service quality para...

Page 24: ...guration for Enabling IPC Performance Statistics OAA Volume Table 2 10 Features in the OAA volume Features Description OAP Configuration This document describes z OAP Overview z Configuring an OAP Car...

Page 25: ...Application Layer Gateway AM accounting management ANSI American National Standard Institute AP Access Point ARP Address Resolution Protocol AS Autonomous System ASBR Autonomous System Border Router...

Page 26: ...and Telegraph Consultative Committee CE Customer Edge CFD Connectivity Fault Detection CFM Configuration File Management CHAP Challenge Handshake Authentication Protocol CIDR Classless Inter Domain R...

Page 27: ...oint Priority DSP Digital Signal Processor DTE Data Terminal Equipment DU Downstream Unsolicited D V Distance Vector Routing Algorithm DVMRP Distance Vector Multicast Routing Protocol DWDM Dense Wavel...

Page 28: ...ernet GR Graceful Restart GRE Generic Routing Encapsulation GTS Generic Traffic Shaping GVRP GARP VLAN Registration Protocol H Return HA High Availability HABP HW Authentication Bypass Protocol HDLC H...

Page 29: ...on IPSec IP Security IPTN IP Phone Telephony Network IPv6 Internet protocol version 6 IPX Internet Packet Exchange IRF Intelligent Resilient Framework IS Intermediate System ISATAP Intra Site Automati...

Page 30: ...ate LRTT Loop Round Trip Time LSA Link State Advertisement LSAck Link State Acknowledgment LSDB Link State Database LSP Label Switch Path LSPAGENT Label Switched Path AGENT LSPDU Link State Protocol D...

Page 31: ...on Overhead MSTI Multi Spanning Tree Instance MSTP Multiple Spanning Tree Protocol MT Multicast Tunnel MTBF Mean Time Between Failure MTI Multicast Tunnel Interface MTU Maximum Transmission Unit MVRF...

Page 32: ...OC 3 OC 3 OID Object Identifier OL Optical Line OSI Open Systems Interconnection OSPF Open Shortest Path First P Return P2MP Point to MultiPoint P2P Point To Point PAP Password Authentication Protocol...

Page 33: ...Virtual Channel PW Pseudo wires Q Return QACL QoS ACL QinQ 802 1Q in 802 1Q QoS Quality of Service QQIC Querier s Query Interval Code QRV Querier s Robustness Variable R Return RA Registration Author...

Page 34: ...hoke Fairness Frame SD Signal Degrade SDH Synchronous Digital Hierarchy SETS Synchronous Equipment Timing Source SF Sampling Frequency SFM Source Filtered Multicast SFTP Secure FTP Share MDT Share Mul...

Page 35: ...Distribution Tree T Return TA Terminal Adapter TACACS Terminal Access Controller Access Control System TDM Time Division Multiplexing TCP Transmission Control Protocol TE Traffic Engineering TEDB TE D...

Page 36: ...rk VPI Virtual Path Identifier VPLS Virtual Private Local Switch VPN Virtual Private Network VRID Virtual Router ID VRRP Virtual Router Redundancy Protocol VSI Virtual Switch Interface VT Virtual Trib...

Page 37: ...al for Collecting Ethernet Port Statistics z Enabling Forwarding of Jumbo Frames z Enabling Loopback Detection on an Ethernet Port z Configuring the MDI Mode for an Ethernet Port z Testing the Cable o...

Page 38: ...unications links This document describes z Introduction to LLDP z Performing Basic LLDP Configuration z Configuring CDP Compatibility z Configuring LLDP Trapping VLAN Using the VLAN technology you can...

Page 39: ...nfiguring Two to Two VLAN Mapping Port Mirroring Port mirroring copies packets passing through a port to another port connected with a monitoring device for packet analysis to help implement network m...

Page 40: ...Ethernet Port 1 5 Configuring a Port Group 1 6 Configuring an Auto negotiation Transmission Rate 1 6 Configuring Storm Suppression 1 7 Setting the Interval for Collecting Ethernet Port Statistics 1 8...

Page 41: ...ptical fiber port or an electrical copper port The two ports share one forwarding port and thus they cannot work at the same time If the electrical port is enabled the optical port is disabled automat...

Page 42: ...interface but because it is located on the main board it provides much faster connection speed than a common Ethernet interface when used for operations such as software loading and network management...

Page 43: ...ame followed by the interface string GigabitEthernetEthernet1 2 0 1 Interface for example Shut down the port shutdown Optional By default a port is in up state To bring up a port use the undo shutdown...

Page 44: ...rt it will send a Pause frame notifying the egress port to temporarily suspend the sending of packets The egress port is expected to stop sending any new packet when it receives the Pause frame In thi...

Page 45: ...command cannot take effect on ports that are manually disabled using the shutdown command Configuring Loopback Testing on an Ethernet Port You can enable loopback testing to check whether the Ethernet...

Page 46: ...you made on it apply to all group member ports Note that even though the settings are made on the port group they are saved on a port basis rather than on a port group basis Thus you can only view th...

Page 47: ...to configure an auto negotiation transmission rate To do Use the command Remarks Enter system view system view Enter Ethernet port view interface interface type interface number Configure the auto neg...

Page 48: ...e takes effect on the current port only if configured in port group view this feature takes effect on all ports in the port group Set the broadcast storm suppression ratio broadcast suppression ratio...

Page 49: ...configurations take effect on all ports in the port group Follow these steps to enable the forwarding of jumbo frames To do Use the command Remarks Enter system view system view port group manual port...

Page 50: ...port group manual port group name Use either command Configurations made in Ethernet port view takes effect on the current port only configurations made in port group view takes effect on all ports in...

Page 51: ...receiving signals pin 3 and pin 6 are used for transmitting signals To enable normal communication you should connect the local transmit pins to the remote receive pins Therefore you should configure...

Page 52: ...rap messages and logs when the traffic detected exceeds the threshold Alternatively you can configure the storm suppression function to control a specific type of traffic As the function and the storm...

Page 53: ...n below the lower threshold from a point higher than the upper threshold Specify to send log when the traffic detected exceeds the upper threshold or drops down below the lower threshold from a point...

Page 54: ...command Remarks Display the current state of a port and the related information display interface interface type interface number Available in any view Display the summary of a port display brief int...

Page 55: ...group manual all name port group name Available in any view Display the information about the loopback function display loopback detection Available in any view Display storm constrain information on...

Page 56: ...1 9 Configuring the Description of an Aggregate Interface 1 10 Enabling LinkUp LinkDown Trap Generation for an Aggregate Interface 1 10 Shutting Down an Aggregate Interface 1 10 Configuring Load Shar...

Page 57: ...ates as a distributed stacking device For introduction of IRF refer to IRF in the System Volume Overview Link aggregation aggregates multiple physical Ethernet ports to increase the link speed beyond...

Page 58: ...use the same duplex mode For how the state of a member port is determined refer to Static aggregation mode and Dynamic aggregation mode IEEE 802 3ad LACP protocol The IEEE 802 3ad Link Aggregation Co...

Page 59: ...QinQ enable state enable disable TPID values in VLAN tags outer VLAN tags to be added inner to outer VLAN priority mappings inner to outer VLAN tag mappings inner VLAN ID substitution mappings VLAN Pe...

Page 60: ...number wins out z Consider the ports in up state with the same port attributes port rate duplex mode and link state configuration and class two configurations as the reference port as candidate selec...

Page 61: ...the number of candidate selected ports is under the limit all the candidate selected ports are set to selected state When the limit is exceeded the system selects the candidate selected ports with sm...

Page 62: ...Select either task Configuring an Aggregation Group Enabling MAC Address Table Synchronization for Cross Card Aggregation Required Configuring the Description of an Aggregate Interface Optional Enabl...

Page 63: ...es the corresponding aggregation group At the same time the member ports of the aggregation group if any leave the aggregation group z To guarantee a successful static aggregation ensure that the port...

Page 64: ...gregation group becomes a non load sharing aggregation group because of insufficient load sharing resources one of the following problems may occur the number of selected ports of the actor is inconsi...

Page 65: ...hronization between different types of line cards To do Use the command Remarks Enter system view system view Enable MAC address table synchronization synchronization mac address enable Required Disab...

Page 66: ...the command Remarks Enter system view system view Enable the trap function globally snmp agent trap enable standard linkdown linkup Optional By default linkUp linkDown trap generation is enabled globa...

Page 67: ...link aggregation group for different types of traffic as needed You can configure a global load sharing mode for all link aggregation groups or a load sharing mode specific to a link aggregation grou...

Page 68: ...ace bridge aggregation interface number Configure the load sharing mode for the aggregation group link aggregation load sharing mode destination ip destination mac mpls label1 mpls label2 source ip so...

Page 69: ...view system view Configure the local first load sharing mechanism for link aggregation link aggregation load sharing mode local first Optional The local first load sharing mode takes effect by default...

Page 70: ...e section Class two configurations When you configure cross card link aggregation if link aggregation across different types of cards however you may need to enable MAC address table synchronization m...

Page 71: ...gregation Configuration Example Network requirements As shown in Figure 1 3 Device A and Device B are connected through their respective Layer 2 Ethernet ports GigabitEthernet 2 0 1 to GigabitEthernet...

Page 72: ...rements As shown in Figure 1 4 Device A is connection to Device B by their Ethernet ports GigabitEthernet 2 0 1 through GigabitEthernet 2 0 4 Configure the global load sharing mode and aggregation gro...

Page 73: ...tination MAC based load sharing mode DeviceA interface bridge aggregation 2 DeviceA Bridge Aggregation2 link aggregation load sharing mode destination mac DeviceA Bridge Aggregation2 quit Assign ports...

Page 74: ...olation Configuration 1 1 Introduction to Port Isolation 1 1 Configuring the Isolation Group 1 1 Assigning a Port to the Isolation Group 1 1 Displaying and Maintaining Isolation Groups 1 2 Port Isolat...

Page 75: ...2 traffic can be exchanged between a port inside an isolation group and a port outside the isolation group but not between ports inside the isolation group z There is no restriction on the number of...

Page 76: ...t simply skips the port and moves to the next port Displaying and Maintaining Isolation Groups To do Use the command Remarks Display the isolation group information on a single isolation group device...

Page 77: ...rt isolate enable Device Gigabitethernet2 0 2 quit Device interface gigabitethernet 2 0 3 Device Gigabitethernet2 0 3 port isolate enable Configure port GigabitEthernet 2 0 4 as the uplink port of the...

Page 78: ...unctions of Service Loopback Groups 1 1 Port Configuration Prerequisites of Service Loopback Groups 1 1 States of the Ports in a Service Loopback Group 1 2 Configuring a Service Loopback Group 1 2 Dis...

Page 79: ...e redirecting throughput you can bundle multiple service loopback ports into a logical link called a service loopback group Similar to link aggregation a service loopback group can increase bandwidth...

Page 80: ...rdware restrictions as candidate selected ports and set the rest ports to unselected state z The number of selected ports is limited in a service loopback group If the number of candidate ports exceed...

Page 81: ...mber Available in any view Configuration Example Network requirements Ports of Device A support the tunnel service Assign GigabitEthernet 2 0 1 through GigabitEthernet 2 0 3 to a service loopback grou...

Page 82: ...1 4 DeviceA interface tunnel 1 DeviceA Tunnel1 service loopback group 1...

Page 83: ...nfiguration 1 1 Loopback Interface 1 1 Introduction to Loopback Interface 1 1 Configuring a Loopback Interface 1 1 Null Interface 1 2 Introduction to Null Interface 1 2 Configuring Null 0 Interface 1...

Page 84: ...e a rule on an authentication or security server to permit or deny packets generated by a device you can streamline the rule by configuring it to permit or deny packets carrying the loopback interface...

Page 85: ...ace is always up However you can neither use it to forward data packets nor configure an IP address or link layer protocol on it With a null interface specified as the next hop of a static route to a...

Page 86: ...rface is the interface name followed by the Interface string Displaying and Maintaining Loopback and Null Interfaces To do Use the command Remarks Display information about loopback interfaces display...

Page 87: ...vice 1 19 Configuring the Maximum Hops of an MST Region 1 20 Configuring the Network Diameter of a Switched Network 1 20 Configuring Timers of MSTP 1 21 Configuring the Timeout Factor 1 22 Configuring...

Page 88: ...EEE to eliminate loops at the data link layer in a local area network LAN Devices running this protocol detect loops in the network by exchanging information with one another and eliminate loops by se...

Page 89: ...port The root bridge has no root port Designated bridge and designated port The following table describes designated bridges and designated ports Table 1 1 Description of designated bridges and design...

Page 90: ...spanning tree calculation Important fields in a configuration BPDU include z Root bridge ID consisting of the priority and MAC address of the root bridge z Root path cost the cost of the path to the...

Page 91: ...iority than that of the configuration BPDU generated by the port the device discards the received configuration BPDU and does not process the configuration BPDU of this port z If the received configur...

Page 92: ...device z The designated port ID is replaced with the ID of this port 3 The device compares the calculated configuration BPDU with the configuration BPDU on the port of which the port role is to be def...

Page 93: ...port after comparison Device A z Port AP1 receives the configuration BPDU of Device B 1 0 1 BP1 Device A finds that the configuration BPDU of the local port 0 0 0 AP1 is superior to the received confi...

Page 94: ...ort BP1 0 0 0 AP1 Designated port BP2 0 5 1 BP2 z Port CP1 receives the configuration BPDU of Device A 0 0 0 AP2 Device C finds that the received configuration BPDU is superior to the configuration BP...

Page 95: ...ning tree with Device A as the root bridge is established as shown in Figure 1 3 Figure 1 3 The final calculated spanning tree AP1 AP2 Device A With priority 0 Device B With priority 1 Device C With p...

Page 96: ...e transition in STP the newly elected root ports or designated ports require twice the forward delay time before transiting to the forwarding state to ensure that the new configuration BPDU has propag...

Page 97: ...gs of STP and RSTP In addition to the support for rapid network convergence it allows data flows of different VLANs to be forwarded along separate paths thus providing a better load sharing mechanism...

Page 98: ...tree region MST region consists of multiple devices in a switched network and the network segments among them These devices have the following characteristics z All are MSTP enabled z They have the sa...

Page 99: ...constitute the CIST of the entire network MSTI Multiple spanning trees can be generated in an MST region through MSTP one spanning tree being independent of another Each spanning tree is referred to a...

Page 100: ...ate port The standby port for a root port or master port When the root port or master port is blocked the alternate port becomes the new root port or master port z Backup port The backup port of a des...

Page 101: ...are calculated each being called an MSTI Among these MSTIs MSTI 0 is the IST while all the others are MSTIs Similar to STP MSTP uses configuration BPDUs to calculate spanning trees The only difference...

Page 102: ...tocol MSTP Configuration Task List Before configuring MSTP you need to know the role of each device in each MSTI root bridge or leave node In each MSTI one and only one device acts as the root bridge...

Page 103: ...nce mapping table For the detailed information of GVRP refer to GVRP Configuration of the Access Volume z MSTP is mutually exclusive with any of the following functions on a port service loopback RRPP...

Page 104: ...to configure an MST region To do Use the command Remarks Enter system view system view Enter MST region view stp region configuration Configure the MST region name region name name Optional The MST r...

Page 105: ...has independent roles in different MSTIs It can act as the root bridge or a secondary root bridge of one MSTI while being the root bridge or a secondary root bridge of another MSTI However the same d...

Page 106: ...h legacy STP devices and for full interoperability with RSTP enabled devices MSTP supports three work modes STP compatible mode RSTP mode and MSTP mode z In STP compatible mode all ports of the device...

Page 107: ...ys sends a configuration BPDU with a hop count set to the maximum value When a switch receives this configuration BPDU it decrements the hop count by 1 and uses the new hop count in the BPDUs it propa...

Page 108: ...scarding state can transit to the forwarding state it needs to go through the learning state Forward delay is the delay time for port state transition This is to ensure that the state transition of th...

Page 109: ...recommend that you use the default setting z If the max age time setting is too small the network devices will frequently launch spanning tree calculations and may take network congestion as a link fa...

Page 110: ...system view Enter Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter interface view or port group view Enter port group view port group manual...

Page 111: ...ve different path costs in different MSTIs Setting appropriate path costs allows VLAN traffic flows to be forwarded along different physical links thus achieving VLAN based load balancing The device c...

Page 112: ...66 500 2 1 1 1 When calculating path cost for an aggregate interface 802 1d 1998 does not take into account the number of member ports in its aggregation group as 802 1t does The calculation formula o...

Page 113: ...elected as the root port of a device If all other conditions are the same the port with the highest priority will be elected as the root port On an MSTP enabled device a port can have different priori...

Page 114: ...ew system view Enter Ethernet interface view or Layer 2 aggregate interface view interface interface type interface number Enter interface view or port group view Enter port group view port group manu...

Page 115: ...cy Required auto by default z MSTP provides the MSTP packet format incompatibility guard function In MSTP mode if a port is configured to recognize send MSTP packets in a mode other than auto and rece...

Page 116: ...port group manual port group name Required Use either command Enable the MSTP feature for the ports stp enable Optional By default MSTP is enabled for all ports after it is enabled for the device glo...

Page 117: ...RSTP or MSTP mode Configuring Digest Snooping As defined in IEEE 802 1s interconnected devices are in the same region only when the MST region related configurations domain name revision level VLAN to...

Page 118: ...led by default z With the Digest Snooping feature enabled comparison of configuration digest is not needed for in the same region check so the VLAN to instance mappings must be the same on associated...

Page 119: ...oping on Device B DeviceB system view DeviceB interface gigabitethernet 2 0 1 DeviceB GigabitEthernet2 0 1 stp config digest snooping DeviceB GigabitEthernet2 0 1 quit DeviceB stp config digest snoopi...

Page 120: ...P and does not work in RSTP mode the root port on the downstream device receives no agreement packet from the upstream device and thus sends no agreement packets to the upstream device As a result the...

Page 121: ...arty device that has different MSTP implementation Both devices are in the same region z Device B is the regional root bridge and Device A is the downstream device Figure 1 9 No Agreement Check config...

Page 122: ...by default BPDU guard does not take effect on loopback test enabled ports For information about loopback test refer to Ethernet Port Configuration in the Access Volume Enabling Root guard The root bri...

Page 123: ...and the blocked ports will transition to the forwarding state resulting in loops in the switched network The loop guard function can suppress the occurrence of such loops With loop guard enabled on a...

Page 124: ...address entries Follow these steps to enable TC BPDU guard To do Use the command Remarks Enter system view system view Enable the TC BPDU guard function stp tc protection enable Optional Enabled by d...

Page 125: ...t packet number Optional 10 by default Configure the port as an edge port stp edged port enable Required By default no port is an edge port Configure the path cost of the port stp cost cost Optional B...

Page 126: ...number brief Available in any view View the MST region configuration information that has taken effect display stp region configuration Available in any view View the root bridge information of all MS...

Page 127: ...MSTI 1 MSTI 3 and MSTI 4 respectively and configure the revision level of the MST region as 0 DeviceA system view DeviceA stp region configuration DeviceA mst region region name example DeviceA mst re...

Page 128: ...w DeviceC stp region configuration DeviceC mst region region name example DeviceC mst region instance 1 vlan 10 DeviceC mst region instance 3 vlan 30 DeviceC mst region instance 4 vlan 40 DeviceC mst...

Page 129: ...TID Port Role STP State Protection 0 GigabitEthernet2 0 1 DESI FORWARDING NONE 0 GigabitEthernet2 0 2 DESI FORWARDING NONE 0 GigabitEthernet2 0 3 DESI FORWARDING NONE 1 GigabitEthernet2 0 2 DESI FORWA...

Page 130: ...0 2 ALTE DISCARDING NONE 4 GigabitEthernet2 0 3 ROOT FORWARDING NONE Based on the above information you can draw the MSTI corresponding to each VLAN as shown in Figure 1 11 Figure 1 11 MSTIs correspon...

Page 131: ...ation Delay 1 8 Enabling LLDP Polling 1 8 Configuring the TLVs to Be Advertised 1 8 Configuring the Management Address and Its Encoding Format 1 9 Setting Other LLDP Parameters 1 10 Setting an Encapsu...

Page 132: ...in IEEE 802 1AB The protocol operates on the data link layer to exchange device information between directly connected devices With LLDP a device sends local device information including its major fun...

Page 133: ...MAC address the MAC address of the sending bridge is used Type The Ethernet type for the upper layer protocol It is 0x88CC for LLDP Data LLDP data unit LLDPDU FCS Frame check sequence a 32 bit CRC val...

Page 134: ...nformation field in octets and the value field contains the information itself LLDPDU TLVs fall into these categories basic management TLVs organizationally IEEE 802 1 and IEEE 802 3 specific TLVs and...

Page 135: ...00E support receiving but not sending protocol identity TLVs 3 IEEE 802 3 organizationally specific TLVs Table 1 5 IEEE 802 3 organizationally specific TLVs Type Description MAC PHY Configuration Stat...

Page 136: ...t to advertise power related information according to IEEE 802 3AF Hardware Revision Allows a MED endpoint device to advertise its hardware version Firmware Revision Allows a MED endpoint to advertise...

Page 137: ...or is discovered that is a new LLDP frame is received carrying device information new to the local device z The LLDP operating mode of the port changes from Disable Rx to TxRx or Tx This is the fast s...

Page 138: ...teps to enable LLDP To do Use the command Remarks Enter system view system view Enable LLDP globally lldp enable Required By default LLDP is disabled globally Enter Ethernet interface view interface i...

Page 139: ...system view system view Set the LLDP re initialization delay lldp timer reinit delay delay Optional 2 seconds by default Enabling LLDP Polling With LLDP polling enabled a device checks for local confi...

Page 140: ...encoded its management address in character string format you can configure the encoding format of the management address as string on the connecting port to guarantee normal communication with the ne...

Page 141: ...r of LLDP frames sent each time fast LLDPDU transmission is triggered lldp fast count count Optional 3 by default z The TTL can be up to 65535 seconds TTLs greater than it will be rounded down to 6553...

Page 142: ...eed to enable CDP compatibility for your device to work with Cisco IP phones As your LLDP enabled device cannot recognize CDP packets it does not respond to the requests of Cisco IP phones for the voi...

Page 143: ...ate in TxRx mode lldp compliance admin status cdp txrx Required By default CDP compatible LLDP operates in disable mode As the maximum TTL allowed by CDP is 255 seconds ensure that the product of the...

Page 144: ...tics display lldp statistics global interface interface type interface number Available in any view Display LLDP status of a port display lldp status interface interface type interface number Availabl...

Page 145: ...stem view SwitchB lldp enable Enable LLDP on GigabitEthernet2 0 1 you can skip this step because LLDP is enabled on ports by default setting the LLDP operating mode to Tx SwitchB interface gigabitethe...

Page 146: ...perate in Rx mode that is they only receive LLDP frames Tear down the link between Switch A and Switch B and then display the global LLDP status and port LLDP status on Switch A SwitchA display lldp s...

Page 147: ...P phones to automatically configure the voice VLAN thus confining their voice traffic within the voice VLAN to be isolated from other types of traffic Figure 1 5 Network diagram for CDP compatible LLD...

Page 148: ...hernet2 0 2 lldp enable SwitchA GigabitEthernet2 0 2 lldp admin status txrx SwitchA GigabitEthernet2 0 2 lldp compliance admin status cdp txrx SwitchA GigabitEthernet2 0 2 quit 3 Verify the configurat...

Page 149: ...Configuration 1 12 Introduction to Protocol Based VLAN 1 12 Configuring a Protocol Based VLAN 1 13 IP Subnet Based VLAN Configuration 1 14 Introduction 1 14 Configuring an IP Subnet Based VLAN 1 14 Di...

Page 150: ...nterface 4 5 Setting a Port to Operate in Manual Voice VLAN Assignment Mode 4 6 Displaying and Maintaining Voice VLAN 4 7 Voice VLAN Configuration Examples 4 7 Automatic Voice VLAN Mode Configuration...

Page 151: ...and excessive broadcasts cannot be avoided on an Ethernet To address the issue virtual LAN VLAN was introduced The idea is to break a LAN down into separate VLANs that is Layer 2 broadcast domains whe...

Page 152: ...ional Ethernet frame IEEE 802 1Q inserts a four byte VLAN tag after the DA SA field as shown in Figure 1 3 Figure 1 3 The position and format of VLAN tag A VLAN tag comprises four fields tag protocol...

Page 153: ...a port at the same time When determining to which VLAN a packet passing through the port should be assigned the device looks up the VLANs in the default order of MAC based VLANs IP based VLANs protoco...

Page 154: ...LAN you can create one VLAN interface You can assign the VLAN interface an IP address and specify it as the gateway of the VLAN to forward traffic destined for an IP network segment different from tha...

Page 155: ...hybrid port can carry multiple VLANs to receive and send traffic for them Unlike a trunk port a hybrid port allows traffic of all VLANs to pass through VLAN untagged You can configure a port connecte...

Page 156: ...nd send the frame Trunk z Remove the tag and send the frame if the frame carries the default VLAN tag and the port belongs to the default VLAN z Send the frame without removing the tag if its VLAN is...

Page 157: ...er 2 aggregate interface view interface bridge aggregation interface number Enter interface view including Ethernet interface view Layer 2 aggregate interface view or port group view Enter port group...

Page 158: ...nter Ethernet interface view interface interface type interface number Enter Layer 2 aggregate interface view interface bridge aggregation interface number Enter interface view including Ethernet inte...

Page 159: ...view Follow these steps to assign a hybrid port to one or multiple VLANs To do Use the command Remarks Enter system view system view Enter Ethernet interface view interface interface type interface n...

Page 160: ...ks up other types of VLANs to make the forwarding decision MAC based VLANs are mostly used in conjunction with security technologies such as 802 1X to provide secure flexible network access for termin...

Page 161: ...this packet processing mode has the highest priority the configuration of MAC learning limit and disabling MAC address learning becomes invalid in this case Therefore you are recommended not to config...

Page 162: ...ble MAC based dynamic port assignment mac vlan trigger enable Optional Disabled by default Disable the default VLAN of the current port from forwarding packets with unknown source MAC addresses that c...

Page 163: ...p mode ethernetii etype etype id llc dsap dsap id ssap ssap id ssap ssap id snap etype etype id Required Exit VLAN view quit Required Enter Ethernet interface view interface interface type interface n...

Page 164: ...more information refer to Voice VLAN Configuration z After you configure a command on a Layer 2 aggregate interface the system starts applying the configuration to the aggregate interface and its agg...

Page 165: ...ember ports Configure port link type as hybrid port link type hybrid Required Configure the hybrid port s to permit the specified IP subnet based VLANs to pass through port hybrid vlan vlan id list ta...

Page 166: ...ormation and IP subnet indexes of specified VLANs display ip subnet vlan vlan vlan id to vlan id all Available in any view Display the IP subnet based VLAN information and IP subnet indexes of specifi...

Page 167: ...2 0 1 port trunk permit vlan 2 6 to 50 100 Please wait Done DeviceA GigabitEthernet2 0 1 quit DeviceA quit 2 Configure Device B as you configure Device A Verification Verifying the configuration on De...

Page 168: ...RC 0 frame 0 overruns 0 aborts 0 ignored 0 parity errors Output total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Output normal 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Output 0 o...

Page 169: ...Layer 2 To enable Layer 3 communication between sub VLANs you should configure the VLAN interface IP address of the associated super VLAN as the gateway IP address This enables multiple sub VLANs to s...

Page 170: ...ration in the Security Volume z You can configure Layer 2 multicast for a super VLAN However the configuration cannot take effect z You can configure DHCP Layer 3 multicast dynamic routing and NAT for...

Page 171: ...rnet 2 0 1 gigabitethernet 2 0 2 Create VLAN 3 and assign GigabitEthernet 2 0 3 and GigabitEthernet 2 0 4 to it Sysname vlan2 quit Sysname vlan 3 Sysname vlan3 port gigabitethernet 2 0 3 gigabitethern...

Page 172: ...n VLAN 0002 Name VLAN 0002 Tagged Ports none Untagged Ports GigabitEthernet2 0 1 GigabitEthernet2 0 2 VLAN ID 3 VLAN Type static It is a Sub VLAN Route Interface not configured Description VLAN 0003 N...

Page 173: ...of only the isolate user VLAN but not the secondary VLANs network configuration is simplified and VLAN resources are saved z You can isolate the Layer 2 traffic of different users by assigning the por...

Page 174: ...port Refer to Assigning an Access Port to a VLAN Assign ports to the isolate user VLAN and ensure that at least one port takes the isolate user VLAN as its default VLAN Hybrid port Refer to Assigning...

Page 175: ...rnet 2 0 5 to VLAN 5 and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3 Assign GigabitEthernet 2 0 2 to VLAN 2 and GigabitEthernet 2 0 1 to VLAN 3 z Configure VLAN 6 on Device C as an isolate...

Page 176: ...vlan6 isolate user vlan enable DeviceC vlan6 port gigabitethernet 2 0 5 DeviceC vlan6 quit Configure the secondary VLANs DeviceC vlan 3 DeviceC vlan3 port gigabitethernet 2 0 3 DeviceC vlan3 quit Dev...

Page 177: ...ce not configured Description VLAN 0002 Name VLAN 0002 Tagged Ports none Untagged Ports GigabitEthernet2 0 2 GigabitEthernet2 0 5 VLAN ID 3 VLAN Type static Isolate user VLAN type secondary Route Inte...

Page 178: ...uality A device determines whether a received packet is a voice packet by checking its source MAC address A packet whose source MAC address complies with the voice device Organizationally Unique Ident...

Page 179: ...on the device The system will remove a port from the voice VLAN if no packet is received from the port after the aging time expires Assigning removing ports to from a voice VLAN are automatically perf...

Page 180: ...fic to realize the voice VLAN feature you must configure the default VLAN of the connecting port as the voice VLAN In this case 802 1X authentication function cannot be realized z The default VLANs fo...

Page 181: ...or the device it is forwarded in the voice VLAN otherwise it is dropped Security mode Packets carrying other tags Forwarded or dropped depending on whether the port allows packets of these VLANs to pa...

Page 182: ...mode on a hybrid port can process only tagged voice traffic Therefore do not configure a VLAN as both a protocol based VLAN and a voice VLAN For more information refer to Protocol Based VLAN Configura...

Page 183: ...rsed your priority trust setting will fail z The voice vlan qos cos value dscp value command and the voice vlan qos trust command can overwrite the other whichever is configured the last Setting a Por...

Page 184: ...LAN and this voice VLAN must be a static VLAN that already exists on the device z Voice VLAN cannot be enabled on a port with Link Aggregation Control Protocol LACP enabled z To make voice VLAN take e...

Page 185: ...oice VLANs to work in security mode that is configure the voice VLANs to transmit only voice packets Optional By default voice VLANs work in security mode DeviceA voice vlan security enable Configure...

Page 186: ...Philips NEC phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3com phone Display the current states of voice VLANs DeviceA display voice vlan state Maximum of Voice VLANs...

Page 187: ...port DeviceA GigabitEthernet2 0 1 port link type hybrid Configure the voice VLAN VLAN 2 as the default VLAN of GigabitEthernet 2 0 1 and configure GigabitEthernet 2 0 1 to permit the voice traffic of...

Page 188: ...ne Display the current voice VLAN state DeviceA display voice vlan state Maximum of Voice VLANs 128 Current Voice VLANs 1 Voice VLAN security mode Security Voice VLAN aging time 1440 minutes Voice VLA...

Page 189: ...1 4 Protocols and Standards 1 4 Configuring GVRP 1 4 Configuring GVRP Functions 1 4 Configuring GARP Timers 1 5 Displaying and Maintaining GVRP 1 6 GVRP Configuration Examples 1 7 GVRP Configuration...

Page 190: ...ARP messages and timers 1 GARP messages A GARP participant exchanges information with other GARP participants by sending the following three types of messages z Join messages to register with other en...

Page 191: ...h as GVRP on a LAN z Unlike other three timers which are set on a port basis the LeaveAll timer is set in system view and takes effect globally z A GARP participant may send LeaveAll messages at the i...

Page 192: ...AN ID attribute Attribute List Contains one or multiple attributes Attribute Consists of an Attribute Length an Attribute Event and an Attribute Value Attribute Length Number of octets occupied by an...

Page 193: ...pagate information about dynamic VLANs but allows the port to propagate information about static VLANs A trunk port with fixed registration type thus allows only manually configured VLANs to pass thro...

Page 194: ...mote probe VLAN to unexpected ports resulting in undesired duplicates to be received by the monitor port For more information about port mirroring refer to Port Mirroring Configuration in the Access V...

Page 195: ...timer When configuring GARP timers note that their values are dependent on each other and must be a multiple of five centiseconds If the value range for a timer is not desired you may change it by tu...

Page 196: ...on interface interface type interface number Available in any view Clear the GARP statistics reset garp statistics interface interface list Available in user view GVRP Configuration Examples GVRP Conf...

Page 197: ...ate VLAN 3 a static VLAN DeviceB vlan 3 3 Verify the configuration Display dynamic VLAN information on Device A DeviceA display vlan dynamic Now the following dynamic VLAN exist s 3 Display dynamic VL...

Page 198: ...2 0 1 as a trunk port allowing all VLANs to pass through DeviceB interface GigabitEthernet 2 0 1 DeviceB GigabitEthernet2 0 1 port link type trunk DeviceB GigabitEthernet2 0 1 port trunk permit vlan...

Page 199: ...tEthernet2 0 1 gvrp registration forbidden DeviceA GigabitEthernet2 0 1 quit Create VLAN 2 a static VLAN DeviceA vlan 2 2 Configure Device B Enable GVRP globally DeviceB system view DeviceB gvrp Confi...

Page 200: ...1 11 DeviceB display vlan dynamic No dynamic vlans exist...

Page 201: ...QinQ 1 3 Modification of the TPID Value in VLAN Tags 1 3 Configuring Outer VLAN Tag Priority 1 5 Protocols and Standards 1 5 Configuring Basic QinQ 1 5 Enabling Basic QinQ 1 5 Configuring VLAN Transpa...

Page 202: ...tag in Ethernet frames from customer networks private networks so that the Ethernet frames will travel across the service provider network public network with double VLAN tags QinQ enables a service...

Page 203: ...gh 20 The SVLAN allocated by the service provider for customer network A is SVLAN 3 and that for customer network B is SVLAN 4 When a tagged Ethernet frame of customer network A enters the service pro...

Page 204: ...her the frame is tagged or untagged If the received frame is already tagged it becomes a double tagged frame if it is untagged it becomes a frame tagged with the port s default VLAN tag 2 Selective Qi...

Page 205: ...s VLAN untagged the switch tags the frame with the default VLAN tag of the receiving port This default VLAN tag uses the TPID that you have configured z The TPID value in service provider network VLAN...

Page 206: ...sed on inner VLAN tag priority configure an action of marking traffic with outer VLAN tag priority in the traffic behavior Protocols and Standards IEEE 802 1Q IEEE standard for local and metropolitan...

Page 207: ...Transparent Transmission When basic QinQ is enabled on a port all packets passing through the port will be tagged with the port s default VLAN tag However by configuring the VLAN transparent transmis...

Page 208: ...iew Create a class and enter class view traffic classifier classifier name operator and or Required By default the relationship between the match criteria in a class is logical AND Specify the inner V...

Page 209: ...ll ports in the port group Enable basic QinQ qing enable Required Apply the QoS policy in the inbound direction qos apply policy policy name inbound Required z Before enabling selective QinQ on a port...

Page 210: ...ult Configure Outer VLAN Tag Priority Following these steps to configure outer VLAN tag priority To do Use the command Remarks Enter system view system view Create a class and enter class view traffic...

Page 211: ...he port qos apply policy policy name inbound Required The configuration of outer VLAN tag priority is achieved through QoS policies For more information about QoS policies refer to the part talking ab...

Page 212: ...the port as a hybrid port permitting frames of VLAN 1000 VLAN 2000 and VLAN 3000 to pass through with the outer VLAN tag removed ProviderA interface gigabitethernet 2 0 1 ProviderA GigabitEthernet2 0...

Page 213: ...erA qospolicy qinq classifier A20 behavior P2000 ProviderA qospolicy qinq quit Apply the QoS policy qinq in the inbound direction of GigabitEthernet 2 0 1 ProviderA interface GigabitEthernet 2 0 1 Pro...

Page 214: ...2 ProviderB GigabitEthernet2 0 2 port access vlan 2000 Enable basic QinQ Tag frames from VLAN 20 with the outer VLAN tag 2000 ProviderB GigabitEthernet2 0 2 qinq enable ProviderB GigabitEthernet2 0 2...

Page 215: ...ling Implementation 1 2 Configuring BPDU Tunneling 1 4 Configuration Prerequisites 1 4 Enabling BPDU Tunneling 1 4 Configuring Destination Multicast MAC Address for BPDUs 1 5 BPDU Tunneling Configurat...

Page 216: ...ich belong to VLAN 100 User A s network is divided into network 1 and network 2 which are connected by the service provider network When Layer 2 protocol packets cannot be transparently transmitted in...

Page 217: ...protocols are all similar This section describes how BPDU tunneling is implemented by taking the Spanning Tree Protocol STP as an example z The term STP in this document is in a broad sense It include...

Page 218: ...f the customer network to be transparently transmitted in the service provider network thus ensuring consistent spanning tree calculation of User A network without affecting the spanning tree calculat...

Page 219: ...ol before enabling BPDU tunneling for PVST on a port you need to disable STP and then enable BPDU tunneling for STP on the port first z Before enabling BPDU tunneling for LACP on aggregation group mem...

Page 220: ...el dmac mac address Optional 0x010F E200 0003 by default For BPDUs to be recognized the destination multicast MAC addresses configured for BPDU tunneling must be the same on the edge devices on the se...

Page 221: ...t2 0 1 bpdu tunnel dot1q stp 2 Configuration on PE 2 Configure the destination multicast MAC address for BPDUs as 0x0100 0CCD CDD0 PE2 system view PE2 bpdu tunnel tunnel dmac 0100 0ccd cdd0 Create VLA...

Page 222: ...gn it to all VLANs PE1 interface gigabitethernet 2 0 1 PE1 GigabitEthernet2 0 1 port link type trunk PE1 GigabitEthernet2 0 1 port trunk permit vlan all Disable STP on GigabitEthernet 2 0 1 and then e...

Page 223: ...d 1 4 VLAN Mapping Configuration Task List 1 6 Configuring One to One VLAN Mapping 1 7 Configuring One to One VLAN Mapping 1 7 Configuring Many to One VLAN Mapping 1 9 Configuring Many to One VLAN Map...

Page 224: ...than two VLANs to the same SVLAN ID z One to two VLAN mapping that maps traffic with the inner VLAN ID to the inner VLAN ID and the SVLAN ID z Two to two VLAN mapping that maps traffic with outer and...

Page 225: ...using the same service you need to perform one to one VLAN mapping to map the service traffic to different VLANs by user on the corridor switches However an access device on the distribution layer is...

Page 226: ...sers to plan their own CVLAN IDs independent of SP network VLAN IDs thus saving the VLAN resources of SPs When the double tagged packet enters the SP 2 network PE 3 replaces the outer VLAN tag VLAN 10...

Page 227: ...g downlink traffic z Downlink port A port transmitting downlink traffic and receiving uplink traffic z Uplink policy A QoS policy containing VLAN mappings for uplink traffic z Downlink policy A QoS po...

Page 228: ...nk traffic For downlink traffic Do Based on Do Based on Tag the CVLAN tagged traffic with the SVLAN Uplink policy in the inbound direction Forward traffic with the outer VLAN tag the SVLAN removed You...

Page 229: ...onfiguring One to One VLAN Mapping Optional Perform this configuration on the corridor switches shown in Figure 1 1 Configuring Many to One VLAN Mapping Optional Perform this configuration on the camp...

Page 230: ...ping To do Use the command Remarks Enter system view system view Create a VLAN vlan vlan id Create a CVLAN and a SVLAN Exit to system view quit Required By default only the default VLAN VLAN 1 exists...

Page 231: ...ed Exit to system view quit Create a traffic behavior and enter traffic behavior view traffic behavior behavior name Required Specify the SVLAN for the VLAN mapping remark service vlan id vlan id valu...

Page 232: ...dure Follow these steps to configure a many to one VLAN mapping To do Use the command Remarks Enter system view system view Enable DHCP snooping dhcp snooping Required Disabled by default Create a VLA...

Page 233: ...s through port trunk permit vlan vlan id list all Required By default a trunk port permits only VLAN 1 to pass through Enable service provider side QinQ qinq enable uplink Required Disabled by default...

Page 234: ...m one to two VLAN mapping on the edge devices from which customer traffic enters SP networks on Device A and Device D in Figure 1 2 for example Follow these steps to configure a one to two VLAN mappin...

Page 235: ...r behavior name Required Specify the SVLAN for the VLAN mapping nest top most vlan id vlan id value dot1p dot1p cos value Required Exit to system view quit Create a QoS policy and enter QoS policy vie...

Page 236: ...Required By default a trunk port permits only the packets of VLAN 1 to pass through Apply the uplink policy for the downlink port to the inbound direction of the downlink port qos apply policy policy...

Page 237: ...to the new CVLAN by associating the traffic class with the traffic behavior classifier tcl name behavior behavior name Required Exit to system view quit Table 1 6 Configure an uplink policy for the do...

Page 238: ...ehavior behavior name Required Specify the original CVLAN used for replacing the new CVLAN remark customer vlan id vlan id value Required Specify the original SVLAN used for replacing the new SVLAN re...

Page 239: ...VLAN 201 300 VLAN 502 VLAN 301 400 VLAN 503 VLAN 1 VLAN 111 VLAN 2 VLAN 211 VLAN 3 VLAN 311 VLAN 1 VLAN 112 VLAN 2 VLAN 212 VLAN 3 VLAN 312 VLAN 111 210 VLAN 501 VLAN 211 310 VLAN 502 VLAN 311 410 VL...

Page 240: ...licy p1 classifier c1 behavior b1 SwitchA policy p1 classifier c2 behavior b2 SwitchA policy p1 classifier c3 behavior b3 SwitchA policy p1 quit SwitchA qos policy p2 SwitchA policy p2 classifier c1 b...

Page 241: ...the uplink policy p1 to the inbound direction of GigabitEthernet 2 0 1 SwitchA GigabitEthernet2 0 1 qos apply policy p1 inbound Apply the downlink policy p11 to the outbound direction of GigabitEther...

Page 242: ...behavior b3 SwitchB behavior b3 remark service vlan id 311 SwitchB behavior b3 traffic behavior b4 SwitchB behavior b4 remark service vlan id 112 SwitchB behavior b4 traffic behavior b5 SwitchB behav...

Page 243: ...fier c44 behavior b11 SwitchB policy p22 classifier c55 behavior b22 SwitchB policy p22 classifier c66 behavior b33 SwitchB policy p22 quit Configure GigabitEthernet 2 0 1 to permit frames of the spec...

Page 244: ...n each VLAN involved in VLAN mapping SwitchC vlan 101 SwitchC vlan101 arp detection enable SwitchC vlan101 vlan 201 SwitchC vlan201 arp detection enable SwitchC vlan201 vlan 301 SwitchC vlan301 arp de...

Page 245: ...SwitchC behavior b3 remark service vlan id 503 SwitchC behavior b3 quit SwitchC qos policy p1 SwitchC policy p1 classifier c1 behavior b1 mode dot1q tag manipulation SwitchC policy p1 classifier c2 b...

Page 246: ...3 arp detection trust Enable SP side QinQ on GigabitEthernet 2 0 3 SwitchC GigabitEthernet2 0 3 qinq enable uplink 4 Configuration on Switch D SwitchD system view Enable DHCP snooping SwitchD dhcp sn...

Page 247: ...est quit DeviceA qos policy nest DeviceA qospolicy nest classifier nest behavior nest DeviceA qospolicy nest quit Configure GigabitEthernet 2 0 1 to forward the traffic of VLAN 100 with the outer VLAN...

Page 248: ...g VPN 1 traffic on GigabitEthernet 2 0 1 DeviceC traffic behavior downlink_in DeviceC behavior downlink_in remark service vlan id 200 DeviceC behavior downlink_in quit Configure an uplink policy to ma...

Page 249: ...policies to GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 DeviceC interface gigabitethernet 2 0 1 DeviceB GigabitEthernet2 0 1 port link type trunk DeviceB GigabitEthernet2 0 1 port trunk permit vl...

Page 250: ...uter VLAN tag removed DeviceD interface gigabitethernet 2 0 2 DeviceD GigabitEthernet2 0 2 port link type hybrid DeviceD GigabitEthernet2 0 2 port hybrid vlan 200 untagged Enable basic QinQ on Gigabit...

Page 251: ...onfiguring Local Mirroring Groups 1 13 Configuring Mirroring Ports for a Local Mirroring Group 1 13 Configuring the Monitor Port for a Local Mirroring Group 1 14 Configuring Local Port Mirroring for a...

Page 252: ...on the same device z Layer 2 remote port mirroring In Layer 2 remote port mirroring the mirroring port and the monitor port are located on different devices on a same Layer 2 network z Layer 3 remote...

Page 253: ...ng port are mirrored to the monitor port for the data monitoring device to analyze The mirroring ports and the monitor port in a local mirroring group can be located on different LPUs of a same device...

Page 254: ...adding the other ports on the source device to the remote probe VLAN z For the mirrored packets to be forwarded to the monitor port ensure that the same probe VLAN is configured in the remote source a...

Page 255: ...the mirroring port or CPU on the source device z For more information about GRE tunnels see Tunnel Configuration in the IP Services Volume z Only the SD and EB series LPUs support Layer 3 remote port...

Page 256: ...g ports in system view Follow these steps to configure mirroring ports for a local mirroring group in system view To do Use the command Remarks Enter system view system view Configure mirroring ports...

Page 257: ...ps to configure the monitor port of a local mirroring group in interface view To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number...

Page 258: ...e device then configure the remote probe VLAN and the monitor port for the remote destination mirroring group on the destination device Complete these tasks to configure Layer 2 remote port mirroring...

Page 259: ...rroring port in interface view To assign multiple ports to the mirroring group as mirroring ports in interface view repeat the step z Configuring mirroring ports in system view Follow these steps to c...

Page 260: ...fault no egress port is configured for a mirroring group z Configuring the egress port in interface view Follow these steps to configure the egress port for the remote source mirroring group in interf...

Page 261: ...group Follow these steps to create a remote destination mirroring group To do Use the command Remarks Enter system view system view Create a remote destination mirroring group mirroring group group i...

Page 262: ...affic and normally forwarded traffic z A port connected to an RRPP ring cannot be configured as the monitor port of a port mirroring group Configuring the remote probe VLAN for the remote destination...

Page 263: ...nfigure mirroring port and the monitor port for each mirroring group The source and destination devices are connected by a tunnel z On the source device you need to configure the port you want to moni...

Page 264: ...you want to monitor as the mirroring ports on the destination device configure the physical port corresponding to the tunnel interface as the mirroring port You can configure a list of mirroring ports...

Page 265: ...to a mirroring group as the monitor port in interface view The two modes lead to the same result Configuring the monitor port in system view Follow these steps to configure the monitor port for a loca...

Page 266: ...switch can configure local port mirroring for ONUs to mirror the incoming or outgoing traffic of an UNI of an ONU to another UNI of the ONU Follow these steps to configure local port mirroring for UNI...

Page 267: ...igabitEthernet 2 0 3 z Configure local port mirroring in mirroring port mode to enable the server to monitor the bidirectional traffic of the marketing department and the technical department Figure 1...

Page 268: ...cts to the server through GigabitEthernet 2 0 2 and to the trunk port GigabitEthernet 2 0 2 of Device B through the trunk port GigabitEthernet 2 0 1 z Configure Layer 2 remote port mirroring to enable...

Page 269: ...thernet2 0 2 port trunk permit vlan 2 DeviceB GigabitEthernet2 0 2 quit 3 Configure Device C the destination device Configure GigabitEthernet 2 0 1 as a trunk port that permits the packets of VLAN 2 t...

Page 270: ...ated ports on the devices Configure IP addresses and subnet masks for related ports and the tunnel interfaces according to the configurations shown in Figure 1 6 2 Configure Device A the source device...

Page 271: ...eviceA mirroring group 1 monitor port tunnel 0 3 Configure Device B the intermediate device Enable the OSPF protocol DeviceB system view DeviceB ospf 1 DeviceB ospf 1 area 0 DeviceB ospf 1 area 0 0 0...

Page 272: ...s a mirroring port and GigabitEthernet 2 0 2 as the monitor port of local mirroring group 1 DeviceC mirroring group 1 mirroring port gigabitethernet 2 0 1 inbound DeviceC mirroring group 1 monitor por...

Page 273: ...port view DeviceA interface Onu 3 0 1 1 Configure UNI 1 as the mirroring port for local port mirroring and specify to mirror traffic received on UNI 1 DeviceA Onu3 0 1 1 uni 1 mirroring port inbound...

Page 274: ...ing Overview Remote traffic mirroring combines traffic mirroring with remote port mirroring to use a remote mirroring group to mirror local packets matching the specified criteria to the specified des...

Page 275: ...LPUs only support mirroring incoming packets Configuring Remote Traffic Mirroring To implement remote traffic mirroring perform the following configurations on the source device and destination device...

Page 276: ...mples Traffic Mirroring Configuration Example Network Requirements The user s network is as described below z Host A with the IP address 192 168 0 1 and Host B are connected to GigabitEthernet 2 0 1 o...

Page 277: ...ackets from Host A on the data monitoring device Remote Traffic Mirroring Configuration Example Network requirements As shown in Figure 2 2 the customer network is as described below z GigabitEthernet...

Page 278: ...2 quit Configure VLAN 2 as the remote probe VLAN GigabitEthernet 2 0 48 as the mirroring port and GigabitEthernet 2 0 1 as the egress port for the remote source mirroring group SwitchA mirroring group...

Page 279: ...tination Create VLAN 2 SwitchC vlan 2 SwitchC vlan2 quit Configure VLAN 2 as the remote probe VLAN and GigabitEthernet 2 0 2 as the monitor port for the remote destination mirroring group and configur...

Page 280: ...Parameters 2 3 Configuring Grant filtering on the OLT port 2 4 Configuring the Link Type of an OLT Port 2 5 Enabling Layer 2 Communication Between the ONUs Attached to an OLT Port 2 5 Configuring Fibe...

Page 281: ...onfiguration Example 3 23 4 UNI Port Configuration 4 1 UNI Port Configuration Task List 4 1 UNI Port Basic Configuration 4 1 Configuring the VLAN Operation Mode for a UNI 4 2 Configuring Fast Leave Pr...

Page 282: ...On an S7900E switch installed with an EPON card and operating as an OLT device in this case the switch operates in independent mode if you enable IRF stacking on the switch the switch will reboot to o...

Page 283: ...s provide optical signal transmission paths between OLTs and ONUs A POS can couple uplink data into a single piece of fiber and distribute downlink data to respective ONUs Benefits of the EPON Technol...

Page 284: ...s that are dense or need narrowband broadband integrated services FTTH In an FTTH system ONUs are deployed in user offices or homes to implement a fully transparent optical network with the ONUs indep...

Page 285: ...sends a general GATE message to the same ONU 6 After receiving the REGISTER message and general GATE message the ONU sends a REGISTER_ACK message in the timeslot assigned in the GATE message to notif...

Page 286: ...its local status information to the OLT 3 Upon receiving the REPORT message from the ONU the OLT based on the current bandwidth of the system assigns the ONU a data transmission timeslot which contain...

Page 287: ...e OLT receives no new key notification message thus making the key update more reliable Upon sending a key update request message the OLT starts the encryption response timer If the OLT receives a cor...

Page 288: ...and each OLT port has 64 logical ports namely ONU ports each of which can correspond with an ONU Thus one EPON card can work as multiple OLT devices This reduces users equipment purchase costs and th...

Page 289: ...orted by an S7900E switch is in the range 1 to 80 The actual numbers vary with ONU devices For example when the ONU device corresponding to ONU 3 0 1 1 in an EPON system is S3100 16C EPON EI the UNI p...

Page 290: ...duction Configuration procedure of UNI remote management through OLT Alarm Configuration Configurations of all the alarms in an EPON system Supported Switch Features and Restrictions Switch features s...

Page 291: ...h China s EPON standards OLT Configuration OLT Configuration Task List Complete the following tasks to configure an OLT Task Remarks Configuring OUI and extended OAM version number list Optional Confi...

Page 292: ...ds a REGISTER_REQ message to the OLT at T1 after a delay the time stamp of the REGISTER_REQ message is T1 3 The OLT receives the REGISTER_REQ message at T2 4 The OLT calculates the ONU RTT by using th...

Page 293: ...ified uplink ONU bandwidth range and notifies the results to the ONUs through bandwidth authorization GATE messages This ensures that uplink data sent by ONUs will not conflict with each other Compare...

Page 294: ...65535 while the default thresholds of other queues are 0 1 time quantum TQ is equal to 16 ns which is the time it takes to transmit two bytes of data at 1 Gbps You can manually load an external DBA a...

Page 295: ...ed By default an OLT port belongs to only VLAN 1 and forwards packets of VLAN 1 tagged Configure the default VLAN of the OLT port port hybrid pvid vlan vlan id Optional VLAN 1 by default The VLAN s th...

Page 296: ...PON System Reliability Follow these steps to configure fiber backup To do Use the command Remarks Enter system view system view Enter FTTH view ftth Create a fiber backup group fiber backup group grou...

Page 297: ...e number slot slot number Display the information about the legal ONU with the specified MAC address display onuinfo mac address mac address Display the information about all the silent ONUs connected...

Page 298: ...check whether an ONU is online Port statistics data includes average error rate of data bits and data frames transmitted between an OLT and the ONUs For detailed information refer to the command manua...

Page 299: ...quirements Add two OLT ports of the same EPON board to a fiber backup group one after the other Perform a manual switchover between the two OLT ports When the master port is shut down the slave port b...

Page 300: ...iber group1 port switch over Sysname fiber group1 display fiber backup group 1 fiber backup group 1 information Member Role State Olt3 0 2 MASTER ACTIVE Olt3 0 1 SLAVE READY Shut down OLT 3 0 2 You ca...

Page 301: ...EC series ONUs For details see H3C EC1001 Video Encoder User Manual Support for OLT remote management commands varies with ONUs For details see the sections describing the supported configuration func...

Page 302: ...inding an ONU with an ONU Port An OLT supports ONU authentication based on ONU MAC address and denies illegal ONU access to the system ONU authentication can be implemented by binding the ONU to an ON...

Page 303: ...batch ONU binding configured the device automatically binds the current quiet ONU MAC addresses to the ONU ports and generate the binding configuration on the ONU ports however the ONUs joining subseq...

Page 304: ...he configuration of binding the specified ONU to the specified ONU port However batch ONU binding conflicts with automatic ONU binding Configuring the Management VLAN of the ONU To manage an ONU throu...

Page 305: ...based on different terminal service requirements to realize efficient bandwidth utilization Follow these steps to configure the ONU bandwidth allocation and related parameters To do Use the command Re...

Page 306: ...ping Option82 enabled on an ONU For DHCP request messages with Option82 fields the ONU replaces the Option82 fields with the local one before broadcasting the DHCP request messages For DHCP request me...

Page 307: ...r on the network STP runs normally only when all attached ONUs are H3C ONUs Configuring the Multicast Mode of the ONU Prerequisites for multicast mode configuration Through extended OAM an OLT can be...

Page 308: ...er expiry Router port aging timer Aging time of a router port IGMP general query message PIM message Dvmrp Probe message Considers the port not a router port Aging timer for multicast group member por...

Page 309: ...Configure the query response timer onu protocol igmp snooping max response time seconds Optional By default the maximum response time of group specific queries is 1 second Configure the aging timer of...

Page 310: ...to the OLT Then the ONU adds or deletes the group address filtering and multicast forwarding entries on the ONU based on the multicast control OAM packets containing a series of multicast control entr...

Page 311: ...to Setting the link type of an ONU port to access and Setting the link type of an ONU port to trunk Note that The access ports described in Table 3 2 do not include ports in the default state namely...

Page 312: ...type of an ONU port under an OLT port is configured as access the OLT port must be configured as a hybrid port and be assigned to the specified VLANs with the port hybrid vlan vlan id list tagged comm...

Page 313: ...tion to the OLT Note that Because a large number of ONUs are attached to an OLT enabling ONUs to report information to the OLT may generate a large amount of traffic and thus cause congestion Therefor...

Page 314: ...ktest frame number value frame size value delay on off vlan tag on vlan priority value vlan id value off Required The following lists the default values of the link test parameters Number of test fram...

Page 315: ...ONU software versions remotely through OLTs Updating ONU devices requires a large amount of work because in an EPON system there are different types of ONU devices which use different update files To...

Page 316: ...the original slave SRPU after the switchover otherwise the update will fail Update files used vary with ONUs If ONUs and update files do not match the update will fail For example if you specify to u...

Page 317: ...ile as 2 app in ONU 3 0 1 1 port view 2 app will be used to update the ONU If you cancel the port level configuration the update by type configuration is not executed until the ONU is registered succe...

Page 318: ...ic information Display the IP address allocation information when the ONU serves as a DHCP client display dhcp client Display the information about the protocols supported by the ONU display onu proto...

Page 319: ...ce onu 3 0 1 1 Sysname Onu3 0 1 1 bind onuid 000f e200 0031 Sysname Onu3 0 1 1 quit Sysname interface onu 3 0 1 2 Sysname Onu3 0 1 2 bind onuid 000f e200 3749 When the two ONUs are up display the bind...

Page 320: ...the switch with a multicast source and connect port OLT 3 0 1 of the OLT with an ONU which is bound to ONU 3 0 1 1 through an optical splitter Attach two hosts User 1 and User 2 to ports UNI 1 and UNI...

Page 321: ...ink multicast packets Sysname Onu3 0 1 1 uni 1 multicast strip tag enable Sysname Onu3 0 1 1 uni 2 multicast strip tag enable Sysname Onu3 0 1 1 quit Configure the link type of OLT 3 0 1 as hybrid all...

Page 322: ...ame igmp snooping quit Enable IGMP snooping in VLAN 1002 and VLAN 1003 Sysname vlan 1002 Sysname vlan1002 igmp snooping enable Sysname vlan1002 vlan 1003 Sysname vlan1003 igmp snooping enable Sysname...

Page 323: ...nfigure Ethernet 2 0 1 as a Trunk port and permit the packets of VLAN 1002 and VLAN 1003 to pass through the port Sysname interface Ethernet2 0 1 Sysname Ethernet2 0 1 port link type trunk Sysname Eth...

Page 324: ...e see the parts discussing software maintenance in 3Com S7900E Family Getting Started Guide Update all the attached type A ONUs to version 109 in OLT 3 0 1 port view Sysname interface olt 3 0 1 Sysnam...

Page 325: ...wait Please wait while the firmware is being burnt and check the software version after re registration Sysname Onu3 0 1 1 quit Update all the type A ONUs attached to the S7900E switch to version 110...

Page 326: ...duplex mode it can either send or receive packets at a time When a UNI works in auto negotiation mode the duplex mode of the UNI is determined through negotiation by both ends Flow control for UNIs If...

Page 327: ...NI port uni uni number speed 10 100 auto Optional By default the UNI port rate is 100Mbps Enable auto negotiation for a UNI port uni uni number auto negotiation Optional By default auto negotiation is...

Page 328: ...LAN tag added by the user The user s VID may not be for the user only as some other users in the same EPON system may also use the same VID into a unique network side VLAN tag Table 4 2 describes the...

Page 329: ...ID in the tag is the default VLAN ID of the port the packet is untagged and then forwarded If the VLAN ID in the tag does not match any VLAN translation entry on the port the packet is dropped Transla...

Page 330: ...in IGMP Snooping mode For related configurations refer to Configuring the Multicast Mode of the ONU The fast leave processing feature is effective for IGMPv2 or IGMPv3 clients only If fast leave proc...

Page 331: ...figuration To do Use the command Remarks Display the information about the current status of a UNI display uni information uni number Available in ONU port view Clear the packet statistics information...

Page 332: ...s effect on the current OLT port and all the ONUs attached to the OLT port When an alarm configuration command is executed in ONU port view the command takes effect only on the ONU corresponding to th...

Page 333: ...signal error Data Access DA error or memory allocation failure occurs By default this function is enabled Enable the bit error rate alarm function alarm bit error rate enable Optional When the total...

Page 334: ...alarm llid mismatch enable Optional The system generates an LLID mismatch frame alarm when the time slots are used in disorder that is an ONU uses another ONU s time slot to forward data By default t...

Page 335: ...arms are generated immediately Since alarm events are carried in the OAM packets a lot of OAM packets are generated In this case OAM packets may be lost By default the window size is 1 second and the...

Page 336: ...rror frames in a specific period that is the window size exceeds the corresponding predefined threshold By default this function is enabled Configure the window size and thresholds for error symbol pe...

Page 337: ...M vendor specific alarm function alarm oam vendor specific enable Optional This alarm is customized by vendors By default this function is enabled Enable the ONU over limitation alarm function alarm o...

Page 338: ...r rate alarm function alarm frame error rate enable Optional When the total number of error frames or the error frame rate of the data transferred between the OLT and ONUs exceeds the alarm threshold...

Page 339: ...m dying gasp enable Optional The system generates a dying gasp alarm when a system error a data loading error or any other nonreversible error occurs Enable the error frame period alarm function alarm...

Page 340: ...error frame seconds summary alarm function alarm oam error frame seconds summa ry enable Optional The system generates an error frame seconds summary alarm when the number of error frame seconds in a...

Page 341: ...tion alarm oam local link fault enable Optional The system generates a local link fault alarm when the inbound direction of the local data terminal becomes faulty Enable the registration error alarm f...

Page 342: ...mes in a specific period that is the window size exceeds the corresponding predefined threshold By default this function is enabled Enable the error frame period alarm function alarm oam error frame p...

Page 343: ...he error frame seconds summary alarm function alarm oam error frame seconds summa ry enable Optional The system generates an error frame seconds summary alarm when the number of error frame seconds in...

Page 344: ...figured and the views in which alarm configurations are displayed For details about the display trapbuffer command see the part discussing information center in the command manual Table 5 1 Relations...

Page 345: ...iguration view Alarm configuration display view Remarks FTTH view FTTH view For an alarm configuration command available in FTTH view only you can use the display this command in FTTH view to display...

Page 346: ...t Port related configuration Port link type Setting the link type of an OLT port to Hybrid Allowing the packets of the specified VLAN s to pass through the current Hybrid port Setting the default VLAN...

Page 347: ...nfiguring the maximum number of 802 1X users on an OLT port Configuring 802 1X port access control mode Configuring detection and access control of the users logging in through a proxy Enabling 802 1X...

Page 348: ...roring can be configured in port view of ONU 3 0 1 1 This configuration however will not take effect if the ONUs attached to ONU 3 0 1 1 do not support port mirroring Table 6 2 ONU port features Featu...

Page 349: ...lticast groups that can be joined on a port Configuring IPv4 multicast group filtering Configuring a port as a simulated host to join a multicast group Configuring IPv4 multicast group replacement Con...

Page 350: ...um number of 802 1X users on an ONU port Configuring 802 1X port access control modes Configuring detection and access control of the users logging in through a proxy Enabling 802 1X multicast trigger...

Page 351: ...on an ONU port supports a maximum of 30 ACL rules in the case of single direction configuration and a maximum of 16 ACL rules for each direction when configured for both uplink and downlink directions...

Page 352: ...ring TCP Attributes z Configuring ICMP to Send Error Packets ARP Address Resolution Protocol ARP is used to resolve an IP address into a data link layer address This document describes z ARP Overview...

Page 353: ...d transfer them over the network This document describes z Configuring an IPv6 Manual Tunnel z Configuring a 6to4 Tunnel z Configuring an ISATAP Tunnel z Configuring an IPv4 over IPv4 Tunnel z Configu...

