Edge-Core ES3628EA User Manual Download Page 717

Page: 717 / 802

717

{{<source><source-wildcard>}|any-source|{host-source<source-host-ip>}}

{{<destination><destination-wildcard>}|any-destination|{host-destination

<destination-host-ip>}} [precedence <precedence>] [tos

<tos>][time-range<time-range-name>]

Functions:

Define an expansion name MAC-IP ACL rule, ‘No’ form deletes one

expansion numeric MAC-IP ACL access-list rule.

Parameters

: num access-list serial No. this is a decimal’s No. from 3100-3199.; deny if

rules are matching, deny to access; permit if rules are matching, permit to access;

any-source-mac: any source MAC address; any-destination-mac: any destination MAC

address; host_smac , smac: source MAC address; smac-mask: mask (reverse mask) of

source MAC address ; host_dmac , dmas destination MAC address; dmac-mask mask

(reverse mask) of destination MAC address; protocol No. of name or IP protocol. It can

be a key word: eigrp, gre, icmp, igmp, igrp, ip, ipinip, ospf, tcp, or udp, or an integer from

0-255 of list No. of IP address. Use key word ‘ip’ to match all Internet protocols (including

ICMP, TCP, AND UDP) list; source-host-ip, source No. of source network or source

host of packet delivery. Numbers of 32-bit binary system with dotted decimal notation

expression; host-source: means the address is the IP address of source host, otherwise

the IP address of network; source-wildcard: reverse of source IP. Numbers of 32-bit

binary system expressed by decimal’s numbers with four-point separated, reverse mask;

destination-host-ip, destination No. of destination network or host to which packets are

delivered. Numbers of 32-bit binary system with dotted decimal notation expression;

host-source: means the address is the that the destination host address, otherwise the

network IP address; destination-wildcard: mask of destination. I Numbers of 32-bit

binary system expressed by decimal’s numbers with four-point separated, reverse mask;

s-port(optional): means the need to match TCP/UDP source port; port1(optional): value of

TCP/UDP source interface No., Interface No. is an integer from 0-65535; d-port(optional):

means need to match TCP/UDP destination interface; port3(optional): value of TCP/UDP

destination interface No., Interface No. is an integer from 0-65535; [ack] [fin] [psh] [rst]

[urg] [syn], (optional) only for TCP protocol, multi-choices of tag positions are available,

and when TCP data reports the configuration of corresponding position, then initialization

of TCP data report is enabled to form a match when in connection; precedence (optional)

packets can be filtered by priority which is a number from 0-7; tos (optional) packets can

be filtered by service type which ia number from 0-15; icmp-type (optional) ICMP

packets can be filtered by packet type which is a number from 0-255; icmp-code (optional)

ICMP packets can be filtered by packet code which is a number from 0-255; igmp-type

(optional) ICMP packets can be filtered by IGMP packet name or packet type which is a

number from 0-255;

<time-range-name>

, name of time range

Command Mode:

Name expansion MAC-IP access-list configuration mode

Summary of Contents for ES3628EA

Page 1: ...1 www edge core com ES3628EA L3 24 10 100 Ports 4GE Fast Ethernet Switch...

Page 2: ...h support a variety of network interfaces from 100Mb to 1000Mb Ethernet We are providing this manual for your better understanding use and maintenance of the ES3628EA L3 Fast Ethernet Switch We strong...

Page 3: ...on 31 1 2 7 Fuzzy Match Support 31 1 3 WEB MANAGEMENT 32 1 3 1 Main Page 32 1 3 2 Module Front Panel 32 CHAPTER 2 BASIC SWITCH CONFIGURATION 34 2 1 BASIC SWITCH CONFIGURATION COMMANDS 34 2 1 1 Command...

Page 4: ...duction 103 2 7 2 TACACS Configurations 103 2 7 3 Commands for TACACS 104 2 7 4 Typical TACACS Scenarios 106 2 7 5 TACACS Troubleshooting 106 2 8 WEB MANAGEMENT 107 2 8 1 Switch Basic Configuration 10...

Page 5: ...rt information 133 CHAPTER 4 PORT CHANNEL CONFIGURATION 135 4 1 INTRODUCTION TO PORT CHANNEL 135 4 2 PORT CHANNEL CONFIGURATION TASK LIST 136 4 3 COMMANDS FOR PORT CHANNEL 137 4 3 1 debug lacp 137 4 3...

Page 6: ...oubleshooting 171 CHAPTER 6 MAC TABLE CONFIGURATION 173 6 1 INTRODUCTION TO MAC TABLE 173 6 1 1 Obtaining MAC Table 173 6 1 2 Forward or Filter 175 6 2 MAC ADDRESS TABLE CONFIGURATION TASK LIST 176 6...

Page 7: ...7 3 19 spanning tree portfast 202 7 3 20 spanning tree digest snooping 202 7 3 21 spanning tree tcflush global mode 203 7 3 22 spanning tree tcflush port mode 203 7 4 MSTP EXAMPLE 204 7 5 MSTP TROUBL...

Page 8: ...ayer 3 Interface 245 9 1 2 Layer 3 Interface Configuration Task List 245 9 1 3 Commands for Layer 3 Interface 246 9 2 IP CONFIGURATION 246 9 2 1 Introduction to IPv4 IPv6 246 9 2 2 IP Configuration 24...

Page 9: ...sntp 314 11 3 TYPICAL SNTP CONFIGURATION EXAMPLES 314 11 4 WEB MANAGEMENT 315 11 4 1 SNMP NTP server configuration 315 11 4 2 Request interval configuration 315 11 4 3 Time difference 315 11 4 4 Show...

Page 10: ...ute 348 13 3 2 Introduction to Default Route 348 13 3 3 Static Route Configuration Task List 349 13 3 4 Commands for Static Route 349 13 3 5 Configuration Examples 353 13 4 RIP 354 13 4 1 Introduction...

Page 11: ...NFIGURATION TASK 553 14 3 COMMANDS FOR IGMP SNOOPING 555 14 3 1 ip igmp snooping vlan 555 14 3 2 ip igmp snooping vlan immediate leave 555 14 3 3 ip igmp snooping vlan l2 general querier 555 14 3 4 ip...

Page 12: ...ng 577 16 3 PIM SM 580 16 3 1 Introduction to PIM SM 580 16 3 2 PIM SM Configuration Task List 581 16 3 3 Commands for PIM SM 584 16 3 4 PIM SM Configuration Examples 593 16 3 5 PIM SM Troubleshooting...

Page 13: ...iguration Task List 675 17 3 3 Commands for MLD 677 17 3 4 MLD Typical Application 682 17 3 5 MLD Troubleshooting 683 CHAPTER 18 ACL CONFIGURATION 687 18 1 INTRODUCTION TO ACL 687 18 1 1 Access list 6...

Page 14: ...te 739 19 3 12 dot1x re authentication 740 19 3 13 dot1x timeout quiet period 740 19 3 14 dot1x timeout re authperiod 740 19 3 15 dot1x timeout tx period 741 19 3 16 radius server accounting host 741...

Page 15: ...ual Router 768 20 6 5 Configure Preemptive Mode For VRRP 768 20 6 6 Configure VRRP priority 769 20 6 7 Configure VRRP Timer interval 769 20 6 8 Configure VRRP Interface Monitor 769 20 6 9 Configure Au...

Page 16: ...T CONFIGURATION SEQUENCE 791 22 3 COMMANDS FOR CLUSTER 793 22 3 1 cluster run 793 22 3 2 cluster register timer 793 22 3 3 cluster ip pool 794 22 3 4 cluster commander 794 22 3 5 cluster member 795 22...

Page 17: ...ailable For instance the user must assign an IP address to the switch via the Console interface to be able to access the switch through Telnet The procedures for managing the switch via Console interf...

Page 18: ...included in Windows after the connection established The example below is based on the HyperTerminal included in Windows XP 1 Click Start menu All Programs Accessories Communication HyperTerminal Fig...

Page 19: ...ud rate 8 for Data bits none for Parity checksum 1 for stop bit and none for traffic control or you can also click Restore default and click OK Fig 1 5 Opening HyperTerminal Step 3 Entering switch CLI...

Page 20: ...ceived 0 pac Starting at 0x10000 Attaching to file system te to DOWNn avg max 0 0 0a Switch Settings 00 00 25 2006 vlan mac 00 03 0F 13 25 98otocol on Interface Etherne serial number 106120000004open...

Page 21: ...ess is in the same network segment 3 If not 2 Telnet client can connect to an IP address of the switch via other devices such as a router ES3628EA Switch is a Layer 3 switch that can be configured wit...

Page 22: ...lnet Client program Run Telnet client program included in Windows with the specified Telnet target Fig 1 7 Run telnet client program included in Windows Step 3 Login to the switch Login to the Telnet...

Page 23: ...nt and the switch s VLAN interface IP address are in the same network segment 3 If 2 is not met HTTP client should connect to an IP address of the switch via other devices such as a router Similar to...

Page 24: ...ar http 3ffe 506 1 2 3 where the address should be in the square brackets Step 3 Logon to the switch To logon to the HTTP configuration interface valid login user name and password are required otherw...

Page 25: ...25 Fig 1 10 Web Login Interface Input the right username and password and then the main Web configuration interface is shown as below Fig 1 11 Main Web Configuration Interface...

Page 26: ...categorized according to their functions in switch configuration and management Each category represents a different configuration mode The Shell for the switch is described below z Configuration Mode...

Page 27: ...rect Next users can reenter the system on entering corresponding user name and password Under Admin Mode the user can query the switch configuration information connection status and traffic statistic...

Page 28: ...Mode Using the vlan vlan id command under Global Mode can enter the corresponding VLAN Mode Under VLAN Mode the user can configure all member ports of the corresponding VLAN Run the exit command to ex...

Page 29: ...Configuration Syntax ES3628EA Switch provides various configuration commands Although all the commands are different they all abide by the syntax for ES3628EA Switch configuration commands The general...

Page 30: ...he cursor moves back Up Show previous command entered Up to ten recently entered commands can be shown Down Show next command entered When use the Up key to get previously entered commands you can use...

Page 31: ...with that string 1 2 6 Input Verification Returned Information success All commands entered through keyboards undergo syntax check by the Shell Nothing will be returned if the user entered a correct c...

Page 32: ...es HTTP web management function and users can configure and monitor the status of the switch through the web interface To manage the switch through web browser use the following steps Configure valid...

Page 33: ...33 Fig 1 13 Module Front Panel...

Page 34: ...command is for exiting admin mode Admin Mode config terminal Enter global mode from admin mode Various Modes Exit Exit current mode and enter previous mode such as using this command in global mode t...

Page 35: ...n mode to radius Switch Config authentication login radius 2 1 1 2 calendar set Command calendar set HH MM SS DD MON YYYY MON DD YYYY Function Set system date and time Parameter HH MM SS is the curren...

Page 36: ...01 01 00 01 06 startup config 2 064 1980 01 01 00 30 12 2 1 1 6 enable Command enable Function Enter Admin Mode from User Mode Command mode User Mode Usage Guide To prevent unauthorized access of non...

Page 37: ...res the default value Parameters minute is the time value shown in minute and ranges between 0 35791 seconds is the time value shown in seconds and ranges between 0 2147483 Command mode Global mode De...

Page 38: ...ed Command mode Global Mode Default The default prompt is ES3628EA switch Usage Guide With this command the user can set the CLI prompt of the switch according to their own requirements Example Set th...

Page 39: ...server no ip http server Function Enable Web configuration the no ip http server command disables Web configuration Command mode Global mode Usage guide Web configuation is for supplying a interface...

Page 40: ...r mode through level configured by the command No login cancels login local configuration Notice Executing the command it insures that priority of one user is 15 if it uses username command configurat...

Page 41: ...can choose all the parameters for ping Example Example 1 Default parameter for ping Switch ping 10 1 128 160 Type c to abort Sending 5 56 byte ICMP Echoes to 10 1 128 160 timeout is 2 seconds Success...

Page 42: ...configuration Ping6 function can configure the parameters of the ping packets on users demands When the ipv6 address is the local link address a vlan interface name is needed to be specified When spec...

Page 43: ...equired to be specified when destination address is a local link address Use source IPv6 address n Use source IPv6 address not used by default Source IPv6 address Source IPv6 IP address Repeat count 5...

Page 44: ...passwords Switch Config service password encryption 2 1 1 23 service terminal length Command service terminal length 0 512 no service terminal length Function Configure the columns of characters disp...

Page 45: ...et columns of characters displayed in each screen on terminal the terminal no length cancels the screen switching operation and display content once in all Parameter Columns of characters displayed in...

Page 46: ...m for unreachable network nodes 2 1 1 29 cli username Command cli username username privilege privilege password 0 7 password no cli username username Function Configure shell user and priority shell...

Page 47: ...sword for logging on the switch the no username user_name command deletes the user Parameter user_name is the username It can t exceed 16 characters show_flag can be either 0 or 7 0 is used to display...

Page 48: ...the users will also need to diagnostic the problem ES3628EA switch provides various debug commands including ping telnet show and debug etc to help the users to check system configuration operating s...

Page 49: ...witch allows up to 5 telnet client TCP connections And as Telnet client using telnet command under Admin Mode allows the user to login to the other remote hosts ES3628EA switch can only establish TCP...

Page 50: ...t name and the IP IPv6 address should be previously configured For required commands please refer to ip host and ipv6 host In case a host corresponds to both an IPv4 and an IPv6 addresses the IPv6 sho...

Page 51: ...switch will not be limited if a secure IP address is configured only hosts with the secure IP address is allowed to connect to the switch through Telnet for configuration The switch allows multiple se...

Page 52: ...for retrying SSH authentication the no ssh server authentication retries command restores the default number of times for retrying SSH authentication ssh server host key create rsa modulus moduls Gen...

Page 53: ...nge is 768 to 2048 The default value is 1024 Command mode Global Mode Default The system uses the key generated when the ssh server is started at the first time Usage Guide This command is used to gen...

Page 54: ...thorized SSH clients can t log on and configure the switch When the switch is a SSH server it can have maximum three users and it allows maximum three users to connect to it at the same time Example S...

Page 55: ...nder IPv4 which adopts the hop limit field of the ICMPv6 and IPv6 header First Traceroute6 sends an IPv6 datagram including source address destination address and packet sent time whose HOPLIMIT is se...

Page 56: ...p Display the TCP connection status established currently on the switch show udp Display the UDP connection status established currently on the switch show telnet login Display the information of the...

Page 57: ...s on 2 2 7 1 3 show history Command show history Function Display the recent user command history Command mode Admin Mode Usage Guide The system holds up to 10 commands the user entered the user can u...

Page 58: ...he current active configuration parameters for the switch Default If the active configuration parameters are the same as the default operating parameters nothing will be displayed Command mode Admin M...

Page 59: ...won t display any configurations However if write command is executed to save the active configuration to the Flash memory the displays of show running config and show startup config will be the same...

Page 60: ...second usertype 2 2 7 1 11 show tcp Command show tcp Function Display the current TCP connection status established to the switch Command mode Admin Mode Example Switch show tcp LocalAddress LocalPort...

Page 61: ...e default value for unit is 1 Command mode Admin Mode Usage Guide Use this command to view the version information for the switch including hardware version and software version Example Switch show ve...

Page 62: ...ctly send the log information to the log host and save it in files to be viewed at any time Among above log channels users rarely use the console monitor but will commonly choose the Telnet terminal t...

Page 63: ...l and brief description Note these severity levels are in accordance with the standard UNIX LINUX syslog Table 1 1 Severity of the log information Severity Value Description emergencies 0 System is un...

Page 64: ...log buffer zone information 2 Configure the log host output channel Command Description Global Mode logging ipv4 addr ipv6 addr facility local number level severity no logging ipv4 addr ipv6 addr fac...

Page 65: ...s in accordance with the facility defined in the RFC3164 severity is the severity threshold of the log information severity level The rule of the log information output is explained as follows only th...

Page 66: ...rnet 0 0 1 Switch Config Ethernet0 0 1 ipv6 address 3ffe 506 1 64 Switch Config Ethernet0 0 1 exit Switch Config logging 3ffe 506 4 facility local7 level warnings 2 3 Configurate Switch IP Addresses A...

Page 67: ...s bootp client command disables the BootP client function 3 DHCP Command Explanation ip address dhcp client no ip address dhcp client Enable the switch to be a DHCP client and obtain IP address and ga...

Page 68: ...d mode Interface Mode Usage Guide Obtaining IP address through BootP Manual configuration and DHCP are mutually exclusive enabling any 2 methods for obtaining IP address is not allowed Note To obtain...

Page 69: ...of exchange network management information between two points in the network SNMP employs a polling mechanism of message query and transmits messages through UDP a connectionless transport layer proto...

Page 70: ...s can t be changed on transmission USM employs DES CBC cryptography And HMAC MD5 and HMAC SHA are used for authentication VACM is used to classify the users access permission It puts the users with th...

Page 71: ...s basic MIB II RMON public MIB and other public MID such as BRIDGE MIB Besides the switch supports self defined private MIB Introduction to RMON RMON is the most important expansion of the standard SN...

Page 72: ...Configure IP address of SNMP management base Command Explanation snmp server securityip ipv4 address ipv6 address no snmp server securityip ipv4 address ipv6 address Configure the secure IPv4 IPv6 ad...

Page 73: ...tch This command is used for SNMP v3 8 Configuring TRAP Command Explanation snmp server enable traps no snmp server enable traps Enable the switch to send Trap message This command is used for SNMP v1...

Page 74: ...input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get request...

Page 75: ...number of SNMP packet outputs too big errors Number of Too_ big error SNMP packets maximum packet size Maximum length of SNMP packets no such name errors Number of packets requesting for non existent...

Page 76: ...mple 1 Add a community string named private with read write permission Switch config snmp server community private rw Example 2 Add a community string named public with read only permission Switch con...

Page 77: ...v2c versions this command configures the IP address and trap community character string of the network manage station receiving the SNMP Trap message And for v3 version this command is used for recei...

Page 78: ...g snmp mib no debug snmp mib Function Enable the SNMP mib debugging the no debug snmp mib command disables the debugging Command Mode Admin Mode Usage Guide When user encounters problems in applying S...

Page 79: ...v Read View one Write View no writeview specified Notify View one Displayed Information Explanation Group Name Group name Security level Security level Read View Read view name Write View Write view n...

Page 80: ...view 1 Included active 1 3 Excluded active Displayed Information Explanation View Name View name 1 and1 3 OID number Included The view includes sub trees rooted by this OID Excluded The view does not...

Page 81: ...udes 1 32 characters Name of writable view which includes 1 32 characters Name of trappable view which includes 1 32 characters Usage Guide There is a default view v1defaultviewname in the system It i...

Page 82: ...snmp server view readview 2 4 3 19 snmp server user Command snmp server user user string group string encrypted auth md5 sha password string no snmp server user user string group string Function Add a...

Page 83: ...etes configured security IPv4 or IPv6 address Command Mode Global Mode Parameter ipv4 address is NMS security IPv4 address point separated decimal format ipv6 address is NMS security IPv6 address colo...

Page 84: ...listed below Switch config snmp server Switch Config snmp server host 1 1 1 5 ectrap Switch Config snmp server enable traps Scenario 3 NMS uses SNMP v3 to obtain information from the switch The confi...

Page 85: ...sers still can t solve the SNMP problems Please contact our technical and service center 2 5 Switch Upgrade ES3628EA switch provides two ways for switch upgrade BootROM upgrade and the TFTP FTP upgrad...

Page 86: ...the management port on the switch The PC should have FTP TFTP server software installed and has the image file required for the upgrade Step 2 Press ctrl b on switch boot up until the switch enters B...

Page 87: ...PC For TFTP run TFTP server program for FTP run FTP server program Before start downloading upgrade file to the switch verify the connectivity between the server and the switch by ping from the serve...