Page 354: ...Addressing Overview 1 1 IP Address Classes 1 1 Special IP Addresses 1 2 Subnetting and Masking 1 2 Configuring IP Addresses 1 3 Assigning an IP Address to an Interface 1 3 IP Addressing Configuration...

Page 355: ...xample is 01010000100000001000000010000000 in binary To make IP addresses in 32 bit form easier to read they are written in dotted decimal notation each being four octets in length for example 10 1 1...

Page 356: ...es the host with a host ID of 16 on the local network z IP address with an all zero host ID Identifies a network z IP address with an all one host ID Identifies a directed broadcast address For exampl...

Page 357: ...address to an interface you may configure the interface to obtain one through DHCP address negotiation as alternatives If you change the way an interface obtains an IP address from manual assignment...

Page 358: ...e switch and the hosts on the LAN can communicate with each other do the following z Assign two IP addresses to VLAN interface 1 on the switch z Set the switch as the gateway on all PCs in the two net...

Page 359: ...5 time 25 ms Reply from 172 16 2 2 bytes 56 Sequence 2 ttl 255 time 26 ms Reply from 172 16 2 2 bytes 56 Sequence 3 ttl 255 time 26 ms Reply from 172 16 2 2 bytes 56 Sequence 4 ttl 255 time 26 ms Repl...

Page 360: ...Connected Network 1 1 Enabling Reception of Directed Broadcasts to a Directly Connected Network 1 1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network 1 2 Configuration Exampl...

Page 361: ...eve best network performance IP performance optimization configuration includes z Enabling the device to receive and forward directed broadcasts z Configuring TCP timers z Configuring the TCP buffer s...

Page 362: ...ed by the S7900E series Ethernet switches By default the devices allow forwarding of directed broadcasts to a directly connected network Configuration Example Network requirements As shown in Figure 1...

Page 363: ...TCP optional parameters that can be configured include z synwait timer When sending a SYN packet TCP starts the synwait timer If no response packet is received within the synwait timer interval the TC...

Page 364: ...route option in the packet ICMP redirect packets function simplifies host administration and enables a host to gradually establish a sound routing table to find out the best route 2 Sending ICMP timeo...

Page 365: ...send ICMP error packets its performance will be reduced z As the redirection function increases the routing table size of a host the host s performance will be reduced if its routing table becomes ver...

Page 366: ...vailable in any view Display socket information for distributed IRF devices display ip socket socktype sock type task id socket id chassis chassis number slot slot number Available in any view Display...

Page 367: ...ral Network 1 5 ARP Configuration Example 1 6 Configuring Gratuitous ARP 1 7 Introduction to Gratuitous ARP 1 7 Configuring Gratuitous ARP 1 7 Displaying and Maintaining ARP 1 8 2 Proxy ARP Configurat...

Page 368: ...ributed IRF device If an S7900E series is not in any IRF it operates as a distributed device if the S7900E series is in an IRF it operates as a distributed IRF device For introduction of IRF refer to...

Page 369: ...device the message is being sent to ARP Operation Suppose that Host A and Host B are on the same subnet and Host A sends a packet to Host B as shown in Figure 1 2 The resolution process is as follows...

Page 370: ...terface goes down the corresponding dynamic ARP entry will be removed Static ARP entry A static ARP entry is manually configured and maintained It cannot get aged or be overwritten by a dynamic ARP en...

Page 371: ...ip address mac address vlan id interface type interface number vpn instance vpn instance name Required No permanent static ARP entry is configured by default Configure a non permanent static ARP entr...

Page 372: ...cannot learn any ARP entry with a multicast MAC address and configuring such a static ARP entry is not allowed otherwise the system displays error messages After the ARP entry check is disabled the de...

Page 373: ...cted to Switch which is connected to Router through interface GigabitEthernet2 0 1 belonging to VLAN 10 The IP address of Router is 192 168 1 1 24 The MAC address of Router is 00e0 fc01 0000 To enhanc...

Page 374: ...the IP address is already used the device issuing the gratuitous ARP packet will be informed by an ARP reply of the conflict z Informing other devices about the change of its MAC address so that they...

Page 375: ...view Display the ARP entry for a specified IP address for distributed IRF devices display arp ip address chassis chassis number slot slot number verbose begin exclude include regular expression Availa...

Page 376: ...twork Proxy ARP involves common proxy ARP and local proxy ARP which are described in the following sections The term proxy ARP in the following sections of this chapter refers to common proxy ARP unle...

Page 377: ...0 1 Enable local proxy ARP on Switch A to allow Layer 3 communication between the two hosts Figure 2 2 Application environment of local proxy ARP In one of the following cases you need to enable loca...

Page 378: ...ed display local proxy arp interface interface type interface number Available in any view Proxy ARP Configuration Examples Proxy ARP Configuration Example Network requirements As shown in Figure 2 3...

Page 379: ...ng preceding configurations use the ping command to verify the connectivity between Host A and Host D Local Proxy ARP Configuration Example in Case of Port Isolation Network requirements As shown in F...

Page 380: ...witchB gigabitethernet2 0 1 port isolate enable SwitchB gigabitethernet2 0 1 interface gigabitethernet 2 0 3 SwitchB gigabitethernet2 0 3 port isolate enable SwitchB gigabitethernet2 0 3 quit 2 Config...

Page 381: ...h Vlan interface10 ip address 192 168 10 100 255 255 0 0 Switch Vlan interface10 quit The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2 and Layer 3 Configur...

Page 382: ...em view SwitchB vlan 2 SwitchB vlan2 port GigabitEthernet2 03 SwitchB vlan2 quit SwitchB vlan 3 SwitchB vlan3 port GigabitEthernet2 01 SwitchB vlan3 quit SwitchB vlan 5 SwitchB vlan5 port GigabitEther...

Page 383: ...2 8 SwtichA Vlan interface5 local proxy arp enable The ping operation from Host A to Host B is successful after the configuration...

Page 384: ...nfiguring a Domain Name Suffix for the Client 2 8 Configuring DNS Servers for the Client 2 8 Configuring WINS Servers and NetBIOS Node Type for the Client 2 8 Configuring the BIMS Server Information f...

Page 385: ...CP Relay Agent Configuration Examples 3 9 DHCP Relay Agent Configuration Example 3 9 DHCP Relay Agent Option 82 Support Configuration Example 3 10 Troubleshooting DHCP Relay Agent Configuration 3 11 4...

Page 386: ...n hosts become more complex The Dynamic Host Configuration Protocol DHCP was introduced to solve these problems DHCP is built on a client server model in which a client sends a configuration request a...

Page 387: ...server via four steps 2 The client broadcasts a DHCP DISCOVER message to locate a DHCP server 3 A DHCP server offers configuration parameters including an IP address to the client in a DHCP OFFER mes...

Page 388: ...ast to extend the lease duration Upon availability of the IP address the DHCP server returns a DHCP ACK unicast confirming that the client s lease duration has been extended or a DHCP NAK unicast deny...

Page 389: ...rmat as the Bootstrap Protocol BOOTP message for compatibility but differs from it in the option field which identifies new features for DHCP DHCP uses the option field in DHCP messages to carry contr...

Page 390: ...guration Server ACS parameters including the ACS URL username and password z Service provider identifier acquired by the customer premises equipment CPE from the DHCP server and sent to the ACS for se...

Page 391: ...te the DHCP client to further implement security control and accounting The Option 82 supporting server can also use such information to define individual assignment policies of IP address and other p...

Page 392: ...interface that received the client s request Its format is shown in Figure 1 10 Figure 1 10 Sub option 1 in verbose padding format In Figure 1 10 except that the VLAN ID field has a fixed length of 2...

Page 393: ...r not z Sub option 4 Failover route that specifies the destination IP address and the called number SIP users use such IP addresses and numbers to communicate with each other that a SIP user uses to r...

Page 394: ...rted on loopback interfaces Introduction to DHCP Server Application Environment The DHCP server is well suited to the network where z It is hard to implement manual configuration and centralized manag...

Page 395: ...evel child has no such configuration or z Overridden if the lower level child has such configuration z The extended address pool database is not organized as a tree z The IP address lease does not enj...

Page 396: ...terface of the DHCP server or DHCP relay agent resides to avoid wrong IP address allocation IP Address Allocation Sequence A DHCP server assigns an IP address to a client according to the following se...

Page 397: ...g Dynamic Address Allocation for an Extended Address Pool Required for the extended address pool configuration Configuring a Domain Name Suffix for the Client Configuring DNS Servers for the Client Co...

Page 398: ...ient s MAC or ID to IP address in the DHCP address pool When the client with the MAC address or ID requests an IP address the DHCP server will find the IP address from the binding for the client A DHC...

Page 399: ...es on a DHCP client share the same MAC address you need to specify the client ID rather than MAC address in a static binding to identify the requesting interface otherwise the client may fail to obtai...

Page 400: ...sk are specified the address pool becomes valid Follow these steps to configure dynamic address allocation for an extended address pool To do Use the command Remarks Enter system view system view Ente...

Page 401: ...do Use the command Remarks Enter system view system view Enter DHCP address pool view dhcp server ip pool pool name extended Specify DNS servers dns list ip address 1 8 Required Not specified by defau...

Page 402: ...nfiguration files obtained from a branch intelligent management system BIMS server Therefore the DHCP server needs to offer DHCP clients the BIMS server IP address port number shared key from the DHCP...

Page 403: ...config ncp ip ip address Required Not specified by default Specify the IP address of the backup network calling processor voice config as ip ip address Optional Not specified by default Configure the...

Page 404: ...s Specify the name of the TFTP server tftp server domain name domain name Required to use either command Not specified by default Specify the bootfile name bootfile name bootfile name Required Not spe...

Page 405: ...n may affect DHCP operation Enabling DHCP Enable DHCP before performing other configurations Follow these steps to enable DHCP To do Use the command Remarks Enter system view system view Enable DHCP d...

Page 406: ...e server interface connected to the client Applying an Extended Address Pool on an Interface After you create an extended address pool and apply it on an interface the DHCP server upon receiving a cli...

Page 407: ...etection enabled the device puts a record once for each DHCP server The administrator needs to find unauthorized DHCP servers from the log information Configuring IP Address Conflict Detection To avoi...

Page 408: ...ring the handling mode for Option 82 Follow these steps to enable the DHCP server to handle Option 82 To do Use the command Remarks Enter system view system view Enable the server to handle Option 82...

Page 409: ...not save DHCP server lease information Therefore when the system boots up or the reset dhcp server ip in use command is executed no lease information will be available in the configuration file In thi...

Page 410: ...p pool 0 static bind client identifier 3030 3066 2e65 3234 392e 3830 3530 2d56 6c61 6e2d 696e 7465 7266 6163 6532 SwitchA dhcp pool 0 dns list 10 1 1 2 SwitchA dhcp pool 0 gateway list 10 1 1 126 Swit...

Page 411: ...com DNS server address 10 1 1 2 25 and gateway address 10 1 1 254 25 and there is no WINS server address z The domain name and DNS server address on subnets 10 1 1 0 25 and 10 1 1 128 25 are the same...

Page 412: ...nfiguration is complete clients on networks 10 1 1 0 25 and 10 1 1 128 25 can obtain IP addresses on the corresponding network and other network parameters from Switch A You can use the display dhcp s...

Page 413: ...command on the DHCP server to view the IP addresses assigned to the clients Troubleshooting DHCP Server Configuration Symptom A client s IP address obtained from the DHCP server conflicts with anothe...

Page 414: ...DHCP server must be available on each subnet which is not practical DHCP relay agent solves the problem Via a relay agent DHCP clients communicate with a DHCP server on another subnet to obtain config...

Page 415: ...ormation refer to Relay agent option Option 82 If the DHCP relay agent supports Option 82 it will handle a client s request according to the contents defined in Option 82 if any The handling strategie...

Page 416: ...elay Agent Security Functions Optional Configuring the DHCP Relay Agent to Send a DHCP Release Request Optional Configuring the DHCP Relay Agent to Support Option 82 Optional Configuring the DHCP Rela...

Page 417: ...CP server group and add a server into the group dhcp relay server group group id ip ip address Required Not created by default Enter interface view interface interface type interface number Correlate...

Page 418: ...Disabled by default z The dhcp relay address check enable command is independent of other commands of the DHCP relay agent That is the invalid address check takes effect when this command is executed...

Page 419: ...the IP address of the DHCP server which assigned an IP address to the DHCP client and the receiving interface The administrator can use this information to check out any DHCP unauthorized servers Foll...

Page 420: ...type interface number Enable the relay agent to support Option 82 dhcp relay information enable Required Disabled by default Configure the handling strategy for requesting messages containing Option...

Page 421: ...me must contain no spaces Otherwise the DHCP relay agent will drop the message Displaying and Maintaining DHCP Relay Agent Configuration To do Use the command Remarks Display information about DHCP se...

Page 422: ...ddress of VLAN interface 2 is 10 1 1 2 24 Figure 3 3 Network diagram for DHCP relay agent Switch B DHCP server Switch A DHCP relay agent DHCP client DHCP client DHCP client DHCP client Vlan int2 10 1...

Page 423: ...ircuit ID sub option as company001 and for the remote ID sub option as device001 z Switch A forwards DHCP requests to the DHCP server Switch B after replacing Option 82 in the requests so that the DHC...

Page 424: ...debugging and execute the display command on the DHCP relay agent to view the debugging information and interface state information for locating the problem Solution Check that z The DHCP is enabled...

Page 425: ...P server cannot be a Windows 2000 Server or Windows 2003 Server Introduction to DHCP Client With the DHCP client enabled an interface will use DHCP to obtain configuration parameters such as an IP add...

Page 426: ...ified configuration information display dhcp client verbose interface interface type interface number Available in any view DHCP Client Configuration Example Network requirements As shown in Figure 4...

Page 427: ...ent on VLAN interface 2 SwitchB system view SwitchB interface vlan interface 2 SwitchB Vlan interface2 ip address dhcp alloc 3 Verification Use the display dhcp client command to view the IP address a...

Page 428: ...Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 Direct 0 0 10 1 1 3 Vlan2 10 1 1 3 32 Direct 0 0 127 0 0 1 InLoop0 20 1 1 0 24 Static 70 0 10 1 1 2 Vlan2 127 0 0...

Page 429: ...uction of IRF refer to IRF Configuration in the System Volume DHCP Snooping Overview Functions of DHCP Snooping As a DHCP security feature DHCP snooping can implement the following 1 Ensuring DHCP cli...

Page 430: ...For details refer to IP Source Guard Configuration in the Security Volume z VLAN mapping The device replaces service provider VLANs SVLANs in packets with customer VLANs CVLANs by searching correspond...

Page 431: ...1 GigabitEthernet2 0 2 Switch C GigabitEthernet2 0 1 GigabitEthernet2 0 3 and GigabitEthernet2 0 4 GigabitEthernet2 0 2 DHCP Snooping Support for Option 82 Option 82 records the location information...

Page 432: ...the message after adding the Option 82 padded in normal format verbose Forward the message after adding the Option 82 padded in verbose format no Option 82 user defined Forward the message after addi...

Page 433: ...tion will be effective z Configuring both the DHCP snooping and selective QinQ function on the switch is not recommended because it may result in malfunction of DHCP snooping Configuring DHCP Snooping...

Page 434: ...ies to non user defined Option 82 only Configure non user defined Option 82 Configure the code type for the remote ID sub option dhcp snooping information remote id format type ascii hex Optional hex...

Page 435: ...aying and Maintaining DHCP Snooping To do Use the command Remarks Display DHCP snooping entries display dhcp snooping ip ip address Available in any view Display Option 82 configuration information on...

Page 436: ...igabitEthernet2 0 1 as trusted SwitchB interface GigabitEthernet2 0 1 SwitchB GigabitEthernet2 0 1 dhcp snooping trust SwitchB GigabitEthernet2 0 1 quit DHCP Snooping Option 82 Support Configuration E...

Page 437: ...chB GigabitEthernet2 0 2 dhcp snooping information circuit id string company001 SwitchB GigabitEthernet2 0 2 dhcp snooping information remote id string device001 SwitchB GigabitEthernet2 0 2 quit Conf...

Page 438: ...les 1 5 Static Domain Name Resolution Configuration Example 1 5 Dynamic Domain Name Resolution Configuration Example 1 6 DNS Proxy Configuration Example 1 9 Troubleshooting IPv4 DNS Configuration 1 10...

Page 439: ...IP address mappings are stored in the local static name resolution table to improve efficiency Static Domain Name Resolution The static domain name resolution means setting up mappings between domain...

Page 440: ...ply the missing part For example a user can configure com as the suffix for aabbcc com The user only needs to type aabbcc to get the IP address of aabbcc com The resolver can add the suffix and delimi...

Page 441: ...me resolution table after receiving the request If the requested information exists in the table the DNS proxy returns a DNS reply to the client 3 If the requested information does not exist in the st...

Page 442: ...e resolution To do Use the command Remarks Enter system view system view Enable dynamic domain name resolution dns resolve Required Disabled by default Specify a DNS server dns server ip address Requi...

Page 443: ...Switch and thus the Switch can use the domain name host com to access the host whose IP address is 10 1 1 2 Figure 1 3 Network diagram for static domain name resolution Configuration procedure Config...

Page 444: ...m and the IP address 3 1 1 1 16 Figure 1 4 Network diagram for dynamic domain name resolution Configuration procedure z Before performing the following configuration make sure that the Switch and the...

Page 445: ...ne Create a mapping between host name and IP address Figure 1 6 Add a host In Figure 1 6 right click zone com and then select New Host to bring up a dialog box as shown in Figure 1 7 Enter host name h...

Page 446: ...is normal and that the corresponding destination IP address is 3 1 1 1 Sysname ping host Trying DNS resolve press CTRL_C to break Trying DNS server 2 1 1 2 PING host com 3 1 1 1 56 data bytes press C...

Page 447: ...S server and the host are reachable to each other and the IP addresses of the interfaces are configured as shown in Figure 1 8 1 Configure the DNS server This configuration may vary with different DNS...

Page 448: ...tl 126 time 1 ms Reply from 3 1 1 1 bytes 56 Sequence 5 ttl 126 time 1 ms host com ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 1 3 ms Troublesh...

Page 449: ...en host names and IPv6 addresses Static domain name resolution allows applications such as Telnet to contact hosts by using host names instead of IPv6 addresses Follow these steps to configure static...

Page 450: ...ame Required Not configured by default that is only the provided domain name is resolved z The dns resolve and dns domain commands are the same as those of IPv4 DNS z You can configure up to six DNS s...

Page 451: ...me resolution to resolve domain name host com into IPv6 address 1 2 Switch ping ipv6 host com PING host com 1 2 56 data bytes press CTRL_C to break Reply from 1 2 bytes 56 Sequence 1 hop limit 128 tim...

Page 452: ...the Switch and the host are accessible to each another via available routes and the IPv6 addresses of the interfaces are configured as shown Figure 2 2 z This configuration may vary with different DN...

Page 453: ...te a new zone named com Figure 2 3 Create a zone Create a mapping between the host name and the IPv6 address As shown in Figure 2 4 right click zone com Figure 2 4 Create a record In Figure 2 4 select...

Page 454: ...2 6 Figure 2 5 Select the resource record type As shown in Figure 2 6 type host name host and IPv6 address 1 1 and then click OK Figure 2 6 Add a mapping between domain name and IPv6 address...

Page 455: ...ding destination IP address is 1 1 Switch ping ipv6 host Trying DNS resolve press CTRL_C to break Trying DNS server 2 2 PING host com 1 1 56 data bytes press CTRL_C to break Reply from 1 1 bytes 56 Se...

Page 456: ...m Number of Neighbors Dynamically Learned 1 14 Configuring Parameters Related to RA Messages 1 14 Configuring the Maximum Number of Attempts to Send an NS Message for DAD 1 16 Configuring PMTU Discove...

Page 457: ...ributed IRF device If an S7900E series is not in any IRF it operates as a distributed device if the S7900E series is in an IRF it operates as a distributed IRF device For introduction of IRF refer to...

Page 458: ...ments of hierarchical address division as well as allocation of public and private addresses Hierarchical address structure IPv6 adopts the hierarchical address structure to quicken route search and r...

Page 459: ...most while the size of IPv6 extension headers is restricted to the maximum size of IPv6 packets Introduction to IPv6 Address IPv6 address format An IPv6 address is represented as a set of 16 bit hexad...

Page 460: ...arget interface is nearest to the source according to a routing protocol s measure of distance There are no broadcast addresses in IPv6 Their function is replaced by multicast addresses The type of an...

Page 461: ...address FF02 2 Link local scope all routers multicast address FF05 2 Site local scope all routers multicast address Besides there is another type of multicast address solicited node address A solicit...

Page 462: ...covery and address autoconfiguration z Redirection Table 1 3 lists the types and functions of ICMPv6 messages used by the NDP Table 1 3 Types and functions of ICMPv6 messages ICMPv6 message Number Fun...

Page 463: ...dress of node A 2 After receiving the NS message node B judges whether the destination address of the packet is its solicited node multicast address If yes node B learns the link layer address of node...

Page 464: ...atically generates an IPv6 address according to the information obtained through router prefix discovery The router prefix discovery is implemented through RS and RA messages The router prefix discove...

Page 465: ...PMTU discovery mechanism is to find the minimum MTU of all links in the path from the source to the destination Figure 1 5 shows the working procedure of PMTU discovery Figure 1 5 Working procedure of...

Page 466: ...ets allowing communication between IPv4 and IPv6 nodes It performs IP address translation and according to different protocols performs semantic translation for packets This technology is only suitabl...

Page 467: ...ormat is adopted the IPv6 address prefix of an interface is the configured prefix and the interface identifier is generated automatically by the interface z Manual configuration IPv6 site local addres...

Page 468: ...s is configured for an interface a link local address is generated automatically The automatically generated link local address is the same as the one generated by using the ipv6 address auto link loc...

Page 469: ...ugh NS and NA messages or through a manually configured static neighbor entry The device uniquely identifies a static neighbor entry according to the neighbor IPv6 address and the local Layer 3 interf...

Page 470: ...eir descriptions Parameters Description Cur hop limit When sending an IPv6 packet a host uses the value to fill the Cur Hop Limit field in IPv6 headers The value is also filled into the Cur Hop Limit...

Page 471: ...mit ipv6 nd hop limit value Optional 64 by default Enable the consistency check on the source MAC address of ND packets ipv6 nd mac check enable Optional Disabled by default Enter interface view inter...

Page 472: ...onds and the value of the Reachable Timer field in RA messages is 0 z The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages z In VRRP networki...

Page 473: ...e path MTU from a source host to a destination host is dynamically determined refer to IPv6 PMTU Discovery the source host sends subsequent packets to the destination host on basis of this MTU After t...

Page 474: ...he configured capacity One token allows one ICMPv6 error packet to be sent Each time an ICMPv6 error packet is sent the number of tokens in a token bucket decreases by one If the number of ICMPv6 erro...

Page 475: ...ice degrades greatly because it has to send back ICMP time exceeded packets You can disable sending of ICMPv6 time exceeded packets Follow these steps to enable sending of ICMPv6 time exceeded packets...

Page 476: ...view Display socket information for distributed IRF devices display ipv6 socket socktype socket type task id socket id chassis chassis number slot slot number Available in any view Display the statist...

Page 477: ...corresponding VLANs configure IPv6 addresses for the VLAN interfaces and verify the connectivity between them z The aggregatable global unicast addresses of VLAN interface 2 and VLAN interface 1 on Sw...

Page 478: ...NDP SwitchA display ipv6 neighbors interface GigabitEthernet 2 0 2 Type S Static D Dynamic IPv6 Address Link layer VID Interface State T Age FE80 215 E9FF FEA6 7D14 0015 e9a6 7d14 1 GE2 0 2 STALE D 12...

Page 479: ...s 0 SwitchA display ipv6 interface vlan interface 1 verbose Vlan interface1 current state UP Line protocol current state UP IPv6 is enabled link local address is FE80 20F E2FF FE00 1C0 Global unicast...

Page 480: ...s 0 Display the IPv6 interface settings on Switch B All the IPv6 global unicast addresses configured on the interface are displayed SwitchB display ipv6 interface vlan interface 2 verbose Vlan interfa...

Page 481: ...ng Switch A and Switch B on Host and ping Switch A and Host on Switch B to verify the connectivity between them When you ping a link local address you should use the i parameter to specify an interfac...

Page 482: ...roubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged Solution z Use the display current configuration command in any view or the display this command in system view...

Page 483: ...elay Agent 1 3 Protocols and Standards 1 4 Configuring the DHCPv6 Client 1 4 Configuration Prerequisites 1 4 Configuration Procedure 1 4 Configuring the DHCPv6 Relay Agent 1 5 Configuration Prerequisi...

Page 484: ...addresses assigned to hosts and assign addresses to specific hosts thus facilitating network management z Assign configuration parameters to hosts such as the DNS server address or domain name Basic C...

Page 485: ...ice can only serve as the DHCPv6 client and relay agent Serving as a DHCPv6 client the device only supports stateless DHCPv6 configuration instead of stateful DHCPv6 configuration that is the device c...

Page 486: ...1 3 Operation of Stateless DHCPv6 As shown in Figure 1 3 stateless DHCPv6 operates as follows 1 The DHCPv6 client multicasts an information request message to the destination address FF02 1 2 The info...

Page 487: ...then sends the Relay reply message to the DHCPv6 relay agent 4 The DHCPv6 relay agent obtains the reply from the Relay reply message and sends the reply to the DHCPv6 client The DHCPv6 client uses th...

Page 488: ...rom a DHCPv6 client the interface that operates as a DHCPv6 relay agent encapsulates the request into a Relay forward message and forwards the message to the specified DHCPv6 server which then assigns...

Page 489: ...ipv6 dhcp client interface interface type interface number Available in any view Display DHCPv6 client statistics display ipv6 dhcp client statistics interface interface type interface number Availabl...

Page 490: ...ace 2 SwitchA Vlan interface2 ipv6 address auto With this command executed if VLAN interface 2 has no IP address configured Switch A will automatically generate a link local address and send an RS mes...

Page 491: ...ind 0 Information request 5 Release 0 Decline 0 DHCPv6 Relay Agent Configuration Example Network requirements As shown in Figure 1 6 the network address prefix of DHCPv6 clients is 1 64 and the IPv6 a...

Page 492: ...SwitchA Vlan interface1 undo ipv6 nd ra halt SwitchA Vlan interface1 ipv6 nd autoconfig managed address flag SwitchA Vlan interface1 ipv6 nd autoconfig other flag 3 Verify the configuration After comp...

Page 493: ...nfiguration Example 1 16 Configuring an ISATAP Tunnel 1 19 Configuration Prerequisites 1 19 Configuration Procedure 1 19 Configuration Example 1 20 Configuring an IPv4 over IPv4 Tunnel 1 23 Configurat...

Page 494: ...ii Displaying and Maintaining Tunneling Configuration 1 45 Troubleshooting Tunneling Configuration 1 45...

Page 495: ...and transfer them over the network A tunnel is a virtual point to point connection providing a channel to transfer encapsulated packets Packets are encapsulated and decapsulated at both ends of a tun...

Page 496: ...ocol IPv6 is compatible with all protocols except IPv4 in the TCP IP suite Therefore IPv6 can completely take the place of IPv4 Before IPv6 becomes the dominant protocol networks using the IPv6 protoc...

Page 497: ...lated IPv6 packet If the destination address is the device itself the device forwards the IPv6 packet to the upper layer protocol for processing Configured tunnel and automatic tunnel An IPv6 over IPv...

Page 498: ...used to automatically acquire the destination IPv4 address of the tunnel The automatic 6to4 tunnel adopts 6to4 addresses The address format is 2002 abcd efgh subnet number interface ID 64 where 2002 r...

Page 499: ...go an encapsulation and decapsulation process Figure 1 3 shows these two processes Figure 1 3 Principle of IPv4 over IPv4 tunnel z Encapsulation The encapsulation process is as follows 1 The interface...

Page 500: ...ponding data module for processing The data module then determines how to route the packet 2 If the packet needs to be routed to Host B connected to Router B the packet is sent to Router A s tunnel in...

Page 501: ...tocol checks the destination address field in the packet header to determine how to route the packet 3 If the packet must be tunneled to reach its destination Router A sends it to the tunnel interface...

Page 502: ...payload to the X protocol for forwarding Encapsulation and decapsulation processes on both ends of the GRE tunnel and the resulting increase in data volumes will degrade the forwarding efficiency for...

Page 503: ...sis number slot slot number Optional Not specified by default Reference a service loopback group service loopback group number Required By default the tunnel does not reference any service loopback gr...

Page 504: ...Configure an IPv6 address for the tunnel interface Configure a link local IPv6 address ipv6 address ipv6 address link local Optional By default a link local address will automatically be created when...

Page 505: ...stination and set the outbound interface to the tunnel interface at the local end or set the next hop to the tunnel interface at the peer end The similar configuration needs to be performed at the oth...

Page 506: ...up 1 type tunnel Add GigabitEthernet 2 0 3 to service loopback group 1 SwitchA interface GigabitEthernet 2 0 3 SwitchA GigabitEthernet2 0 3 undo stp enable SwitchA GigabitEthernet2 0 3 port service lo...

Page 507: ...SwitchB Tunnel0 service loopback group 1 SwitchB Tunnel0 quit Configure a static route to IPv6 Group 1 through tunnel 0 on Switch B SwitchB ipv6 route static 3002 64 tunnel 0 Configuration verificati...

Page 508: ...ply from 3003 1 bytes 56 Sequence 1 hop limit 64 time 1 ms Reply from 3003 1 bytes 56 Sequence 2 hop limit 64 time 1 ms Reply from 3003 1 bytes 56 Sequence 3 hop limit 64 time 1 ms Reply from 3003 1 b...

Page 509: ...s configured for the tunnel interface ipv6 address auto link local Configure an IPv6 address for the tunnel interface Configure an IPv6 link local address ipv6 address ipv6 address link local Optional...

Page 510: ...n needs to be performed at the other tunnel end 6to4 Tunnel Configuration Example Network requirements As shown in Figure 1 9 two 6to4 networks are connected to an IPv4 network through two 6to4 switch...

Page 511: ...witchA Tunnel0 ipv6 address 2002 201 101 1 64 SwitchA Tunnel0 source vlan interface 100 SwitchA Tunnel0 tunnel protocol ipv6 ipv4 6to4 SwitchA Tunnel0 quit Create service loopback group 1 to support t...

Page 512: ...service loopback group 1 SwitchB interface GigabitEthernet 2 0 3 SwitchB GigabitEthernet2 0 3 undo stp enable SwitchB GigabitEthernet2 0 3 port service loopback group 1 SwitchB GigabitEthernet2 0 3 qu...

Page 513: ...x length ipv6 address prefix length Configure an IPv6 global unicast address or site local address ipv6 address ipv6 address prefix length eui 64 Required Use either command By default no IPv6 global...

Page 514: ...stead of the IPv4 address of the tunnel destination and set the outbound interface to the tunnel interface at the local end or set the next hop to the tunnel interface at the peer end The similar conf...

Page 515: ...et 2 0 3 Switch GigabitEthernet2 0 3 undo stp enable Switch GigabitEthernet2 0 3 port service loopback group 1 Switch GigabitEthernet2 0 3 quit Reference service loopback group 1 on the tunnel Switch...

Page 516: ...s 6d23h59m46s public preferred link local fe80 5efe 2 1 1 2 life infinite link MTU 1500 true link MTU 65515 current hop limit 255 reachable time 42500ms base 30000ms retransmission interval 1000ms DAD...

Page 517: ...em view Enter tunnel interface view interface tunnel number Configure an IPv4 address for the tunnel interface ip address ip address mask mask length sub Required By default no IPv4 address is configu...

Page 518: ...ust have different source and destination addresses z If you specify a source interface instead of a source address for the tunnel the source address of the tunnel is the primary IP address of the sou...

Page 519: ...ce tunnel 1 IP address of VLAN interface 101 of Switch B SwitchA Tunnel1 destination 3 1 1 1 SwitchA Tunnel1 quit Create service loopback group 1 to support the tunnel service SwitchA service loopback...

Page 520: ...interface GigabitEthernet 2 0 3 SwitchB GigabitEthernet2 0 3 undo stp enable SwitchB GigabitEthernet2 0 3 port service loopback group 1 SwitchB GigabitEthernet2 0 3 quit Reference service loopback gro...

Page 521: ...packets input 320 bytes 0 input error 9 packets output 576 bytes 0 output error Ping the IPv4 address of the peer interface VLAN interface 100 from Switch A SwitchA ping 10 1 3 1 PING 10 1 3 1 56 dat...

Page 522: ...nterface tunnel number Configure an IPv4 address for the tunnel interface ip address ip address mask mask length sub Required By default no IPv4 address is configured for the tunnel interface Specify...

Page 523: ...of a source address for the tunnel the source address of the tunnel is the primary IP address of the source interface z When you configure dynamic routing at each tunnel end you need to enable the dy...

Page 524: ...he interface tunnel 1 IP address of VLAN interface 101 of Switch B SwitchA Tunnel1 destination 2002 2 1 SwitchA Tunnel1 quit Create service loopback group 1 to support the tunnel service SwitchA servi...

Page 525: ...service loopback group 1 type tunnel Add GigabitEthernet 2 0 3 to service loopback group 1 SwitchB interface GigabitEthernet 2 0 3 SwitchB GigabitEthernet2 0 3 undo stp enable SwitchB GigabitEthernet...

Page 526: ...0 packets sec Last 300 seconds output 1 bytes sec 0 packets sec 167 packets input 10688 bytes 0 input error 170 packets output 10880 bytes 0 output error Ping the IPv4 address of the peer interface V...

Page 527: ...or site local address ipv6 address ipv6 address prefix length eui 64 ipv6 address auto link local Configure an IPv6 address for the tunnel interface Configure an IPv6 link local address ipv6 address...

Page 528: ...ent z Two or more tunnel interfaces using the same encapsulation protocol must have different source and destination addresses z If you specify a source interface instead of a source address for the t...

Page 529: ...the interface tunnel 1 IP address of VLAN interface 101 SwitchA Tunnel1 source 2002 11 1 Configure the destination address for the interface tunnel 1 IP address of VLAN interface 101 of Switch B Swit...

Page 530: ...l 2 IP address of VLAN interface 101 of Switch A SwitchB Tunnel2 destination 2002 11 1 SwitchB Tunnel2 quit Create service loopback group 1 to support the tunnel service SwitchB service loopback group...

Page 531: ...ress es FF02 1 FF24 1 FF02 1 FF01 2 FF02 1 FF00 0 FF02 2 FF02 1 MTU is 1460 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for...

Page 532: ...er tunnel interface view interface tunnel interface number Required By default a device has no tunnel interface Configure an IPv4 address for the tunnel interface ip address ip address mask mask lengt...

Page 533: ...z When configuring a route through the tunnel you can configure a static route using the address of the network segment that the original packet is destined for as its destination address and the addr...

Page 534: ...et 2 0 3 to service loopback group 1 SwitchA interface GigabitEthernet 2 0 3 SwitchA GigabitEthernet2 0 3 undo stp enable SwitchA GigabitEthernet2 0 3 port service loopback group 1 Apply service loopb...

Page 535: ...interface view SwitchB GigabitEthernet2 0 3 quit SwitchB interface tunnel 1 SwitchB Tunnel1 service loopback group 1 SwitchB Tunnel1 quit Configure a static route from Switch B through interface Tunne...

Page 536: ...dynamic through the tunnel to the other end Note that z If you delete a tunnel interface the functions configured on this tunnel interface will be removed as well z The source address and destination...

Page 537: ...terface 100 SwitchA Vlan interface100 ip address 10 1 1 1 255 255 255 0 SwitchA Vlan interface100 quit Configure interface VLAN interface 101 the physical interface of the tunnel SwitchA interface vla...

Page 538: ...10 1 3 0 255 255 255 0 tunnel 0 2 Configure Switch B SwitchB system view Enable IPv6 SwitchB ipv6 Configure interface VLAN interface 100 SwitchB interface vlan interface 100 SwitchB Vlan interface100...

Page 539: ...v6 information on tunnel interfaces display ipv6 interface tunnel number verbose Available in any view Clear statistics on tunnel interfaces reset counters interface tunnel number Available in user vi...

Page 540: ...ntents 1 UDP Helper Configuration 1 1 Introduction to UDP Helper 1 1 Configuring UDP Helper 1 1 Displaying and Maintaining UDP Helper 1 2 UDP Helper Configuration Examples 1 2 UDP Helper Configuration...

Page 541: ...relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified destination server With UDP Helper enabled the device decides whether to forward a received UDP br...

Page 542: ...ion of all UDP ports is removed if you disable UDP Helper z You can configure up to 256 UDP port numbers to enable the forwarding of packets with these UDP port numbers z You can configure up to 20 de...

Page 543: ...0 16 is available Enable UDP Helper SwitchA system view SwitchA udp helper enable Enable the forwarding broadcast packets with the UDP destination port 55 SwitchA udp helper port 55 Specify the destin...

Page 544: ...FTP Client Configuration Example Distributed IRF Device 1 9 Configuring the FTP Server 1 11 Configuring FTP Server Operating Parameters 1 11 Configuring Authentication and Authorization on the FTP Se...

Page 545: ...files z ASCII mode transfers files as text like txt bat and cfg files Operation of FTP FTP adopts the client server model Your device can function either as the client or as the server as shown in Fig...

Page 546: ...nfiguration on the device Configure authentication and authorization Configure the username password authorized working directory for an FTP user The device does not support anonymous FTP for security...

Page 547: ...P address The primary IP address configured on the source interface is the source address of the transmitted packets The source address of the transmitted packets is selected following these rules z I...

Page 548: ...the remote FTP server directly in user view ftp ipv6 server address service port source ipv6 source ipv6 address i interface type interface number ftp ipv6 Log in to the remote FTP server indirectly i...

Page 549: ...mode transfers files as raw data 4 Use the lcd command to display the local working directory of the FTP client You can upload the file under this directory or save the downloaded file under this dire...

Page 550: ...o Use the command Remarks Use another username to relog in after successfully logging in to the FTP server user username password Optional Maintaining and Debugging an FTP Connection After a device se...

Page 551: ...FTP server Their IP addresses are 10 2 1 1 16 and 10 1 1 1 16 respectively An available route exists between Device and PC z Device downloads a startup file from PC for device upgrade and uploads the...

Page 552: ...y newest app as the main startup file to be used at the next startup z Specify newest app as the main startup file to be used at the next startup for the AMB Sysname boot loader file newest app slot 0...

Page 553: ...d uploads the configuration file to PC for backup z On PC an FTP user account has been created for the FTP client with the username being abc and the password being pwd Figure 1 3 Network diagram for...

Page 554: ...complete FTP 3494 byte s sent in 5 646 second s 618 00 byte s sec ftp bye Specify newest app as the main startup file to be used at the next startup for the AMB of the IRF Sysname boot loader file ne...

Page 555: ...data This means that any anomaly power failure for example during file transfer might result in file corruption on the FTP server This mode however consumes less memory space than the fast mode Follo...

Page 556: ...pher password Required Assign the FTP service to the user service type ftp Required By default the system does not support anonymous FTP access and does not assign any service If the FTP service is as...

Page 557: ...e level Authorize ftp s access to the root directory of the flash on the AMB and specify ftp to use FTP Sysname system view Sysname local user ftp Sysname luser ftp password simple pwd Sysname luser f...

Page 558: ...te command to upgrade the Boot ROM 3 Upgrade Device Copy the startup file newest app to the root directory of the storage medium on the SMB in slot 1 Sysname copy newest app slot1 flash Specify newest...

Page 559: ...PC as the FTP client Their IP addresses are as shown in the following figure Device and PC are reachable to each other z Device downloads a startup file from PC for upgrade and uploads the configurati...

Page 560: ...ed in Download the configuration file config cfg of the device to the PC for backup ftp get config cfg back config cfg Upload the configuration file newest app to the root directory of the storage med...

Page 561: ...d Continue Y N y The specified file will be used as the main boot file at the next reboot on chassis 2 slot 0 Sysname boot loader file chassis2 slot1 flash newest app chassis 1 slot 0 main This comman...

Page 562: ...ent and server TFTP uses the UDP port 69 for data transmission For TFTP basic operation refer to RFC 1986 In TFTP file transfer is initiated by the client z In a normal file downloading process the cl...

Page 563: ...the storage medium until the whole file is obtained In this way if file download fails for example due to network disconnection the device can still start up because the original system file is not o...

Page 564: ...device uses the source address determined by the matched route to communicate with the TFTP server by default Return to user view quit Download or upload a file in an IPv4 network tftp server address...

Page 565: ...rform the following operations Download application file newest app from PC to the device z Download application file newest app from PC to the root directory of the storage medium on the AMB Sysname...

Page 566: ...IRF system which is composed of a master and a slave The member ID of the master is 1 and the slot numbers of the AMB and the SMB on the master are 0 and 1 respectively The member ID of the slave is 2...

Page 567: ...flash newest app Upload a configuration file config cfg to the TFTP server Sysname tftp 1 2 1 1 put config cfg configback cfg Specify newest app as the main startup file to be used at the next startup...

Page 568: ...tartup must be saved under the root directory of the storage medium You can copy or move a file to the root directory of the storage medium For the details of the boot loader command refer to Device M...

Page 569: ...Overview 1 1 Introduction to sFlow 1 1 Operation of sFlow 1 2 Configuring sFlow 1 2 Displaying and Maintaining sFlow 1 3 sFlow Configuration Example 1 3 Troubleshooting sFlow Configuration 1 4 The Rem...

Page 570: ...o collect and analyze traffic statistics The sFlow system involves an sFlow agent embedded in a device and a remote sFlow collector The sFlow agent collects traffic statistics and packets from the sFl...

Page 571: ...f the sFlow agent sflow agent ip ip address ipv6 ipv6 address Required Not configured by default Specify the IP address and port number of the sFlow collector sflow collector ip ip address ipv6 ipv6 a...

Page 572: ...any view sFlow Configuration Example Network requirements z Host A and Server are connected to Switch through GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 respectively z Host B works as an sFlow co...

Page 573: ...g sFlow Configuration The Remote sFlow Collector Cannot Receive sFlow Packets Symptom The remote sFlow collector cannot receive sFlow packets Analysis z sFlow is not enabled globally because the sFlow...

Page 574: ...s This document describes z Static route configuration z Detecting Reachability of the Static Route s Nexthop RIP Routing Information Protocol RIP is a simple Interior Gateway Protocol IGP mainly used...

Page 575: ...tate Changes IPv6 Static Routing Static routes are special routes that are manually configured by network administrators Similar to IPv4 static routes IPv6 static routes work well in simple IPv6 netwo...

Page 576: ...ing attributes modifying when routes are received advertised or redistributed This document describes z Defining Filters z Route policy configuration Policy Routing Policy routing is to make forwardin...

Page 577: ...uting Protocol Overview 1 3 Static Routing and Dynamic Routing 1 3 Classification of Dynamic Routing Protocols 1 3 Routing Protocols and Routing Priority 1 4 Load Balancing and Route Backup 1 5 Route...

Page 578: ...the packet reaches the last router which forwards the packet to the intended destination host Routing Table Routing table Routing tables play a key role in routing Each router maintains a routing tabl...

Page 579: ...but having different nexthops may have different priorities and be found by various routing protocols or manually configured The optimal route is the one with the highest priority with the smallest m...

Page 580: ...em resources It works well in small stable networks with simple topologies Its major drawback is that you must perform routing configuration again whenever the network topology changes it cannot adjus...

Page 581: ...otocols For information on multicast routing protocols refer to the IP Multicast Volume Version of IP protocol IPv4 routing protocols RIP OSPFv2 BGP4 and IS IS IPv6 routing protocols RIPng OSPFv3 BGP4...

Page 582: ...find several routes with the same metric to the same destination and if this protocol has the highest priority among all the active protocols these routes will be considered valid routes for load bal...

Page 583: ...is configured for a protocol the global router ID is used To do Use the command Remarks Enter system view system view Configure a router ID router id router id Optional Not configured by default Disp...

Page 584: ...splay ipv6 routing table ipv6 address prefix length longer match verbose Available in any view Display routing information permitted by an IPv6 ACL display ipv6 routing table acl acl6 number verbose A...

Page 585: ...uration Prerequisites 1 2 Configuration Procedure 1 3 Configuring BFD for Static Routes 1 3 BFD Control Packet Mode 1 4 BFD Echo Packet Mode 1 4 Displaying and Maintaining Static Routes 1 5 Static Rou...

Page 586: ...change occurs in the network the routes will be unreachable and the network breaks In this case the network administrator has to modify the static routes manually Default Route If the destination add...

Page 587: ...after the next hop address is specified When specifying the output interface note that z If the output interface is a Null 0 interface there is no need to configure the next hop address z If the outp...

Page 588: ...ce value Optional 60 by default z When configuring a static route the static route does not take effect if you specify the next hop address first and then configure it as the IP address of a local int...

Page 589: ...st address mask mask length interface type interface number next hop address bfd control packet preference preference value tag tag value description description text Use either command BFD Echo Packe...

Page 590: ...e end when the echo mode is used Displaying and Maintaining Static Routes To do Use the command Remarks Display the current configuration information display current configuration Display the brief in...

Page 591: ...Switch C SwitchC system view SwitchC ip route static 0 0 0 0 0 0 0 0 1 1 5 5 3 Configure the hosts The default gateways for the three hosts A B and C are 1 1 2 3 1 1 6 1 and 1 1 3 1 respectively The c...

Page 592: ...Direct 0 0 127 0 0 1 InLoop0 Use the ping command on Host B to check reachability to Host A assuming Windows XP runs on the two hosts C Documents and Settings Administrator ping 1 1 2 2 Pinging 1 1 2...

Page 593: ...d echo source ip 123 1 1 1 SwitchA interface vlan interface 10 SwitchA vlan interface10 bfd min echo receive interval 500 SwitchA vlan interface10 bfd detect multiplier 7 SwitchA vlan interface10 quit...

Page 594: ...a UP DOWN Diag 1 0 53892593 SwitchA BFD 8 SCM Sess 123 1 1 1 10 1 1 100 Vlan10 Oper Reset 0 53892593 SwitchA BFD 8 EVENT Send sess down Msg Src 123 1 1 1 Dst 10 1 1 100 Vlan10 Protocol STATIC 0 538925...

Page 595: ...interface12 bfd min receive interval 500 SwitchA vlan interface12 bfd detect multiplier 9 SwitchA vlan interface12 quit SwitchA ip route static 14 1 1 0 24 vlan interface 12 12 1 1 2 bfd control packe...

Page 596: ...Vlan12 Ctrl Sta UP DOWN Diag 1 Jul 27 10 18 18 672 2007 SwitchA BFD 7 EVENT Send sess down Msg Src 12 1 1 1 Dst 12 1 1 2 Vlan12 Ctrl instance 0 protocol STATIC Jul 27 10 18 19 172 2007 SwitchA BFD 7...

Page 597: ...Maximum Number of Load Balanced Routes 1 14 Enabling Zero Field Check on Incoming RIPv1 Messages 1 14 Enabling Source IP Address Check on Incoming RIP Updates 1 14 Configuring RIPv2 Message Authentic...

Page 598: ...ii...

Page 599: ...ration and maintenance than OSPF and IS IS Operation of RIP Introduction RIP is a distance vector routing protocol using UDP packets for exchanging information through port 520 RIP uses a hop count to...

Page 600: ...d for that route after the garbage collect timer expires the route will be deleted from the routing table Routing loops prevention RIP is a distance vector D V routing protocol Since a RIP router adve...

Page 601: ...uthentication and MD5 authentication to enhance security RIPv2 has two types of message transmission broadcast and multicast Multicast is the default type using 224 0 0 9 as the multicast address The...

Page 602: ...ork address subnet address or host address z Subnet Mask Mask of the destination address z Next Hop If set to 0 0 0 0 it indicates that the originator of the route is the best next hop otherwise it in...

Page 603: ...This mechanism cannot detect link faults quickly After BFD is configured for RIP when BFD detects a broken link RIP can quickly age out the unreachable route thus avoiding interference to other servi...

Page 604: ...f a physical interface is attached to multiple networks you cannot advertise these networks in different RIP processes Configuring the interface behavior Follow these steps to configure the interface...

Page 605: ...view Enter RIP view rip process id vpn instance vpn instance name Specify a global RIP version version 1 2 Optional By default if an interface has a RIP version specified the version takes precedence...

Page 606: ...additional routing metric rip metricin route policy route policy name value Optional 0 by default Define an outbound additional routing metric rip metricout route policy route policy name value Optio...

Page 607: ...Required You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface Disabling Host Route Reception Sometimes a router may receive from the same network...

Page 608: ...pn instance name Enable RIP to advertise a default route default route only originate cost cost Optional Not enabled by default Return to system view quit Enter interface view interface interface type...

Page 609: ...ort command filters outgoing routes including routes redistributed with the import route command Configuring a Priority for RIP Multiple IGP protocols may run in a router If you want RIP routes to hav...

Page 610: ...Configuring RIP Network Optimization Complete the following tasks before configuring RIP network optimization z Configure network addresses for interfaces and make neighboring nodes reachable to each...

Page 611: ...outing loops between adjacent routers Follow these steps to enable split horizon To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface num...

Page 612: ...v1 messages If such a field contains a non zero value the RIPv1 message will not be processed If you are sure that all messages are trusty you can disable zero field check to save CPU resources This f...

Page 613: ...nformation is sent with the RIP message which however cannot meet high security needs Follow these steps to configure RIPv2 message authentication To do Use the command Remarks Enter system view syste...

Page 614: ...ng This task allows you to enable a specific RIP process to receive SNMP requests Follow these steps to bind RIP to MIB To do Use the command Remarks Enter system view system view Bind RIP to MIB rip...

Page 615: ...only when both ends have routes to send and BFD is enabled on the receiving interface Single Hop Detection in BFD Echo Packet Mode Follow these steps to configure BFD for RIP single hop detection in B...

Page 616: ...ng RIP To do Use the command Remarks Display RIP current status and configuration information display rip process id vpn instance vpn instance name Display all active routes in RIP database display ri...

Page 617: ...SwitchA display rip 1 route Route Flags R RIP T TRIP P Permanent A Aging S Suppressed G Garbage collect Peer 192 168 1 2 on Vlan interface100 Destination Mask Nexthop Cost Tag Flags Sec 10 0 0 0 8 19...

Page 618: ...gure route redistribution on Switch B to make RIP 200 redistribute direct routes and routes from RIP 100 Thus Switch C can learn routes destined for 10 2 1 0 24 and 11 1 1 0 24 while Switch A cannot l...

Page 619: ...Routes 6 Destination Mask Proto Pre Cost NextHop Interface 12 3 1 0 24 Direct 0 0 12 3 1 2 Vlan200 12 3 1 2 32 Direct 0 0 127 0 0 1 InLoop0 16 4 1 0 24 Direct 0 0 16 4 1 1 Vlan400 16 4 1 1 32 Direct...

Page 620: ...c Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 11 1 1 0 24 RIP 100 1 12 3 1 1 Vlan200 12 3 1 0 24 Direct 0 0 12 3 1 2 Vlan200 12 3 1 2 32 Direct 0 0 127 0 0 1 InLoop0 16 4...

Page 621: ...itchA rip 1 quit Configure Switch B SwitchB system view SwitchB rip 1 SwitchB rip 1 network 1 0 0 0 SwitchB rip 1 version 2 SwitchB rip 1 undo summary Configure Switch C SwitchC system view SwitchB ri...

Page 622: ...vlan interface 200 SwitchA Vlan interface200 rip metricin 3 SwitchA Vlan interface200 display rip 1 database 1 0 0 0 8 cost 0 ClassfulSumm 1 1 1 0 24 cost 0 nexthop 1 1 1 1 Rip interface 1 1 2 0 24 co...

Page 623: ...h B SwitchB system view SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 network 10 6 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 qui...

Page 624: ...1 2 Vlan300 11 3 1 2 32 Direct 0 0 127 0 0 1 InLoop0 11 4 1 0 24 Direct 0 0 11 4 1 2 Vlan400 11 4 1 2 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 1...

Page 625: ...face connected to the Layer 2 switch z When the link between Switch C and the Layer 2 switch fails BFD can quickly detect the link failure and notify it to RIP and the BFD session goes down In respons...

Page 626: ...4 Configure a static route on Switch C SwitchC ip route static 100 1 1 1 24 null 0 5 Verify the configuration Display the BFD session information of Switch A SwitchA display bfd session Total Session...

Page 627: ...nformation of Switch A You can see that Switch A has deleted the neighbor relationship with Switch C and thus no output information is displayed SwitchA display bfd session Display the RIP routes of R...

Page 628: ...the BFD session goes down In response RIP deletes the neighbor relationship with Switch C and the route information received from Switch C Then Switch A learns the static route sent by Switch C the ou...

Page 629: ...bfd min transmit interval 500 SwitchA Vlan interface100 bfd min receive interval 500 SwitchA Vlan interface100 bfd detect multiplier 7 SwitchA Vlan interface100 quit Configure Switch C SwitchC bfd se...

Page 630: ...hbor 192 168 3 2 Tunnel ID 0x0 Label NULL State Inactive Adv Age 00h12m50s Tag 0 Enable RIP event debugging on Switch A SwitchA debugging rip 1 event SwitchA terminal debugging When the link between S...

Page 631: ...es are disabled from handling RIP messages If the peer is configured to send multicast messages the same should be configured on the local end Solution z Use the display current configuration command...

Page 632: ...e as NBMA 1 27 Configuring the OSPF Network Type for an Interface as P2MP 1 28 Configuring the OSPF Network Type for an Interface as P2P 1 29 Configuring OSPF Route Control 1 29 Prerequisites 1 29 Con...

Page 633: ...SU Transmit Rate 1 44 Configuring OSPF Graceful Restart 1 45 Configuring the OSPF GR Restarter 1 45 Configuring the OSPF GR Helper 1 46 Triggering OSPF Graceful Restart 1 47 Configuring BFD for OSPF 1...

Page 634: ...ing OSPF Network Optimization z Configuring OSPF Graceful Restart z Configuring BFD for OSPF z Displaying and Maintaining OSPF z OSPF Configuration Examples z Troubleshooting OSPF Configuration The te...

Page 635: ...ers to compose a LSDB Link State Database An LSA describes the network topology around a router so the LSDB describes the entire network topology of the AS z Each router transforms the LSDB to a weigh...

Page 636: ...describe routes to other ASs z Opaque LSA A proposed type of LSA the format of which consists of a standard LSA header and application specific information Opaque LSAs are used by the OSPF protocol o...

Page 637: ...s Backbone area and virtual links Each AS has a backbone area which is responsible for distributing routing information between none backbone areas Routing information between non backbone areas must...

Page 638: ...packets Stub area The ABR in a stub area does not distribute Type 5 LSAs into the area so the routing table size and amount of routing information in this area are reduced significantly You can config...

Page 639: ...protocol Area 1 is an NSSA area and the ASBR in it translates RIP routes into Type 7 LSAs and advertises them throughout Area 1 When these LSAs travel to the NSSA ABR the ABR translates Type 7 LSAs to...

Page 640: ...ter belongs to more than two areas one of which must be the backbone area It connects the backbone area to a non backbone area The connection between an area border router and the backbone area can be...

Page 641: ...o consideration Classification of OSPF Networks OSPF network types OSPF classifies networks into four types upon the link layer protocol z Broadcast When the link layer protocol is Ethernet or FDDI OS...

Page 642: ...synchronization consuming network resources The Designated Router is defined to solve the problem All other routers on the network send routing information to the DR which is responsible for advertisi...

Page 643: ...terface of a router and belongs to a single network segment The router s other interfaces may be a BDR or DRother z After DR BDR election and then a new router joins it cannot become the DR immediatel...

Page 644: ...er than contained in the Authentication field Hello packet A router sends hello packets periodically to neighbors to find and maintain neighbor relationships and to elect the DR BDR including informat...

Page 645: ...AuType Packet length Authentication Authentication Interface MTU DD sequence number LSA header Options 0 0 0 0 0 I M M S 0 7 15 31 LSA header Major fields z Interface MTU Size in bytes of the largest...

Page 646: ...lowing figure shows the LSR packet format Figure 1 12 LSR packet format Major fields z LS type Type number of the LSA to be requested Type 1 for example indicates the Router LSA z Link State ID Determ...

Page 647: ...eader as shown in the following figure Figure 1 15 LSA header format Major fields z LS age Time in seconds elapsed since the LSA was originated A LSA ages in the LSDB added by 1 per second but does no...

Page 648: ...k ID Determined by Link type z Link data Determined by Link type z Type Link type A value of 1 indicates a point to point link to a remote router a value of 2 indicates a link to a transit network a v...

Page 649: ...t to the DR including the DR itself 3 Summary LSA Network summary LSAs Type 3 LSAs and ASBR summary LSAs Type 4 LSAs are originated by ABRs Other than the difference in the Link State ID field the for...

Page 650: ...The IP address mask for the advertised destination z E External Metric The type of the external metric value which is set to 1 for type 2 external routes and set to 0 for type 1 external routes Refer...

Page 651: ...ext authentication and MD5 ciphertext authentication The authentication password for interfaces attached to a network segment must be identical Hot Standby Distributed routers support OSPF Hot Standby...

Page 652: ...s so that they will not remove their adjacencies with it and advertise the adjacencies The GR Restarter re establishes neighborships and updates its own routing table and forwarding table based on the...

Page 653: ...same VPN can use OSPF as the internal routing protocol but they are treated as different ASs An OSPF route learned by a site will be forwarded to another site as an external route which leads to heav...

Page 654: ...765 OSPF Database Overflow z RFC 2328 OSPF Version 2 z RFC 3101 OSPF Not So Stubby Area NSSA Option z RFC 3137 OSPF Stub Router Advertisement z RFC 3630 Traffic Engineering Extensions to OSPF Version...

Page 655: ...ad balanced Routes Optional Configuring a Priority Optional Configuring OSPF Route Control Configuring OSPF Route Redistribution Optional Configuring OSPF Packet Timers Optional Specifying an LSA Tran...

Page 656: ...the interface To run OSPF a router must have a Router ID which is the unique identifier of the router in the AS z You can specify a Router ID when creating the OSPF process Any two routers in an AS m...

Page 657: ...to multiple areas you can further configure some areas as stub areas or NSSA areas as needed If connectivity between the backbone and a non backbone area or within the backbone itself cannot be achiev...

Page 658: ...Using the default cost command only takes effect on the ABR of a stub area z The backbone area cannot be a totally stub area z A totally stub area cannot have an ASBR because AS external routes canno...

Page 659: ...rtual link To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance instance name Enter area view area area id Configure a virtual l...

Page 660: ...gment Prerequisites Before configuring OSPF network types you have configured z IP addresses for interfaces making neighboring nodes accessible with each other at network layer z OSPF basic functions...

Page 661: ...ed The DR priority configured with the ospf dr priority command and the one configured with the peer command have the following differences z The former is for actual DR election z The latter is to in...

Page 662: ...address cost value dr priority dr priority Required if the interface type is P2MP unicast Configuring the OSPF Network Type for an Interface as P2P Follow these steps to configure the OSPF network ty...

Page 663: ...command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance instance name Enter OSPF area view area area id Configure ABR route summarization abr su...

Page 664: ...ugh ACLs and IP address prefixes z Filtering routing information by next hop through the filtering criteria configured with the gateway keyword z Filtering routing information by destination address t...

Page 665: ...e Interface bandwidth If the calculated cost is greater than 65535 the value of 65535 is used if the calculated cost is less than 1 the value of 1 is used If no cost is configured for an interface OSP...

Page 666: ...n improve link utilization Follow these steps to configure the maximum number of load balanced routes To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router...

Page 667: ...tem view Enter OSPF view ospf process id router id router id vpn instance instance name Configure OSPF to redistribute routes from another protocol import route protocol process id all processes allow...

Page 668: ...and type for redistributed routes Tags are used to indicate information related to protocols For example when redistributing BGP routes OSPF uses tags to identify AS IDs Follow these steps to configur...

Page 669: ...p information and collecting log information Prerequisites Before configuring OSPF network optimization you have configured z IP addresses for interfaces z OSPF basic functions Configuring OSPF Packet...

Page 670: ...default values after you change the network type for an interface z The dead interval should be at least four times the hello interval on an interface z The poll interval is at least four times the h...

Page 671: ...frequent SPF calculation applies at the minimum interval If network changes become frequent SPF calculation interval is incremented by incremental interval 2n 2 n is the number of calculation times ea...

Page 672: ...erval is 0 milliseconds and the incremental interval is 5000 milliseconds With this command configured when network changes are not frequent LSAs are generated at the minimum interval If network chang...

Page 673: ...3 means a link to the stub network so the cost of the link remains unchanged A value of 1 2 or 4 means a point to point link a link to a transit network or a virtual link In such cases a maximum cost...

Page 674: ...tication for the interface ospf authentication mode simple cipher plain password Configure the authentication mode MD5 authentication for the interface ospf authentication mode hmac md5 md5 key id cip...

Page 675: ...reduce the burden of the backbone area Follow these steps to make them compatible To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn in...

Page 676: ...OSPF network management To do Use the command Remarks Enter system view system view Bind OSPF MIB to an OSPF process ospf mib binding process id Optional The OSPF process with the smallest process id...

Page 677: ...r will need to receive and process large numbers of packets Configuring OSPF to give priority to receiving and processing Hello packets helps ensure stable neighbor relationships Follow these steps to...

Page 678: ...t carry link local signaling LLS and out of band re synchronization OOB extension information Configuring the OSPF GR Restarter You can configure the IETF standard or non IETF standard OSPF GR Restart...

Page 679: ...timer Optional 120 seconds by default Configuring the OSPF GR Helper You can configure the IETF standard or non IETF standard OSPF GR Helper Configuring the IETF standard OSPF GR Helper Follow these...

Page 680: ...rt reset ospf process id process graceful restart Required Available in user view Configuring BFD for OSPF After discovering neighbors by sending hello packets OSPF notifies BFD of the neighbor addres...

Page 681: ...or information display ospf process id peer verbose interface type interface number neighbor id Display neighbor statistics of OSPF areas display ospf process id peer statistics Display next hop infor...

Page 682: ...in user view OSPF Configuration Examples These examples only cover commands for OSPF configuration Configuring OSPF Basic Functions Network requirements z As shown in the following figure all switches...

Page 683: ...hC system view SwitchC ospf SwitchC ospf 1 area 1 SwitchC ospf 1 area 0 0 0 1 network 10 2 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 1 network 10 4 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 1 quit SwitchC...

Page 684: ...ter Area 10 2 1 0 24 10 Transit 10 2 1 1 10 2 1 1 0 0 0 1 10 3 1 0 24 4 Inter 10 1 1 2 10 3 1 1 0 0 0 0 10 4 1 0 24 13 Stub 10 2 1 2 10 4 1 1 0 0 0 1 10 5 1 0 24 14 Inter 10 1 1 2 10 3 1 1 0 0 0 0 10...

Page 685: ...2 10 5 1 0 24 10 Stub 10 5 1 1 10 5 1 1 0 0 0 2 10 1 1 0 24 12 Inter 10 3 1 1 10 3 1 1 0 0 0 2 Total Nets 5 Intra Area 2 Inter Area 3 ASE 0 NSSA 0 On Switch D ping the IP address 10 4 1 1 to check con...

Page 686: ...em view SwitchC ip route static 3 1 2 1 24 10 4 1 2 On Switch C configure OSPF to redistribute static routes SwitchC ospf 1 SwitchC ospf 1 import route static 4 Verify the configuration Display the AB...

Page 687: ...figure z Switch A and Switch B are in AS 200 which runs OSPF z Switch C Switch D and Switch E are in AS 100 which runs OSPF z An eBGP connection is established between Switch B and Switch C Switch C...

Page 688: ...witchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit Configure Switch D SwitchD system view SwitchD ospf SwitchD ospf 1 area 0 SwitchD ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchD ospf 1 area...

Page 689: ...oop0 5 Configure summary route 10 0 0 0 8 on Switch B and advertise it SwitchB ospf 1 asbr summary 10 0 0 0 8 Display the OSPF routing table of Switch A SwitchA display ip routing table Routing Tables...

Page 690: ...1 with Router ID 10 4 1 1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10 2 1 1 0 0 0 1 3 10 2 1 1 ABR Inter 10 3 1 1 0 0 0 1 5 10 2 1 1 ABR Inter 10 5 1 1 0 0 0 1 7 1...

Page 691: ...SwitchC ospf SwitchC ospf 1 area 1 SwitchC ospf 1 area 0 0 0 1 stub SwitchC ospf 1 area 0 0 0 1 quit SwitchC ospf 1 quit Display OSPF routing information on Switch C SwitchC display ospf routing OSPF...

Page 692: ...0 4 Inter 10 2 1 1 10 2 1 1 0 0 0 1 10 2 1 0 24 3 Transit 10 2 1 2 10 4 1 1 0 0 0 1 10 4 1 0 24 3 Stub 10 4 1 1 10 4 1 1 0 0 0 1 Total Nets 3 Intra Area 2 Inter Area 1 ASE 0 NSSA 0 After this configur...

Page 693: ...mary SwitchA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 quit Configure Switch C SwitchC ospf SwitchC ospf 1 area 1 SwitchC ospf 1 area 0 0 0 1 nssa SwitchC ospf 1 area 0 0 0 1 quit SwitchC ospf 1 quit It...

Page 694: ...Routing for Network Destination Cost Type NextHop AdvRouter Area 10 2 1 0 24 22 Inter 10 3 1 1 10 3 1 1 0 0 0 2 10 3 1 0 24 10 Transit 10 3 1 2 10 3 1 1 0 0 0 2 10 4 1 0 24 25 Inter 10 3 1 1 10 3 1 1...

Page 695: ...t Configure Switch B SwitchB system view SwitchB router id 2 2 2 2 SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB...

Page 696: ...Neighbor is up for 00 01 28 Authentication Sequence 0 Router ID 4 4 4 4 Address 192 168 1 4 GR State Normal State Full Mode Nbr is Master Priority 1 DR 192 168 1 4 BDR 192 168 1 3 MTU 0 Dead timer due...

Page 697: ...ter ID 3 3 3 3 Address 192 168 1 3 GR State Normal State Full Mode Nbr is Slave Priority 2 DR 192 168 1 4 BDR 192 168 1 3 MTU 0 Dead timer due in 33 sec Neighbor is up for 00 11 15 Authentication Sequ...

Page 698: ...1 41 Authentication Sequence 0 Switch A becomes the DR and Switch C is the BDR If the neighbor state is full it means Switch D has established the adjacency with the neighbor If the neighbor state is...

Page 699: ...0 1 1 2 24 Vlan int100 10 3 1 2 24 Vlan int100 10 3 1 1 24 Virtual link Vlan int200 10 2 1 1 24 Vlan int200 10 2 1 2 24 Area 1 Configuration procedure 1 Configure IP addresses for interfaces omitted 2...

Page 700: ...ing OSPF Process 1 with Router ID 2 2 2 2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10 2 1 0 24 2 Transit 10 2 1 1 3 3 3 3 0 0 0 1 10 1 1 0 24 2 Transit 10 1 1 2...

Page 701: ...ame OSPF routing domain are GR capable z Switch A acts as the non IETF standard GR Restarter whereas Switch B and Switch C are the GR Helpers and re synchronize their LSDB with Switch A through OOB co...

Page 702: ...OSPF Graceful Restart event debugging and then perform OSPF Graceful Restart on Switch A SwitchA debugging ospf event graceful restart SwitchA terminal monitor SwitchA terminal debugging SwitchA reset...

Page 703: ...n OSPF The AS is divided into three areas z Switch A and Switch B work as ABRs z Configure Switch C as an ASBR to redistribute external routes static routes and configure a filter policy on Switch C t...

Page 704: ...10 1 1 2 Vlan100 10 4 1 0 24 OSPF 10 13 10 2 1 2 Vlan200 10 5 1 0 24 OSPF 10 14 10 1 1 2 Vlan100 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 4 On Switch C filter...

Page 705: ...ip routing table Routing Tables Public Destinations 10 Routes 10 Destination Mask Proto Pre Cost NextHop Interface 3 1 1 0 24 O_ASE 150 1 10 2 1 2 Vlan200 3 1 2 0 24 O_ASE 150 1 10 2 1 2 Vlan200 10 1...

Page 706: ...SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 10 1 0 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit SwitchB interface vlan interface 10 SwitchB Vlan interfa...

Page 707: ...event SwitchA terminal debugging When the link between Switch B and the Layer 2 switch fails you can see that Switch A can quickly detect the changes on Switch B Nov 12 18 34 48 823 2005 SwitchA BFD 5...

Page 708: ...emoved its neighbor relationship with Switch B and therefore no information is output SwitchA display ospf peer OSPF Process 1 with Router ID 192 168 1 40 Neighbor Brief Information Troubleshooting OS...

Page 709: ...command to display neighbors 2 Use the display ospf interface command to display OSPF interface information 3 Use the display ospf lsdb command to display the Link State Database to check its integrit...

Page 710: ...Redistribution 1 22 Configuring IS IS Route Filtering 1 23 Configuring IS IS Route Leaking 1 24 Tuning and Optimizing IS IS Networks 1 24 Configuration Prerequisites 1 24 Specifying Intervals for Send...

Page 711: ...uring BFD for IS IS 1 35 Displaying and Maintaining IS IS 1 35 IS IS Configuration Example 1 36 IS IS Basic Configuration 1 36 DIS Election Configuration 1 41 Configuring IS IS Route Redistribution 1...

Page 712: ...sense or an Ethernet switch running routing protocols IS IS Overview Intermediate System to Intermediate System IS IS is a dynamic routing protocol designed by the International Organization for Stan...

Page 713: ...identifies an abstract network service access point and describes the network address in the OSI reference model IS IS address format 1 NSAP As shown in Figure 1 1 an NSAP address consists of the Ini...

Page 714: ...e transport layer information It is a special NSAP address with the SEL being 0 Therefore the length of the NET is equal to the NSAP and is in the range 8 bytes to 20 bytes Generally a router only nee...

Page 715: ...z The Level 1 routers in different areas can not establish neighbor relationships z The neighbor relationship establishment of Level 2 routers has nothing to do with area Figure 1 2 shows an IS IS ne...

Page 716: ...uting information of the entire IS IS routing domain but does not share the information of other Level 1 areas and the Level 2 area with the Level 1 area by default Since a Level 1 router simply sends...

Page 717: ...achment address MAC address on a broadcast network will be elected A router can be the DIS for different levels IS IS DIS election differs from OSPF DIS election in that z A router with priority 0 can...

Page 718: ...U format Figure 1 5 PDU format Common header format Figure 1 6 shows the PDU common header format Figure 1 6 PDU common header format Intradomain routing protocol discriminator Reserved Version R ID l...

Page 719: ...rs to establish and maintain neighbor relationships A hello packet is also called an IS to IS hello PDU IIH For broadcast networks the Level 1 routers use the Level 1 LAN IIHs and the Level 2 routers...

Page 720: ...t on the point to point networks Figure 1 8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH the P2P IIH has a Local Circuit ID field LSP packet format The Link State PDUs LSP c...

Page 721: ...er generating the LSP is connected to multiple areas z OL LSDB Overload Indicates that the LSDB is not complete because the router runs out of memory In this case other routers will not send packets t...

Page 722: ...chronize the LSDB between neighboring routers On broadcast networks CSNP is sent by the DIS periodically 10s by default On point to point networks CSNP is only sent during the first adjacency establis...

Page 723: ...CLV format Figure 1 13 CLV format Table 1 2 shows that different PDUs contain different CLVs Table 1 2 CLV name and the corresponding PDU type CLV Code Name PDU Type 1 Area Addresses IIH LSP 2 IS Neig...

Page 724: ...switching from AMB to SMB IS IS can work immediately The other HSB is to backup only the configuration information of IS IS during the switching from AMB to SMB After the graceful restart GR the IS IS...

Page 725: ...d allowing a maximum of only 256 fragments to be generated by an IS IS router limits the amount of link information that the IS IS router can advertise The LSP fragment extension feature allows an IS...

Page 726: ...m belongs to which originating system therefore no limitation is imposed on the link state information of the extended LSP fragments advertised by the virtual systems The operation mode of LSP fragmen...

Page 727: ...for IS IS IS IS Configuration Task List Complete the following tasks to configure IS IS Task Remarks Enabling IS IS Configuring the IS Level and Circuit Level Configuring IS IS Basic Functions Config...

Page 728: ...Before the configuration accomplish the following tasks z Configure the link layer protocol z Configure an IP address for each interface and make sure all neighboring nodes are reachable to each other...

Page 729: ...ystem view quit Enter interface view interface interface type interface number Specify the circuit level isis circuit level level 1 level 1 2 level 2 Optional The default is Level 1 2 Configuring the...

Page 730: ...cost style is of another type if the interface bandwidth does not exceed 10 Mbps the interface cost equals 60 if the interface bandwidth does not exceed 100 Mbps the interface cost equals 50 if the i...

Page 731: ...S IS cost calculation To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Specify an IS IS cost style cost style wide wide compa...

Page 732: ...e number range and default vary by device Configuring IS IS Route Summarization This task is to configure a summary route so routes falling into the network range of the summary route are summarized i...

Page 733: ...ribution Redistribution of large numbers of routes on a device may affect the performance of other devices in the network In that case you can configure a limit on the number of redistributed routes t...

Page 734: ...lated from received LSPs To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Filter routes calculated from received LSPs filter...

Page 735: ...1 command to filter routes from Level 2 to Level 1 Other routing policies specified for route reception and redistribution does not affect the route leaking Tuning and Optimizing IS IS Networks Config...

Page 736: ...l 1 and Level 2 hello packets are advertised separately and therefore you need to set a hello multiplier for each level On a P2P link Level 1 and Level 2 hello packets are advertised in P2P hello pack...

Page 737: ...layer because they are directly encapsulated into frames Therefore any two IS IS neighboring routers need to negotiate a common MTU To avoid sending big hellos for saving bandwidth you can enable the...

Page 738: ...id vpn instance vpn instance name Specify the LSP refresh interval timer lsp refresh seconds Optional 900 seconds by default Specify the LSP generation interval timer lsp generation maximum interval i...

Page 739: ...view isis process id vpn instance vpn instance name Specify the maximum length of generated Level 1 LSPs or Level 2 LSPs lsp length originate size level 1 level 2 1497 bytes by default Specify the ma...

Page 740: ...tworks many P2P links exist The following figure shows a fully meshed network where Routers A B C and D run IS IS When Router A generates an LSP it floods the LSP out Ethernet 1 1 Ethernet 1 2 and Eth...

Page 741: ...needed Follow these steps to configure the SPF parameters To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Configure the SPF...

Page 742: ...he password in the received hello packets If the authentication succeeds it forms the neighbor relationship with the peer The authentication mode and password at both ends must be identical Follow the...

Page 743: ...d5 simple password ip osi Required No routing domain authentication is configured by default Configuring System ID to Host Name Mappings In IS IS a system ID identifies a router or host uniquely A sys...

Page 744: ...Follow these steps to configure dynamic system ID to host name mapping To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Speci...

Page 745: ...ult Suppress the SA bit during restart graceful restart suppress sa Optional By default the SA bit is not suppressed Enabling the Logging of Neighbor State Changes Follow these steps to enable the log...

Page 746: ...BFD on the IS IS interface isis bfd enable Required Not enabled by default For details about IS IS refer to IS IS Configuration in the IP Routing Volume Displaying and Maintaining IS IS To do Use the...

Page 747: ...d vpn instance vpn instance name Available in any view Display IS IS SPF calculation log information display isis spf log process id vpn instance vpn instance name Available in any view Display IS IS...

Page 748: ...lan interface100 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 is level level 1 SwitchB isis 1 network entity 10 0000 0000 0002 00 SwitchB isis 1 quit SwitchB interface vla...

Page 749: ...IS IS LSDB of each switch to check the LSP integrity SwitchA display isis lsdb Database information for ISIS 1 Level 1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT P OL 0000 0000 000...

Page 750: ...0x00000014 0x194a 1051 111 1 0 0 0000 0000 0003 01 00 0x00000002 0xabdb 854 55 0 0 0 Self LSP Self LSP Extended ATT Attached P Partition OL Overload Level 2 Link State Database LSPID Seq Num Checksum...

Page 751: ...1 1 1 R 192 168 0 0 24 20 NULL Vlan100 10 1 1 1 R 0 0 0 0 0 10 NULL Vlan100 10 1 1 1 R Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set SwitchC display isis route Route information...

Page 752: ...0 0 16 10 NULL Vlan100 Direct D L Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set DIS Election Configuration Network requirements As shown in Figure 1 16 Switch A B C and Switch D...

Page 753: ...0003 00 SwitchC isis 1 is level level 1 SwitchC isis 1 quit SwitchC interface vlan interface 100 SwitchC Vlan interface100 isis enable 1 SwitchC Vlan interface100 quit Configure Switch D SwitchD syst...

Page 754: ...ces of Switch C SwitchC display isis interface Interface information for ISIS 1 Interface Vlan interface100 Id IPV4 State IPV6 State MTU Type DIS 001 Up Down 1497 L1 L2 Yes No Display information abou...

Page 755: ...I 64 System Id 0000 0000 0004 Interface Vlan interface100 Circuit Id 0000 0000 0001 01 State Up HoldTime 30s Type L2 PRI 64 Display information about IS IS interfaces of Switch A SwitchA display isis...

Page 756: ...0 Circuit Id 0000 0000 0001 01 State Up HoldTime 9s Type L2 PRI 100 System Id 0000 0000 0002 Interface Vlan interface100 Circuit Id 0000 0000 0001 01 State Up HoldTime 28s Type L2 PRI 64 SwitchD displ...

Page 757: ...n interface100 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 is level level 1 SwitchB isis 1 network entity 10 0000 0000 0002 00 SwitchB isis 1 quit SwitchB interface vlan...

Page 758: ...switch SwitchA display isis route Route information for ISIS 1 ISIS 1 IPv4 Level 1 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 10 1 1 0 24 10 NULL VLAN100 Direct D L...

Page 759: ...NextHop Flags 192 168 0 0 24 10 NULL VLAN300 Direct D L 10 1 1 0 24 20 NULL VLAN300 192 168 0 1 R 10 1 2 0 24 20 NULL VLAN300 192 168 0 1 R Flags D Direct R Added to RM L Advertised in LSPs U Up Down...

Page 760: ...op Flags 10 1 1 0 24 10 NULL VLAN100 Direct D L 10 1 2 0 24 10 NULL VLAN200 Direct D L 192 168 0 0 24 10 NULL VLAN300 Direct D L 10 1 4 0 24 10 NULL VLAN300 192 168 0 2 R L 10 1 5 0 24 20 NULL VLAN300...

Page 761: ...erify the configuration After Router A establishes adjacencies with Router B and Router C they begin to exchange routing information Restart IS IS on Router A which enters into the restart state and s...

Page 762: ...area Configure routing domain authentication on Switch C and Switch D to prevent untrusted routes from entering the routing domain Figure 1 19 IS IS authentication configuration Configuration procedu...

Page 763: ...on between neighbors Specify the MD5 authentication mode and password eRq on VLAN interface 100 of Switch A and on VLAN interface 100 of Switch C SwitchA interface vlan interface 100 SwitchA Vlan inte...

Page 764: ...tion Specify the MD5 authentication mode and password 1020Sec on Switch C and Switch D SwitchC isis 1 SwitchC isis 1 domain authentication mode md5 1020Sec SwitchC isis 1 quit SwitchD isis 1 SwitchD i...

Page 765: ...0 0000 0002 00 SwitchB isis 1 quit SwitchB interface vlan interface 10 SwitchB Vlan interface10 isis enable SwitchB Vlan interface10 isis bfd enable SwitchB Vlan interface10 quit 3 Configure BFD param...

Page 766: ...17 isisAdjacencyChange ISIS Level 1 Adjencency IN Circuit 983041 State Change Aug 8 14 54 05 365 2008 SwitchA IFNET 4 LINK UPDOWN vlan10 link status is DOWN Aug 8 14 54 05 366 2008 SwitchA IFNET 4 UPD...

Page 767: ...isplay bfd session Display the IS IS neighbor information of Switch A You can see that Switch A has removed its neighbor relationship with Switch B and therefore no information is output SwitchA displ...

Page 768: ...1 Controlling Route Distribution and Reception 1 21 Prerequisites 1 21 Configuring BGP Route Summarization 1 21 Advertising a Default Route to a Peer or Peer Group 1 22 Configuring BGP Route Distribut...

Page 769: ...1 41 Configuring BGP GR 1 41 Enabling Trap 1 42 Enabling Logging of Peer State Changes 1 42 Configuring BFD for BGP 1 43 Displaying and Maintaining BGP 1 43 Displaying BGP 1 43 Resetting BGP Connectio...

Page 770: ...4 in this document BGP Overview There are three early BGP versions BGP 1 RFC1105 BGP 2 RFC1163 and BGP 3 RFC1267 The current version in use is BGP 4 RFC 4271 which is the defacto Internet exterior ga...

Page 771: ...en ASs Formats of BGP Messages Header BGP has five types of messages z Open z Update z Notification z Keep alive z Route refresh They have the same header as shown below Figure 1 1 BGP message header...

Page 772: ...wn routes Path attributes NLRI Unfeasible routes length 2 Octets N Octets 2 Octets N Octets N Octets Each Update message can advertise a group of feasible routes with identical attributes and the rout...

Page 773: ...Its format contains only the message header Route refresh A Route refresh message is sent to a peer to request the resending of the specified address family routing information Its format is shown bel...

Page 774: ...on that is how a route became a BGP route It involves three types z IGP Has the highest priority Routes added to the BGP routing table using the network command have the IGP attribute z EGP Has the se...

Page 775: ...ations you can apply a routing policy to control BGP route selection by modifying the AS_PATH length By configuring an AS path filtering list you can filter routes based on AS numbers contained in the...

Page 776: ...smallest MED value the best route if other conditions are the same As shown below traffic from AS10 to AS20 travels through Router B that is selected according to MED Figure 1 8 MED attribute D 9 0 0...

Page 777: ...do with the local AS Well known community attributes involve z Internet By default all routes belong to the Internet community Routes with this attribute can be advertised to all BGP peers z No_Expor...

Page 778: ...tching route with the direct next hop is called the recursive route The process of finding a recursive route is route recursion Currently the system supports BGP load balancing based on route recursio...

Page 779: ...outer D and Router E the route that has AS_PATH unchanged but has NEXT_HOP changed to Router C other BGP transitive attributes are those of the best route BGP route advertisement rules The current BGP...

Page 780: ...ting table and advertise the route to the eBGP peer You can disable the synchronization feature in the following cases z The local AS is not a transitive AS AS20 is a transitive AS in the above figure...

Page 781: ...ue the route is added into the routing table and advertised to other BGP peers Figure 1 12 BGP route dampening Peer group You can organize BGP peers with the same attributes into a group to simplify c...

Page 782: ...A router that is neither a route reflector nor a client is a non client which has to establish BGP sessions to the route reflector and other non clients as shown below Figure 1 13 Network diagram for...

Page 783: ...rspective of a non confederation BGP speaker it needs not know sub ASs in the confederation The ID of the confederation is the number of the AS In the above figure AS 200 is the confederation ID The d...

Page 784: ...like IPv6 To support more network layer protocols IETF extended BGP 4 by introducing Multiprotocol Extensions for BGP 4 MP BGP in RFC 4760 Routers supporting MP BGP can communicate with routers not s...

Page 785: ...es Attribute z RFC2796 BGP Route Reflection z RFC3065 Autonomous System Confederations for BGP z RFC4271 A Border Gateway Protocol 4 BGP 4 z RFC5291 Outbound Route Filtering Capability for BGP 4 z RFC...

Page 786: ...oute Attributes Configuring the AS PATH Attribute Optional Configuring BGP Keepalive Interval and Holdtime Optional Configuring the Interval for Sending the Same Update Optional Configuring BGP Soft R...

Page 787: ...uter ID z If the router ID is specified in BGP view using the undo router id command can make the system select a new router ID Follow these steps to create a BGP connection To do Use the command Rema...

Page 788: ...peer or peer group peer group name ip address connect interface interface type interface number Required By default BGP uses the outbound interface of the best route to the BGP peer peer group as the...

Page 789: ...BGP to advertise it to BGP peers The origin attribute of routes advertised in this way is IGP You can also reference a route policy to flexibly control route advertisement The network to be injected...

Page 790: ...e policy route policy name Required Not redistributed by default Enable default route redistribution into BGP default route imported Optional Not enabled by default Controlling Route Distribution and...

Page 791: ...cy route policy name suppress policy route policy name Required Not configured by default Advertising a Default Route to a Peer or Peer Group After this task is configured the BGP router sends a defau...

Page 792: ...sequence z filter policy export z peer filter policy export z peer as path acl export z peer ip prefix export z peer route policy export Only routes pass the first policy can they go to the next and o...

Page 793: ...next hop before advertisement With BGP and IGP synchronization enabled the BGP router cannot advertise the iBGP route to eBGP peers unless the route is also available in the IGP routing table Follow...

Page 794: ...efix number reconnect reconnect time percentage value Required to choose any No limit is configured by default Configuring BGP Route Dampening By configuring BGP route dampening you can suppress unsta...

Page 795: ...e for routes received from a peer or peer group peer group name ip address preferred value value Optional The preferred value is 0 by default Configuring Preferences for BGP Routes A router may run mu...

Page 796: ...ffic going into an AS When a BGP router obtains from eBGP peers multiple routes to the same destination but with different next hops it considers the route with the smallest MED value as the best rout...

Page 797: ...onfigure the bestroute compare med command on Router D After that Router D will put routes received from the same AS into a group For the same group the route with the lowest MED is selected Then it c...

Page 798: ...sure a BGP peer can find the correct next hop in some cases you need to configure the router as the next hop for routes sent to the peer For example as shown in the figure below Router A and Router B...

Page 799: ...r routes sent to an iBGP peer peer group Configuring the AS PATH Attribute Permit local AS number to appear in routes from a peer peer group In general BGP checks whether the AS_PATH attribute of a ro...

Page 800: ...he command Remarks Enter system view system view Enter BGP view bgp as number Specify a fake AS number for a peer peer group peer group name ip address fake as as number Optional Not specified by defa...

Page 801: ...updates to a peer peer group Follow these steps to remove private AS numbers from updates to a peer peer group To do Use the command Remarks Enter system view system view Enter BGP view bgp as number...

Page 802: ...o configure the interval for sending the same update to a peer peer group To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Configure the interval for sending th...

Page 803: ...all routes command When a route selection policy is modified you can use the refresh bgp command to refresh the BGP routing table by applying the new policy Following these steps to save all route up...

Page 804: ...r group peer group name ip address capability advertise orf non standard Optional By default standard BGP ORF capability defined in RFC 5291 and RFC 5292 is supported If the peer supports only non sta...

Page 805: ...w these steps to enable MD5 authentication for TCP connections To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enable MD5 authentication when establishing a TC...

Page 806: ...nfigure a peer group and add these peers into this group In this way peers can share the same policy as the peer group When the policy of the group is modified the modification also applies to peers i...

Page 807: ...gp as number Create an eBGP peer group group group name external Required Specify the AS number for the group peer group name as number as number Required Add a peer into the group peer ip address gro...

Page 808: ...ty between iBGP peers you need to make them fully meshed But it becomes unpractical when there are large numbers of iBGP peers Configuring route reflectors or confederation can solve it In a large sca...

Page 809: ...ps Follow these steps to configure a BGP route reflector To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Configure the router as a route reflector and specify...

Page 810: ...specify the peering sub ASs in the confederation A confederation contains 32 sub ASs at most The AS number of a sub AS is effective only in the confederation Follow these steps to configure a BGP conf...

Page 811: ...GP session should be less than the Holdtime carried in the Open message z The End Of RIB End of Routing Information Base indicates the end of route updates Enabling Trap After Trap is enabled for BGP...

Page 812: ...terface Therefore BFD was introduced to solve this problem It can quickly finds neighbors and thus reduce network convergence time Follow these steps to enable BFD for a BGP peer To do Use the command...

Page 813: ...display bgp routing table dampened Display BGP dampening parameter information display bgp routing table dampening parameter Display BGP routing information originating from different ASs display bgp...

Page 814: ...twork requirements In the following network run eBGP between Switch A and Switch B and iBGP between Switch B and Switch C so that Switch C can access the network 8 1 1 0 24 connected to Router A Figur...

Page 815: ...ospf 1 quit SwitchC display bgp peer BGP local router ID 3 3 3 3 Local AS number 65009 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 2 2 2 2...

Page 816: ...le Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 8 1 1 0 24 0 0 0 0 0 0 i Display the BGP routing table on Switch B SwitchB display bgp routing table Total Number of Routes...

Page 817: ...lay the BGP routing table on Switch C SwitchC display bgp routing table Total Number of Routes 4 BGP Local router ID is 3 3 3 3 Status codes valid VPNv4 best best d damped h history i internal s suppr...

Page 818: ...AS 65009 so that Switch B can obtain the route to 9 1 2 0 24 Configure Switch B SwitchB system view SwitchB ospf 1 SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 2 2 2 2 0 0 0 0 SwitchB os...

Page 819: ...hA display bgp routing table Total Number of Routes 3 BGP Local router ID is 1 1 1 1 Status codes valid VPNv4 best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete...

Page 820: ...break Reply from 8 1 1 1 bytes 56 Sequence 1 ttl 254 time 2 ms Reply from 8 1 1 1 bytes 56 Sequence 2 ttl 254 time 2 ms Reply from 8 1 1 1 bytes 56 Sequence 3 ttl 254 time 2 ms Reply from 8 1 1 1 byte...

Page 821: ...OSPF to establish the iBGP connection z On Switch C establish an eBGP connection with Switch A and an iBGP connection with Switch B configure BGP to advertise network 9 1 1 0 24 to Switch A so that S...

Page 822: ...hop 3 1 1 1 is marked with a greater than sign indicating it is the best route because the ID of Switch B is smaller the route with next hop 3 1 2 1 is marked with only an asterisk indicating it is a...

Page 823: ...Configure No_Export community attribute on Switch A to make routes from AS 10 not advertised by AS 20 to any other AS Figure 1 23 Network diagram for BGP community configuration Configuration procedu...

Page 824: ...p routing table Total Number of Routes 1 BGP Local router ID is 3 3 3 3 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED Loc...

Page 825: ...GP z Between Switch A and Switch B is an eBGP connection between Switch C and Switch B and between Switch C and Switch D are iBGP connections z Switch C is a route reflector with clients Switch B and...

Page 826: ...ter id 4 4 4 4 SwitchD bgp peer 194 1 1 1 as number 200 SwitchD bgp quit 3 Configure the route reflector Configure Switch C SwitchC bgp 200 SwitchC bgp peer 193 1 1 2 reflect client SwitchC bgp peer 1...

Page 827: ...n i n t 3 0 0 Vlan int400 Vlan int500 Vlan int400 Vlan int500 Vlan int200 Vlan int200 Vlan int300 Vlan int200 Device Interface IP address Device Interface IP address Switch A Vlan int100 200 1 1 1 24...

Page 828: ...iBGP connections in AS65001 Configure Switch A SwitchA bgp 65001 SwitchA bgp peer 10 1 3 2 as number 65001 SwitchA bgp peer 10 1 3 2 next hop local SwitchA bgp peer 10 1 4 2 as number 65001 SwitchA b...

Page 829: ...n i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn i 9 1 1 0 24 10 1 1 1 0 100 0 65001 100i SwitchB display bgp routing table 9 1 1 0 BGP local router ID 2 2 2 2 Local AS number 6500...

Page 830: ...al route information from Switch A and generate the same BGP route entries it seems like that they reside in the same AS although they have no direct connection in between BGP Path Selection Configura...

Page 831: ...1 area 0 0 0 0 network 193 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 network 195 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit Configure Switch D SwitchD system view SwitchD o...

Page 832: ...nd apply_med_100 which sets the MED for route 1 0 0 0 8 to 100 SwitchA route policy apply_med_50 permit node 10 SwitchA route policy if match acl 2000 SwitchA route policy apply cost 50 SwitchA route...

Page 833: ...g policy localpref to routes from peer 193 1 1 1 SwitchC bgp 200 SwitchC bgp peer 193 1 1 1 route policy localpref import SwitchC bgp quit Display the routing table on Switch D SwitchD display bgp rou...

Page 834: ...face10 ip address 10 1 0 100 24 SwitchB Vlan interface10 quit 2 Configure BGP basic functions Configure Switch A SwitchA bgp 100 SwitchA bgp peer 10 1 0 100 as number 100 SwitchA bgp peer 10 1 0 100 b...

Page 835: ...t Num 52 Send Pkt Num 50 Hold Time 1600ms Connect Type Direct Running Up for 00 00 01 Auth mode None Protocol BGP Diag Info No Diagnostic After the link between Switch A and Switch B fails display the...

Page 836: ...s omitted Configure the eBGP connection SwitchA system view SwitchA bgp 65008 SwitchA bgp router id 1 1 1 1 SwitchA bgp peer 200 1 1 1 as number 65009 Inject network 8 0 0 0 8 to the BGP routing table...

Page 837: ...the connection to a peer cannot become established Analysis To become BGP peers any two routers need to establish a TCP session using port 179 and exchange Open messages successfully Solution 1 Use th...

Page 838: ...Static Routing 1 1 Features of IPv6 Static Routes 1 1 Default IPv6 Route 1 1 Configuring an IPv6 Static Route 1 1 Configuration prerequisites 1 2 Configuring an IPv6 Static Route 1 2 Displaying and M...

Page 839: ...routes also have shortcomings any topology changes could result in unavailable routes requiring the network administrator to manually configure and modify the static routes Features of IPv6 Static Rou...

Page 840: ...reference preference value Required The default preference of IPv6 static routes is 60 Displaying and Maintaining IPv6 Static Routes To do Use the command Remarks Display IPv6 static route information...

Page 841: ...c route on SwitchC SwitchC system view SwitchC ipv6 route static 0 5 2 3 Configure the IPv6 addresses of hosts and gateways Configure the IPv6 addresses of all the hosts based upon the network diagram...

Page 842: ...ping command SwitchA ping ipv6 3 1 PING 3 1 56 data bytes press CTRL_C to break Reply from 3 1 bytes 56 Sequence 1 hop limit 254 time 63 ms Reply from 3 1 bytes 56 Sequence 2 hop limit 254 time 62 ms...

Page 843: ...ng Route Summarization 1 5 Advertising a Default Route 1 5 Configuring a RIPng Route Filtering Policy 1 6 Configuring a Priority for RIPng 1 6 Configuring RIPng Route Redistribution 1 6 Tuning and Opt...

Page 844: ...128 bit destination address prefix z Next hop 128 bit IPv6 address z Source address RIPng uses FE80 10 as the link local source address RIPng Working Mechanism RIPng is a routing protocol based on th...

Page 845: ...iguration in the IP Routing Volume RIPng Packet Format Basic format A RIPng packet consists of a header and multiple route table entries RTEs The maximum number of RTEs in a packet depends on the IPv6...

Page 846: ...ested routing information to the requesting router in the response packet Response packet The response packet containing the local routing table information is generated as z A response to a request z...

Page 847: ...a Default Route z Configuring a RIPng Route Filtering Policy z Configuring a Priority for RIPng z Configuring RIPng Route Redistribution Before the configuration accomplish the following tasks first...

Page 848: ...Summarization Follow these steps to configure RIPng route summarization To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Adver...

Page 849: ...ting information Configuring a Priority for RIPng Any routing protocol has its own protocol priority used for optimal route selection You can set a priority for RIPng manually The smaller the value is...

Page 850: ...ancing Configuring RIPng Timers You can adjust RIPng timers to optimize the performance of the RIPng network Follow these steps to configure RIPng timers To do Use the command Remarks Enter system vie...

Page 851: ...are recommended to enable split horizon to prevent routing loops Configuring the poison reverse function The poison reverse function enables a route learned from an interface to be advertised through...

Page 852: ...d Configure the maximum number of equal cost RIPng routes for load balancing maximum load balancing number Optional The value defaults to 8 Displaying and Maintaining RIPng To do Use the command Remar...

Page 853: ...em view SwitchA ripng 1 SwitchA ripng 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 ripng 1 enable SwitchA Vlan interface100 quit SwitchA interface vlan interface 400 SwitchA V...

Page 854: ...2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 4 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 5 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Display the routing table of Switch A SwitchA d...

Page 855: ...1 route Route Flags A Aging S Suppressed G Garbage collect Peer FE80 20F E2FF FE00 1235 on Vlan interface100 Dest 1 64 via FE80 20F E2FF FE00 1235 cost 1 tag 0 A 2 Sec Dest 4 64 via FE80 20F E2FF FE0...

Page 856: ...SwitchB Vlan interface100 ripng 100 enable SwitchB Vlan interface100 quit SwitchB ripng 200 SwitchB ripng 200 quit SwitchB interface vlan interface 300 SwitchB Vlan interface300 ripng 200 enable Switc...

Page 857: ...esses on Switch B SwitchB ripng 100 SwitchB ripng 100 default cost 3 SwitchB ripng 100 import route ripng 200 SwitchB ripng 100 quit SwitchB ripng 200 SwitchB ripng 200 import route ripng 100 SwitchB...

Page 858: ...rect NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 4 64 Protocol RIPng NextHop FE80 200 BFF FE01 1C02 Preference 100 Interface Vlan100 Cost 4 Destination FE80 10 Protocol Direct NextHop...

Page 859: ...tion Control 1 8 Prerequisites 1 8 Configuring OSPFv3 Route Summarization 1 8 Configuring OSPFv3 Inbound Route Filtering 1 9 Configuring an OSPFv3 Cost for an Interface 1 9 Configuring the Maximum Num...

Page 860: ...ii Configuring OSPFv3 Route Redistribution 1 23 Configuring OSPFv3 GR 1 26 Troubleshooting OSPFv3 Configuration 1 28 No OSPFv3 Neighbor Relationship Established 1 28 Incorrect Routing Information 1 28...

Page 861: ...ic sense or a Layer 3 switch z EA boards such as LSQ1GP12EA and LSQ1TGX1EA do not support IPv6 features Introduction to OSPFv3 OSPFv3 Overview Open Shortest Path First version 3 OSPFv3 supports IPv6 a...

Page 862: ...etwork LSA Originated for broadcast and NBMA networks by the Designated Router This LSA contains the list of routers connected to the network Flooded throughout a single area only z Inter Area Prefix...

Page 863: ...llo packet from a neighbor within a period it will declare the peer is down The period is called the dead interval After sending an LSA to its adjacency a router waits for an acknowledgment from the a...

Page 864: ...OSPFv3 Route Summarization Optional Configuring OSPFv3 Inbound Route Filtering Optional Configuring an OSPFv3 Cost for an Interface Optional Configuring the Maximum Number of OSPFv3 Load balanced Rou...

Page 865: ...er ID router id router id Required Enter interface view interface interface type interface number Enable an OSPFv3 process on the interface ospfv3 process id area area id instance instance id Required...

Page 866: ...le on the ABR of the stub area z If you use the stub command with the keyword no summary on an ABR the ABR advertises a default route in an Inter Area Prefix LSA into the stub area No AS external LSA...

Page 867: ...e directly reachable to each other through a virtual circuit In the event no such direct link is available you need to change the network type through a command z If direct connections are not availab...

Page 868: ...ormation Control This section is to configure the control of OSPF routing information advertisement and reception and redistribution from other protocols Prerequisites z Enable IPv6 packet forwarding...

Page 869: ...ut can be added into the local routing table Configuring an OSPFv3 Cost for an Interface You can configure an OSPFv3 cost for an interface with one of the following two methods z Configure the cost va...

Page 870: ...tiple equal cost routes to a destination are available enabling load balancing among these routes can improve link utilization Follow these steps to configure the maximum number of load balanced route...

Page 871: ...default route default route advertise always cost cost type type route policy route policy name Optional Not injected by default Filter redistributed routes filter policy acl6 number ipv6 prefix ipv6...

Page 872: ...ng z Configure OSPFv3 basic functions Configuring OSPFv3 Timers Follow these steps to configure OSPFv3 timers To do Use the command Remarks Enter system view system view Enter interface view interface...

Page 873: ...rface To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Configure a DR priority ospfv3 dr priority priority instance instance i...

Page 874: ...sending OSPFv3 packets Using the silent interface command disables only the interfaces associated with the current process z After an OSPF interface is set to silent direct routes of the interface can...

Page 875: ...lpers Then the GR Restarter retrieves its adjacencies and LSDB with the help of the GR Helpers Thus the normal data forwarding is ensured Configuring GR Restarter You can configure the GR Restarter ca...

Page 876: ...bose peer router id Display OSPFv3 neighbor statistics display ospfv3 peer statistic Display OSPFv3 routing table information display ospfv3 process id routing ipv6 address prefix length ipv6 address...

Page 877: ...nfigure Area 2 as a stub area to reduce LSAs in the area without affecting route reachability Figure 1 2 Network diagram for OSPFv3 area configuration Configuration procedure 1 Configure IPv6 addresse...

Page 878: ...ace100 ospfv3 1 area 0 SwitchC Vlan interface100 quit SwitchC interface vlan interface 400 SwitchC Vlan interface400 ospfv3 1 area 2 SwitchC Vlan interface400 quit Configure Switch D SwitchD system vi...

Page 879: ...ted route OSPFv3 Router with ID 4 4 4 4 Process 1 Destination 2001 64 Type IA Cost 2 NextHop FE80 F40D 0 93D0 1 Interface Vlan400 Destination 2001 1 64 Type IA Cost 3 NextHop FE80 F40D 0 93D0 1 Interf...

Page 880: ...ination 2001 2 64 Type I Cost 1 NextHop directly connected Interface Vlan400 Destination 2001 3 64 Type IA Cost 4 NextHop FE80 F40D 0 93D0 1 Interface Vlan400 4 Configure Area 2 as a totally stub area...

Page 881: ...on configuration Configuration procedure 1 Configure IPv6 addresses for interfaces omitted 2 Configure OSPFv3 basic functions Configure Switch A SwitchA system view SwitchA ipv6 SwitchA ospfv3 SwitchA...

Page 882: ...i State Dead Time Interface Instance ID 2 2 2 2 1 2 Way DROther 00 00 36 Vlan200 0 3 3 3 3 1 Full Backup 00 00 35 Vlan100 0 4 4 4 4 1 Full DR 00 00 33 Vlan200 0 Display neighbor information on Switch...

Page 883: ...DROther 00 00 36 Vlan200 0 3 3 3 3 2 Full Backup 00 00 40 Vlan100 0 4 Restart DR BDR election Use the shutdown and undo shutdown commands on interfaces to restart DR BDR election omitted Display neigh...

Page 884: ...faces omitted 2 Configure OSPFv3 basic functions Enable OSPFv3 process 1 on Switch A SwitchA system view SwitchA ipv6 SwitchA ospfv3 1 SwitchA ospfv3 1 router id 1 1 1 1 SwitchA ospfv3 1 quit SwitchA...

Page 885: ...ng table Routing Table Destinations 6 Routes 6 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 3 64 Protocol Direct NextHop 3 2 Preference 0 Interface Vla...

Page 886: ...3 NextHop FE80 200 CFF FE01 1C03 Preference 150 Interface Vlan300 Cost 3 Destination 3 64 Protocol Direct NextHop 3 2 Preference 0 Interface Vlan300 Cost 0 Destination 3 2 128 Protocol Direct NextHop...

Page 887: ...ul restart enable SwitchA ospfv3 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 ospfv3 1 area 1 SwitchA Vlan interface100 quit Enable OSPFv3 on Switch B and set the router ID to...

Page 888: ...ospfv3 peer command 2 Display OSPFv3 interface information using the display ospfv3 interface command 3 Ping the neighbor router s IP address to check connectivity 4 Check OSPF timers The dead interva...

Page 889: ...t area configuration using the display current configuration configuration command If more than two areas are configured at least one area is connected to the backbone 5 In a Stub area all routers are...

Page 890: ...ring IPv6 IS IS Basic Functions 1 2 Configuration Prerequisites 1 2 Configuration Procedure 1 2 Configuring IPv6 IS IS Routing Information Control 1 2 Configuration Prerequisites 1 2 Configuration Pro...

Page 891: ...m to Intermediate System intra domain routing information exchange protocol supports multiple network protocols including IPv6 IS IS with IPv6 support is called IPv6 IS IS dynamic routing protocol The...

Page 892: ...is process id Required Not enabled by default Configure the network entity title for the IS IS process network entity net Required Not configured by default Enable IPv6 for the IS IS process ipv6 enab...

Page 893: ...2 IPv6 routes ipv6 import route limit number Optional The default value depends on the SRPU models LPU models and their working modes Configure the filtering of outgoing redistributed routes ipv6 filt...

Page 894: ...Available in any view Display IS IS neighbor information display isis peer statistics verbose process id vpn instance vpn instance name Available in any view Display IPv6 IS IS routing information di...

Page 895: ...n interface100 isis ipv6 enable 1 SwitchA Vlan interface100 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 is level level 1 SwitchB isis 1 network entity 10 0000 0000 0002 0...

Page 896: ...hC Vlan interface300 quit Configure Switch D SwitchD system view SwitchD isis 1 SwitchD isis 1 is level level 2 SwitchD isis 1 network entity 20 0000 0000 0004 00 SwitchD isis 1 ipv6 enable SwitchD is...

Page 897: ...Peer Group 1 7 Configuring Outbound Route Filtering 1 8 Configuring Inbound Route Filtering 1 9 Configuring IPv6 BGP and IGP Route Synchronization 1 9 Configuring Route Dampening 1 10 Configuring IPv6...

Page 898: ...ii IPv6 BGP Basic Configuration 1 21 IPv6 BGP Route Reflector Configuration 1 23 Troubleshooting IPv6 BGP Configuration 1 24 No IPv6 BGP Peer Relationship Established 1 24...

Page 899: ...tion Examples z Troubleshooting IPv6 BGP Configuration IPv6 BGP Overview BGP 4 was designed to carry only IPv4 routing information and thus other network layer protocols such as IPv6 are not supported...

Page 900: ...nal Advertising a Default Route to an IPv6 Peer Peer Group Optional Configuring Outbound Route Filtering Optional Configuring Inbound Route Optional Configuring IPv6 BGP and IGP Route Synchronization...

Page 901: ...IP addresses are configured for any interfaces Enter IPv6 address family view ipv6 family Specify an IPv6 peer peer ipv6 address as number as number Required Injecting a Local IPv6 Route Follow these...

Page 902: ...nd For information about using a routing policy to set a preferred value refer to the command peer group name ipv4 address ipv6 address route policy route policy name import export in this document an...

Page 903: ...e command Remarks Enter system view system view Enter BGP view bgp as number Enter IPv6 address family view ipv6 family Allow the establishment of eBGP connection to a non directly connected peer peer...

Page 904: ...eps to configure to log on the session and event information of an IPv6 peer peer group To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enable logging of peer...

Page 905: ...ng the import route command cannot redistribute any IGP default route Configuring IPv6 BGP Route Summarization To reduce the routing table size on medium and large BGP networks you need to configure r...

Page 906: ...number Enter IPv6 address family view ipv6 family Configure the filtering of outgoing routes filter policy acl6 number ipv6 prefix ipv6 prefix name export protocol process id Required Not configured b...

Page 907: ...ipv6 address filter policy acl6 number import Required Not specified by default Specify an AS path ACL to filter routing information imported from an IPv6 peer peer group peer ipv6 group name ipv6 ad...

Page 908: ...dampening To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enter IPv6 address family view ipv6 family Configure IPv6 BGP route dampening parameters dampening ha...

Page 909: ...sure an iBGP peer can find the correct next hop you can configure routes advertised to the IPv6 iBGP peer peer group to use the local router as the next hop If BGP load balancing is configured the loc...

Page 910: ...s path neglect Optional Enabled by default Configure to carry only the public AS number in updates sent to a peer peer group peer ipv6 group name ipv6 address public as only Optional By default IPv6 B...

Page 911: ...pply the new policy Prerequisites Before configuring IPv6 BGP timers you need to z Enable IPv6 z Configure IPv6 BGP basic functions Configuring IPv6 BGP Timers Follow these steps to configure IPv6 BGP...

Page 912: ...cy peer ipv6 group name ipv6 address keep all routes Optional Not saved by default Return to user view return Soft reset BGP connections manually refresh bgp ipv6 all ipv6 address group ipv6 group nam...

Page 913: ...P peer peer group peer group name ipv6 address capability advertise orf non standard Optional By default standard BGP ORF capability defined in RFC 5291 and RFC 5292 is supported Enable the ORF IP pre...

Page 914: ...not limited by AS To guarantee connectivity between iBGP peers you need to make them fully meshed but it becomes unpractical when there are too many iBGP peers Using route reflectors or confederation...

Page 915: ...by default z To create a pure eBGP peer group you need to specify an AS number for the peer group z If a peer was added into an eBGP peer group you cannot specify any AS number for the peer group Cre...

Page 916: ...nded community attribute to an IPv6 peer peer group peer ipv6 group name ipv6 address advertise ext community Required Not advertised by default Apply a routing policy to routes advertised to a peer p...

Page 917: ...ctor fully meshed If clients are fully meshed it is recommended to disable route reflection between clients to reduce routing costs z If a cluster has multiple route reflectors you need to specify the...

Page 918: ...routing table different origin as Display IPv6 BGP routing flap statistics display bgp ipv6 routing table flap info regular expression as regular expression as path acl as path acl number network addr...

Page 919: ...amples for IPv6 BGP configuration are similar to those of BGP4 so refer to BGP Configuration in the IP Routing Volume for related information IPv6 BGP Basic Configuration Network requirements In the f...

Page 920: ...SwitchD ipv6 SwitchD bgp 65009 SwitchD bgp router id 4 4 4 4 SwitchD bgp ipv6 family SwitchD bgp af ipv6 peer 9 1 1 as number 65009 SwitchD bgp af ipv6 peer 9 2 1 as number 65009 SwitchD bgp af ipv6 q...

Page 921: ...established iBGP connections with each other IPv6 BGP Route Reflector Configuration Network requirements As shown in the following figure Switch B receives an eBGP update and sends it to Switch C whi...

Page 922: ...mber 200 SwitchC bgp af ipv6 peer 102 2 as number 200 Configure Switch D SwitchD system view SwitchD ipv6 SwitchD bgp 200 SwitchD bgp router id 4 4 4 4 SwitchD bgp ipv6 family SwitchD bgp af ipv6 peer...

Page 923: ...o verify the peer s IPv6 address 3 If the loopback interface is used check whether the peer connect interface command is configured 4 If the peer is not directly connected check whether the peer ebgp...

Page 924: ...munity List 1 5 Configuring a Route Policy 1 6 Prerequisites 1 6 Creating a Route Policy 1 6 Defining if match Clauses 1 7 Defining apply Clauses 1 8 Displaying and Maintaining the Route Policy 1 10 R...

Page 925: ...t support IPv6 features z Route policy in this chapter involves both IPv4 route policy and IPv6 route policy Introduction to Route Policy Route Policy and Policy Routing A route policy is used on a ro...

Page 926: ...ty list configured based on the BGP community attribute can only be used to match BGP routing information Extended community list An extended community list configured based on the BGP extended commun...

Page 927: ...you need to decide on z IP prefix list name z Matching address range z Extcommunity list sequence number Defining an IP prefix List Define an IPv4 prefix list Identified by name an IPv4 prefix list ca...

Page 928: ...th a smaller index number is matched first If one item is matched the IPv6 prefix list is passed and the routing information will not go to the next item Follow these steps to define an IPv6 prefix li...

Page 929: ...e steps to define a community list To do Use the command Remarks Enter system view system view Define a basic community list ip community list basic comm list num deny permit community number list int...

Page 930: ...g information z apply clauses Specify the actions to be taken on routing information that has satisfied the match criteria such as route attribute modification Prerequisites Before configuring this ta...

Page 931: ...he deny keyword no routing information can pass it Defining if match Clauses Follow these steps to define if match clauses for a route policy node To do Use the command Remarks Enter system view syste...

Page 932: ...2 external type1or2 is is level 1 is is level 2 internal nssa external type1 nssa external type2 nssa external type1or2 Optional Not configured by default Match RIP OSPF and IS IS routing information...

Page 933: ...ernal type 1 type 2 Optional Not set by default Set the extended community attribute for BGP routing apply extcommunity rt as number nn ip address nn 1 16 additive Optional Not set by default for IPv4...

Page 934: ...dv community list number Display BGP extended community list information display ip extcommunity list ext comm list number Display IPv4 prefix list statistics display ip ip prefix ip prefix name Displ...

Page 935: ...0 quit SwitchC interface vlan interface 201 SwitchC Vlan interface201 isis enable SwitchC Vlan interface201 quit SwitchC interface vlan interface 202 SwitchC Vlan interface202 isis enable SwitchC Vlan...

Page 936: ...Area 192 168 1 0 24 1562 Stub 192 168 1 1 192 168 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 172 17 1 0 24 1 Type2 1 192 168 1 2 192 168 2 2 172 17 2 0 24 1 Type2 1 192 1...

Page 937: ...bles Routing for Network Destination Cost Type NextHop AdvRouter Area 192 168 1 0 24 1 Transit 192 168 1 1 192 168 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 172 17 1 0 2...

Page 938: ...enable SwitchA Vlan interface100 quit Configure three static routes SwitchA ipv6 route static 20 32 11 2 SwitchA ipv6 route static 30 32 11 2 SwitchA ipv6 route static 40 32 11 2 Configure a route pol...

Page 939: ...CA03 1 cost 1 tag 0 A 3 Sec Applying a Route Policy to Filter Received BGP Routes Network requirements As shown in the following figure z All the switches run BGP Switch C establishes eBGP connection...

Page 940: ...SwitchD bgp peer 1 1 3 1 as number 300 SwitchD bgp quit On Switch A inject routes 4 4 4 4 24 5 5 5 5 24 and 6 6 6 6 24 to BGP SwitchA bgp network 4 4 4 4 24 SwitchA bgp network 5 5 5 5 24 SwitchA bgp...

Page 941: ...olicy rt1 to filter routes received from peer 1 1 3 1 SwitchD bgp 400 SwitchD peer 1 1 3 1 route policy rt1 import Display the BGP routing table information of Switch D SwitchD display bgp routing tab...

Page 942: ...to display route policy information IPv6 Routing Information Filtering Failure Symptom Filtering routing information failed while the routing protocol runs normally Analysis At least one item of the I...

Page 943: ...w 1 1 Configuring Traffic Redirecting 1 1 Configuring a QoS Policy 1 2 Applying the QoS Policy 1 2 Displaying and Maintaining QoS Policies 1 3 Policy Routing Configuration Examples 1 4 IPv4 Policy Rou...

Page 944: ...ion based routing policy routing can make routing decisions based on the source address and other criteria in addition to the destination IP address The S7900E series switches implement policy routing...

Page 945: ...nter policy view qos policy policy name Associate the class with the traffic behavior in the QoS policy classifier tcl name behavior behavior name To implement policy routing successfully ensure that...

Page 946: ...os apply policy policy name inbound Required Follow these steps to apply the QoS policy to a VLAN To do Use the command Remarks Enter system view system view Apply the QoS policy to VLANs qos vlan pol...

Page 947: ...tbound Available in any view Policy Routing Configuration Examples IPv4 Policy Routing Configuration Example Network requirements As shown in Figure 1 1 redirect all packets received on GigabitEtherne...

Page 948: ...instead of Switch B IPv6 Policy Routing Configuration Example Network requirements As shown in Figure 1 2 redirect all packets received on GigabitEthernet 2 0 1 of Switch A to the next hop 202 2 Figur...

Page 949: ...licy a quit Apply QoS policy a to the incoming traffic of GigabitEthernet 2 0 1 SwitchA interface gigabitethernet 2 0 1 SwitchA GigabitEthernet2 0 1 qos apply policy a inbound Verification After compl...

Page 950: ...formation for IP multicast support This document describes z Multicast routing and forwarding overview z Multicast routing and forwarding configuration IGMP Internet Group Management Protocol IGMP is...

Page 951: ...MP Snooping z Configuring IGMP Snooping Port Functions z Configuring IGMP Snooping Querier z Configuring IGMP Snooping Proxying z Configuring IGMP Snooping Policy Multicast VLAN The multicast VLAN fea...

Page 952: ...constraining mechanism that runs on Layer 2 devices to manage and control IPv6 multicast groups This document describes z Configuring Basic Functions of MLD Snooping z Configuring MLD Snooping Port Fu...

Page 953: ...st 1 4 Common Notations in Multicast 1 5 Advantages and Applications of Multicast 1 5 Multicast Models 1 6 Multicast Architecture 1 6 Multicast Addresses 1 7 Multicast Protocols 1 11 Multicast Packet...

Page 954: ...y allowing high efficiency point to multipoint data transmission over a network multicast greatly saves network bandwidth and reduces network load With the multicast technology a network operator can...

Page 955: ...over the network is proportional to the number of hosts that need the information If a large number of users need the information the information source needs to send a copy of the same information t...

Page 956: ...ficant waste of network resources Multicast As discussed above unicast and broadcast techniques are unable to provide point to multipoint data transmissions with the minimum network consumption Multic...

Page 957: ...cast is confined to the same subnet while multicast is not Features of Multicast Multicast has the following features z A multicast group is a multicast receiver set identified by an IP multicast addr...

Page 958: ...ast group or joins another group Common Notations in Multicast Two notations are commonly used in multicast z G Indicates a rendezvous point tree RPT or a multicast packet that any multicast source se...

Page 959: ...cific sources Therefore receivers can receive the multicast data from only part of the multicast sources From the view of a receiver multicast sources are not all valid they are filtered SSM model In...

Page 960: ...in Table 1 2 Table 1 2 Class D IP address blocks and description Address block Description 224 0 0 0 to 224 0 0 255 Reserved permanent group addresses The IP address 224 0 0 0 is reserved and other IP...

Page 961: ...Host Configuration Protocol DHCP server relay agent 224 0 0 13 All Protocol Independent Multicast PIM routers 224 0 0 14 Resource Reservation Protocol RSVP encapsulation 224 0 0 15 All Core Based Tree...

Page 962: ...ulticast traffic is intended Possible values of this field are given in Table 1 5 Table 1 5 Values of the Scope field Value Meaning 0 3 F Reserved 1 Interface local scope 2 Link local scope 4 Admin lo...

Page 963: ...ame MAC address Therefore in Layer 2 multicast forwarding a device may receive some multicast data addressed for other IPv4 multicast groups and such redundant data needs to be filtered by the upper l...

Page 964: ...neral descriptions about applications and functions of the Layer 2 and Layer 3 multicast protocols in a network For details of these protocols refer to the related configuration manuals in the IP Mult...

Page 965: ...Border Gateway Protocol MP BGP is used for exchanging multicast routing information among different ASs For the SSM model multicast routes are not divided into inter domain routes and intra domain rou...

Page 966: ...packet transmission in the network unicast routing tables or multicast routing tables for example the MBGP routing table specially provided for multicast must be used as guidance for multicast forwar...

Page 967: ...an instance resides on different PE devices Multi Instance Application in Multicast With multi instance multicast enabled a PE is able to z Maintain a set of independent multicast forwarding mechanis...

Page 968: ...ce z The configuration made in VPN instance view only takes effect on the VPN instance interface only An interface that does not belong to any VPN instance is called public instance interface z For mo...

Page 969: ...iguration Prerequisites 1 8 Configuring Multicast Static Routes 1 8 Configuring a Multicast Routing Policy 1 9 Configuring a Multicast Forwarding Range 1 10 Configuring the Multicast Forwarding Table...

Page 970: ...ast implementations multicast routing and forwarding are implemented by three types of tables z Each multicast routing protocol has its own multicast routing table such as PIM routing table z The info...

Page 971: ...RPF interface and the next hop is the RPF neighbor z The router automatically chooses an optimal multicast static route by searching its multicast static routing table using the IP address of the pack...

Page 972: ...uter discards the packet 2 If the corresponding S G entry exists and the interface on which the packet actually arrived is the incoming interface the router forwards the packet to all the outgoing int...

Page 973: ...icast network and multicast traffic follows the same transmission path as unicast traffic does By configuring a multicast static route for a given multicast source you can change the RPF route so as t...

Page 974: ...ed an RPF static route z A multicast static route is effective only on the multicast router on which it is configured and will not be advertised throughout the network or redistributed to other router...

Page 975: ...t hop router to the last hop router Concepts in multicast traceroute 1 Last hop router If a router has one of its interfaces connecting to the subnet the given destination address is on and if the rou...

Page 976: ...arding Range Optional Configuring the Multicast Forwarding Table Size Optional Configuring Static Multicast MAC Address Entries Optional Configuring Multicast Routing and Forwarding Tracing a Multicas...

Page 977: ...t routing protocol so that all devices in the domain are interoperable at the network layer z Enable PIM PIM DM or PIM SM Before configuring multicast routing and forwarding prepare the following data...

Page 978: ...Follow these steps to configure a multicast routing policy in the public instance To do Use the command Remarks Enter system view system view Configure the device to select the RPF route based on the...

Page 979: ...lticast routing entries however can exhaust the router s memory and thus result in lower router performance You can set a limit on the number of entries in the multicast forwarding table based on the...

Page 980: ...w ip vpn instance vpn instance name Configure the maximum number of entries in the multicast forwarding table multicast forwarding table route limit limit Optional 1000 by default Configure the maximu...

Page 981: ...ration is effective for the specified interface When configuring a static multicast MAC address entry in interface view or port group view the configuration is effective only for the current interface...

Page 982: ...mask length incoming interface interface type interface number register outgoing interface exclude include match interface type interface number register Available in any view Display information of...

Page 983: ...outing table Configuration Examples Changing an RPF Route Network requirements z PIM DM runs in the network All switches in the network support multicast z Switch A Switch B and Switch C run OSPF z Ty...

Page 984: ...ace vlan interface 102 SwitchB Vlan interface102 pim dm SwitchB Vlan interface102 quit Enable IP multicast routing on Switch A and enable PIM DM on each interface SwitchA system view SwitchA multicast...

Page 985: ...st static route and the RPF neighbor is now Switch C Creating an RPF Route Network requirements z PIM DM runs in the network and all switches in the network support IP multicast z Switch B and Switch...

Page 986: ...face SwitchA system view SwitchA multicast routing enable SwitchC interface vlan interface 300 SwitchC Vlan interface300 pim dm SwitchC Vlan interface300 quit SwitchC interface vlan interface 102 Swit...

Page 987: ...es to Source 2 exist on Switch B and Switch C The source is the configured static route Multicast Forwarding over GRE Tunnels Network requirements z Multicast routing and PIM DM are enabled on Switch...

Page 988: ...1 1 1 SwitchC Tunnel0 quit 3 Configure OSPF Configure OSPF on Switch A SwitchA ospf 1 SwitchA ospf 1 area 0 SwitchA ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 network 2...

Page 989: ...n interface102 pim dm SwitchC Vlan interface102 quit SwitchC interface tunnel 0 SwitchC Tunnel0 pim dm SwitchC Tunnel0 quit 5 Configure a static multicast route On Switch C configure a static multicas...

Page 990: ...n the configuration you can use the display multicast routing table static config command to view the detailed configuration information of multicast static routes to verify that the multicast static...

Page 991: ...1 Use the display pim routing table command to check whether the corresponding S G entries exist on the router If so the router has received the multicast data otherwise the router has not received t...

Page 992: ...nfiguration Prerequisites 1 12 Configuring IGMP Message Options 1 12 Configuring IGMP Query and Response Parameters 1 13 Configuring IGMP Fast Leave Processing 1 16 Configuring IGMP SSM Mapping 1 16 C...

Page 993: ...eries is in an IRF it operates as a distributed IRF device For introduction of IRF refer to IRF Configuration in the System Volume IGMP Overview As a TCP IP protocol responsible for IP multicast group...

Page 994: ...router will act as the IGMP querier on the subnet In IGMPv1 the designated router DR elected by the working multicast routing protocol such as PIM serves as the IGMP querier For more information about...

Page 995: ...r the router forwards the multicast data to the local subnet and then the receivers on the subnet receive the data As IGMPv1 does not specifically define a Leave Group message upon leaving a multicast...

Page 996: ...ier will assume that no hosts on the subnet are still interested in multicast traffic to that group and will stop maintaining the memberships of the group Enhancements in IGMPv3 Built upon and being c...

Page 997: ...the report sender requests the multicast data from any sources but those defined in the specified multicast source list z TO_IN The filtering mode has changed from Exclude to Include z TO_EX The filt...

Page 998: ...igured on Router A Router A cannot provide SSM service and drops the message z If G is in the SSM group range and the IGMP SSM mappings have been configured on Router A for multicast group G Router A...

Page 999: ...ilter mode and source list Such an entry is a collection of members in the same multicast group on each downstream interface A proxy device performs host functions on the upstream interface based on t...

Page 1000: ...Proxying Configuring Multicast Forwarding on a Downstream Interface Optional z Configurations performed in IGMP view are effective on all interfaces while configurations performed in interface view a...

Page 1001: ...by default Enabling IGMP in a VPN instance Follow these steps to enable IGMP in a VPN instance To do Use the command Remarks Enter system view system view Create a VPN instance and enter VPN instance...

Page 1002: ...rface interface type interface number Configure an IGMP version on the interface igmp version version number Optional IGMPv2 by default Configuring Static Joining After an interface is configured as a...

Page 1003: ...you can set an ACL rule on the interface as a packet filter so that the interface maintains only the multicast groups matching the criteria Follow these steps to configure a multicast group filter To...

Page 1004: ...unctions of IGMP Before adjusting IGMP performance prepare the following data z Startup query interval z Startup query count z IGMP general query interval z IGMP querier s robustness variable z Maximu...

Page 1005: ...n Enable insertion of the Router Alert option into IGMP messages send router alert Optional By default IGMP messages carry the Router Alert option Configuring IGMP packet options on an interface Follo...

Page 1006: ...ill their Max Response time field Namely for IGMP group specific queries the maximum response time equals the IGMP last member query interval When multiple multicast routers exist on the same subnet t...

Page 1007: ...For the system default see Note below Configure the startup query count igmp startup query count value Optional For the system default see Note below Configure the IGMP query interval igmp timer quer...

Page 1008: ...IGMP querier may change frequently on the network z Make sure that the IGMP query interval is greater than the maximum response time for IGMP general queries otherwise multicast group members may be...

Page 1009: ...Enter public instance or VPN instance IGMP view igmp vpn instance vpn instance name Configure an IGMP SSM mapping ssm mapping group address mask mask length source address Required No IGMP mappings ar...

Page 1010: ...tocols such as PIM DM or PIM SM on interfaces with IGMP proxying enabled or vice versa However the source lifetime source policy and ssm policy commands configured in PIM view can still take effect In...

Page 1011: ...Available in any view Display layer 2 port information for IGMP multicast groups on a distributed device display igmp group port info vlan vlan id slot slot number verbose Available in any view Displ...

Page 1012: ...r 2 port information about IGMP multicast groups of static joins The reset igmp group command may cause an interruption of receivers reception of multicast data IGMP Configuration Examples Basic IGMP...

Page 1013: ...configuration steps are omitted here 2 Enable IP multicast routing and enable PIM DM and IGMP Enable IP multicast routing on Switch A enable PIM DM on each interface and enable IGMP on VLAN interface...