Page 88: ...w FTP builds upon TCP to provide reliable connection oriented data stream transfer service However it does not provide file access authorization and uses simple authentication mechanism transfers user...

Page 89: ...te FTP TFTP servers can be hosts or other switches When ES3628EA switch operates as a FTP TFTP server it can provide file upload and download service for authorized FTP TFTP clients as file list servi...

Page 90: ...tes the name of running configuration file to be running config Factory configuration file The configuration file shipped with ES3628EA switch in the name of factory config Run set default and write a...

Page 91: ...nd shuts down FTP server and prevents FTP user from logging in 2 Modify FTP server connection idle time Command Explanation Global Mode ftp server timeout seconds Set connection idle time 3 TFTP serve...

Page 92: ...address ipv6address hostname filename a mongst username is the FTP user name password is the FTP user password ipaddress ipv6address is the IPv4 or IPv6 address of the FTP server client hostname is th...

Page 93: ...system will be adopted in the file transmission default transmission method When URL represents an TFTP address its form s hould be tftp ipaddress ipv6address hostname filename amongst ipaddr ess ipv...

Page 94: ...e list of the files on the server with the FTP client Switch Config dir ftp user password IPv6 Address 2 5 3 2 2 4 ftp server enable Command ftp server enable no ftp server enable Function Start FTP s...

Page 95: ...ed information Description Timeout Timeout time 2 5 3 2 2 7 show tftp Command show tftp Function display the parameter settings for the TFTP server Default No display by default Command mode Admin Mod...

Page 96: ...0 Default The default value is 5 retransmission Command mode Global Mode Example Modify the retransmission to 10 times Switch config Switch Config tftp server retransmission number 10 2 5 3 2 2 10 tft...

Page 97: ...he computer The configuration procedures of the switch is listed below Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Config If Vlan1 no shut Switch Config...

Page 98: ...ch operates as the TFTP server and connects from one of its ports to a computer which is a TFTP client Transfer the nos img file in the switch to the computer The configuration procedures of the switc...

Page 99: ...priate TFTP server directory on the computer The configuration procedures of the switch is listed below Switch Config inter vlan 1 Switch Config If Vlan1 ip address 10 1 1 2 255 255 255 0 Switch Confi...

Page 100: ...upload download system file with FTP protocol the connectivity of the link must be ensured i e use the Ping command to verify the connectivity between the FTP client and server before running the FTP...

Page 101: ...start up file upgrade through FTP fails please try to upgrade again or use the BootROM mode to upgrade 2 5 5 2 TFTP Troubleshooting When upload download system file with TFTP protocol the connectivity...

Page 102: ...frame Networks with Jumbo frames will increase the speed of the whole network by 2 to 5 Technically the Jumbo is just a lengthened frame sent and received by the switch However considering the length...

Page 103: ...dard packet head encryption this protocol is of a more reliable transmission and encryption characteristics and is more adapted to security control According to the characteristics of the TACACS Versi...

Page 104: ...uthentication server Parameter ip address is the IP of the server port number is the listening port number of the server the valid range is 0 65535 amongst 0 indicates it will not be an authentication...

Page 105: ...acacs server timeout Function Configure a TACACS server authentication timeout timer the no tacacs server timeout command restores the default configuration Parameter seconds is the value of TACACS au...

Page 106: ...0 Switch Config if vlan1 exit Switch Config tacacs server authentication host 10 1 1 3 Switch Config tacacs server key test Switch Config authentication login tacacs local 2 7 5 TACACS Troubleshooting...

Page 107: ...of command line interface and the mapping address relationship with the host Basic clock configuration configure date and clock of the system Users should configure HH MM SS as 23 0 0 and YY MM DD as...

Page 108: ...ure Community string as private choose Access priority as Read and write mode and choose State as Valid The command will be applied to the switch by clicking on the Apply button 2 8 2 2 Trap Manager C...

Page 109: ...ement station of the switch 5 4 4 2 6 z Security ip address Security IP address of NMS z State Valid to configure Invalid to remove Example configure the security IP address as 41 1 1 100 and choose S...

Page 110: ...ate allows device to send Trap messages Example choose Snmp Agent state as Open choose RMON state as Open and choose Trap state as Open Then click on the Apply button 2 8 3 Switch upgrade Users should...

Page 111: ...the files are transmitted in the binary standard Example the Figure below shows how to get the system file from TFTP Server 10 1 1 1 which has server file name is nos img and local file name nos img...

Page 112: ...switch and password is switch Click Apply 2 8 3 4 FTP server configuration Users should click Switch basic configuration and FTP server service to enter into the configuration page and make configurat...

Page 113: ...telnet login to display the Telnet client messages connected through Telnet with the switch z Show telnet user to display all Telnet client messages with authenticated switch access through Telnet z...

Page 114: ...r finds a VLAN port s properties by choosing port0 0 1 and click Apply 2 8 4 3 Others Other parts are easier to configure Users just click a configuration node and the relating messages will appear Ex...

Page 115: ...lnet server configuration nodes through web interface 2 8 7 Telnet server user configuration Users should click Telnet server configuration and Telnet server user configuration to configure Telnet ser...

Page 116: ...client for when the switch functions as the Telnet server Words and phrases are explained in the following Security IP address a specific security IP address Operation to choose from the drop down lis...

Page 117: ...be performed on ports 2 3 4 5 8 9 10 the command would look like interface Ethernet 0 0 2 5 0 0 8 10 Port speed duplex mode and traffic control can be configured under Ethernet Port Mode causing the...

Page 118: ...limit bandwidth input output no rate limit input output Sets or cancels the bandwidth used for incoming outgoing traffic for specified ports flow control no flow control Enables Disables traffic cont...

Page 119: ...use manage switches such as the user assign names according to the port application e g financial as the name of 0 0 1 2 ports which is used by financial department engineering as the name of 0 0 9 p...

Page 120: ...Global Mode Parameters interface list stands for port number Command mode Global Mode Usage Guide Run the exit command to exit the Ethernet Interface Mode to Global Mode Example Entering the Ethernet...

Page 121: ...ables Disables the auto negotiation function of a 1000Base T port Command mode Port configuration Mode Default Auto negotiation is enabled by default Usage Guide This command applies to 1000Base T int...

Page 122: ...pression command disables this traffic throttle function on all ports in the switch i e enables broadcasts multicasts and unknown destination unicasts to pass through the switch at line speed Paramete...

Page 123: ...rt port speed rate duplex mode flow control switch state broadcast storm restrain of the port and the statistic state of the data packets will be displayed All information of all ports on the switch w...

Page 124: ...t Usage Guide This command applies to 1000Base TX ports only speed duplex command is not available for 1000Base X port For combo port this command applies to the 1000Base TX port only and has no effec...

Page 125: ...e vlan vlan id no interface vlan vlan id Function Enters Interface Mode the no interface vlan vlan id command deletes existing VLAN interface Parameters vlan id is the VLAN ID for the establish VLAN t...

Page 126: ...secondary IP addresses Both primary IP address and secondary IP addresses can be used for SNMP Web Telnet management In addition ES3628EA allows IP addresses to be obtained through BootP DHCP Example...

Page 127: ...ort monitor Command port monitor interface interface list rx tx both no port monitor interface interface list Function Specifies port of mirror source the no port monitor interface interface list comm...

Page 128: ...monitor Command show port monitor interface interface list Function Show the mirror source and destination port information Parameter interface list is the mirror source port list Command Mode Admin M...

Page 129: ...witchA SwitchA Config interface ethernet 0 0 7 SwitchA Config If Ethernet0 0 7 rate limit 150 input SwitchB SwitchB Config interface ethernet 0 0 9 SwitchB Config If Ethernet0 0 9 speed duplex force10...

Page 130: ...t setup port speed duplexes and so on 3 6 1 Ethernet port configuration Click Port configuration Ethernet port configuration to open the Ethernet port configuration management table to configure Ether...

Page 131: ...t configuration Bandwidth control and proceed to do port bandwidth control 1 z Port Specifies configuration port z Bandwidth control level port bandwidth control The unit is Mbps and the value range i...

Page 132: ...ress Example Assign Port as Vlan10 port IP address as 192 168 1 180 Port network mask as 255 255 255 0 Port status as no shutdown Operation type selection as Add address then click Apply button and th...

Page 133: ...p source interface list as Ethernet ports 0 0 1 4 and the mirroring direction as rx Click Apply button and this port will be added into the monitor session Click the Default button to delete this port...

Page 134: ...134 Click Port configuration Port debug and maintenance Show port information to check the statistic information of the receiving sending data packet information of the port...

Page 135: ...by the user and can not only add network s bandwidth but also provide link backup Port aggregation is usually used when the switch is connected to routers PCs or other switches Fig 4 1 Port aggregati...

Page 136: ...osely related with switch hardware ES3628EA switch allow physical port aggregation of any two switches maximum 8 port groups and 8 ports in each port group are supported Once ports are aggregated they...

Page 137: ...e displayed Example Enabling LACP debug Switch debug lacp 4 3 2 port group Command port group port group number load balance src mac dst mac dst src mac src ip dst ip dst src ip no port group port gro...

Page 138: ...d port group port group number mode active passive on no port group port group number Function Adds a physical port to port channel the no port group port group number removes specified port from the...

Page 139: ...If it is configuration for modules such as shutdown or speed configuration then the configuration to current port will apply to all member ports in the corresponding port group Example Entering config...

Page 140: ...rt_enabled FALSE lacp_ena FALSE ready_n TRUE the attributes of the port are as follows mac_type ETH_TYPE speed_type ETH_SPEED_100M duplex_type FULL port_type ACCESS the machine state and port state of...

Page 141: ...Mbps 100Mbps 1 000Mbps duplex_type Port duplex mode full duplex and half duplex port_type Port VLAN property access port or trunk port mux_state Status of port binding status machine rcvm_state Status...

Page 142: ...em ID system priority System Priority LACP activity Whether port is added to the group in active mode 1 for yes LACP timeout Port timeout mode 1 for short timeout Aggregation Whether aggregation is po...

Page 143: ...e displayed Number of port Port number in the port channel Standby port Port that is in standby status which means the port is qualified to join the channel but cannot join the channel due to the maxi...

Page 144: ...e exit SwitchB Config interface port channel 2 SwitchB Config If Port Channel2 Configuration result Shell prompts ports aggregated successfully after a while now ports 1 2 3 4of SwitchA form an aggreg...

Page 145: ...ACP BPDU to complete aggregation Aggregation finishes immediately when the command to add port 2 to port group 1 is entered port 1 and port 2 aggregate to be port channel 1 when port 3 joins port grou...

Page 146: ...P then at least one of them should be in ACTIVE mode otherwise LACP packet won t be initiated LACP cannot be used on ports with Security and IEEE 802 1x enabled 4 6 Web Management Click Port channel c...

Page 147: ...ation page Click Apply button to add port into the group Display port member Select a group num in port configuration and the information of port member will be shown under the configuration table z P...

Page 148: ...he VLAN function of ES3628EA switch is implemented following IEEE 802 1Q The key idea of VLAN technology is that a large LAN can be partitioned into many separate broadcast domains dynamically to meet...

Page 149: ...Port Type 4 Set Trunk port 5 Set Access port 6 Enable Disable VLAN ingress rules on ports 7 Configure Private VLAN 8 Set Private VLAN association 1 Creating or deleting VLAN 2 Assigning Switch ports...

Page 150: ...ive vlan Set delete PVID for Trunk port Command Explanation Interface Mode switchport access vlan vlan id no switchport access vlan Add the current port to specified VLAN the specified VLANs The no co...

Page 151: ...o private vlan command cancels the Private VLAN configuration Parameter primary set current VLAN to Primary VLAN isolated set current VLAN to Isolated VLAN community set current VLAN to Community VLAN...

Page 152: ...ivate VLAN association by default Usage Guide This command can only used for Private VLAN The ports in Secondary VLANs which are associated to Primary VLAN can communicate to the ports in Primary VLAN...

Page 153: ...4094 Universal Vlan 1 2 Total Existing Vlans is 2 Displayed information Explanation VLAN VLAN number Name VLAN name Type VLAN type statically configured or dynamically learned Media VLAN interface ty...

Page 154: ...s no port by default Usage Guide Access ports are normal ports and can join a VLAN but a port can only join one VLAN for a time Example Assign Ethernet port 1 3 4 7 8 of VLAN100 Switch Config Vlan100...

Page 155: ...20 Switch Config interface ethernet 0 0 5 Switch Config Ethernet0 0 5 switchport mode trunk Switch Config Ethernet0 0 5 switchport trunk allowed vlan 1 3 5 20 Switch Config Ethernet0 0 5 exit 5 1 3 9...

Page 156: ...the system receives data it will check source port first and forwards the data to the destination port if it is a VLAN member port Example Disable VLAN ingress rules on the port Switch Config Ethernet...

Page 157: ...Switch Config vlan 2 Switch Config Vlan2 switchport interface ethernet 0 0 2 4 Switch Config Vlan2 exit Switch Config vlan 100 Switch Config Vlan100 switchport interface ethernet 0 0 5 7 Switch Config...

Page 158: ...application based on GARP working mechanism It is responsible for the maintenance of dynamic VLAN register information and population of such register information to the other switches Switches suppor...

Page 159: ...on globally and for Trunk port 0 0 10 Switch Config bridge ext gvrp Switch Config interface ethernet 0 0 10 Switch Config Ethernet0 0 10 bridge ext gvrp Command Explanation Interface Mode bridge ext g...

Page 160: ...327650 ms Command mode Interface Mode Default The default value for hold timer is 100 ms Usage Guide When GARP application entities receive a join message join message will not be sent immediately In...

Page 161: ...be canceled Besides the value of leave timer must be twice larger than the join timer Otherwise an error message will be displayed Example Set the GARP leave timer value of port 0 0 10 to 3000 ms Swi...

Page 162: ...ormation Switch show garp timer 5 2 3 8 show gvrp configuration Command show gvrp configuration interface name Function Display the global and port information for GVRP Parameter interface nam stands...

Page 163: ...Item Configuration description VLAN100 Port 2 6 of Switch A and C Trunk port Port 11 of Switch A and C Port 10 11 of Switch B Global GVRP Switch A B C Port GVRP Port 11 of Switch A and C Port 10 11 of...

Page 164: ...xt gvrp Switch Config Ethernet0 0 11 exit Switch C Switch Config bridge ext gvrp Switch Config vlan 100 Switch Config Vlan100 switchport interface ethernet 0 0 2 6 Switch Config Vlan100 exit Switch Co...

Page 165: ...hich the ID is the SPVID assigned to the user Afterwards the packet will only be transmitted in VLAN3 when traveling in the ISP internet network while carrying two VLAN tags the inner tag is added whe...

Page 166: ...ion on the ports 2 Configure the type of protocol TPID of the port 5 3 3 Dot1q Tunnel Configuration Command 5 3 3 1 dot1q tunnel enable Command dot1q tunnel enable no dot1q tunnel enable Function Set...

Page 167: ...ce ethernet 0 0 1 Switch Config Ethernet0 0 1 dot1q tunnel enable Switch Config Ethernet0 0 1 exit 5 3 3 2 dot1q tunnel tpid Command dot1q tunnel tpid 8100 9100 9200 0 65535 Function Configure the typ...

Page 168: ...lient network with VLAN3 The port1 of PE1 is connected to CE1 port10 is connected to public network the TPID of the connected equipment is 9100 port1 of PE2 is connected to CE2 port10 is connected to...

Page 169: ...1 exit Switch Config interface ethernet 0 0 10 Switch Config Ethernet0 0 10 switchport mode trunk Switch Config Ethernet0 0 10 exit Switch Config 5 3 5 Dot1q tunnel Troubleshooting Enabling dot1q tunn...

Page 170: ...ynamic VLAN Configuration Task List 1 Configure the correspondence between the Protocols and the VLAN 1 Configure the correspondence between the Protocols and the VLAN 5 4 2 2 Commands for Dynamic VLA...

Page 171: ...e packets go through their belonging VLAN is the same The command will not interfere with VLAN labeled data packets It is recommended to configure ARP protocol together with the IP protocol or else so...

Page 172: ...172 equipment positively send data packet to the switch such as ping to let the switch learn their source MAC then the two equipment will be able to communicate freely within the dynamic VLAN...

Page 173: ...apping to the destination port Then the MAC table is queried for the destination MAC address if hit the data frame is forwarded in the associated port otherwise the switch forwards the data frame to i...

Page 174: ...only a mapping entry of MAC address 00 01 11 11 11 11 and port 0 0 5 and no port mapping for 00 01 33 33 33 33 present the switch broadcast this message to all the ports in the switch assuming all por...

Page 175: ...C2 and PC1 are in the same physical segment and filter the message i e drop this message Three types of frames can be forwarded by the switch Broadcast frame Multicast frame Unicast frame The followin...

Page 176: ...figuration Task List Mac address table configuration task list 1 Configure the MAC address aging time 2 Configure static MAC forwarding or filter entry 1 Configure the MAC aging time Command Explanati...

Page 177: ...ress mapping entry of which the inherent MAC address corresponds to the VLAN number Usage Guide In certain special applications or when the switch is unable to dynamically learn the MAC address users...

Page 178: ...network environment dynamic learning is enabled PC1 holds sensitive data and can not be accessed by any other PC that is in another physical segment PC2 and PC3 have static mapping set to port 7 and...

Page 179: ...warding data streams between known MAC addresses within the ports can be achieved If a MAC address is aged the packet destined for that entry will be broadcasted In other words a MAC address learned i...

Page 180: ...dresses learned by the port to static secure MAC addresses port security timeout value no port security timeout Enable port locking timer function the no port security timeout restores the default set...

Page 181: ...ynamic interface ethernet 0 0 1 6 6 1 3 2 port security Command port security no port security Function Enable MAC address binding function for the port and lock the port When a port is locked the MAC...

Page 182: ...r the MAC address to be added deleted Usage Guide The MAC address binding function must be enabled before static secure MAC address can be added Example Adding MAC 00 03 0F FE 2E D3 to port1 Switch Co...

Page 183: ...0 1 Switch Config Ethernet0 0 1 port security timeout 30 6 6 1 3 7 port security violation Command port security violation protect shutdown no port security violation Function Configure the port viol...

Page 184: ...he secure MAC address belongs to Total Addresses Current secure MAC address number in the system 6 6 1 3 9 show port security address Command show port security address interface interface id Function...

Page 185: ...curity interface Ethernet 0 0 1 Ethernet0 0 1 Port Security Enabled Port status Security Up Violation mode Protect Maximum MAC Addresses 1 Total MAC Addresses 1 Configured MAC Addresses 1 Lock Timer i...

Page 186: ...not enabling Spanning tree or port aggregation and is not configured as a Trunk port MAC address binding is exclusive to such configurations If MAC address binding is to be enabled the functions ment...

Page 187: ...he number of spanning tree instances which consumes less CPU resources and reduces the bandwidth consumption 7 1 1 MSTP Region Because multiple VLANs can be mapped to a single spanning tree instance I...

Page 188: ...t of the CST and the IST master with both of the path costs to the CST root and to the IST master set to zero The bridge also initializes all of its MST instances and claims to be the root for all of...

Page 189: ...TP Load Balance In a MSTP region VLANs can by mapped to various instances That can form various topologies Each instance is independent from the others and each distance can has its own attributes suc...

Page 190: ...mst instance id priority bridge priority no spanning tree mst instance id priority Set bridge priority for specified instance Interface Mode spanning tree mst instance id cost cost no spanning tree ms...

Page 191: ...level no revision level Set MSTP region revision level Abort Quit MSTP region mode and return to Global mode without saving MSTP region configuration Exit Quit MSTP region mode and return to Global mo...

Page 192: ...Command Explanation Interface Mode spanning tree format standard spanning tree format privacy spanning tree format auto no spanning tree format Configure the format of port spanning tree packet standa...

Page 193: ...e current MSTP region configuration quit MSTP region mode and return Command Explanation Global Mode spanning tree tcflush enable spanning tree tcflush disable spanning tree tcflush protect no spannin...

Page 194: ...number The valid number is from 1 to 48 vlan list sets consecutive or non consecutive VLAN numbers refers to consecutive numbers and refers to non consecutive numbers Command mode MSTP Region Mode Def...

Page 195: ...o 0 Parameter level is revision level The valid range is from 0 to 65535 Command mode MSTP Region Mode Default The default revision level is 0 Usage Guide This command is to set revision level for MST...

Page 196: ...sure about which the packet format is on partner the AUTO configuration will be preferred so to identify the format by the packets they sent The privacy packet format is set by default in the concern...

Page 197: ...1 0 seconds Example In global mode set MSTP forward delay time to 20 seconds Switch Config spanning tree forward time 20 7 3 9 spanning tree hello time Command spanning tree hello time time no spannin...

Page 198: ...ime no spanning tree maxage Function Set the max aging time for BPDU The command no spanning tree maxage restores the default setting Parameter time is max aging time in seconds The valid range is fro...

Page 199: ...s itself to run in STP mode The command is used to force the port to run in the MSTP mode But once the port receives STP messages it changes to work in the STP mode again This command can only be used...

Page 200: ...em will generate the MST configuration identifier according to the MSTP configuration Only the switches with the same MST configuration identifier are considered as in the same MSTP region Example Ent...

Page 201: ...y The valid range is from 0 to 240 The value should be the multiples of 16 such as 0 16 32 240 Command mode Interface Mode Default The default port priority is 128 Usage Guide By setting the port prio...

Page 202: ...boundary port receives the BPDU the port becomes a non boundary port Example Set port 0 0 5 6 as boundary ports Switch Config interface Ethernet 0 0 5 6 Switch Config Port Range spanning tree portfas...

Page 203: ...lush restores to default setting Parameter Enable the spanning tree flush once the topology changes Disable the spanning tree don t flush when the topology changes Protect the spanning tree flush ever...

Page 204: ...network environment to do FLUSH with every topology change At the same time as a method to avoid network assault we allow the network administrator to configure FLUSH mode by the command Note For the...

Page 205: ...s a tree topology in blue lines rooted with SwitchA The ports marked with x are in the discarding status and the other ports are in the forwarding status Configurations Steps Step 1 Configure port to...

Page 206: ...B Config Port Range switchport mode trunk SwitchB Config Port Range exit SwitchB Config spanning tree SwitchC SwitchC Config vlan 20 SwitchC Config Vlan20 exit SwitchC Config vlan 30 SwitchC Config Vl...

Page 207: ...e of the instance 0 of the entire network In the MSTP region which SwitchB SwitchC and SwitchD belong to SwitchB is the region root of the instance 0 SwitchC is the region root of the instance 3 and S...

Page 208: ...the Instance 3 after the MSTP Calculation Fig 7 5 The Topology Of the Instance 4 after the MSTP Calculation SwitchB SwitchC SwitchD 2 3 5 4 2 3 6 7 5 4 6 7 x x x x SwitchB SwitchC SwitchD 2 3 5 4 2 3...

Page 209: ...and IEEE 802 1x on the switch port If MAC binding or IEEE 802 1x is enabled on the port the MSTP can t apply to this port 7 5 1 Commands for Monitor And Debug 7 5 1 1 show spanning tree Command show...

Page 210: ...hernet0 0 2 Total 2 PortName ID IntRPC State Role DsgBridge DsgPort Ethernet0 0 1 128 001 0 FWD MSTR 0 00030f010e30 128 001 Ethernet0 0 2 128 002 0 BLK ALTR 0 00030f010e30 128 002 Instance 4 Self Brid...

Page 211: ...root of the entire network IntRPC Cost from the current port to the region root of the current instance State Port status of the current instance Role Port role of the current instance DsgBridge Upwar...

Page 212: ...ion Switch Config spanning tree mst configuration Switch Config Mstp Region show mst pending Name switch Revision 0 Instance Vlans Mapped 00 1 29 31 39 41 4093 03 30 04 40 05 4094 Switch Config Mstp R...

Page 213: ...ance and configure the VLAN Instance mapping or add VLAN table entry mapping to specified Instance Configure mapping between VLAN1 10 100 110 and Instance 1 Equivalent command 1 2 1 3 Set Instance nam...

Page 214: ...et the priority for the current port on specified instance Set the priority for port 0 0 2 of instance1 to 32 7 6 2 3 Port route cost setting Click MSTP control to enter MSTP port operation then Port...

Page 215: ...itch port configuration mode Enable MSTP under Global Mode and disable MSTP for port 0 0 2 7 6 3 MSTP global control 7 6 3 1 MSTP global protocol port configuration Click MSTP control to enter MSTP Gl...

Page 216: ...Mode 7 6 3 5 Set the max hop count support for BPDU transmitting in MSTP field Click MSTP control MSTP Global control then set the BPDU Max Hop Time Config to support transmission in MSTP field Set th...

Page 217: ...r Instance Information Display MSTP and instances information Display Instance0 MSTP information 7 6 4 2 MSTP field information Click MSTP control show MSTP setting enter MSTP Field Information Displa...

Page 218: ...management according to the application requirement and network management policy 8 1 1 QoS Terms QoS Class of Service the classification information carried by Layer 2 802 1Q frames taking 3 bits of...

Page 219: ...the adjustment and configuration for the current bandwidth resource Fully implemented QoS can achieve complete management over the network traffic The following is as accurate as possible a descriptio...

Page 220: ...ssify traffic according to packet classification information and generate internal DSCP value based on the classification information For different packet types and switch configurations classificatio...

Page 221: ...different policies that allocate bandwidth to classified traffic If the traffic exceeds the bandwidth set in the policy out of profile the out of profile traffic can be allowed discarded or remarked R...

Page 222: ...ernal DSCP value to CoS value the queuing operation assigns packets to appropriate queues of priority according to the CoS value while the scheduling operation performs packet forwarding according to...

Page 223: ...e enabled or disabled in Global Mode QoS must be enabled first in Global Mode to configure the other QoS commands 2 Configure class map Set up a classification rule according to ACL VLAN ID IP Precede...

Page 224: ...ueue 6 Configure QoS mapping Configure the mapping from CoS to DSCP DSCP to CoS DSCP to DSCP mutation IP precedence to DSCP and policed DSCP 1 Enable QoS Command Explanation Global Mode mls qos no mls...

Page 225: ...st kbyte exceed action drop policed dscp transmit Configure a policy to classify traffic data stream exceeding the limit will be dropped or degraded the no police rate kbps burst kbyte exceed action d...

Page 226: ...Egress policy map is not supported yet mls qos dscp mutation dscp mutation name no mls qos dscp mutation dscp mutation name Apply DSCP mutation mapping to the port the no mls qos dscp mutation dscp m...

Page 227: ...Command class class map name no class class map name Function Associates a class to a policy map and enters the policy class map mode the no class class map name command deletes the specified class Pa...

Page 228: ...e number or name of the ACL ip dscp dscp list and ipv6 dscp dscp list match specified DSCP value the parameter is a list of DSCP consisting of maximum 8 DSCP values ip precedence ip precedence list ma...

Page 229: ...map Mode Usage Guide Only the classified traffic which matches the matching standard will be assigned with the new values Example Set the IP Precedence of the packets matching the c1 class rule to 3 S...

Page 230: ...ate policer name command deletes the specified policy set Parameters aggregate policer name is the name of the policy set rate kbps is the average baud rate in kb s of classified traffic range from 1...

Page 231: ...incoming packets through the port will be set to this cos value This is irrelevant to the priority of the packet itself no modification is done to the packets Default No trust Command mode Interface M...

Page 232: ...mls qos map cos dscp dscp cos dscp mutation dscp mutation name ip prec dscp policed dscp command restores the default mapping Parameters cos dscp dscp1 dscp8 defines the mapping from CoS value to DSC...

Page 233: ...ng the CoS to DSCP mapping value to the default 0 8 16 24 32 40 48 56 to 0 1 2 3 4 5 6 7 Switch Config mls qos map cos dscp 0 1 2 3 4 5 6 7 8 3 11 police Command police rate kbps burst kbyte exceed ac...

Page 234: ...ameters aggregate policer name is the policy set name Default No policy set is configured by default Command mode Policy class map configuration Mode Usage Guide The same policy set can be referred to...

Page 235: ...p name no service policy input policy map name output policy map name Function Applies a policy map to the specified port the no service policy input policy map name output policy map name command del...

Page 236: ...has the higher priority Example Setting the bandwidth weight proportion of the eight queue out to be 1 2 4 8 Switch Config Ethernet0 0 1 queue bandwidth 1 2 4 8 8 3 17 wrr queue cos map Command wrr q...

Page 237: ...S value 0 to 7 correspond to queue out 1 2 3 4 respectively If the incoming packet has no CoS value it is default to 5 and will be put in queue 6 All passing packets would not have their DSCP values c...

Page 238: ...th a burst value of 4 MB all packets exceed this bandwidth setting in that segment will be dropped Scenario 3 Fig 8 7 Typical QoS topology As shown in the figure inside the block is a QoS domain switc...

Page 239: ...recedence pass through cos 8 5 QoS Troubleshooting QoS is disabled on switch ports by default 8 sending queues are set by default queue1 forwards normal packets other queues are used for some importan...

Page 240: ...le for the class map 8 5 1 2 show policy map Command show policy map policy map name Function Displays policy map of QoS Parameters policy map name is the policy map name Default N A Command mode Admi...

Page 241: ...istics Function Displays QoS configuration information on a port Parameters interface id is the port ID buffers is the queue buffer setting on the port policers is the policy setting on the port queui...

Page 242: ...FQ Displayed information Explanation Cos queue map CoS value to queue mapping Queue and weight type Queue to weight mapping QType WFQ or PQ queue out method Switch show mls qos interface policers Ethe...

Page 243: ...apping Default N A Command mode Admin Mode Example Switch show mls qos map Cos dscp map cos 0 1 2 3 4 5 6 7 dscp 0 8 16 24 32 40 48 56 IpPrecedence dscp map ipprec 0 1 2 3 4 5 6 7 dscp 0 8 16 24 32 40...

Page 244: ...global configuration information for QoS Parameters N A Default N A Command mode Admin Mode Usage Guide This command indicates whether QoS is enabled or not Example Switch show mls qos Qos is enabled...

Page 245: ...ndled by hardware not like router forwarding by CPU As a result forwarding efficiency can be greatly improved even to wire speed 9 1 Layer 3 Interface 9 1 1 Introduction to Layer 3 Interface Layer 3 i...

Page 246: ...face VLANs should be configured first for details see the VLAN chapters When VLAN interface Layer 3 interface is created with this command the VLAN interface Layer 3 interface configuration mode will...

Page 247: ...ge NAT technology has disrupted the end to end model which is the original intention of IP design by making it necessary for router devices that serve as network intermediate nodes to maintain every c...

Page 248: ...need Foreign Agent Furthermore this kind of binding process enables Correspondent Node communicate with Mobile Node directly thereby avoids the extra system cost caused by triangle routing choice requ...

Page 249: ...bnet mask dotted decimal format what secondary represents means the configured IP address is slave IP address Command Mode Interface Mode Default The system default is no IP address configuration Usag...

Page 250: ...x announce parameters 8 Set static neighbor table entries 9 Clear neighbor table entries 3 IPv6 Tunnel configuration 1 Create Delete Tunnel 2 Configure Tunnel Source 3 Configure Tunnel Destination 4 C...

Page 251: ...2 IPv6 Neighbor Discovery Configuration 1 Configure DAD Neighbor Query Message number Command Explanation Interface Configuration Mode no ipv6 nd dad attempts value Set the neighbor query message numb...

Page 252: ...onfigure prefix announce parameters Command Explanation Interface Configuration Mode no ipv6 nd prefix ipv6 address prefix length valid lifetime preferred lifetime off link no autoconfig Configure the...

Page 253: ...letes the IPv4 address of tunnel destination end 4 Configure Tunnel Next Hop Command Description Tunnel Configuration Mode no tunnel nexthop ipv4 daddress Configure tunnel next hop IPv4 address The NO...

Page 254: ...lobal unicast address local site address and local link address for the interface Parameter Parameter ipv6 address is the prefix of IPv6 address parameter prefix length is the distance of the prefix o...

Page 255: ...ddress of the next hop and the address of some interface of the switch must be in the same network segment Interface name can be specified directly for tunnel router Example Configure static router 1...

Page 256: ...terface to send out Neighbor Request Message time interval to be 8 seconds Switch Config if Vlan1 ipv6 nd ns interval 8 9 2 2 4 6 ipv6 nd suppress ra Command no ipv6 nd suppress ra Function Prohibit r...

Page 257: ...xceed 1 4 of the maximum time interval Example Set the minimum time interval of sending routing announcement is 10 seconds Switch Config if Vlan1 ipv6 nd min ra interval 10 9 2 2 4 9 ipv6 nd max ra in...

Page 258: ...etime must be configured simultaneously Example Configure IPv6 announcement prefix as 2001 410 0 1 64 on Vlan1 the valid lifetime of this prefix is 8640 seconds and its preferred lifetime is 4320 seco...

Page 259: ...ce type is Ethernet type interface number is Layer 2 interface name Command Mode Interface Configuration Mode Default Situation There is not static neighbor table entry Usage Guide IPv6 address and mu...

Page 260: ...CMP Echoes to fe80 0000 0000 0000 0203 0fff fe01 2786 timeout is 2 seconds Success rate is 100 percent 1 1 round trip min avg max 1 1 1 ms Displayed information Explanation ping6 Execute ping6 functio...

Page 261: ...uide This command is for ISATAP tunnel other tunnels won t check the configuration of nexthop Example Configure tunnel next hop 178 99 156 8 Switch Config if Tunnel1 tunnel nexthop 178 99 156 8 9 2 2...

Page 262: ...isatap 9 2 2 4 20 clear ipv6 neighbor Command clear ipv6 neighbors Function Clear the neighbor cache of IPv6 Parameter None Command Mode Admin Mode Default None Usage Guide This command can not clear...

Page 263: ...Ping each other among PCs Note First make sure PC A and Switch can access each other by ping and PC B and SwitchB can access each other by ping The configuration procedure is as follows SwitchA Config...

Page 264: ...IPv6 address 2003 1 64 in vlan2 5 The IPv6 address of PC A is 2001 11 64 and the IPv6 address of PC B is 2003 33 64 6 Configure static routing 2003 33 64 on SwitchA and configure static routing 2001 1...

Page 265: ...2001 33 64 2002 1 SwitchA ping6 2003 33 Configuration results SwitchA show run interface Vlan1 ipv6 address 2001 1 64 interface Vlan2 ipv6 address 2002 2 64 interface Loopback mtu 3924 ipv6 route 2003...

Page 266: ...tchB and turn on RA function configure IPv4 address 203 203 203 1 on vlan3 5 Configure tunnel on SwitchA the source IPv4 address of the tunnel is 202 202 202 1 the tunnel routing is 0 6 Configure tunn...

Page 267: ...nel1 tunnel source 203 203 203 1 SwitchB Config if Tunnel1 tunnel destination 202 202 202 1 SwitchB Config if Tunnel1 tunnel mode ipv6ip SwitchB config ipv6 route 0 tunnel1 9 2 4 IP Troubleshooting IP...

Page 268: ...ask requests 0 mask replies 0 quench 0 parameter 0 timestamp 0 timestamp replies TCP statistics TcpActiveOpens 0 TcpAttemptFails 0 TcpCurrEstab 0 TcpEstabResets 0 TcpInErrs 0 TcpInSegs 0 TcpMaxConn 0...

Page 269: ...amp 0 timestamp replies Statistics of total ICMP packets received and classified information Sent 0 total 0 errors 0 time exceeded 0 redirects 0 unreachable 0 echo 0 echo replies 0 mask requests 0 mas...

Page 270: ...v6 PACKET rcvd Receive IPv6 data report Src fe80 203 fff fe01 2786 Source IPv6 address Dst fe80 1 Destination IPv6 address size 64 Size of data report proto 58 Protocol field in IPv6 header from Vlan1...

Page 271: ...Destination IPv6 address 9 2 4 1 6 debug ipv6 tunnel packet Command no debug ipv6 tunnel packet Function tunnel data packets receive send debug message Parameter None Default None Command Mode Admin...

Page 272: ...ST IPv6 is enabled Link local address es fe80 203 fff fe00 10 PERMANENT Global unicast address es 3001 1 subnet is 3001 1 64 PERMANENT Joined group address es ff02 1 ff02 16 ff02 2 ff02 5 ff02 6 ff02...

Page 273: ...ISIS router kernel is kernel router statistics shows router number database is router database Default Situation None Command Mode Admin Mode Usage Guide show ipv6 route only shows IPv6 kernel routing...

Page 274: ...table of which the destination network segment is 2002 64 via means passing fe80 250 baff fef2 a4f4 is the next hop Vlan1 is the exit interface name 1024 is router weight 9 2 4 1 9 show ipv6 neighbor...

Page 275: ...an1 reachable IPv6 neighbour table 11 entries Displayed information Explanation IPv6 Address Neighbor IPv6 address Link layer Addr Neighbor MAC address Interface Exit interface name State Neighbor sta...

Page 276: ...s Sent 110 generated 0 forwarded 0 dropped 0 no route IPv6 sent packets statistics 9 2 4 1 11 show ipv6 enable Command show ipv6 enable Function Display IPv6 transmission function on off status Parame...

Page 277: ...tion of hardware and can achieve wire speed forwarding In addition flexible management is provided to adjust and monitor forwarding ES3628EA switch supports aggregation algorithm enabling disabling op...

Page 278: ...of local switch CPU load is transferred to switches of the next hop Example Disabling optimized IP route aggregation algorithm Switch Config no ip fib optimize 9 4 ARP 9 4 1 Introduction to ARP ARP Ad...

Page 279: ...mmand arp ip_address mac_address ethernet portName no arp ip_address Function Configures a static ARP entry the no arp ip_address command deletes a static ARP entry Parameters ip_address is the IP add...

Page 280: ...whether the destination network is reachable before responding to the ARP request ARP request will only be responded if the destination is reachable Note the ARP request matching default route will no...

Page 281: ...ARP entry dynamic for dynamic ARP entry count displays number of ARP entries Command mode Admin Mode Usage Guide Displays the content of current ARP table such as IP address MAC address hardware type...

Page 282: ...282 Flag Describes whether ARP entry is dynamic or static...

Page 283: ...er the server provides the network address and configuration parameters for the clients if DHCP server and clients are located in different subnets DHCP relay is required for DHCP packets to be transf...

Page 284: ...bound IP address will be the same all the time 2 The lease period of IP address obtained dynamically is the same as the lease period of the address pool and is limited the lease of manually bound IP...

Page 285: ...nts the no domain name command deletes the domain name netbios name server address1 address2 address8 no netbios name server Configures the address for WINS server netbios node type b node h node m no...

Page 286: ...identifier no client identifier Specifies the unique ID of the user when binding address manually client name name no client name Configures a client name when binding address manually 3 Enable loggi...

Page 287: ...pecified identifier DHCP server assigns the IP address defined in host command to the client Example Specifying the IP address 10 1 128 160 to be bound to user with the unique id of 00 10 5a 60 af 12...

Page 288: ...way Parameters address1 address8 are IP addresses in decimal format Default No DNS server is configured for DHCP clients by default Command Mode DHCP Address Pool Mode Usage Guide Up to 8 DNS server a...

Page 289: ...t Function Specifies the IP address to be assigned to the user when binding addresses manually the no host command deletes the IP address Parameters address is the IP address in decimal format mask is...

Page 290: ...nment the no ip dhcp excluded address low address high address command cancels the setting Parameters low address is the starting IP address high address is the ending IP address Default Only individu...