Page 1014: ...ce vlan interface 200 Vlan interface200 10 110 2 1 IGMP is enabled Current IGMP version is 2 Value of query interval for IGMP in seconds 60 Value of other querier present interval for IGMP in seconds...

Page 1015: ...n steps are omitted here Configure OSPF for interoperability among the switches Ensure the network layer interoperation on the PIM SM domain and dynamic update of routing information among the switche...

Page 1016: ...104 SwitchD pim c rp vlan interface 104 SwitchD pim quit 4 Configure the SSM group range Configure the SSM group range 232 1 1 0 24 on Switch D SwitchD acl number 2000 SwitchD acl basic 2000 rule per...

Page 1017: ...133 133 1 1 232 1 1 1 Protocol pim ssm Flag UpTime 00 13 25 Upstream interface Vlan interface104 Upstream neighbor 192 168 4 2 RPF prime neighbor 192 168 4 2 Downstream interface s information Total n...

Page 1018: ...uit SwitchA interface vlan interface 100 SwitchA Vlan interface100 igmp enable SwitchA Vlan interface100 pim dm SwitchA Vlan interface100 quit Enable IP multicast routing on Switch B IGMP Proxying on...

Page 1019: ...Analysis z The correctness of networking and interface connections and whether the protocol layer of the interface is up directly affect the generation of group membership information z Multicast rou...

Page 1020: ...lysis z A router running IGMP maintains multiple parameters for each interface and these parameters influence one another forming very complicated relationships Inconsistent IGMP interface parameter c...

Page 1021: ...ation Prerequisites 1 18 Enabling PIM SM 1 19 Configuring an RP 1 20 Configuring a BSR 1 22 Configuring Administrative Scoping 1 26 Configuring Multicast Source Registration 1 28 Disabling SPT Switcho...

Page 1022: ...M Configuration Example 1 54 Troubleshooting PIM Configuration 1 57 Failure of Building a Multicast Distribution Tree Correctly 1 57 Multicast Data Abnormally Terminated on an Intermediate Router 1 58...

Page 1023: ...mediate system to intermediate system IS IS or border gateway protocol BGP Independent of the unicast routing protocols running on the device multicast routing can be implemented as long as the corres...

Page 1024: ...z When a new receiver on a previously pruned branch joins a multicast group to reduce the join latency PIM DM uses a graft mechanism to resume data forwarding to that branch Generally speaking the mu...

Page 1025: ...ulticast group down to this node z An S G entry contains the multicast source address S multicast group address G outgoing interface list and incoming interface z For a given multicast stream the inte...

Page 1026: ...access network where more than one multicast router exists by electing a unique multicast forwarder on the multi access network Figure 1 2 Assert mechanism As shown in Figure 1 2 after Router A and R...

Page 1027: ...n as the common node or rendezvous point RP through which the multicast data travels along the RPT and reaches the receivers z When a receiver is interested in the multicast data addressed to a specif...

Page 1028: ...DR However if IGMPv1 runs on any multi access network in a PIM DM domain a DR must be elected to act as the IGMPv1 querier on that multi access network z IGMP must be enabled on a device that acts as...

Page 1029: ...one BSR but can have multiple candidate BSRs C BSRs Once the BSR fails a new BSR is automatically elected from the C BSRs to avoid service interruption z An RP can serve multiple multicast groups or a...

Page 1030: ...IP address of the C RP Logical operator of and XOR Logical operator of exclusive or Mod Modulo operator which gives the remainder of an integer division RPT establishment Figure 1 5 RPT establishment...

Page 1031: ...in Figure 1 6 the multicast source registers with the RP as follows 1 When the multicast source S sends the first multicast packet to multicast group G the DR directly connected with the multicast sou...

Page 1032: ...RP or the DR at the receiver side to initiate an SPT switchover process 1 The RP initiates an SPT switchover process Upon receiving the first multicast packet the RP sends an S G join message hop by h...

Page 1033: ...ains one BSR which serves multicast groups within a specific range Multicast protocol packets such as assert messages and bootstrap messages for a specific group range cannot cross the admin scope zon...

Page 1034: ...address ranges Each admin scope zone serves specific multicast groups Usually these addresses have no intersections however they may overlap one another Figure 1 8 Relationship between admin scope zo...

Page 1035: ...T is required there is no source registration process and there is no need of using the multicast source discovery protocol MSDP for discovering sources in other PIM domains Compared with the ASM mode...

Page 1036: ...s used to refer to a join message Multi Instance PIM A multicast router running multiple instances maintains an independent set of PIM neighbor table multicast routing table BSR information and RP set...

Page 1037: ...es messages from the PIM neighbors When deploying a PIM DM domain you are recommended to enable PIM DM on all non border interfaces of the routers Enabling PIM DM globally in the public instance Follo...

Page 1038: ...lticast forwarding when the pruned state times out To prevent this the router with the multicast source attached periodically sends an S G state refresh message which is forwarded hop by hop along the...

Page 1039: ...s Enter system view system view Enter public instance PIM view or VPN instance PIM view pim vpn instance vpn instance name Configure the interval between state refresh messages state refresh interval...

Page 1040: ...lobal scope zone Optional Configuring Multicast Source Registration Optional Disabling SPT Switchover Optional Configuring PIM Common Features Optional Configuration Prerequisites Before configuring P...

Page 1041: ...ter system view system view Enable IP multicast routing multicast routing enable Required Disable by default Enter interface view interface interface type interface number Enable PIM SM pim sm Require...

Page 1042: ...f there is only one dynamic RP in a network manually configuring a static RP can avoid communication interruption due to single point failures and avoid frequent message exchange between C RPs and the...

Page 1043: ...olicy acl number priority priority holdtime hold interval advertisement interval adv interval Required No C RPs are configured by default Configure a legal C RP address range and the range of multicas...

Page 1044: ...onal 60 seconds by default Configure C RP timeout time c rp holdtime interval Optional 150 seconds by default For the configuration of other timers in PIM SM refer to Configuring PIM Common Timers Con...

Page 1045: ...g as the neighbor router discards these bootstrap messages Therefore with a legal BSR address range configured on all routers in the entire network all these routers will discard bootstrap messages fr...

Page 1046: ...igure a PIM domain border pim bsr boundary Required By default no PIM domain border is configured Configuring global C BSR parameters In each PIM SM domain a unique BSR is elected from C BSRs The C RP...

Page 1047: ...IP address and RP Set information through bootstrap messages within the entire zone it serves The BSR floods bootstrap messages throughout the network at the interval of BS BSR state period Any C BSR...

Page 1048: ...e zones Each admin scope zone maintains a BSR which serves a specific multicast group range while the global scope zone also maintains a BSR which serves all the rest multicast groups Enabling adminis...

Page 1049: ...cted from C BSRs C RPs in the network send advertisement messages to the specific BSR The BSR summarizes the advertisement messages to form an RP set and advertises it to all routers in the specific a...

Page 1050: ...obal scope zone level or admin scope zone level the corresponding global values will be used For configuration of global C BSR parameters see Configuring global C BSR parameters Configuring Multicast...

Page 1051: ...all routers that may become source side DRs Follow these steps to configure register related parameters To do Use the command Remarks Enter system view system view Enter public instance PIM view or VP...

Page 1052: ...use spt switch threshold infinity command on a switch that may become an RP namely a static RP or a C RP Configuring PIM SSM The PIM SSM model needs the support of IGMPv3 Therefore be sure to enable...

Page 1053: ...e interface type interface number Enable PIM SM pim sm Required Disabled by default Enabling PIM SM in a VPN instance Follow these steps to enable PIM SM in a VPN instance To do Use the command Descri...

Page 1054: ...multicast groups within this address range are using the PIM SSM model Perform the following configuration on all routers in the PIM SM domain Follow these steps to configure an SSM multicast group ra...

Page 1055: ...ne Message Sizes Optional Configuration Prerequisites Before configuring PIM common features complete the following tasks z Configure any unicast routing protocol so that all devices in the domain are...

Page 1056: ...icast data filter by default z Generally a smaller distance from the filter to the multicast source results in a more remarkable filtering effect z This filter works not only on independent multicast...

Page 1057: ...lowed to wait before sending a prune override message When a router receives a prune message from a downstream router it does not perform the prune action immediately instead it maintains the current...

Page 1058: ...im hello option dr priority priority Optional 1 by default Configure PIM neighbor timeout time pim hello option holdtime interval Optional 105 seconds by default Configure the prune message delay time...

Page 1059: ...has lost assert election will prune its downstream interface and maintain the assert state for a period of time When the assert state times out the assert losers will resume multicast forwarding When...

Page 1060: ...ault If there are no special networking requirements we recommend that you use the default settings Configuring Join Prune Message Sizes A larger join prune message size will result in loss of a large...

Page 1061: ...erface type interface number verbose Available in any view View the information of join prune messages to send display pim all instance vpn instance vpn instance name join prune mode sm flags flag val...

Page 1062: ...ub network N2 through their respective VLAN interface 200 and to Switch D through VLAN interface 101 and VLAN interface 102 respectively z IGMPv2 is to run between Switch A and N1 and between Switch B...

Page 1063: ...uit The configuration on Switch B and Switch C is similar to that on Switch A Enable IP multicast routing on Switch D and enable PIM DM on each interface SwitchD system view SwitchD multicast routing...

Page 1064: ...PIM routing table information on each switch For example View the PIM routing table information on Switch A SwitchA display pim routing table Total 1 G entry 1 S G entry 225 1 1 1 Protocol pim dm Flag...

Page 1065: ...C are multicast receivers in two stub networks z Switch D connects to the network that comprises the multicast source Source through VLAN interface 300 z Switch A connects to stub network N1 through V...

Page 1066: ...nfigure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1 11 Detailed configuration steps are omitted here Configure the OSPF protocol for in...

Page 1067: ...quit On Switch E configure the service scope of RP advertisements specify a C BSR and a C RP and set the hash mask length to 32 and the priority of the C BSR to 20 SwitchE system view SwitchE acl num...

Page 1068: ...cope Not scoped Candidate RP 192 168 4 2 Vlan interface105 Priority 0 HoldTime 150 Advertisement Interval 60 Next advertisement scheduled at 00 00 34 View the BSR information and the locally configure...

Page 1069: ...ween Switch D and Switch E Upon receiving multicast data Switch A immediately switches from the RPT to the SPT Switches on the RPT path Switch A and Switch E have a G entry while switches on the SPT p...

Page 1070: ...View the PIM routing table information on Switch E SwitchE display pim routing table Total 1 G entry 0 S G entry 225 1 1 0 RP 192 168 9 2 local Protocol pim sm Flag WC UpTime 00 13 16 Upstream interfa...

Page 1071: ...int104 Vlan int108 Vlan int107 Vlan int107 Vlan int109 Vlan int109 Vlan int500 V l a n i n t 1 0 5 Vlan int108 Vlan int400 Vlan int110 Vlan int110 Vlan int106 V l a n i n t 6 0 0 Vlan int100 Vlan int...

Page 1072: ...interface 100 SwitchA Vlan interface100 igmp enable SwitchA Vlan interface100 pim sm SwitchA Vlan interface100 quit SwitchA interface vlan interface 101 SwitchA Vlan interface101 pim sm SwitchA Vlan i...

Page 1073: ...tem view SwitchD interface vlan interface 107 SwitchD Vlan interface107 multicast boundary 239 0 0 0 8 SwitchD Vlan interface107 quit 4 Configure C BSRs and C RPs On Switch B configure the service sco...

Page 1074: ...Scope Global Uptime 00 01 45 Expires 00 01 25 Elected BSR Address 10 110 1 2 Priority 0 Hash mask length 30 State Elected Scope 239 0 0 0 8 Uptime 00 04 54 Next BSR message scheduled at 00 00 06 Cand...

Page 1075: ...y pim bsr info Elected BSR Address 10 110 9 1 Priority 0 Hash mask length 30 State Elected Scope Global Uptime 00 11 11 Next BSR message scheduled at 00 00 49 Candidate BSR Address 10 110 9 1 Priority...

Page 1076: ...roup MaskLen 224 0 0 0 4 RP 10 110 9 1 local Priority 0 HoldTime 150 Uptime 00 00 32 Expires 00 01 58 PIM SSM Configuration Example Network requirements z Receivers receive VOD information through mul...

Page 1077: ...itch B Vlan int200 10 110 2 1 24 Switch E Vlan int104 192 168 3 2 24 Vlan int103 192 168 2 1 24 Vlan int103 192 168 2 2 24 Switch C Vlan int200 10 110 2 2 24 Vlan int102 192 168 9 2 24 Vlan int104 192...

Page 1078: ...chA pim SwitchA pim ssm policy 2000 SwitchA pim quit The configuration on Switch B Switch C Switch D and Switch E is similar to that on Switch A 4 Verify the configuration Carry out the display pim in...

Page 1079: ...rwarding entries That is a multicast distribution tree cannot be built correctly and clients cannot receive multicast data Analysis z When PIM DM runs on the entire network multicast data is flooded f...

Page 1080: ...eighbor command to view the PIM neighbor information 4 Check that PIM and IGMP are enabled on the interfaces directly connecting to the multicast source and to the receivers 5 Check that the same PIM...

Page 1081: ...rp info command to check whether the same static RP address has been configured on all the routers in the entire network RPT Establishment Failure or Source Registration Failure in PIM SM Symptom C RP...

Page 1082: ...pport of the RP and BSR Use the display pim bsr info command to check whether the BSR information is available on each router and then use the display pim rp info command to check whether the RP infor...

Page 1083: ...uring MSDP Peer Connection Control 1 12 Configuring SA Messages Related Parameters 1 12 Configuration Prerequisites 1 12 Configuring SA Message Content 1 13 Configuring SA Request Messages 1 13 Config...

Page 1084: ...to discover multicast source information in other PIM SM domains In the basic PIM SM mode a multicast source registers only with the RP in the local PIM SM domain and the multicast source information...

Page 1085: ...side RP creates SA messages and sends the messages to its remote MSDP peer to notify the MSDP peer of the locally registered multicast source information A source side MSDP peer must be created on the...

Page 1086: ...exists in the domain PIM SM 1 and RP 1 has learned the existence of Source through multicast source registration If RPs in PIM SM 2 and PIM SM 3 also wish to know the specific location of Source so th...

Page 1087: ...he multicast source side so that it can directly join the SPT rooted at the source over other PIM SM domains Then the multicast data can flow along the SPT to RP 2 and is forwarded by RP 2 to the rece...

Page 1088: ...e as the MSDP peer address which means that the MSDP peer where the SA is from is the RP that has created the SA message RP 2 accepts the SA message and forwards it to its other MSDP peer RP 3 2 When...

Page 1089: ...MSDP peers Anycast RP refers to such an application that enables load balancing and redundancy backup between two or more RPs within a PIM SM domain by configuring the same IP address for and establis...

Page 1090: ...PIM SM domain and forward part of the multicast data thus achieving load balancing between different RPs z Redundancy backup between RPs When an RP fails the multicast source previously registered on...

Page 1091: ...Configuring the SA Cache Mechanism Optional Configuring Basic Functions of MSDP All the configuration tasks should be carried out on RPs in PIM SM domains and each of these RPs acts as an MSDP peer Co...

Page 1092: ...ystem view quit Enable MSDP and enter VPN instance MSDP view msdp vpn instance vpn instance name Required Disabled by default z For details about the ip vpn instance and route distinguisher commands s...

Page 1093: ...se the command Remarks Enter system view system view Enter public instance MSDP view or VPN instance MSDP view msdp vpn instance vpn instance name Configure a static RPF peer static rpf peer peer addr...

Page 1094: ...st traffic On one hand an MSDP peer in an MSDP mesh group forwards SA messages from outside the mesh group that have passed the RPF check to the other members in the mesh group on the other hand a mes...

Page 1095: ...to resume operation a TCP connection is required You can flexibly adjust the interval between MSDP peering connection retries Follow these steps to configure MSDP peer connection control To do Use th...

Page 1096: ...s the same as the local RP address it will discard the SA message In the Anycast RP application however you need to configure RPs with the same IP address on two or more routers in the same PIM SM dom...

Page 1097: ...ng or forwarding an SA message so that the propagation of multicast source information is controlled at SA message reception or forwarding By configuring a TTL threshold for multicast data packet enca...

Page 1098: ...cally on the router However the more S G entries are cached the larger memory space of the router is used With the SA cache mechanism enabled when receiving a new G join message the router searches it...

Page 1099: ...e in user view Clear S G entries in the SA cache reset msdp all instance vpn instance vpn instance name sa cache group address Available in user view Clear all statistics information of an MSDP peer r...

Page 1100: ...oop0 1 1 1 1 32 Switch F Vlan int105 10 110 6 2 24 Switch C Vlan int104 10 110 4 1 24 Vlan int400 10 110 7 1 24 Vlan int102 192 168 3 1 24 Source 1 10 110 2 100 24 Vlan int101 192 168 1 2 24 Source 2...

Page 1101: ...0 as a C BSR and a C RP on Switch B SwitchB pim SwitchB pim c bsr loopback 0 SwitchB pim c rp loopback 0 SwitchB pim quit The configuration on Switch C and Switch E is similar to the configuration on...

Page 1102: ...3 1 connect interface vlan interface 102 SwitchE msdp quit 6 Verify the configuration Carry out the display bgp peer command to view the BGP peering relationships between the switches For example Vie...

Page 1103: ...work NextHop MED LocPrf PrefVal Path Ogn 1 1 1 1 32 192 168 1 1 0 0 100 i 2 2 2 2 32 192 168 3 2 0 100 0 3 3 3 3 32 0 0 0 0 0 0 192 168 1 0 0 0 0 0 0 0 192 168 1 1 0 0 100 192 168 1 1 32 0 0 0 0 0 0 1...

Page 1104: ...00 8 0 View the detailed MSDP peer information on Switch B SwitchB display msdp peer status MSDP Peer 192 168 1 2 AS 200 Description Information about connection status State Up Up down time 00 15 47...

Page 1105: ...o provide unicast routes z PIM SM 2 and PIM SM 3 are both stub domains and BGP or MBGP is not required between these two domains and PIM SM 1 Instead static RPF peers are configured to avoid RPF check...

Page 1106: ...3 3 32 Vlan int102 192 168 3 1 24 Switch F Vlan int105 10 110 6 2 24 Loop0 1 1 1 1 32 Vlan int400 10 110 7 1 24 Switch C Vlan int101 192 168 1 2 24 Source 1 10 110 2 100 24 Vlan int104 10 110 4 1 24 S...

Page 1107: ...m c bsr loopback 0 SwitchB pim c rp loopback 0 SwitchB pim quit The configuration on Switch C and Switch E is similar to the configuration on Switch B 4 Configure a static RPF peer Configure Switch C...

Page 1108: ...brief MSDP peer information on Switch B SwitchB display msdp brief MSDP Peer Brief Information Configured Up Listen Connect Shutdown Down 2 2 0 0 0 0 Peer s Address State Up Down time AS SA Count Rese...

Page 1109: ...Switch C Vlan int101 192 168 1 2 24 Source 2 10 110 6 100 24 Vlan int102 192 168 2 2 24 Switch A Vlan int300 10 110 5 1 24 Switch D Vlan int200 10 110 3 1 24 Vlan int103 10 110 2 2 24 Vlan int104 10...

Page 1110: ...witchB LoopBack10 quit SwitchB interface loopback 20 SwitchB LoopBack20 pim sm SwitchB LoopBack20 quit The configuration on Switch A Switch C Switch D and Switch E is similar to the configuration on S...

Page 1111: ...display pim routing table command When Source 1 10 110 5 100 24 sends multicast data to multicast group G 225 1 1 1 Host A joins multicast group G By comparing the PIM routing information displayed on...

Page 1112: ...M routing information on Switch B SwitchB display pim routing table No information is output on Switch B View the PIM routing information on Switch D SwitchD display pim routing table Total 1 G entry...

Page 1113: ...multicast groups 225 1 1 0 30 and 226 1 1 0 30 while Host can receive only the multicast data addressed to multicast groups 226 1 1 0 30 and 227 1 1 0 30 Network diagram Figure 1 8 Network diagram for...

Page 1114: ...interface101 pim sm SwitchA Vlan interface101 quit SwitchA interface vlan interface 102 SwitchA Vlan interface102 pim sm SwitchA Vlan interface102 quit SwitchA interface loopback 0 SwitchA LoopBack0...

Page 1115: ...0 30 to Switch D SwitchC acl number 3001 SwitchC acl adv 3001 rule deny ip source 10 110 3 100 0 destination 225 1 1 0 0 0 0 3 SwitchC acl adv 3001 rule permit ip source any destination any SwitchC a...

Page 1116: ...1 1 1 1 00 32 53 00 05 07 Troubleshooting MSDP MSDP Peers Stay in Down State Symptom The configured MSDP peers stay in the down state Analysis z A TCP connection based MSDP peering relationship is est...

Page 1117: ...argument and make sure that ACL rule can filter appropriate S G entries Inter RP Communication Faults in Anycast RP Application Symptom RPs fail to exchange their locally registered S G entries with...

Page 1118: ...command In the Anycast RP application environment be sure to use the originating rp command to configure the RP address in the SA messages which must be the local interface address 4 Verify that the C...

Page 1119: ...ampening 1 7 Configuring MBGP Route Attributes 1 7 Prerequisites 1 8 Configuring MBGP Route Preferences 1 8 Configuring the Default Local Preference 1 8 Configuring the MED Attribute 1 8 Configuring t...

Page 1120: ...st topology may be different from the unicast topology To meet the requirement the multiprotocol BGP extensions enable BGP to carry the unicast Network Layer Reachability Information NLRI and multicas...

Page 1121: ...eer Group Optional Configuring Outbound MBGP Route Filtering Optional Configuring Inbound MBGP Route Filtering Optional Controlling Route Advertisement and Reception Configuring MBGP Route Dampening C...

Page 1122: ...nd Reception Prerequisites You need to configure MBGP basic functions before configuring this task Configuring MBGP Route Redistribution MBGP can advertise routing information in the local AS to neigh...

Page 1123: ...tocol process id med med value route policy route policy name Required No route redistribution is configured by default Enable default route redistribution into the MBGP routing table default route im...

Page 1124: ...bgp as number Enter IPv4 MBGP address family view ipv4 family multicast Advertise a default route to an MBGP peer or peer group peer group name ip address default route advertise route policy route po...

Page 1125: ...export Reference an IP prefix list to filer route advertisements to an IPv4 MBGP peer peer group peer group name ip address ip prefix ip prefix name export At least one of these approaches is required...

Page 1126: ...iltering is configured by default Specify the maximum number of routes that can be received from an IPv4 MBGP peer peer group peer group name ip address route limit limit percentage Optional The numbe...

Page 1127: ...cy name Optional The default preferences of multicast MBGP eBGP MBGP iBGP and local MBGP routes are 255 255 and 130 respectively Configuring the Default Local Preference Follow these steps to configur...

Page 1128: ...r the peer next hop local command is configured In a third party next hop network that is the local router has two multicast eBGP peers in a broadcast network the router does not specify itself as the...

Page 1129: ...o configure BGP basic functions before configuring this task Configuring MBGP Soft Reset After modifying a route selection policy you have to reset MBGP connections to make it take effect causing shor...

Page 1130: ...iginal routes from a peer peer group regardless of whether they pass the inbound filtering policies peer group name ip address keep all routes Required Not kept by default Return to user view return S...

Page 1131: ...ou need to configure this command For details about the command refer to BGP Commands in the IP Routing Volume Enter MBGP address family view ipv4 family multicast Enable the ORF IP prefix negotiation...

Page 1132: ...ult due to large numbers of MBGP peers You can configure peer groups to make management easier and improve route distribution efficiency Follow these steps to configure an IPv4 MBGP peer group To do U...

Page 1133: ...system view system view Enter BGP view bgp as number Enter IPv4 MBGP address family view ipv4 family multicast Advertise the community attribute to an MBGP peer peer group peer group name ip address...

Page 1134: ...or uses its router ID as the cluster ID z In general it is not required that clients of a route reflector be fully meshed The route reflector forwards routing information between clients If clients ar...

Page 1135: ...ng information matching an MBGP community list display bgp multicast routing table community list basic community list number whole match adv community list number 1 16 Available in any view Display M...

Page 1136: ...multicast flap info regexp as path regexp as path acl as path acl number ip address mask mask length Available in user view MBGP Configuration Example Network requirements As shown in the following f...

Page 1137: ...in the above figure omitted 2 Configure OSPF omitted 3 Enable IP multicast routing PIM SM and IGMP and configure a PIM SM domain border Enable IP multicast routing on Switch A and enable PIM SM on eac...

Page 1138: ...itchA LoopBack0 pim sm SwitchA LoopBack0 quit SwitchA pim SwitchA pim c bsr loopback 0 SwitchA pim c rp loopback 0 SwitchA pim quit Configure Loopback 0 and configure it as the C BSR and C RP on Switc...

Page 1139: ...it 7 Verify the configuration You can use the display bgp multicast peer command to display MBGP peers on a switch For example display MBGP peers on Switch B SwitchB display bgp multicast peer BGP loc...

Page 1140: ...VPN 1 14 Configuration Prerequisites 1 14 Enabling IP Multicast Routing in a VPN Instance 1 14 Configuring a Share Group and an MTI Binding 1 15 Configuring BGP MDT 1 16 Configuration Prerequisites 1...

Page 1141: ...L3VPN Configuration in the MPLS Volume z For details about BGP refer to BGP Configuration in the IP Routing Volume Introduction to MPLS L3VPN Multicast VPN is a technique that implements multicast del...

Page 1142: ...PN environment between any two sites that belong to the same VPN packets are transmitted labeled across the public network The PE device at the entrance to the provider backbone attaches two labels to...

Page 1143: ...ble receivers on the network for that group only those belong to VPN A namely in Site 1 Site 3 or Site 5 can receive the multicast stream The stream is multicast in these sites and in the public netwo...

Page 1144: ...nnel MT An MT is a tunnel that interconnects all PEs in an MD for delivering private network traffic within the MD Multicast tunnel interface MTI An MTI is the entrance to or exit of an MT equivalent...

Page 1145: ...thought of as a private data transmission pool and an MTI can be thought of an entrance exit of the pool The local PE device puts the private data into the transmission pool the MD through the entranc...

Page 1146: ...shed between the public instance interface on a PE device and an interface on the P device across the link z PE PE neighboring relationship PIM neighboring relationship established after a VPN instanc...

Page 1147: ...ng a share MDT is different in these three PIM modes Share MDT establishment in a PIM DM network Figure 1 5 Share MDT establishment in a PIM DM network As shown in Figure 1 5 PIM DM is enabled in the...

Page 1148: ...ated on each device along the path in the public network At the same time PE 2 and PE 3 respectively initiate a similar join process Finally an RPT is established in the MD with the public network RP...

Page 1149: ...ts leaves At the same time PE 2 and PE 3 respectively initiate a similar SPT establishment process Finally three independent SPTs are established in the MD In the PIM SS M network the three independen...

Page 1150: ...across the public network to establish SPTs The following example explains how multicast protocol packets are delivered based on the share MDT while PIM SM is running in both the public network and th...

Page 1151: ...ds the join message 5 When receiving the join message the VPN instance on PE 1 considers that it received the message from the MTI PE 1 creates a local 225 1 1 1 state entry with the downstream interf...

Page 1152: ...nd the VPN instance on PE 1 checks the MVRF If the outgoing interface list of the forwarding entry contains an MTI PE 1 processes the private network multicast data Now the VPN instance on PE 1 consid...

Page 1153: ...nstance and treat each other as a CE device Figure 1 10 VPN instance VPN instance interconnectivity In the VPN instance VPN instance interconnectivity approach a separate MD needs to be established wi...

Page 1154: ...T Peers or Peer Groups Required Configuring BGP MDT Configuring a BGP MDT Route Reflector Optional Configuring MD VPN Configuration Prerequisites Before configuring MD VPN complete the following tasks...

Page 1155: ...e Configuring a Share Group and an MTI Binding By running multiple instances on each PE device you enable the PE device to work for multiple VPNs You need to configure the same share group address for...

Page 1156: ...oup command refer to Service Lookback Commands in the Access Volume z PIM on the MTI interface takes effect only after PIM is enabled on at least one interface of the VPN instance when PIM is disabled...

Page 1157: ...client to client reflection to reduce overloads if the clients have been fully meshed The route reflector and its clients form a cluster In general a cluster has only one route reflector whose router...

Page 1158: ...b the share group address is 239 2 2 2 PE interfaces and VPN instances they belong to z PE 1 VLAN interface 11 and VLAN interface 20 belong to VPN instance a VLAN interface 12 and Loopback 1 belong to...

Page 1159: ...int13 Vlan int14 Vlan int14 Vlan int15 Vlan int15 Vlan int16 Vlan int16 Vlan int17 Vlan int17 Vlan int18 Vlan int18 Vlan int19 Vlan int19 Device Interface IP address Device Interface IP address S 1 10...

Page 1160: ...instance a multicast domain share group 239 1 1 1 binding mtunnel 0 PE1 vpn instance a quit Configure an IP address and enable PIM SM and LDP capability on the public network interface VLAN interface...

Page 1161: ...quit PE1 bgp quit With BGP peers configured on PE 1 the interfaces MTI 0 will automatically obtain an IP address which is the loopback interface address specified in the BGP peer configuration The PI...

Page 1162: ...ticast routing in VPN instance a configure a share group address associate an MTI with the VPN instance PE2 vpn instance a multicast routing enable PE2 vpn instance a multicast domain share group 239...

Page 1163: ...vpnv4 peer 1 1 1 1 group vpn g PE2 bgp af vpnv4 peer 1 1 1 3 group vpn g PE2 bgp af vpnv4 quit PE2 bgp quit With BGP peers configured on PE 2 the interfaces MTI 0 and MTI 1 will automatically obtain...

Page 1164: ...instance a quit Create VPN instance b configure a RD for it and create an egress route and an ingress route for it PE3 ip vpn instance b PE3 vpn instance b route distinguisher 200 1 PE3 vpn instance...

Page 1165: ...interface loopback 2 PE3 LoopBack2 ip binding vpn instance b PE3 LoopBack2 ip address 33 33 33 33 32 PE3 LoopBack2 pim sm PE3 LoopBack2 quit Configure Loopback 2 as a C BSR and a C RP for VPN b PE3 pi...

Page 1166: ...3 rip 2 quit PE3 rip 3 vpn instance b PE3 rip 3 network 10 0 0 0 PE3 rip 3 network 33 0 0 0 PE3 rip 3 import route bgp PE3 rip 3 return 4 Configure P Enable IP multicast routing in the public instance...

Page 1167: ...ce P pim P pim c bsr loopback 1 P pim c rp loopback 1 P pim quit Configure OSPF P ospf 1 P ospf 1 area 0 0 0 0 P ospf 1 area 0 0 0 0 network 2 2 2 2 0 0 0 0 P ospf 1 area 0 0 0 0 network 192 168 0 0 0...

Page 1168: ...dress for VLAN interface 40 and enable IGMP and PIM SM on the interface CEa2 interface vlan interface 40 CEa2 Vlan interface40 ip address 10 110 9 1 24 CEa2 Vlan interface40 igmp enable CEa2 Vlan inte...

Page 1169: ...an interface17 ip address 10 110 5 2 24 CEa3 Vlan interface17 pim sm CEa3 Vlan interface17 quit Configure an IP address for VLAN interface 16 and enable PIM SM on the interface CEa3 interface vlan int...

Page 1170: ...PE2 display multicast domain vpn instance b share group local MD local share group information for VPN Instance b Share group 239 2 2 2 MTunnel address 1 1 1 2 View the local share group information o...

Page 1171: ...ork routes between them z Configure MPLS separately in AS 100 and AS 200 IP multicast routing z Enable IP multicast routing in the public instance on PE 1 PE 2 PE 3 and PE 4 z Enable IP multicast rout...

Page 1172: ...2 168 1 2 24 Vlan int12 10 11 2 1 24 Loop1 1 1 1 3 32 Loop1 1 1 1 1 32 Loop2 22 22 22 22 32 PE 2 Vlan int2 10 10 1 2 24 PE 4 Vlan int4 10 10 2 2 24 Vlan int3 192 168 1 1 24 Vlan int13 10 11 3 1 24 Loo...

Page 1173: ...rt extcommunity PE1 vpn instance b multicast routing enable PE1 vpn instance b multicast domain share group 239 4 4 4 binding mtunnel 1 PE1 vpn instance b quit Configure an IP address and enable PIM S...

Page 1174: ...able PE1 bgp af vpnv4 quit PE1 bgp quit With BGP peers configured on PE 1 the interfaces MTI 0 and MTI 1 will automatically obtain IP addresses which are the loopback interface addresses specified in...

Page 1175: ...mpls ldp PE2 Vlan interface2 quit Configure an IP address and enable PIM SM and MPLS capability on the public network interface VLAN interface 3 PE2 interface vlan interface 3 PE2 Vlan interface3 ip a...

Page 1176: ...pe3 ebgp max hop 255 PE2 bgp peer pe2 pe3 route policy map1 export PE2 bgp peer pe2 pe3 label route capability PE2 bgp peer pe2 pe3 connect interface loopback 1 PE2 bgp peer 1 1 1 3 group pe2 pe3 PE2...

Page 1177: ...nterface 3 PE3 Vlan interface3 ip address 192 168 1 2 24 PE3 Vlan interface3 pim sm PE3 Vlan interface3 mpls PE3 Vlan interface3 quit Configure an IP address for Loopback 1 and enable PIM SM PE3 inter...

Page 1178: ...pe4 connect interface loopback 1 PE3 bgp peer 1 1 1 2 group pe3 pe4 PE3 bgp quit Configure OSPF PE3 ospf 1 PE3 ospf 1 area 0 0 0 0 PE3 ospf 1 area 0 0 0 0 network 1 1 1 3 0 0 0 0 PE3 ospf 1 area 0 0...

Page 1179: ...unity PE4 vpn instance b vpn target 200 1 import extcommunity PE4 vpn instance b multicast routing enable PE4 vpn instance b multicast domain share group 239 4 4 4 binding mtunnel 1 PE4 vpn instance b...

Page 1180: ...bgp b quit PE4 bgp ipv4 family vpnv4 PE4 bgp af vpnv4 peer 1 1 1 1 enable PE4 bgp af vpnv4 quit PE4 bgp quit With BGP peers configured on PE 4 the interfaces MTI 0 and MTI 1 will automatically obtain...

Page 1181: ...m CEa1 Vlan interface11 quit Configure an IP address for Loopback 1 and enable PIM SM CEa1 interface loopback 1 CEa1 LoopBack1 ip address 2 2 2 2 32 CEa1 LoopBack1 pim sm CEa1 LoopBack1 quit Configure...

Page 1182: ...0 ip address 10 11 7 1 24 CEa2 Vlan interface30 igmp enable CEa2 Vlan interface30 pim sm CEa2 Vlan interface30 quit Configure an IP address for VLAN interface 13 and enable PIM SM on the interface CEa...

Page 1183: ...w the share group information of a VPN instance use the display multicast domain vpn instance share group command View the local share group information of VPN instance a on PE 1 PE1 display multicast...

Page 1184: ...n IP address automatically and PIM is enabled on at least one interface of the VPN instance so that PIM can be enabled on the MTI interface PIM adjacencies can be established between the same VPN inst...

Page 1185: ...y establish its MVRF z The customer DR must have a route to the private network RP Solution 1 Use the display pim bsr info command to check whether the BSR information exists in the public instance an...

Page 1186: ...ation Prerequisites 1 15 Enabling IGMP Snooping Querier 1 15 Configuring IGMP Queries and Responses 1 15 Configuring Source IP Address of IGMP Queries 1 17 Configuring IGMP Snooping Proxying 1 17 Conf...

Page 1187: ...P Snooping Proxying Configuration Example 1 33 Troubleshooting IGMP Snooping Configuration 1 35 Switch Fails in Layer 2 Multicast Forwarding 1 35 Configured Multicast Group Policy Fails to Take Effect...

Page 1188: ...IRF it operates as a distributed IRF device For introduction of IRF refer to IRF Configuration in the System Volume IGMP Snooping Overview Internet Group Management Protocol Snooping IGMP snooping is...

Page 1189: ...ing Layer 2 broadcast packets thus saving network bandwidth z Enhancing the security of multicast traffic z Facilitating the implementation of per host accounting Basic Concepts in IGMP Snooping IGMP...

Page 1190: ...ooping enabled switch deems that all its ports on which IGMP general queries with the source IP address other than 0 0 0 0 or PIM hello messages are received are dynamic router ports For details about...

Page 1191: ...namic router port When receiving a membership report A host sends an IGMP report to the IGMP querier in the following circumstances z Upon receiving an IGMP query a multicast group member host respond...

Page 1192: ...the switch discards the IGMP leave message instead of forwarding it to any port z If the forwarding table entry exists and the outgoing port list contains the port the switch forwards the leave messa...

Page 1193: ...iguration in the IP Multicast volume Figure 1 3 Network diagram for IGMP snooping proxying As shown in Figure 1 3 Switch A works as an IGMP Snooping proxy It represents its attached hosts to send memb...

Page 1194: ...d an IGMP snooping switch processes multicast protocol messages differently under different conditions specifically as follows 1 If only IGMP is enabled or both IGMP and PIM are enabled on the switch...

Page 1195: ...erier Optional Configuring IGMP Queries and Responses Optional Configuring IGMP Snooping Querier Configuring Source IP Address of IGMP Queries Optional Enabling IGMP Snooping Proxying Optional Configu...

Page 1196: ...ggregate interface view or port group view z For IGMP snooping configurations made on a Layer 2 aggregate interface do not interfere with configurations made on its member ports nor do they take part...

Page 1197: ...lan vlan id Configure the version of IGMP snooping igmp snooping version version number Optional Version 2 by default If you switch IGMP snooping from version 3 to version 2 the system will clear all...

Page 1198: ...cast group and multicast source addresses Configuring Aging Timers for Dynamic Ports If the switch receives no IGMP general queries or PIM hello messages on a dynamic router port the switch removes th...

Page 1199: ...t a particular multicast source sends to a particular group you can configure static G or S G joining on that port namely configure the port as a group specific or source and group specific static mem...

Page 1200: ...ticast router may deem that no member of this multicast group exists on the network segment and therefore will remove the corresponding forwarding path To avoid this situation from happening you can e...

Page 1201: ...e than one host is attached when one host leaves a multicast group the other hosts attached to the port and interested in the same multicast group will fail to receive multicast data for that group Th...

Page 1202: ...a VLAN where multicast traffic needs to be Layer 2 switched only and no multicast routers are present the Layer 2 switch will act as the IGMP snooping querier to send IGMP queries thus allowing multic...

Page 1203: ...onfigure IGMP queries and responses globally To do Use the command Remarks Enter system view system view Enter IGMP snooping view igmp snooping Configure the maximum response time to IGMP general quer...

Page 1204: ...re the source IP address of IGMP group specific queries igmp snooping special query source ip ip address current interface Optional 0 0 0 0 by default The source address of IGMP query messages may aff...

Page 1205: ...ing policy prepare the following data z ACL rule for multicast group filtering z The maximum number of multicast groups that can pass the ports z 802 1p precedence for IGMP messages Configuring a Mult...

Page 1206: ...an join any valid multicast group Configuring Multicast Source Port Filtering With the multicast source port filtering feature enabled on a port the port can be connected with multicast receivers only...

Page 1207: ...waste and low forwarding efficiency Configuring globally the function of dropping multicast packets Follow these steps to configure globally the function of dropping multicast packets To do Use the co...

Page 1208: ...ckets Currently the S7900E supports processing unknown multicast data packets destined for up to 2000 unknown multicast addresses at a time The switch floods excessive unknown multicast data packets d...

Page 1209: ...arding entries persistent to that port from the IGMP snooping forwarding table and the hosts on this port need to join the multicast groups again z If you have configured static or simulated joins on...

Page 1210: ...ystem view system view interface interface type interface number Enter Ethernet port ONU port Layer 2 aggregate interface view or port group view port group manual port group name Required Use either...

Page 1211: ...e display igmp snooping group vlan vlan id slot slot number verbose Available in any view Display information about IGMP snooping multicast groups on a distributed IRF device display igmp snooping gro...

Page 1212: ...nd Host B accidentally temporarily stop receiving multicast data Figure 1 4 Network diagram for group policy simulated joining configuration Source Router A Switch A Receiver Receiver Host B Host A Ho...

Page 1213: ...cy 2001 vlan 100 SwitchA igmp snooping quit Configure GigabitEthernet 2 0 3 and GigabitEthernet 2 0 4 as simulated hosts for multicast group 224 1 1 1 SwitchA interface gigabitethernet 2 0 3 SwitchA G...

Page 1214: ...member ports for multicast group 224 1 1 1 to enhance the reliability of multicast traffic transmission z Suppose STP runs on the network To avoid data loops the forwarding path from Switch A to Swit...

Page 1215: ...ace and enable IGMP on GigabitEthernet 2 0 1 RouterA system view RouterA multicast routing enable RouterA interface gigabitethernet 2 0 1 RouterA Gigabitethernet2 0 1 igmp enable RouterA Gigabitethern...

Page 1216: ...rough GigabitEthernet 2 0 5 to this VLAN and enable IGMP snooping in the VLAN SwitchC vlan 100 SwitchC vlan100 port gigabitethernet 2 0 1 to gigabitethernet 2 0 5 SwitchC vlan100 igmp snooping enable...

Page 1217: ...MP snooping multicast group information in VLAN 100 on Switch C SwitchC display igmp snooping group vlan 100 verbose Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic por...

Page 1218: ...z To prevent flooding of unknown multicast traffic within the VLAN it is required to configure all the switches to drop unknown multicast data packets z Because a switch does not enlist a port that h...

Page 1219: ...traffic in VLAN 100 SwitchB vlan100 igmp snooping enable SwitchB vlan100 igmp snooping drop unknown SwitchB vlan100 quit Configurations on Switch C and Switch D are similar to the configuration on Swi...

Page 1220: ...ter A IGMP querier Switch A Proxy Querier Receiver Host B Host A Host C 1 1 1 1 24 GE2 0 4 GE2 0 2 GE2 0 3 GE2 0 1 GE2 0 1 10 1 1 1 24 GE2 0 2 1 1 1 2 24 Receiver Configuration procedure 1 Configure I...

Page 1221: ...display igmp group command to display information about IGMP snooping multicast groups and IGMP multicast groups For example Display information about IGMP snooping multicast groups on Switch A Switc...

Page 1222: ...Real VLAN C Copy VLAN Vlan id 100 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port GE2 0 1 D IP group s the following ip group s match to one mac group IP group a...

Page 1223: ...Use the display acl command to check the configured ACL rule Make sure that the ACL rule conforms to the multicast group policy to be implemented 2 Use the display this command in IGMP snooping view...

Page 1224: ...Based Multicast VLAN 1 4 Configuring Port Based Multicast VLAN 1 4 Configuration Prerequisites 1 5 Configuring User Port Attributes 1 5 Configuring Multicast VLAN Ports 1 5 Configuring the Maximum Nu...

Page 1225: ...ograms on demand service the Layer 3 device Router A needs to forward a separate copy of the multicast traffic in each user VLAN to the Layer 2 device Switch A This results in not only waste of networ...

Page 1226: ...n IGMP Snooping manages router ports in the multicast VLAN and member ports in the sub VLANs When forwarding multicast data to Switch A Router A needs to send only one copy of multicast traffic to Swi...

Page 1227: ...LAN tags refer to VLAN Configuration in the Access Volume Multicast VLAN Configuration Task List Complete the following tasks to configure multicast VLAN Task Remarks Configuring Sub VLAN Based Multic...

Page 1228: ...AN must exist and must not be sub VLANs of any other multicast VLAN z The total number of sub VLANs of a multicast VLAN must not exceed the maximum number the system can support an S7900E series Ether...

Page 1229: ...rface interface type interface number Enter interface view or port group view port group manual port group name aggregation agg id Required Use either command Configure the user port link type as hybr...

Page 1230: ...orts in interface view or port group view To do Use this command Remarks Enter system view system view Configure the specified VLAN as a multicast VLAN and enter multicast VLAN view multicast vlan vla...

Page 1231: ...ove excessive entries In this case the system does not automatically remove any existing entries or create new entries Displaying and Maintaining Multicast VLAN To do Use the command Remarks Display i...

Page 1232: ...IP addresses Configure an IP address and subnet mask for each interface as per Figure 1 4 The detailed configuration steps are omitted here 2 Configure Router A Enable IP multicast routing enable PIM...

Page 1233: ...4 Verify the configuration Display information about the multicast VLAN SwitchA display multicast vlan Total 1 multicast vlan s Multicast vlan 10 subvlan list vlan 2 4 port list no port View the IGMP...

Page 1234: ...ip group s match to one mac group IP group address 224 1 1 1 0 0 0 0 224 1 1 1 Host port s total 1 port GE2 0 4 D MAC group s MAC group address 0100 5e01 0101 Host port s total 1 port GE2 0 4 Vlan id...

Page 1235: ...ource sends multicast data to multicast group 224 1 1 1 Host A Host B and Host C are receivers of the multicast group z Configure the port based multicast VLAN feature so that Router A just sends mult...

Page 1236: ...e VLAN 2 as the default VLAN Configure GigabitEthernet 2 0 2 to permit packets of VLAN 2 and VLAN 10 to pass and untag the packets when forwarding them SwitchA interface gigabitethernet 2 0 2 SwitchA...

Page 1237: ...ort S Static port C Copy port Subvlan flags R Real VLAN C Copy VLAN Vlan id 10 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port GE2 0 1 D IP group s the following...

Page 1238: ...Configuring IPv6 Multicast Routing and Forwarding 1 5 Configuration Prerequisites 1 5 Configuring an IPv6 Multicast Routing Policy 1 5 Configuring an IPv6 Multicast Forwarding Range 1 5 Configuring t...

Page 1239: ...X1EA do not support IPv6 features IPv6 Multicast Routing and Forwarding Overview Introduction to IPv6 Multicast Routing and Forwarding In IPv6 multicast implementations multicast routing and forwardin...

Page 1240: ...urce as the destination address and automatically selects the optimal route as the RPF route The outgoing interface in the corresponding routing entry is the RPF interface and the next hop is the RPF...

Page 1241: ...entry into the IPv6 multicast forwarding table with the RPF interface as the incoming interface If the interface on which the packet actually arrived is the RPF interface the RPF check succeeds and th...

Page 1242: ...The RPF check fails and the packet is discarded Configuration Task List Complete these tasks to configure IPv6 multicast routing and forwarding Task Remarks Enabling IPv6 Multicast Routing Optional C...

Page 1243: ...iew system view Configure the device to select the RPF route based on the longest match multicast ipv6 longest match Optional The route with the highest priority is selected as the RPF route by defaul...

Page 1244: ...d value When forwarding IPv6 multicast traffic the router replicates a copy of the IPv6 multicast traffic for each downstream node and forwards the traffic and thus each of these downstream nodes form...

Page 1245: ...r 2 aggregate interface view or port group view interface interface type interface number Required Configurations performed in Ethernet interface view or Layer 2 aggregate interface view take effect f...

Page 1246: ...view Display the information of the IPv6 multicast routing table display multicast ipv6 routing table ipv6 source address prefix length ipv6 group address prefix length incoming interface interface ty...

Page 1247: ...ets but there is no corresponding S G entry in the IPv6 PIM routing table Analysis The multicast ipv6 boundary command is used to filter IPv6 multicast packets received on an interface If an IPv6 mult...

Page 1248: ...14 Configuring MLD Message Options 1 14 Configuring MLD Query and Response Parameters 1 15 Configuring MLD Fast Leave Processing 1 17 Configuring MLD SSM Mapping 1 18 Configuration Prerequisites 1 18...

Page 1249: ...splaying and Maintaining MLD Configuration z MLD Configuration Examples z Troubleshooting MLD MLD Overview The Multicast Listener Discovery protocol MLD is used by an IPv6 router to discover the prese...

Page 1250: ...often referred to as queries So a querier election mechanism is required to determine which router will act as the MLD querier on the subnet 1 Initially every MLD router assumes itself as the querier...

Page 1251: ...ership for G1 Assume it is Host B that sends the report message Upon hearing the report from Host B Host C which is on the same subnet with Host B suppresses its own report for G1 because the MLD rout...

Page 1252: ...up filtering MLDv2 has introduced IPv6 multicast source filtering modes Include and Exclude so that a host can specify a list of IPv6 multicast sources it expect or does not expect IPv6 multicast data...

Page 1253: ...s The router keeps tracing the newly added or deleted IPv6 multicast source z Timers Filter timer the time the router waits before switching to the Include mode after an IPv6 multicast address times o...

Page 1254: ...delay allowed before a host sends a report message Reserved Reserved field and initialized to zero Multicast Address z This field is set to 0 in a general query message z It is set to a specific IPv6...

Page 1255: ...t message Field Description Type 143 Message type For a report message this field is set to 143 Reserved The Reserved fields are set to 0 on transmission and ignored on reception Checksum Standard IPv...

Page 1256: ...st C MLDv2 Receiver As shown in Figure 1 5 on an IPv6 SSM network Host A and Host B are running MLDv1 and Host C is running MLDv2 To provide SSM service for all the hosts while it is infeasible to run...

Page 1257: ...proxy interface is an interface on which MLD proxying is configured It is in the direction toward the root of the multicast forwarding tree An upstream interface acts as a host running MLD therefore...

Page 1258: ...on an Interface Optional Configuring MLD Message Options Optional Configuring MLD Query and Response Parameters Optional Adjusting MLD Performance Configuring MLD Fast Leave Processing Optional Enabli...

Page 1259: ...arks Enter system view system view Enable IPv6 multicast routing multicast ipv6 routing enable Required Disable by default Enter interface view interface interface type interface number Enable MLD mld...

Page 1260: ...re a static member of an IPv6 multicast group or an IPv6 multicast source and group mld static group ipv6 group address source ipv6 source address Required By default an interface is not a static memb...

Page 1261: ...interface can join any valid IPv6 multicast group Configuring the Maximum Number of IPv6 Multicast Groups on an Interface You can configure the allowed maximum number of the IPv6 multicast groups on...

Page 1262: ...the information for all IPv6 multicast sources and groups Therefore a router may receive IPv6 multicast packets addressed to IPv6 multicast groups that have no members on the local subnet In this case...

Page 1263: ...odically sends MLD general queries at the MLD query interval to determine whether any IPv6 multicast group member exists on the network You can modify the query interval based on the actual condition...

Page 1264: ...nfigure the startup query interval startup query interval interval Optional For the system default see Note below Configure the startup query count startup query count value Optional For the system de...

Page 1265: ...uery count is set to the MLD querier robustness variable By default the MLD querier robustness variable is 2 so the startup query count is also 2 z If not statically configured the other querier prese...

Page 1266: ...command Remarks Enter system view system view Enter interface view interface interface type interface number Enable the MLD SSM mapping feature mld ssm mapping enable Required Disabled by default To e...

Page 1267: ...able MLD proxying on the interface in the direction toward the root of the multicast forwarding tree to make the device serve as an MLD proxy Follow these steps to enable MLD proxying To do Use the co...

Page 1268: ...of these MLD proxy devices has been elected as the querier Otherwise duplicate multicast flows may be received on the multi access network Displaying and Maintaining MLD Configuration To do Use the c...

Page 1269: ...efix length Available in user view You cannot use the reset mld group command to clear the MLD multicast group information of static joins The reset mld group port info command cannot clear Layer 2 po...

Page 1270: ...switches Ensure the network layer interoperation among the switches on the IPv6 PIM network and dynamic update of routing information between the switches through a unicast routing protocol The detail...

Page 1271: ...n VLAN interface 200 of Switch B SwitchB display mld interface vlan interface 200 Vlan interface200 FE80 200 5EFF FE66 5100 MLD is enabled Current MLD version is 1 Value of query interval for MLD in s...

Page 1272: ...ed Configure OSPFv3 for interoperability among the switches Ensure the network layer interoperation on the IPv6 PIM SM domain and dynamic update of routing information among the switches through an IP...

Page 1273: ...D SwitchD pim ipv6 SwitchD pim6 c bsr 1003 2 SwitchD pim6 c rp 1003 2 SwitchD pim6 quit 4 Configure the IPv6 SSM group range Configure the IPv6 SSM group range FF3E 64 on Switch D SwitchD acl ipv6 num...

Page 1274: ...table information on Switch D SwitchD display pim ipv6 routing table Total 0 G entry 2 S G entry 1001 1 FF3E 101 Protocol pim ssm Flag UpTime 00 13 25 Upstream interface Vlan interface104 Upstream nei...

Page 1275: ...icast routing on Switch A IPv6 PIM DM on VLAN interface 101 and MLD on VLAN interface 100 SwitchA system view SwitchA multicast ipv6 routing enable SwitchA interface vlan interface 101 SwitchA Vlan in...

Page 1276: ...Router Symptom When a host sends a message for joining IPv6 multicast group G there is no member information of multicast group G on the immediate router Analysis z The correctness of networking and i...

Page 1277: ...Inconsistent Memberships on Routers on the Same Subnet Symptom Different memberships are maintained on different MLD routers on the same subnet Analysis z A router running MLD maintains multiple param...

Page 1278: ...a BSR 1 21 Configuring IPv6 Multicast Source Registration 1 24 Configuring SPT Switchover 1 25 Configuring IPv6 PIM SSM 1 25 IPv6 PIM SSM Configuration Task List 1 25 Configuration Prerequisites 1 26...

Page 1279: ...cast Distribution Tree Correctly 1 46 IPv6 Multicast Data Abnormally Terminated on an Intermediate Router 1 47 RPs Unable to Join SPT in IPv6 PIM SM 1 47 RPT Establishment Failure or Source Registrati...

Page 1280: ...uses an IPv6 unicast routing table to perform reverse path forwarding RPF check to implement IPv6 multicast forwarding Independent of the IPv6 unicast routing protocols running on the device IPv6 mul...

Page 1281: ...ned again z When a new receiver on a previously pruned branch joins an IPv6 multicast group to reduce the join latency IPv6 PIM DM uses the graft mechanism to resume IPv6 multicast data forwarding to...

Page 1282: ...o that IPv6 multicast group down to this node z An S G entry contains the multicast source address S IPv6 multicast group address G outgoing interface list and incoming interface z For a given IPv6 mu...

Page 1283: ...assert mechanism is used to shutoff duplicate IPv6 multicast flows onto the same multi access network where more than one multicast routers exists by electing a unique IPv6 multicast forwarder on the...

Page 1284: ...implement IPv6 multicast forwarding is to build and maintain rendezvous point trees RPTs An RPT is rooted at a router in the IPv6 PIM domain as the common node or rendezvous point RP through which th...

Page 1285: ...connects to IPv6 multicast sources or to receivers The DR at the receiver side sends join messages to the RP the DR at the IPv6 multicast source side sends register messages to the RP z A DR is electe...

Page 1286: ...e configured in an IPv6 PIM SM domain among which an RP is dynamically elected through the bootstrap mechanism Each elected RP serves a different multicast group range For this purpose a bootstrap rou...

Page 1287: ...his algorithm Table 1 1 Values in the hashing algorithm Value Description Value Hash value G The digest from the exclusive or XOR operation between the 32 bit segments of the IPv6 multicast group addr...

Page 1288: ...orm the directly connected DR 2 Upon getting the IPv6 multicast group G s receiver information the DR sends a join message which is hop by hop forwarded to the RP corresponding to the multicast group...

Page 1289: ...cast IPv6 multicast packet down the RPT and sends an S G join message hop by hop toward the IPv6 multicast source Thus the routers along the path from the RP to the IPv6 multicast source form an SPT b...

Page 1290: ...v6 multicast source to establish an SPT between the DR at the source side and the RP Subsequent IPv6 multicast data travels along the established SPT to the RP For details about the SPT switchover ini...

Page 1291: ...receivers know exactly where an IPv6 multicast source is located by means of advertisements consultancy and so on Therefore no RP is needed no RPT is required and is no source registration process is...

Page 1292: ...t and receivers as its leaves This SPT is the transmission channel in IPv6 PIM SSM z If not the IPv6 PIM SM process is followed the DR needs to send a G join message to the RP and an IPv6 multicast so...

Page 1293: ...following data z The interval between state refresh messages z Minimum time to wait before receiving a new refresh message z Hop limit value of state refresh messages z Graft retry period Enabling IPv...

Page 1294: ...ility pim ipv6 state refresh capable Optional Enabled by default Configuring State Refresh Parameters The router directly connected with the multicast source periodically sends state refresh messages...

Page 1295: ...Pv6 PIM DM graft is the only type of message that uses the acknowledgment mechanism In an IPv6 PIM DM domain if a router does not receive a graft ack message from the upstream router within the specif...

Page 1296: ...IPv6 PIM SM complete the following task z Configure any IPv6 unicast routing protocol so that all devices in the domain are interoperable at the network layer Before configuring IPv6 PIM SM prepare th...

Page 1297: ...he multicast ipv6 routing table command see IPv6 Multicast Routing and Forwarding Commands in the IP Multicast Volume Configuring an RP An RP can be manually configured or dynamically elected through...

Page 1298: ...ing you need to configure a legal C RP address range and the range of IPv6 multicast groups to be served on the BSR In addition because every C BSR has a chance to become the BSR you need to configure...

Page 1299: ...distribute the RP Set information within the IPv6 PIM SM domain C RPs must periodically send C RP Adv messages to the BSR The BSR learns the RP Set information from the received messages and encapsul...

Page 1300: ...t from masquerading as a BSR The same configuration needs to be made on all routers in the IPv6 PIM SM domain The following are typical BSR spoofing cases and the corresponding preventive measures 1 S...

Page 1301: ...twork into different IPv6 PIM SM domains Bootstrap messages cannot cross a domain border in either direction Perform the following configuration on routers that can become an IPv6 PIM domain border Fo...

Page 1302: ...the C BSRs Perform the following configuration on C BSR routers Follow these steps to configure C BSR timers To do Use the command Remarks Enter system view system view Enter IPv6 PIM view pim ipv6 C...

Page 1303: ...de DR Upon receiving this message the DR stops sending register messages encapsulated with IPv6 multicast data and starts a register stop timer When the register stop timer expires the DR sends a null...

Page 1304: ...l6 number order order value Optional By default the device switches to the SPT immediately after it receives the first IPv6 multicast packet from the RPT For an S7900E series Ethernet switch once an I...

Page 1305: ...Therefore a router is IPv6 PIM SSM capable after you enable IPv6 PIM SM on it When deploying an IPv6 PIM SM domain you are recommended to enable IPv6 PIM SM on all non border interfaces of routers Fol...

Page 1306: ...ation on all routers in the IPv6 PIM SM domain Follow these steps to configure the IPv6 SSM group range To do Use the command Remarks Enter system view system view Enter IPv6 PIM view pim ipv6 Configu...

Page 1307: ...age Sizes Optional Configuration Prerequisites Before configuring IPv6 PIM common features complete the following tasks z Configure any IPv6 unicast routing protocol so that all devices in the domain...

Page 1308: ...ult z Generally a smaller distance from the filter to the IPv6 multicast source results in a more remarkable filtering effect z This filter works not only on independent IPv6 multicast data but also o...

Page 1309: ...a downstream router is allowed to wait before sending a prune override message When a router receives a prune message from a downstream router it does not perform the prune action immediately instead...

Page 1310: ...ault Configure IPv6 PIM neighbor timeout time pim ipv6 hello option holdtime interval Optional 105 seconds by default Configure the prune message delay time LAN delay pim ipv6 hello option lan delay i...

Page 1311: ...has lost assert election will prune its downstream interface and maintain the assert state for a period of time When the assert state times out the assert loser will resume IPv6 multicast forwarding...

Page 1312: ...time assert interval Optional 180 seconds by default If there are no special networking requirements we recommend that you use the default settings Configuring Join Prune Message Sizes A larger join p...

Page 1313: ...interface number neighbor ipv6 neighbor address verbose Available in any view View IPv6 PIM neighboring information display pim ipv6 neighbor interface interface type interface number ipv6 neighbor a...

Page 1314: ...itch B Vlan int200 2001 1 64 Vlan int101 2002 2 64 Vlan int101 2002 1 64 Vlan int102 3001 2 64 Switch C Vlan int200 2001 2 64 Vlan int102 3001 1 64 Configuration procedure 1 Enable IPv6 forwarding and...

Page 1315: ...terface 101 SwitchD Vlan interface101 pim ipv6 dm SwitchD Vlan interface101 quit SwitchD interface vlan interface 102 SwitchD Vlan interface102 pim ipv6 dm SwitchD Vlan interface102 quit 3 Verify the...

Page 1316: ...G entry FF0E 101 Protocol pim dm Flag WC UpTime 00 01 24 Upstream interface NULL Upstream neighbor NULL RPF prime neighbor NULL Downstream interface s information Total number of downstreams 1 1 Vlan...

Page 1317: ...ect to N2 through their respective VLAN interface 200 and to Switch E through VLAN interface 103 and VLAN interface 104 respectively z Vlan interface 105 on Switch D and Vlan interface 102 on Switch E...

Page 1318: ...M SM on each interface and enable MLD on VLAN interface 100 which connects Switch A to N1 SwitchA system view SwitchA multicast ipv6 routing enable SwitchA interface vlan interface 100 SwitchA Vlan in...

Page 1319: ...ce NbrCnt HelloInt DR Pri DR Address Vlan100 0 30 1 1001 1 local Vlan101 1 30 1 1002 2 Vlan102 1 30 1 1003 2 To view the BSR election information and the locally configured C RP information in effect...

Page 1320: ...n prefix prefix length FF0E 101 64 RP 4002 1 Priority 0 HoldTime 130 Uptime 00 05 19 Expires 00 02 11 RP 1003 2 Priority 0 HoldTime 130 Uptime 00 05 19 Expires 00 02 11 Assume that Host A needs to rec...

Page 1321: ...ormation Total number of downstreams 1 1 Vlan interface100 Protocol pim sm UpTime 00 02 15 Expires 00 03 06 The information on Switch B and Switch C is similar to that on Switch A View the IPv6 PIM mu...

Page 1322: ...The entire PIM domain operates in the SSM mode z Host A and Host C are IPv6 multicast receivers in two stub networks N1 and N2 z Switch D connects to the network that comprises the IPv6 multicast sour...

Page 1323: ...002 2 64 Configuration procedure 1 Enable IPv6 forwarding and configure IPv6 addresses and IPv6 unicast routing Enable IPv6 forwarding on each switch and configure the IPv6 address and prefix length f...

Page 1324: ...guration Use the display pim ipv6 interface command to view the IPv6 PIM configuration and running status on each interface For example View the IPv6 PIM configuration information on Switch A SwitchA...

Page 1325: ...tree cannot be built correctly and clients cannot receive IPv6 multicast data Analysis z An IPv6 PIM routing entry is created based on an IPv6 unicast route whichever IPv6 PIM mode is running Multica...

Page 1326: ...been configured through the multicast ipv6 boundary command any IPv6 multicast packet will be kept from crossing the boundary and therefore no routing entry can be created in the IPv6 PIM routing tabl...

Page 1327: ...lly send advertisement messages to the BSR by unicast If a C RP does not have a route to the BSR the BSR will be unable to receive the advertisements from the C RP and therefore the bootstrap messages...

Page 1328: ...Configuring IPv6 MBGP Route Attributes 1 7 Configuration Prerequisites 1 8 Configuring IPv6 MBGP Route Preferences 1 8 Configuring the Default Local Preference 1 8 Configuring the MED Attribute 1 8 C...

Page 1329: ...uting information for IPv4 only IETF defined multi protocol BGP extensions to carry routing information for multiple network layer protocols For an IPv6 network the IPv6 multicast topology need be dif...

Page 1330: ...figuring IPv6 MBGP Route Dampening Optional Configuring IPv6 MBGP Route Preferences Configuring the Default Local Preference Configuring the MED Attribute Optional Configuring the NEXT_HOP Attribute O...

Page 1331: ...view bgp as number Enter IPv6 MBGP address family view ipv6 family multicast Specify a preferred value for routes received from the IPv6 MBGP peer peer group peer ipv6 group name ipv6 address preferr...

Page 1332: ...ot injected by default Configuring IPv6 MBGP Route Redistribution Follow these steps to configure IPv6 MBGP route redistribution To do Use the command Description Enter system view system view Enter B...

Page 1333: ...name Required Not configured by default Advertising a Default Route to a Peer or Peer Group Follow these steps to advertise a default route to a peer or peer group To do Use the command Remarks Enter...

Page 1334: ...ple filter policies they will be applied in the following order z filter policy export z peer filter policy export z peer as path acl export z peer ipv6 prefix export z peer route policy export A filt...

Page 1335: ...rted from a peer peer group peer ipv6 group name ipv6 address route limit limit percentage Optional The number is unlimited by default A peer can has an inbound route filtering policy different from t...

Page 1336: ...ference values of external internal and local routes are 255 255 and 130 respectively Configuring the Default Local Preference Follow these steps to configure the default local preference To do Use th...

Page 1337: ...a third party next hop network that is the local router has two IPv6 multicast eBGP peers in a broadcast network the router does not specify itself as the next hop of routes sent to the EBGP peers by...

Page 1338: ...ions to make it take effect causing short time disconnections After the route refresh capability is enabled on all IPv6 MBGP routers in a network when a route selection policy is modified on a router...

Page 1339: ...ns manually refresh bgp ipv6 multicast all ipv6 address group ipv6 group name external internal export import Optional Enabling the IPv6 MBGP ORF Capability The BGP Outbound Route Filter ORF feature a...

Page 1340: ...both receive send Required Not supported by default Table 1 1 Description of the both send and receive parameters and the negotiation result Local parameter Peer parameter Negotiation result receive...

Page 1341: ...6 MBGP address family view ipv6 family multicast Enable the configured IPv6 unicast BGP peer group to create the IPv6 MBGP peer group peer ipv6 group name enable Required Add the IPv6 MBGP peer into t...

Page 1342: ...ame export Required Not configured by default z You need to configure a route policy to define the community attribute and apply the policy to outgoing routes z For route policy configuration refer to...

Page 1343: ...icast paths as regular expression Available in any view Display IPv6 MBGP peer peer group information display bgp ipv6 multicast peer ipv6 address verbose Available in any view Display the prefix entr...

Page 1344: ...le in any view Display IPv6 MBGP routing statistics display bgp ipv6 multicast routing table statistic Available in any view Display the IPv6 MBGP routing table information display ipv6 multicast rout...

Page 1345: ...int100 IPv6 MBGP peers IPv6 PIM SM 1 IPv6 PIM SM 2 Device Interface IP address Device Interface IP address Source 1002 100 64 Switch C Vlan int200 3002 1 64 Switch A Vlan int100 1002 1 64 Vlan int102...

Page 1346: ...er on Switch A SwitchA interface vlan interface 101 SwitchA Vlan interface101 pim ipv6 bsr boundary SwitchA Vlan interface101 quit Configure an IPv6 PIM domain border on Switch B SwitchB interface vla...

Page 1347: ...mport route ospfv3 1 SwitchB bgp af ipv6 quit SwitchB bgp ipv6 family multicast SwitchB bgp af ipv6 mul peer 1001 1 enable SwitchB bgp af ipv6 mul import route ospfv3 1 SwitchB bgp af ipv6 mul quit Sw...

Page 1348: ...Prerequisites 1 15 Enabling MLD Snooping Querier 1 15 Configuring MLD Queries and Responses 1 15 Configuring Source IPv6 Addresses of MLD Queries 1 17 Configuring MLD Snooping Proxying 1 17 Configura...

Page 1349: ...ii MLD Snooping Proxying Configuration Example 1 32 Troubleshooting MLD Snooping 1 35 Switch Fails in Layer 2 Multicast Forwarding 1 35 Configured IPv6 Multicast Group Policy Fails to Take Effect 1 36...

Page 1350: ...tributed IRF device For introduction of IRF refer to IRF Configuration in the System Volume z EA boards such as LSQ1GP12EA and LSQ1TGX1EA do not support IPv6 features MLD Snooping Overview Multicast L...

Page 1351: ...Reducing Layer 2 broadcast packets thus saving network bandwidth z Enhancing the security of multicast traffic z Facilitating the implementation of per host accounting Basic Concepts in MLD Snooping M...

Page 1352: ...ynamic ports z On an MLD snooping enabled switch the ports that received MLD general queries with the source address other than 0 0 or IPv6 PIM hello messages are dynamic router ports For details abou...

Page 1353: ...t to the MLD querier in the following circumstances z Upon receiving an MLD query an IPv6 multicast group member host responds with an MLD report z When intended to join an IPv6 multicast group a host...

Page 1354: ...switch does not know whether any other hosts attached to the port are still listening to that IPv6 multicast group address the switch does not immediately remove the port from the outgoing port list...

Page 1355: ...As shown in Figure 1 3 Switch A works as an MLD Snooping proxy As a host from the perspective of the querier Router A Switch A represents its attached hosts to send their membership reports and done...

Page 1356: ...an MLD snooping switch processes IPv6 multicast protocol messages differently under different conditions specifically as follows 1 If only MLD is enabled or both MLD and IPv6 PIM are enabled on the s...

Page 1357: ...Optional Configuring MLD Queries and Responses Optional Configuring MLD Snooping Querier Configuring Source IPv6 Addresses of MLD Queries Optional Enabling MLD Snooping Proxying Optional Configuring M...

Page 1358: ...aggregate interface view or port group view z For MLD snooping configurations made on a Layer 2 aggregate interface do not interfere with configurations made on its member ports nor do they take part...

Page 1359: ...view vlan vlan id Configure the version of MLD snooping mld snooping version version number Optional Version 1 by default If you switch MLD snooping from version 2 to version 1 the system will clear a...

Page 1360: ...lticast group and IPv6 multicast source addresses Configuring Aging Timers for Dynamic Ports If the switch receives no MLD general queries or IPv6 PIM hello messages on a dynamic router port the switc...

Page 1361: ...ata addressed to a particular IPv6 multicast group you can configure that port as a static member port for that IPv6 multicast group You can configure a port of a switch to be a static router port thr...

Page 1362: ...e multicast router will deem that no member of this IPv6 multicast group exists on the network segment and therefore will remove the corresponding forwarding path To avoid this situation from happenin...

Page 1363: ...rt to which more than one host is attached when one host leaves a multicast group the other hosts attached to the port and interested in the same multicast group will fail to receive multicast data fo...

Page 1364: ...tch in a VLAN where multicast traffic needs to be Layer 2 switched only and no Layer 3 multicast devices are present the Layer 2 switch will act as the MLD querier to send periodic MLD queries thus al...

Page 1365: ...es globally Follow these steps to configure MLD queries and responses globally To do Use the command Remarks Enter system view system view Enter MLD snooping view mld snooping Configure the maximum re...

Page 1366: ...address of MLD query messages may affect MLD querier election within the segment Configuring MLD Snooping Proxying Configuration Prerequisites Before configuring MLD snooping proxying in a VLAN enabl...

Page 1367: ...ping policy prepare the following data z IPv6 ACL rule for IPv6 multicast group filtering z The maximum number of IPv6 multicast groups that can pass the ports z 802 1p precedence for MLD messages Con...

Page 1368: ...any valid IPv6 multicast group Configuring IPv6 Multicast Source Port Filtering With the IPv6 multicast source port filtering feature enabled on a port the port can be connected with IPv6 multicast r...

Page 1369: ...s it in the VLAN incurring network bandwidth waste and low forwarding efficiency Enabling dropping IPv6 multicast packets globally Follow these steps to enable dropping IPv6 multicast packets globally...

Page 1370: ...ta packets Currently the S7900E supports processing unknown IPv6 multicast data packets destined for up to 1000 IPv6 unknown multicast addresses at a time The switch floods excessive unknown IPv6 mult...

Page 1371: ...mber of IPv6 multicast groups that can be joined on a port reaches the maximum number configured the system deletes all the forwarding entries persistent to that port from the MLD snooping forwarding...

Page 1372: ...of ports Follow these steps to configure IPv6 multicast group replacement on a port or a group of ports To do Use the command Remarks Enter system view system view interface interface type interface...

Page 1373: ...ed device display mld snooping group vlan vlan id slot slot number verbose Available in any view Display information about MLD Snooping multicast groups on a distributed IRF device display mld snoopin...

Page 1374: ...accidentally temporarily stop receiving IPv6 multicast data Figure 1 4 Network diagram for IPv6 group policy simulated joining configuration Source Router A Switch A Receiver Receiver Host B Host A Ho...

Page 1375: ...group policy 2001 vlan 100 SwitchA mld snooping quit Configure GigabitEthernet 2 0 3 and GigabitEthernet 2 0 4 as simulated hosts for IPv6 multicast group FF1E 101 SwitchA interface gigabitethernet 2...

Page 1376: ...static member ports for multicast group 224 1 1 1 to enhance the reliability of multicast traffic transmission z Suppose STP runs on the network To avoid data loops the forwarding path from Switch A...

Page 1377: ...rface and enable MLD on GigabitEthernet 2 0 1 RouterA system view RouterA multicast ipv6 routing enable RouterA interface gigabitethernet 2 0 1 RouterA GigabitEthernet2 0 1 mld enable RouterA GigabitE...

Page 1378: ...gh GigabitEthernet 2 0 5 to this VLAN and enable MLD snooping in the VLAN SwitchC vlan 100 SwitchC vlan100 port gigabitethernet 2 0 1 to gigabitethernet 2 0 5 SwitchC vlan100 mld snooping enable Switc...

Page 1379: ...splay the detailed MLD snooping multicast group information in VLAN 100 on Switch C SwitchC display mld snooping group vlan 100 verbose Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port...

Page 1380: ...ping is enabled on all the switches Switch A which is close to the multicast sources is chosen as the MLD snooping querier z To prevent flooding of unknown multicast traffic within the VLAN it is requ...

Page 1381: ...vlan100 quit Configurations of Switch C and Switch D are similar to the configuration of Switch B 3 Verify the configuration When the MLD snooping querier starts to work all the switches but the quer...

Page 1382: ...e 1 Configure IPv6 addresses for interfaces Configure an IP address and prefix length for each interface as per Figure 1 7 The configuration steps are out the scope of this document 2 Configure Router...

Page 1383: ...bout MLD snooping multicast groups on Switch A SwitchA display mld snooping group Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Port flags D Dynamic port S Static port C Copy port Subvlan...

Page 1384: ...tal 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 1 port GE2 0 1 D IP group s the following ip group s match to one mac group IP group address FF1E 101 FF1E 101 Host port s...

Page 1385: ...Use the display acl ipv6 command to check the configured IPv6 ACL rule Make sure that the IPv6 ACL rule conforms to the IPv6 multicast group policy to be implemented 2 Use the display this command in...

Page 1386: ...6 Multicast VLAN 1 4 Configuring Port Based IPv6 Multicast VLAN 1 5 Configuration Prerequisites 1 5 Configuring User Port Attributes 1 5 Configuring IPv6 Multicast VLAN Ports 1 6 Configuring the Maxim...

Page 1387: ...ticast VLAN As shown in Figure 1 1 in the traditional IPv6 multicast programs on demand mode when hosts Host A Host B and Host C belonging to different VLANs require IPv6 multicast programs on demand...

Page 1388: ...2 VLAN 3 VLAN 4 Switch A Receiver Host A Receiver Host B Receiver Host C IPv6 Multicast packets VLAN 2 VLAN 3 VLAN 4 VLAN 10 IPv6 Multicast VLAN After the configuration MLD snooping manages router por...

Page 1389: ...fic to all the member ports in the IPv6 multicast VLAN z For information about MLD Snooping router ports and member ports refer to MLD Snooping Configuration in the IP Multicast Volume z For informati...

Page 1390: ...Configure the specified VLAN as an IPv6 multicast VLAN and enter IPv6 multicast VLAN view multicast vlan ipv6 vlan id Required No IPv6 multicast VLAN configured by default Configure the specified VLA...

Page 1391: ...able MLD Snooping in all the user VLANs Configuring User Port Attributes Configure the user ports as hybrid ports to permit packets of the specified user VLAN to pass and configure the user VLAN to wh...

Page 1392: ...n IPv6 multicast VLAN view Follow these steps to configure IPv6 multicast VLAN ports in IPv6 multicast VLAN view To do Use the command Remarks Enter system view system view Configure the specified VLA...

Page 1393: ...warding table for IPv6 multicast VLANs When the number of forwarding entries maintained for the IPv6 multicast VLANs reaches the threshold the device creates no more forwarding entries until some entr...

Page 1394: ...AN 2 through VLAN 4 respectively and Host A through Host C are attached to GigabitEthernet 2 0 2 through GigabitEthernet 2 0 4 of Switch A z The IPv6 multicast source sends IPv6 multicast data to the...

Page 1395: ...SwitchA mld snooping quit Create VLAN 2 and assign GigabitEthernet 2 0 2 to this VLAN SwitchA vlan 2 SwitchA vlan2 port gigabitethernet 2 0 2 SwitchA vlan2 quit The configuration for VLAN 3 and VLAN 4...

Page 1396: ...333 0000 0101 Host port s total 1 port GE2 0 2 Vlan id 3 Total 1 IP Group s Total 1 IP Source s Total 1 MAC Group s Router port s total 0 port IP group s the following ip group s match to one mac grou...

Page 1397: ...itEthernet 2 0 1 and to Switch A through GigabitEthernet 2 0 2 z MLDv1 is required on Router A MLDv1 Snooping is required on Switch A Router A acts as the MLD querier z Switch A s GigabitEthernet 2 0...

Page 1398: ...able IPv6 PIM DM on each interface and enable MLD on the host side interface GigabitEthernet 2 0 2 RouterA system view RouterA multicast ipv6 routing enable RouterA interface gigabitethernet 2 0 1 Rou...

Page 1399: ...similar The detailed configuration steps are omitted Configure VLAN 10 as an IPv6 multicast VLAN SwitchA multicast vlan ipv6 10 Assign GigabitEthernet 2 0 2 and GigabitEthernet 2 0 3 to IPv6 multicast...

Page 1400: ...t GE2 0 1 D IP group s the following ip group s match to one mac group IP group address FF1E 101 FF1E 101 Host port s total 3 port GE2 0 2 D GE2 0 3 D GE2 0 4 D MAC group s MAC group address 3333 0000...

Page 1401: ...E MPLS Basics MPLS integrates both Layer 2 fast switching and Layer 3 routing and forwarding satisfying the networking requirements of various new applications This document describes z MPLS Overview...

Page 1402: ...over public networks This document describes z VPLS Overview z Configuring VPLS Instances z Binding VPLS Instances z Configuring VPLS Attributes MPLS TE Combining the MPLS technology and traffic engi...

Page 1403: ...ge between a MCE and a Site 2 3 Configuring to Use Static Routes between a MCE and a Site 2 3 Configuring to Use RIP between a MCE and a Site 2 4 Configuring to Use OSPF between a MCE and a Site 2 4 C...

Page 1404: ...and convenient support for MPLS QoS and MPLS TE Hence it is widely used The BGP MPLS VPN model consists of three kinds of devices z Customer edge device CE A CE resides on a customer network and has...

Page 1405: ...the ingress LSR the egress PE functions as the egress LSR while P routers function as the transit LSRs You can use S7900E series switches as the CEs in a BGP MPLS VPN implementation BGP MPLS VPN Conce...

Page 1406: ...s the route distinguisher RD route filtering policy and member interface list LFIBs of VPN instances exist on only PEs supporting MPLS No LFIBs of VPN instances exist on MCE capable devices VPN IPv4 a...

Page 1407: ...nt of VPN routing information A VPN instance on a PE supports two types of VPN target attributes z Export target attribute A local PE sets this type of VPN target attribute for VPN IPv4 routes learnt...

Page 1408: ...LAN interface 2 can be bound to VPN 1 and VLAN interface 3 can be bound to VPN 2 When receiving a piece of routing information MCE determines the source of the routing information according to the num...

Page 1409: ...e binding configured on CE and site private network routes of different VPNs can be exchanged between CEs and sites through different RIP processes thus isolating and securing VPN routes OSPF An S7900...

Page 1410: ...o use EBGP to exchange private routes between a CE and a site you need to configure BGP peers for VPN instances on CEs and import IGP routing information from corresponding VPNs Normally sites reside...

Page 1411: ...1 8 z RIP z OSPF z IS IS z EBGP For information on how to configure the routing protocols and how to import routes refer to the IP Routing Volume...

Page 1412: ...is an integration of the VPN membership and routing rules of its corresponding site A VPN instance takes effect only after a route distinguisher RD is configured for it For a VPN instance with the RD...

Page 1413: ...associated with a VPN instance Executing the ip binding vpn instance command invalidates the IP address configured for the current interface so you need to configure an IP address for an interface aga...

Page 1414: ...outes matching the VPN target attribute are permitted z This attribute can be advertised with a route only when BGP runs between the MCE and the PE Otherwise this attribute is of no sense z The VPN ta...

Page 1415: ...gure RIP between a MCE and a site To do Use the command Remarks Enter system view system view Enable RIP for a VPN instance This operation also leads you to RIP view rip process id vpn instance vpn in...

Page 1416: ...figuration on the site you can just enable OSPF as usual Configure the type codes of OSPF extended community attributes ext community type domain id type code1 router id type code2 route type type cod...

Page 1417: ...er enabling IS IS for a VPN instance you need also to configure to use IS IS for routing information exchange Configuring to Use EBGP between a MCE and a Site 1 Configuration on the MCE device Follow...

Page 1418: ...l AS number So do the routes advertised by the site In this case you need to configure to permit the routes with their AS numbers contained in their AS_PATH attributes being the local AS number on MCE...

Page 1419: ...a VPN instance To do Use the command Remarks Enter system view system view ip route static dest address mask mask length gateway address interface type interface number gateway address vpn instance d...

Page 1420: ...the MCE device to the routing table of the PE Follow these steps to enable RIP for a VPN instance To do Use the command Remarks Enter system view system view Enable RIP for a VPN instance and enter R...

Page 1421: ...e maintained by the MCE device to the routing table of the PE In IS IS routes discovered by other routing protocols are external routes While importing routes of other protocols you can specify the de...

Page 1422: ...filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default no filter policy is applied Apply a filter policy for received...

Page 1423: ...tatistic Available in any view Perform a soft reset of the BGP connections in a specified VPN instance refresh bgp vpn instance vpn instance name ip address all external group group name export import...

Page 1424: ...nd advertises all the VPN routes to the PE device using OSPF Network diagram Figure 2 1 Network diagram for MCE configuration A CE Site 1 VPN2 PE PE PE VPN 2 VR2 VPN1 VR1 MCE GE2 0 18 GE2 0 10 Vlan in...

Page 1425: ...responding VLAN interfaces Then bind VLAN 30 to VPN 1 and VLAN 40 to VPN 2 and configure IP addresses of the VLAN interfaces MCE vlan 30 MCE vlan30 quit MCE interface Vlan interface 30 MCE Vlan interf...

Page 1426: ...d advertise the network segments 192 168 10 0 and 10 214 20 0 VR2 system view VR2 rip 20 VR2 rip 20 network 192 168 10 0 VR2 rip 20 network 10 0 0 0 RIP is running within VPN2 so you can configure RIP...

Page 1427: ...are omitted here Configure Loopback0 of MCE and CE to specify the router ID for MCE and PE respectively The IP addresses for Loopback0 of MCE and CE are 101 101 10 1 and 100 100 10 1 respectively Con...

Page 1428: ...he information displayed below verifies the configuration PE display ip routing table vpn instance vpn2 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 6 Routes 6 Destinati...

Page 1429: ...10 1 and 20 1 for both the import and export extended community attribute list MCE system view MCE ip vpn instance vpn1 MCE vpn instance vpn1 route distinguisher 10 1 MCE vpn instance vpn1 vpn target...

Page 1430: ...g vpn instance vpn2 MCE Vlan interface40 ip address 10 214 40 1 30 MCE Vlan interface40 quit z Configure the routing protocol running between MCE and a site The procedure of enabling OSPF in the two V...

Page 1431: ...0 127 0 0 1 InLoop0 172 16 20 0 24 OSPF 10 1 10 100 20 2 Vlan3 z Configure the routing protocol running between MCE and PE The procedure of connecting MCE to PE through trunk ports is similar to that...

Page 1432: ...tion procedures are omitted here Followed is the result of the above configurations PE display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 5 Routes 5 Destination Mask Proto Pre...

Page 1433: ...Configuring PHP 1 18 Configuration Prerequisites 1 18 Configuration Procedure 1 18 Configuring a Static LSP 1 19 Configuration Prerequisites 1 19 Configuration Procedure 1 19 Configuring MPLS LDP 1 20...

Page 1434: ...8 Configuring MPLS Statistics 1 29 Setting the Interval for Reporting Statistics 1 29 Inspecting an MPLS LSP 1 30 Enabling MPLS Trap 1 30 Displaying and Maintaining MPLS 1 31 Resetting LDP Sessions 1...

Page 1435: ...t MPLS TE refer to MPLS TE Configuration in the MPLS Volume z For detailed information about QoS refer to the QoS Volume z The S7900E Series Ethernet Switches are distributed devices supporting Intell...

Page 1436: ...red while a label can only represent a single FEC A label is carried in the header of a packet It does not contain any topology information and is local significant A label is four octets or 32 bits i...

Page 1437: ...ress of the MPLS network to the egress It functions like a virtual circuit in ATM or frame relay Each node of an LSP is an LSR Label distribution protocol A label distribution protocol is a protocol u...

Page 1438: ...t out LIFO stack which is called a label stack A packet with multiple levels of labels can travel along more than one level of LSP tunnel The ingress and egress of each tunnel perform Push and Pop ope...

Page 1439: ...t hop along the LSP 3 After receiving a packet each transit LSR looks up its Label Forwarding Information Base LFIB for the next hop according to the label of the packet swaps the label and then forwa...

Page 1440: ...protocols such as IGPs and BGP LDP only uses the routing information indirectly it has no direct relationship with routing protocols On the other hand existing protocols such as BGP and RSVP can be e...

Page 1441: ...e for establishing LSPs between them managing VPN users and advertising routes among different branches of the same VPN Route advertisement among PEs is usually implemented by LDP or extended BGP MPLS...

Page 1442: ...ore information refer to LDP Label Distribution Currently the S7900E series supports only the DU mode Label distribution control mode There are two label distribution control modes z Independent In th...

Page 1443: ...s the label from the packet and forwards the packet based on the network layer destination address In fact on a relatively simple MPLS application network the label of a packet is useless for the egre...

Page 1444: ...til it reaches the destination router of the LSP where it is forwarded by IP routing Such processing increases the network traffic and the packet forwarding delay For description and configuration of...

Page 1445: ...ng paths directly and further establish LSPs LSPs can be established between both neighboring LSRs and LSRs that are not directly connected making label switching possible at all transit nodes on the...

Page 1446: ...of 1 means that the label space is per interface a label space ID of 0 means that the label space is per platform Currently only per platform label space is supported LDP Label Distribution Figure 1 7...

Page 1447: ...g LSRs periodically announcing its presence This way LSRs can automatically find their peers without manual configuration LDP provides two discovery mechanisms z Basic discovery mechanism The basic di...

Page 1448: ...a label to the FEC and sends the new label binding information to its own upstream LSRs 4 When the ingress LER receives the label binding message it adds an entry in its LFIB Thus an LSP is establishe...

Page 1449: ...stream neighbor based on the split horizon mechanism The LDP label filtering feature allows the LDP protocol to accept and advertise label bindings selectively It provides two filtering mechanisms lab...

Page 1450: ...To support GR a GR device must backup the FECs and label information When an LDP session is GR capable 1 Whenever the GR restarter restarts a GR helper will detect that the related LDP session is down...

Page 1451: ...es z Assigning IP addresses to relevant interfaces z Configuring static routes or an IGP protocol ensuring that LSRs can reach each other at Layer 3 MPLS basic capability can be configured on LSRs eve...

Page 1452: ...VLAN tag 14 bytes for the Ethernet frame header For descriptions of the jumboframe function refer to Ethernet Port Configuration in the Access Volume Configuring PHP Configure PHP on an egress and se...

Page 1453: ...layer label the switch will forward the packet based on the inner layer label otherwise the switch will forward the packet based on the IP address Configuring a Static LSP An LSP can be static or dyn...

Page 1454: ...nt in the routing table you also need to specify the next hop when configuring the static IP route z The value of the next hop addr argument cannot be any local public network IP address z For informa...

Page 1455: ...ns will be deleted z Usually you do not need to configure the LDP LSR ID which defaults to the MPLS LSR ID In some VPN applications for example MPLS L3VPN applications however you need to ensure that...

Page 1456: ...ote peer name Required Configure the remote peer IP address remote ip ip address Required Configure LDP to advertise prefix based labels through a remote session prefix label advertise Optional By def...

Page 1457: ...Static and IGP routes permitted by an IP address prefix list Follow these steps to configure the policy for triggering LSP establishment To do Use the command Remarks Enter system view system view Ent...

Page 1458: ...ing LDP Loop Detection Follow these steps to configure LDP loop detection To do Use the command Remarks Enter system view system view Enable LDP capability globally and enter MPLS LDP view mpls ldp Re...

Page 1459: ...policy accept label peer peer id ip prefix ip prefix name Optional Not configured by default Configure a label advertisement control policy advertise label ip prefix ip prefix name peer peer ip prefi...

Page 1460: ...rations in MPLS LDP view do not affect interfaces bound to VPN instances When configuring the transport address of an LDP instance you need to use the IP address of the interface bound to the VPN inst...

Page 1461: ...out main backup switchover you can restart MPLS LDP gracefully You are not recommended to perform this operation in normal cases Follow these steps to restart MPLS LDP gracefully To do Use the command...

Page 1462: ...VPN packets carry two layers of labels outer and inner for transmission in the public network and private network respectively The LSQ1SRP1CB engine and EA series LPUs have to copy the IP TTL of priva...

Page 1463: ...the TTL of an MPLS packet expires ttl expiration pop Specify that ICMP responses travel along the LSP when the TTL of an MPLS packet expires undo ttl expiration pop Optional Configure one of them as...

Page 1464: ...MPLS trap function enabled trap packets of the notifications level will be generated to report critical MPLS events Such trap packets will be sent to the information center of the device Whether and w...

Page 1465: ...Available in any view Display information about ILM entries On a distributed stacking device display mpls ilm label chassis chassis number slot slot number include text Available in any view Display...

Page 1466: ...cs interface interface type interface number all Available in any view Displaying MPLS LDP Operation To do Use the command Remarks Display information about LDP display mpls ldp all verbose begin excl...

Page 1467: ...t a specified LDP instance display mpls ldp vpn instance vpn instance name begin exclude include regular expression Available in any view Clearing MPLS Statistics To do Use the command Remarks Clear M...

Page 1468: ...it SwitchA ospf 1 quit Configure Switch B Sysname system view Sysname sysname SwitchB SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 SwitchB ospf 1 area 0 0 0 0...

Page 1469: ...the state of Full The following takes Switch A as an example SwitchA display ospf peer verbose OSPF Process 1 with Switch ID 1 1 1 9 Neighbors Area 0 0 0 0 interface 10 1 1 1 Vlan interface10 s neigh...

Page 1470: ...essions have been established or use the display mpls ldp peer command to check the peers The following takes Switch A as an example SwitchA display mpls ldp session LDP Session s in Public Network To...

Page 1471: ...0 3 3 3 9 Remote Peer peerc Example for Configuring LDP to Establish LSPs Network requirements On the network in Figure 1 10 an LSP is required between Switch A and Switch C Check the validity and re...

Page 1472: ...tes press CTRL_C to break Reply from 20 1 1 2 bytes 100 Sequence 1 time 1 ms Reply from 20 1 1 2 bytes 100 Sequence 2 time 1 ms Reply from 20 1 1 2 bytes 100 Sequence 3 time 1 ms Reply from 20 1 1 2 b...

Page 1473: ...peer switchb SwitchA mpls ldp remote switchb remote ip 2 2 2 9 SwitchA mpls ldp remote switchb remote ip bfd SwitchA mpls ldp remote switchb quit SwitchA mpls ldp remote peer switchc SwitchA mpls ldp...

Page 1474: ...id 3 3 3 9 SwitchC mpls SwitchC mpls quit SwitchC mpls ldp SwitchC mpls ldp quit SwitchC mpls ldp remote peer switcha SwitchC mpls ldp remote switcha remote ip 1 1 1 9 SwitchC mpls ldp remote switcha...

Page 1475: ...255 SwitchA ospf 1 area 0 0 0 0 network 13 1 1 1 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 SwitchA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 quit Configure OSPF basic capability on...

Page 1476: ...chB vsi vpna ldp quit SwitchB vsi vpna quit Configure a VSI instance on Switch C SwitchC mpls l2vpn SwitchC vsi vpna static SwitchC vsi vpna pwsignal ldp SwitchC vsi vpna ldp vsi id 100 SwitchC vsi vp...

Page 1477: ...tal 2 connection s connection s 1 up 1 block 0 down VSI Name vpna Signaling ldp VsiID VsiType PeerAddr InLabel OutLabel LinkID VCState 100 vlan 2 2 2 9 134312 138882 1 up 100 vlan 3 3 3 9 134216 14047...

Page 1478: ...aling ldp VsiID VsiType PeerAddr InLabel OutLabel LinkID VCState 100 vlan 2 2 2 9 134312 138882 1 block 100 vlan 3 3 3 9 134216 140476 2 up SwitchA display vpls fib vsi vpna verbose VSI Name vpna VSI...

Page 1479: ...ng Martini MPLS L2VPN 1 9 Configuration Prerequisites 1 9 Configuration Procedure 1 9 Configuring Kompella MPLS L2VPN 1 10 Configuration Prerequisites 1 10 Configuration Procedure 1 11 Configuring an...

Page 1480: ...Frame Relay FR are quite popular They share the network infrastructure of carriers However they have some inherent disadvantages z Dependence on dedicated media To provide both ATM based and FR based...

Page 1481: ...g information of users guaranteeing the security of the user VPN routing information z Support for multiple network layer protocols such as IP IPX and SNA Basic concepts of MPLS L2VPN In MPLS L2VPN th...

Page 1482: ...ol to advertise Layer 2 reachability information and VC labels The following sections describe these implementation methods for MPLS L2VPN in detail CCC MPLS L2VPN Unlike common MPLS L2VPN Circuit Cro...

Page 1483: ...at is the bidirectional virtual connection between VSIs A PW consists of two unidirectional MPLS virtual circuits VCs Martini MPLS L2VPN employs VC type and VC ID to identify a VC The VC type indicate...

Page 1484: ...e some labels for the VPN for future use This wastes some label resources in a short term but can reduce the VPN deployment and configuration workload in the case of expansion Imagine that an enterpri...

Page 1485: ...these encapsulation types z Ethernet z VLAN Configuring a PE Interface Connecting a CE to Use Ethernet z An Ethernet interface can use the encapsulation type of Ethernet For Ethernet interface config...

Page 1486: ...a point to point link for example when the outgoing interface is a VLAN interface you need to specify the IP address of the next hop If not you need to specify the outgoing interface Configuration Pr...

Page 1487: ...used Configuration Prerequisites Before configuring SVC MPLS L2VPN complete these tasks z Configuring IGP on the PEs and P devices to guarantee the IP connectivity of the MPLS backbone z Configuring M...

Page 1488: ...establish a remote session between the two PEs so that VC FECs and VC labels can be transferred through the session Configuration Prerequisites Before configuring Martini MPLS L2VPN complete these ta...

Page 1489: ...D conflicts Configuring Kompella MPLS L2VPN Kompella MPLS L2VPN uses extended BGP as the signaling protocol to transfer L2VPN information between PEs To create a Kompella local connection you only nee...

Page 1490: ...y vpn target Optional Enabled by default Enable the specified peer or peers to exchange BGP routing information of the BGP L2VPN address family peer group name ip address enable Required For informati...

Page 1491: ...do not specify the CE offset the following are true z For the first connection of the CE the CE offset is the value specified by the default offset parameter in the ce command z For any other connect...

Page 1492: ...e inbound Layer 2 Ethernet interfaces and the VLAN tags in the packets In other words only packets that are received on the same Layer 2 Ethernet interface and carry the same VLAN tag are forwarded th...

Page 1493: ...ace type interface number Create a service instance and enter service instance view service instance instance id Required By default no service instance is created Configure a packet matching rule for...

Page 1494: ...onnections display mpls l2vpn connection vpn name vpn name remote ce ce id down up verbose summary interface interface type interface number Available in any view Display information about L2VPN in th...

Page 1495: ...between CE 1 and CE 2 The main steps for configuring a CCC remote connection are z Create remote CCC connections on the PEs No static LSP is required on the PEs z Configure two static LSPs on the P d...

Page 1496: ...using the interface connecting CE 1 as the incoming interface and that connecting the P device as the outgoing interface setting the incoming label to 100 and the outgoing label to 200 PE1 ccc ce1 ce2...

Page 1497: ...igure interface VLAN interface 20 and enable MPLS PE2 interface vlan interface 20 PE2 Vlan interface20 ip address 10 2 2 1 24 PE2 Vlan interface20 mpls PE2 Vlan interface20 quit Create a remote connec...

Page 1498: ...tl 255 time 60 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 10 76 180 ms Example for Configuring SVC MPLS L2VPN Network requirements...

Page 1499: ...ack0 ip address 192 2 2 2 32 PE1 LoopBack0 quit PE1 mpls lsr id 192 2 2 2 PE1 mpls Configure the LSP establishment triggering policy PE1 mpls lsp trigger all PE1 mpls quit Enable MPLS L2VPN and LDP gl...

Page 1500: ...ce P interface vlan interface 20 P Vlan interface20 ip address 10 1 1 2 24 P Vlan interface20 mpls P Vlan interface20 mpls ldp P Vlan interface20 quit Configure the interface connected with PE 2 namel...

Page 1501: ...0 0 0 0 network 10 2 2 1 0 0 0 255 PE2 ospf 1 area 0 0 0 0 network 192 3 3 3 0 0 0 0 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit On the interface connecting CE 2 namely VLAN interface 10 create an SV...

Page 1502: ...ms Reply from 100 1 1 2 bytes 56 Sequence 4 ttl 255 time 140 ms Reply from 100 1 1 2 bytes 56 Sequence 5 ttl 255 time 80 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 p...

Page 1503: ...emote 1 remote ip 192 3 3 3 PE1 mpls ldp remote 1 quit Configure the interface connected with the P device namely VLAN interface 20 and enable LDP on the interface PE1 interface vlan interface 20 PE1...

Page 1504: ...dp P Vlan interface20 quit Configure the interface connected with PE 2 namely VLAN interface 30 and enable LDP on the interface P interface vlan interface 30 P Vlan interface30 ip address 10 2 2 2 24...

Page 1505: ...1 area 0 PE2 ospf 1 area 0 0 0 0 network 192 3 3 3 0 0 0 0 PE2 ospf 1 area 0 0 0 0 network 10 2 2 0 0 0 0 255 PE2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit On the interface connecting CE 2 namely VLAN...

Page 1506: ...1 2 bytes 56 Sequence 5 ttl 255 time 70 ms 100 1 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 30 50 70 ms Example for Configuring Kompella MPL...

Page 1507: ...Sysname system view Sysname sysname PE1 PE1 mpls l2vpn PE1 bgp 100 PE1 bgp peer 4 4 4 4 as number 100 PE1 bgp peer 4 4 4 4 connect interface loopback 0 PE1 bgp l2vpn family PE1 bgp af l2vpn policy vpn...

Page 1508: ...ve configurations you can issue the display mpls l2vpn connection command on the PEs You should see that an L2VPN connection is established between the PEs and the connection is up CE 1 and CE 2 shoul...

Page 1509: ...rface IP address Device Interface IP address CE 1 Vlan int10 100 1 1 1 24 P Loop0 192 4 4 4 32 PE 1 Loop0 192 2 2 2 32 Vlan int23 23 1 1 2 24 Vlan int23 23 1 1 1 24 Vlan int26 26 2 2 2 24 CE 2 Vlan in...

Page 1510: ...tance and then establish an MPLS L2VPN connection PE1 interface gigabitethernet 2 0 1 PE1 GigabitEthernet2 0 1 port access vlan 10 PE1 GigabitEthernet2 0 1 service instance 1000 PE1 GigabitEthernet2 0...

Page 1511: ...Back0 ip address 192 3 3 3 32 PE2 LoopBack0 quit Configure the LSR ID and enable MPLS globally PE2 mpls lsr id 192 3 3 3 PE2 mpls PE2 mpls quit Enable MPLS L2VPN and LDP globally PE2 mpls l2vpn PE2 mp...

Page 1512: ...CE 2 should be able to ping each other Display the L2VPN connection information on PE 1 PE1 display mpls l2vc Total ldp vc 1 1 up 0 down Transport Client Service VC Local Remote Tunnel VC ID Intf ID S...

Page 1513: ...down and the remote VC label is invalid Analysis The reason the VC is down may be that the PEs are configured with different encapsulation types Solution z Check whether the local PE and the peer PE a...

Page 1514: ...26 Configuration Prerequisites 1 26 Configuring a VPN Instance 1 26 Configuring Route Advertisement between PE and CE 1 27 Configuring Route Advertisement Between PEs 1 31 Configuring Routing Features...

Page 1515: ...MPLS L3VPNs 1 47 Example for Configuring Inter Provider VPN Option A 1 55 Example for Configuring Inter Provider VPN Option B 1 60 Example for Configuring Inter Provider VPN Option C 1 65 Example for...

Page 1516: ...MPLS L3VPN Networking Schemes z MPLS L3VPN Routing Information Advertisement z Multi AS VPN z Carrier s Carrier z Nested VPN z HoVPN z OSPF VPN Extension z BGP AS Number Substitution Introduction to M...

Page 1517: ...information of a CE it uses BGP to exchange VPN routing information with other PEs A PE maintains routing information about only VPNs that are directly connected rather than all VPN routing informatio...

Page 1518: ...the route distinguisher RD route filtering policy and member interface list VPN IPv4 address Traditional BGP cannot process VPN routes which have overlapping address spaces If for example both VPN 1 a...

Page 1519: ...information A VPN instance on a PE supports two types of VPN target attributes z Export target attribute A local PE sets this type of VPN target attribute for VPN IPv4 routes learnt from directly conn...

Page 1520: ...the remote PEs Based on layer 1 labels VPN packets can be label switched along the LSPs to the remote PEs z Layer 2 labels Inner labels used for forwarding packets from the remote PEs to the CEs An in...

Page 1521: ...hile that for VPN 2 is 200 1 The two VPN 1 sites can communicate with each other and the two VPN 2 sites can communicate with each other However the VPN 1 sites cannot communicate with the VPN 2 sites...

Page 1522: ...e with each other through the hub site z The import target attribute of any spoke PE is distinct from the export VPN targets of the other spoke PEs Therefore any two spoke PEs can neither directly adv...

Page 1523: ...PLS L3VPN networking the advertisement of VPN routing information involves CEs and PEs A P router maintains only the routes of the backbone and does not need to know any VPN routing information A PE m...

Page 1524: ...sites of a VPN may be connected to multiple ISPs in different ASs or to multiple ASs of an ISP Such an application is called multi AS VPN RFC 2547bis presents three inter provider VPN solutions z VRF...

Page 1525: ...ubinterface for each VPN also calls for higher performance of the PEs Inter provider VPN option B In this kind of solution two ASBRs use MP EBGP to exchange labeled VPN IPv4 routes that they have obta...

Page 1526: ...hed agreement on the route exchange Inter provider VPN option C The above two kinds of solutions can satisfy the needs for inter provider VPNs However they require that the ASBRs maintain and advertis...

Page 1527: ...f the MPLS L3VPN service provider is also a service provider In this case the MPLS L3VPN service provider is called the provider carrier or the Level 1 carrier while the customer is called the custome...

Page 1528: ...VPN routes of the Level 2 carrier but it does not advertise the routes to the PE of the Level 1 carrier it only exchanges the routes with other PEs of the Level 2 carrier A Level 2 carrier can be an o...

Page 1529: ...quest is to implement internal VPN configuration on the service provider s PEs This solution is easy to deploy but it increases the network operation cost and brings issues on management and security...

Page 1530: ...PNv4 routes which carry the comprehensive VPN information to the other PEs of the service provider 4 After another provider PE receives the VPNv4 routes it matches the VPNv4 routes based on its local...

Page 1531: ...ayer to the access layer the performance requirements on the devices reduce while the network expands MPLS L3VPN on the contrary is a plane model where performance requirements are the same for all PE...

Page 1532: ...of its directly connected sites and advertises the labels to the SPE along with VPN routes through MP BGP z An SPE manages and advertises VPN routes It maintains all the routes of the VPNs connected...

Page 1533: ...z HoVPN supports multi level recursion With recursion of HoPEs a VPN can be extended infinitely in theory Figure 1 15 Recursion of HoPEs Figure 1 15 shows a three level HoPE The PE in the middle is ca...

Page 1534: ...he MPLS VPN backbone That is if a VPN site contains an OSPF area 0 the PE connected with the CE must be connected with the area 0 in this VPN site through an area 0 the virtual link can be used for lo...

Page 1535: ...nd a VPN site is connected to multiple PEs when a PE advertises the BGP VPN routes learnt from MPLS BGP to the VPN site through LSAs the LSAs may be received by another PE resulting in a routing loop...

Page 1536: ...istributed into BGP as a VPN IPv4 route A sham link can be configured in any area You need to configure it manually In addition the local VPN instance must have a route to the destination of the sham...

Page 1537: ...ultiple CEs through different interfaces such as PE 2 in Figure 1 18 which connects CE 2 and CE 3 For a multi homed CE that is a CE connected with multiple PEs the BGP AS number substitution function...

Page 1538: ...ite A VPN instance takes effect only after you configure an RD for it Before configuring an RD for a VPN instance you can configure no parameters for the instance other than a description A VPN instan...

Page 1539: ...attribute of the VPN instance associated with the CE z The VPN instance determines which routes it can accept and redistribute according to the import extcommunity in the VPN target z The VPN instance...

Page 1540: ...Remarks Enter system view system view Create a tunneling policy and enter tunneling policy view tunnel policy tunnel policy name Required Specify the priorities of tunnels and the number of tunnels f...

Page 1541: ...ion refer to the related sections in this chapter In configuring MPLS L3VPN the key task is to manage the advertisement of VPN routes on the MPLS backbone and includes the management of route advertis...

Page 1542: ...t between PE and CE Route advertisement between PE and CE can depend on static routes RIP OSPF IS IS or EBGP You may choose one as needed Configuring static routes between PEs and CEs Follow these ste...

Page 1543: ...t start RIP by using the same method for starting a common RIP process z For description and detailed configuration about RIP refer to RIP Configuration in the IP Routing Volume Configuring OSPF betwe...

Page 1544: ...ferent VPNs can be configured with domain IDs as desired The domain ID of an OSPF process is included in the routes generated by the process When an OSPF route is injected into BGP the OSPF domain ID...

Page 1545: ...he local CEs import route protocol process id med med value route policy route policy name Required A PE needs to inject the routes of the local CEs into its VPN routing table so that it can advertise...

Page 1546: ...mport route protocol process id med med value route policy route policy name Optional A CE needs to advertise its routes to the connected PE so that the PE can advertise them to the peer CE z Exchange...

Page 1547: ...dress family Every command in the following table has the same function on BGP routes for each type of the address families Follow these steps to configure common routing features for all types of sub...

Page 1548: ...name ip address capability advertise orf ip prefix both receive send Optional By default the ORF capability is disabled on a BGP peer or peer group Enable VPN target filtering for received VPNv4 route...

Page 1549: ...spath filter number import export Optional By default no AS filtering list is applied to a peer or peer group Specify to advertise all default routes of a VPN instance to a peer or peer group peer gro...

Page 1550: ...in the AS z Configuring basic MPLS capabilities for the MPLS backbones of each AS z Configuring MPLS LDP for the MPLS backbones so that LDP LSPs can be established z Configuring basic MPLS L3VPN for e...

Page 1551: ...Return to system view quit Enter BGP view bgp as number Enter BGP VPNv4 subaddress family view ipv4 family vpnv4 Disable VPN target filtering for VPNv4 routes undo policy vpn target Required By defau...

Page 1552: ...en PEs of different ASs The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes Follow these steps to configure a PE for inter provider VPN option C To do Use the command Remarks En...

Page 1553: ...equired By default the device does not advertise labeled routes to the IPv4 peer peer group Configure the ASBR PE to change the next hop to itself when advertising routes to PEs in the same AS peer gr...

Page 1554: ...with many VPNs if you want to implement layered management of VPNs and to conceal the deployment of internal VPNs nested VPN is a good solution By using nested VPN you can implement layered management...

Page 1555: ...address ranges for sub VPNs of a user VPN cannot overlap z It is not recommended to give nested VPN peers addresses that public network peers use z Before specifying a nested VPN peer or peer group be...

Page 1556: ...resent in the local routing table or not z The default routes of a VPN instance can be advertised to only a BGP peer or peer group that is UPE z It is not recommended to configure the peer default rou...

Page 1557: ...ommand Remarks Enter system view system view Enter BGP view bgp as number Required Enter BGP VPN instance view ipv4 family vpn instance vpn instance name Required Inject direct routes that is loopback...

Page 1558: ...ore configuring BGP AS number substitution complete these tasks z Configuring basic MPLS L3VPN z Configuring CEs at different sites to have the same AS number Configuration Procedure When CEs at diffe...

Page 1559: ...BGP VPNv4 connections reset bgp vpnv4 as number ip address all external internal group group name Available in user view Displaying and Maintaining MPLS L3VPN To do Use the command Remarks Display in...

Page 1560: ...ce vpn instance name peer group name log info ip address log info verbose verbose Available in any view Display the IP prefix information of the ORF packets received from the specified BGP peer displa...

Page 1561: ...ng table network address mask mask length longer prefixes as path acl as path acl number cidr community aa nn 1 13 no export s ubconfed no advertise no export whole match community list basic communit...

Page 1562: ...ce name flap info ip address mask mask length as path acl as path acl number regexp as path regexp Available in user view For commands to display information about a routing table refer to IP Routing...

Page 1563: ...lan int11 172 2 1 2 24 CE 2 Vlan int1 10 2 1 1 24 Vlan int12 10 3 1 2 24 CE 3 Vlan int12 10 3 1 1 24 Vlan int13 10 4 1 2 24 CE 4 Vlan int13 10 4 1 1 24 Configuration procedure 1 Configure IGP on the M...

Page 1564: ...2 ospf 1 area 0 0 0 0 quit PE2 ospf 1 quit After you complete the above configurations OSPF adjacency should be established between PE 1 P and PE 2 Issuing the display ospf peer command you can see th...

Page 1565: ...terface13 mpls ldp PE1 Vlan interface13 quit Configure the P device P mpls lsr id 2 2 2 9 P mpls P mpls quit P mpls ldp P mpls ldp quit P interface vlan interface 13 P Vlan interface13 mpls P Vlan int...

Page 1566: ...gure VPN instances on PEs to allow CEs to access Configure PE 1 PE1 ip vpn instance vpn1 PE1 vpn instance vpn1 route distinguisher 100 1 PE1 vpn instance vpn1 vpn target 111 1 PE1 vpn instance vpn1 qu...

Page 1567: ...stances configured 2 VPN Instance Name RD Create Time vpn1 100 1 2006 08 13 09 32 45 vpn2 100 2 2006 08 13 09 42 59 PE1 ping vpn instance vpn1 10 1 1 1 PING 10 1 1 1 56 data bytes press CTRL_C to brea...

Page 1568: ...E and CE and has reached the state of Established The following takes PE 1 and CE 1 as an example PE1 display bgp vpnv4 vpn instance vpn1 peer BGP local router ID 1 1 1 9 Local AS number 100 Total num...

Page 1569: ...9 NULL0 PE1 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 3 Routes 3 Destination Mask Proto Pre Cost NextHop Interface 10 2 1 0 24 Direct 0 0 10 2 1 2 Vlan12 10 2 1 2 32...

Page 1570: ...CE 2 AS 65001 AS 65002 PE 1 PE 2 ASBR PE 2 ASBR PE 1 MPLS backbone MPLS backbone AS 100 AS 200 Vlan int11 Vlan int11 Vlan int11 Vlan int12 Vlan int12 Vlan int13 Vlan int13 Vlan int12 Vlan int12 Devic...

Page 1571: ...r id 1 1 1 9 PE1 mpls PE1 mpls quit PE1 mpls ldp PE1 mpls ldp quit PE1 interface vlan interface 12 PE1 Vlan interface12 mpls PE1 Vlan interface12 mpls ldp PE1 Vlan interface12 quit Configure MPLS basi...

Page 1572: ...formation 3 Configure VPN instances on PEs to allow CEs to access The VPN targets for the VPN instances of the PEs must match those for the VPN instances of the ASBR PEs in the same AS It is not requi...

Page 1573: ...g the instance to the interface connected with ASBR PE 1 Note that ASBR PE 2 considers ASBR PE 1 its CE ASBR PE2 ip vpn instance vpn1 ASBR PE2 vpn vpn vpn1 route distinguisher 200 1 ASBR PE2 vpn vpn v...

Page 1574: ...PE1 bgp quit Configure ASBR PE 1 ASBR PE1 bgp 100 ASBR PE1 bgp ipv4 family vpn instance vpn1 ASBR PE1 bgp vpn1 peer 192 1 1 2 as number 200 ASBR PE1 bgp vpn1 quit ASBR PE1 bgp peer 1 1 1 9 as number...

Page 1575: ...IS between them z PE 1 and ASBR PE 1 exchange labeled IPv4 routes by MP IBGP z PE 2 and ASBR PE 2 exchange labeled IPv4 routes by MP IBGP z ASBR PE 1 and ASBR PE 2 exchange labeled IPv4 routes by MP E...

Page 1576: ...nd start IS IS on it PE1 interface loopback 0 PE1 LoopBack0 ip address 2 2 2 9 32 PE1 LoopBack0 isis enable 1 PE1 LoopBack0 quit Create VPN instance vpn1 and configure the RD and VPN target attributes...

Page 1577: ...E1 Vlan interface12 ip address 1 1 1 1 255 0 0 0 ASBR PE1 Vlan interface12 isis enable 1 ASBR PE1 Vlan interface12 mpls ASBR PE1 Vlan interface12 mpls ldp ASBR PE1 Vlan interface12 quit Configure inte...

Page 1578: ...PE2 Vlan interface12 ip address 9 1 1 1 255 0 0 0 ASBR PE2 Vlan interface12 isis enable 1 ASBR PE2 Vlan interface12 mpls ASBR PE2 Vlan interface12 mpls ldp ASBR PE2 Vlan interface12 quit Configure int...

Page 1579: ...n interface12 ip address 9 1 1 2 255 0 0 0 PE2 Vlan interface12 isis enable 1 PE2 Vlan interface12 mpls PE2 Vlan interface12 mpls ldp PE2 Vlan interface12 quit Configure interface Loopback 0 and start...

Page 1580: ...the network through PE 1 in AS 100 and Site 2 accesses the network through PE 2 in AS 600 z PEs in the same AS runs IS IS between them z PE 1 and ASBR PE 1 exchange labeled IPv4 routes by MP IBGP z PE...

Page 1581: ...on it PE1 interface loopback 0 PE1 LoopBack0 ip address 2 2 2 9 32 PE1 LoopBack0 isis enable 1 PE1 LoopBack0 quit Create VPN instance vpn1 and configure the RD and VPN target attributes PE1 ip vpn in...

Page 1582: ...gure LSR ID enable MPLS and LDP ASBR PE1 mpls lsr id 3 3 3 9 ASBR PE1 mpls ASBR PE1 mpls label advertise non null ASBR PE1 mpls quit ASBR PE1 mpls ldp ASBR PE1 mpls ldp quit Configure interface VLAN i...

Page 1583: ...capability Specify to use routing policy policy1 to filter routes advertised from EBGP peer 11 0 0 1 ASBR PE1 bgp peer 11 0 0 1 as number 600 ASBR PE1 bgp peer 11 0 0 1 route policy policy1 export Co...

Page 1584: ...nject routes of IS IS process 1 ASBR PE2 bgp 600 ASBR PE2 bgp import route isis 1 Configure the capability to advertise labeled routes to IBGP peer 5 5 5 9 and to receive labeled routes from the peer...

Page 1585: ...inguisher 11 11 PE2 vpn instance vpn1 vpn target 1 1 2 2 3 3 import extcommunity PE2 vpn instance vpn1 vpn target 3 3 export extcommunity PE2 vpn instance vpn1 quit Configure interface Loopback 1 and...

Page 1586: ...2 are devices of the Level 2 carrier and work as CE to access the Level 1 carrier backbone z PE 3 and PE 4 are devices of the Level 2 carrier and work as PE to provide access service for the customers...

Page 1587: ...4 4 4 9 32 Vlan int11 11 1 1 2 24 Vlan int12 30 1 1 2 24 Vlan int12 30 1 1 1 24 Vlan int11 21 1 1 1 24 Configuration procedure 1 Configure MPLS L3VPN on the Level 1 carrier backbone start IS IS as the...

Page 1588: ...that the BGP peer relationship has been established and has reached the state of Established Issuing the display isis peer command you should see that the IS IS neighbor relationship has been set up T...

Page 1589: ...2 mpls ldp PE3 Vlan interface12 mpls ldp transport address interface PE3 Vlan interface12 quit Configure CE 1 CE1 system view CE1 interface loopback 0 CE1 LoopBack0 ip address 2 2 2 9 32 CE1 LoopBack0...

Page 1590: ...0000 0003 00 PE1 isis 2 import route bgp PE1 isis 2 quit PE1 interface vlan interface 11 PE1 Vlan interface11 ip binding vpn instance vpn1 PE1 Vlan interface11 ip address 11 1 1 2 24 PE1 Vlan interfa...

Page 1591: ...nstance vpn1 vpn target 1 1 PE3 vpn instance vpn1 quit PE3 interface vlan interface 11 PE3 Vlan interface11 ip binding vpn instance vpn1 PE3 Vlan interface11 ip address 100 1 1 2 24 PE3 Vlan interface...

Page 1592: ...127 0 0 1 InLoop0 30 1 1 2 32 Direct 0 0 30 1 1 2 Vlan12 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Issuing the display ip routing table vpn instance command o...

Page 1593: ...127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 Issuing the display ip routing table command on PE 3 and PE 4 you should see that the internal routes of the Level 2 carrier network are present in the public...

Page 1594: ...1 1 1 bytes 56 Sequence 1 ttl 252 time 102 ms Reply from 120 1 1 1 bytes 56 Sequence 2 ttl 252 time 69 ms Reply from 120 1 1 1 bytes 56 Sequence 3 ttl 252 time 105 ms Reply from 120 1 1 1 bytes 56 Se...

Page 1595: ...S 200 VPN 1 AS 200 VPN 1 CE 5 AS 65411 SUB_VPN 2 Vlan int13 Vlan int13 CE 4 AS 65420 SUB_VPN 1 Vlan int11 Vlan int11 Device Interface IP address Device Interface IP address CE 1 Loop0 2 2 2 9 32 CE 2...

Page 1596: ...here After completing the configurations above you can execute commands display mpls ldp session display bgp peer and display isis peer respectively on either PE 1 or PE 2 You should see that the LDP...

Page 1597: ...2 quit PE3 interface loopback 0 PE3 LoopBack0 isis enable 2 PE3 LoopBack0 quit PE3 interface vlan interface 12 PE3 Vlan interface12 ip address 10 1 1 1 24 PE3 Vlan interface12 isis enable 2 PE3 Vlan i...

Page 1598: ...get 1 1 PE1 vpn instance vpn1 quit PE1 interface vlan interface11 PE1 Vlan interface11 ip binding vpn instance vpn1 PE1 Vlan interface11 ip address 11 1 1 2 24 PE1 Vlan interface11 mpls PE1 Vlan inter...

Page 1599: ...vpn target 2 1 PE3 vpn instance SUB_VPN1 quit PE3 interface vlan interface 11 PE3 Vlan interface11 ip binding vpn instance SUB_VPN1 PE3 Vlan interface11 ip address 100 1 1 2 24 PE3 Vlan interface11 qu...

Page 1600: ...PE 1 CE1 bgp 200 CE1 bgp ipv4 family vpnv4 CE1 bgp af vpnv4 peer 11 1 1 2 enable Specify to allow the local AS number to appear in the AS PATH attribute of the routes received CE1 bgp af vpnv4 peer 1...

Page 1601: ...ng table command on PE 1 and PE 2 to verify that the public routing tables contain only routes on the service provider network The following takes PE 1 for illustration PE1 display ip routing table Ro...

Page 1602: ...the VPNv4 routing tables on the customer VPN contain internal sub VPN routes The following takes CE 1 for illustration CE1 display bgp vpnv4 all routing table BGP Local router ID is 11 11 11 11 Statu...

Page 1603: ...ntain routes of remote sub VPNs The following takes CE 3 for illustration CE3 display ip routing table Routing Tables Public Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 1...

Page 1604: ...essfully CE5 ping 130 1 1 1 PING 130 1 1 1 56 data bytes press CTRL_C to break Reply from 130 1 1 1 bytes 56 Sequence 1 ttl 252 time 102 ms Reply from 130 1 1 1 bytes 56 Sequence 2 ttl 252 time 69 ms...

Page 1605: ...tches Device Interface IP address Device Interface IP address CE 1 Vlan int12 10 2 1 1 24 CE 3 Vlan int12 10 1 1 1 24 CE 2 Vlan int13 10 4 1 1 24 CE 4 Vlan int13 10 3 1 1 24 UPE 1 Loop0 1 1 1 9 32 UPE...

Page 1606: ...2 both UPE1 vpn instance vpn2 quit UPE1 interface vlan interface 12 UPE1 Vlan interface12 ip binding vpn instance vpn1 UPE1 Vlan interface12 ip address 10 2 1 2 24 UPE1 Vlan interface12 quit UPE1 inte...

Page 1607: ...0 UPE2 Loopback0 ip address 4 4 4 9 32 UPE2 Loopback0 quit UPE2 mpls lsr id 4 4 4 9 UPE2 mpls UPE2 mpls quit UPE2 mpls ldp UPE2 mpls ldp quit UPE2 interface vlan interface 11 UPE2 Vlan interface11 ip...

Page 1608: ...er 3 3 3 9 enable UPE2 bgp af vpnv4 quit UPE2 bgp ipv4 family vpn instance vpn1 UPE2 bgp vpn1 peer 10 1 1 1 as number 65430 UPE2 bgp vpn1 import route direct UPE2 bgp vpn1 quit UPE2 bgp ipv4 family vp...

Page 1609: ...0 network 172 1 1 0 0 0 0 255 SPE1 ospf 1 area 0 0 0 0 network 180 1 1 0 0 0 0 255 SPE1 ospf 1 area 0 0 0 0 quit SPE1 ospf 1 quit Configure VPN instances vpn1 and vpn2 SPE1 ip vpn instance vpn1 SPE1 v...

Page 1610: ...apability and MPLS LDP to establish LDP LSPs SPE2 system view SPE2 interface loopback 0 SPE2 LoopBack0 ip address 3 3 3 9 32 SPE2 LoopBack0 quit SPE2 mpls lsr id 3 3 3 9 SPE2 mpls SPE2 mpls quit SPE2...

Page 1611: ...peer 2 2 2 9 enable SPE2 bgp af vpnv4 peer 4 4 4 9 enable SPE2 bgp af vpnv4 peer 4 4 4 1 9 upe SPE2 bgp af vpnv4 quit SPE2 bgp ipv4 family vpn instance vpn1 SPE2 bgp vpn1 quit SPE2 bgp ipv4 family vpn...

Page 1612: ...ps are omitted After completing the configurations CE 1 and CE 2 should be able to learn the OSPF route to the VLAN interface 1 of each other The following takes CE 1 as an example CE1 display ip rout...

Page 1613: ...E1 ospf 1 area 0 PE1 ospf 1 area 0 0 0 0 network 1 1 1 9 0 0 0 0 PE1 ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 PE1 ospf 1 area 0 0 0 0 quit PE1 ospf 1 quit Configure MPLS basic capability and MPL...

Page 1614: ...interface12 quit PE1 ospf 100 vpn instance vpn1 PE1 ospf 100 domain id 10 PE1 ospf 100 area 1 PE1 ospf 100 area 0 0 0 1 network 100 1 1 0 0 0 0 255 PE1 ospf 100 area 0 0 0 1 quit PE1 ospf 100 quit PE2...

Page 1615: ...F 10 3126 100 1 1 1 Vlan12 4 Configure a sham link Configure PE 1 PE1 interface loopback 1 PE1 LoopBack1 ip binding vpn instance vpn1 PE1 LoopBack1 ip address 3 3 3 3 32 PE1 LoopBack1 quit PE1 ospf 10...

Page 1616: ...2 Vlan11 30 1 1 0 24 OSPF 10 1574 100 1 1 2 Vlan12 100 1 1 0 24 Direct 0 0 100 1 1 1 Vlan12 100 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 120 1 1 0 24 OSPF 10 12 100 1 1 2 Vlan12 127 0 0 0 8 Direct 0 0 1...

Page 1617: ...ackbone to establish LDP LSPs z Establish MP IBGP peer relationship between the PEs to advertise VPN IPv4 routes z Configure the VPN instance of VPN 1 on PE 2 to allow CE 2 to access the network z Con...

Page 1618: ...PE 2 advertises the route to 100 1 1 1 32 and the AS_PATH is 100 600 PE2 terminal monitor PE2 terminal debugging PE2 debugging bgp update vpn instance vpn1 verbose PE2 refresh bgp vpn instance vpn1 a...

Page 1619: ...10 2 1 2 0 0 100 10 2 1 1 32 10 2 1 2 0 0 100 100 1 1 1 32 10 2 1 2 0 100 100 CE2 display ip routing table Routing Tables Public Destinations 9 Routes 9 Destination Mask Proto Pre Cost NextHop Interf...

Page 1620: ...1 105 Reply from 200 1 1 1 bytes 56 Sequence 5 ttl 253 time 70 ms 200 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 66 79 109 ms...

Page 1621: ...Extensions 1 9 Configuring MPLS L2VPN 1 9 Configuring a VPLS Instance 1 10 Configuring an LDP VPLS Instance 1 10 Configuring a BGP VPLS Instance 1 11 Binding the VPLS Instance 1 12 Configuring VPLS A...

Page 1622: ...erview Virtual Private LAN Service VPLS also called Transparent LAN Service TLS or virtual private switched network service can deliver a point to multipoint L2VPN service over public networks With VP...

Page 1623: ...point to multipoint L2VPN service mechanism With QinQ the private network VLAN tags of packets are encapsulated into the public network VLAN tags allowing packets to be transmitted with two layers of...

Page 1624: ...udes two parts z Remote MAC address learning associated with PWs A PW consists of two unidirectional VC LSPs A PW is up only when both of the VC LSPs are up When the inbound VC LSP learns a new MAC ad...

Page 1625: ...a backup link becomes active and a message with the instruction of relearning MAC entries arrives a PE updates the corresponding MAC entries in the FIB table of the VPLS instance and sends the messag...

Page 1626: ...service delimiter for the service provider network to identify the user The tag is called a P Tag z Ethernet access The Ethernet header of a packet upstream from the CE or downstream from the PE does...

Page 1627: ...ket with the MPLS label for the U PW namely the multiplex distinguishing flag and then sends the packet to NPE 1 z When receiving the packet NPE 1 determines which VSI the packet belongs to by the lab...