Page 291: ...168 1 101 45 10 2 2 13 lease Command lease infinite 0 365 0 23 0 59 no lease Function Sets the lease time for addresses in the address pool the no lease command restores the default setting Parameter...

Page 292: ...nt to point node type number is the node type in Hex from 0 to FF Default No client node type is specified by default Command Mode DHCP Address Pool Mode Usage Guide If client node type is to be speci...

Page 293: ...from the server on boot up This command is used together with bootfile Example Setting the hosting server address as 10 1 128 4 Switch dhcp 1 config next server 10 1 128 4 10 2 2 18 option Command op...

Page 294: ...k configuration parameter for clients from multiple segments which is not only cost effective but also management effective DHCP Server DHCP Client DHCPDiscover Broadcast DHCPOFFER Unicast DHCPREQUEST...

Page 295: ...ast packet Command Explanation Global Mode ip forward protocol udp port no ip forward protocol udp port The UDP port 67 is used for DHCP broadcast packet forwarding Interface Mode ip helper address ip...

Page 296: ...ress for some reason before the lease period expires the DHCP server would not remove the binding information automatically The system administrator can use this command to delete that IP address clie...

Page 297: ...dhcp server events linkage packets no debug ip dhcp server events linkage packets Function Enables DHCP server debug information the no debug ip dhcp server events linkage packets command disables th...

Page 298: ...should be used for configuration 10 3 2 7 ip dhcp relay information policy drop Command ip dhcp relay information policy drop no ip dhcp relay information policy drop Function When layer 3 switches ar...

Page 299: ...6 1 0 24 Switch dhcp A config lease 3 Switch dhcp A config default route 10 16 1 200 10 16 1 201 Switch dhcp A config dns server 10 16 1 202 Switch dhcp A config netbios name server 10 16 1 209 Switch...

Page 300: ...h Config Erthernet0 0 2 switchport access vlan 2 Switch Config Erthernet0 0 2 exit Switch Config interface vlan 2 Switch Config if Vlan2 ip address 10 1 1 1 255 255 255 0 Switch Config if Vlan2 exit S...

Page 301: ...rocedures can be followed when DHCP client hardware and cables have been verified ok Verify the DHCP server is running start the related DHCP server if not running If the DHCP clients and servers are...

Page 302: ...ddress assigned to a DHCP client Hardware address MAC address of a DHCP client Lease expiration Valid time for the DHCP client to hold the IP address Type Type of assignment manual binding or dynamic...

Page 303: ...ER 6 DHCPACK 6 DHCPNAK 0 DHCPRELAY 1907 DHCPFORWARD 0 Switch Displayed information Explanation Address pools Number of DHCP address pools configured Database agents Number of database agents Automatic...

Page 304: ...figuration Click DHCP configuration DHCP server configuration The DHCP server configuration page is shown 10 6 1 1 Enable DHCP Click DHCP configuration DHCP server configuration Enable DHCP Users can...

Page 305: ...est priority and Gateway 8 has the lowest priority For example Select DHCP pool name to 1 set Gateway 1 to 10 1 128 3 Gateway 2 to 10 1 128 100 and then click Apply The configuration is applied on the...

Page 306: ...pool name to 1 set WINS server 1 to 10 1 128 30 and then click Apply The configuration is applied on the switch 10 6 1 6 DHCP file server address configuration Click DHCP configuration DHCP server con...

Page 307: ...Apply The configuration is applied on the switch 10 6 1 8 Manual address pool configuration Click DHCP configuration DHCP server configuration Manual address pool configuration Users can configure DH...

Page 308: ...iguration DHCP packet statistics Users can display DHCP packet statistics Users can configure DHCP relay 10 6 1 11 DHCP relay configuration Click DHCP configuration DHCP relay configuration DHCP relay...

Page 309: ...deleted 10 6 2 2 Delete conflict log Click DHCP configuration DHCP debugging Delete conflict log Users can delete conflict log For example Delete all conflict address to Yes and then click Apply All...

Page 310: ...310 10 6 2 5 Show conflict logging Click DHCP configuration DHCP debugging Show conflict logging Users can display conflict logging...

Page 311: ...oute Simple Network Time Protocol SNTP is the simplified version of NTP removing the complex algorithm of NTP SNTP is used for hosts who do not require full NTP functions it is a subset of NTP It is c...

Page 312: ...cal time and UTC time Parameter name is the name of local tomezone consist of max 16 characters hours is the time difference to UTC time range from 0 to 12 before utc means local time equals the UTC t...

Page 313: ...onfigure an IPv4 address of a SNTP NTP server SNTPv4 version is adopted on the server Switch Config sntp server 10 1 1 1 version 4 2 Configure a SNTP NTP server IPv6 address Switch Config sntp server...

Page 314: ...mode Admin Mode Example Displaying current SNTP configuration Switch show sntp SNTP server Version Last Receive 2 1 0 2 1 never 11 3 Typical SNTP Configuration Examples Fig 11 2 Typical SNTP Configura...

Page 315: ...ers may then make configuration to switch s SNTP settings 11 4 1 SNMP NTP server configuration Click SNTP configuration SNTP NTP server configuration to configure SNTP NTP server address and server ve...

Page 316: ...the UTC time z after utc means the configured time zone is the UTC time Example Configure time zone as Beijing select Add set the time difference as 8 and then click Apply to set the configuration in...

Page 317: ...networks even though a host computer receives an ARP reply which is not requested by itself it will also insert an entry to its ARP cache table so it creates a possibility of ARP spoofing If the hacke...

Page 318: ...tack other switches host computers or network equipment What the essential method on preventing attack and spoofing switches based on ARP in networks is to disable switch automatic update function the...

Page 319: ...static ARP ND Command Explanation Admin Mode and Interface Mode ip arp security convert ipv6 nd security convert Change dynamic ARP ND to static ARP ND 4 Clear dynamic ARP ND Command Explanation Admi...

Page 320: ...p security learnprotect Command ip arp security learnprotect no ip arp security learnprotect Function Forbid ARP automatic learning function of IPv4 Version the no ip arp security learning command re...

Page 321: ...y convert Function Change all of dynamic nd to static nd Parameter None Command Mode Global Mode Interface Configuration Example Switch Config if Vlan1 ipv6 nd security convert Switch Config ipv6 nd s...

Page 322: ...MAC address to C s IP so the switch changes IP address when it updates ARP list then data packet of 192 168 2 3 is transferred to 01 01 01 01 01 01 address A MAC address In further A transfers its rec...

Page 323: ...ronment changing it enable to forbid ARP refresh once it learns ARP property it wont be refreshed by new ARP reply package and protect use data from sniffing Switch config Switch config ip arp securit...

Page 324: ...layer3 switch Route can be grouped into direct route static route and dynamic route Direct route refer to the path directly connects to the layer3 switch and can be obtained with no calculation Stati...

Page 325: ...al an address consists of 1 to 4 255 s When AND the destination address with network mask we can get the network address for the destination host or the network the layer3 switch resides For example t...

Page 326: ...ess the router address publishing the routing messages The matching rules can be previously configured to be applied in the routing publishing receiving and distributing policies Five filters are prov...

Page 327: ...out the switch Please refer to chapter ACL Configuration 3 Ip prefix list The ip prefix list acts similarly to acl while more flexible and more understandable The match object of ip prefix is the des...

Page 328: ...the no route map map_name deny permit sequence_num command deletes the route map 2 Define the match clause in route map Command Explanation Route map configuration mode match as path list name no mat...

Page 329: ...match metric metric val Match the routing metric value The no match metric metric val command deletes match condition match origin egp igp incomplete no match origin egp igp incomplete Match the route...

Page 330: ...P atomic aggregate property The no set atomic aggregate command deletes the configuration set comm list community list name community list num delete no set comm list community list name community lis...

Page 331: ...set metric metric_val metric_val Set routing metric value The no set metric metric_val metric_val command deletes the configuration set metric type type 1 type 2 no set metric type type 1 type 2 Set...

Page 332: ...sequence_number deny permit any ip_addr mask_length ge min_prefix_len le max_prefix_len no ip prefix list list_name seq sequence_number deny permit any ip_addr mask_length ge min_prefix_len le max_pr...

Page 333: ...otted decimal notation and the length of mask ge means greater than or equal to min_prefix_len is the minimum length of prefix to be matched ranging between 0 32 le means less than or equal to max_pre...

Page 334: ...ermit 5 Switch config route map match as path 60 13 2 3 4 match community Command match community community list name community list num exact match no match community community list name community li...

Page 335: ...ip ACL num prefix list list name no match ip address next hop ip ACL name ip ACL num prefix list list name Function Configure the routing prefix or next hop The no match ip address next hop ip ACL nam...

Page 336: ...routing message The no match origin egp igp incomplete deletes the configuration Parameter egp means the route is learnt from the external gateway protocols IGP means the route is learnt from the int...

Page 337: ...Guide This command matches according to the tag value in the OSPF route If the matching succeeded then the permit or deny action in the route map is performed Example Switch config terminal Switch con...

Page 338: ...not be able to pass that route map Example Switch config terminal Switch config route map r1 permit 5 Switch config route map match as path 60 Switch config route map set weight 30 13 2 3 12 set aggr...

Page 339: ...cified route other than the more specified routes included in it To use this command one match clause should at first be defined Example Switch config terminal Switch config route map r1 permit 5 Swit...

Page 340: ...ributes from the prefix of this route additive means add following existing community attributes Command Mode route map mode Usage Guide To use this command one match clause should at first be defined...

Page 341: ...mode Usage Guide The local priority attribute is the priority level of a route A route with a higher local priority level when compared with other route of the same destination will be more preferred...

Page 342: ...hes the OSPS type 1 external route type 2 means matches the OSPS type 2 external route Command Mode route map mode Usage Guide To use this command one match clause should at first be defined Example S...

Page 343: ...g domain of OSPF routing messages The no set tag tag_val command deletes this configuration Parameter tag val is the tag value ranging between 0 4294967295 Command Mode route map mode Usage Guide Ther...

Page 344: ...iority is more preferred To use this command one match clause should at first be defined Example Switch config terminal Switch config route map r1 permit 5 Switch config route map set weight 60 13 2 4...

Page 345: ...5 Troubleshooting Faq The routing protocol could not achieve the routing messages study under normal protocol running state Troubleshooting check following errors Each node of route map should at lea...

Page 346: ...and the length of mask first match stands for the first route table matched with specified ip address longer means longer prefix is required seq means show by sequence number sequence number is the se...

Page 347: ...ces 5 10 Displayed information Explanation ip prefix list mylist Show the prefix list named mylist count 2 range entries 0 sequences 5 10 count 2 means two prefix list entries sequences 5 10 shows the...

Page 348: ...route is mainly used in the following two conditions 1 in stable networks to reduce load of route selection and routing data streams For example static route can be used in route to STUB network 2 For...

Page 349: ...deletes a static route entry 2 VPN configuration Command Explanation Global mode ip route vrf name ip prefix mask ip prefix prefix length gateway address gateway interface distance no ip route vrf na...

Page 350: ...xit interface are available The default distance values of each route type in the layer 3 switch of our company are listed below Route Type Distance Value Direct Route 0 Static Route 1 OSPF 110 RIP 12...

Page 351: ...t route namely the segment directly connected with the layer 3 switch S static Static route the route manually configured by users R RIP derived RIP route acquired by layer 3 switch through the RIP pr...

Page 352: ...nction Show the routing table Parameter name is the name of VPN route forwarding instances destination is the destination network address destination length is the prefix length plus destination netwo...

Page 353: ...nd PC is 255 255 255 0 PC A and PC C are connected via the static route set in SwitchA and SwitchC PC3 and PC B are connected via the static route set in SwitchC to SwitchB PC B and PC C is connected...

Page 354: ...l send this information to its own neighbor layer3 switches As a result the route selection table is built on second hand information route beyond 15 hops will be deemed as unreachable RIP protocol is...

Page 355: ...RIP I the RIP I packets should be discarded if such fields are non zero RIP II is a more improved version than RIP I RIP II sends route update packets by multicast packets multicast address is 224 0 0...

Page 356: ...id timer interval it considers the route from that neighbor invalid after holding the route fro a certain interval holddown timer interval it will delete that route 13 4 2 RIP Configuration Task List...

Page 357: ...ion mode network A B C D M ifname no network A B C D M ifname Enables the segment running RIP protocol the no network A B C D M ifname command deletes the segment 2 Configure RIP protocol parameters 1...

Page 358: ...e authentication mode and password Command Explanation Interface configuration mode ip rip authentication mode text md5 no ip rip authentication mode text md5 Sets the authentication method the no ip...

Page 359: ...e route metric value when the port sends or receives RIP data packet the no offset list access list number access list name in out number ifname command removes the deviation table 4 configure and app...

Page 360: ...nd cancels the limit timers basic update invalid garbage no timers basic Adjust the update timeout and garbage collection time the no timers basic command restore the default configuration recv buffer...

Page 361: ...IP packets on the interface the no ip rip send packet command disables sending RIP packets on the interface 4 Delete the specified route in RIP route table Command Explanation Admin Mode clear ip rip...

Page 362: ...ss day month year hh mm ss specify the concrete valid time of accept lifetime in hours minutes and second day specifies the date of valid ranging between 1 31 month specifies the month of valid shown...

Page 363: ...Clear specific route in the RIP route table Parameter Clear the routes which match the destination address from the RIP route table A B C D M specifies the IP address prefix and its length of the dest...

Page 364: ...01 01 01 43 IMI SEND Vlan1 Send to 224 0 0 9 520 1970 01 01 01 01 47 IMI RECV Vlan1 Receive from 20 1 1 2 520 13 4 3 5 default information originate Command default information originate no default in...

Page 365: ...cess list name access list number specifies the access list number or name applied Default The default managing distance of RIP is 120 Command Mode Router mode and address family mode Usage Guide In c...

Page 366: ...er 13 4 3 10 ip rip authentication key Command ip rip authentication key name of chain no ip rip authentication key Function Use this command to enable RIPV2 authentication on an interface and further...

Page 367: ...nfig interface vlan 1 Switch Config if Vlan1 ip rip authentication mode md5 13 4 3 12 ip rip authentication string Command ip rip authentication string text no ip rip authentication string Function Se...

Page 368: ...inal Switch config interface vlan 1 Switch Config if Vlan1 ip rip authentication cisco compatible 13 4 3 14 ip rip receive packet Command ip rip receive packet no ip rip receive packet Function Set th...

Page 369: ...he version information of the RIP packets the interface receives The default version is 2 the no ip rip send version command restores the value set by using the version command Parameter 1 and 2 respe...

Page 370: ...tch config terminal Switch config key chain mychain Switch config keychain key 1 Switch config keychain key 13 4 3 20 key chain Command key chain name of chain no key chain name of chain Function This...

Page 371: ...t 75 Command Mode router mode Usage Guide The maximum RIP routes only limits the number of routes learnt through RIP but not includes direct route or the RIP static route configured by the route comma...

Page 372: ...ll not be able to send or receive data packets Example Switch config terminal Switch config router rip Switch config router network 10 0 0 0 8 Switch config router network vlan 1 13 4 3 25 offset list...

Page 373: ...o recv buffer size Function This command configures the size of UDP receiving buffer zone of RIP the no recv buffer size command restores the system default Parameter size is the buffer zone size in b...

Page 374: ...no route A B C D M command deletes this route Parameter Specifies this destination IP address prefix and its length Command Mode Router mode Usage Guide The command add a static RIP route and is mainl...

Page 375: ...such as Jan year Specifies the year of valid start ranging between 1993 2035 end time hh mm ss month day year hh mm ss day month year end time Specifies the due of the time period of which the form s...

Page 376: ...roadcasting RIPng update packets every 30 seconds and the route is considered invalid after 180 seconds but still exists for another 120 seconds before it is deleted from the routing table Example Set...

Page 377: ...A Configure the IP address of interface vlan 1 SwitchA config SwitchA config interface vlan 1 SwitchA Config if Vlan1 ip address 10 1 1 1 255 255 255 0 SwitchA config if Vlan1 Configure the IP address...

Page 378: ...otocol and configure the RIP segments SwitchB config router rip SwitchB config router network vlan 1 SwitchB config router exit c Layer 3 SwitchC SwitchC config SwitchC config interface vlan 1 Configu...

Page 379: ...if Vlan1 ip vrf forwarding vpnb SwitchA config if Vlan1 ip address 10 1 1 1 255 255 255 0 SwitchA config if Vlan1 exit SwitchA config in vlan2 SwitchA config if Vlan2 ip vrf forwarding vpnc SwitchA co...

Page 380: ...following First ensure the physic connection is correct Second ensure the interface and chain protocol are UP use show interface command Then initiate the RIP protocol use router rip command and confi...

Page 381: ...ent debugging is on RIP packet detail debugging is on RIP NSM debugging is on 13 4 5 1 2 show ip protocols rip Command show ip protocols rip Function Show the RIP process parameter and statistics info...

Page 382: ...t redistribution metric is 1 Redistributing static Redistributing the static route into the RIP route Default version control send version 2 receive version 2 Interface Send Recv Key chain Ethernet0 0...

Page 383: ...Switch show ip rip database Codes R RIP K Kernel C Connected S Static O OSPF I IS IS B BGP Network Next Hop Metric From If Time R 10 1 1 0 24 1 Vlan1 R 20 1 1 0 24 1 Vlan2 Command show ip rip 13 4 5...

Page 384: ...vrf IPI Vlan1 Ethernet0 0 1 is up line protocol is up Routing Protocol RIP VPN Routing Forwarding vpnb Receive RIP packets Send RIP packets Passive interface Disabled Split horizon Enabled with Poison...

Page 385: ...s IPI Vlan1 Name Default RD Interfaces IPI Vlan1 13 5 RIPng 13 5 1 Introduction to RIPng RIP is first introduced in ARPANET this is a protocol dedicated to small simple networks RIPng is a distance ve...

Page 386: ...essively This greatly affects the route selection and route aggregation time To avoid infinite count RIPng provides mechanism such as split horizon and triggered update to solve route loop Split horiz...

Page 387: ...hanism for outdated route that is if a switch does not receive regular update packets from a neighbor within a certain interval invalid timer interval it considers the route from that neighbor invalid...

Page 388: ...Png protocol 2 Configure RIPng protocol parameters 1 Configure RIPng sending mechanism 1 configure the RIPng data packets point transmitting Command Explanation Router configuration mode no neighbor I...

Page 389: ...command cancels the feature 2 Configure the route offset Command Explanation Router configuration mode no offset list access list number access list name in out number ifname Configure that provide a...

Page 390: ...ion mode timers basic update invalid garbage no timers basic Adjust the renew timeout and garbage recycle RIPng timer the no timers basic command restore the default configuration 4 Delete the specifi...

Page 391: ...rip delete RIPng route from the RIPng route table only ospf delete IPv6 OSPF route from the RIPng route table only bgp delete IPv6 BGP route from the RIPng route table only ISIS delete ivp6 isis rout...

Page 392: ...c value of the routes from other routing protocols when distributed into the RIPng routes as 3 Switch Config router default metric 3 13 5 3 5 ipv6 rip split horizon Command ipv6 rip split horizon pois...

Page 393: ...ter rip no ipv6 router rip Function Enable RIPng on the interface The no ipv6 router rip command disables RIPng on the interface Default Not configured Command Mode Interface Mode Usage Guide The comm...

Page 394: ...erface Default The default offset value is the metric value of the interface defined by the system Command Mode Router mode Example Switch config terminal Switch config router ipv6 rip Switch config r...

Page 395: ...route ipv6 address Function This command configures a static RIP route The no route ipv6 address command deletes this route Parameter Specifies this destination IPv6 address prefix and its length show...

Page 396: ...1 64 exchange update information with SwitchB VLAN1 2001 1 1 2 64 only update information is not exchanged between SwitchA and SwitchC VLAN1 2001 1 1 2 64 The configuration for SwitchA SwitchB and Swi...