Page 1628: ...tion MAC address of the packet labels the packet with the VLAN tag Then it forwards the packet through the QinQ tunnel to MTU which in turn forwards the packet to the CE For packets to be exchanged be...

Page 1629: ...List Complete the following tasks to configure VPLS Task Remarks Configuring MPLS Basic Capability Required Configuring Remote LDP Sessions Configuring BGP Extensions Required Choose either Configuri...

Page 1630: ...w these steps to configure BGP extensions To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enter VPLS address family view vpls family Required Activate a peer p...

Page 1631: ...PN implementation the Martini mode uses extended LDP remote LDP sessions as the signaling for transferring PW information Therefore the LDP mode is also called the Martini mode 3 Specify the ID of the...

Page 1632: ...class name Required Enable the PW switchback function and set the switchback delay time dual npe revertive wtr time wtr time Optional Disabled by default Configuring a BGP VPLS Instance Configuration...

Page 1633: ...g the VPLS instance Configuration procedure To bind a Layer 2 Ethernet interface and one or more VLANs with a VPLS instance you need to create a service instance on the Layer 2 Ethernet interface conf...

Page 1634: ...sulation type of the VPLS instance encapsulation bgp vpls ethernet vlan Optional vlan by default which corresponds to the VSI PW encapsulation type of tagged Set the description of the VPLS instance d...

Page 1635: ...Available in any view Display information about one or all PW class templates display pw class pw class name Available in any view Clear the MAC address table of one or all VPLS instances reset mac ad...

Page 1636: ...p quit Configure PE 1 to establish an LDP remote session with PE 2 PE1 mpls ldp remote peer 1 PE1 mpls ldp remote 1 remote ip 3 3 3 9 PE1 mpls ldp remote 1 quit Configure the interface connected with...

Page 1637: ...g CE 1 create service instance 1000 to bind the interface and VLAN 100 with VPLS instance aaa and create service instance 2000 to bind the interface and VLAN 200 with VPLS instance bbb PE1 interface g...

Page 1638: ...0 network 26 2 2 2 0 0 0 255 P ospf 1 area 0 0 0 0 network 2 2 2 9 0 0 0 0 P ospf 1 area 0 0 0 0 quit 3 Configure PE 2 Sysname system view Sysname sysname PE2 PE2 interface loopback 0 PE2 LoopBack0 ip...

Page 1639: ...stance bbb which uses BGP PE2 vsi bbb auto PE2 vsi bbb pwsignal bgp PE2 vsi bbb bgp route distinguisher 100 1 PE2 vsi bbb bgp vpn target 111 1 PE2 vsi bbb bgp site 11 range 12 PE2 vsi bbb bgp quit PE2...

Page 1640: ...PW is required between NPE 1 and NPE 3 CE 3 accesses the network through NPE 3 z CE 1 and CE 3 access the UPE and NPE3 through interface GigabitEthernet 2 0 1 respectively and send the packet of VLAN...

Page 1641: ...LS L2VPN UPE mpls l2vpn Configure the basic attributes of VPLS instance aaa which uses LDP UPE vsi aaa static UPE vsi aaa pwsignal ldp UPE vsi aaa ldp vsi id 500 UPE vsi aaa ldp peer 2 2 2 9 UPE vsi a...

Page 1642: ...s ldp remote peer 2 NPE1 mpls remote 2 remote ip 1 1 1 9 NPE1 mpls remote 2 quit Configure the remote LDP session with NPE 3 NPE1 mpls ldp remote peer 3 NPE1 mpls remote 3 remote ip 3 3 3 9 NPE1 mpls...

Page 1643: ...ance 1000 NPE3 GigabitEthernet2 0 1 srv1000 encapsulation s vid 100 NPE3 GigabitEthernet2 0 1 srv1000 xconnect vsi aaa NPE3 GigabitEthernet2 0 1 srv1000 quit After completing the above configurations...

Page 1644: ...LoopBack0 quit UPE mpls lsr id 1 1 1 1 UPE mpls UPE mpls quit UPE mpls ldp UPE mpls ldp quit Configure MPLS basic capability on the interface connected with NPE 1 UPE interface vlan interface 12 UPE V...

Page 1645: ...mpls ldp UPE Vlan interface13 quit On the interface connected with CE 1 that is GigabitEthernet 2 0 1 create a service instance and bind the L2VPN UPE interface gigabitethernet 2 0 1 UPE GigabitEthern...

Page 1646: ...2 remote ip 1 1 1 1 NPE1 mpls remote 2 quit Configure the remote LDP session with NPE 3 NPE1 mpls ldp remote peer 3 NPE1 mpls remote 3 remote ip 4 4 4 4 NPE1 mpls remote 3 quit Configure MPLS L2VPN N...

Page 1647: ...on of VLAN interface 15 and VLAN interface 16 is similar to the configuration of VLAN interface 12 and VLAN interface 13 on UPE The configuration procedure is omitted After completing the above config...

Page 1648: ...with Dynamic Signaling Protocol 1 17 Configuration Prerequisites 1 17 Configuration Procedure 1 17 Configuring RSVP TE Advanced Features 1 21 Configuration Prerequisites 1 21 Configuration Procedure 1...

Page 1649: ...Examples 1 40 MPLS TE Using Static CR LSP Configuration Example 1 40 MPLS TE Using RSVP TE Configuration Example 1 44 RSVP TE GR Configuration Example 1 50 CR LSP Backup Configuration Example 1 53 FRR...

Page 1650: ...R LSP z RSVP TE z Traffic Forwarding z CR LSP Backup z Fast Reroute z DiffServ Aware TE z Protocols and Standards Traffic Engineering and MPLS TE Traffic engineering Network congestion is one of the m...

Page 1651: ...traffic engineering for the following z MPLS supports explicit LSP routing z LSP routing is easy to manage and maintain compared with traditional packet by packet IP forwarding z Constraint based Rout...

Page 1652: ...e the shortest path to each network node In MPLS TE the Constraint based Shortest Path First CSPF algorithm is used It is derived from SPF and makes calculation based on two conditions z Constraints o...

Page 1653: ...aking preemption decision Both setup and holding priorities range from 0 to 7 with a lower numerical number indicating a higher priority For a new path to preempt an existing path the setup priority o...

Page 1654: ...RSVP is designed for IntServ It reserves resources on each node along a path RSVP operates at the transport layer but does not participate in data transmission It is an Internet control protocol simil...

Page 1655: ...h Figure 1 1 Diagram for make before break Figure 1 1 presents a scenario where a path Router A Router B Router C Router D is established with 30 Mbps reserved bandwidth between Router A and Router D...

Page 1656: ...abel bindings but also routing constraints supporting CR LSP and FRR z New objects added to the Path message include LABEL_REQUEST EXPLICIT_ROUTE RECORD_ROUTE and SESSION_ATTRIBUTE z New objects added...

Page 1657: ...hat the interface resends the message at an exponentially increased retransmission interval equivalent to 1 Delta Rf seconds 2 Summary refresh extension Send summary refreshes Srefreshes rather than r...

Page 1658: ...GR helper and the GR restarter reestablish a Hello session before the restart timer expires the recovery timer is started and signaling packet exchanging is triggered to restore the original soft sta...

Page 1659: ...o known as autoroute announce considers a TE tunnel as a logical interface directly connected to the destination when computing IGP routes on the ingress of the TE tunnel IGP shortcut and forwarding a...

Page 1660: ...SP is created immediately after a primary CR LSP is created MPLS TE switches traffic to the secondary CR LSP after the primary CR LSP fails z Standard backup where a secondary CR LSP is created to tak...

Page 1661: ...s LSP As shown in Figure 1 5 the primary LSP is Router A Router B Router C Router D Router E and the bypass LSP is Router B Router F Router D Router C is the protected device Figure 1 5 FRR node prote...

Page 1662: ...e class level For traffic trunks which are distinguished by class of service this means varied bandwidth constraints Essentially what DS TE does is to map traffic trunks with LSPs making each traffic...

Page 1663: ...ters Optional Configuring CR LSP Backup Optional Configuring FRR Optional Configuring MPLS TE Basic Capabilities MPLS TE basic capabilities are essential to MPLS TE feature configurations After config...

Page 1664: ...ses the basic capabilities you configured in this section may be inadequate for the tunnel to work and you may need to make extra configurations z For information about tunnel interfaces refer to Tunn...

Page 1665: ...ddr out label out label value bandwidth bc0 bc1 bandwidth value Create a static CR LSP on your device depending on its location in the network At the egress static cr lsp egress tunnel name incoming i...

Page 1666: ...the IGP TE extension is not configured the CR LSP is created based on IGP routing rather than computed by CSPF Configuration Prerequisites Before making the configuration do the following z Configure...

Page 1667: ...d by default Enter OSPF area view area area id Required Enable MPLS TE in the OSPF area mpls te enable Required Disabled by default Exit to OSPF view quit z For more information about OSPF opaque LSA...

Page 1668: ...wide wide compatible compatible narrow compatible relax spf limit Required By default IS IS uses narrow metric style Enable IS IS TE traffic eng level 1 level 2 level 1 2 Required Disabled by default...

Page 1669: ...hop is a strict node by default Repeat this step to define a sequential set of the hops that the explicit path traverses Modify the IP address of current node on the explicit path modify hop ip addres...

Page 1670: ...t tunnel configuration mpls te commit Required To use RSVP TE as the signaling protocol for setting up the MPLS TE tunnel you must enable both MPLS TE and RSVP TE on the interface for the tunnel to us...

Page 1671: ...s are reserved for senders on the same session and shared among them Follow these steps to configure RSVP reservation style To do Use the command Remarks Enter system view system view Enter MPLS TE tu...

Page 1672: ...ing summary refreshes Follow these steps to configure RSVP refreshing mechanism To do Use the command Remarks Enter system view system view Enter interface view of MPLS TE link interface interface typ...

Page 1673: ...e resource reservation confirmation mpls rsvp te resvconfirm Required Disabled by default z Reservation confirmation is initiated by the receiver which sends the Resv message with an object requesting...

Page 1674: ...s Enable global RSVP hello extension mpls rsvp te hello Required Disabled by default Enable MPLS RSVP TE GR mpls rsvp te graceful restart Required Disabled by default Set the RSVP TE GR restart timer...

Page 1675: ...ive group and affinity attribute The affinity attribute of an MPLS TE tunnel identifies the properties of the links that the tunnel can use Together with the link administrative group it decides which...

Page 1676: ...red Configuring CR LSP reoptimization Dynamic CR LSP optimization involves periodic calculation of paths that traffic trunks should traverse If a better route is found for an existing CR LSP a new CR...

Page 1677: ...tunnel interface view interface tunnel tunnel number Enable the system to perform loop detection when setting up a tunnel mpls te loop detection Required Disabled by default Submit current tunnel conf...

Page 1678: ...igned to paths for MPLS TE to make preemption decision For a new path to preempt an existing path the setup priority of the new path must be greater than the holding priority of the existing path To a...

Page 1679: ...ugh automatic route advertisement Two approaches IGP shortcut and forwarding adjacency are available to automatic route advertisement to advertise MPLS TE tunnel interface routes to IGPs allowing traf...

Page 1680: ...F view ospf process id Enable the IGP shortcut function enable traffic adjustment Required Disabled by default 2 Configure forwarding adjacency You need to create a bi directional MPLS TE tunnel and e...

Page 1681: ...failed link timer z Configuring the link metric used for routing a tunnel z Configuring the traffic flow type of a tunnel Configuring the failed link timer A CSPF failed link timer starts once a link...

Page 1682: ...nk mpls te metric value Optional If no TE metric is assigned to the link IGP metric is used as the TE metric by default z The metric type configured in MPLS TE tunnel interface view takes priority ove...

Page 1683: ...atically You do not need to configure them Configuring FRR As mentioned earlier Fast Reroute FRR provides quick but temporary per link or per node local protection on an LSP FRR uses bypass tunnels to...

Page 1684: ...it current tunnel configuration mpls te commit Required Configuring a bypass tunnel on its PLR After a tunnel is specified to protect an interface its corresponding LSP becomes a bypass LSP Setting up...

Page 1685: ...of the outgoing interface of the protected LSP interface interface type interface number Bind the bypass tunnel with the protected interface mpls te fast reroute bypass tunnel tunnel tunnel number Req...

Page 1686: ...onfigure cooperation of MPLS RSVP TE and BFD To do Use the command Remarks Enter system view system view Enter view of the interface enabled with MPLS RSVP TE interface interface type interface number...

Page 1687: ...umber begin exclude include regular expression Available in any view Display information about RSVP requests display mpls rsvp te request interface interface type interface number begin exclude includ...

Page 1688: ...el name Available in any view Display tunnel statistics display mpls te tunnel statistics Available in any view Display statistics about MPLS TE tunnels display mpls te tunnel interface tunnel number...

Page 1689: ...ork requirements z Switch A Switch B and Switch C run IS IS z Establish a TE tunnel using a static CR LSP between Switch A and Switch C Figure 1 6 Set up MPLS TE tunnels using static CR LSPs Loop0 2 2...

Page 1690: ...it SwitchC interface vlan interface 2 SwitchC Vlan interface2 isis enable 1 SwitchC Vlan interface2 quit SwitchC interface loopback 0 SwitchC LoopBack0 isis enable 1 SwitchC LoopBack0 quit Perform the...

Page 1691: ...mpls lsr id 3 3 3 3 SwitchC mpls SwitchC mpls mpls te SwitchC mpls quit SwitchC interface vlan interface 2 SwitchC Vlan interface2 mpls SwitchC Vlan interface2 mpls te SwitchC Vlan interface2 quit 4 C...

Page 1692: ...h Discards 0 100 0 Output queue Protocol queuing Size Length Discards 0 500 0 Output queue FIFO queuing Size Length Discards 0 75 0 Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds ou...

Page 1693: ...l0 30 NULL Vlan2 Up On an MPLS TE tunnel configured using a static CR LSP traffic is forwarded directly based on label at the transit nodes and egress node Therefore it is normal that the FEC field in...

Page 1694: ...with LSR IDs as destinations Configure Switch A SwitchA system view SwitchA isis 1 SwitchA isis 1 network entity 00 0005 0000 0000 0001 00 SwitchA isis 1 quit SwitchA interface vlan interface 1 Switc...

Page 1695: ...k0 isis circuit level level 2 SwitchC LoopBack0 quit Configure Switch D SwitchD system view SwitchD isis 1 SwitchD isis 1 network entity 00 0005 0000 0000 0004 00 SwitchD isis 1 quit SwitchD interface...

Page 1696: ...terface1 mpls rsvp te SwitchA Vlan interface1 quit Configure Switch B SwitchB mpls lsr id 2 2 2 9 SwitchB mpls SwitchB mpls mpls te SwitchB mpls mpls rsvp te SwitchB mpls mpls te cspf SwitchB mpls qui...

Page 1697: ...interface3 mpls rsvp te SwitchD Vlan interface3 quit 4 Configure IS IS TE Configure Switch A SwitchA isis 1 SwitchA isis 1 cost style wide SwitchA isis 1 traffic eng level 2 SwitchA isis 1 quit Config...

Page 1698: ...4 4 9 Tunnel protocol transport CR_LSP Last 300 seconds input 0 bytes sec 0 packets sec Last 300 seconds output 0 bytes sec 0 packets sec 0 packets input 0 bytes 0 input error 0 packets output 0 bytes...

Page 1699: ...k Number 6 Id MPLS LSR Id IGP Process Id Area Link Count 1 3 3 3 9 ISIS 1 Level 2 2 2 2 2 2 9 ISIS 1 Level 2 2 3 4 4 4 9 ISIS 1 Level 2 1 4 1 1 1 9 ISIS 1 Level 2 1 7 Create a static route for routing...

Page 1700: ...erface 1 SwitchA Vlan interface1 mpls SwitchA Vlan interface1 mpls te SwitchA Vlan interface1 mpls rsvp te SwitchA Vlan interface1 mpls rsvp te hello SwitchA Vlan interface1 quit Configure Switch B Sw...

Page 1701: ...e RSVP TE GR Configure Switch A SwitchA system view SwitchA mpls SwitchA mpls mpls rsvp te graceful restart Configure Switch B SwitchB system view SwitchB mpls SwitchB mpls mpls rsvp te graceful resta...

Page 1702: ...2 2 9 32 Switch C Loop0 3 3 3 9 32 Vlan int1 10 1 1 2 24 Vlan int2 20 1 1 2 24 Vlan int2 20 1 1 1 24 Vlan int3 40 1 1 2 24 Configuration procedure 1 Assign IP addresses and masks to interfaces see Fig...

Page 1703: ...ion 3 3 3 9 SwitchA Tunnel1 mpls te tunnel id 10 Enable hot LSP backup SwitchA Tunnel1 mpls te backup hot standby SwitchA Tunnel1 mpls te commit SwitchA Tunnel1 quit Perform the display interface tunn...

Page 1704: ...1 1 Hop 1 30 1 1 2 Hop 2 4 4 4 9 Hop 3 40 1 1 1 Hop 4 40 1 1 2 Hop 5 3 3 3 9 Perform the tracert command to draw the picture of the path that a packet must travel to reach the tunnel destination Swit...

Page 1705: ...Switch D use FRR to protect the link Switch B Switch C and use BFD to detect the status of link Switch B Switch C Do the following z Create a bypass LSP that traverses the path Switch B Switch E Swit...

Page 1706: ...oop0 2 2 2 2 32 ISIS 15 10 2 1 1 2 Vlan1 3 1 1 0 24 ISIS 15 20 2 1 1 2 Vlan1 3 2 1 0 24 ISIS 15 20 2 1 1 2 Vlan1 3 3 1 0 24 ISIS 15 30 2 1 1 2 Vlan1 3 3 3 3 32 ISIS 15 20 2 1 1 2 Vlan1 4 1 1 0 24 ISIS...

Page 1707: ...h A and configurations on Switch C are similar to those on Switch B 4 Create an MPLS TE tunnel on Switch A the headend of the primary LSP Create an explicit path for the primary LSP SwitchA explicit p...

Page 1708: ...ommand on Switch A to verify the configuration of the tunnel interface SwitchA display mpls te tunnel interface Tunnel Name Tunnel4 Tunnel Desc Tunnel4 Interface Tunnel State Desc CR LSP is Up Tunnel...

Page 1709: ...15 SwitchB Tunnel5 mpls te path explicit path by path preference 1 Configure the bandwidth that the bypass tunnel protects SwitchB Tunnel5 mpls te backup bandwidth 10000 SwitchB Tunnel5 mpls te commi...

Page 1710: ...d Destination In Out If Name 1 1 1 1 1 4 4 4 4 Vlan1 Tunnel4 SwitchB display mpls te tunnel LSP Id Destination In Out If Name 1 1 1 1 1 4 4 4 4 Vlan1 Vlan2 Tunnel4 2 2 2 2 1 3 3 3 3 Vlan4 Tunnel5 Swit...

Page 1711: ...pe Ingress Bypass In Use Not Exists BypassTunnel Tunnel Index Mpls Mtu 1500 6 Verify the FRR function Shut down the protected outgoing interface on PLR SwitchB interface vlan interface 2 SwitchB Vlan...

Page 1712: ...e Pinning Disabled Retry Limit 5 Retry Interval 10 sec Reopt Disabled Reopt Freq Back Up Type None Back Up LSPID Auto BW Disabled Auto BW Freq Min BW Max BW Current Collected BW Interfaces Protected V...

Page 1713: ...icy Disabled Tunnel Group Primary Primary Tunnel Backup Tunnel Group Status Oam Status Up If you perform the display mpls te tunnel interface command immediately after an FRR protection switch you are...

Page 1714: ...hB mpls quit Bring the protected outgoing interface up on PLR SwitchB interface vlan interface 2 SwitchB Vlan interface2 undo shutdown Sep 7 09 01 31 2004 SwitchB IFNET 5 UPDOWN Line protocol on the i...

Page 1715: ...lication in VPN Configuration procedure 1 Configure OSPF ensuring that PE 1 and PE 2 can learn LSR ID routes from each other Configure PE 1 PE1 system view PE1 interface loopback 0 PE1 LoopBack0 ip ad...

Page 1716: ...lan interface2 s neighbors Router ID 3 3 3 3 Address 10 0 0 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR None BDR None Dead timer due in 30 sec Neighbor is up for 00 01 00 Authenticat...

Page 1717: ...mpls te cspf PE2 mpls quit PE2 interface vlan interface 2 PE2 Vlan interface2 mpls te PE2 Vlan interface2 quit PE2 ospf PE2 ospf 1 opaque capability enable PE2 ospf 1 area 0 PE2 ospf 1 area 0 0 0 0 m...

Page 1718: ...on each PE and bind it to the interface connected to the CE Configure on CE 1 CE1 interface vlan interface 1 CE1 Vlan interface1 ip address 192 168 1 2 255 255 255 0 CE1 Vlan interface1 quit Configur...

Page 1719: ...ctivity For example ping CE 1 on PE 1 PE1 ping vpn instance vpn1 192 168 1 2 PING 192 168 1 2 56 data bytes press CTRL_C to break Reply from 192 168 1 2 bytes 56 Sequence 1 ttl 255 time 47 ms Reply fr...

Page 1720: ...n see that the BGP peer relationships have been formed between PEs and between PEs and CEs and have reached the established state Take PE 1 for example PE1 bgp display bgp peer BGP local router ID 2 2...

Page 1721: ...s 192 168 1 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 35 48 74 ms The sample output shows that CE 1 and CE 2 can reach each other 7 Verify th...

Page 1722: ...POP Perform the display interface tunnel command on PE 1 You can see that traffic is being forwarded along the CR LSP of the TE tunnel PE1 display interface tunnel 1 Tunnel1 current state UP Line prot...

Page 1723: ...OSPF neighbor must reach the FULL state Solution 1 Perform the display current configuration command to check that MPLS TE is configured on involved interfaces 2 Perform the debugging ospf mpls te co...

Page 1724: ...scribes z QoS overview z QoS policy configuration z Priority mapping configuration z Traffic policing Configuration z Traffic shaping Configuration z Line rate configuration z Congestion management z...

Page 1725: ...iew 3 1 Introduction to Priority Mapping 3 1 Priority Mapping Tables 3 1 Priority Trust Mode on a Port 3 2 Priority Mapping Procedure 3 2 Priority Mapping Configuration Tasks 3 3 Configuring Priority...

Page 1726: ...WRED Configuration Approaches 6 2 Introduction to WRED Parameters 6 2 Configuring WRED on an Interface 6 2 Configuration Procedure 6 3 Configuration Example 6 3 Displaying and Maintaining WRED 6 3 7...

Page 1727: ...Example 11 2 12 QoS in an EPON System 4 QoS in an EPON System 4 QoS Functions for Uplink Traffic 4 QoS Functions for Downlink Traffic 5 Configuring QoS in an EPON System 6 QoS Configuration Task List...

Page 1728: ...packet loss rate The network resources are always scarce QoS requirements exist on any occasion where traffic flows contend for network resources QoS is a relative concept for traffic flows that is g...

Page 1729: ...tify and guarantee QoS for each data flow and provides the most granularly differentiated QoS However the Inter Serv model imposes extremely high requirements on devices In a network with heavy data t...

Page 1730: ...directions of a port When a flow exceeds the specification some restriction or punishment measures can be taken to prevent overconsumption of network resources z Traffic shaping proactively adjusts th...

Page 1731: ...ring QoS policies A QoS policy defines what QoS actions to take on what class of traffic for purposes such as traffic shaping or traffic policing Before configuring a QoS policy be familiar with these...

Page 1732: ...rator and or Required By default the relationship between match criteria is AND Configure match criteria if match match criteria Required match criteria Match criterion Table 2 1 shows the available c...

Page 1733: ...or a word representing the specific value For the number to word mapping see Table 13 21 ip precedence ip precedence list Match IP precedence The ip precedence list is a list of up to eight IP precede...

Page 1734: ...erencing the class cannot be applied to interfaces successfully z customer dot1p 8021p list z destination mac mac address z dscp dscp list z ip precedence ip precedence list z service dot1p 8021p list...

Page 1735: ...havior associations if the action of creating an outer VLAN tag the action of setting customer network VLAN ID or the action of setting service provider network VLAN ID is configured in a traffic beha...

Page 1736: ...nd Settings in interface view take effect on the current interface settings in port group view take effect on all ports in the port group Apply the policy to the interface port group qos apply policy...

Page 1737: ...tive by default z If a user profile is active the QoS policy except ACLs referenced in the QoS policy applied to it cannot be configured or removed If the user profile is being used by online users th...

Page 1738: ...red with data plane units they allow for great packet processing flexibility but have lower throughput When the data plane receives packets that it cannot recognize or process it transmits them to the...

Page 1739: ...splay traffic class information display traffic classifier user defined tcl name Available in any view Display traffic behavior configuration information display traffic behavior user defined behavior...

Page 1740: ...any view Display information about pre defined control plane QoS policies on a distributed IRF device display qos policy control plane pre defined chassis chassis number slot slot number Available in...

Page 1741: ...sions Packets with the highest drop precedence are dropped preferentially When a packet enters the device from a port the device assigns a set of QoS priority parameters to the packet based on a certa...

Page 1742: ...ority of the packet for priority mapping table lookup The priority mapping procedure varies with the priority modes as described in the next section Priority Mapping Procedure Priority Mapping Procedu...

Page 1743: ...riority marking is configured the device performs priority marking before priority mapping and then uses the re marked packet carried priority for priority mapping or directly uses the re marked sched...

Page 1744: ...to EXP priority mapping table dot1p exp and the EXP to 802 1p priority mapping table exp dot1p are available only for the EB and SD cards Configuring the Priority Trust Mode on a Port Follow these ste...

Page 1745: ...ort group manual port group name Use either command Settings in interface view take effect on the current interface settings in port group view take effect on all ports in the port group Configure the...

Page 1746: ...to GigabitEthernet 2 0 3 of Device which sets the 802 1p priority of traffic from the management department to 5 Configure port priority 802 1p to local priority mapping table and priority marking to...

Page 1747: ...gabitEthernet2 0 1 quit Set the port priority of GigabitEthernet 2 0 2 to 4 Device interface gigabitethernet 2 0 2 Device GigabitEthernet2 0 2 qos priority 4 Device GigabitEthernet2 0 2 quit Set the p...

Page 1748: ...vior admin quit Device qos policy admin Device qospolicy admin classifier http behavior admin Device qospolicy admin quit Device interface gigabitethernet 2 0 3 Device GigabitEthernet2 0 3 qos apply p...

Page 1749: ...it it is shaped or policed to ensure that it is under the specifications Generally token buckets are used to evaluate traffic specifications Traffic Evaluation and Token Buckets Token bucket features...

Page 1750: ...e allowed by the E bucket z Excess burst size EBS Size of the E bucket that is transient burst of traffic that the E bucket can forward CBS and EBS are carried by two different token buckets In each e...

Page 1751: ...ing traffic and forwarding it Traffic Shaping Traffic shaping supports shaping traffic to the outgoing traffic Traffic shaping provides measures to adjust the rate of outbound traffic actively A typic...

Page 1752: ...his way all the traffic sent to Switch B conforms to the traffic specification defined in Switch B Line Rate Line rate supports rate limiting traffic in the outbound direction The line rate of a physi...

Page 1753: ...packets on a port using line rate is easier Configuring Traffic Policing Configuration Procedure Follow these steps to configure traffic policing To do Use the command Remarks Enter system view syste...

Page 1754: ...2 kbps and drop the exceeding traffic Enter system view Sysname system view Configure advanced ACL 3000 to match HTTP traffic Sysname acl number 3000 Sysname acl adv 3000 rule permit tcp destination p...

Page 1755: ...queue qos gts queue queue number cir committed information rate cbs committed burst size Required z On SC SA and EA LPUs the granularity of GTS is 64 kbps z On SD and EB LPUs the granularity of GTS i...

Page 1756: ...r interface interface type interface number Available in any view Configuration Example Limit the outbound line rate of GigabitEthernet 2 0 1 to 512 kbps Enter system view Sysname system view Enter in...

Page 1757: ...4 9...

Page 1758: ...ows two common cases Figure 5 1 Traffic congestion causes 100M 10M 100M 10M 50M 100M 100M 100M 100M 50M 10M 10M 1 2 Congestion may bring these negative results z Increased delay and jitter during pack...

Page 1759: ...es numbered 7 to 0 in descending priority order SP queuing schedules the eight queues strictly according to the descending order of priority It sends packets in the queue with the highest priority fir...

Page 1760: ...advantage of WRR queuing is that while the queues are scheduled in turn the service time for each queue is not fixed that is if a queue is empty the next queue will be scheduled immediately This impro...

Page 1761: ...port currently with the precedence being 0 1 2 3 and 4 and the minimum guaranteed bandwidth being 128 kbps 128 kbps 128 kbps 64 kbps and 64 kbps respectively z The assignable bandwidth 10 Mbps 128 kb...

Page 1762: ...in port group view take effect on all ports in the port group Configure SP queuing qos sp Optional The default queuing algorithm on an interface is SP queuing Display SP queuing configuration display...

Page 1763: ...h their weights being 1 3 3 5 8 8 10 and 15 2 Configuration procedure Enter system view Sysname system view Configure WRR queuing on GigabitEthernet 2 0 1 Sysname interface gigabitethernet 2 0 1 Sysna...

Page 1764: ...nteed bandwidth and scheduling weight configurations z The EA cards support both configurations too but the scheduling weight for each queue can only be 1 z The SA cards support only the scheduling we...

Page 1765: ...work requirements z Configure to adopt SP WRR queue scheduling algorithm on GigabitEthernet2 0 1 z Configure queue 0 queue 1 queue 2 and queue 3 on GigabitEthernet2 0 1 to be in SP queue scheduling gr...

Page 1766: ...figuration information display qos wrr interface interface type interface number Display SP queue configuration information display qos sp interface interface type interface number Display WFQ queue c...

Page 1767: ...the flow control mechanism at the source end can maximize throughput and utilization rate of the network and minimize packet loss and delay Traditional packet drop policy The traditional packet drop p...

Page 1768: ...When the average queue size is between the lower threshold and the upper threshold packets are dropped randomly The longer a queue the higher the drop probability When the average queue size exceeds...

Page 1769: ...fect on all ports in the port group Apply the WRED table qos wred apply table name Required Configuration Example Network requirements Apply a queue based WRED table to port GigabitEthernet 2 0 1 Conf...

Page 1770: ...6 4...

Page 1771: ...to configure traffic filtering To do Use the command Remarks Enter system view system view Create a class and enter class view traffic classifier tcl name operator and or Configure the match criteria...

Page 1772: ...ds for the traffic filtering action for the inbound and outbound traffic For line card categories and their description refer to the 3Com S7900E Family Getting Started Guide Table 7 1 Support of line...

Page 1773: ...match acl 3000 DeviceA classifier classifier_1 quit Create a behavior named behavior_1 and configure the traffic filtering action for the behavior DeviceA traffic behavior behavior_1 DeviceA behavior...

Page 1774: ...change its transmission priority in the network To configure priority marking you can associate a class with a behavior configured with the priority marking action to set the priority fields or flag b...

Page 1775: ...a policy and enter policy view qos policy policy name Associate the class with the traffic behavior in the QoS policy classifier tcl name behavior behavior name Exit policy view quit To an interface...

Page 1776: ...orted Not supported Supported Not supported Remarking the local precedence for packets Supported Not supported Supported Not supported Supported Not supported Remarking the specified QoS local ID for...

Page 1777: ...Device z The data server mail server and file server are connected to GigabitEthernet 2 0 2 of Device Configure priority marking on Device to satisfy the following requirements Traffic source Destinat...

Page 1778: ...server if match acl 3002 Device classifier classifier_fserver quit Create a behavior named behavior_dbserver and configure the action of setting the local precedence value to 4 for the behavior Device...

Page 1779: ...S local ID create a class to match the QoS local ID and associate this class with the traffic policing action The configuration procedure is as follows Create ACL 2000 to match packets with source IP...

Page 1780: ...ssociate class class_b with behavior behavior_b Sysname qos policy car_policy Sysname qospolicy car_policy classifier class_a behavior behavior_a Sysname qospolicy car_policy classifier class_b behavi...

Page 1781: ...ecting traffic to the next hop redirects packets which require processing by an interface to the interface This action is applicable to only Layer 3 packets Configuring Traffic Redirecting Follow thes...

Page 1782: ...edirecting action can be applied only to the incoming traffic z To implement QoS policy routing successfully ensure that the next hop address specified in the redirect action exist and the outgoing in...

Page 1783: ...You have determined the traffic behavior to reference the aggregation CAR Configuration procedure Follow these steps to reference an aggregation CAR in a traffic behavior To do Use the command Remarks...

Page 1784: ...to rate limit the traffic of VLAN 10 and VLAN 100 received on GigabitEthernet 2 0 1 using these parameters CIR is 256 kbps CBS is 2000 bytes and the action for red packets is discard Configure an aggr...

Page 1785: ...vior 2 Sysname qos policy car Sysname qospolicy car classifier 1 behavior 1 Sysname qospolicy car classifier 2 behavior 2 Sysname qospolicy car quit Apply the QoS policy to the incoming traffic of Gig...

Page 1786: ...e steps to configure class based accounting To do Use the command Remarks Enter system view system view Create a class and enter class view traffic classifier tcl name operator and or Configure the ma...

Page 1787: ...dress 1 1 1 1 DeviceA system view DeviceA acl number 2000 DeviceA acl basic 2000 rule permit source 1 1 1 1 0 DeviceA acl basic 2000 quit Create a class named classifier_1 and reference ACL 2000 in th...

Page 1788: ...configuration DeviceA display qos policy interface gigabitethernet 2 0 1 Interface GigabitEthernet2 0 1 Direction Inbound Policy policy Classifier classifier_1 Operator AND Rule s If match acl 2000 Be...

Page 1789: ...cy z Configuring the ONU to perform traffic policing for uplink traffic of a UNI z Configuring the UNI to tag the uplink 802 1q untagged traffic with the default VLAN tag and adding the UNI priority t...

Page 1790: ...gns to the ONU z Configuring high priority packet buffer for downlink traffic that the OLT sends to the specified ONU Processing on an ONU z Filtering the packets matching certain match criteria accor...

Page 1791: ...Trust Mode on a Port Configure traffic policing for uplink traffic of all ONUs through QoS Configuring Traffic Policing Configure QoS for uplink traffic Configure congestion management on the uplink...

Page 1792: ...e Modify the priority mapping on the OLT port Follow these steps to modify the 802 1p to local mapping on the OLT port To do Use the command Remarks Enter system view system view Enter OLT port view i...

Page 1793: ...r ONU port view interface interface type interface number Reserve high priority buffer for the current ONU bandwidth downstream high priority enable Optional By default the OLT reserves no high priori...

Page 1794: ...fer size of the OLT port and that of the downlink bandwidth limit take effect only when the downlink bandwidth allocation policy is enabled z The configured downlink bandwidth limitation takes effect...

Page 1795: ...refer to Table 12 4 Table 12 4 Relationship between VLAN operation modes and priority remarking VLAN operation mode With or without VLAN tag Packet processing With VLAN tag z In the case of traffic c...

Page 1796: ...in the tag does not match any VLAN translation entry on the port The packet is dropped Translation mode Without VLAN tag The packet is tagged with the VLAN tag corresponding to the default PVID of th...

Page 1797: ...fic classification rule is the same as the priority of the UNI the traffic classification rule will not take effect Priority remarking based on VLAN ID The configuration of VLAN ID based priority rema...

Page 1798: ...for both UNI 1 and UNI 2 z Configure priority remarking for UNI 1 Remark tagged packets sourced from the MAC address of 000A EB7F AAAB with CoS 3 precedence z Configure priority remarking for UNI 2 R...

Page 1799: ...uni 1 classification marking index 1 queue 3 priority 3 src mac equal 000A EB7F AAAB Sysname Onu3 0 1 1 uni 2 classification marking index 1 queue 1 priority 1 src mac equal 001B EB7F 21AC After the...

Page 1800: ...lass Based Weighted Fair Queuing CE Customer Edge CIR Committed Information Rate CQ Custom Queuing DAR Deeper Application Recognition DiffServ Differentiated Service DSCP Differentiated Services Codep...

Page 1801: ...Network WFQ Weighted Fair Queuing WRED Weighted Random Early Detection Appendix B Default Priority Mapping Tables Uncolored Priority Mapping Tables z Some devices support four forwarding classes and...

Page 1802: ...default dscp lp dscp dp dscp dot1p and dscp exp priority mapping tables Input priority value dscp lp mapping dscp dp mapping dscp dot1p mapping dscp exp mapping DSCP Local precedence lp Drop preceden...

Page 1803: ...0 0 2 16 0 1 3 24 0 1 4 32 0 2 5 40 0 2 6 48 0 2 7 56 0 2 Table 13 6 The default lp dot1p and lp dscp priority mapping tables Input priority value lp dot1p mapping lp dscp mapping Local precedence lp...

Page 1804: ...lp mappin g up rpr mappin g up fc 4 mappin g up fc 8 mappin g User precede nce up 802 1p priority dot1p DSCP EXP Drop precede nce dp Local precede nce lp RPR fc 4 fc 8 0 0 0 0 0 2 0 0 0 1 1 8 1 0 0 0...

Page 1805: ...nd dscp lp priority mapping tables for yellow packets Input priority value dscp dot1p mapping dscp dp mapping dscp exp mapping dscp lp mapping DSCP of yellow packets 802 1p priority dot1p Drop precede...

Page 1806: ...cp priority mapping tables for green packets Input priority value exp dp mapping exp dscp mapping EXP of green packets Drop precedence dp DSCP 0 0 0 1 0 8 2 0 16 3 0 24 4 0 32 5 0 40 6 0 48 7 0 56 Tab...

Page 1807: ...put priority value lp dp mapping lp dot1p mapping lp dscp mapping Local precedence lp of green packets Drop precedence dp 802 1p priority dot1p DSCP 0 0 1 0 1 0 2 8 2 0 0 16 3 0 3 24 4 0 4 32 5 0 5 40...

Page 1808: ...d packets Drop precedence dp 802 1p priority dot1p DSCP 0 2 1 0 1 2 2 8 2 2 0 16 3 2 3 24 4 2 4 32 5 2 5 40 6 2 6 48 7 2 7 56 Table 13 19 The default up dscp priority mapping table for green yellow re...

Page 1809: ...le 13 20 Description on IP precedence IP precedence decimal IP precedence binary Description 0 000 Routine 1 001 priority 2 010 immediate 3 011 flash 4 100 flash override 5 101 critical 6 110 internet...

Page 1810: ...ID two bytes in length whose value is 0x8100 and the tag control information TCI two bytes in length Figure 13 3 presents the format of the 802 1Q tag header The Priority field in the 802 1Q tag heade...

Page 1811: ...13 12 EXP Values The EXP field lies in MPLS labels and is used for QoS Figure 13 4 MPLS label structure As shown in Figure 13 4 the EXP field is 3 bits long and ranges from 0 to 7...

Page 1812: ...er Profile Overview 1 1 User Profile Configuration Task List 1 1 Creating a User Profile 1 2 Configuration Prerequisites 1 2 Creating a User Profile 1 2 Configuring a User Profile 1 2 Enabling a User...

Page 1813: ...profile is applicable to restricting online users access if no users are online no user access no users pass the authentication or users have logged out user profile does not take effect as it is a p...

Page 1814: ...er profile already exists you will directly enter the corresponding user profile view The configuration made in user profile view takes effect when the user profile is enabled and a user using the use...

Page 1815: ...ofile A created user profile takes effect only after being enabled Follow these steps to enable a user profile To do Use the command Remarks Enter system view system view Enable a user profile user pr...

Page 1816: ...1X configuration z 802 1X Guest VLAN configuration MAC Authentication MAC authentication provides a way for authenticating users based on ports and MAC addresses it requires no client software to be...

Page 1817: ...FTP Client Public Key This document describes Public Key Configuration ACL An ACL is used for identifying traffic based on a series of preset matching criteria This document describes z ACL overview a...

Page 1818: ...thods for an ISP Domain 1 17 Configuring AAA Accounting Methods for an ISP Domain 1 19 Configuring Local User Attributes 1 21 Configuring User Group Attributes 1 22 Tearing down User Connections Forci...

Page 1819: ...Related to the Data Sent to HWTACACS Server 1 38 Specifying the Source IP Address for HWTACACS Packets to be Sent 1 39 Setting Timers Regarding HWTACACS Servers 1 39 Displaying and Maintaining HWTACA...

Page 1820: ...z Introduction to AAA z Introduction to RADIUS z Introduction to HWTACACS z Domain Based User Management z Protocols and Standards z AAA Configuration Task List z Configuring AAA z Configuring RADIUS...

Page 1821: ...ding the service type start and end time and traffic In this way accounting can be used for not only charging but also network security surveillance You can use AAA to provide only one or two security...

Page 1822: ...r example rejecting or accepting the user access request to the clients In general the RADIUS server maintains three databases namely Users Clients and Dictionary as shown in Figure 1 2 Figure 1 2 RAD...

Page 1823: ...orization information If the authentication fails it returns an Access Reject message 4 The RADIUS client permits or denies the user according to the returned authentication result If it permits the u...

Page 1824: ...sponse 4 Accounting Request From the client to the server A packet of this type carries user information for the server to start stop accounting for the user It contains the Acct Status Type attribute...

Page 1825: ...s Its format and content depend on the Type and Length fields Table 1 2 RADIUS attributes No Attribute No Attribute 1 User Name 45 Acct Authentic 2 User Password 46 Acct Session Time 3 CHAP Password 4...

Page 1826: ...nt Auth id 44 Acct Session Id 91 Tunnel Server Auth id z The attribute types listed in Table 1 2 are defined by RFC 2865 RFC 2866 RFC 2867 and RFC 2868 z For information about commonly used standard R...

Page 1827: ...e implementing AAA using a client server model using shared keys for user information security and having good flexibility and extensibility Meanwhile they also have differences as listed in Table 1 3...

Page 1828: ...rization response indicating successful authorization 14 The user logs in successfully 15 Start accounting request 16 Accounting response indicating the start of accounting 17 The user logs off 18 Sto...

Page 1829: ...WTACACS server 19 The HWTACACS server sends back a stop accounting response indicating that the stop accounting request has been received Domain Based User Management An Internet service provider ISP...

Page 1830: ...guration in the Security Volume Login such as SSH Telnet FTP and terminal SSH2 0 Configuration in the Security Volume FTP and TFTP Configuration in the IP Services Volume Portal Portal Configuration i...

Page 1831: ...sers it is necessary to configure the authentication mode for logging into the user interface as scheme For detailed information refer to Login Configuration of the System Volume AAA Configuration Tas...

Page 1832: ...rs Optional Configuring Attributes Related to Data to Be Sent to the RADIUS Server Optional Enabling the RADIUS Trap Function Optional Specifying the Source IP Address for RADIUS Packets to Be Sent Op...

Page 1833: ...ssword structure service type and rights you need to configure ISP domains to distinguish the users In addition you need to configure different AAA methods for the ISP domains For the NAS each user be...

Page 1834: ...lt an ISP domain has no default authorization user profile A self service RADIUS server for example Intelligent Management Center iMC is required for the self service server localization function to w...

Page 1835: ...access mode and service type limiting the authentication protocols that can be used for access z Determine whether to configure an authentication method for all access modes or service types Follow t...

Page 1836: ...o switch the privilege level to 3 the system uses enab3 aaa for authentication when the domain name is required and uses enab3 for authentication when the domain name is not required Configuring AAA A...

Page 1837: ...an ISP domain To do Use the command Remarks Enter system view system view Enter ISP domain view domain isp name Specify the default authorization method for all types of users authorization default hw...

Page 1838: ...AAA accounting is a separate process at the same level as authentication and authorization Its responsibility is to send accounting start update end requests to the specified accounting server Account...

Page 1839: ...al The default accounting method is used by default z With the accounting optional command configured a user that would be otherwise disconnected can still use the network resources even when no accou...

Page 1840: ...assword display mode for all local users local user password display mode auto cipher force Optional auto by default indicating to display the password of a local user in the way indicated by the pass...

Page 1841: ...HWTACACS authentication the commands that a login user can use after logging in depend on the level of the user With other authentication methods which commands are available depends on the level of t...

Page 1842: ...nections at present Tear down AAA user connections forcibly on a distributed IRF device cut connection all domain isp name ucibindex ucib index user name user name chassis chassis number slot slot num...

Page 1843: ...RF device display local user idle cut disable enable service type ftp lan access portal ssh telnet terminal state active block user name user name vlan vlan id chassis chassis number slot slot number...

Page 1844: ...cheme can be referenced by more than one ISP domain at the same time Specifying the RADIUS Authentication Authorization Servers Follow these steps to specify the RADIUS authentication authorization se...

Page 1845: ...use IP addresses of the same IP version Specifying the RADIUS Accounting Servers and Relevant Parameters Follow these steps to specify the RADIUS accounting servers and perform related configurations...

Page 1846: ...smission attempts on the device allowing the device to disconnect a user when the number of accounting request transmission attempts for the user reaches the limit but it still receives no response to...

Page 1847: ...ault z The maximum number of retransmission attempts of RADIUS packets multiplied by the RADIUS server response timeout period cannot be greater than 75 z Refer to the timer response timeout command i...

Page 1848: ...and Remarks Enter system view system view Enter RADIUS scheme view radius scheme radius scheme name Set the status of the primary RADIUS authentication authorization server state primary authenticatio...

Page 1849: ...sername is sent without the ISP domain name do not apply the RADIUS scheme to more than one ISP domain Otherwise users using the same username but in different ISP domains will be considered the same...

Page 1850: ...device can enable the following three timers z RADIUS server response timeout response timeout If a NAS receives no response from the RADIUS server in a period of time after sending a RADIUS request...

Page 1851: ...product of the two parameters cannot exceed 30 seconds For detailed information about timeout time of a specific access module refer to the corresponding part in the Access Volume z To configure the...

Page 1852: ...s attribute 25 to a RADIUS client However the RFC only requires the RADIUS client to send the attribute to the accounting server it does not require the RADIUS client to resolve the attribute Currentl...

Page 1853: ...ot slot number Available in user view Display information about buffered stop accounting requests that get no responses on a distributed device display stop accounting buffer radius scheme radius serv...

Page 1854: ...atter whether there are users online or not This is different from RADIUS Creating an HWTACACS scheme The HWTACACS protocol is configured on a per scheme basis Before performing other HWTACACS configu...

Page 1855: ...ntication servers are specified the secondary one is used when the primary one is not reachable z The IP addresses of the primary and secondary authentication servers cannot be the same Otherwise the...

Page 1856: ...ets is using it Specifying the HWTACACS Accounting Servers Follow these steps to specify the HWTACACS accounting servers and perform related configurations To do Use the command Remarks Enter system v...

Page 1857: ...ckets exchanged between them and a shared key to verify the packets Only when the same key is used can they properly receive the packets and make responses Follow these steps to set the shared key for...

Page 1858: ...o be sent if the physical port for sending the HWTACACS packets fails response packets from the server will be able to arrive at the NAS Follow these steps to specify the source IP address for HWTACAC...

Page 1859: ...nformation or statistics of the specified or all HWTACACS schemes on a distributed device display hwtacacs hwtacacs server name statistics slot slot number Available in any view Display configuration...

Page 1860: ...t Switch Telnet user Authentication Accounting server 10 1 1 1 24 Configuration procedure Configure the IP addresses of the interfaces omitted Enable the Telnet server on the switch Switch system view...

Page 1861: ...nting default hwtacacs scheme hwtac When telneting into the switch a user enters username userid bbb for authentication using domain bbb AAA for Telnet Users by Separate Servers Network requirements A...

Page 1862: ...uthorization expert Switch hwtacacs hwtac user name format without domain Switch hwtacacs hwtac quit Configure the RADIUS scheme Switch radius scheme rd Switch radius rd primary accounting 10 1 1 1 18...

Page 1863: ...erver to expert and specify that a username sent to the RADIUS server carries the domain name The RADIUS server provides different user services according to the domain names Figure 1 11 Configure AAA...

Page 1864: ...management Log into the iMC management platform select the User tab and select Access User View Device Mgmt User from the navigation tree to enter the Device Management User page Then click Add to ent...

Page 1865: ...ure the IP address of VLAN interface 3 through which the switch access the server Switch interface vlan interface 3 Switch Vlan interface3 ip address 10 1 1 2 255 255 255 0 Switch Vlan interface3 quit...

Page 1866: ...p bbb authentication login radius scheme rad Switch isp bbb authorization login radius scheme rad Switch isp bbb accounting login radius scheme rad Switch isp bbb quit When using SSH to log in a user...

Page 1867: ...message exchange and specify that usernames sent to the HWTACACS server carry no domain name Configure the domain to use the HWTACACS scheme hwtac for user privilege level switching authentication z C...

Page 1868: ...it Create ISP domain bbb Switch domain bbb Configure the ISP domain to use local authentication for Telnet users Switch isp bbb authentication login local Configure to use HWTACACS scheme hwtac for pr...

Page 1869: ...enter the user interface of the switch and access all level 0 commands Switch telnet 192 168 1 70 Trying 192 168 1 70 Press CTRL K to abort Connected to 192 168 1 70 Copyright c 2004 2009 3Com Corp a...

Page 1870: ...ation Switch super 3 Password Enter the password for HWTACACS privilege level switching authentication Error Invalid configuration or no response from the authentication server Info Change authenticat...

Page 1871: ...d link layers 2 The IP address of the RADIUS server is correctly configured on the NAS 3 UDP ports for authentication authorization accounting configured on the NAS are the same as those configured on...

Page 1872: ...o be configured for the user 11 Filter ID Name of the filter list 12 Framed MTU Maximum transmission unit MTU for the data link between the user and NAS For example with 802 1X EAP authentication NAS...

Page 1873: ...on 61 NAS Port Type Type of the physical port of the NAS that is authenticating the user which can be z 15 Ethernet z 16 Any type of ADSL z 17 Cable with cable for cable TV z 201 VLAN z 202 ATM If the...

Page 1874: ...Trigger Function 1 17 Enabling the Unicast Trigger Function 1 17 Specifying a Mandatory Authentication Domain for a Port 1 18 Enabling the Quiet Timer Function 1 18 Enabling the Re Authentication Func...

Page 1875: ...vices that fail to pass the authentication are denied access to the LAN The port security feature provides rich security modes that combine or extend 802 1X and MAC address authentication In a network...

Page 1876: ...between the client device and authentication server z Between the client and the device EAP protocol packets are encapsulated using EAPOL to be transferred on the LAN z Between the device and the RADI...

Page 1877: ...rts to access the network without authentication z unauthorized force Places the port in the unauthorized state denying any access requests from users of the ports z auto Places the port in the unauth...

Page 1878: ...client and a device z Length Length of the data that is length of the Packet body field in bytes If the value of this field is 0 no subsequent data field is present z Packet body Content of the packe...

Page 1879: ...e EAP Message The EAP Message attribute is used to encapsulate EAP packets Figure 1 6 shows its encapsulation format The value of the Type field is 79 The String field can be up to 253 bytes If the EA...

Page 1880: ...ggering mode The device multicasts EAP Request Identify packets periodically every 30 seconds by default to clients z Unicast triggering mode The device deems that a new user is attached to itself upo...

Page 1881: ...entity packet it encapsulates the username in an EAP Response Identity packet and sends the packet to the device 5 Upon receiving the EAP Response Identity packet the device relays the packet in a RAD...

Page 1882: ...s gone offline and performs the necessary operations guaranteeing that the device always knows when a client goes offline 12 The client can also send an EAPOL Logoff packet to the device to go offline...

Page 1883: ...rmation from the client to the RADIUS server for authentication 802 1X Access Control Method 3Com devices not only implement the port based access control method defined in the 802 1X protocol but als...

Page 1884: ...e client is offline z Quiet timer quiet period When a client fails the authentication the device refuses further authentication requests from the client in this period of time z Periodic re authentica...

Page 1885: ...a port that uses the port based access control method With PGV configured on a port if no user initiates authentication on the port in a certain period of time 90 seconds by default the port will be a...

Page 1886: ...ils the authentication the port stays in the Auth Fail VLAN If the user passes the authentication successfully the port leaves the Auth Fail VLAN and z If the authentication server assigns a VLAN the...

Page 1887: ...cifying a Mandatory Authentication Domain for a Port Optional Enabling the Quiet Timer Function Optional Enabling the Re Authentication Function Optional Configuring a Guest VLAN Optional Configuring...

Page 1888: ...The defaults are as follows 15 seconds for the handshake timer 60 seconds for the quiet timer 3600 seconds for the periodic re authentication timer 100 seconds for the server timeout timer 30 seconds...

Page 1889: ...users for the port dot1x max user user number Optional 1024 by default Note that z Enabling 802 1X on a port is mutually exclusive with adding the port to an aggregation group and adding the port to a...

Page 1890: ...need to disable the online user handshake function on the device otherwise the device will tear down the connections with such online users for not receiving handshake responses Enabling the Proxy Det...

Page 1891: ...authentication This function is used for clients that cannot initiate authentication unsolicitedly Follow these steps to configure the multicast trigger function To do Use the command Remarks Enter sy...

Page 1892: ...or the port dot1x mandatory domain domain name Required Not specified by default Enabling the Quiet Timer Function After the quiet timer is enabled on the device when a client fails 802 1X authenticat...

Page 1893: ...the access port you are recommended to configure different VLAN IDs for the voice VLAN default VLAN of the port and 802 1X guest VLAN This is to ensure the normal use of the functions z A super VLAN c...

Page 1894: ...function and the free IP function in EAD fast deployment are mutually exclusive on a port z If the traffic from a user side device carries VLAN tags and the 802 1X authentication and guest VLAN functi...

Page 1895: ...ntaining 802 1X To do Use the command Remarks Display 802 1X session information statistics or configuration information of specified or all ports display dot1x sessions statistics interface interface...

Page 1896: ...ver 20 minutes Figure 1 10 Network diagram for 802 1X configuration Configuration procedure The following configuration procedure covers most AAA RADIUS configuration commands for the device while con...

Page 1897: ...he RADIUS server Device radius radius1 user name format without domain Device radius radius1 quit Create domain aabbcc net and enter its view Device domain aabbcc net Set radius1 as the RADIUS scheme...

Page 1898: ...ns RADIUS and is in VLAN 2 z The update server which is in VLAN 10 is for client software download and upgrade z Port GigabitEthernet 2 0 3 of the device which is in VLAN 5 is for accessing the Intern...

Page 1899: ...e following configuration procedure uses many AAA RADIUS commands For detailed configuration of these commands refer to AAA Configuration in the Security Volume z Configurations on the 802 1X client a...

Page 1900: ...vice vlan 10 Device vlan10 quit Specify port GigabitEthernet 2 0 2 to use VLAN 10 as its guest VLAN Device dot1x guest vlan 10 interface gigabitethernet 2 0 2 You can use the display current configura...

Page 1901: ...accounting abc Device radius 2000 user name format without domain Device radius 2000 quit Create an ISP domain and specify the AAA schemes Device domain 2000 Device isp 2000 authentication default ra...

Page 1902: ...1 28 Pinging 10 0 0 1 with 32 bytes of data Request timed out Request timed out Request timed out Request timed out Ping statistics for 10 0 0 1 Packets Sent 4 Received 0 Lost 4 100 loss C...

Page 1903: ...be time consuming and inefficient To address the issue quick EAD deployment was developed In conjunction with 802 1X it can have an access switch to force all attached devices to download and install...

Page 1904: ...AD is enabled Follow these steps to configure a freely accessible network segment To do Use the command Remarks Enter system view system view Configure a freely accessible network segment dot1x free i...

Page 1905: ...user accesses the network this timer is started If the user neither downloads client software nor performs authentication before the timer expires the occupied ACL will be released so that other user...

Page 1906: ...support EAD fast deployment Configure the IP addresses of the interfaces omitted Configure the free IP Device system view Device dot1x free ip 192 168 2 0 24 Configure the redirect URL for client sof...

Page 1907: ...ting system of the host regards the string a website name and tries to have it resolved If the resolution fails the operating system sends an ARP request with the address in the format other than X X...

Page 1908: ...1 2 Quiet MAC Address 1 2 VLAN Assigning 1 2 ACL Assigning 1 2 Configuring MAC Authentication 1 3 Configuration Prerequisites 1 3 Configuration Procedure 1 3 Displaying and Maintaining MAC Authenticat...

Page 1909: ...r serves as both the username and password z Fixed username where all users use the same preconfigured username and password for authentication regardless of the MAC addresses Multiple users can be au...

Page 1910: ...l be discarded silently by the device until the quiet timer expires This prevents the device from authenticating an illegal user repeatedly in a short time If a quiet MAC address is the same as a stat...

Page 1911: ...hentication To do Use the command Remarks Enter system view system view Enable MAC authentication globally mac authentication Required Disabled by default mac authentication interface interface list E...

Page 1912: ...ng the port to a service loopback group z For details about the default ISP domain refer to AAA Configuration in the Security Volume Displaying and Maintaining MAC Authentication To do Use the command...

Page 1913: ...uthentication for port GigabitEthernet 2 0 1 Device mac authentication interface gigabitethernet 2 0 1 Specify the ISP domain for MAC authentication Device mac authentication domain aabbcc net Set the...

Page 1914: ...Total 1 connection s matched on slot 2 Total 1 connection s matched RADIUS Based MAC Authentication Configuration Example Network requirements As illustrated in Figure 1 2 a host is connected to the d...

Page 1915: ...ization default radius scheme 2000 Device isp 2000 accounting default radius scheme 2000 Device isp 2000 quit Enable MAC authentication globally Device mac authentication Enable MAC authentication for...

Page 1916: ...MAC 00e0 fc12 3456 Total 1 connection s matched on slot 2 Total 1 connection s matched ACL Assignment Configuration Example Network requirements As shown in Figure 1 3 a host is connected to port Giga...

Page 1917: ...imary authentication 10 1 1 1 1812 Sysname radius 2000 primary accounting 10 1 1 2 1813 Sysname radius 2000 key authentication abc Sysname radius 2000 key accounting abc Sysname radius 2000 user name...

Page 1918: ...at mac address Enable MAC authentication for port GigabitEthernet 2 0 1 Sysname interface gigabitethernet 2 0 1 Sysname GigabitEthernet2 0 1 mac authentication After completing the above configuration...

Page 1919: ...pecifying a Mandatory Authentication Domain 1 10 Specifying a NAS ID Profile for an Interface 1 11 Setting the Maximum Number of Online Portal Users 1 12 Displaying and Maintaining Portal 1 12 Portal...

Page 1920: ...l website enter username and password for authentication This authentication mode is called active authentication There is still another authentication mode namely forced authentication in which the a...

Page 1921: ...security authentication of a client depends on the communications between the portal client and the security policy server Access device Device for broadband access It can be a switch or a router that...

Page 1922: ...ity authentication result z Since a portal client uses an IP address as its ID ensure that there is no Network Address Translation NAT device between the authentication client access device portal ser...

Page 1923: ...a client is uniquely identified by an IP address This is because the mode supports Layer 3 forwarding devices between the authentication client and the access device but the access device does not le...

Page 1924: ...equest message and sends it to the access device Meanwhile the portal server starts a timer to wait for an authentication acknowledgment message 4 The access device and the RADIUS server exchange RADI...

Page 1925: ...received the access device notifies the portal server of the change 10 The portal server notifies the authentication client of logon success 11 The portal server sends a user IP address change acknow...

Page 1926: ...With re DHCP authentication the invalid IP address check function of DHCP relay is enabled on the access device and the DHCP server is installed and configured properly z With RADIUS authentication u...

Page 1927: ...enced by any interface z The portal server to be referenced must exist z Only Layer 3 portal authentication mode portal server server name method layer3 can be used in applications with Layer 3 forwar...

Page 1928: ...n modifying it Configuring an Authentication Subnet By configuring authentication subnets you can allow portal authentication to be triggered by only packets from users on the authentication subnets I...

Page 1929: ...as ip ip address Optional By default there is no source IP address specified for portal packets and the IP address of the user login interface will be used as the source IP address of the portal packe...

Page 1930: ...NAS ID will be used as that of the NAS identifier attribute in the RADIUS packets to be sent to the RADIUS server A NAS ID profile defines the binding relationship between VLANs and NAS IDs A NAS ID...

Page 1931: ...s the command can be executed successfully and will not impact the online portal users but the system will not allow new portal users to log in until the number drops down below the limit Displaying a...

Page 1932: ...portal server statistics all interface interface type interface number Available in user view Clear TCP spoofing statistics reset portal tcp cheat statistics Available in user view Portal Configurati...

Page 1933: ...Portal Service Management Server from the navigation tree to enter the portal server configuration page as shown in Figure 1 5 z Input the URL address of the portal authentication main page in the fo...

Page 1934: ...necting the user z Type the key which must be the same as that configured on the switch z Set whether to enable IP address reallocation Direction portal authentication is used in this example and ther...

Page 1935: ...to make the previous configurations take effect 2 Configure the switch z Configure a RADIUS scheme Create a RADIUS scheme named rs1 and enter its view Switch system view Switch radius scheme rs1 Set t...

Page 1936: ...z Configure portal authentication Configure the portal server as follows z Name newpt z IP address 192 168 0 111 z Key portal z Port number 50100 z URL http 192 168 0 111 portal Switch portal server n...

Page 1937: ...s z You need to configure IP addresses for the devices as shown in Figure 1 10 and ensure that routes are available between devices z Perform configurations on the RADIUS server to ensure that the use...

Page 1938: ...server as follows z Name newpt z IP address 192 168 0 111 z Key portal z Port number 50100 z URL http 192 168 0 111 portal Switch portal server newpt ip 192 168 0 111 key portal port 50100 url http 19...

Page 1939: ...ure that routes are available between devices z Perform configurations on the RADIUS server to ensure that the user authentication and accounting functions can work normally Configure Switch A 1 Confi...

Page 1940: ...168 0 111 z Key portal z Port number 50100 z URL http 192 168 0 111 portal SwitchA portal server newpt ip 192 168 0 111 key portal port 50100 url http 192 168 0 111 portal Enable portal authentication...

Page 1941: ...IUS scheme Create a RADIUS scheme named rs1 and enter its view Switch system view Switch radius scheme rs1 Set the server type for the RADIUS scheme When using the iMC server you need set the server t...

Page 1942: ...for unrestricted resources On the security policy server you need to specify ACL 3000 as the isolation ACL and ACL 3001 as the security ACL Switch acl number 3000 Switch acl adv 3000 rule permit ip d...

Page 1943: ...onfigure re DHCP portal authentication with extended functions Configuration procedure z For re DHCP authentication you need to configure a public address pool 20 20 20 0 24 in this example and a priv...

Page 1944: ...1 quit 2 Configure an authentication domain Create an ISP domain named dm1 and enter its view Switch domain dm1 Configure the ISP domain to use RADIUS scheme rs1 Switch isp dm1 authentication portal r...

Page 1945: ...10 0 0 1 255 255 255 0 sub Switch Vlan interface100 dhcp select relay Switch Vlan interface100 dhcp relay server select 0 Switch Vlan interface100 dhcp relay address check enable Enable re DHCP porta...

Page 1946: ...for the RADIUS scheme When using the iMC server you need set the server type to extended SwitchA radius rs1 server type extended Specify the primary authentication server and primary accounting serve...

Page 1947: ...ACL SwitchA acl number 3000 SwitchA acl adv 3000 rule permit ip destination 192 168 0 0 0 0 0 255 SwitchA acl adv 3000 rule deny ip SwitchA acl adv 3000 quit SwitchA acl number 3001 SwitchA acl adv 3...

Page 1948: ...thentication client Analysis When you execute the portal delete user command on the access device to force the user to log out the access device actively sends a REQ_LOGOUT message to the portal serve...

Page 1949: ...e 1 7 Configuring Port Security Features 1 8 Configuring NTK 1 8 Configuring Intrusion Protection 1 8 Configuring Trapping 1 9 Configuring Secure MAC Addresses 1 10 Configuration Prerequisites 1 10 Co...

Page 1950: ...needed When a port security enabled device detects an illegal frame it triggers the corresponding port security feature and takes a pre defined action automatically This reduces your maintenance workl...

Page 1951: ...d access to the port is not restricted In this mode neither the NTK nor the intrusion protection feature is triggered autoLearn In this mode a port can learn a specified number of MAC addresses and sa...

Page 1952: ...ceiving non 802 1X frames and performs 802 1X authentication upon receiving 802 1X frames macAddressElseUserLo ginSecure This mode is the combination of the macAddressWithRadius and userLoginSecure mo...

Page 1953: ...s specifies MAC address authentication z Else specifies that the authentication method before Else is applied first If the authentication fails the protocol type of the authentication request determin...

Page 1954: ...Follow these steps to enable port security To do Use the command Remarks Enter system view system view Enable port security port security enable Required Disabled by default Note that 1 Enabling port...

Page 1955: ...ort To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Set the maximum number of secure MAC addresses allowed on a port port sec...

Page 1956: ...o Use the command Remarks Enter system view system view Set an OUI value for user authentication port security oui oui value index index value Optional Not configured by default The command is require...

Page 1957: ...low frames to be forwarded to only devices passing authentication The NTK feature supports three modes z ntkonly Forwards only frames destined for authenticated MAC addresses z ntk withbroadcasts Forw...

Page 1958: ...ring which a port remains disabled port security timer disableport time value Optional 20 seconds by default On a port operating in either the macAddressElseUserLoginSecure mode or the macAddressElseU...

Page 1959: ...do Use the command Remarks Enter system view system view In system view port security mac address security mac address interface interface type interface number vlan vlan id interface interface type...

Page 1960: ...y interface interface type interface number vlan vlan id count Available in any view Display information about blocked MAC addresses display port security mac address block interface interface type in...

Page 1961: ...the port security configuration information Switch display port security interface gigabitethernet 2 0 1 Equipment port security is enabled Intrusion trap is enabled Disableport Timeout 30s OUI value...

Page 1962: ...abitethernet 2 0 1 GigabitEthernet2 0 1 current state Port Security Disabled IP Packet Frame Type PKTFMT_ETHNT_2 Hardware Address 000f cb00 5558 Description GigabitEthernet2 0 1 Interface The port sho...

Page 1963: ...or configuring the userLoginWithOUI mode Configuration procedure z The following configuration steps cover some AAA RADIUS configuration commands For details about the commands refer to AAA Configurat...

Page 1964: ...ui 1234 0300 1111 index 3 Switch port security oui 1234 0400 1111 index 4 Switch port security oui 1234 0500 1111 index 5 Switch interface gigabitethernet 2 0 1 Set the port security mode to userLogin...

Page 1965: ...disabled Disableport Timeout 20s OUI value Index is 1 OUI value is 123401 Index is 2 OUI value is 123402 Index is 3 OUI value is 123403 Index is 4 OUI value is 123404 Index is 5 OUI value is 123405 G...

Page 1966: ...domain NOT configured Guest VLAN NOT configured Auth Fail VLAN NOT configured Max number of on line users is 256 EAPOL Packet Tx 16331 Rx 102 Sent EAP Request Identity Packets 16316 EAP Request Challe...

Page 1967: ...1 Configure the RADIUS protocol The required RADIUS authentication accounting configurations and ISP domain configurations are the same as those in Configuring the userLoginWithOUI Mode 2 Configure po...

Page 1968: ...display mac authentication interface gigabitethernet 2 0 1 MAC address authentication is enabled User name format is fixed account Fixed username aaa Fixed password 123456 Offline detect period is 60...

Page 1969: ...ed Proxy logoff checker is disabled The port is an authenticator Periodic reauthentication is disabled Authentication Mode is Auto Port Control Type is Mac based 802 1X Multicast trigger is enabled Ma...

Page 1970: ...re secure MAC addresses Switch GigabitEthernet2 0 1 port security mac address security 1 1 2 vlan 1 Error Security MAC address configuration failed Analysis No secure MAC address can be configured on...

Page 1971: ...er is online Solution Use the cut command to forcibly disconnect the user from the port before changing the port security mode Switch GigabitEthernet2 0 1 quit Switch cut connection interface gigabite...

Page 1972: ...taining IP Source Guard 1 3 IP Source Guard Configuration Examples 1 4 Static Binding Entry Configuration Example 1 4 Dynamic Binding Function Configuration Example 1 1 5 Dynamic Binding Function Conf...

Page 1973: ...egal usages of network resources and improve the network security For example IP source guard can prevent an illegal host from pretending to be a legal user to access the network With IP source guard...

Page 1974: ...service loopback group Configuring a Static Binding Entry Follow these steps to configure a static binding entry To do Use the command Remarks Enter system view system view Enter interface view interf...

Page 1975: ...p address mac address mac address Required Not configured by default z To implement dynamic binding in IP source guard make sure that DHCP snooping or DHCP Relay is configured and works normally For D...

Page 1976: ...itch A Configure port GigabitEthernet 2 0 2 of Switch A to allow only IP packets with the source MAC address of 00 01 02 03 04 05 and the source IP address of 192 168 0 3 to pass SwitchA system view S...

Page 1977: ...us 0001 0203 0406 192 168 0 1 N A GigabitEthernet2 0 2 Static 0001 0203 0407 192 168 0 2 N A GigabitEthernet2 0 1 Static Dynamic Binding Function Configuration Example 1 Network requirements As shown...

Page 1978: ...0 1 display this interface GigabitEthernet2 0 1 port link mode bridge ip check source ip address mac address return Display the dynamic binding entries that port GigabitEthernet 2 0 1 has obtained fro...

Page 1979: ...user device is generated on the OLT device z Enable IP Source Guard on OLT 3 0 1 to protect the server against attacks launched by clients using fake source IP addresses This example shows only the OL...

Page 1980: ...ned by OLT 3 0 1 Sysname display dhcp snooping DHCP Snooping is enabled The client binding table for all untrusted ports Type D Dynamic S Static Type IP Address MAC Address Lease VLAN Interface D 192...

Page 1981: ...face 100 SwitchA Vlan interface100 dhcp select relay Correlate VLAN interface 100 with DHCP server group 1 SwitchA Vlan interface100 dhcp relay server select 1 2 Verify the configuration Display the g...

Page 1982: ...and Maintaining SSH 1 12 SSH Server Configuration Examples 1 13 When Switch Acts as Server for Password Authentication 1 13 When Switch Acts as Server for Publickey Authentication 1 15 SSH Client Con...

Page 1983: ...logging into a remote device securely By encryption and strong authentication it protects devices against attacks such as IP spoofing and plain text password interception The device can not only work...

Page 1984: ...number while the software version number is used for debugging 3 The client receives and resolves the packet If the protocol version of the server is lower but supportable the client uses the protocol...

Page 1985: ...name and password locally or by a remote AAA server and then informs the client of the authentication result z Publickey authentication The server authenticates the client by the digital signature Dur...

Page 1986: ...ver and the client exchanges data in the following way z The client encrypts and sends the command to be executed to the server z The server decrypts and executes the command and then encrypts and sen...

Page 1987: ...ts may use different publickey algorithms though a single client usually uses only one type of publickey algorithm z The public key local create rsa command generates two RSA key pairs a server key pa...

Page 1988: ...red By default the authentication mode is password Configure the user interface s to support SSH login protocol inbound all ssh Optional All protocols are supported by default z For detailed informati...

Page 1989: ...SSH server Configuring a client public key manually Follow these steps to configure the client public key manually To do Use the command Remarks Enter system view system view Enter public key view pub...

Page 1990: ...the service type and authentication mode To do Use the command Remarks Enter system view system view For Stelnet users ssh user username service type stelnet authentication type password any password...

Page 1991: ...ssh user command z The configured authentication method takes effect only for users logging in after the configuration For users using publickey authentication z You must configure on the device the...

Page 1992: ...maximum number of SSH authentication attempts ssh server authentication retries times Optional 3 by default Authentication will fail if the number of authentication attempts including both publickey a...

Page 1993: ...configured with the server host public key accesses the server for the first time the user can continue accessing the server and save the host public key on the client When accessing the server again...

Page 1994: ...s aes128 des prefer ctos hmac md5 md5 96 sha1 sha1 96 prefer kex dh group exchange dh group1 dh group14 prefer stoc cipher 3des aes128 des prefer stoc hmac md5 md5 96 sha1 sha1 96 Establish a connecti...

Page 1995: ...ny view For information about the display public key local and display public key peer commands refer to Public Key Commands in the Security Volume SSH Server Configuration Examples When Switch Acts a...

Page 1996: ...Switch local user client001 Switch luser client001 password simple aabbcc Switch luser client001 service type ssh Switch luser client001 authorization attribute level 3 Switch luser client001 quit Spe...

Page 1997: ...interface When Switch Acts as Server for Publickey Authentication Network requirements z As shown in Figure 1 3 a local SSH connection is established between the host the SSH client and the switch the...

Page 1998: ...o 3 Switch ui vty0 4 user privilege level 3 Switch ui vty0 4 quit Before performing the following tasks you must use the client software to generate an RSA key pair on the client save the public key i...

Page 1999: ...key pair 1 While generating the key pair you must move the mouse continuously and keep the mouse off the green process bar shown in Figure 1 5 Otherwise the process bar stops moving and the key pair g...

Page 2000: ...file name as key pub to save the public key Figure 1 6 Generate a client key pair 3 Likewise to save the private key click Save private key A warning window pops up to prompt you whether to save the p...

Page 2001: ...e client Specify the private key file and establish a connection with the SSH server Launch PuTTY exe to enter the following interface In the Host Name or IP address text box enter the IP address of t...

Page 2002: ...as Client for Password Authentication Network requirements z As shown in Figure 1 10 Switch A the SSH client needs to log into Switch B the SSH server through the SSH protocol z The username of the SS...

Page 2003: ...level 3 SwitchB luser client001 quit Specify the service type for user client001 as Stelnet and the authentication type as password This step is optional SwitchB ssh user client001 service type stelne...

Page 2004: ...code 94184CCDFCEAE96EC4D5EF93133E84B47093C52B20CD35D02 492B3959EC6499625BC4FA5082E22C5 SwitchA pkey key code B374E16DD00132CE71B020217091AC717B612391C76C1FB2E 88317C1BD8171D41ECB83E210C03CC9 SwitchA p...

Page 2005: ...t will use as the destination for SSH connection SwitchB interface vlan interface 1 SwitchB Vlan interface1 ip address 10 165 87 136 255 255 255 0 SwitchB Vlan interface1 quit Set the authentication m...

Page 2006: ...a DSA key pair SwitchA public key local create dsa Export the DSA public key to the file key pub SwitchA public key local export dsa ssh2 key pub SwitchA quit After generating a key pair on a client y...

Page 2007: ...TP client enabling a user to login from the device to a remote device for secure file transfer Configuring an SFTP Server Configuration Prerequisites z You have configured the SSH server For the detai...

Page 2008: ...r the SFTP Client You can configure a client to use only a specified source IP address or interface to access the SFTP server thus enhancing the service manageability Follow these steps to specify a s...

Page 2009: ...14 prefer stoc cipher 3des aes128 des prefer stoc hmac md5 md5 96 sha1 sha1 96 Required Use either command in user view Working with the SFTP Directories SFTP directory operations include z Changing o...

Page 2010: ...Changing the name of a file z Downloading a file z Uploading a file z Displaying a list of the files z Deleting a file Follow these steps to work with SFTP files To do Use the command Remarks Enter S...

Page 2011: ...ver port number identity key dsa rsa prefer ctos cipher 3des aes128 des prefer ctos hmac md5 md5 96 sha1 sha1 96 prefer kex dh group exchange dh group1 dh group14 prefer stoc cipher 3des aes128 des pr...

Page 2012: ...guration procedure 1 Configure the SFTP server Switch B Generate RSA and DSA key pairs and enable the SSH server SwitchB system view SwitchB public key local create rsa SwitchB public key local create...

Page 2013: ...itch A Configure an IP address for VLAN interface 1 SwitchA system view SwitchA interface vlan interface 1 SwitchA Vlan interface1 ip address 192 168 0 2 255 255 255 0 SwitchA Vlan interface1 quit Gen...

Page 2014: ...5 pub Add a directory named new1 and check if it has been created successfully sftp client mkdir new1 New directory created sftp client dir rwxrwxrwx 1 noone nogroup 1759 Aug 23 06 52 config cfg rwxrw...

Page 2015: ...ient quit Bye Connection closed SwitchA SFTP Server Configuration Example Network requirements As shown in Figure 2 2 an SSH connection is established between the host and the switch The host an SFTP...

Page 2016: ...type being SSH Switch local user client002 Switch luser client002 password simple aabbcc Switch luser client002 service type ssh Switch luser client002 quit Configure the user authentication type as...

Page 2017: ...2 11 Figure 2 3 SFTP client interface...

Page 2018: ...Asymmetric Key Pair 1 2 Creating an Asymmetric Key Pair 1 2 Displaying or Exporting the Local RSA or DSA Host Public Key 1 3 Destroying an Asymmetric Key Pair 1 3 Configuring the Public Key of a Peer...

Page 2019: ...ntiality The cipher text is transmitted in the network and then is decrypted by the receiver to obtain the original pain text Figure 1 1 Encryption and decryption There are two types of key algorithms...

Page 2020: ...dleman Algorithm RSA and Digital Signature Algorithm DSA are all asymmetric key algorithms RSA can be used for data encryption decryption and signature whereas DSA is used for signature only Asymmetri...

Page 2021: ...key on the screen or export it to a specified file so as to configure the local RSA or DSA host public key on the remote end Follow these steps to display or export the local RSA or DSA host public ke...

Page 2022: ...m a public key file z The device supports up to 20 host pubic keys of peers Follow these steps to configure the public key of a peer manually To do Use the command Remarks Enter system view system vie...

Page 2023: ...e A is configured manually on Device B Figure 1 2 Network diagram for manually configuring the public key of a peer Configuration procedure 1 Configure Device A Create RSA key pairs on Device A Device...

Page 2024: ...DeviceB system view DeviceB public key peer devicea Public key view return to System View with peer public key end DeviceB pkey public key public key code begin Public key code view return to last vie...

Page 2025: ...ublic key local create rsa The range of public key size is 512 2048 NOTES If the key modulus is greater than 512 It will take a few minutes Press CTRL C to abort Input the bits of the modulus default...

Page 2026: ...authorization attribute level 3 DeviceB luser ftp quit 3 Upload the public key file of Device A to Device B FTP the public key file devicea pub to Device B with the file transfer mode of binary Device...

Page 2027: ...030818902818100D90003FA95F5A44A2A2CD3F814F985 4C4421B57CAC64CFFE4782A87B0360B600497D87162D1F398E6E5E51E5E353B3A9AB16C9E766BD995C669A78 4AD597D0FB3AA9F7202C507072B19C3C50A0D7AD3994E14ABC62DB125035EA326...

Page 2028: ...onfiguration 2 1 Creating a Time Range 2 1 Configuring a Basic IPv4 ACL 2 2 Configuring an Advanced IPv4 ACL 2 4 Configuring an Ethernet Frame Header ACL 2 6 Copying an IPv4 ACL 2 7 Displaying and Mai...

Page 2029: ...ering can be used to efficiently prevent illegal users from accessing networks and to control network traffic and save network resources Access control lists ACL are often used to filter packets with...

Page 2030: ...4 ACL This section covers these topics z IPv4 ACL Classification z IPv4 ACL Naming z IPv4 ACL Match Order z IPv4 ACL Step z Effective Period of an IPv4 ACL z IP Fragments Filtering with IPv4 ACL IPv4...

Page 2031: ...N instance first and compare packets against the rule configured with a VPN instance 2 In case of a tie sort rules by source IP address wildcard mask and compare packets against the rule configured wi...

Page 2032: ...s masks are the same compare packets against the one configured first The comparison of a packet against an ACL stops once a match is found The packet is then processed as per the rule IPv4 ACL Step M...

Page 2033: ...tion about types of LPUs refer to the 3Com S7900E Family Getting Started Guide Introduction to IPv6 ACL This section covers these topics z IPv6 ACL Classification z IPv6 ACL Naming z IPv6 ACL Match Or...

Page 2034: ...ook at the protocol type field in the rules first A rule with no limit to the protocol type that is configured with the ipv6 keyword has the lowest precedence Rules each of which has a single specifie...

Page 2035: ...onfiguration Procedure Follow these steps to create a time range To do Use the command Remarks Enter system view system view Create a time range time range time range name start time to end time days...

Page 2036: ...ime range is from the time the configuration takes effect to the latest time that the system can express that is 24 00 12 31 2100 z Up to 256 time ranges can be defined Configuration Examples Create a...

Page 2037: ...ult no IPv4 ACL description is present Create a rule description rule rule id comment text Optional By default no rule description is present Note that z You can only modify the existing rules of an A...

Page 2038: ...re an advanced IPv4 ACL To do Use the command Remarks Enter system view system view Create and enter advanced IPv4 ACL view acl number acl number name acl name match order auto config Required The def...

Page 2039: ...o a newly created rule will be inserted among the existing rules in the depth first match order Note that the IDs of the rules still remain the same z You can modify the match order of an ACL with the...

Page 2040: ...addr dest mask lsap lsap code lsap wildcard source mac sour addr source mask time range time range name type type code type wildcard Required To create multiple rules repeat this step Note that the ls...

Page 2041: ...t effort Copying an IPv4 ACL This feature allows you to copy an existent IPv4 ACL to generate a new one which is of the same type and has the same match order match rules rule numbering step and descr...

Page 2042: ...any view Display information about ACL uses of a switch distributed IRF device display acl resource chassis chassis number slot slot number Available in any view Display the configuration and state o...

Page 2043: ...source 192 168 2 0 0 0 0 255 destination 192 168 4 1 0 0 0 0 time range trname Switch acl adv 3000 quit Configure a rule to control access of the Marketing Department to the salary query server Switch...

Page 2044: ...Switch qospolicy p_rd classifier c_rd behavior b_rd Switch qospolicy p_rd quit Configure QoS policy p_market to use traffic behavior b_market for class c_market Switch qos policy p_market Switch qospo...

Page 2045: ...ime range command first Configuration Procedure Follow these steps to configure a basic IPv6 ACL To do Use the command Remarks Enter system view system view Create and enter basic IPv6 ACL view acl ip...

Page 2046: ...e will be inserted among the existing rules in the depth first match order Note that the IDs of the rules still remain the same z You can modify the match order of an IPv6 ACL with the acl ipv6 number...

Page 2047: ...ipv6 name acl6 name command to enter the view of the ACL later Create or modify a rule rule rule id deny permit protocol established ack ack value fin fin value psh psh value rst rst value syn syn va...

Page 2048: ...e rule specified in the rule comment command must have existed Configuration Examples Create IPv6 ACL 3000 to permit the TCP packets with the source address 2030 5060 9050 64 to pass Sysname system vi...

Page 2049: ...IRF device display acl ipv6 acl6 number all name acl6 name chassis chassis number slot slot number Available in any view Display information about ACL uses of a switch display acl resource slot slot...

Page 2050: ...tch classifier c_rd if match acl ipv6 2000 Switch classifier c_rd quit Configure traffic behavior b_rd to deny matching packets Switch traffic behavior b_rd Switch behavior b_rd filter deny Switch beh...

Page 2051: ...ion 1 3 Configuring Source MAC Address Based ARP Attack Detection 1 3 Introduction 1 3 Configuration Procedure 1 3 Displaying and Maintaining Source MAC Address Based ARP Attack Detection 1 4 Configur...

Page 2052: ...f ARP packets to bring a great impact to the CPU For details about ARP attack features and types refer to ARP Attack Protection Technology White Paper Currently ARP attacks and viruses are threatening...

Page 2053: ...the following five seconds If the packets have various source addresses you can enable the ARP black hole routing function After receiving an IP packet whose destination IP address cannot be resolved...

Page 2054: ...d Disabled by default Configuring Source MAC Address Based ARP Attack Detection Introduction This feature allows the device to check the source MAC address of ARP packets If the number of ARP packets...

Page 2055: ...attack source mac slot slot number interface interface type interface number Available in any view Display attacking entries detected for distributed IRF devices display arp anti attack source mac cha...

Page 2056: ...Specified Objects With this feature configured the device permits the ARP packets received from an ARP trusted port to pass directly and checks the ARP packets received from an ARP untrusted port You...

Page 2057: ...valid and is forwarded If an entry with a matching IP address but an unmatched MAC address is found the ARP packet is considered invalid and is discarded If no entry with a matching IP address is foun...

Page 2058: ...packets with an OUI MAC address as the sender MAC address when voice VLAN is enabled z When configuring an IP Source Guard binding entry you need to specify the VLAN otherwise no ARP packet will pass...

Page 2059: ...ration procedure is omitted 4 Configure Switch B Enable DHCP snooping SwitchB system view SwitchB dhcp snooping SwitchB interface gigabitethernet 2 0 3 SwitchB gigabitethernet2 0 3 dhcp snooping trust...

Page 2060: ...1 2 configure Switch A as a DHCP server and enable 802 1X on Switch B Enable ARP detection for VLAN 10 to allow only packets from valid clients to pass Configure Host A and Host B as local 802 1X acce...

Page 2061: ...r test password simple test SwitchB luser test quit Enable ARP detection for VLAN 10 SwitchB vlan 10 SwitchB vlan10 arp detection enable Configure the upstream port as a trusted port and the downstrea...

Page 2062: ...i Table of Contents 1 URPF Configuration 1 1 URPF Overview 1 1 What is URPF 1 1 How URPF Works 1 1 Configuring URPF 1 2...

Page 2063: ...even access the system as the administrator Even if the attackers cannot receive any response packets the attacks are still disruptive to the attacked target Figure 1 1 Attack based on source address...

Page 2064: ...t route is not configured the packet is discarded Configuring URPF Follow these steps to configure URPF globally To do Use the command Remarks Enter system view system view Enable URPF check globally...

Page 2065: ...ter you enable URPF z If the number of route entries on an LPU exceeds half the number of route entries that the LPU can accommodate the URPF function cannot be enabled which avoids loss of route entr...

Page 2066: ...es including a master and multiple backups on a LAN into a virtual router called VRRP group VRRP streamlines host configuration while providing high reliability This document describes z VRRP overview...

Page 2067: ...t Packets z Setting the DelayDown Timer z Setting the Port Shutdown Mode z Configuring DLDP Authentication z Resetting DLDP State Ethernet OAM Ethernet OAM is a tool monitoring Layer 2 link status It...

Page 2068: ...z Track Overview z Configuring Collaboration Between the Track Module and the Detection Modules z Configuring Collaboration Between the Track Module and the Application Modules GR Overview Graceful R...

Page 2069: ...1 Introduction to Dual SRPU System 1 1 Dual SRPU System Configuration Task List 1 2 Ignoring Version Check of the SMB 1 2 Restarting the SMB 1 2 Manually Configuring Switchover Between the AMB and SM...

Page 2070: ...SMB when the device works in the IRF mode you can only use the display switchover state command to view the backup state of the main boards and other functions and commands do not take effect When con...

Page 2071: ...from checking the version of the SMB To do Use the command Remarks Enter system view system view Ignore version check of the SMB ha slave ignore version check Required The version check of the SMB is...

Page 2072: ...anual switchover between the AMB and SMB slave switchover disable enable Optional Enabled by default Manually configure switchover between the AMB and SMB slave switchover Required The original AMB wi...

Page 2073: ...rap Function of VRRP 1 18 Displaying and Maintaining VRRP for IPv4 1 18 Configuring VRRP for IPv6 1 19 VRRP for IPv6 Configuration Task List 1 19 Configuring the Association Between Virtual IPv6 Addre...

Page 2074: ...r a Layer 3 switch z At present the interfaces that VRRP involves can only be VLAN interfaces z EA boards such as LSQ1GP12EA and LSQ1TGX1EA do not support IPv6 features VRRP Overview Normally as shown...

Page 2075: ...ngle link VRRP works in one of the following two modes z Standard protocol mode Includes two versions based on RFCs VRRPv2 and VRRPv3 VRRPv2 is based on IPv4 and VRRPv3 is based on IPv6 The two versio...

Page 2076: ...d the IP address owner z In a VRRP group you can configure only one IP address owner z Status of a router in a VRRP group includes master backup and initialize VRRP priority VRRP determines the role m...

Page 2077: ...ation header The router receiving the packet performs the same operation using the authentication key and MD5 algorithm and compares the result with the content in the authentication header If the res...

Page 2078: ...cation data 2 IPv6 address n 0 7 15 23 31 3 A VRRP packet consists of the following fields z Version Version number of the protocol 2 for VRRPv2 and 3 for VRRPv3 z Type Type of the VRRPv2 or VRRPv3 pa...

Page 2079: ...ecome the master even if the backup is configured with a higher priority z If the timer of a backup expires but the backup still does not receive any VRRP advertisement it considers that the master fa...

Page 2080: ...shown in Figure 1 5 Figure 1 5 VRRP in master backup mode At the beginning Router A is the master and therefore can forward packets to external networks whereas Router B and Router C are backups and a...

Page 2081: ...each VRRP group that it will take the expected role in the group VRRP Load Balancing Mode Overview When VRRP works in the standard protocol mode only the master can forward packets and the backups ar...

Page 2082: ...ckup routers however do not reply the ARP requests for the IPv4 network or ND requests for the IPv6 network from the hosts Figure 1 7 Allocating virtual MAC addresses As shown in Figure 1 7 the virtua...

Page 2083: ...he higher the weight the higher the forwarding capability When the weight is lower than a specified value which is the lower limit of failure the router will not be capable of forwarding packets for t...

Page 2084: ...ress of the AVF as their gateway MAC address cannot access the external network You can solve this problem through the VF tracking function You can monitor the uplink state by using network quality an...

Page 2085: ...ess Optional When VRRP works in the load balancing mode the association between the virtual IP address and the MAC address can be configured but is not effective Configuring VRRP Working Mode Optional...

Page 2086: ...virtual MAC address is associated with the virtual IP address by default z When VRRP works in the load balancing mode the association between the virtual IP address and the MAC address can be configu...

Page 2087: ...ed to create VRRP groups on the VLAN interface of a super VLAN Otherwise network performance may be affected Configuration prerequisites Before creating a VRRP group and configuring a virtual IP addre...

Page 2088: ...uch as 0 0 0 1 z Only when the configured virtual IP address and the interface IP address belong to the same segment and are legal host addresses can the VRRP group operate normally If the configured...

Page 2089: ...removed to up the priority of the router corresponding to the interface is restored automatically z If the state of a Track object changes from negative or invalid to positive the priority of the rou...

Page 2090: ...VRRP Packet Attributes Configuration prerequisites Before configuring the relevant attributes of VRRP packets you should first create a VRRP group and configure a virtual IP address for it Configurati...

Page 2091: ...estination For information center configurations refer to Information Center Configuration in the System Volume Follow these steps to enable the trap function of VRRP To do Use the command Remarks Ent...

Page 2092: ...iation between the IPv6 address and the MAC address and thus forward the packets to be forwarded to the other network segments to the master There are two types of association between virtual IPv6 add...

Page 2093: ...You can configure multiple virtual IPv6 addresses for a VRRP group A VRRP group is created automatically when you specify the first virtual IPv6 address for the VRRP group If you specify another virtu...

Page 2094: ...collision In such a case it is recommended to modify the IPv6 address of the interface on the IP address owner to resolve the collision Configuring Router Priority Preemptive Mode and Tracking Functi...

Page 2095: ...negative or invalid to positive the priority of the router corresponding to the Track object is restored automatically Configuring VF Tracking Configuration prerequisites Before configuring the VF tr...

Page 2096: ...P packet attributes To do Use the command Remarks Enter system view system view Enter the specified interface view interface interface type interface number Configure the authentication mode and authe...

Page 2097: ...gle VRRP Group Configuration Example Network requirements z Host A needs to access Host B on the Internet using 202 38 160 111 24 as its default gateway z Switch A and Switch B belong to VRRP group 1...

Page 2098: ...160 111 SwitchB Vlan interface2 vrrp vrid 1 virtual ip 202 38 160 111 Set Switch B to work in preemptive mode The preemption delay is five seconds SwitchB Vlan interface2 vrrp vrid 1 preempt mode time...

Page 2099: ...ard Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 1 Admin Status Up State Master Config Pri 100 Running Pri 100 Preempt Mode Yes Delay Time 5 Au...

Page 2100: ...111 Configure the priority of Switch A in the VRRP group to 110 SwitchA Vlan interface2 vrrp vrid 1 priority 110 Configure the authentication mode of the VRRP group as simple and authentication key as...

Page 2101: ...g Pri 110 Preempt Mode Yes Delay Time 0 Auth Type Simple Key hello Virtual IP 202 38 160 111 Virtual MAC 0000 5e00 0101 Master IP 202 38 160 1 VRRP Track Information Track Interface Vlan3 State Up Pri...

Page 2102: ...rface2 VRID 1 Adver Timer 5 Admin Status Up State Master Config Pri 100 Running Pri 100 Preempt Mode Yes Delay Time 0 Auth Type Simple Key hello Virtual IP 202 38 160 111 Virtual MAC 0000 5e00 0101 Ma...

Page 2103: ...vlan 2 SwitchA vlan2 port gigabitethernet 2 0 5 SwitchA vlan2 quit SwitchA interface vlan interface 2 SwitchA Vlan interface2 ip address 202 38 160 1 255 255 255 128 Create a VRRP group 1 and set its...

Page 2104: ...p 2 to 110 SwitchB Vlan interface3 vrrp vrid 2 priority 110 3 Verify the configuration You can use the display vrrp verbose command to verify the configuration Display detailed information of the VRRP...

Page 2105: ...itch A is the master Switch B is the backup and hosts with the default gateway of 202 38 160 100 25 accesses the Internet through Switch A in VRRP group 2 Switch A is the backup Switch B is the master...

Page 2106: ...rtual IP address as 10 1 1 1 SwitchA interface vlan interface 2 SwitchA Vlan interface2 ip address 10 1 1 2 24 SwitchA Vlan interface2 vrrp vrid 1 virtual ip 10 1 1 1 Set the priority of Switch A in V...

Page 2107: ...RP group 1 and configure its virtual IP address as 10 1 1 1 SwitchC interface vlan interface 2 SwitchC Vlan interface2 ip address 10 1 1 4 24 SwitchC Vlan interface2 vrrp vrid 1 virtual ip 10 1 1 1 Se...

Page 2108: ...hB Vlan interface2 display vrrp verbose IPv4 Standby Information Run Mode Load Balance Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 1 Admin Sta...

Page 2109: ...Auth Type None Virtual IP 10 1 1 1 Master IP 10 1 1 2 Forwarder Information 3 Forwarders 1 Active Config Weight 255 Running Weight 255 Forwarder 01 State Listening Virtual MAC 000f e2ff 0011 Learnt Ow...

Page 2110: ...000f e2ff 0011 Take Over Owner ID 0000 5e01 1101 Priority 85 Active local Redirect Time 577 secs Time out Time 1777 secs Forwarder 02 State Listening Virtual MAC 000f e2ff 0012 Learnt Owner ID 0000 5...

Page 2111: ...an int2 FE80 1 1 1 64 Vlan int2 FE80 2 1 2 64 Host B Gateway 1 10 64 Internet Configuration procedure 1 Configure Switch A Configure VLAN 2 SwitchA system view SwitchA ipv6 SwitchA vlan 2 SwitchA vlan...

Page 2112: ...mer delay 5 Enable Switch B to send RA messages SwitchB Vlan interface2 vrrp ipv6 vrid 1 preempt mode timer delay 5 3 Verify the configuration After the configuration Host B can be pinged through on H...

Page 2113: ...un Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 100 Admin Status Up State Master Config Pri 100 Running Pri 100 Preempt Mode Yes Delay Time 5 Auth...

Page 2114: ...1 virtual ip fe80 10 link local SwitchA Vlan interface2 vrrp ipv6 vrid 1 virtual ip 1 10 Set the priority of Switch A in VRRP group 1 to 110 SwitchA Vlan interface2 vrrp ipv6 vrid 1 priority 110 Set t...

Page 2115: ...preemption delay is five seconds SwitchB Vlan interface2 vrrp ipv6 vrid 1 preempt mode timer delay 5 Enable Switch B to send RA messages SwitchB Vlan interface2 undo ipv6 nd ra halt 3 Verify the confi...

Page 2116: ...h A is not available the detailed information of VRRP group 1 on Switch A is displayed SwitchA Vlan interface2 display vrrp ipv6 verbose IPv6 Standby Information Run Mode Standard Run Method Virtual M...

Page 2117: ...d Switch B belong to both VRRP group 1 and VRRP group 2 The virtual IPv6 addresses of VRRP group 1 are 1 10 64 and FE80 10 and those of VRRP group 2 are 2 10 64 and FE90 10 z In VRRP group 1 Switch A...

Page 2118: ...fe90 1 link local SwitchA Vlan interface3 ipv6 address 2 1 64 Create VRRP group 2 and set its virtual IPv6 addresses to FE90 10 and 2 10 SwitchA Vlan interface3 vrrp ipv6 vrid 2 virtual ip fe90 10 lin...

Page 2119: ...vrrp ipv6 verbose command to verify the configuration Display detailed information of the VRRP group on Switch A SwitchA Vlan interface3 display vrrp ipv6 verbose IPv6 Standby Information Run Mode Sta...

Page 2120: ...h Switch A in VRRP group 2 Switch A is the backup Switch B is the master and hosts with the default gateway of 2 10 64 accesses the Internet through Switch B Multiple VRRP groups are commonly used in...

Page 2121: ...itchA interface vlan interface 2 SwitchA Vlan interface2 ipv6 address fe80 1 link local SwitchA Vlan interface2 ipv6 address 1 1 64 SwitchA Vlan interface2 vrrp ipv6 vrid 1 virtual ip fe80 10 link loc...

Page 2122: ...2 SwitchC system view SwitchC vlan 2 SwitchC vlan2 port gigabitethernet 2 0 5 SwitchC vlan2 quit Configure VRRP to work in the load balancing mode SwitchC vrrp mode load balance Create VRRP group 1 a...

Page 2123: ...e2ff 4012 Learnt Owner ID 0000 5e01 1103 Priority 127 Active FE80 2 Forwarder 03 State Listening Virtual MAC 000f e2ff 4013 Learnt Owner ID 0000 5e01 1105 Priority 127 Active FE80 3 Display detailed...

Page 2124: ...play vrrp ipv6 verbose IPv6 Standby Information Run Mode Load Balance Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 100 Admin Status Up State Ba...

Page 2125: ...Load Balance Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 100 Admin Status Up State Backup Config Pri 100 Running Pri 100 Preempt Mode Yes Del...

Page 2126: ...n technical measures Symptom 2 Multiple masters are present in the same VRRP group Analysis z Multiple masters coexist for a short period This is normal and requires no manual intervention z Multiple...

Page 2127: ...figuring Role Preemption for a Smart Link Group 1 7 Enabling the Sending of Flush Messages 1 8 Configuring the Collaboration Between Smart Link and CC of CFD 1 8 Smart Link Device Configuration Exampl...

Page 2128: ...ice connects to two different upstream devices as shown in Figure 1 1 Figure 1 1 Diagram for a dual uplink network GE2 0 1 GE2 0 2 GE2 0 1 GE2 0 1 GE2 0 2 GE2 0 2 A dual uplink network demonstrates hi...

Page 2129: ...ch form a smart link group with GE2 0 1 being active and GE2 0 2 being standby Master slave port Master port and slave port are two port roles in a smart link group When both ports in a smart link gro...

Page 2130: ...nge z To keep traffic forwarding stable the master port that has been blocked due to link failure does not take over immediately upon its recovery Instead link switchover will occur at next link switc...

Page 2131: ...nk status smart link ports need to use link detection protocols When a fault is detected or cleared the link detection protocols inform Smart Link to switch over the links With the collaboration betwe...

Page 2132: ...link group and make sure that the ports are not member ports of any aggregation group or service loopback group A loop may occur on the network during the time when STP is disabled but Smart Link has...

Page 2133: ...re member ports for a smart link group in interface view To do Use the command Remarks Enter system view system view Enter Ethernet interface view or layer 2 aggregate interface view interface interfa...

Page 2134: ...t remove the control VLAN Otherwise flush messages cannot be sent properly Configuring the Collaboration Between Smart Link and CC of CFD Follow these steps to configure the collaboration between Smar...

Page 2135: ...undo stp enable Sysname GigabitEthernet2 0 2 port link type trunk Sysname GigabitEthernet2 0 2 port trunk permit vlan 20 Sysname GigabitEthernet2 0 2 quit Sysname smart link group 1 Sysname smlk group...

Page 2136: ...es directly without any processing z Do not remove the control VLANs Otherwise flush messages cannot be sent properly z Make sure that the control VLANs are existing VLANs and assign the ports capable...

Page 2137: ...Configure Smart Link on the devices for dual uplink backup using VLAN 1 the default for flush update Figure 1 2 Single smart link group configuration Configuration procedure 1 Configuration on Device...

Page 2138: ...ort gigabitethernet 2 0 2 slave Enable flush message sending in smart link group 1 DeviceC smlk group1 flush enable DeviceC smlk group1 quit 2 Configuration on Device D Create VLANs 1 through 30 map V...

Page 2139: ...iceB GigabitEthernet2 0 1 port trunk permit vlan 1 to 30 DeviceB GigabitEthernet2 0 1 smart link flush enable DeviceB GigabitEthernet2 0 1 quit DeviceB interface gigabitethernet 2 0 2 DeviceB GigabitE...

Page 2140: ...to 30 DeviceA GigabitEthernet2 0 1 smart link flush enable DeviceA GigabitEthernet2 0 1 quit DeviceA interface gigabitethernet 2 0 2 DeviceA GigabitEthernet2 0 2 port link type trunk DeviceA GigabitEt...

Page 2141: ...oup 1 references MSTI 0 and smart link group 2 references MSTI 2 z The control VLAN of smart link group 1 is VLAN 10 and that of smart link group 2 is VLAN 101 Figure 1 3 Multiple smart link groups lo...

Page 2142: ...lk group 1 flush enable control vlan 10 DeviceC smlk group 1 quit Create smart link group 2 and configure all VLANs mapped to MSTI 2 as the protected VLANs for smart link group 2 DeviceC smart link gr...

Page 2143: ...igabitethernet 2 0 2 DeviceD GigabitEthernet2 0 2 port link type trunk DeviceD GigabitEthernet2 0 2 port trunk permit vlan 1 to 200 DeviceD GigabitEthernet2 0 2 smart link flush enable control vlan 10...

Page 2144: ...ROLE Control VLAN 101 Protected VLAN Reference Instance 2 Member Role State Flush count Last flush time GigabitEthernet2 0 2 MASTER ACTVIE 5 16 37 20 2009 02 21 GigabitEthernet2 0 1 SLAVE STANDBY 1 1...

Page 2145: ...w 1 1 Terminology 1 1 How Monitor Link Works 1 1 Configuring Monitor Link 1 2 Configuration Prerequisites 1 2 Configuration Procedure 1 2 Monitor Link Configuration Example 1 2 Displaying and Maintain...

Page 2146: ...port can be assigned to only one monitor link group Both Layer 2 Ethernet ports and Layer 2 aggregate interfaces can be assigned to a monitor link group Uplink The uplink is the link monitored by the...

Page 2147: ...h Repeat this step to add more uplink ports In monitor link group view port interface type interface number downlink Configure the downlink for the monitor link group In Ethernet port view or Layer 2...

Page 2148: ...can sense the link failure and perform link switchover in the smart link group For detailed information about smart link refer to Smart Link Configuration in the High Availability Volume Figure 1 1 Ne...

Page 2149: ...A interface gigabitethernet 2 0 2 DeviceA GigabitEthernet2 0 2 smart link flush enable 3 Configuration on Device B Create monitor link group 1 DeviceB system view DeviceB monitor link group 1 Configur...

Page 2150: ...thernet 2 0 1 and GigabitEthernet 2 0 2 separately DeviceD interface gigabitethernet 2 0 1 DeviceD GigabitEthernet2 0 1 smart link flush enable DeviceD GigabitEthernet2 0 1 quit DeviceD interface giga...

Page 2151: ...RPP Rings 1 13 Configuring RRPP Ports 1 13 Configuring RRPP Nodes 1 14 Activating an RRPP Domain 1 16 Configuring RRPP Timers 1 16 Configuring RRPP Fast Detection 1 17 Enabling Fast Detection 1 17 Con...

Page 2152: ...IEEE spanning tree protocols RRPP features the following z Fast topology convergence z Convergence time independent of Ethernet ring size Background Metropolitan area networks MANs and enterprise netw...

Page 2153: ...ne of the following two states z Health state All the physical links on the Ethernet ring are connected z Disconnect state Some physical links on the Ethernet ring are broken As shown in Figure 1 1 Do...

Page 2154: ...detect the integrity of the primary ring and perform loop guard As shown in Figure 1 1 Ring 1 is the primary ring and Ring 2 is a subring Device A is the master node of Ring 1 Device B Device C and D...

Page 2155: ...n edge node RRPP ring group is allowed to send Edge Hello packets RRPPDUs Table 1 1 shows the types of RRPPDUs and their functions Table 1 1 RRPPDU types and their functions Type Description Hello The...

Page 2156: ...pecifies the maximum delay between the master node sending Fast Hello packets out the primary port and the secondary port receiving the Fast Hello packets from the primary port If the secondary port r...

Page 2157: ...failure As shown in Figure 1 5 Ring 1 is the primary ring and Ring 2 and Ring 3 are subrings When the two SRPTs between the edge node and the assistant edge node are down the master nodes of Ring 2 a...

Page 2158: ...evel convergence To address this problem a fast detection mechanism was introduced The mechanism works as follows z The master node sends Fast Hello packets out its primary port at the interval specif...

Page 2159: ...rings In this case you need to define an RRPP domain for each ring Figure 1 3 Schematic diagram for a tangent ring network Intersecting rings As shown in Figure 1 4 there are two or more rings in the...

Page 2160: ...for a dual homed ring network Single ring load balancing In a single ring network you can achieve load balancing by configuring multiple domains As shown in Figure 1 6 Ring 1 is configured as the pri...

Page 2161: ...Device E is configured as the master node of Ring 2 in both Domain 1 and Domain 2 However different ports on Device E are blocked in Domain 1 and Domain 2 With the configurations you can enable traff...

Page 2162: ...Fast Detection Optional Perform this task on the master node edge node and assistant edge node in the RRPP domain Configuring RRPP Fast Detection Configuring Fast Detection Timers Optional Perform thi...

Page 2163: ...f RRPPDUs do not enable QinQ or VLAN mapping on the control VLANs z To ensure that RRPPDUs can be sent and received correctly do not configure the default VLAN of a port accessing an RRPP ring as the...

Page 2164: ...rts that is ports connecting devices to an RRPP ring must be Layer 2 Ethernet ports Layer 2 GE ports Layer 2 XGE ports or Layer 2 aggregate interfaces and cannot be member ports of any aggregation gro...

Page 2165: ...You are recommended to use the link delay command to enable link status rapid report function on an RRPP port by setting the link delay of the port to 0 to accelerate topology convergence For detailed...

Page 2166: ...configuring an edge node you must first configure the primary ring before configuring the subrings Perform this configuration on a device to be configured as an edge node Follow these steps to specif...

Page 2167: ...main on the current device Perform this operation on all nodes in the RRPP domain Follow these steps to activate an RRPP domain To do Use the command Remarks Enter system view system view Enable RRPP...

Page 2168: ...alue of the master node of the subring Configuring RRPP Fast Detection The S7900E series Ethernet switches support RRPP fast detection only after SD or EB cards are mounted in them Enabling Fast Detec...

Page 2169: ...r than 600ms and the difference between the Fast Fail timer value on the master node of the subring and that on the master node of the primary ring is greater than twice the Fast Hello timer value of...

Page 2170: ...ining RRPP To do Use the command Remarks Display brief RRPP information display rrpp brief Display RRPP group configuration information display rrpp ring group ring group id Display detailed RRPP info...

Page 2171: ...2 link delay 0 DeviceA GigabitEthernet2 0 2 undo stp enable DeviceA GigabitEthernet2 0 2 port link type trunk DeviceA GigabitEthernet2 0 2 port trunk permit vlan all DeviceA GigabitEthernet2 0 2 quit...

Page 2172: ...f RRPP domain 1 and configure the VLANs mapped to MSTIs 0 through 31 as the protected VLANs of RRPP domain 1 DeviceB rrpp domain 1 DeviceB rrpp domain1 control vlan 4092 DeviceB rrpp domain1 protected...

Page 2173: ...0 3 is the edge port z Device D is the transit node of primary ring 1 GigabitEthernet 2 0 1 is the primary port and GigabitEthernet 2 0 2 is the secondary port Figure 1 9 Network diagram for intersec...

Page 2174: ...1 DeviceB GigabitEthernet2 0 1 link delay 0 DeviceB GigabitEthernet2 0 1 undo stp enable DeviceB GigabitEthernet2 0 1 port link type trunk DeviceB GigabitEthernet2 0 1 port trunk permit vlan all Devic...

Page 2175: ...bitEthernet2 0 2 link delay 0 DeviceC GigabitEthernet2 0 2 undo stp enable DeviceC GigabitEthernet2 0 2 port link type trunk DeviceC GigabitEthernet2 0 2 port trunk permit vlan all DeviceC GigabitEthe...

Page 2176: ...GigabitEthernet2 0 2 quit Create RRPP domain 1 configure VLAN 4092 as the primary control VLAN of RRPP domain 1 and configure VLANs mapped to MSTIs 0 through 31 as the protected VLANs of RRPP domain 1...

Page 2177: ...uration and operational information on each device Intersecting Ring Load Balancing Configuration Example Networking requirements z Device A Device B Device C Device D and Device F constitute RRPP dom...

Page 2178: ...region quit Configure the suppression time of physical link state changes on GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 as zero disable STP configure the two ports as trunk ports remove them from...

Page 2179: ...protected VLAN of RRPP domain 2 DeviceA rrpp domain 2 DeviceA rrpp domain2 control vlan 105 DeviceA rrpp domain2 protected vlan reference instance 2 Configure Device A as the master node of primary ri...

Page 2180: ...uit Configure the suppression time of physical link state changes on GigabitEthernet 2 0 4 as zero disable STP configure the port as a trunk port remove it from VLAN 1 and assign it to VLAN 10 DeviceB...

Page 2181: ...2 ring 2 enable DeviceC rrpp domain2 quit Enable RRPP DeviceB rrpp enable 3 Configuration on Device C Create VLANs 10 and 20 map VLAN 10 to MSTI 1 and VLAN 20 to MSTI 2 and activate MST region configu...

Page 2182: ...unk DeviceC GigabitEthernet2 0 4 undo port trunk permit vlan 1 DeviceC GigabitEthernet2 0 4 port trunk permit vlan 10 DeviceC GigabitEthernet2 0 4 quit Create RRPP domain 1 configure VLAN 10 as the pr...

Page 2183: ...instance 2 vlan 20 DeviceD mst region active region configuration DeviceD mst region quit Configure the suppression time of physical link state changes on GigabitEthernet 2 0 1 and GigabitEthernet 2 0...

Page 2184: ...ry port gigabitethernet 2 0 1 secondary port gigabitethernet 2 0 2 level 0 DeviceD rrpp domain2 ring 1 enable DeviceD rrpp domain2 quit Enable RRPP DeviceD rrpp enable 5 Configuration on Device E Crea...

Page 2185: ...0 quit DeviceF stp region configuration DeviceF mst region instance 1 vlan 10 DeviceF mst region active region configuration DeviceF mst region quit Configure the suppression time of physical link sta...

Page 2186: ...ring 3 Create RRPP ring group 1 on Device C and add subrings 2 and 3 to the RRPP ring group DeviceC rrpp ring group 1 DeviceC rrpp ring group1 domain 2 ring 2 DeviceC rrpp ring group1 domain 1 ring 3...

Page 2187: ...2 undo stp enable DeviceA GigabitEthernet2 0 2 port link type trunk DeviceA GigabitEthernet2 0 2 port trunk permit vlan all DeviceA GigabitEthernet2 0 2 quit Create RRPP domain 1 configure VLAN 4092 a...

Page 2188: ...tEthernet2 0 2 port trunk permit vlan all 3 Configuration on Device C Configure the suppression time of physical link state changes on GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 as zero disable S...

Page 2189: ...port gigabitethernet 2 0 1 secondary port gigabitethernet 2 0 2 level 0 DeviceD rrpp domain1 ring 1 enable DeviceD rrpp domain1 quit Enable the RRPP protocol DeviceD rrpp enable 5 Verification After...

Page 2190: ...1 39 z Use the debugging rrpp command on each node to check whether a port receives or transmits Hello packets If not Hello packets are lost...

Page 2191: ...g the Interval for Sending Advertisement Packets 1 10 Setting the DelayDown Timer 1 10 Setting the Port Shutdown Mode 1 11 Configuring DLDP Authentication 1 11 Resetting DLDP State 1 12 Resetting DLDP...

Page 2192: ...hooting Overview Background Sometimes unidirectional links appear in networks On a unidirectional link one end can receive packets from the other end but the other end cannot Unidirectional links resu...

Page 2193: ...ends of a link are operating normally at the physical layer DLDP detects whether the link is correctly connected at the link layer and whether the two ends can exchange packets properly This is beyond...

Page 2194: ...timer This timer is set to 10 seconds and is triggered when a device transits to the Probe state or an enhanced detect is launched When the Echo timer expires and no Echo packet has been received from...

Page 2195: ...d DLDP mode when an entry timer expires the Enhanced timer is triggered and the device sends up to eight Probe packets at a frequency of one packet per second to test the neighbor If no Echo packet is...

Page 2196: ...The receiving side checks the values of the two fields of received DLDP packets and drops the packets with the two fields conflicting with the corresponding local configuration z Plain text authentic...

Page 2197: ...onding neighbor entry does not exist creates the neighbor entry triggers the Entry timer and transits to Probe state Advertisement packet with RSY tag Retrieving the neighbor information If the corres...

Page 2198: ...es in Enhanced mode If yes and the local port is not in Disable state the local transits to Disable state 3 If no echo packet is received from the neighbor DLDP performs the following processing Table...

Page 2199: ...ate or Unidirectional state after the probe operation finishes Two way A neighbor is in this state after it receives response from its peer This state indicates the link is a two way link Unidirection...

Page 2200: ...sabled by default Enter Ethernet port view interface interface type interface number Enter Ethernet port view or port group view Enter port group view port group manual port group name Either of the t...

Page 2201: ...using more traffic forwarding errors if the interval is too short unnecessary Advertisement packets can be generated to consume bandwidth Therefore you are recommended to use the default value z To en...

Page 2202: ...de To do Use the command Remarks Enter system view system view Set port shutdown mode dldp unidirectional shutdown auto manual Optional auto by default z On a port with both remote OAM loopback and DL...

Page 2203: ...tate in Port view Port Group View The DLDP state that the port transits to upon the DLDP state reset operation depends on its physical state If the port is physically down it transits to Inactive stat...

Page 2204: ...user view DLDP Configuration Example Network requirements z Device A and Device B are connected through two fiber pairs in which two fibers are cross connected as shown in Figure 1 4 z It is desired t...

Page 2205: ...nfiguration information on all the DLDP enabled ports of Device A DeviceA display dldp DLDP global status enable DLDP interval 6s DLDP work mode enhance DLDP authentication mode none DLDP unidirection...

Page 2206: ...dex 59 Neighbor state two way Neighbor aged time 11 The output information indicates that both GigabitEthernet 2 0 1 and GigabitEthernet 2 0 2 are in Advertisement state and the links are up which mea...

Page 2207: ...onfiguring Errored Frame Event Detection 1 7 Configuring Errored Frame Period Event Detection 1 7 Configuring Errored Frame Seconds Event Detection 1 7 Enabling OAM Remote Loopback 1 8 Displaying and...

Page 2208: ...net has been absent all along hindering the usage of Ethernet in MANs and WANs Implementing Operation Administration and Maintenance OAM on Ethernet networks has now become an urgent matter As a tool...

Page 2209: ...be forwarded Source addr Source MAC address of the Ethernet OAMPDU It is the bridge MAC address of the sending side and is a unicast MAC address Type Type of the encapsulated protocol in the Ethernet...

Page 2210: ...and establishes sessions with them In this phase interconnected OAM entities notify the peer of their OAM configuration information and the OAM capabilities of the local nodes by exchanging Informati...

Page 2211: ...ially when the physical connection in the network is not disconnected but network performance is degrading gradually Link monitoring is used to detect and indicate link faults in various environments...

Page 2212: ...ts listed in Table 1 5 Table 1 5 Critical link error events Ethernet OAM link events Description Link Fault Peer link signal is lost Dying Gasp An unexpected fault such as power failure occurred Criti...

Page 2213: ...te Loopback Optional Configuring Basic Ethernet OAM Functions As for Ethernet OAM connection establishment a device can operate in active mode or passive mode After Ethernet OAM is enabled on an Ether...

Page 2214: ...occurs if the number of frame errors in specific number of received frames exceeds the predefined threshold Follow these steps to configure errored frame period event detection To do Use the command...

Page 2215: ...OAM Remote Loopback After enabling OAM remote loopback on a port you can send loopback frames from the port to a remote port and then observe how many of these loopback frames are returned In this way...

Page 2216: ...roups or service loopback groups For more information about link aggregation groups and service loopback groups refer to Link Aggregation Configuration and Service Loopback Group Configuration in the...

Page 2217: ...uit Set the errored frame detection interval to 20 seconds and set the errored frame event triggering threshold to 10 DeviceA oam errored frame period 20 DeviceA oam errored frame threshold 10 2 Confi...

Page 2218: ...lay the statistics of Ethernet OAM critical link events on all the ports of Device A DeviceA display oam critical event Port GigabitEthernet2 0 1 Link Status Up Event statistic Link Fault 0 Dying Gasp...

Page 2219: ...xchange various management information Extended information OAMPDU Extended OAM adds an Organization Specific Information TLV to the information OAMPDU For details about information OAMPDUs refer to E...

Page 2220: ...cation Used for performing DBA configuration and query z Payload Carries the function codes and configuration contents corresponding to the user s query or configuration instructions An OLT can config...

Page 2221: ...le extend OAM manually instead extended OAM is enabled on a port automatically when you enable Ethernet OAM on the port Configuring Extended OAM Discovery Timeout Time Extended OAM discovery timeout t...

Page 2222: ...ation Prerequisites 1 8 Configuring Procedure 1 8 Configuring LB on MEPs 1 9 Configuration Prerequisites 1 9 Configuration Procedure 1 9 Configuring LT on MEPs 1 10 Configuration Prerequisites 1 10 Fi...

Page 2223: ...ic Concepts in CFD Maintenance domain A maintenance domain MD defines the network where CFD plays its role The MD boundary is defined by some maintenance association end points MEPs configured on the...

Page 2224: ...EP ID The MEPs of an MD define the range and boundary of the MD The MA and MD that a MEP belongs to define the VLAN attribute and level of the packets sent by the MEP MEPs fall into inward facing MEPs...

Page 2225: ...forwards packets at a higher level without any processing Figure 1 4 demonstrates a grading example of the CFD module In the figure there are six devices labeled 1 through 6 respectively Suppose each...

Page 2226: ...ce faults or configuration errors This function is implemented through periodic sending of continuity check messages CCMs by the MEPs As a multicast message a CCM sent by one MEP is intended to be rec...

Page 2227: ...nt devices z Define the MA in each MD according to the VLAN you want to monitor z Assign a name for each MA Make sure that the same MA in the same MD has the same name on different devices z Determine...

Page 2228: ...nd Remarks Enter system view system view Enable CFD cfd enable Required CFD is disabled by default Configure the CFD protocol version cfd version draft5 standard Optional By default CFD uses the stand...

Page 2229: ...thernet interface view interface interface type interface number Create a MEP cfd mep mep id service instance instance id inbound outbound Required Not configured by default Enable the MEP cfd mep ser...

Page 2230: ...or deleting the MEPs on a port z Changes occur to the VLAN attribute of a port z The rule specified in the cfd mip rule command changes Configuring CC on MEPs After the CC function is configured MEPs...

Page 2231: ...f the remote MEP is illustrated in Table 1 2 Table 1 2 Relationship of the interval field value the interval between CCM messages and the timeout time of the remote MEP The interval field value The in...

Page 2232: ...ithin 3 5 sending intervals the link between the two is regarded as faulty and LTMs will be sent out Based on the LTRs that echo back the fault source can be located Configuration Prerequisites Before...

Page 2233: ...reply service instance instance id mep mep id Available in any view Display the information of a remote MEP display cfd remote mep service instance instance id mep mep id Available in any view Displa...

Page 2234: ...nce 2 md MD_B ma MA_MD_B 3 Configuration on Device B configuration on Device D is the same as that on Device B DeviceB system view DeviceB cfd enable DeviceB cfd md MD_A level 5 DeviceB cfd ma MA_MD_A...

Page 2235: ...twork diagram of MD and MEP configuration Configuration procedure 1 On Device A DeviceA system view DeviceA cfd meplist 1001 4002 5001 service instance 1 DeviceA cfd meplist 2001 4001 service instance...

Page 2236: ...ommands display cfd mp and display cfd mep to verify your configuration Configuring the Rules for Generating MIPs Network requirements After finishing MEP configuration you can continue to configure t...

Page 2237: ...trace the fault source after CC detects a link fault As shown in Figure 1 6 enable LB on Device A so that Device A can send LBM messages to MEPs on Device D Configuration procedure Configure Device A...

Page 2238: ...1 16 DeviceA cfd linktrace service instance 1 mep 1001 target mep 4002...

Page 2239: ...on to BFD 1 1 How BFD Works 1 2 BFD Packet Format 1 4 Supported Features 1 5 Protocols and Standards 1 6 Configuring BFD Basic Functions 1 6 Configuration Prerequisites 1 6 Configuration Procedure 1 6...

Page 2240: ...ng z Hardware detection Detects link failures by sending hardware detection signals such as SDH synchronous digital hierarchy transmission system alarms Hardware detection can quickly detect failures...

Page 2241: ...sures Operation of BFD Figure 1 1 BFD session establishment on OSPF routers OSPF neighbors BFD neighbors Router A Router B 1 2 3 2 OSPF advertises the BFD neighbor relationship BFD session establishme...

Page 2242: ...s the packets back to the originating end thereby monitoring link status in both directions BFD operating modes Before a BFD session is established there are two BFD operating modes active and passive...

Page 2243: ...he related BFD parameters such as the minimum transmit interval minimum receive interval initialization mode and packet authentication mode After that both ends use the negotiated parameters without a...

Page 2244: ...of the BFD Control packet in bytes z My Discriminator A unique nonzero discriminator value generated by the transmitting system used to demultiplex multiple BFD sessions between the same pair of syst...

Page 2245: ...the network layer z Configure the routing protocols that support BFD Configuration Procedure Follow these steps to configure BFD basic functions To do Use the command Remarks Enter system view system...

Page 2246: ...the System Volume Follow these steps to enable BFD trap To do Use the command Remarks Enter system view system view Enable BFD trap snmp agent trap enable bfd Optional Enabled by default For the descr...

Page 2247: ...1 8 To do Use the command Remarks Clear BFD session statistics on a distributed IRF device reset bfd session statistics chassis chassis number slot slot number Available in user view...

Page 2248: ...ng Collaboration Between the Track Module and the Application Modules 1 4 Configuring Track VRRP Collaboration 1 4 Configuring Track Static Routing Collaboration 1 6 Displaying and Maintaining Track E...

Page 2249: ...s through the track module More specifically the detection modules probe the link status network performance and so on and inform the application modules of the detection result through the track modu...

Page 2250: ...on may be interrupted because routes cannot be recovered in time For example the master in a VRRP group monitors the uplink interface through the track module When the uplink interface fails the track...

Page 2251: ...the specified NQA test group and reaction entry can be nonexistent In this case the status of the configured track entry is Invalid Configuring Track BFD Collaboration Through the following configurat...

Page 2252: ...ion is created by default Configuring Collaboration Between the Track Module and the Application Modules Configuring Track VRRP Collaboration VRRP is an error tolerant protocol It adds a group of rout...

Page 2253: ...ess Required No VRRP group is created by default Specify a track entry to be monitored by VRRP vrrp ipv6 vrid virtual router id track track entry number reduced priority reduced switchover Required No...

Page 2254: ...oute the track module and detection modules and thus check the reachability of the static route according to the status of the track entry z If the status of the track entry is Positive then the next...

Page 2255: ...recursion the associated track entry must monitor the next hop of the recursive route instead of that of the static route otherwise a valid route may be considered invalid z For details of static rout...

Page 2256: ...ion entry 1 specifying that five consecutive probe failures trigger the Track NQA collaboration SwitchA nqa admin test icmp echo reaction 1 checked element probe fail threshold type consecutive 5 acti...

Page 2257: ...an interface2 vrrp vrid 1 authentication mode simple hello Configure the master to send VRRP packets at an interval of five seconds SwitchB Vlan interface2 vrrp vrid 1 timer advertise 5 Configure Swit...

Page 2258: ...is a fault on the link between Switch A and Switch C IPv4 Standby Information Run Mode Standard Run Method Virtual MAC Total number of virtual routers 1 Interface Vlan interface2 VRID 1 Adver Timer 5...

Page 2259: ...z If BFD is not configured when the master in a VRRP group fails the backup cannot become the master until the configured timeout timer expires The timeout is generally three to four seconds and there...

Page 2260: ...ter SwitchB interface vlan interface 2 SwitchB Vlan interface2 vrrp vrid 1 virtual ip 192 168 0 10 SwitchB Vlan interface2 vrrp vrid 1 track 1 switchover SwitchB Vlan interface2 return 5 Verify the co...

Page 2261: ...chB debugging bfd event When Switch A fails the following output information is displayed on Switch B Dec 17 14 44 34 142 2008 SwitchB BFD 7 EVENT Send sess down Msg Src 192 168 0 102 Dst 192 168 0 10...

Page 2262: ...s the master thus ensuring that the hosts in the LAN can access the external network through Switch B Figure 1 4 Network diagram for monitoring uplinks using BFD Internet Master uplink device Backup u...

Page 2263: ...ual ip 192 168 0 10 SwitchB Vlan interface2 return 5 Verify the configuration Display the detailed information of the VRRP group on Switch A SwitchA display vrrp verbose IPv4 Standby Information Run M...

Page 2264: ...in seconds Reference object BFD session Packet type Echo Interface Vlan interface2 Remote IP 1 1 1 2 Local IP 1 1 1 1 display the detailed information of VRRP group 1 on Switch A SwitchA display vrrp...

Page 2265: ...ch C Figure 1 5 Network diagram for Static Routing Track NQA collaboration configuration Vlan int2 10 1 1 1 24 Vlan int2 10 1 1 2 24 Vlan int3 10 2 1 1 24 Switch C Vlan int3 10 2 1 2 24 Switch B Switc...

Page 2266: ...itchA display track all Track ID 1 Status Positive Notification delay Positive 0 Negative 0 in seconds Reference object NQA entry admin test Reaction 1 Display the routing table of Switch A SwitchA di...

Page 2267: ...As shown in Figure 1 6 the next hop of the static route from Switch A to Switch C is Switch B z Configure Static Routing Track BFD collaboration on Switch A to implement real time monitoring of the va...

Page 2268: ...Switch A SwitchA display ip routing table Routing Tables Public Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 Static 60 0 10 2 1 1 Vlan3 10 2 1 0 24 Direct 0 0...

Page 2269: ...itors the Uplink Interface Network requirements z As shown in Figure 1 7 Host A needs to access Host B on the Internet The default gateway of Host A is 10 1 1 10 24 z Switch A and Switch B belong to V...