Page 397: ...1 2 64 SwitchB config if IPv6 router rip SwitchB config if exit Enable RIPng protocol SwitchC config router IPv6 rip SwitchC config router rip exit Configure the IPv6 address and interfaces of Etherne...

Page 398: ...detail all Function For opening various debugging switches of RIPng showing various debugging messages The no debug ipv6 rip events nsm packet recv send detail all command close the corresponding deb...

Page 399: ...RIPng is not enabled on this interface Vlan1 is up line protocol is up Routing Protocol RIPng Passive interface Disabled Split horizon Enabled with Poisoned Reversed IPv6 interface address 3000 1 1 1...

Page 400: ...er 180 seconds garbage collect after 120 seconds The route timeout time is 180 seconds the garbage collect time is 120 seconds Outgoing update filter list for all interface is not set Outgoing update...

Page 401: ...es related to RIPng database Command Mode Any mode Example Switch show ipv6 rip database 13 5 5 1 7 show ipv6 rip interface Command show ipv6 rip interface ifname Function Show RIPng interface related...

Page 402: ...witch copy the LSA to their routing table and transfer the information to the rest part of the network This process is referred to as flooding In this way firsthand information is sent throughout the...

Page 403: ...and interface based packet verification OSPF supports sending packets in multicast Each OSPF layer3 switch maintains a database describing the topology of the whole autonomous system Each layer3 swit...

Page 404: ...SPF area of multi access network and is sent to all other neighboring layer3 switches in this area In order to reduce traffic on layer3 switches in the multi access network designated layer3 switch an...

Page 405: ...ch is different OSPF protocol is developed by the IETF the OSPF v2 widely used now is fulfilled according to the content described in RFC2328 13 6 2 OSPF Configuration Task List The OSPF configuration...

Page 406: ...can use the default settings If OSPF protocol parameters need to be modified please refer to 2 Configure OSPF protocol parameters Command Explanation Global mode no router ospf process id Enables OSP...

Page 407: ...cost cost no ip ospf cost Sets the cost for running OSPF on the interface the no ip ospf cost command restores the default setting 4 Configure OSPF package sending timer parameter timer of broadcast...

Page 408: ...tic routings as external routing messages the no redistribute bgp connected static rip kernel command cancels the distributed external messages 3 Configure other OSPF protocol parameters 1 configure h...

Page 409: ...lt information originate no redistribution no summary translator role range range shortcut disable enable stub no summary virtual link neighbor command restores the default settings 4 Configure the pr...

Page 410: ...cost Function Configure the cost of sending to the default summary route in stub or NSSA area the no area id default cost command restores the default value Parameter id is the area number which coul...

Page 411: ...ed translator Type 7 LSA can be translated to Type 5 LSA the default is candidate never means the router will never translate Type 7 LSA to Type 5 LSA always means the route always translate Type 7 LS...

Page 412: ...usly a summary route can be advertised by configuring this command on ABR This route consists of all single networks belong to specific range Example Switch config terminal Switch config router ospf 1...

Page 413: ...for the routers in the stub area stub and default cost All routers connected to the stub area should be configured with area stub command As for area border routers connected to the stub area their in...

Page 414: ...all non backbone areas will be connected to a backbone area If the connection to the backbone area is lost virtual link will repair this connection You can configure virtual link between any two back...

Page 415: ...mple Switch config terminal Switch config router ospf 100 Switch config router no capability opaque 13 6 3 11 compatible rfc1583 Command no compatible rfc1583 Function This command configures to rfc15...

Page 416: ...ance Manage distance value ranging between 1 255 Default Default distance value is 110 Command Mode OSPF protocol mode Usage Guide Manage distance shows the reliability of the routing message source T...

Page 417: ...tain area The no host host address area area id cost cost command cancels this configuration Parameter host address is host IP address show in dotted decimal notation area id area ID shown in dotted d...

Page 418: ...LINE no ip ospf ip address authentication Function Specify the authentication key required in sending and receiving OSPF packet on the interface the no ip ospf ip address authentication cancels the au...

Page 419: ...terval time no ip ospf ip address dead interval Function Specify the dead interval for neighboring layer 3 switch the no ip ospf ip address dead interval command restores the default value Parameter i...

Page 420: ...rameter ip address is the interface IP address shown in dotted decimal notation time is the interval sending HELLO packet shown in seconds and ranging between 1 65535 Default The hello interval on the...

Page 421: ...ted The last configuration of this command will overwrite the previous one to prevent the system from communicating with the former key id Example Switch config terminal Switch config interface vlan 1...

Page 422: ...roadcast non broadcast Set the OSPF network type to NBMA point to point Set the OSPF network type to point to point point to multipoint Set the OSPF network type to point to multipoint Default The def...

Page 423: ...ransmit interval command restores the default value Parameter ip address is the interface IP address show in dotted decimal notation time is the retransmit interval of link state announcements between...

Page 424: ...of dd in the OSPF process the no max concurrent dd command restores the default Parameter value ranges between 1 65535 which is the capacity of processing the concurrent dd data packet Default Not set...

Page 425: ...h the network address The no network NETWORKADDRESS area area id command removes the configuration and stop OSPF on corresponding interface Parameter NETWORKADDRESS A B C D M A B C D X Y Z W Shown wit...

Page 426: ...d cancels the ID number Parameter address IPv4 address format of router id Default No default configuration Command Mode OSPF protocol mode Usage Guide The new router id takes effect immediately Examp...

Page 427: ...overflow database external 5 3 13 6 3 37 passive interface Command no passive interface ifname Function Configure that the hello group not sent on specific interfaces The no passive interface ifname c...

Page 428: ...onfiguration succeeded The no router ospf process_id vrf name command deletes the VPN routing forwarding instance related OSPF instances Parameter process_id specifies the id of the OSPF process to be...

Page 429: ...1 default metric Command default metric value no default metric Function The command set the default metric value of OSPF routing protocol the no default metric returns to the default state Parameter...

Page 430: ...timers spf spf delay spf holdtime no timers spf Function Adjust the value of the route calculating timer The no timers spf command restores relevant values to default Parameter spf delay 5 seconds by...

Page 431: ...if vlan2 ip address 100 1 1 1 255 255 255 0 SwitchA config if vlan2 exit Enable OSPF protocol configure the area number for interface vlan1 and vlan2 SwitchA config router ospf SwitchA config router n...

Page 432: ...wn SwitchC config if vlan3 exit Enable OSPF protocol configure the OSPF area interfaces vlan3 resides in Initiate the OSPF protocol configure the OSPF area to which interface vlan3 belongs SwitchC con...

Page 433: ...config router network 30 1 1 0 24 area 0 SwitchE config router network 100 1 1 0 24 area 0 SwitchE config router exit SwitchE config exit Scenario 2 Typical OSPF protocol complex topology Fig 13 7 Typ...

Page 434: ...formation from the other edge layer3 switches Virtual link can not only maintain the connectivity of the backbone area but also strengthen the backbone area For example if the connection between backb...

Page 435: ...authentication key DCS SwitchA config If Vlan2 exit Configure IP address and area number for interface vlan1 SwitchA config interface vlan 1 SwitchA config If Vlan1 ip address 20 1 1 1 255 255 255 0 S...

Page 436: ...rea number for interface vlan2 SwitchC config router ospf SwitchC config router network 10 1 1 0 24 area 1 SwitchC config router exit Configure simple key authentication SwitchC config interface vlan...

Page 437: ...chD config router network 10 1 1 0 24 area 1 SwitchD config router exit Configure simple key authentication SwitchD config interface vlan 2 SwitchD config If Vlan2 ip ospf authentication SwitchD confi...

Page 438: ...xit SwitchA config SwitchA config ip vrf vpnc SwitchA config vrf SwitchA config vrf exit Associate the vlan 1 and vlan 2 respectively with vpnb and vpnc while configuring IP address SwitchA config in...

Page 439: ...hernet E 0 0 2 SwitchC config SwitchC config interface Vlan1 SwitchC config if vlan1 ip address 20 1 1 2 255 255 255 0 SwitchC config if vlan1 exit Initiate OSPF protocol and configuring OSPF segments...

Page 440: ...nk Function Open debugging switches showing various OSPF events messages the no debug ospf events abr asbr lsa nssa os router vlink command closes the debugging switch Default Closed Command Mode Admi...

Page 441: ...cket Command no debug ospf packet dd detail hello ls ack ls request ls update recv detail Function Open debugging switches showing OSPF packet messages the no debug ospf packet dd detail hello ls ack...

Page 442: ...er of areas attached to this router 1 Area 0 BACKBONE Inactive Number of interfaces in this area is 0 0 Number of fully adjacent neighbors in this area is 0 Area has message digest authentication SPF...

Page 443: ...ase Command show ip ospf process id database linkstate_id asbr summary self originate adv router advertiser_router linkstate_id externel self originate adv router advertiser_router linkstate_id networ...

Page 444: ...6 1 1 0 24 22 1 1 0 192 168 1 2 308 0x8000000c 0xc8f0 22 1 1 0 24 ASBR Summary Link States Area 0 0 0 2 Link ID ADV Router Age Seq CkSum 192 168 1 1 192 168 1 2 1702 0x8000002a 0x89c7 AS External Link...

Page 445: ...es of all neighbors detail Display detailed messages of all neighbors ifaddress Interface IP address Default Not displayed Command Mode All modes Usage Guide OSPF neighbor state can be checked by view...

Page 446: ...Vlan4 Area 0 0 0 3 E1 100 1 0 0 16 21 via 10 1 1 1 Vlan1 E1 100 2 0 0 16 21 via 10 1 1 1 Vlan1 13 6 5 1 14 show ip ospf virtual links Command show ip ospf process id virtual links Function Display the...

Page 447: ...all interfaces is Redistributing Routing for Networks 10 1 1 0 24 12 1 1 0 24 Routing Information Sources Gateway Distance Last Update Distance default is 110 Address Mask Distance List Routing Protoc...

Page 448: ...py the LSA to their routing table and transfer the information to the rest part of the network This process is referred to as flooding In this way firsthand information is sent throughout the network...

Page 449: ...rotocols and interface based packet verification OSPFv3 supports sending packets in multicast Each OSPFV3 layer3 switch maintains a database describing the topology of the whole autonomous system Each...

Page 450: ...ea To reduce data traffic among each Layer 3 switches in the multi access network designated layer3 switch and backup designated layer3 switch should be selected in the multi access network and the ne...

Page 451: ...s system can be recorded As a result the route table of each layer3 switch is different OSPFv3 protocol is developed by the IETF the OSPF v3 used now is fulfilled according to the content described in...

Page 452: ...ch of ES3628EA switch normally only enabling OSPFv3 implement OSPFv3 interface the default value is defined to OSPFv3 protocol parameters Refer to 2 Configure OSPF auxiliary parameters if the OSPFv3 p...

Page 453: ...default setting 3 Configure OSPFv3 package sending timer parameter timer of broadcast interface sending HELLO package to poll timer of neighboring layer3 switch invalid timeout timer of LSA transmiss...

Page 454: ...nected static rip isis bgp metric value metric type 1 2 route map word command cancels imported external routing message 3 Configure Other Parameters of OSPFv3 Protocol 1 Configure OSPFv3 STUB Area De...

Page 455: ...the default value Parameter id is the area number which could be shown as digits 0 4294967295 or as an IP address cost ranges between 0 16777215 Default Default OSPFv3 cost is 1 Command Mode OSPFv3 p...

Page 456: ...cels this function Parameter id is the area number which could be digits ranging between 0 4294967295 and also as an IPv4 address no summary The area border routes stop sending link summary announceme...

Page 457: ...before a router sending a group messages 1 second by default Default No default configuration Command Mode OSPFv3 protocol mode Usage Guide In the OSPF all non backbone areas will be connected to a ba...

Page 458: ...hrough If the metric value can not be translated the default value provides alternative option to carry the route introducing on This command will result in that all introduced route will use the same...

Page 459: ...neighboring layer 3 switch according to the actual link state The set dead interval value is written into the Hello packet and transmitted To ensure the normal operation of the OSPF protocol the dead...

Page 460: ...the hello interval parameter between the layer 3 switches adjacent to the interface must be in accordance The command can configure on IPv6 tunnel interface but it is successful configuration to only...

Page 461: ...g between 1 65535 Default Default retransmit interval is 5 seconds Command Mode Interface Mode Usage Guide When a layer 3 switch transmits LSA to its neighbor it will maintain the link state announcem...

Page 462: ...id tag tag instance id instance id tag tag area area id instance id instance id command cancels this configuration Parameter area id is an area ID which could be shown in digits ranging between 0 4294...

Page 463: ...p not sent on specific interfaces The no passive interface ifname command cancels this function Parameter ifname is the specific name of interface Default Not configured Command Mode OSPFv3 protocol m...

Page 464: ...ommand Mode OSPFv3 protocol mode Example Switch config terminal Switch config router ipv6 ospf Switch config router router id 192 168 2 1 13 7 3 19 router ipv6 ospf Command no router ipv6 ospf tag Fun...

Page 465: ...switch for example where layer3 SwitchA and Switch Emake up OSPF area 0 layer3 SwitchB and SwitchC form OSPF area 1 assume vlan1 interface of layer3 SwitchA belongs to area 0 layer3 SwitchD forms OSPF...

Page 466: ...router router id 192 168 2 2 Configure interface vlan1 address vlan2 IPv6 address and affiliated OSPFv3 area SwitchB config SwitchB config interface vlan 1 SwitchB config if vlan1 IPv6 address 2010 1...

Page 467: ...nfig interface vlan 2 SwitchE config if vlan2 IPv6 address 2100 1 1 2 64 SwitchE config if vlan2 IPv6 router ospf area 0 SwitchE config if vlan2 exit Configure interface vlan3 IPv6 address and affilia...

Page 468: ...technical service center 13 7 5 1 Monitor And Debug Command 13 7 5 1 1 debug ipv6 ospf ifsm Command no debug ipv6 ospf ifsm status events timers Function Open debugging switches showing the OSPF inter...

Page 469: ...spf packet dd detail hello ls ack ls request ls update recv detail Function Open debugging switches showing OSPF packet messages the no debug ipv6 ospf packet dd detail hello ls ack ls request ls upda...

Page 470: ...Function Display the OSPF link state data base message Parameter tag is the process tag which is a character string advertiser_router is the ID of Advertising router shown in IPv4 address format Defau...

Page 471: ...SA Interface Vlan1 Link LSA messages of interface Vlan1 Router LSA Area 0 0 0 0 Router LSA messages in Area 0 Network LSA Area 0 0 0 0 Network LSA in Area 0 Intra Area Prefix LSA Area 0 0 0 0 Intra do...

Page 472: ...llo 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 10 Neighbor Count is 1 Adjacent neighbor count is 1 Displayed information Explanations Vlan1 is up line protocol is up Let the interface up both...

Page 473: ...he neighbor ID shown in IPv4 address format detail Show neighbor details ifname name of the interface Default Not displayed Command Mode All modes Usage Guide OSPF neighbor state can be checked by vie...

Page 474: ...sages of OSPF topology Parameter tag is the processes tag which is a character string area id is an area ID which could be shown in digits ranging between 0 4294967295 or an IPv4 address Default Not d...

Page 475: ...Ps Interior Gateway Protocol in order to exchange routing information in the AS such as RIP and OSPF which are IGPs and exchange information among ASes with EGP Exterior Gateway Protocol For example B...

Page 476: ...olicies which make BGP 4 more extendable to encourage the internet development 2 The Overview of BGP 4 operation Unlike RIP and OSPF protocols BGP protocol is connection oriented BGP switches must est...

Page 477: ...it s called IBGP When in the different AS it s called EBGP Generally the outer neighbors are connected physically and the inner neighbors can be in any place of the AS The difference is finally shown...

Page 478: ...tination BGP need select the best route to the destination The decision making process is as the following 1 Select the route with the most weight first 2 If the weights are the same select the route...

Page 479: ...ups Parameters 8 Adjust BGP Timers 9 Adjust BGP Announcement Interval 10 Configure the default Local Priority 11 Allow to Transfer Default Route 12 Configure BGP s MED Value 13 Configure BGP Routing R...

Page 480: ...nfiguration Command Explanation Admin Mode clear ip bgp as id external peer group NAME ip address soft out Configure outbound soft reconfiguration 3 Configure inbound soft reconfiguration Command Expl...

Page 481: ...command cancels routing filter 6 Configure Next Hop 1 Set Next Hop as the switch s address Command Explanation BGP configuration mode neighbor ip address TAG next hop self no neighbor ip address TAG...

Page 482: ...onfigure the BGP Version Command Explanation BGP configuration mode neighbor ip address TAG version value no neighbor ip address TAG version Set the version used by BGP neighbors the no neighbor ip ad...

Page 483: ...ress TAG send community command enables the route without community attributes 4 Configure BGP Confederation Command Explanation BGP configuration mode bgp confederation identifier as id no bgp confed...

Page 484: ...ter id command cancels the cluster id configuration 3 If the route reflector from clients to clients is needed the following commands can be used Command Explanation BGP configuration mode bgp client...

Page 485: ...on neighbor ip address TAG default originate route map NAME no neighbor ip address TAG default originate route map NAME Permit to send the default route 0 0 0 0 the no neighbor ip address TAG default...

Page 486: ...ring neighbor ip address TAG route reflector client no neighbor ip address TAG route reflector client Configure the current switch as route reflector and specify a client the no neighbor ip address TA...

Page 487: ...ime no timers bgp Configure the BGP timers of all the neighbors the no timers bgp command recovers the default value 2 Configure the timer value of a particular neighbor Command Explanation BGP config...

Page 488: ...no neighbor ip address TAG default originate command cancels sending default route 12 Configure BGP s MED Value 1 Configure MED value Command Explanation Route map configuration command set metric me...

Page 489: ...c rip ospf command cancels the redistribution 14 Configure Route Dampening Command Explanation BGP configuration mode bgp dampening 1 45 1 20000 1 20000 1 255 1 45 no bgp dampening 1 45 1 20000 1 2000...

Page 490: ...de route update dynamic capability outgoing route filtering capability and the address family s capability of supporting the negotiation Use these command to enable these capabilities its format no cl...

Page 491: ...ddress family mode Parameter AFI address family such as IPv4 IPv6 VPNv4 etc SAFI sub address family such as unicast multicast Default None Command Mode BGP routing mode Usage Guide Since the BGP 4 sup...

Page 492: ...ne Command Mode BGP mode Usage Guide To support VPN VRF has to be enabled on the border routers to realize VPN create neighbors for BGP with the VRF address family on the private network and with VPNv...

Page 493: ...ck command cancels this configuration namely not check the next hop accordance of aggregate route Parameter None Default No nexthop checked during aggregating Command Mode Global mode Usage Guide When...

Page 494: ...onfig router bgp 200 Switch config router bgp bestpath as path ignore 13 8 3 8 bgp bestpath compare confed aspath Command bgp bestpath compare confed aspath no bgp bestpath compare confed aspath Funct...

Page 495: ...is configuration Parameter confed Compare MED in the confederation path missing is worst Consider as max MED value when missing Default Not configured Command Mode BGP route mode Usage Guide Choose wh...

Page 496: ...r more reflector identification Example Switch config router bgp cluster id 1 1 1 1 13 8 3 13 bgp confederation identifier Command bgp confederation identifier as id no bgp confederation identifier as...

Page 497: ...ide Abundant route update due to unstable route could be reduced with route dampening technology of which the algorithm is lay penalty on the route when the route fluctuates and when penalty exceeds t...

Page 498: ...n other main attributes equal to compare with other AS After the best one is elected select the path among AS with no regard to MED value Example Switch config router bgp deterministic med 13 8 3 18 b...

Page 499: ...plays as PE whether the route bgp acquired from VPN is saved in BGP depends on if the VRF configured in this PE has got matched information With the no bgp inbound route filter command the BGP will s...

Page 500: ...k import check command sets to not checking the IGP accessibility Parameter None Default Not configured Command Mode BGP route mode Usage Guide Checking the IGP accessibility of the route advertised b...

Page 501: ...ually The no bgp router id IP ADDRESS cancels this configuration Parameter ip address Router ID Default Automatically acquire router ID Command Mode BGP route mode Usage Guide Manually set the router...

Page 502: ...configuration if it is already set Example Switch clear ip bgp soft in When soft reconfiguration is set use this commands for soft reconfiguration Switch clear ip bgp Will clear up all established con...

Page 503: ...rameter 1 255 Manage distance ip address M Routing prefix WORD Access list name Default Not set Command Mode BGP route mode Usage Guide Set the manage distance for specified BGP route as the path sele...

Page 504: ...is the route map name used Command Mode vrf mode Usage Guide Use the route map command route map NAME permit deny 1 65535 to create the route map and establish the regulations Using this command will...

Page 505: ...for pass filter Example Switch config ip as path access list ASPF deny 100 13 8 3 36 ip community list Command ip community list LISTNAME 1 199 expanded WORD standard WORD deny permit COMMUNITY no ip...

Page 506: ...ommand we can configure the community list so to supply terms for the pass filter search Example Switch config ip extcommunity list LN permit 100 10 13 8 3 38 neighbor activate Command neighbor ip add...

Page 507: ...ly mode Usage Guide Reduce this value will improve the route updating speed while also consumes more bandwidth Example Switch config router neighbor 10 1 1 64 advertisement interval 20 Switch config r...

Page 508: ...and address family mode Usage Guide With this configuration specified route attributes will not change when transmitted to the specified neighbor The BGP route mode is the IPv4 unicast configuration...

Page 509: ...af exit address family The route is successfully transmitted to CE2 after refresh on CE2 shown Switch show ip bgp BGP table version is 5 local router ID is 100 1 1 70 Status codes s suppressed d dampe...

Page 510: ...Command neighbor ip address TAG capability orf prefix list both send receive no neighbor ip address TAG capability orf prefix list both send receive Function Configure the out route filter capability...

Page 511: ...g router neighbor 10 1 1 64 collide established 13 8 3 46 neighbor default originate Command neighbor ip address TAG default originate route map WORD no neighbor ip address TAG default originate route...

Page 512: ...9 WORD in out no neighbor ip address TAG distribute list 1 199 1300 2699 WORD in out Function Configure the policy applied in partner route update transmission The no neighbor ip address TAG distribut...

Page 513: ...dress TAG ebgp multihop 1 255 no neighbor ip address TAG ebgp multihop 1 255 Function Configures the EBGP neighbors can existing in different segment as well as its hop count TTL The no neighbor ip ad...

Page 514: ...irect connected check will not be performed at exit in enforce multihop conditions Example Switch config router neighbor 10 1 1 66 enforce multihop 13 8 3 52 neighbor filter list Command neighbor ip a...

Page 515: ...ion accessibility should be ensured Example Switch config router neighbor 10 1 1 64 interface Vlan2 13 8 3 54 neighbor maximum prefix Command neighbor ip address TAG maximum prefix 1 4294967295 1 100...

Page 516: ...t the nexthop will automatically point to the source neighbor However in IBGP environment the nexthop remains the same for route in the same segment If it is not broadcast network errors will be encou...

Page 517: ...ide do not attempt to create connection but stays in ACTIVE state waiting for the TCP connection request from the partner 13 8 3 58 neighbor peer group Command neighbor TAG peer group no neighbor TAG...

Page 518: ...hbor ip address port 0 65535 command restore the port number to default value Parameter ip address Neighbor IP address TAG Name of the peer group 0 65535 TCP port number Default Default port number is...

Page 519: ...ss TAG Name of peer group as id Neighbor AS number ranging between 1 65535 Default No neighbors Command Mode BGP mode and address family mode Usage Guide The BGP neighbors are completely generated thr...

Page 520: ...in out command cancels this configuration Parameter ip address Neighbor IP address TAG Name of peer group NAME Name of route mapping in out Direction of route mapping Default Not set Command Mode BGP...

Page 521: ...nt no neighbor ip address TAG route server client Function Configure the route server client The no neighbor ip address TAG route server client command cancels this configuration Parameter ip address...

Page 522: ...s to the neighbors or else not Omission of the following choice will be equal to standard Example Switch config router no neighbor 10 1 1 66 send community Switch config router neighbor 10 1 1 66 send...

Page 523: ...P area this attribute can be set Once this attribute is set it spreads with route routes carrying SOO attributes will not be spreader to a neighbor configured with the attribute Example Switch config...

Page 524: ...65535 Respectively the KEEPALIVE and HOLD TIME Default Default KEEPALIVE time is 60s while HOLD TIME is 240s Command Mode BGP mode and address family mode Usage Guide Send KEEPALIVE interval and HOLD...

Page 525: ...6 unsuppress map rmp Switch config access list 10 permit 10 1 1 100 0 0 0 255 Switch config route map rmp permit 5 Switch config route map match ip next hop 10 Route with nexthop as 10 1 1 100 will no...

Page 526: ...ure the route weight sent from the partner The no neighbor ip address TAG weight 0 65535 command restores the default value Parameter ip address Neighbor IP address TAG Name of IP address 0 65535 Weig...

Page 527: ...redistribute route from other modes into BGO The no redistribute ROUTES route map WORD command cancels this configuration Parameter ROUTES Route source or protocol including connected isis kernel osp...

Page 528: ...ig router state the protocol can be configured at this prompt In case no bgp multiple instance is configured while a BGP is enabled enabling new BGP instance will return with error If bgp multiple ins...

Page 529: ...oth mode so to equal the RD and RT_VALUE Example Switch config ip vrf DC1 Switch config vrf rd 100 10 Switch config vrf route target both 100 10 Switch config vrf In above example is created a VRF nam...

Page 530: ...the nexthop 10 1 1 68 of the VPN route is changed to 10 1 1 250 after applied with route map 13 8 3 84 timers bgp Command timers bgp 0 65535 0 65535 no timers bgp 0 65535 0 65535 Function Configure al...

Page 531: ...13 1 1 4 remote as 200 SwitchB config router bgp exit The configurations of SwitchC are as following SwitchC config router bgp 200 SwitchC config router bgp network 12 0 0 0 SwitchC config router bgp...

Page 532: ...from itself More detailed route information about 193 0 0 0 will be announced SwitchB config router bgp 100 SwitchB config router bgp aggregate 193 0 0 0 24 At the same time the aggregation command a...

Page 533: ...ch config router bgp neighbor 16 1 1 6 route map match community in Switch config router bgp exit Switch config route map match community permit 10 Switch config route map match community com1 Switch...

Page 534: ...tchB config router bgp neighbor 12 1 1 3 remote as 10 SwitchB config router bgp neighbor 13 1 1 4 remote as 20 SwitchB config router bgp neighbor 11 1 1 1 remote as 100 SwitchC SwitchC config router b...

Page 535: ...chC SwitchD SWE SWF and SWG establish IBGP connection which is affiliated to AS100 SwitchC creates EBGP connection with AS200 SwitchA creates EBGP connection with AS300 SwitchC SwitchD and SWG make ro...

Page 536: ...ghbor 5 5 5 5 route reflector client SwitchD config router bgp neighbor 6 6 6 6 remote as 100 SwitchD config router bgp neighbor 6 6 6 6 route reflector client SwitchD config router bgp neighbor 3 3 3...

Page 537: ...bgp neighbor 2 2 2 2 remote as 100 SwitchC config router bgp neighbor 2 2 2 2 route map set metric out SwitchC config router bgp neighbor 1 1 1 2 remote as 300 SwitchC config router bgp exit SwitchC...

Page 538: ...ibute At this time the route with lower value is the better route But the comparison of metric attribute will only be done with the routes from the same AS For SwitchA the routes passed SwitchC are pr...

Page 539: ...en send them to ourTechnology Service Center 13 8 5 1 Monitor And Debug Command 13 8 5 1 1 show ip bgp Command show ip bgp ADDRESS FAMILY ip address ip address M longer prefixes cidr only Function For...

Page 540: ...GP with community information Parameter ADDRESS FAMILY Address family such as ipv4 unicast TYPE Community attributes number show in AA NN form or combination of local AS no advertise and no export Def...

Page 541: ...e the community list with ip community list command and the contained community as well When displayed with its name communities included in all the lists are contained Example Switch config ip commun...

Page 542: ...P table version is 13 local router ID is 10 1 1 66 Status codes s suppressed d damped h history valid best i internal S Stale Origin codes i IGP e EGP incomplete Network From Flaps Duration Reuse Path...

Page 543: ...s ipv4 unicast Default None Command Mode All modes Usage Guide If same prefix comes from different origin AS the AS will be regarded as inconsistent This command is for displaying this kind of routes...

Page 544: ...ive interval is 60 seconds Neighbor capabilities Route refresh advertised and received old and new Address family IPv4 Unicast advertised and received Received 17 messages 0 notifications 0 in queue S...

Page 545: ...Status codes s suppressed d damped h history valid best i internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 10 1 1 66 0 200 300 10 1 1 100 0...

Page 546: ...1 13 show ip bgp regexp Command show ip bgp ADDRESS FAMILY regexp LINE Function For displaying the BGP routes meets specific AS related normal expressions Parameter ADDRESS FAMILY address family such...

Page 547: ...router ID is 11 1 1 100 Status codes s suppressed d damped h history valid best i internal S Stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 100 1 1 0 24 10 1 1 6...

Page 548: ...s Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up Down State PfxRcd 10 1 1 68 4 300 0 0 0 0 0 never Active Total number of neighbors 1 Relevant Commands None 13 8 5 1 17 show ip bgp view Command show...

Page 549: ...or IP address digits such as 100 10 vrf name is the name of VRF created through if vrf vrf name command Command Mode All modes Usage Guide Available to display by specified RD or VRF Example Switch s...

Page 550: ...ease IPv6 unicast address family configuration 13 9 2 MBGP4 Configures Mission List 1 Configure IPv6 neighbor 2 Configure and enable IPv6 address family 3 Configure IPv6 neighbor Command Explanation B...

Page 551: ...chB config router bgp neighbor 2003 4 remote as 200 SwitchB config router bgp address family IPv6 unicast SwitchB config router af neighbor 2001 1 activate SwitchB config router af neighbor 2002 3 act...

Page 552: ...onfig router af neighbor 2002 2 activate SwitchD config router af neighbor 2003 3 activate SwitchD config router af exit address family SwitchD config router bgp exit Here the connection between Switc...

Page 553: ...hip reports a message IGMP Snooping is also referred to as IGMP listening The switch prevents multicast traffic from flooding through IGMP Snooping multicast traffic is forwarded to ports associated t...

Page 554: ...gures a static multicast address and port member to join 3 Configure IGMP to send Query Command Explanation Global Mode ip igmp snooping vlan vlan id query no ip igmp snooping vlan vlan id query Enabl...

Page 555: ...gmp snooping vlan 100 14 3 2 ip igmp snooping vlan immediate leave Command ip igmp snooping vlan vlan id immediate leave no ip igmp snooping vlan vlan id immediate leave Function Enable the IGMP fast...

Page 556: ...oping vlan vlan id Function Enable the IGMP Snooping function for the specified VLAN the no ip igmp snooping vlan vlan id command disables the IGMP Snooping function for the specified VLAN Parameter v...

Page 557: ...port Parameter vlan id vlan id ranging between 1 4094 value mrouter port survive period ranging between 1 65535 seconds Command Mode Global mode Default 255s Usage Guide This command validates on dyna...

Page 558: ...n id query robustness Function Configure the query robustness The no ip igmp snooping vlan vlan id query robustness command restores to the default value Parameter vlan id vlan id ranging between 1 40...

Page 559: ...es ports 1 2 6 10 and 12 Four hosts are connected to port 2 6 10 12 respectively and the multicast router is connected to port 1 As IGMP Snooping is disabled by default either in the switch or in the...

Page 560: ...s 2 6 10 will not receive the traffic of program 2 and port 12 will not receive the traffic of program 1 Scenario 2 IGMP Query Fig 14 2 The switches as IGMP Queries The configuration of SwitchB is the...

Page 561: ...properly because of physical connection or configuration mistakes So the users should noted that z Make sure correct physical connection z Activate IGMP Snooping on whole config mode use ip igmp snoo...

Page 562: ...tch is disabled on the switch by default Usage Guide The command is used for enable the IGMP Snooping debugging switch of the switch switch IGMP data packet message can be shown with packet parameter...

Page 563: ...gmp snooping mrouter port keep alive time 255 s Igmp snooping query suppression time 255 s IGMP Snooping Connect Group Membership Note All Source S Include Source S Exclude Source Groups Sources Ports...

Page 564: ...ress table multicast Command show mac address table multicast vlan vlan id Function Show the multicast MAC address table messages Parameter vlan id VLAN ID included in the entries to be shown Command...

Page 565: ...e multicast VLAN is configured the multicast traffic will be continuously sent to the users 15 2 Multicast VLAN Configuration Task 1 Enable the multicast VLAN function 2 Configure the IGMP Snooping 1...

Page 566: ...of the VLAN configuration of VLANs associated with the multicast VLAN should be deleted Note that the default vlan can not be configured with this command and only one multicast vlan is allowed on a s...

Page 567: ...server is connected to the layer 3 switch switchA through port 0 0 1 which belongs to the vlan10 of the switch The layer 3 switch switchA is connected with layer 2 switches through the port 0 0 10 the...

Page 568: ...thernet0 0 10 SwitchA Config Ethernet0 0 10 switchport mode trunk SwitchB config SwitchB config vlan 100 SwitchB config vlan100 Switchport access Ethernet 0 0 15 SwitchB config vlan100 exit SwitchB co...

Page 569: ...al of valuable bandwidth resource and furthermore Broadcast mode goes against the security and secrecy The emergence of IP Multicast technology solved this problem in time The Multicast source only se...

Page 570: ...an be permanent or temporary Some of the Multicast group addresses are assigned officially they are called Permanent Multicast Group Permanent Multicast Group keeps its IP address fixed but its member...

Page 571: ...ndicated by the Multicast group address in the destination address field of IP data packet Unlike Unicast mode Multicast data packet must be forwarded to a number of external interfaces to be sent to...

Page 572: ...ork Multicast has tremendous market potential and Multicast operation will be generalized and popularized 16 2 PIM DM 16 2 1 Introduction to PIM DM PIM DM Protocol Independent Multicast Dense Mode is...

Page 573: ...ermine whether the coming path is correct first If the arrival interface is the interface connected to Multicast source indicated by Unicast routing then this Multicast packet is considered to be from...

Page 574: ...And then turn on PIM SM switch on the interface Command Explanation Interface Configuration Mode ip pim dense mode Setup PIM DM Protocol of the interface Required 2 Configure PIM DM Sub parameters 1 C...

Page 575: ...l on interface vlan1 Switch Config ip pim multicast routing Switch Config interface vlan 1 Switch Config if Vlan1 ip pim dense mode 16 2 3 2 ip pim hello interval Command ip pim hello interval interva...

Page 576: ...mits stat refresh messages to maintain PIM DM list items of all the downstream routers The command can modify origination interval of state refresh messages Usually do not modify relevant timer interv...

Page 577: ...able to implement dynamic routing update in virtue of Unicast Routing Protocol 16 2 5 PIM DM Troubleshooting In configuring and using PIM DM Protocol PIM DM Protocol might not operate normally caused...

Page 578: ...etail the no debug pim timer srt command disenables the debug switch Parameter None Default Disabled Command Mode Admin Mode and Global Mode Usage Guide Enable the switch and display PIM DM state refr...

Page 579: ...92 168 1 12 226 0 0 1 S G Forwarding item RPF nbr Backward path neighbor upstream neighbor of source direction in DM 0 0 0 0 expresses the switch is the first hop RPF idx Interface located in RPF neig...

Page 580: ...ed on RP using Join Prune message of routers Consequently the network bandwidth occupied by data packets and message control is cut down and the transaction cost of routers decreases Multicast data ge...

Page 581: ...urce direction which results in the switch from RPT to SPT 2 Preparation before PIM SM configuration 1 Configuration Candidate RP More than one RPs candidate RP can exist in PIM SM network and each C...

Page 582: ...below are required to really enable PIM SM protocol on the interface Required And then turn on PIM SM switch on the interface Command Explanation Interface Configuration Mode ip pim sparse mode Enabl...

Page 583: ...mmand is the global candidate BSR configuration command which is used to configure the information of PIM SM candidate BSR so that it can compete for BSR router with other candidate BSRs The no ip pim...

Page 584: ...er Function Filter the specified multicast group and multicast address Parameter list number list number is the access list number it ranges from 100 to 199 Default Permit the multicast registers from...

Page 585: ...used to configure PIM SM information about candidate BSR in order to compete the BSR router with other candidate BSRs Only this command is configured this switch is the BSR candidate router Example G...

Page 586: ...M do not include GenId option The no ipv6 pim exclude genid command restores the default value Parameter None Default The Hello packets include GenId option Command Mode Interface Configuration Mode U...

Page 587: ...pim hello interval command restores the default value Parameter interval is the hello_interval of periodically transmitted pim hello packets ranges from 1 to 18724s Default The default periodically t...

Page 588: ...l of JOIN PRUNE packets sent by PIM periodically the default value is 60s The default value is recommended if no special reasons Example Configure the interval of timer Switch config ip pim jp timer 5...

Page 589: ...ss list 2 deny 10 1 4 10 0 0 0 255 Switch config access list 2 permit any source Switch config show ip pim neighbor 16 3 3 12 ip pim register rate limit Command ip pim register rate limit limit no ip...

Page 590: ...e Usage Guide The no ip pim register source command restores the default value no more parameter is needed Configured address must be reachable to Register Stop messages sent by RP It s usually a circ...

Page 591: ...ng interface globally Switch Config ip pim rp address 10 1 1 1 238 0 0 0 8 16 3 3 17 ip pim rp candidate Command ip pim rp candidate vlan vlan id ifname A B C D M priority no ip pim rp candiate Functi...

Page 592: ...P s S G item to 180s Switch config ip pim rp register kat 180 16 3 3 19 ip pim sparse mode Command ip pim sparse mode passive no ip pim sparse mode passive Function Enable PIM SM on the interface the...

Page 593: ...fter the bondage only command no ip pim ssm can release the bondage 5 If ssm is needed this command should be configured at the related edge route For example the local switch with igmp must and multi...

Page 594: ...Vlan1 ip pim sparse mode Switch Config If Vlan1 exit Switch Config interface vlan 2 Switch Config If Vlan2 ip address 24 1 1 2 255 255 255 0 Switch Config If Vlan2 ip pim sparse mode Switch Config If...

Page 595: ...incorrect configuration Therefore the user should pay attention to the following issues Assure that physical connection is correct Assure the Protocol of Interface and Link is UP use show interface c...

Page 596: ...in Mode and Global Mode Usage Guide Enable pim mfc debug switch and display generated and transmitted multicast id s information Example Switch debug ip pim mfc 16 3 5 1 3 debug pim mib Command debug...

Page 597: ...ug pim packet in debug pim packet out no debug pim packet no debug pim packet in no debug pim packet out Function Enable or Disable pim debug switch Parameter in display only received pim packets out...

Page 598: ...pim timer joinprune ppt debug pim timer joinprune pt debug pim timer joinprune debug pim timer register rst debug pim timer register no debug pim timer no debug pim timer assert no debug pim timer as...

Page 599: ...uide Display the BSR information maintained by the PIM Example show ip pim bsr router PIMv2 Bootstrap information This system is the Bootstrap Router BSR BSR address 10 1 4 3 Uptime 00 06 07 BSR Prior...

Page 600: ...ount The interface s neighbor count DR Prior Dr priority DR The interface s DR address 16 3 5 1 11 show ip pim mroute sparse mode Command show ip pim mroute sparse mode group A B C D source A B C D Fu...