Page 2270: ...Host B on Host A and you can see that Host B is reachable Use the display vrrp command to view the configuration result Display detailed information about VRRP group 1 on Switch A SwitchA Vlan interf...

Page 2271: ...ters 1 Interface Vlan interface2 VRID 1 Adver Timer 1 Admin Status Up State Backup Config Pri 110 Running Pri 80 Preempt Mode Yes Delay Time 0 Auth Type None Virtual IP 10 1 1 10 Master IP 10 1 1 2 VR...

Page 2272: ...ntents 1 GR Overview 1 1 Introduction to Graceful Restart 1 1 Basic Concepts in Graceful Restart 1 1 Graceful Restart Communication Procedure 1 2 Graceful Restart Mechanism for Several Commonly Used P...

Page 2273: ...t to the state prior to the restart in minimal time No route flapping occurs during the restart the packet forwarding path remains the same and the whole system can forward data continuously Hence it...

Page 2274: ...Helper must support GR or be GR capable Thus when GR Restarter restarts its GR Helper can know its restart process In some cases GR Restarter and GR Helper can replace each other The communication pro...

Page 2275: ...the GR Time expires the GR Helper will neither terminate the session with the GR Restarter nor delete the topology or routing information of the latter 3 Signaling to GR Helper Figure 1 3 The GR Rest...

Page 2276: ...ommonly Used Protocols Comware supports Graceful Restart based on protocols supporting IPv6 such as MPLS Label Distribution Protocol MPLS LDP MPLS with Resource Reservation Protocol Traffic Engineerin...

Page 2277: ...ntly This document describes z Introduction to User Interface z Logging In Through the Console Port z Logging In Through Telnet SSH z Logging In Using Modem z Logging In Through NMS z Specifying Sourc...

Page 2278: ...ystem creating deleting modifying and renaming a file or a directory and opening a file This document describes z File system management z Configuration File Management SNMP Simple network management...

Page 2279: ...er z Configuring PoE Power Management z Configuring the PoE Monitoring Function z Configuring PoE Interface through PoE Profile z Upgrading PSE Processing Software in Service NQA NQA analyzes network...

Page 2280: ...silient Framework IRF allows you to build an IRF namely a united device by interconnecting multiple devices through IRF ports You can manage all the devices in the IRF by managing the united device Th...

Page 2281: ...n Procedure 2 7 Configuration Example 2 8 Console Port Login Configuration with Authentication Mode Being Scheme 2 9 Configuration Procedure 2 9 Configuration Example 2 11 Configuring Command Authoriz...

Page 2282: ...troduction 6 1 Connection Establishment Using NMS 6 1 7 Specifying Source for Telnet Packets 7 1 Introduction 7 1 Specifying Source IP address Interface for Telnet Packets 7 1 Displaying the source IP...

Page 2283: ...e AUX port and the Console port of a 3Com series switch are the same one you will be in the AUX user interface if you log in through this port 3Com S7900E series Ethernet switch supports two types of...

Page 2284: ...guration in user interface view of VTY 1 applies User Interface Number User interfaces can be numbered in two ways absolute numbering and relative numbering Absolute numbering Absolute numbering allow...

Page 2285: ...Set the banner header incoming legal login shell motd text Optional Set a system name for the switch sysname string Optional Enter one or more user interface views user interface type first number las...

Page 2286: ...to a switch It is also the prerequisite to configure other login methods By default you can log in to an 3Com S7900E series Ethernet switch through its Console port only To log in to an Ethernet swit...

Page 2287: ...as Terminal in Windows 3 X or HyperTerminal in Windows 9X Windows 2000 Windows XP and perform the configuration shown in Figure 2 2 through Figure 2 4 for the connection to be created Normally the pa...

Page 2288: ...itch or check the information about the switch by executing commands You can also acquire help by type the character Refer to the following chapters for information about the commands Console Port Log...

Page 2289: ...to the AUX user interface Make terminal services available shell Optional By default terminal services are available in all user interfaces Set the maximum number of lines the screen can contain scre...

Page 2290: ...al authentication or RADIUS authentication Optional Local authentication is performed by default Refer to the AAA Configuration in the Security Volume for details Configure user name and password Conf...

Page 2291: ...switch is configured to allow you to login through Telnet and your user level is set to the administrator level level 3 After you telnet to the switch you need to limit the console user at the followi...

Page 2292: ...he configuration consistent with that on the switch Refer to Setting Up the Connection to the Console Port for details Console Port Login Configuration with Authentication Mode Being Password Configur...

Page 2293: ...z The timeout time of the AUX user interface is 6 minutes Network diagram Figure 2 6 Network diagram for AUX user interface configuration with the authentication mode being password Configuration proc...

Page 2294: ...Setting Up the Connection to the Console Port for details Console Port Login Configuration with Authentication Mode Being Scheme Configuration Procedure Follow these steps to perform Console port log...

Page 2295: ...of AAA server Create a local user Enter local user view local user user name Required No local user exists by default Set the authentication password for the local user password simple cipher passwor...

Page 2296: ...r logging in to the AUX user interface z The baud rate of the Console port is 19 200 bps z The screen can contain up to 30 lines z The history command buffer can store up to 20 commands z The timeout...

Page 2297: ...el for a login user depends on the user level The user is authorized the command with the default level not higher than the user level With the command authorization configured the command level for a...

Page 2298: ...s will be recorded on the HWTACACS server The command accounting configuration involves two steps 1 Enable command accounting See the following table for details 2 Configure a command accounting schem...

Page 2299: ...oute between the switch and the Telnet terminal is available Switch The authentication mode and other settings are configured Refer to Table 3 2 and Table 3 3 Telnet is running Telnet terminal The IP...

Page 2300: ...the password authentication to login Step 3 Connect your PC to the Switch as shown in Figure 3 1 Make sure the Ethernet port to which your PC is connected belongs to the management VLAN of the switch...

Page 2301: ...by executing the telnet command and then to configure the later Figure 3 3 Network diagram for Telnetting to another switch from the current switch Step 1 Configure the user name and password for Teln...

Page 2302: ...e supported VTY user interface configuration Set the command that is automatically executed when a user logs into the user interface auto execute command text Optional By default no command is automat...

Page 2303: ...elnet configuration with authentication mode being none To do Use the command Remarks Enter system view system view Enter one or more VTY user interface views user interface vty first number last numb...

Page 2304: ...command buffer can store to 20 Sysname ui vty0 history command max size 20 Set the timeout time to 6 minutes Sysname ui vty0 idle timeout 6 Telnet Login Configuration with Authentication Mode Being Pa...

Page 2305: ...dure Enter system view and enable the Telnet service Sysname system view Sysname telnet server enable Enter VTY 0 user interface view Sysname user interface vty 0 Configure to authenticate users loggi...

Page 2306: ...rning local user as well If you specify to apply an existing scheme by providing the radius scheme name argument you need to perform the following configuration as well z Perform AAA RADIUS configurat...

Page 2307: ...mode z The commands of level 2 are available to users logging in to VTY 0 z Telnet protocol is supported in VTY 0 z The screen can contain up to 30 lines z The history command buffer can store up to 2...

Page 2308: ...orized If yes the command can be executed The authorization server checks the commands authorized for users through the username and thus the command authorization configuration involves three steps 1...

Page 2309: ...to enable command accounting To do Use the command Remarks Enter system view system view Enter AUX user interface view user interface vty first number last number Enable command accounting command acc...

Page 2310: ...witch using a modem Item Requirement The PC can communicate with the modem connected to it The modem is properly connected to PSTN Administrator side The telephone number of the switch side is availab...

Page 2311: ...Console port is usually set to a value lower than the transmission speed of the modem Otherwise packets may get lost z Other settings of the Console port such as the check mode the stop bits and the...

Page 2312: ...the output of different modems may differ Refer to the user manual of the modem when performing the above configuration z It is recommended that the baud rate of the AUX port also the Console port be...

Page 2313: ...an also enter the character at anytime for help Refer to the following chapters for information about the configuration commands If you perform no AUX user related configuration on the switch the comm...

Page 2314: ...gnal after the off hook action during incoming call connection setup modem timer answer seconds Optional 30 seconds by default Configuration Example Network requirements Configure the switch side mode...

Page 2315: ...word is 123 Figure 5 1 Network diagram for configuring user authentication Configuration procedure Assign an IP address to Device to make Device be reachable from Host A Host B Host C and RADIUS serve...

Page 2316: ...and use local authentication as the backup Device domain system Device isp system authentication login radius scheme rad local Device isp system authorization login radius scheme rad local Device isp...

Page 2317: ...tandard Specify Device to remove the domain name in the username sent to the HWTACACS server for the scheme Device hwtacacs scheme tac Device hwtacacs tac primary authentication 192 168 2 20 49 Device...

Page 2318: ...ce user interface aux 0 Device ui aux0 command accounting Device ui aux0 quit Enable command accounting for users logging in through telnet or SSH Device user interface vty 0 4 Device ui vty0 4 comman...

Page 2319: ...t Create ISP domain system and configure the ISP domain system to use HWTACACS scheme tac for accounting of command line users Device domain system Device isp system accounting command hwtacacs scheme...

Page 2320: ...rotocol is applied between the NMS and the agent To log in to a switch through an NMS you need to perform related configuration on both the NMS and the switch Table 6 1 Requirements for logging in to...

Page 2321: ...security Specifying source IP address interfaces for Telnet packets also provides a way to successfully connect to servers that only accept packets with specific source IP addresses Specifying Source...

Page 2322: ...or Telnet packets make sure the interface already exists z Before specifying the source IP address interface for Telnet packets make sure the route between the interface and the Telnet server is reach...

Page 2323: ...ugh Layer 2 ACLs Controlling Telnet Users by Source MAC Addresses SNMP By source IP addresses Through basic ACLs Controlling Network Management Users by Source IP Addresses Controlling Telnet Users Pr...

Page 2324: ...L refer to ACL Configuration in the Security Volume Follow these steps to control Telnet users by source and destination IP addresses To do Use the command Remarks Enter system view system view Create...

Page 2325: ...e ACL rule rule id permit deny rule string Required You can define rules as needed to filter by specific source MAC addresses Quit to system view quit Enter user interface view user interface type fir...

Page 2326: ...t Users by Source IP Addresses You can manage a 3Com S7900E series Ethernet switch through network management software Network management users can access switches through SNMP You need to perform the...

Page 2327: ...fy view notify view acl acl number snmp agent group v3 group name authentication privacy read view read view write view write view notify view notify view acl acl number Apply the ACL while configurin...

Page 2328: ...basic 2000 rule 1 permit source 10 110 100 52 0 Sysname acl basic 2000 rule 2 permit source 10 110 100 46 0 Sysname acl basic 2000 rule 3 deny source any Sysname acl basic 2000 quit Apply the ACL to o...

Page 2329: ...yright Information 1 6 Configuring a Banner 1 7 Configuring CLI Hotkeys 1 8 Configuring Command Aliases 1 9 Configuring User Privilege Levels and Command Levels 1 10 Displaying and Maintaining Basic C...

Page 2330: ...en it has no configuration file or the configuration file is damaged z Current configuration The currently running configuration on the device z Saved configuration Configurations saved in the startup...

Page 2331: ...he system divides the command line interface into multiple command views which adopts a hierarchical structure For example there is system view under user view and interface view and VLAN view under s...

Page 2332: ...system view system view Set the time zone clock timezone zone name add minus zone offset Optional clock summer time zone name one off start time start date end time end date add time Set a daylight s...

Page 2333: ...7 3 3 Display 03 00 00 zone time Sat 03 03 2007 If the original system clock is not in the daylight saving time range the original system clock is displayed Configure clock summer time ss one off 1 00...

Page 2334: ...the original system clock zone offset is not in the summer time range the original system clock zone offset is displayed Configure clock timezone zone time add 1 and clock summer time ss one off 1 00...

Page 2335: ...r quits user view after logging in to the device through the console port or AUX port The copyright information will not be displayed under other circumstances The display format of copyright informat...

Page 2336: ...e is to input all the banner information right after the command keywords The start and end characters of the input text must be the same but are not part of the banner information In this case the in...

Page 2337: ...in any view Refer to Table 1 2 for hotkeys reserved by the system By default the Ctrl G Ctrl L and Ctrl O hotkeys are configured with command line and the Ctrl T and Ctrl U commands are NULL z Ctrl G...

Page 2338: ...the cursor as the ending of the clipboard These hotkeys are defined by the device When you interact with the device from terminal software these keys may be defined to perform other operations If so t...

Page 2339: ...in they can only use commands at their own or lower levels All the commands are categorized into four levels which are visit monitor system and manage from low to high and identified respectively by 0...

Page 2340: ...x vty first num2 last num2 Configure the authentication mode for logging in to the user interface as scheme authentication mode scheme Required By default the authentication mode for VTY users is pass...

Page 2341: ...ername test and password 123 After passing the authentication users can only use the commands of level 0 If the users need to use commands of levels 0 1 2 and 3 the following configuration is required...

Page 2342: ...ce to log in to the device authentication mode none password Optional By default the authentication mode for VTY user interfaces is password and AUX user interfaces do not need authentication Configur...

Page 2343: ...passwords and specify the user privilege levels as 2 Sysname system view Sysname user interface vty 0 4 Sysname ui vty0 4 authentication mode password Sysname ui vty0 4 set authentication password cip...

Page 2344: ...e user passes the authentication the user privilege level will be switched successfully otherwise the user privilege level will remain unchanged With no local switch authentication password configured...

Page 2345: ...r is easily cracked z The timeout time of AAA authentication is 120 seconds after that the AAA authentication is considered as no response z The privilege level switch fails after three consecutive un...

Page 2346: ...higher level or improve device security Follow these steps to modify the command level To do Use the command Remarks Enter system view system view Configure the command level in a specified view comma...

Page 2347: ...in the system Execution of the display diagnostic information command equals execution of the commands display clock display version display device and display current configuration one by one For the...

Page 2348: ...e types of online help available with the CLI z Full help z Fuzzy help To obtain the desired help information you can 1 Enter in any view to access all the commands in this view and brief description...

Page 2349: ...nformation output refers to the feature that if the user s input is interrupted by system output then after the completion of system output the system will display a command line prompt and your input...

Page 2350: ...ommand line you can use other shortcut keys For details see Table 1 2 besides the shortcut keys defined in Table 1 4 or you can define shortcut keys by yourself For details see Configuring CLI Hotkeys...

Page 2351: ...n match zo and zoo but not z Vertical bar used to match the whole string on the left or right of it For example def int can only match a character string containing def or int _ Underline If it is at...

Page 2352: ...tring ending with string For example do can match word undo or string abcdo bcharacter2 Used to match character1character2 character1 can be any character except number letter or underline and b equal...

Page 2353: ...n information display pauses Continues to display information of the next line Press Ctrl C when information display pauses Stops the display and the command execution Ctrl E Moves the cursor to the e...

Page 2354: ...ess the next history command Down arrow key or Ctrl N Displays the next history command if there is any You may use arrow keys to access history commands in Windows 200X and XP Terminal or Telnet Howe...

Page 2355: ...ve Standby Mode for Service Ports on SRPUs 1 11 Configuring the Traffic Forwarding Mode of SRPUs 1 12 Configuring the Working Mode of LPUs 1 14 Introduction to the Working Mode of LPUs 1 14 Configurin...

Page 2356: ...Configuring the Scheduled Automatic Execution Function z Upgrading Device Software z Configuring Temperature Alarm Thresholds for a board z Clearing the 16 bit Interface Indexes Not Used in the Curren...

Page 2357: ...al Configuring the Exception Handling Method When the system detects any software abnormality it handles the situation with one of the following two methods z reboot The system recovers itself through...

Page 2358: ...exception handling method is effective to the failed member device only and does not influence the operations of other IRF members Rebooting a Device When a fault occurs to a running device you can r...

Page 2359: ...default Available in user view z Distributed IRF device Follow the step below to reboot a device through command lines immediately To do Use the command Remarks Reboot a member device or all IRF membe...

Page 2360: ...n active SRPU and standby SRPU switchover will occur distributed device z If a main boot file fails or does not exist the device cannot be rebooted with the reboot command In this case you can re spec...

Page 2361: ...ds used to switch views such as system view quit and the commands used to modify status of a user that is executing commands such as super the operation interface command view and status of the curren...

Page 2362: ...ng FTP or TFTP 2 Use a command to specify the Boot ROM program for the next boot 3 Reboot the device to make the specified Boot ROM program take effect z Distributed device Since the Boot ROM programs...

Page 2363: ...y the boot file for the next boot of the active SRPU and standby SRPU respectively 4 Reboot the device to make the new boot file take effect z Distributed IRF device 1 Save the boot file to the root d...

Page 2364: ...ributed device Configuring Temperature Alarm Thresholds for a board You can set temperature alarm thresholds for a card by using the following commands When the temperature of a card reaches the thres...

Page 2365: ...heir interface indexes remain unchanged Follow these steps to clear the 16 bit interface indexes not used in the current system To do Use the command Remarks Clear the 16 bit interface indexes saved b...

Page 2366: ...the LSQ1SRP2XB or LSQ1SRP12GB work in one of the following mode z Concurrent processing mode All services ports on both of the two SRPUs can forward data concurrently If the active and standby switch...

Page 2367: ...Traffic forwarding modes supported by S7900E SRPUs SRPU model Supported traffic forwarding mode Feature Recommended application environment Enhanced Layer 2 forwarding mode Supporting selective QinQ...

Page 2368: ...XB LSQ1SRPB LSQ1MPUA LSQ1CGP24TSC LSQ1CGV24PSC LSQ1SRPD or LSQ1SRP12GB To do Use the command Remarks Enter system view system view Configure the traffic forwarding mode of the SRPU switch mode l2 enha...

Page 2369: ...mode in a Layer 2 network with a large MAC address table z Route extension mode The EB LPU can provide a 256K routing table and the SD LPU can provide 128K routing table It is recommended to use this...

Page 2370: ...ndard routing routing z When the SRPU of the S7900E switch is LSQ1SRP1CB it is recommended not to modify the default working mode the EA LPUs as other modes z When the SRPU of the S7900E switch is LSQ...

Page 2371: ...e or upgrade the software version for them for the first time after working mode switch the EB or SD LPU may be rebooted for once or twice because of system optimization which takes six to ten minutes...

Page 2372: ...lication environment Whether can be an optical transceiver Whether can be an electrical transceiver SFP Small Form factor Pluggable Generally used for 100M 1000M Ethernet interfaces or POS 155M 622M 2...

Page 2373: ...formation for you to diagnose and troubleshoot faults of pluggable transceivers Optical transceivers customized by H3C also support the digital diagnosis function which monitors the key parameters of...

Page 2374: ...w Display the power state of the device display power power id Available in any view Display the reboot time of a device display schedule reboot Available in any view Display detailed configurations o...

Page 2375: ...e in any view Display detailed configurations of the scheduled automatic execution function display schedule job Available in any view Display the reboot time of a device display schedule reboot Avail...

Page 2376: ...ess to the aaa directory FTP Server luser aaa service type ftp FTP Server luser aaa authorization attribute level 3 z Configuration on Device If the size of the flash on the device is not large enough...

Page 2377: ...boot loader file slot1 flash soft version2 app slot 1 main Reboot the device The software version is upgraded now Device reboot After the device reboots use the display version command to check if th...

Page 2378: ...t types of servers IRF tftp 2 2 2 2 get new config cfg File will be transferred in binary mode Downloading file from remote TFTP server please wait TFTP 917 bytes received in 1 second s File downloade...

Page 2379: ...ontinue Y N y The specified file will be used as the main boot file at the next reboot on chassis 1 slot 0 IRF boot loader file chassis1 slot1 flash soft version2 app chassis 1 slot 1 main This comman...

Page 2380: ...he Space of a Storage Medium 1 7 Mounting Unmounting a Storage Medium 1 7 Setting File System Prompt Modes 1 8 File System Operations Example 1 8 2 Configuration File Management 2 1 Configuration File...

Page 2381: ...for the Next System Startup 2 9 Backing Up the Startup Configuration File 2 10 Deleting the Startup Configuration File for the Next Startup 2 10 Restoring the Startup Configuration File 2 11 Displayin...

Page 2382: ...information you are interested in z File System z Directory Operations z File Operations z Batch Operations z Storage Medium Operations z Setting File System Prompt Modes z File System Operations Exa...

Page 2383: ...the display device command to view the correspondence between a board and its slot number 1 to 135 characters flash test a cfg indicates a file named a cfg in the test folder under the root directory...

Page 2384: ...ory on the AMB of the IRF To read and write the a cfg file under the root directory of the flash on an SMB of the IRF the member ID and slot number of the SMB are 2 and 5 respectively input chassis2 s...

Page 2385: ...ion refer to the delete command for subdirectory deletion refer to the rmdir command z After you execute the rmdir command successfully the files in the recycle bin under the directory will be automat...

Page 2386: ...url source fileurl dest Required Available in user view Copying a File To do Use the command Remarks Copy a file copy fileurl source fileurl dest Required Available in user view Moving a File To do Us...

Page 2387: ...Emptying the Recycle Bin To do Use the command Remarks Enter the original working directory of the file to be deleted cd directory Optional If the original directory of the file to be deleted is not...

Page 2388: ...he space of a storage medium fixdisk device Optional Available in user view Format a storage medium format device FAT16 FAT32 Optional FAT16 and FAT32 are not applicable to a flash card Available in u...

Page 2389: ...ns on it do not unplug or switchover the storage medium or the card where the storage medium resides Otherwise the file system could be damaged z Before removing a mounted storage medium from the syst...

Page 2390: ...under the test directory Sysname cd test Sysname mkdir mytest Created dir flash test mytest Display the current working directory Sysname pwd flash test Display the files and the subdirectories under...

Page 2391: ...that is using the default parameters z Current configuration which refers to the currently running configuration of the system The current configuration may include the startup configuration if the s...

Page 2392: ...g the consistency of the configuration files on the AMB and SMB z If the configuration file auto save function is not enabled when you save the current configuration by executing the save safely comma...

Page 2393: ...e file more slowly but can retain the configuration file in the device even if the device reboots or the power fails during the process The fast saving mode is suitable for environments where power su...

Page 2394: ...Save distributed IRF device z During the execution of the save safely command the startup configuration file to be used at the next system startup may be lost if the device reboots or the power suppl...

Page 2395: ...ecutes the commands only present in the replacement configuration file but not in the current configuration file z The rollback operation removes the commands that are different in the replacement con...

Page 2396: ...les If you change the path of the saved configuration files the files in the original path become common configuration files and are not processed as saved configuration files The number of saved conf...

Page 2397: ...ation files are cleared z The value of the file number argument is determined by the memory space You are recommended to set a comparatively small value for the file number argument if the available m...

Page 2398: ...can save the current running configuration manually before you modify it Therefore if it really fails the device can revert to the configuration state before the modification Follow the step below to...

Page 2399: ...tion file to be used at the next system startup You can specify a configuration file as the startup configuration file to be used at the next system startup in the following two ways z Use the save co...

Page 2400: ...lay startup command in user view to see whether you have set the startup configuration file and use the dir command to see whether this file exists If the file is set as NULL or does not exist the bac...

Page 2401: ...To do Use the command Remarks Restore the startup configuration file to be used at the next system startup restore startup configuration from src addr src filename Required Available in user view z Be...

Page 2402: ...the current configuration display current configuration configuration configuration interface interface type interface number by linenum begin include exclude text Available in any view For detailed...

Page 2403: ...ation 1 3 Configuring SNMP Logging 1 5 Introduction to SNMP Logging 1 5 Enabling SNMP Logging 1 5 Configuring SNMP Trap 1 6 Enabling the Trap Function 1 6 Configuring Trap Parameters 1 7 Displaying an...

Page 2404: ...NMP makes the management tasks independent of both the physical features of the managed devices and the underlying networking technologies Thus SNMP achieves effective management of devices from diffe...

Page 2405: ...used to encrypt packets between the NMS and agents preventing the packets from being intercepted USM ensures a more secure communication between SNMP NMS and SNMP agent by authentication with privacy...

Page 2406: ...ults are as follows 3Com Corporation for contact Marlborough MA 01752 USA for location and SNMP v3 for the version Configure a local engine ID for an SNMP entity snmp agent local engineid engineid Opt...

Page 2407: ...uired The defaults are as follows 3Com Corporation for contact Marlborough MA 01752 USA for location and SNMP v3 for the version Configure a local engine ID for an SNMP entity snmp agent local enginei...

Page 2408: ...ndex of the SET response These logs will be sent to the information center and the level of them is informational that is they are taken as the system prompt information With parameters for the inform...

Page 2409: ...aps which are generated by different modules As traps that occupy large device memory affect device performance it is recommended not to enable the trap function for all modules but for the specific m...

Page 2410: ...ate changes you need to enable the trap function of interface state changes on an interface and globally Use the enable snmp trap updown command to enable the trap function on an interface and use the...

Page 2411: ...ps defined in RFC snmp agent trap if mib link extended Optional Standard linkUp linkDown traps defined in RFC are used by default Configure the size of the trap send queue snmp agent trap queue size s...

Page 2412: ...mp agent trap list Display SNMPv3 agent user information display snmp agent usm user engineid engineid username user name group group name Display SNMPv1 or v2c agent community information display snm...

Page 2413: ...get host command is the same with that on the NMS otherwise the NMS cannot receive any trap 2 Configuring the SNMP NMS With SNMPv1 v2c the user needs to specify the read only community the read and wr...

Page 2414: ...tact person and physical location information of the device Sysname snmp agent sys info contact Mr Wang Tel 3306 Sysname snmp agent sys info location telephone closet 3rd floor Enable sending of traps...

Page 2415: ...v1 SNMPv2c Configuration Example and SNMPv3 Configuration Example Enable logging display on the terminal This function is enabled by default so that you can omit this configuration Sysname terminal mo...

Page 2416: ...of the NMS op SNMP operation type GET or SET node Node name of the SNMP operations and OID of the instance erroIndex Error index with 0 meaning no error errorstatus Error status with noError meaning...

Page 2417: ...t Statistics Function 1 4 Configuring the RMON History Statistics Function 1 4 Configuring the RMON Alarm Function 1 5 Configuration Prerequisites 1 5 Configuration Procedure 1 5 Displaying and Mainta...

Page 2418: ...ort rate reaches a certain value or the potion of broadcast packets received in the total packets reaches a certain value Both the RMON protocol and the Simple Network Management Protocol SNMP are use...

Page 2419: ...statistics group defines that the system collects statistics on various traffic information on an interface at present only Ethernet interfaces are supported and saves the statistics in the Ethernet s...

Page 2420: ...of alarm variables and compares the result with the defined threshold thereby realizing a more comprehensive alarming function System handles the prialarm alarm table entry as defined by the user in t...

Page 2421: ...he RMON history statistics function To do Use the command Remarks Enter system view system view Enter Ethernet interface view interface interface type interface number Create an entry in the RMON hist...

Page 2422: ...umber description string log log trap log trapcommunity none trap trap community owner text Required Create an entry in the alarm table rmon alarm entry number alarm variable sampling interval absolut...

Page 2423: ...le in any view Display the RMON history control entry and history sampling information display rmon history interface type interface number Available in any view Display RMON alarm configuration infor...

Page 2424: ...ts 307 etherStatsBroadcastPkts 56 etherStatsMulticastPkts 34 etherStatsUndersizePkts 0 etherStatsOversizePkts 0 etherStatsFragments 0 etherStatsJabbers 0 etherStatsCRCAlignErrors 0 etherStatsCollision...

Page 2425: ...tEthernet2 0 1 display rmon history HistoryControlEntry 2 owned by null is VALID Samples interface GigabitEthernet2 0 1 ifIndex 19 Sampling interval 10 sec with 8 buckets max Sampled values of record...

Page 2426: ...CRC alignment errors 0 undersize packets 0 oversize packets 0 fragments 0 jabbers 0 collisions 0 utilization 0 Sampled values of record 8 dropevents 0 octets 1154 packets 13 broadcast packets 1 multi...

Page 2427: ...snmp agent target host trap address udp domain 1 1 1 2 params securityname public Configure RMON to gather statistics on interface GigabitEthernet 2 0 1 Sysname interface GigabitEthernet 2 0 1 Sysname...

Page 2428: ...e 2 has sampled alarm value 0 less than or 50 Private Alarm Group Configuration Example Network requirements As shown in Figure 1 4 monitor the utilization rate of interface GigabitEthernet 2 0 1 when...

Page 2429: ...n prialarm 1 1 3 6 1 2 1 16 1 1 1 4 1 8 1 3 6 1 2 1 16 1 1 1 5 1 16 100 1 3 6 1 2 1 2 2 1 5 1 1 0 SpeedRatio 10 delta rising threshold 80 1 falling threshold 5 2 entrytype forever owner v3user The OID...

Page 2430: ...g the MAC Learning Limit 1 7 Displaying and Maintaining MAC Address Tables 1 7 MAC Address Table Configuration Example 1 8 2 MAC Information Configuration 2 1 Overview 2 1 Introduction to MAC Informat...

Page 2431: ...e this device is connected and to which VLAN the interface belongs When forwarding a frame the device first looks up the MAC address table by the destination MAC address of the frame for the outgoing...

Page 2432: ...prevent hackers from stealing data using forged MAC addresses Types of MAC Address Table Entries A MAC address table may contain these types of entries z Static entries which are manually configured...

Page 2433: ...table automatically by learning the source MAC addresses of received frames To improve port security you can manually add MAC address entries to the MAC address table to bind ports with MAC addresses...

Page 2434: ...ent interface only Add modify MAC address entries under the specified interface view mac address dynamic static mac address vlan vlan id Required z When using the mac address command to add a MAC addr...

Page 2435: ...face view interface interface type interface number Enter port group view port group manual port group name Enter Ethernet interface view port group view or Layer 2 aggregate interface view Enter Laye...

Page 2436: ...mechanism for dynamic entries In this way dynamic MAC address entries that are not updated within their aging time will be deleted to make room for new entries and the MAC address table can be timely...

Page 2437: ...s to configure the MAC learning limit on an Ethernet port or the Ethernet ports in a port group or ONU port To do Use the command Remarks Enter system view system view Enter Ethernet interface view in...

Page 2438: ...g timer for dynamic MAC address entries to 500 seconds Configuration procedure Add a static MAC address entry Sysname system view Sysname mac address static 000f e235 dc71 interface gigabitethernet 2...

Page 2439: ...tion Works When a new MAC address is learned or an existing MAC address is deleted on a device the device writes related information about the MAC address to the buffer area used to store user informa...

Page 2440: ...g the Interval for Sending Syslog or Trap Messages To prevent Syslog or trap messages being sent too frequently and thus affecting system performance you can set the interval for sending Syslog or tra...

Page 2441: ...re 2 1 Network diagram for MAC Information configuration Configuration procedure 1 Configure Device to send Syslog messages to Host B Refer to Information Center Configuration in the System Volume for...

Page 2442: ...2 4 Set the interval for sending Syslog or trap messages to 20 seconds Device mac address information interval 20...

Page 2443: ...d Debugging 1 1 Ping 1 1 Introduction 1 1 Configuring Ping 1 1 Ping Configuration Example 1 2 Tracert 1 4 Introduction 1 4 Configuring Tracert 1 4 System Debugging 1 5 Introduction to System Debugging...

Page 2444: ...the destination device 2 The source device determines whether the destination is reachable based on whether it receives an ICMP echo reply if the destination is reachable the source device determines...

Page 2445: ...n the two devices get the detailed information of routes from Device A to Device C Figure 1 1 Ping network diagram Configuration procedure Use the ping command to display whether an available route ex...

Page 2446: ...2 2 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 1 11 53 ms The principle of ping r is as shown in Figure 1 1 1 The source Device A sends an ICMP...

Page 2447: ...s the packet responds by sending a TTL expired ICMP error message to the source with its IP address 1 1 1 2 encapsulated In this way the source device can get the address 1 1 1 2 of the first Layer 3...

Page 2448: ...the introduction to the tracert lsp command refer to MPLS Basics Commands in the MPLS Volume System Debugging Introduction to System Debugging The device provides various debugging functions For the...

Page 2449: ...You can also output debugging information to other destinations For the detailed configurations refer to Information Center Commands in the System Volume By default you can output debugging informatio...

Page 2450: ...eed to locate the failed nodes in the network Figure 1 4 Ping and tracert network diagram Configuration procedure Use the ping command to display whether an available route exists between Device A and...

Page 2451: ...B an error occurred on the connection between Device B and Device C In this case you can use the debugging ip icmp command to enable ICMP debugging on Device A and Device C to check whether the device...

Page 2452: ...Information to the Console 1 7 Outputting System Information to a Monitor Terminal 1 8 Outputting System Information to a Log Host 1 9 Outputting System Information to the Trap Buffer 1 10 Outputting...

Page 2453: ...rs and developers in monitoring network performance and diagnosing network problems The following describes the working process of information center z Receives the log trap and debugging information...

Page 2454: ...ree types z Log information z Trap information z Debugging information Eight Levels of System Information The information is classified into eight levels by severity The severity levels in the descend...

Page 2455: ...channels and output destinations can be changed through commands Besides you can configure channels 6 7 and 8 without changing the default configuration of the seven channels Table 1 2 Information cha...

Page 2456: ...o be output to the log file log information with severity level equal to or higher than informational is allowed to be output to the log host log information with severity level equal to or higher tha...

Page 2457: ...or log file the system information is in the following format timestamp sysname module level digest content For example a monitor terminal connects to the device When a terminal logs in to the device...

Page 2458: ...ify the system name Refer to Basic System Configuration Commands in the System Volume for details This field is a preamble used to identify a vendor It is displayed only when the output destination is...

Page 2459: ...Log Host Optional Outputting System Information to the Trap Buffer Optional Outputting System Information to the Log Buffer Optional Outputting System Information to the SNMP Module Optional Saving S...

Page 2460: ...command Remarks Enable the monitoring of system information on the console terminal monitor Optional Enabled on the console and disabled on the monitor terminal by default Enable the display of debugg...

Page 2461: ...monitor terminal you need to enable the associated display function in order to display the output information on the monitor terminal Follow these steps to enable the display of system information on...

Page 2462: ...al Refer toDefault Output Rules of System Information Specify the source IP address for the log information info center loghost source interface type interface number Optional By default the source in...

Page 2463: ...You can configure to output log trap and debugging information to the log buffer but the log buffer receives the log and debugging information only and discards the trap information To do Use the comm...

Page 2464: ...the SNMP module To do Use the command Remarks Enter system view system view Enable information center info center enable Optional Enabled by default Name the channel with a specified channel number i...

Page 2465: ...Optional The default value is 86 400 seconds Configure the maximum storage space reserved for a log file info center logfile size quota size Optional The default value is 1 MB Configure the directory...

Page 2466: ...stem will not display the command line prompt but your previous input in a new line Disabling a Port from Generating Link Up Down Logging Information By default all the ports of the device generate li...

Page 2467: ...Display the state of the log buffer and the log information recorded on a distributed IRF device display logbuffer reverse level severity size buffersize chassis chassis number slot slot number begin...

Page 2468: ...nformation of all modules on channel loghost Sysname info center source default channel loghost debug state off log state off trap state off As the default system configurations for different channels...

Page 2469: ...onf file must be identical to those configured on the device using the info center loghost and info center source commands otherwise the log information may not be output properly to the log host Step...

Page 2470: ...f log trap and debugging information of all modules on the specified channel loghost in this example first and then configure the output rule as needed so that unnecessary information will not be outp...

Page 2471: ...he log information may not be output properly to the log host Step 4 After log file info log is created and file etc syslog conf is modified you need to issue the following commands to display the pro...

Page 2472: ...output Configure the information output rule allow log information of ARP and IP modules with severity equal to or higher than informational to be output to the console Note that the source modules a...

Page 2473: ...m PSE Power 1 7 Configuring the Maximum PoE Interface Power 1 7 Configuring PoE Power Management 1 7 Configuring PSE Power Management 1 8 Configuring PoE Interface Power Management 1 8 Configuring the...

Page 2474: ...E Interface through PoE Profile z Upgrading PSE Processing Software in Service z Displaying and Maintaining PoE z PoE Configuration Example z Troubleshooting PoE PoE Overview Introduction to PoE Power...

Page 2475: ...follows the slot number of LPU x 3 1 For example if the slot number is 3 the PSE ID is 3 x 3 1 z After the S7900E series Ethernet switch configured the IRF the formula for calculating PSE IDs is as fo...

Page 2476: ...r a PoE Interface Required Detecting PDs Enabling the PSE to Detect Nonstandard PDs Optional Configuring the Maximum PoE Power Optional Configuring the Maximum PSE Power Optional Configuring the PoE P...

Page 2477: ...re not allowed to enable PoE for the PSE z If the PSE is enabled with the PoE power management function you are allowed to enable PoE for the PSE whether the PSE can supply power depends on other fact...

Page 2478: ...mitting data in category 3 5 twisted pair cables to supply DC power to PDs z When the sum of the power consumption of all powered PoE interfaces on a PSE exceeds the maximum power of the PSE the syste...

Page 2479: ...are factor determining the maximum PoE power z User configuration through command lines PoE power supply has self protection mechanism with which hardware protection measures will be taken for example...

Page 2480: ...ximum power of the PSE must be greater than or equal to the sum of maximum power of all critical PoE interfaces on the PSE to guarantee the power supply to these PoE interfaces Configuring the Maximum...

Page 2481: ...m power of the PSE you will fail to set the power priority of the PSE to critical Otherwise you can succeed in setting the power priority to critical and this PSE will preempt the power of the PSE wit...

Page 2482: ...PD power results in PSE power overload power supply to the PD on the PoE interface with a lower priority will be stopped to ensure the power supply to the PD with a higher priority If the guaranteed r...

Page 2483: ...er voltage threshold for the PoE power supply poe power input threshold lower value Optional The default AC input under voltage threshold is 90 00 Configure an AC input under voltage threshold for the...

Page 2484: ...nfigure a PoE interface in either of the following two ways z Using command lines z Using a PoE profile and applying the PoE profile to the specified PoE interface s When configuring a single PoE inte...

Page 2485: ...be configured modified and deleted in only one way If a parameter configured in a way for example through command lines is then configured in the other way for example through PoE profile the latter...

Page 2486: ...processing software and reloads it If the PSE processing software is damaged in this case you can execute none of PoE commands successfully you can upgrade the PSE processing software in full mode to...

Page 2487: ...ted with the PSE display poe pse pse id interface power Display information of the PoE power supply display poe power Display information of the PoE power supply distributed IRF device display poe pow...

Page 2488: ...poe profile index index name profile name Display all information of the configurations and applications of the PoE profile applied to the specified PoE interface display poe profile interface interfa...

Page 2489: ...et5 0 1 poe enable Sysname GigabitEthernet5 0 1 quit Enable PoE on GigabitEthernet 3 0 2 and set its power priority to critical Sysname interface gigabitethernet 3 0 2 Sysname GigabitEthernet3 0 2 poe...

Page 2490: ...me configurations in the PoE profile do not meet the configuration requirements of the PoE interface z Another PoE profile is already applied to the PoE interface Solution z In the first case you can...

Page 2491: ...g a DLSw Test 1 18 Configuring the Collaboration Function 1 19 Configuring Trap Delivery 1 20 Configuring the NQA Statistics Function 1 20 Configuring the History Records Saving Function 1 21 Configur...

Page 2492: ...d provides you with network performance and service quality parameters such as jitter TCP connection delay FTP connection delay and file transfer rate With the NQA test results you can 1 Know network...

Page 2493: ...application modules then deal with the changes accordingly based on the status of the track entry and thus collaboration is implemented Take static routing as an example You have configured a static r...

Page 2494: ...test one probe means to carry out a corresponding function z For an ICMP echo or UDP echo test one packet is sent in one probe z For an SNMP test three packets are sent in one probe NQA client and se...

Page 2495: ...QA client 1 Enable the NQA client 2 Create a test group and configure test parameters according to the test type The test parameters may vary with test types 3 Start the NQA test After the test you ca...

Page 2496: ...r tcp connect udp echo ip address port number Required The IP address and port number must be consistent with those configured on the NQA client and must be different from those of an existing listeni...

Page 2497: ...cho Required Configure the destination address for a test operation destination ip ip address Required By default no destination IP address is configured for a test operation Configure the size of pro...

Page 2498: ...ry for the DHCP server to respond to a client request and assign an IP address to the client Configuration prerequisites Before performing a DHCP test you need to configure the DHCP server If the NQA...

Page 2499: ...to configure a DNS test To do Use the command Remarks Enter system view system view Enter NQA test group view nqa entry admin name operation tag Configure the test type as DNS and enter test type view...

Page 2500: ...peration destination ip ip address Required By default no destination IP address is configured for a test operation The destination IP address for a test operation is the IP address of the FTP server...

Page 2501: ...s detecting the connectivity and performance of the HTTP server Configuration prerequisites Before performing an HTTP test you need to configure the HTTP server Configuring an HTTP test Follow these s...

Page 2502: ...ailable Real time services such as voice and video have high requirements on delay jitters With the UDP jitter test uni bi directional delay jitters can be obtained to judge whether a network can carr...

Page 2503: ...he source port number for a request source port port number Optional By default no source port number is specified Configure the size of a probe packet sent data size size Optional 100 bytes by defaul...

Page 2504: ...SNMP test Follow these steps to configure an SNMP test To do Use the command Remarks Enter system view system view Enter NQA test group view nqa entry admin name operation tag Configure the test type...

Page 2505: ...type as TCP and enter test type view type tcp Required Configure the destination address for a test operation destination ip ip address Required By default no destination IP address is configured for...

Page 2506: ...udp echo Required Configure the destination address for a test operation destination ip ip address Required By default no destination IP address is configured for a test operation The destination addr...

Page 2507: ...n sends it back to the source 3 Upon receiving the packets the source calculates the delay jitter and delay by calculating the difference between the interval for the destination to receive two succes...

Page 2508: ...t of the existing listening service on the NQA server Configure the destination port for a test operation destination port port number Required By default no destination port number is configured for...

Page 2509: ...milliseconds by default Configure the timeout for waiting for a response in a voice test probe packet timeout packet timeout Optional 5000 milliseconds by default Configure common optional parameters...

Page 2510: ...the threshold the configured action is triggered Follow these steps to configure the collaboration function To do Use the command Remarks Enter system view system view Enter NQA test group view nqa e...

Page 2511: ...ent server by default Only the reaction trap test complete command is supported in a voice test namely in a voice test traps are sent to the NMS only if the test succeeds Configuring the NQA Statistic...

Page 2512: ...ated Configuring the History Records Saving Function With the history records saving function enabled the system will save the history records of the NQA test You can view the history records of a tes...

Page 2513: ...ers common to an NQA test group To do Use the command Remarks Enter system view system view Enter NQA test group view nqa entry admin name operation tag Enter test type view of a test group type dhcp...

Page 2514: ...n be forever which indicates that a test will not stop until you use the undo nqa schedule command to stop the test A test group performs tests when the system time is between the start time and the e...

Page 2515: ...ion information display nqa history admin name operation tag Display the results of the last NQA test display nqa result admin name operation tag Display the statistics of a type of NQA test display n...

Page 2516: ...ss 10 2 2 2 Send operation times 10 Receive response times 10 Min Max Average round trip time 2 5 3 Square Sum of round trip time 96 Last succeeded probe time 2007 08 23 15 00 01 2 Extended results Pa...

Page 2517: ...admin test start time now lifetime forever Disable DHCP test after the test begins for a period of time SwitchA undo nqa schedule admin test Display the result of the last DHCP test SwitchA display n...

Page 2518: ...history records DeviceA nqa admin test dns history record enable DeviceA nqa admin test dns quit Enable DNS test DeviceA nqa schedule admin test start time now lifetime forever Disable DNS test after...

Page 2519: ...view DeviceA nqa entry admin test DeviceA nqa admin test type ftp DeviceA nqa admin test ftp destination ip 10 2 2 2 DeviceA nqa admin test ftp source ip 10 1 1 1 DeviceA nqa admin test ftp operation...

Page 2520: ...st the connection with a specified HTTP server and the time required to obtain data from the HTTP server Figure 1 7 Network diagram for the HTTP tests Configuration procedure Create an HTTP test group...

Page 2521: ...0 Display the history of HTTP tests DeviceA display nqa history admin test NQA entry admin admin tag test history record s Index Response Status Time 1 64 Succeeded 2007 11 22 10 12 47 9 UDP Jitter Te...

Page 2522: ...s Packet lost in test 0 Failures due to timeout 0 Failures due to disconnect 0 Failures due to no connection 0 Failures due to sequence error 0 Failures due to internal error 0 Failures due to other e...

Page 2523: ...te 0 UDP jitter results RTT number 410 Min positive SD 3 Min positive DS 1 Max positive SD 30 Max positive DS 79 Positive SD number 186 Positive DS number 158 Positive SD sum 2602 Positive DS sum 1928...

Page 2524: ...gent service and set the SNMP version to all the read community to public and the write community to private DeviceB system view DeviceB snmp agent sys info version all DeviceB snmp agent community re...

Page 2525: ...admin test NQA entry admin admin tag test history record s Index Response Status Time 1 50 Timeout 2007 11 22 10 24 41 1 TCP Test Configuration Example Network requirements Use the NQA TCP function t...

Page 2526: ...ge round trip time 13 13 13 Square Sum of round trip time 169 Last succeeded probe time 2007 11 22 10 27 25 1 Extended results Packet lost in test 0 Failures due to timeout 0 Failures due to disconnec...

Page 2527: ...record number 10 DeviceA nqa admin test udp echo quit Enable UDP echo test DeviceA nqa schedule admin test start time now lifetime forever Disable UDP echo test after the test begins for a period of...

Page 2528: ...view DeviceA nqa entry admin test DeviceA nqa admin test type voice DeviceA nqa admin test voice destination ip 10 2 2 2 DeviceA nqa admin test voice destination port 9000 DeviceA nqa admin test voic...

Page 2529: ...691776 One way results Max SD delay 343 Max DS delay 985 Min SD delay 343 Min DS delay 985 Number of SD delay 1 Number of DS delay 1 Sum of SD delay 343 Sum of DS delay 985 Square sum of SD delay 1176...

Page 2530: ...59 Max DS delay 985 Min SD delay 0 Min DS delay 0 Number of SD delay 4 Number of DS delay 4 Sum of SD delay 1390 Sum of DS delay 1079 Square sum of SD delay 483202 Square sum of DS delay 973651 SD los...

Page 2531: ...2 Send operation times 1 Receive response times 1 Min Max Average round trip time 19 19 19 Square Sum of round trip time 361 Last succeeded probe time 2007 11 22 10 40 27 7 Extended results Packet lo...

Page 2532: ...ho Configure the destination IP address of the ICMP echo test operation as 10 2 1 1 SwitchA nqa admin test icmp echo destination ip 10 2 1 1 Configure the interval between two consecutive tests as 100...

Page 2533: ...of VLAN interface 3 on Switch B SwitchB system view SwitchB interface vlan interface 3 SwitchB Vlan interface3 undo ip address On Switch A display information about all the Track entries SwitchA disp...

Page 2534: ...abling an Interface from Receiving NTP Messages 1 13 Configuring the Maximum Number of Dynamic Sessions Allowed 1 13 Configuring Access Control Rights 1 13 Configuration Prerequisites 1 14 Configurati...

Page 2535: ...o means keep time synchronized among all the devices within a network by changing the system clock on each station because this is a huge amount of workload and cannot guarantee the clock precision NT...

Page 2536: ...e A Device B Device A Device B Device A Device B Device A 10 00 00 am 11 00 01 am 10 00 00 am NTP message 10 00 00 am 11 00 01 am 11 00 02 am NTP message NTP message NTP message received at 10 00 03 a...

Page 2537: ...p 64 bits Transmit timestamp 64 bits Authenticator optional 96 bits Reference timestamp 64 bits Originate timestamp 64 bits 1 4 Main fields are described as follows z LI 2 bit leap indicator When set...

Page 2538: ...ement clock synchronization in one of the following modes z Client server mode z Symmetric peers mode z Broadcast mode z Multicast mode You can select operation modes of NTP as needed In case that the...

Page 2539: ...ssage the client sends a request Clock synchronization message exchange Mode 3 and Mode 4 Periodically broadcasts clock synchronization messages Mode 5 Calculates the network delay between client and...

Page 2540: ...d the server Then the client enters the multicast client mode and continues listening to multicast messages and synchronizes its local clock based on the received multicast messages In symmetric peers...

Page 2541: ...k List Complete the following tasks to configure NTP Task Remarks Configuring the Operation Modes of NTP Required Configuring the Local Clock as a Reference Source Optional Configuring Optional Parame...

Page 2542: ...evices working in the client server mode you only need to make configurations on the clients but not on the servers Follow these steps to configure an NTP client To do Use the command Remarks Enter sy...

Page 2543: ...icast address or the IP address of the local clock z When the source interface for NTP messages is specified by the source interface argument the source IP address of the NTP messages will be configur...

Page 2544: ...thentication keyid keyid version number Required A broadcast server can synchronize broadcast clients only after its clock has been synchronized Configuring NTP Multicast Mode The multicast server per...

Page 2545: ...ticast clients among which 128 can take effect at the same time Configuring the Local Clock as a Reference Source A network device can get its clock synchronized in one of the following two ways z Syn...

Page 2546: ...P address of the NTP messages as the primary IP address of the specified interface when sending the NTP messages When the device responds to an NTP request received the source IP address of the NTP re...

Page 2547: ...rmits the peer devices to perform control query to the NTP service on the local device but does not permit a peer device to synchronize its clock to that of the local device The so called control quer...

Page 2548: ...izing with a device that has failed authentication Configuration Prerequisites The configuration of NTP authentication involves configuration tasks to be implemented on the client and on the server Wh...

Page 2549: ...nfigure the key as a trusted key ntp service reliable authentication keyid keyid Required No authentication key is configured to be trusted by default Client server mode ntp service unicast server ip...

Page 2550: ...pecify it as a trusted key after associating the key with the NTP server The procedure of configuring NTP authentication on a server is the same as that on a client and the same authentication key mus...

Page 2551: ...000 UTC Jan 1 1900 00000000 00000000 Specify Device A as the NTP server of Device B so that Device B is synchronized to Device A DeviceB system view DeviceB ntp service unicast server 1 0 1 11 View t...

Page 2552: ...while Device B is the symmetric passive peer Figure 1 8 Network diagram for NTP symmetric peers mode configuration Switch A Switch B Switch C 3 0 1 31 24 3 0 1 32 24 3 0 1 33 24 Configuration procedu...

Page 2553: ...nchronized to Device C and the clock stratum level of Device B is 2 while that of Device C is 1 View the NTP session information of Device B which shows that an association has been set up between Dev...

Page 2554: ...D to work in the broadcast client mode and receive broadcast messages on VLAN interface 2 SwitchD system view SwitchD interface vlan interface 2 SwitchD Vlan interface2 ntp service broadcast client 3...

Page 2555: ...rce peer 3 selected 4 candidate 5 configured Total associations 1 Configuring NTP Multicast Mode Network requirements z Switch C s local clock is to be used as a reference source with the stratum leve...

Page 2556: ...z Clock precision 2 18 Clock offset 0 0000 ms Root delay 31 00 ms Root dispersion 8 31 ms Peer dispersion 34 30 ms Reference time 16 01 51 713 UTC Sep 19 2005 C6D95F6F B6872B02 As shown above Switch D...

Page 2557: ...e status Clock status synchronized Clock stratum 3 Reference clock ID 3 0 1 31 Nominal frequency 100 0000 Hz Actual frequency 100 0000 Hz Clock precision 2 18 Clock offset 0 0000 ms Root delay 40 00 m...

Page 2558: ...Device B DeviceB ntp service authentication enable Set an authentication key DeviceB ntp service authentication keyid 42 authentication mode md5 aNiceKey Specify the key as a trusted key DeviceB ntp s...

Page 2559: ...urce peer 3 selected 4 candidate 5 configured Total associations 1 Configuring NTP Broadcast Mode with Authentication Network requirements z Switch C s local clock is to be used as a reference source...

Page 2560: ...interface 2 and Switch C can send broadcast messages through VLAN interface 2 Upon receiving a broadcast message from Switch C Switch D synchronizes its clock to that of Switch C View the NTP status...

Page 2561: ...tric peers mode but not in the multicast or broadcast mode Figure 1 13 Network diagram for MPLS VPN time synchronization configuration CE 1 CE 2 CE 4 CE 3 PE 1 PE 2 P VPN 1 VPN 2 VPN 1 VPN 2 Vlan int...

Page 2562: ...time later The information should show that CE 3 has been synchronized to CE 1 with the clock stratum level of 2 CE3 display ntp service status Clock status synchronized Clock stratum 2 Reference cloc...

Page 2563: ...time later The information should show that PE 2 has been synchronized to PE 1 with the clock stratum level of 2 PE2 display ntp service status Clock status synchronized Clock stratum 2 Reference cloc...

Page 2564: ...1 6 Step by Step Patch Installation Task List 1 6 Configuring the Patch File Location 1 6 Loading a Patch File 1 7 Activating Patches 1 7 Confirming Running Patches 1 8 One Step Patch Uninstallation...

Page 2565: ...device that is it can repair the software defects of the current version without rebooting the device Basic Concepts in Hotfix Patch and patch file A patch also called patch unit is a package to fix...

Page 2566: ...be in the state of IDLE DEACTIVE ACTIVE and RUNNING Load run temporarily confirm running stop running delete install and uninstall represent operations corresponding to commands of patch load patch ac...

Page 2567: ...memory patch area and are in the DEACTIVE state At this time the patch states in the system are as shown in Figure 1 3 The patches that are in the DEACTIVE state will be still in the DEACTIVE state af...

Page 2568: ...of the system are as shown in Figure 1 5 Figure 1 5 Patches are running The patches that are in the RUNNING state will be still in the RUNNING state after system reboot Hotfix Configuration Task List...

Page 2569: ...roduct Card type PATCH FLAG Default patch name mpu PATCH MPU patch_mpu bin lpb PATCH LPB patch_lpb bin S7900E lpr PATCH LPR patch_lpr bin The loading and installation are performed on all cards that a...

Page 2570: ...Location Optional Loading a Patch File Required Activating Patches Required Confirming Running Patches Optional Configuring the Patch File Location If you save the patch files to other storage media e...

Page 2571: ...ill try to load the patch file from the CF card Set the file transfer mode to binary mode before using FTP or TFTP to upload download patch files to from the flash of the device Otherwise patch file c...

Page 2572: ...slot slot number Required Confirming Running Patches After you confirm the running of a patch the patch state becomes RUNNING and the patch is in the normal running stage After the device is reset or...

Page 2573: ...IVE and the system runs in the way before it is installed with the patch Follow the steps below to stop running patches distributed device To do Use the command Remarks Enter system view system view S...

Page 2574: ...n any view Hotfix Configuration Examples Hotfix Configuration Example Network requirements z The software running on Device is of some problem and thus hotfixing is needed z The patch files patch_mpu...

Page 2575: ...n from the TFTP server to the AMB Device tftp 2 2 2 2 get patch_mpu bin Device tftp 2 2 2 2 get patch_lpr bin Device tftp 2 2 2 2 get patch_lpb bin Copy the patch files to the root directory of the SM...

Page 2576: ...rating Mode 1 9 Configuring IRF 1 10 Setting a Member ID for a Device 1 10 Specifying a Priority for an IRF Member 1 11 Configuring IRF Ports 1 11 Specifying the Preservation Time of IRF Bridge MAC Ad...

Page 2577: ...y configurations and then these devices are virtualized into a virtual device This virtualization technology realizes the cooperation of multiple devices unified management and non stop maintenance He...

Page 2578: ...thus the reliability of the IRF system is increased through the link backup z Powerful network expansion capability By adding member devices you can increase the number of IRF ports and expand network...

Page 2579: ...following describes some basic concepts in IRF Operation mode The device can operate in either of the following two modes z Standalone mode The device operates in a standalone manner It does not form...

Page 2580: ...cal standby SRPU A local standby SRPU is the standby SRPU of a member device As an optional hardware configuration it acts as the backup of the local active SRPU The active SRPU of the IRF The active...

Page 2581: ...nt involves four stages Physical Connections Topology Collection Role Election and IRF Management and Maintenance You need to first connect the IRF members physically and then the devices will perform...

Page 2582: ...2 Upon receiving the topology information from the directly connected neighbor it updates the local topology information 3 If there is a local standby SRPU configured the local active SRPU synchronize...

Page 2583: ...chassis2 slot1 flash test cfg indicates that a file named test cfg is saved under the root directory of the flash on the SRPU in slot 1 of member device 2 Therefore to ensure the uniqueness of member...

Page 2584: ...ctive ID to operate normally The state of all the other IRFs will be set to recovery and all the ports in them will be shut down except for the IRF ports and ports manually specified not to shut down...

Page 2585: ...g LACP MAD detection Optional Specifying the reserved ports Optional Configuring MAD Detection Failure recovery Optional Accessing the Master Required Accessing an IRF Accessing a Slave Optional After...

Page 2586: ...reboot automatically as soon as you confirm the operation of switching the operating mode Configuring IRF Setting a Member ID for a Device The member ID of a device defaults to 1 Before an IRF is for...

Page 2587: ...n modify the priority through command lines Follow these steps to specify a priority for an IRF member To do Use the command Remarks Enter system view system view Specify a priority for an IRF member...

Page 2588: ...king mode of a physical IRF port By default the working mode of a physical IRF port is normal An SC interface card does not support configuration of the working mode of physical IRF ports as enhanced...

Page 2589: ...address To do Use the command Remarks Enter system view system view Configure the IRF bridge MAC address to be preserved permanently after the master leaves irf mac address persistent always Specify...

Page 2590: ...erwise the IRF system will not be aware of the IRF topology changes in time and thus the service will be recovered slowly Configuring MAD Detection IRF of distributed devices supports two MAD approach...

Page 2591: ...ive z When the IRF operates normally only the MAD IP address of the master is effective and the BFD session is down z When the IRF splits into two or multiple IRFs all the MAD IP addresses of the mast...

Page 2592: ...a common IP address are not mutually interfered they can coexist the MAD IP address automatically becomes the slave address after being configured and the common IP address becomes the primary addres...

Page 2593: ...it system view quit Enter the view of the port that connects to the LACP MAD detection link interface interface type interface number Assign the port to the aggregation group for LACP MAD detection po...

Page 2594: ...se the command Remarks Enter system view system view Restore devices in the recovery state to the normal state mad restore Required Accessing an IRF Accessing the Master After an IRF is formed you can...

Page 2595: ...view system view Log in to the specified slave device of an IRF irf switch to chassis chassis number slot slot number Required By default you actually log in to the master device of an IRF when you l...

Page 2596: ...ns z To increase the number of access ports additional devices are needed In this example Device B is added z To address the requirements for high availability ease of management and maintenance use I...

Page 2597: ...to make the configuration of member ID take effect After logging in to the device again create IRF port2 1 of the device and bind it to the physical IRF port Ten GigabitEthernet 2 3 0 25 and then save...

Page 2598: ...GE2 3 0 25 IRF port2 1 GE1 3 0 2 GE2 3 0 2 Device A Device B IRF IRF link Note The solid orange line represents the IRF link the solid magenta lines represent links used for LACP MAD detection the sol...

Page 2599: ...Ten GigabitEthernet1 3 0 25 save Configure Device B Sysname system view Sysname chassis convert mode irf This command will convert the device to IRF mode and the device will reboot Are you sure Y N y...

Page 2600: ...evice A and Device B Sysname interface gigabitethernet 1 3 0 2 Sysname GigabitEthernet1 3 0 2 port link aggregation group 2 Sysname GigabitEthernet1 3 0 2 quit Sysname interface gigabitethernet 2 3 0...

Page 2601: ...i Table of Contents 1 IPC Configuration 1 1 IPC Overview 1 1 Introduction to IPC 1 1 Enabling IPC Performance Statistics 1 2 Displaying and Maintaining IPC 1 3...

Page 2602: ...efore a distributed device corresponds to multiple nodes Therefore in actual application IPC is mainly applied on an IRF or distributed device it provides a reliable transmission mechanism between dif...

Page 2603: ...ate multiple multicast groups The creation and deletion of a multicast group and multicast group members depend on the application module z Mixcast namely both unicast and multicast are supported Enab...

Page 2604: ...a node display ipc multicast group node node id self node Display packet information of a node display ipc packet node node id self node Display link status information of a node display ipc link nod...

Page 2605: ...CFP The Application Control Forwarding Protocol ACFP is developed based on the OAA architecture This document describes z Introduction to ACFP z Configuring the ACFP Server Switch z Configuring ACFP C...

Page 2606: ...i Table of Contents 1 OAP Configuration 1 1 OAP Overview 1 1 Configuring an OAP Card 1 1 Logging In to the Software System of an OAP Card Through the Switch 1 1 Restarting an OAP Card 1 2...

Page 2607: ...to load software of different functions Meanwhile after an OAP card is installed into the switch it can quickly implement applications such as security and wireless control which satisfies users dive...

Page 2608: ...an OAP Card If the software system of an OAP card works abnormally or is under other anomalies you can restart the OAP card with the following command Follow the step to restart an OAP card To do Use...

Page 2609: ...P Collaboration 1 2 ACFP Management 1 2 ACFP Information Overview 1 2 Using ACFP 1 5 ACFP Configuration Task List 1 5 Configuring the ACFP Server Switch 1 6 Enabling the ACFP Server 1 6 Enabling the A...

Page 2610: ...e advantages of respective manufacturers for better support of new services while reducing user investments The open application architecture OAA is an open service architecture developed with this co...

Page 2611: ...cluding inbound interface and outbound interface of the packet and collaboration rules When the packet received by the ACFP server is redirected or mirrored to the ACFP client after matching a collabo...

Page 2612: ...the context ID the HGPlus context only The above mentioned information indicates the collaboration capabilities of an ACFP server ACFP clients can access this information through a collaboration prot...

Page 2613: ...P collaboration rules refer to the collaboration rules that the ACFP client sends to the ACFP server for application There are three types of collaboration rules z Monitoring rules that is to monitor...

Page 2614: ...ules that belong to it Using ACFP z In a GRE tunneling environment an ACFP policy can be configured on a tunnel interface only z QoS processing such as marking the QoS local ID and local priority for...

Page 2615: ...ings ACFP server does not support the working mode of the ACFP client errors Expiration period of ACFP collaboration policy changed notifications ACFP collaboration rules are created informational ACF...

Page 2616: ...face type interface number out interface interface type interface number active inactive Display ACFP rule configuration information display acfp rule info in interface interface type interface number...

Page 2617: ...I Startup and Running 1 2 ACSEI Server Configuration Switch 1 2 Enabling ACSEI Server 1 2 Configuring the Clock Synchronization Timer 1 3 Configuring the Monitoring Timer 1 3 Closing an ACSEI Client 1...

Page 2618: ...Open Application Architecture OAA The collaborating IDS Intrusion Detection System cards or IDS devices serve as the ACFP clients which run applications of other vendors and support the IPS Intrusion...

Page 2619: ...sts to the ACSEI server You cannot set this timer ACSEI Startup and Running ACSEI starts up and runs in the following procedures 1 Run the ACSEI client application to enable ACSEI client 2 Start up th...

Page 2620: ...view system view Enable the ACSEI server function acsei server enable Required Enter ACSEI server view acsei server Configure the monitoring timer for ACSEI server to monitor ACSEI client acsei timer...

Page 2621: ...Display ACSEI client summary display acsei client summary client id Display ACSEI client information display acsei client info client id Available in any view Configuring ACSEI Client OAP Card As a f...

Search results

Summary of Contents for S7906E - Switch

Reviews:

Related manuals for S7906E - Switch

Brands by name

Popular brands

3Com S7906E - Switch, Configuration Manual

Search results

Summary of Contents for S7906E - Switch

Reviews:

Related manuals for S7906E - Switch

Brands by name

Popular brands