Page 601: ...rom upstream and more options such as RPT Not Joined Pruned Not Pruned are available for S G rpt Local Local join interface this interface receive IGMPJoin Joined PIM join interface this interface rec...

Page 602: ...e neighbor is the interface s DP 16 3 5 1 13 show ip pim nexthop Command show ip pim nexthop Function Display the PIM buffered nexthop router in the unicast route table Parameter None Default None Com...

Page 603: ...ample testS2 Config if Vlan1 show ip pim rp hash 239 192 1 10 RP 10 1 6 1 Info source 10 1 6 1 via bootstrap Displayed Information Explanations RP Queried group sRP Info source The source of Bootstrap...

Page 604: ...is received at the correct interface Otherwise the packet will be discarded to prevent Multicast circulation The check which determines if the packet gets to the correct interface is called RPF check...

Page 605: ...neighbor is called upstream interface The routing report includes source network use net mask address and the hop entry for routing scale In order to finish transmission correctly every DVMRP switch...

Page 606: ...d disables DVMRP Protocol globally Required 2 Enable DVMRP Protocol on the interface The basic configuration to function DVMRP routing protocol on EDGECORE series Layer 3 switch is very simple After g...

Page 607: ...n pruners command restores to being able to set up neighbor ship 4 Configure DVMRP Tunnel Command Explanation Interface Configuration Mode ip dvmrp tunnel index src ip dst ip no ip dvmrp tunnel index...

Page 608: ...tream of some route after calculation and judgment it will transmit report message included the route to upstream The route metric increases 32 based on original value in order to indicate downstream...

Page 609: ...e Interface Configuration Mode Usage Guide The command determines if it will establish neighboring ship with DVMRP router of non pruning grafting or not Example Switch Config If vlan1 ip dvmrp reject...

Page 610: ...Config ip dvmrp multicast routing Switch Config interface vlan 1 Switch Config if Vlan1 ip address 10 1 1 1 255 255 255 0 Switch Config if Vlan1 ip dvmrp Switch Config if Vlan1 exit Switch Config inte...

Page 611: ...all attempts including Check are made but the problems on DVMRP can t be solved yet then please use commands such as debug dvmrp and then copy DEBUG information in 3 minutes and send to Technology Se...

Page 612: ...DVMRP protocol information Parameter None Default Do not display Off Command Mode Any Configuration Mode Usage Guide The command applies to display some total statistic information of DVMRP protocol...

Page 613: ...4 5 1 4 show ip dvmrp neighbor Command show ip dvmrp neighbor ifname A B C D detail ifname detail detail Function Display DVMRP neighbor Parameter ifname is interface name namely displaying neighbor...

Page 614: ...1 1 0 24 239 0 0 1 1 01 59 56 Off Displayed Information Explanations Source Address Source address Mask Len Mask length Group Address Group address State Table item state FCR Exptime FCR expire time P...

Page 615: ...wing manners 1 On the edge switch if source under control multicast is configured then only multicast data from specified group of specified source can pass 2 For RP switch in the core of PIM SM for R...

Page 616: ...ollows Command Explanation Global Configuration Mode no ip multicast source control Required Enable source control globally the no ip multicast source control command disables source control globally...

Page 617: ...rce control uses to port the NO form cancels the configuration Destination Control Configuration Like source control configuration destination control configuration also has three steps First enable d...

Page 618: ...access group 6000 7999 Used to configure the rules destination control uses to port the NO form cancels the configuration Global Configuration Mode no ip multicast destination control 1 4094 macaddr a...

Page 619: ...ce destination destination wildcard host destination destination host ip any destination command deletes the access list Parameter 5000 5099 source control access list number deny permit deny or permi...

Page 620: ...command deletes the access list Parameter 6000 7999 destination control access list number deny permit deny or permit source multicast source address source wildcard multicast source address wildcard...

Page 621: ...ticast destination control access group vmac Command ip multicast destination control 1 4094 macaddr access group 6000 7999 no ip multicast destination control 1 4094 macaddr access group 6000 7999 Fu...

Page 622: ...t be add The command uses the format IPADDRESS IPADDRESS to match on layer 2 switch format IPADDRESS M on layer 3 switch If relevant group or source in show ip igmp groups detail has been established...

Page 623: ...on layer 3 switch Carefully the packet transmitted in UNTAG mode does not modify its priority Example switch config ip multicast policy 10 1 1 0 24 225 1 1 0 24 cos 7 16 5 3 8 ip multicast source cont...

Page 624: ...ily we configure Edge Switch so that only the switch at port Ethernet0 0 5 is allowed to transmit multicast and the data group must be 225 1 2 3 Also switch connected up to port Ethernet0 0 10 can tra...

Page 625: ...milar to ACL and the problems occurred are usually related to improper configuration Please read the descriptions above carefully If you still can determine the cause of the problem please send your c...

Page 626: ...6000 deny ip any source host destination 224 1 1 1 access list 6000 deny ip host source 2 1 1 1 any destination access list 6001 deny ip host source 2 1 1 1 225 0 0 0 0 255 255 255 access list 6002 p...

Page 627: ...and Global Mode Usage Guide The command displays source control multicast access list of configuration Example Switch sh ip multicast source control access list access list 5000 permit ip 10 1 1 0 0...

Page 628: ...only one switch is required to transmit membership query message so an exchange election mechanism is required to determine a switch as query machine In IGMP version1 the selection of query machine i...

Page 629: ...includes his her Robustness Variable and Query Interval in query group to allow the synchronization with these variables of non queries 5 Max Response Time in Query Message has an exponential range w...

Page 630: ...ace Configuration Mode ip dvmrp ip pim dense mode ip pim sparse mode Enable IGMP Protocol the corresponding commands no ip dvmrp no ip pim dense mode no ip pim sparse mode disable IGMP Protocol Requir...

Page 631: ...nse time time_val no ip igmp query max response time Configure the maximum response time of the interface for IGMP query the no ip igmp query max response time command restores default value ip igmp q...

Page 632: ...that is when the host transmits member identity report of equivalent to leave a group router does not transmit query it directly confirms there is no member of this group in subnet the no ip igmp imme...

Page 633: ...aves states which are not more than state count groups and sources If it reaches upper limit of state count it does not deal with when receiving related new group member identity report If it has save...

Page 634: ...nterface enables some group multicast protocol The command applies to configure this query period time Example Configure interval of periodically transmitted IGMP query message to 10s Switch Config in...

Page 635: ...Example Configure timeout of IGMP query message on interface to 100s Switch Config interface vlan 1 Switch Config If Vlan1 ip igmp query timeout 100 16 6 3 9 ip igmp static group Command ip igmp stati...

Page 636: ...same version IGMP in the same network When other routers which are not upgraded to IGMPv3 on interface connected subnet need to join member identity collection of subnet IGMP together the interface i...

Page 637: ...the following issues Firstly to assure that physical connection is correct Next to assure the Protocol of Interface and Link protocol is UP use show interface command Afterwards to assure to start a...

Page 638: ...38 58 IGMP Send membership query on dvmrp2 for 0 0 0 0 02 17 38 58 IGMP Received membership query on dvmrp2 from 192 168 1 11 for 0 0 0 0 02 17 39 26 IGMP Send membership query on vlan1 for 0 0 0 0 02...

Page 639: ...1 Flags Uptime 00 00 19 Group Mode INCLUDE Last Reporter 10 1 1 1 Exptime stopped Source list 2 members S Static Source Address Uptime v3 Exp Fwd Flags 1 1 1 1 00 00 19 00 04 01 Yes 2 2 2 2 00 00 19...

Page 640: ...ce Default Do not display Command Mode Admin Mode Example Display interface valn1 IGMP message on Ethernet Switch config show ip igmp interface Vlan1 Interface Vlan1 2005 Index 2005 Internet address i...

Page 641: ...ork by single cast packet of IPv4 encapsulation The working process of PIM DM can be summarized as Neighbor Discovery Flooding Prune and Graft 1 Neigh hour Discovery When PIM DM router is started at b...

Page 642: ...used as path judgment can root in any Unicast Routing Protocol such as messages found by RIP OSPF etc It doesn t rely on any specific unicast routing protocol 4 Assert Mechanism If two multicast route...

Page 643: ...arameters Configure PIM DM hello message interval time Command Explanation Port Configuration Mode ipv6 pim hello interval interval no ipv6 pim hello interval Configure PIM DM hello message interval t...

Page 644: ...l on interface vlan1 Switch Config ipv6 pim multicast routing Switch Config interface vlan 1 Switch Config if Vlan1 ipv6 pim dense mode 17 1 3 2 ipv6 pim dr priority Command ipv6 pim dr priority prior...

Page 645: ...elete Parameter value is configure time of holdtime Default Define 3 5 times of Hello_interval and default hello_interval as 30s so default value of hello_holdtime is 105s Command Mode Interface Confi...

Page 646: ...v6 pim hello interval 20 17 1 3 6 ipv6 pim multicast routing Command ipv6 pim multicast routing no ipv6 pim multicast routing Function Globally enable PIM DM protocol the no ipv6 pim multicast routing...

Page 647: ...rom 4s to 100s Default 60s Usage Guide The first hop router periodically transmits stat refresh messages to maintain PIM DM list ltems of all the downstream routers The command can modify origination...

Page 648: ...ubleshooting When configuring and using PIM DM protocol PIM DM protocol may fail to work normally due to physical connections incorrect configuration and so on So users shall note the following points...

Page 649: ...Parameter None Default Disabled Command Mode Admin Mode Usage Guide Enable the switch and display PIM DM state refresh timer information in detail Example Switch debug ipv6 pim timer srt Remark Other...

Page 650: ...rection in DM 0 0 0 0 expresses the switch is the first hop RPF idx Interface located in RPF neighbor Upstream State Upstream direction including FORWARDING forwarding upstream data PRUNED Upstream st...

Page 651: ...oint and BSR Bootstrap Router PIM SM announce multicast packet to all PIM SM routers and establish using Join Prune message of routers RPT RP rooted shared tree based on RP Consequently the network ba...

Page 652: ...SM configuration 1 Configuration Candidate RP More than one RPs candidate RP are permitted in PIM SM network and each C RP Candidate RP takes charge of forwarding multicast packets with destination ad...

Page 653: ...n PIM multicast switch in Global Mode and turn on PIM SM switch on relevant interface Command Explanation Global Mode no ipv6 pim multicast routing Enable PIM SM Protocol on each interface but below c...

Page 654: ...ccess list name Configure Neighbor Access list If a neighbor is filtered by the list and a connection has been set up with this neighbor then this connection will be cut off immediately and if no conn...

Page 655: ...PIM SM Protocol Command Explanation Port Configuration Mode no ipv6 pim sparse mode Shut down PIM SM Protocol Global Mode no ipv6 pim multicast routing Shut down PIM SM Protocol globally 17 2 3 Comma...

Page 656: ...This switch is not a candidate BSR router Command Mode Global Mode Usage Guide This command is the candidate BSR configure command in global mode and is used to configure PIM SM information about can...

Page 657: ...lan1 ipv6 pim dr priority 100 17 2 3 5 ipv6 pim exclude genid Command ipv6 pim exclude genid no ipv6 pim exclude genid Function This command makes the Hello packets sent by PIM SM do not include GenId...

Page 658: ...hello interval Command ipv6 pim hello interval interval no ipv6 pim hello interval Function Configure the interface s hello_interval of pim hello packets The no ipv6 pim hello interval command restore...

Page 659: ...no ipv6 pim jp timer restores the default value Parameter value ranges from 10 to 65535 Default 60s Command Mode Global Mode Usage Guide Configure the interval of transmitting J P messages to59s Exam...

Page 660: ...rate limit Command ipv6 pim Register rate limit limit no ipv6 pim Register rate limit Function This command is used to configure the speedrate of DR sending register packets the unit is packet second...

Page 661: ...but it can be other physical addresses This address must be announcable through unicast router protocols of DR Example Configure the source address of the sent register packets to vlan1 s address Swi...

Page 662: ...idate RPs The no ipv6 pim rp candiate command cancels the candidate RP Parameter ifname is the name of the interface group range is the group range of the candidate RP the format is X X X X M ipv6 add...

Page 663: ...ets and only enable IGMP receive and transmit IGMP packets Default Disabled PIM SM Command Mode Interface Configuration Mode Usage Guide Enable PIM SM on the interface The command can configure on IPv...

Page 664: ...2000 13 1 1 1 64 Switch Config If Vlan2 ipv6 pim sparse mode 2 Configure Switch B Switch Config ipv6 pim multicast routing Switch Config interface vlan 1 Switch Config If Vlan1 ipv6 address 2000 12 1...

Page 665: ...ch Config If Vlan1 ipv6 pim sparse mode Switch Config If Vlan1 exit Switch Config interface vlan 2 Switch Config If Vlan2 ipv6 address 2000 24 1 1 4 64 Switch Config If Vlan2 ipv6 pim sparse mode Swit...

Page 666: ...tch Parameter None Default Disabled Command Mode Admin Mode and Global Mode Usage Guide Enable pim events debug switch and display events information about pim operation Example Switch debug ipv6 pim...

Page 667: ...ameter None Default Disabled Command Mode Admin Mode and Global Mode Usage Guide Inspect the communicating information between pim and Network Services by this switch Example Switch debug ipv6 pim nsm...

Page 668: ...et debug ipv6 pim timer joinprune grt debug ipv6 pim timer joinprune jt debug ipv6 pim timer joinprune kat debug ipv6 pim timer joinprune ot debug ipv6 pim timer joinprune plt debug ipv6 pim timer joi...

Page 669: ...ied timer s debug information Example Switch debug ipv6 pim timer assert 17 2 5 1 9 show ipv6 pim bsr router Command show ipv6 pim bsr router Function Display BSR address Parameter None Default None C...

Page 670: ...ss fe80 203 fff fee3 1244 Global Address 2000 10 1 13 1 DR this system Displayed Information Explanations Address Interface address Interface Interface name VIF index Interface index Ver Mode Pim vers...

Page 671: ...RPF idx None Upstream State JOINED Local l Joined Asserted FCR 2000 1 111 11 ff1e 15 RPF nbr RPF idx None SPT bit 1 Upstream State JOINED Local Joined Asserted Outgoing o 2000 1 111 11 ff1e 15 rpt RP...

Page 672: ...g of multicast data 17 2 5 1 12 show ipv6 pim neighbor Command show ipv6 pim neighbor detail Function Display router neighbors Parameter None Default None Command Mode Any Mode Usage Guide Display mul...

Page 673: ...hop Metric Pref Refcnt Num Addr Ifindex Name _______________________________________________________________________ _____________ 2000 1 111 11 S 1 2004 0 0 2 2000 1 111 100 RS 1 2004 0 0 2 2004 0 0...

Page 674: ...rap information 17 2 5 1 15 show ipv6 pim rp mapping Command show ipv6 pim rp mapping Function Display Group to RP Mapping and RP Parameter None Default None Command Mode Any Mode Usage Guide Display...

Page 675: ...MLD query message of multicast switch with membership report message the switch periodically sends membership query message and determines if there is host joining a specific group in its subnetworks...

Page 676: ...ion Mode ipv6 pim dense mode ipv6 pim sparse mode Start MLD Protocol The NO operation of corresponding command shuts MLD Protocol Required 2 Configure MLD auxiliary parameters 1 Configure MLD group pa...

Page 677: ...d access group Command ipv6 mld access group acl_name no ipv6 mld access group Function Configure the access control of the interface to MLD groups the no ipv6 mld access group command stops the acces...

Page 678: ...default value Parameter interval is the interval of querying specific group it ranges from 1000 to 25000ms It s the integer times of 1000ms If it s not the integer times of 1000ms the system will conv...

Page 679: ...he query messages and the router can also get the group members existing states quickly Example Configure the maximum response time of MLD queries to 20s Switch Config interface vlan 1 Switch Config I...

Page 680: ...roup Command ipv6 mld join group address no ipv6 mld join group address Function Configure the interface to join in certain multicast group the no ipv6 mld join group address command cancels joining c...

Page 681: ...interface vlan 2 Switch Config if Vlan2 ipv6 mld join group ff1e 1 3 mode include source 2003 1 2003 2 17 3 3 10 ipv6 mld limit Command ipv6 mld limit state count no ipv6 mld limit Function Configure...

Page 682: ...MLD protocol will consider that the group or source exist Note the configured static source is the source to be forwarded Example Configure an MLD static group ff1e 1 3 on interface vlan2 Switch Confi...

Page 683: ...ting Switch Config ipv6 pim rp address 3FFE 1 Switch Config interface vlan1 Switch Config If Vlan1 ipv6 address 3FFE 2 64 Switch Config If Vlan1 ipv6 pim sparse mode Switch Config If Vlan1 exit Switch...

Page 684: ...he debug switch that displays MLD events the no debug ipv6 mld events command disables the debug switch Parameter None Default Disabled Command Mode Admin Mode Usage Guide This switch can be enabled t...

Page 685: ...roup information Parameter ifname is the name of the interface Display the MLD group information group_addr is the group address Display the specified group information Default Do not display Command...

Page 686: ...terface Vlan1 2003 Index 2003 Internet address is fe80 203 fff fe01 e4a MLD querier MLD query interval is 100 seconds MLD querier timeout is 205 seconds MLD max query response time is 10 seconds Last...

Page 687: ...ctive combination of conditions such as source IP destination IP IP protocol number and TCP port Access lists can be categorized by the following criteria z Filter information based criterion IP acces...

Page 688: ...matches z When an access list is bound to the outgoing direction of a port the action in the rule can only be deny 18 2 ACL Configuration 18 2 1 ACL Configuration Task Sequence 1 Configuring access l...

Page 689: ...Clear the filter information of the specific port 1 Configuring access list 1 Configuring a numbered standard IP access list Command Explanation Global Mode access list num deny permit sIpAddr sMask...

Page 690: ...y permit udp sIpAddr sMask any host sIpAddr s port sPort dIpAddr dMask any destination host destination dIpAddr d port dPort precedence prec tos tos Creates a numbered UDP extended IP access rule if t...

Page 691: ...me based standard IP access rule c Exit name based standard IP ACL configuration mode Command Explanation Standard IP ACL Mode Exit Exits name based standard IP ACL configuration mode 4 Configuring an...

Page 692: ...tos Creates an extended name based TCP IP access rule the no form command deletes this name based extended IP access rule no deny permit udp sIpAddr sMask any host sIpAddr s port sPort dIpAddr dMask a...

Page 693: ...ged 802 3 offset1 length1 value1 offset2 length2 value2 offset3 length3 value3 offset4 length4 value4 no access list num Creates a numbered MAC extended access list if the access list already exists t...

Page 694: ...st_smac smac smac mask any destination mac host destination mac host_dmac dmac dmac mask untagged 802 3 Creates an MAC access rule matching 802 3 frame the no form command deletes this MAC access rule...

Page 695: ...eates a numbered mac icmp extended mac ip access rule if the numbered extended access list of specified number does not exist then an access list will be created using this number access list num deny...

Page 696: ...sti nation host destination destination host ip d port port3 precedence precedence tos tos time range time range name Creates a numbered mac icmp extended mac ip access rule if the numbered extended a...

Page 697: ...rce host ip destination destination wildcard any desti nation host destination destination host ip icmp type icmp code precedence precedence tos tos time range time range name Creates an extended name...

Page 698: ...estination destination wildcard any desti nation host destination destination host ip d port port3 precedence precedence tos tos time range time range name Creates an extended name based MAC UDP acces...

Page 699: ...he name of the time range Command Explanation Global Mode time range time_range_name Create a time range named time_range_name no time range time_range_name Stop the time range function named time_ran...

Page 700: ...ute start start_time start_data end end_time en d_data stop the function of the time range 4 Bind access list to a specific direction of the specified port Command Explanation Physical Interface Mode...

Page 701: ...MM SS hour minute second end_time end time HH MM SS hour minute second Remark time range polling is one minute per time so the time error shall be one minute Command Mode time range mode Default No ti...

Page 702: ...ormer configuration Examples Make configurations effective from 6 00 00 to 13 30 00 from Oct 1 2004 to Jan 26 2005 Switch config Time range doc_timer Switch Config Time Range absolute start 6 00 00 20...

Page 703: ...sition o ignored position 1 igmp type the type of igmp 0 15 icmp type the type of icmp 0 255 icmp code protocol No of icmp 0 255 prec IP priority 0 7 tos to value 0 15 sPort source port No 0 65535 dPo...

Page 704: ...ts configured Usage Guide When the user assign specific num for the first time ACL of the serial number is created then the lists are added into this ACL Examples Create a numeric standard IP access l...

Page 705: ...x 3 it is0 ffffff when Length x 4 it is 0 ffffffff For Offset x different types of data frames are with different value ranges for untagged eth2 type frame 12 52 for untagged 802 2 type frame 12 60 f...

Page 706: ...ion mac host_dmac dmac dmac mask udp source source wildcard any source host source source host ip s port port1 destination destination wildcard any destination host destination destination host ip d p...

Page 707: ...ort optional means need to match TCP UDP destination interface port3 optional value of TCP UDP destination interface No Interface No is an integer from 0 65535 ack fin psh rst urg syn optional only fo...

Page 708: ...X 00 ab Switch Config access list 700 permit 00 00 00 00 00 01 00 00 FF FF 00 01 Switch Config access list 700 deny 00 00 00 00 00 ab 00 00 00 FF 00 ab 18 2 2 8 clear access group statistic Command cl...

Page 709: ...etes this name expansion IP access list including all list items Parameters name name the access list the length of character string is 1 16 no pure number sequences permitted Command Mode Global mode...

Page 710: ...list configured Usage Guide Creates a numbered 520 standard IP access list first time the following configuration will add to the current access list Examples Creates a numbered 520 standard IP acces...

Page 711: ...is added statistic counter or not by options the no ip mac mac ip access group command deletes access list binding on the port Parameter name is the name for access list the character string length i...

Page 712: ...tion Example Binding aaa access list to entry direction of port Switch Config Ethernet0 0 1 ip access group aaa in 18 2 2 17 mac access extended Command Mac access list extended name no mac access lis...

Page 713: ...sIpAddr dIpAddr dMask any destination host destination dIpAddr icmp type icmp code precedence prec tos tos time range time range name no deny permit igmp sIpAddr sMask any source host source sIpAddr...

Page 714: ...extended udpFlow Switch Config Ext Nacl udpFlow deny igmp any source any destination Switch Config Ext Nacl udpFlow permit udp any source host destination 192 168 0 1 d port 32 18 2 2 20 permit deny...

Page 715: ...2 3 cos cos val cos bitmask vlanId vid value vid mask Functions Define an expansion name MAC ACL rule and no form of this command deletes this expansion name IP access rule Parameters any source mac a...

Page 716: ...any destination host destination destination host ip igmp type precedence precedence tos tos time range time range name no deny permit any source mac host source mac host_smac smac smac mask any dest...

Page 717: ...d reverse mask destination host ip destination No of destination network or host to which packets are delivered Numbers of 32 bit binary system with dotted decimal notation expression host source mean...

Page 718: ...estination dIPv6Addr d port dPort dscp dscp flow label fl no deny permit proto sIPv6Prefix sPrefixlen any source host source sIPv6Addr dIPv6Prefix dPrefixlen any destination host destination dIPv6Addr...

Page 719: ...mmand Mode Standard IPv6 nomenclature access list mode Default No access list configured by default Example Permit packets with source address of 2001 1 2 3 1 64 while denying those with source addres...

Page 720: ...fault Rule Permit Switch show access lists access list 110 used 1 time s access list 110 deny tcp 10 0 0 0 0 0 0 255 any destination d port 21 Switch show access group interface Ethernet 0 0 10 interf...

Page 721: ...dmin mode Usage Guide When not assigning names of ACL all ACL will be revealed used x time s indicates the times of ACL to be used Examples Switch show access lists access list 10 used 0 time s access...

Page 722: ...how access group interface Ethernet name Functions Reveal tying situation of ACL on port Parameters name Interface name Default None Command Mode Admin mode Usage Guide When not assigning interface na...

Page 723: ...g function is permit 18 4 1 4 show time range Command show time range word Functions Reveal configuration information of time range functions Parameters word assign name of time range needed to be rev...

Page 724: ...ipv6 access list 520 permit ip any source any destination 18 5 Web Management By clicking the ACL configuration icon it will open up the ACL sub sections which include the following parts z Numeric A...

Page 725: ...Add ICMP numeric extended ACL z Add IGMP numeric extended ACL z Add TCP numeric extended ACL z Add UDP numeric extended ACL z Add numeric extended ACL for other protocols By clicking the icons it will...

Page 726: ...s z Source port z Target port Regarding numeric extended ACL for other protocols there is one sub category Matched protocol z Matched protocol includes IP EIGRP OSPF IPINIP and Input Protocol manually...

Page 727: ...rs should change the ACL number to the ACL name This should be entered in ACL name not ACL number CLI command 1 2 2 6 There are seven sub sections of this z ACL name z ACL type standard and extended z...

Page 728: ...with numeric extended ACL The only difference is the ACL number needs to be changed to ACL name and entered into the ACL name rather than number CLI command 1 2 2 5 18 5 6 Firewall configuration Clic...

Page 729: ...ort to bind to ACL z ACL name the target ACL name to bind z Ingress Egress the target direction to bind z Operation type Add or Remove To enable this function you need to select the action in each ite...

Page 730: ...ical port or a physical port Typically one physical port of the switch connects with one terminal device physical port based only The architecture of IEEE 802 1x is shown below Fig 19 1 802 1x archite...

Page 731: ...IEEE 802 1x authentication is implemented in ES3628EA for better security and management Only authenticated user access devices connecting to the same physical port can access the network the unauthor...

Page 732: ...enable Enables the 802 1x function in the switch and ports the no dot1x enable command disables the 802 1x function Command Explanation Port Mode dot1x port control auto force authorized forc e unauth...

Page 733: ...re authentication interval the no dot1x timeout re authperiod command restores the default setting dot1x timeout tx period seconds no dot1x timeout tx period Sets the interval for the supplicant to r...

Page 734: ...adius server authentication host IPaddress Specifies the IP address or IPv6 address and listening port number for RADIUS authentication server the no radius server authentication host IPaddress comman...

Page 735: ...tion for the switch must be enabled first to enable IEEE 802 1x authentication for the switch Example Enabling AAA function for the switch Switch Config aaa enable 19 3 2 aaa accounting enable Command...

Page 736: ...sage Guide The dot1x address filter function is implemented according to the MAC address filter table dot1x address filter table is manually added or deleted by the user When a port is specified in ad...

Page 737: ...cation for the switch must be enabled first to enable 802 1x authentication for the respective ports If Spanning Tree or MAC binding is enabled on the port or the port is a Trunk port or member of por...

Page 738: ...5 frames to 5 times Switch Config dot1x max req 5 19 3 8 dot1x max user Command dot1x max user macbased number no dot1x max user macbased Function Sets the maximum users allowed to connect to the port...

Page 739: ...Config interface Ethernet 0 0 1 Switch Config Ethernet0 0 1 dot1x port control auto 19 3 10 dot1x port method Command dot1x port method macbased portbased no dot1x port method Function Sets the access...

Page 740: ...e When periodical re authentication for supplicant is enabled the switch will re authenticate the supplicant at regular interval This function is not recommended for common use Example Enabling the pe...

Page 741: ...the interval for the supplicant to re transmit EAP request identity frame the no dot1x timeout tx period command restores the default setting Parameters seconds is the interval for re transmission of...

Page 742: ...r of IP address to 100 100 100 60 as the primary server with the accounting port number as 3000 Switch Config radius server accounting host 100 100 100 60 port 3000 primary 19 3 17 radius server authe...

Page 743: ...ver from inaccessible to accessible When the switch acknowledges a server to be inaccessible it marks that server as having invalid status after the interval specified by this command the system reset...

Page 744: ...e considered to as not working the switch sets the server as invalid Example Setting the RADIUS authentication packet retransmission time to five times Switch Config radius server retransmit 5 19 3 21...

Page 745: ...lient software is installed on the PC and is used in IEEE 802 1x authentication The configuration procedures are listed below Switch Config interface vlan 1 Switch Config if vlan1 ip address 10 1 1 2...

Page 746: ...parameter shall be modified if the event log indicates no such authenticator the authenticator needs to be added to the RADIUS server if the event log indicates no such login user the user login ID an...

Page 747: ...Guide Usually the administrator is concerned only with the online user information the other information displayed is used for troubleshooting by technical support Example Switch show aaa authenticate...

Page 748: ...r TRUE and 0 for FALSE AAA config data Is Aaa Enabled 1 Is Account Enabled 1 MD5 Server Key aa authentication server sum 2 authentication server 0 Host IP 30 1 1 30 Udp Port 1812 Is Primary 1 Is Serve...

Page 749: ...The number of accounting servers accounting server X Host IP Udp Port Is Primary Is Server Dead Socket No Displays the accounting server number and corresponding IP address UDP port number Primary se...

Page 750: ...ist dot1x EAPoR Enable 802 1x is enabled on ethernet 1 Authentication Method Port based Status Authorized Port control Auto Supplicant 00 03 0F FE 2E D3 Authenticator State Machine State Authenticated...

Page 751: ...ne status 19 5 1 7 show radius count Command show radius authencated user authencating user count Function Displays the statistics for users of RADIUS authentication Parameters authencated user displa...

Page 752: ...hentication function z Accounting Status Enables disables switch AAA accounting function Disable Accounting disable accounting function Enable Accounting enable accounting function z RADIUS key Config...

Page 753: ...non primary server z Operation type Add authentication server adds an authentication server Remove authentication server remove an authentication server Example Configure Authentication server IP as...

Page 754: ...function 19 6 2 1 802 1X configuration Click Authentication configuration 802 1X configuration 802 1X configuration to configure the 802 1x global configurations z 802 1x status Enables disables the s...

Page 755: ...port authentication configuration Click Authentication configuration 802 1X configuration 802 1X port authentication configuration to Configure port 802 1x function z Port assigns port z 802 1x statu...

Page 756: ...s table to dot1x address filter z Port If specify port the added list only suitable for specific port specify All Ports the added list suitable for all port z Mac adds MAC address z Operation type add...

Page 757: ...tion status Authentication status z Authentication mode Authentication mode Example Choose Ethernet port 0 0 1 then Click Reauthenticate button the user in Ethernet port 0 0 1 will be force to make re...

Page 758: ...router is actually undertaken by the active router while the Backup routers serve as backups for the active router The virtual router has its own virtual IP address can be identical with the IP addres...

Page 759: ...VRRP 7 Configure VRRP priority 8 Configure VRRP Timer intervals 9 Configure VRRP interface monitor 1 Create Remove the Virtual Router Command Explanation Global Mode no router vrrp vrid Creates Remov...

Page 760: ...authentication string 5 Configure VRRP Sub parameters 1 Configure the preemptive mode for VRRP Command Explanation VRRP protocol configuration mode preempt mode true false Configures the preemptive mo...

Page 761: ...ating properly therefore turns its status to Master The user can use this command to adjust the VRRP packet sending interval of the Master For members in the same Standby cluster this property should...

Page 762: ...Config Router Vrrp circuit failover vlan 2 10 20 3 3 debug vrrp Commands debug vrrp all event packet recv send no debug vrrp all event packet recv send Function Displays information for VRRP standby c...

Page 763: ...h Config Router Vrrp enable 20 3 6 interface Commands interface IFNAME Vlan ID no interface Function Configures the VRRP interface Parameters interface IFNAME Vlan ID stands for the interface name Def...

Page 764: ...switch in a Standby cluster the higher priority the more likely to become the Master When a router or L3 Ethernet switch is configured as Master dummy IP address its priority is always 255 and does no...

Page 765: ...is TRUE VrId 10 State is Initialize Virtual IP is 10 1 10 1 IP owner Interface is Vlan1 Configured priority is 255 Current priority is 255 Advertisement interval is 1 sec Preempt mode is TRUE Circuit...

Page 766: ...virtual ip 10 1 1 1 20 4 Typical VRRP Scenario As shown in the figure below SwitchA and SwitchB are Layer 3 Ethernet Switches in the same group and provide redundancy for each other Fig 20 1 VRRP Netw...

Page 767: ...switches in the same standby cluster are the same Verify the timer time of different routers or L3 Ethernet switches in the same standby cluster are the same Verify the dummy IP address is in the sam...

Page 768: ...mber 1 and VLAN port IP 23 Click Apply to add port 23 to Virtual Router number 1 Click Remove to remove port 23 from Virtual Router number 1 20 6 4 Activate Virtual Router Click VRRP control to config...

Page 769: ...ample Enter created Virtual Router number 1 and interval 3 Click Enable to set the interval of virtual router number 1 to 3 Click Disable to disable the interval of Virtual Router number 1 20 6 8 Conf...

Page 770: ...ck VRRP control to enter VRRP AuthenMode and configure VRRP authentication mode Example Choose created Vlan1 for Port and yes for AuthenMode Click Apply to finish Port Vlan1 authentication mode config...

Page 771: ...MRPP has below characters compare to STP protocol 1 MRPP specifically uses to Ethernet ring topology 2 fast convergence less than 1 s ideally it can reach 100 50 ms 21 1 1 Conception Introduction SWIT...

Page 772: ...node The primary port of primary node is used to send ring health examine packet hello the secondary port is used to receive Hello packet sending from primary node When the Ethernet is in health stat...

Page 773: ...block state and sends LINK DOWN FLUSH_FDB packet to inform all of transfer nodes to refresh own MAC address forward list 3 Ring Restore After the primary node occur ring fail if the secondary port rec...

Page 774: ...on Task List 1 Globally enable MRPP 2 Configure MRPP ring 3 Display and debug MRPP relevant information 1 Globally enable MRPP Command Explanation Global Mode MRPP enable no MRPP enable Globally enabl...

Page 775: ...on Show MRPP statistics INT Display receiving data package statistic information of MRPP ring clear MRPP statistics INT Clear receiving data package statistic information of MRPP ring 21 3 Commands Fo...

Page 776: ...le MRPP loop may can t work normally or form broadcast Example Configure control VLAN of mrpp ring 4000 is 4000 Switch Config mrpp ring 4000 Switch mrpp ring 4000 control vlan 4000 21 3 3 debug mrpp C...

Page 777: ...INT valid range is from 1 to 3000s Command Mode MRPP ring mode Default Default configure timer interval 3s Usage Guide If primary node of MRPP ring doesn t receives Hello packet from primary port of...

Page 778: ...no mrpp enable command disables MRPP protocol Parameter Command Mode Global Mode Default The system doesn t enable MRPP protocol module Usage Guide If it needs to configure MRPP ring it enables MRPP...

Page 779: ...uses primary port to send Hello packet secondary port is used to receive Hello packet from primary node There are no difference on function between primary port and secondary of secondary node Exampl...

Page 780: ...figuration of MRPP ring 4000 of switch Switch show mrpp 4000 21 3 13 show mrpp statistics Command show mrpp statistics INT Function Display statistic information of data package of MRPP ring receiving...

Page 781: ...port separately To avoid ring it should temporarily disable one of the ports of primary node when it enables each MRPP ring in the whole MRPP ring and after all of the nodes are configured open the p...

Page 782: ...MRPP ring 4000 control vlan 4000 Switch MRPP ring 4000 primary port Ethernet 0 0 1 Switch MRPP ring 4000 secondary port Ethernet 0 0 2 Switch MRPP ring 4000 enable Switch MRPP ring 4000 exit Switch C...

Page 783: ...d to E0 0 1 E0 0 2 MRPP Ring 4000 configuration Task Sequence SWITCH A configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 4000 Switch MRPP ring 4000 control vlan 4000 Switch...

Page 784: ...ontrol vlan 4000 Switch MRPP ring 4000 primary port Ethernet 0 0 1 Switch MRPP ring 4000 secondary port Ethernet 0 0 2 Switch MRPP ring 4000 enable Switch MRPP ring 4000 exit Switch Config SWITCH E co...

Page 785: ...exit Switch Config SWITCH E configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 100 Switch MRPP ring 100 control vlan 100 Switch MRPP ring 100 primary port Ethernet 0 0 1 Swi...

Page 786: ...ring of the port must be transfer node In the above configuration SWITCH B E D has some port belonging to more than two rings The special port changing takes a effect on more than two rings sometimes...

Page 787: ...ing 4000 secondary port Ethernet 0 0 2 Switch MRPP ring 4000 enable Switch MRPP ring 4000 exit Switch Config SWITCH H configuration Task Sequence Switch Config MRPP enable Switch Config MRPP ring 4000...

Page 788: ...100 control vlan 100 Switch MRPP ring 100 primary port Ethernet 0 0 2 Switch MRPP ring 100 secondary port Ethernet 0 0 3 Switch MRPP ring 100 enable Switch MRPP ring 100 exit Switch Config SWITCH E c...

Page 789: ...to form ring and broadcast storm Configuring MRPP ring you d better disconnected the ring and wait for each switch configuration then open the ring When the MRPP ring of enabled switch is disabled on...

Page 790: ...idate switches Network administrators can statically or dynamically add the candidate switches to the cluster which is already established Accordingly they can configure and manage the member switches...

Page 791: ...of heartbeat of the cluster 3 Set interval of sending heartbeat packets among the switches of the cluster 4 Clear the list of candidate switches discovered by the commander switch 4 Configure attribu...

Page 792: ...ord pass no cluster member mem id Add or remove a member switch Command Explanation Global Mode cluster auto add enable no cluster auto add enable Enable or disable adding newly discovered candidate s...

Page 793: ...Config no cluster run 22 3 2 cluster register timer Command cluster register timer time value no cluster register timer Function Sets interval of sending cluster register packet the no cluster registe...

Page 794: ...created if the private IP address pool is not set When candidate switches join the cluster the commander switch assigns a private IP address for each member switch These IP addresses are used to commu...

Page 795: ...to the cluster in the commander switch the no cluster member mem id command deletes a member switch from the cluster Parameter mem id is the member ID valid range is 1 to 23 cand sn is the sequence nu...

Page 796: ...luster Parameter mem id is the cluster ID of the member switch valid rang is 1 to 23 Command mode Admin Mode Instructions Enter the Admin Mode of the member switch and configure the member switch remo...

Page 797: ...dst url is the destination path of the file which need to be copied ascii means that the file is transmitted in ASCII format binary means that the file is transmitted in binary format When src url is...

Page 798: ...holdtime of heartbeat And this information is distributed to all the member switches If this command is executed in a non commander switch and the value is less than the current holdtime the setting i...

Page 799: ...Clear the list of candidate switches discovered by the commander switch Switch clear cluster candidate table 22 4 Examples of Cluster Administration Scenario The four switches SwitchA SwitchD amongst...

Page 800: ...urs 30 minutes 15 seconds Heartbeat interval 8 seconds Heartbeat hold time 80 seconds Cluster s snmp rw community string public 22 5 1 2 show cluster members Command show cluster members Function Disp...

Page 801: ...displays the debugging messages related to the command or member switches sending packets Command Mode Admin Mode 22 5 1 5 debug cluster application Command debug cluster application no debug cluster...

Page 802: ...under current application Whether the connection between the command switch and the member switch is correct We can use the debug cluster packets to check if the command and the member switches can re...

Search results

Summary of Contents for ES3628EA

Reviews:

Brands by name

Popular brands

Edge-Core ES3628EA, User Manual

Search results

Summary of Contents for ES3628EA

Reviews:

Brands by name

Popular brands